Cybersecurity
DevOps Cloud (ADM)
IT Operations Cloud
Overview
This document will enable you to setup ZENworks Primary Servers behind a Reverse Proxy without exposing them to the Internet, thereby ensuring that the server infrastructure is secure.
Deployment Setup
Representation of a Possible Network Setup
NOTE:
Scenario
ZENworks Primary Servers are using SSL Certificates signed by an internal CA and Reverse Proxy Server is using an SSL certificate signed by an external CA.
Prerequisites
Prior to performing the procedure, you need to ensure that:
Procedure
#user nobody;
worker_processes 1;
events {
worker_connections 1024;
}
http {
include mime.types;
default_type application/octet-stream;
sendfile on;
keepalive_timeout 65;
#Allowing HTTP requests
#mention below the details of http servers, and their http port
server {
listen 80;
listen 192.168.116.129:80;
server_name ps1.acme.com alias ps1.alias;
#define the http endpoints for content and collection that should be routed via Nginx
location /zenworks-content {
proxy_pass http://192.168.116.129:80/zenworks-content/;
}
location /zenworks-setup {
proxy_pass http://192.168.116.129:80/zenworks-setup;
}
location /{
proxy_pass http://192.168.116.129:80/;
}
error_page 500 502 503 504 /50x.html;
location = /50x.html {
root html;
}
}
#Setting up HTTPS communication
#upstream directive can be used if there are multiple https servers to be routed via Nginx
#have multiple entries one for each server
upstream zenservers{
#ip_hash;
server 192.168.116.129:443;
keepalive 16;
}
#Mention the https port, ssl cert that will be presented by Nginx for the incoming requests
server {
listen 443 ssl;
ssl_certificate C:/nginx-1.12.2/certs/nginx.crt;
ssl_certificate_key C:/nginx-1.12.2/certs/nginx.key;
ssl_session_cache shared:SSL:1m;
ssl_session_timeout 5m;
ssl_ciphers HIGH:!aNULL:!MD5;
ssl_prefer_server_ciphers on;
#define the https endpoints that needs to be served via Nginx
location /endpoint/apple {
proxy_pass https://zenservers/endpoint/apple;
}
location /endpoint/android {
proxy_pass https://zenservers/endpoint/android;
}
location / {
proxy_pass https://zenservers;
proxy_http_version 1.1;
proxy_set_header Connection "";
}
}
}
For more information see:
For more information, see:
For more information, see Enrolling a Device.
Note: If you want to enroll an Android device in the work profile mode, create the Android Profile Enrollment Policy and assign it to a user in LDAP.
For more information, see Integrating ZENworks with Android Enterprise.
You can perform quick tasks such as Refresh, Lock and Install Bundle. You can now manage all your Android devices.
For more information, see Enrolling an Android device.
You can perform quick tasks such as Refresh, Lock, and Install Bundle. You can now manage all iOS devices.
For more information, see Enrolling an iOS device.
You can now enroll the DEP devices and manage them using the Nginx Reverse Proxy Server.
For more information, see Enrolling an iOS DEP device.
You can now register workstations and servers located in front of the proxy and the devices will be able to fetch the assignments and settings.