Recently I've been busy working with customers to implement ZENworks Configuration Management (ZCM). My posts in the coming days and weeks will discuss the key points when considering a ZCM deployment.
So let us start with a couple of fundamentals, what do we really need to be in place before we start anything.
DNS Forward and reverse lookups must be functional to and from all severs and workstations. We use forward and reverse look-ups in our certificate operations such as when a device checks in, when we hook into Casa for eDir/AD operations, and remote control operations.
Time Synchronisation All managed devices, primary servers and the DB server should be sync'd as close as possible. Certain operations in ZCM are session based and therefore rely on accurate time between the two parties.
If you have any ideas on subject matter, please feel free to leave feedback.
The aim here is to start the discussion not give everything away
I hope you'll also make a post about using certificates (External CA).
Isn't it possible to change the installer that it verifies all the certificates before it starts to copy and installing all software?
Right now you need to specify you cert,key,CA , next it starts to install (15-20min) and then it may tell you that there were some issues during installation because there was something wrong with your certificates. Waste of time ;(
We also encounter some high CPU utilization with the Adaptive agent on windows XP clients. Machine becomes slower after we installed the agent.
The main sticky points I see with DNS are making sure that the URL used to connect to the Primary Server is the same DNS name as the server itself. So long as the CA has signed the cert of the primary server (performed during the Primary Server install) and the DNS name used to connect matches the servers cert exactly, all's well with the world.
If you want to connect using different IP/DNS names, such as in a NAT environment, they are ways around those problems. Firstly, you can populate "Additional DNS names" and "Non-detectable IP addresses" to tell the primary server about other connection methods. Secondly, you can tell the client to ignore name matching with a reg key. Is that what you went with?
I have had hours and hours of fun (not) with DNS causing issues. Ironically, this was with a fresh DNS configuration in our AD environment and ZCM was the only thing that had problems. It was frustrating because everybody said DNS DNS DNS but finding and fixing the problem was virtually impossible. Thankfully, because of a good (female) tech @ Novell I figured out how to work around the particular issue.
As far as time sync issues? Ouch. My time wasn't in sync before the installation of ZCM so all my certs were bad (date was out of whack too for some stupid reason). That's what I get for using prebuilt lab images that weren't on the domain first.
What about changing the IP address? That one nailed me hard a few times as I tend to forget to static the IP before installing ZCM. Changing it after the fact resulted in services not starting anymore. Yay! One more reinstall for the road!
Oh, and System Update on my primary server caused all my secondary servers running PXE services at remote sites to also go to 100% cpu utilization.
ZCM is a little more bleeding edge than leading edge in my environment. But it does have awesome potential.