Micro Focus Contributor
Micro Focus Contributor
2722 views

Disable ZCC on DMZ primary

The customer is about to get a ZCM 11 primary in the DMZ to service devices when they are off the network. It will be running on SLES 11 sp1 x64. They don't want anyone to be able to access the ZCC or even the server/zenworks-setup page from the internet. Is there a supported way to block those management/deployment pages while still allowing 80 and 443 to work for the required agent communication?

I found the following article which looks good, but it would like support's opinion first.
Restrict Access to ZENworks Control Center | Novell User Communities

Is there a TID or something in the documentation that explains how this can be done? Thank you
Labels (2)
0 Likes
6 Replies
Micro Focus Expert
Micro Focus Expert

Re: Disable ZCC on DMZ primary

The Support Forums are also unofficial support, much like the Cool
Solutions article you have linked.

I recall testing this a while back and it seemed to work.
I don't recall any issues, but perhaps I'm just blocking bad memories 😆

I'm not aware of any other published methods besides those listed in the
article as well as FW/Router Rules.

Best to Test in your environment, especially since this article
pre-dates ZCM 11.

On 5/24/2011 12:06 PM, dschaldenovell wrote:
>
> The customer is about to get a ZCM 11 primary in the DMZ to service
> devices when they are off the network. It will be running on SLES 11 sp1
> x64. They don't want anyone to be able to access the ZCC or even the
> server/zenworks-setup page from the internet. Is there a supported way
> to block those management/deployment pages while still allowing 80 and
> 443 to work for the required agent communication?
>
> I found the following article which looks good, but it would like
> support's opinion first.
> 'Restrict Access to ZENworks Control Center | Novell User Communities'
> (http://www.novell.com/communities/node/9662/restrict-access-zenworks-control-center)
>
> Is there a TID or something in the documentation that explains how this
> can be done? Thank you
>
>



--
Craig Wilson - MCNE, MCSE, CCNA
Novell Knowledge Partner

Novell does not officially monitor these forums.

Suggestions/Opinions/Statements made by me are solely my own.
These thoughts may not be shared by either Novell or any rational human.
0 Likes
Anonymous_User Absent Member.
Absent Member.

Re: Disable ZCC on DMZ primary

If you have the device behind Access Manager or UAG you could restrict
URLs too.

--
Jared Jennings
Senior Systems Engineer, Computer Integrated Services (CIS)
http://www.ciscony.com

My Blog and Wiki with Tips, Tricks, and Tutorials
http://jaredjennings.org
Twitter@ jaredljennings
0 Likes
reni2 Absent Member.
Absent Member.

Re: Disable ZCC on DMZ primary

dschaldenovell;2108809 wrote:
The customer is about to get a ZCM 11 primary in the DMZ to service devices when they are off the network. It will be running on SLES 11 sp1 x64. They don't want anyone to be able to access the ZCC or even the server/zenworks-setup page from the internet. Is there a supported way to block those management/deployment pages while still allowing 80 and 443 to work for the required agent communication?

I found the following article which looks good, but it would like support's opinion first.
Restrict Access to ZENworks Control Center | Novell User Communities

Is there a TID or something in the documentation that explains how this can be done? Thank you



Did you ever manage to secure the zcc or hide it from your dmz server? I'm looking for a solution now to.

- Rgds,

Rene
0 Likes
Micro Focus Expert
Micro Focus Expert

Re: Disable ZCC on DMZ primary

This should be documented now or soon.
If cannot find good details, an SR may help.

On 4/12/2013 5:46 AM, reni wrote:

> Did you ever manage to secure the zcc or hide it from your dmz server?
> I'm looking for a solution now to.
>
> - Rgds,
>
> Rene
>
>



--
Craig Wilson - MCNE, MCSE, CCNA
Novell Knowledge Partner

Novell does not officially monitor these forums.

Suggestions/Opinions/Statements made by me are solely my own.
These thoughts may not be shared by either Novell or any rational human.
0 Likes
shaunpond Absent Member.
Absent Member.

Re: Disable ZCC on DMZ primary

0 Likes
gleach1 Absent Member.
Absent Member.

Re: Disable ZCC on DMZ primary

is there any particular reason that you can't use a satellite server for what you want to do?

as to my understanding all a primary gives you over a sat server is the ability to register devices, if you just need content, policies and so on maybe consider using a satellite instead?

0 Likes
The opinions expressed above are the personal opinions of the authors, not of Micro Focus. By using this site, you accept the Terms of Use and Rules of Participation. Certain versions of content ("Material") accessible here may contain branding from Hewlett-Packard Company (now HP Inc.) and Hewlett Packard Enterprise Company. As of September 1, 2017, the Material is now offered by Micro Focus, a separately owned and operated company. Any reference to the HP and Hewlett Packard Enterprise/HPE marks is historical in nature, and the HP and Hewlett Packard Enterprise/HPE marks are the property of their respective owners.