Anonymous_User Absent Member.
Absent Member.
3236 views

ZCM basics..

Hi,

we are using ZDM7 and have basic questions about ZCM..

I did some quick browsing through the documentation and got the
impression that Application, policy and workstation information is now
stored in the ZenDB, not in eDir, correct?

If so, there is no ws import to eDir anymore?
How would we then eg. associate printers to workstations or give file
rights to workstations?


-sk
Labels (2)
0 Likes
6 Replies
Anonymous_User Absent Member.
Absent Member.

Re: ZCM basics..

We just started the initial stages of migrating workstations yesterday.

You are correct - ZCM 10 does not modify eDirectory schema. It does not
even require eDirectory (though I do not see why you would do it that
wya, but it's just me).

If you run the ZCM migration tool, you can import all (or however many
you want) of your existing ZEN 6/7 workstations into the new ZCM system
as "discovered devices". It'll create folders in the new system that
are based on your OU structure in eDir. It'll store the ZEN 6/7
workstation object GUID in the ZCM database, so that when you DO finally
upgrade to the new ZCM agent, it'll know to stick the ZCM workstation
object in the folder that corresponded to your eDir's OU structure.

I believe you can also migrate policies with this tool ... so you could
then either migrate an existing policy to the new system or make a new
one, and associate it to the workstations in your ZCM 10 system.

All ZCM 10 docs are here:
http://www.novell.com/documentation/zcm10/index.html

The migration guide is here:
http://www.novell.com/documentation/zcm10/zcm10_zen_migration/data/bookinfo.html

Sami Kapanen wrote:
> Hi,
>
> we are using ZDM7 and have basic questions about ZCM..
>
> I did some quick browsing through the documentation and got the
> impression that Application, policy and workstation information is now
> stored in the ZenDB, not in eDir, correct?
>
> If so, there is no ws import to eDir anymore?
> How would we then eg. associate printers to workstations or give file
> rights to workstations?
>
>
> -sk

0 Likes
Anonymous_User Absent Member.
Absent Member.

Re: ZCM basics..

Jeremy Mlazovsky wrote:
>
> If you run the ZCM migration tool, you can import all (or however many
> you want) of your existing ZEN 6/7 workstations into the new ZCM system
> as "discovered devices".


Yes, migrations seems to be covered pretty well - as it should.

But when running ZCM you don't get workstation objects to eDirectory at
all anymore?!

Not able to give file rights to workstations, as there are no objects in
eDir.
Same for associating printers or iprint policies.
WSBrowser not usable anymore.

-sk
0 Likes
Anonymous_User Absent Member.
Absent Member.

Re: ZCM basics..

In ZCM, the system gas read-only access to whatever data source(s) you
attach to (e.g. eDir and AD).

All of the details necessary to manage the Bundles, workstations, etc
are all stored in ZCM's embedded database. This approach has some
potential, though it does force you to rethink how you do things now.

As you mentioned, one of the biggest things we need to come to terms
with is not being able to rely on hooks in eDir for defining file system
rights on NSS volumes. We have been using that for about 5 years now.
Our ZCM server has a lot of disk space, so most of the apps that were
stored on OES servers with NSS volumes have been reproduced on our ZCM
server and stored in the ZCM server's content repository.

The issue we need to deal with is going to be how we handle assigning
file system rights to large apps like AutoCAD which don't necessarily
make sense in our environment to copy the entire installation DVD
locally and then installing from there. We currently assign those file
rights through a ZEN app object and then by associating the app to
groups, grant access that way. It won't be neat and tidy any more,
especially now that we are using Bundle Groups as "super groups" (a ZCM
group consisting of multiple eDir groups as members). It makes Bundle
association much easier since we have to associate numerous groups to
each app, but there isn't equivalent super groups in eDir.

WSBrowser may not be necessary in ZCM (but that is your call). The
web-based management interface is pretty intuitive once you get used to
it. And oyu can do searches from just about anywhere for things like
workstation devices.

Sami Kapanen wrote:
> Jeremy Mlazovsky wrote:
>> If you run the ZCM migration tool, you can import all (or however many
>> you want) of your existing ZEN 6/7 workstations into the new ZCM system
>> as "discovered devices".

>
> Yes, migrations seems to be covered pretty well - as it should.
>
> But when running ZCM you don't get workstation objects to eDirectory at
> all anymore?!
>
> Not able to give file rights to workstations, as there are no objects in
> eDir.
> Same for associating printers or iprint policies.
> WSBrowser not usable anymore.
>
> -sk

0 Likes
Anonymous_User Absent Member.
Absent Member.

Re: ZCM basics..

Jeremy Mlazovsky,

> We currently assign those file rights through a ZEN app object and then by associating the app to groups, grant access that way. It won't be neat and tidy any more, especially now that we are using Bundle Groups as "super groups" (a ZCM group consisting of multiple eDir groups as members). It makes Bundle association much easier since we have to associate numerous groups to each app, but there isn't equivalent super groups in eDir.


Giving Public read rights to the install locations on the file server
would also give the workstations rights, but then that COULD be a little
to open for some.

Just a thought.

--
Jared Jennings - Data Technique, Inc.
Novell Support Forums Sysop
My Blog and Wiki with Tips, Tricks, and Tutorials
http://jaredjennings.org
0 Likes
Anonymous_User Absent Member.
Absent Member.

Re: ZCM basics..

The idea is to have the install files available through the content system,
with that no filesystemaccess is needed.

Ron

"Jared Jennings" <jaredljenningsNO@SPAMmyrealbox.com> wrote in message
news:0YiNi.8119$NG7.838@kovat.provo.novell.com...
> Jeremy Mlazovsky,
>
>> We currently assign those file rights through a ZEN app object and then
>> by associating the app to groups, grant access that way. It won't be
>> neat and tidy any more, especially now that we are using Bundle Groups as
>> "super groups" (a ZCM group consisting of multiple eDir groups as
>> members). It makes Bundle association much easier since we have to
>> associate numerous groups to each app, but there isn't equivalent super
>> groups in eDir.

>
> Giving Public read rights to the install locations on the file server
> would also give the workstations rights, but then that COULD be a little
> to open for some.
>
> Just a thought.
>
> --
> Jared Jennings - Data Technique, Inc.
> Novell Support Forums Sysop
> My Blog and Wiki with Tips, Tricks, and Tutorials
> http://jaredjennings.org



0 Likes
Anonymous_User Absent Member.
Absent Member.

Re: ZCM basics..

I understand that idea, and in some scenarios it is a valid option.

But when we get to REALLY big batches of installation files that can be
miltiple gigs in size (*ahem*, I am looking at you, AutoDesk software),
copying the files locally and then installing from there is a waste of
time, bandwidth, and disk space. Especially when a lot of the files are
only ever accessed for installation purposes in some rare scenarios
where one person needs to install a way out there toolbar or something.

I tried testing the Install Directory action to see how painful this
would be, but as you are probably aware there was a bug in the original
release of ZCM in which all subdirectories and their contents were
dumped into the destination directory on the workstation without any of
the sub-directory structure.

So, instead of having a root dir with a setup.exe file and a whole bunch
of subdirs, I had a root dir with NO subdirs but all of the files in
those subdirs sitting there in the root dir.

I don't see that listed as a known issue in the recently updated README,
and I have downloaded the ZCM v10.0.1 ISSs, so we'll see how things go.

Ron van Herk wrote:
> The idea is to have the install files available through the content system,
> with that no filesystemaccess is needed.
>
> Ron
>
> "Jared Jennings" <jaredljenningsNO@SPAMmyrealbox.com> wrote in message
> news:0YiNi.8119$NG7.838@kovat.provo.novell.com...
>> Jeremy Mlazovsky,
>>
>>> We currently assign those file rights through a ZEN app object and then
>>> by associating the app to groups, grant access that way. It won't be
>>> neat and tidy any more, especially now that we are using Bundle Groups as
>>> "super groups" (a ZCM group consisting of multiple eDir groups as
>>> members). It makes Bundle association much easier since we have to
>>> associate numerous groups to each app, but there isn't equivalent super
>>> groups in eDir.

>> Giving Public read rights to the install locations on the file server
>> would also give the workstations rights, but then that COULD be a little
>> to open for some.
>>
>> Just a thought.
>>
>> --
>> Jared Jennings - Data Technique, Inc.
>> Novell Support Forums Sysop
>> My Blog and Wiki with Tips, Tricks, and Tutorials
>> http://jaredjennings.org

>
>

0 Likes
The opinions expressed above are the personal opinions of the authors, not of Micro Focus. By using this site, you accept the Terms of Use and Rules of Participation. Certain versions of content ("Material") accessible here may contain branding from Hewlett-Packard Company (now HP Inc.) and Hewlett Packard Enterprise Company. As of September 1, 2017, the Material is now offered by Micro Focus, a separately owned and operated company. Any reference to the HP and Hewlett Packard Enterprise/HPE marks is historical in nature, and the HP and Hewlett Packard Enterprise/HPE marks are the property of their respective owners.