Big news! The community will be moving to a new platform April 21. Read more.
Big news! The community will be moving to a new platform April 21. Read more.
Commodore
Commodore
176 views

Help setting up remote agent access

I'm trying to set up our system so ZENworks agents running on laptops that are outside our office network (usually at home) can access our ZCM 2020.1 primary and only server.  I don't have a DMZ so I need to do a static NAT between a public IP and the ZCM server.  I have a number of questions.

So far I have opened up ports 443, 2645, 5550 and 7628 thru the firewall.  Are there other ports that need to be opened for the agent to communicate with the server?

It says that 'Location Awareness' as opposed to 'Location Awareness Lite' is more reliable and quicker but you need to have drivers installed for it but doesn't say where you get those drivers.  Are they part of the normal ZCM agent install or is this some additional software I need to install on each laptop?  If so, where do I find it?

Can I use the 'Unknown' location to be everything but the office?  If so, then I would use the public DNS name I have set up for the ZCM server?  However under 'Location Closest Servers' it looks like it wants me to pick something that is already defined in the ZCM environment?

Thanks,

Dan

Labels (3)
0 Likes
6 Replies
Micro Focus Expert
Micro Focus Expert

It says that 'Location Awareness' as opposed to 'Location Awareness Lite' is more reliable and quicker.

Yeah....it "SAYS" that but is totally bogus.  There is zero difference in reliability, functionality, or speed between the two.  The LONE exception is that if you want to use a wireless SSID for the location, you need Full.

If you have the ZESM Agent Component installed, your PC will use full regardless and load the needed drivers.  "Lite" is only used when ZESM is not installed and you have "Lite Enabled".  I've never seen anyone using SSID for locations.....and if you are not there is not any reason to specifically enable "FULL".

--
Please give a hearty thumbs up to any post you find helpful!
To find articles by Craig Wilson simply follow the link: Craig Wilson's Tips!
Micro Focus Expert
Micro Focus Expert

Yes, it would be "OK" to use "UNKNOWN" for Internet Devices and something else for devices in your network.

--
Please give a hearty thumbs up to any post you find helpful!
To find articles by Craig Wilson simply follow the link: Craig Wilson's Tips!
0 Likes
Commodore
Commodore

If I'm not totally wrong... :

In ZCC you would need to setup additional dns and/or ip-addresses for the server in Settings - Infrastructure Management:

Non-detectable IP-Addresses / Additional DNS-Names - add the information the clients need to contact the server from outside.

0 Likes
Micro Focus Expert
Micro Focus Expert

Good Tips...and all the more reason to be able to have a 2nd Primary just for Internet users.

--
Please give a hearty thumbs up to any post you find helpful!
To find articles by Craig Wilson simply follow the link: Craig Wilson's Tips!
0 Likes
Commodore
Commodore

So now I am trying to set up remote control of the WS when the WS is on the Internet connected wirelessly to an access point.  So that WS has a private IP address.  I have opened the remote management ports in the firewall to the ZCM server. 

I can confirm that the agent can contact the server because the "Last Contact with Server" time on the agent on the WS shows the current time.  Curiously, when looking in ZCC at the WS, the "Last Contact" time doesn't seem to update even when I waited for 5 or 10 minutes.  What is the refresh period for this parameter in the ZCC?

When I try to do  remote control of the WS from the ZCC, I am presented with either doing a connection via DNS name (well that won't work because the DNS name of the WS is not broadcast on the Internet) or doing it by IP (well that won't work because the WS sits behind an Access Point and has a private IP address).  Is remote controlling a WS outside the network just not possible with ZENworks?

Thanks,

Dan

0 Likes
Micro Focus Expert
Micro Focus Expert

Yes, it is supported.  You need to configure a "Join Proxy" for your "Internet Location" devices.

https://www.novell.com/documentation/zenworks-2020/zen_rm_wrkflw_join_proxy/data/zen_rm_wrkflw_join_proxy.html

In short, how the JoinProxy works is that when a device is in a location configured to use a "Joinproxy", its remote control agent will connect to the JP when it starts up and stays connected.  The ZENworks DB is then updated to note which JP the device is connected.  When an admin tries to remote control that device, it will not connect to the device, but contact the JP which will act as a relay and uses the connection already established by the home device.

--
Please give a hearty thumbs up to any post you find helpful!
To find articles by Craig Wilson simply follow the link: Craig Wilson's Tips!
The opinions expressed above are the personal opinions of the authors, not of Micro Focus. By using this site, you accept the Terms of Use and Rules of Participation. Certain versions of content ("Material") accessible here may contain branding from Hewlett-Packard Company (now HP Inc.) and Hewlett Packard Enterprise Company. As of September 1, 2017, the Material is now offered by Micro Focus, a separately owned and operated company. Any reference to the HP and Hewlett Packard Enterprise/HPE marks is historical in nature, and the HP and Hewlett Packard Enterprise/HPE marks are the property of their respective owners.