Help setting up remote agent access
I'm trying to set up our system so ZENworks agents running on laptops that are outside our office network (usually at home) can access our ZCM 2020.1 primary and only server. I don't have a DMZ so I need to do a static NAT between a public IP and the ZCM server. I have a number of questions.
So far I have opened up ports 443, 2645, 5550 and 7628 thru the firewall. Are there other ports that need to be opened for the agent to communicate with the server?
It says that 'Location Awareness' as opposed to 'Location Awareness Lite' is more reliable and quicker but you need to have drivers installed for it but doesn't say where you get those drivers. Are they part of the normal ZCM agent install or is this some additional software I need to install on each laptop? If so, where do I find it?
Can I use the 'Unknown' location to be everything but the office? If so, then I would use the public DNS name I have set up for the ZCM server? However under 'Location Closest Servers' it looks like it wants me to pick something that is already defined in the ZCM environment?
It says that 'Location Awareness' as opposed to 'Location Awareness Lite' is more reliable and quicker.
Yeah....it "SAYS" that but is totally bogus. There is zero difference in reliability, functionality, or speed between the two. The LONE exception is that if you want to use a wireless SSID for the location, you need Full.
If you have the ZESM Agent Component installed, your PC will use full regardless and load the needed drivers. "Lite" is only used when ZESM is not installed and you have "Lite Enabled". I've never seen anyone using SSID for locations.....and if you are not there is not any reason to specifically enable "FULL".
Yes, it would be "OK" to use "UNKNOWN" for Internet Devices and something else for devices in your network.
If I'm not totally wrong... :
In ZCC you would need to setup additional dns and/or ip-addresses for the server in Settings - Infrastructure Management:
Non-detectable IP-Addresses / Additional DNS-Names - add the information the clients need to contact the server from outside.
Good Tips...and all the more reason to be able to have a 2nd Primary just for Internet users.
So now I am trying to set up remote control of the WS when the WS is on the Internet connected wirelessly to an access point. So that WS has a private IP address. I have opened the remote management ports in the firewall to the ZCM server.
I can confirm that the agent can contact the server because the "Last Contact with Server" time on the agent on the WS shows the current time. Curiously, when looking in ZCC at the WS, the "Last Contact" time doesn't seem to update even when I waited for 5 or 10 minutes. What is the refresh period for this parameter in the ZCC?
When I try to do remote control of the WS from the ZCC, I am presented with either doing a connection via DNS name (well that won't work because the DNS name of the WS is not broadcast on the Internet) or doing it by IP (well that won't work because the WS sits behind an Access Point and has a private IP address). Is remote controlling a WS outside the network just not possible with ZENworks?
Yes, it is supported. You need to configure a "Join Proxy" for your "Internet Location" devices.
In short, how the JoinProxy works is that when a device is in a location configured to use a "Joinproxy", its remote control agent will connect to the JP when it starts up and stays connected. The ZENworks DB is then updated to note which JP the device is connected. When an admin tries to remote control that device, it will not connect to the device, but contact the JP which will act as a relay and uses the connection already established by the home device.