Out of the box, ZENworks Configuration Management provides a standards-based, three-tier, services-oriented architecture that allows you to manage devices over the Internet without disrupting your network infrastructure. Separating components into different tiers makes it easier to change business logic or add new modules without affecting other tiers of the architecture.
The server-side infrastructure consists of two tiers. The first tier provides Web services, including object-to-relational mapping and data-model APIs. The second tier comprises the file system for storing actual files, the database for storing ZENworks information, and the optional identity store (eDirectory or Active Directory) for performing user-based resource management. The third tier consists of the ZENworks Adaptive Agent on managed devices.
The following diagram is a visual representation of the three-tier web services architecture (including the optional connection to a user source) of ZENworks Configuration Management.
Figure B-1 Web Services Architecture
Because it is a fully Web-based application, ZENworks Configuration Management uses Web services as the primary mechanism for communications between management servers, managed clients, identity and object stores, and the management console. No proprietary protocols are used.
The following sections contain more information:
HTTP or HTTPS: Used for communication from managed clients to the server.
SOAP over HTTPS: Used for communication from the server to the ZENworks Adaptive Agent on managed devices.
LDAP: Used for integration with eDirectory or Active Directory identity stores.
SOAP: Used for zone administration win zman.
SSL: Used for secure communications with managed devices and the management console. This allows devices located anywhere to be managed from anywhere, even beyond the corporate firewall.
The following graphic illustrates this:
Figure B-2 ZENworks System Diagram
A ZENworks Primary Server delivers the back-end infrastructure of ZENworks Configuration Management. The following items are the components of the ZENworks primary server:
Apache Tomcat is a servlet container that provides Web serving, Java servlet hosting, and SSL encryption and authorization.
Extend WSSDK provides the core SOAP infrastructure.
Java servlets implement feature-specific functionality.
The data model abstracts the storage layer from the Web services.
The database stores relationships, configuration management data, and inventory.
The Content Repository contains images, files, and other bundle content.
The following diagram is a visual representation of the Primary Server (ZENServer) architecture:
Figure B-3 Primary Server Architecture
Advantages of this simplified architecture include:
Time to value: The new architecture allows you to install ZENworks Configuration Management with just a few mouse-clicks. Very little administrator input is required to install a Primary Server, and it typically takes only 35 minutes from the time you drop the CD into the tray until you can actually be discovering and managing devices on your network. The ZENworks Adaptive Agent is installed and managed from the central management console, eliminating the need for IT to touch each individual device. The system connects non-disruptively to your identity stores—Active Directory and Novell eDirectory—requiring no changes to your security policies. Because it’s based on more than two years of human factors research and input from users, the user interface works the way you work, so you can be productive almost immediately.
Deployment flexibility: Configuration management tool should be deployed in a manner that harmonizes with the existing IT infrastructure. The architecture of ZENworks Configuration Management is designed with this requirement in mind, providing the flexibility to deploy the solution in a wide range of IT environments with minimal change management barriers. For example, it can be deployed as a departmental solution or enterprise-wide, without requiring new operating systems, database administration skills, or non-standard communication protocols.
Reduced wire traffic: Metadata is retrieved in a single request or response by using SOAP calls. This minimizes the network traffic devoted to management, in contrast to architectures that must make multiple calls to retrieve raw data for business logic located on the client.
A single client agent: Legacy management practices have created a need for multiple agents, which must be installed, updated, and patched individually, to handle various management tasks. The new ZENworks Configuration Management architecture features a single ZENworks Adaptive Agent that requires just one installation, then dynamically “shrinks” or “expands” according to specific management needs.
The ZENworks Adaptive Agent consists of the following components:
The primary agent is responsible for maintaining connectivity to the ZENworks Primary Servers and listening for requests from the server. This component is implemented as a Windows service and is started at system startup time.
A core set of plug-ins provides common services required by most features. These plug-ins include the trigger and event scheduling system (TESS) components, caching components, components to implement features such as system shutdown and reboot.
Other features are also implemented by plug-ins to the ZENworks Adaptive Agent. These plug-ins include the Bundle plug-in, Policy plug-in, Inventory plug-in, Remote Management plug-in, and Patch Management plug-in. These plug-ins leverage the core plug-ins and the primary agent to retrieve information from the Primary Server. For instance, the Bundle plug-in is responsible for installing of Windows, File, and Directive bundles.
The Policy plug-in is also divided into multiple components. These components are the Policy Manager, which identifies the effective policies, and the Policy Enforcers, which are platform-specific components that understand how to implement policies.
During Adaptive Agent installation, all the components are installed on the managed device and are activated as needed.
The communication between the ZENworks Adaptive Agent and the ZENworks Primary Server is generally implemented as a standard Web session. Unlike previous versions of ZENworks, the Adaptive Agent does not maintain a session with the Primary Server. Instead, it makes an HTTPS request, receives information it needs, and then disconnects from the Server. The Adaptive Agent also includes an HTTPS listener that is implemented on TCP port 2544. The purpose of this listener is to allow a Primary Server to initiate partial or full refreshes remotely. The result of a refresh is the immediate initiation of task on the device.
The following graphic depicts the ZENworks Adaptive Agent architecture and how the Server and Agent pieces interact with each other:
Figure B-4 ZENworks Adaptive Agent Architecture
Modular three-tier services oriented architecture: Standard protocols are used for IT over public and private networks, as well as for communications between the solution’s three tiers:
All general business logic resides on the server, allowing complete flexibility in system-wide updates and keeping client-specific updates to a minimum.
The single agent is tailored in size and functionality for the specific managed device, enabling the most efficient delivery and policy enforcement.
An SQL database provides an industry-standard method for integrating the solution with IT and business systems.
Management Zones: Users and devices can be grouped together to form management zones, which provide a single, authoritative source for all configuration information applicable to the members of the Management Zone. All managed devices are registered to a single ZENworks Management Zone.