17.4 Content Role

This role enables the managed device to distribute content (bundles, policies, system updates, and patches) to other devices.

When you set up a device to function with a Content role, you must specify a Primary Server as its parent. The device with the Content role receives all content from its parent Primary Server. Any content you want hosted on a Satellite with the Content role must also be hosted on its parent Primary Server. If the content is not hosted on the new Primary Server, it is added.

17.4.1 Prerequisites to Configure the Content Role on a Satellite

If you have installed ZENworks with external certificates, you must complete the following tasks on the Satellite before configuring the Content role with SSL Enabled on a Satellite:

  1. Ensure that the Satellite has its own individual server certificate and private key.

    For detailed information on how to create to an external certificate, see Linux Installation Workflow in the ZENworks Server Installation.

  2. Import the external certificate by using the zac isc command on the Satellite.

    For more information about zac, see the zac man page (man zac) on the Satellites or see the ZENworks Command Line Utilities Reference.

    NOTE:You must import the external certificate each time you promote the Satellite to Content role.

17.4.2 Configuring the Content Role on a Satellite

  1. Select the check box next to Content, and click Configure. View the settings for the default configuration. You can edit the default configuration or click Add to create a configuration for a specific type of content. See below for information about adding or editing a configuration.

    Fill in the fields:

    Content Type: Select a Content Type (for example, Policy, Non-Patch Bundles, or System Update Server).

    NOTE:If you choose Imaging as the Content Type and configure the settings to replicate the Imaging content, these settings are automatically reflected in the Configure Imaging Content Replication dialog box invoked while configuring the Imaging role to the device. Similarly, the Imaging content replication settings configured while configuring the Imaging role to a device are automatically reflected in the Configure Content Type Replication dialog box invoked while configuring the Content role with the Imaging content type to the device.

    Throttle (in KB/sec): Select the throttle rate. This rate specifies the maximum rate at which content (in kilobytes per second) is replicated. The actual rate can be lower, depending on other factors, including the number of downloads.

    NOTE:The specified throttle speed only controls the rate at which ZENworks delivers content, it does not control the rate at which the NIC sends data to other applications. Thus the total bandwidth used by the server's NIC may be greater than the throttle speed set.

    To view the traffic from ZENworks alone, you need to filter on the ports configured for your server. For example 80 and 443.

    By default, from ZENworks 2020 Update 1 onwards, content is transferred from Primary Servers, in an encrypted form, to other Primary Servers, Satellite Servers and managed devices through a secure connection (HTTPS port 443). However, content between Satellite Servers and Managed Devices will continue to be transferred over port 80.

    SSL communication between ZENworks 2020 Update 1 and later Primary Servers and older agents is backward compatible. Hence, even if the managed devices are not updated to ZENworks 2020 Update 1 or later version, the content from the Primary Server will continue to be transferred to them over SSL. The Closest Server Rule for content over managed devices changes to HTTPS URLs, over the SSL port.

    Duration: Click the up-arrow or down-arrow to set the content update duration period in minutes. Depending on the Schedule Type and its options you select, you need to be aware of the following:

    • The End Time setting in all three scheduling types (Days of the Week, Month, and Fixed Interval) is not the true end time when the content update stops processing. The end time specifies the end of the time period during which an update can start. For Fixed Interval replication in a newly promoted Satellite Server, the replication starts with a minimum delay of 1 day.

      If you select Days of the Week or Month and set a random start and end time, the update starts between these times and continues for the specified duration. For example, if the Duration is set at the default of 60 minutes and the update starts 10 minutes before the specified end time, content is updated for the entire 60 minutes. The same concept applies for the Fixed Interval schedule. If Duration is set at the default of 60 minutes and the end time does not allow enough time for the specified duration, content is updated for the entire 60 minutes.

    • If the Primary Server contains too much content to update during the specified duration, the update continues at the next regularly scheduled time. Content that already exists on the Satellite device is not updated again. Content that was not updated during the previous update and any new content added to the Primary Server is updated.

    After the completion of content replication, if there is no content to replicate when the satellite queries for the missing content on the primary server, you can add more time in between the content replication retries in a given content replication duration. This will reduce the load on the primary server and the database.

    If there is no content to replicate, the satellite content query interval doubles each time. By default the first wait is 10 minutes. For instance, the first query interval would be at 10 minutes, the next at 20, then 40, 80, 160, and so on until the interval has reached the maximum wait time of 1440 minutes. At any point of time, if the content for replication is found, then the query interval is reset to 10 minutes.

    You can configure the initial wait time with the following registry key:

    For Windows:

    HKLM\SOFTWARE\Novell\ZCM: CDPRestartInterval (Reg_SZ): Seconds to wait

    For Linux:

    /etc/opt/novell/zenworks/conf/xplatzmd.properties CDPRestartInterval=Seconds to wait

    Schedule Type: Select a schedule for how often you want the Satellite’s content to be updated from the parent Primary Server:

    • No Schedule: If you select No Schedule, content is never automatically updated from the parent Primary Server. To manually replicate the content run the zac wake-cdp (cdp) command on the Satellite.

    • Recurring: Select Days of the Week, Monthly, or Fixed Interval, then fill in the fields. For more information, see Recurring.

      You should also consider the following:

      • We recommend you to set the schedule to 12 hours.

      • When you change the default Zone level Content Replication Schedule, the new schedule is not applied to the existing Satellite Servers that have been promoted to the Content role. For the new Content Replication Schedule to be applied to the promoted Satellite Servers, you can either demote and then promote the Satellite Servers to the Content role or you can edit the default Content Replication Schedule for each promoted Satellite Server.

    Be aware that the cleanup action for content occurs every night at midnight.

    If you do not set a schedule for a particular type of content, the <Default> schedule applies to all content of that type.

  2. Click OK to return to the Configure Content Role dialog box.

  3. Enable the Use SSL to transport data securely option to secure content transfer between the Satellite and managed devices. If you are using ZENworks Endpoint Security Antimalware, the Satellite must be enabled for SSL to serve ondemand content (malware signatures and scan engine updates) to a managed device's Antimalware Agent.

    NOTE:If you have installed ZENworks with external certificates, you must add an external certificate to the Satellite before enabling the SSL setting. For more information about adding an external certificate, see Configuring the Authentication Role on a Satellite.

  4. The Ondemand Content configuration has zone settings configured by default to manage content downloads and the content cache. If you want to override these settings for the Satellite, click Configure for On-demand Content.

  5. Click OK to return to the Add Satellite Server or Configure Satellite Server dialog box.

  6. Continue with Step 4.

  7. (Optional) Specify the content to host on the Content Server.

    If you want to specify the content that the Satellite hosts, you can include or exclude content from being replicated to it.

    If you want to include content that its parent Primary Server does not have, you must first add the content to the parent Primary Server.