Overview

This guide provides instructions on how to install ZENworks Mobile Workspace with graphical user interface. Before you start with the installation, it is recommended that you review your environment with the help of the integration document.

Installation

To start installation, browse to the location of the installation files on your computer. To run properly, installation must be started in privileged mode (as administrator).

Right-click on the 'install.bat' script and select Run as administrator. Then accept the security warning.

Language selection

A language selection panel is displayed. Select your language and click OK.

Welcome

The first page gives information about ZENworks Mobile Workspace. Click Next.

License agreement

In order to continue the installation, you must read and accept the terms of the presented license agreement.

Set installation path

The Installation folder selection screen displays. Select the location on your machine where ZENworks Mobile Workspace should be installed.

Click Browse, or enter the path in the textbox.

Click Next.

If the folder does not exist, a textbox pops up prompting you to click OK in order to create the specified folder.

Synchronization settings

Enter the settings for one of the following infrastructure configurations:

  • ZENworks Mobile Workspace with Active Directory

  • ZENworks Mobile Workspace with IBM Lotus Domino server

  • ZENworks Mobile Workspace with NetIQ eDirectory

Bind ZENworks Mobile Workspace with Active Directory

ZENworks Mobile Workspace with Active Directory
Figure 1. ZENworks Mobile Workspace with Active Directory

To set up LDAP synchronization with Active Directory, ensure to fill in the following required information:

  • LDAP hostname (e.g. ldap://example.local): The URL of your Active Directory domain (or single Active Directory Domain Controller).

  • LDAP base (e.g. dc=example,dc=local): The base context under which users to synchronize are located in Active Directory.

  • Domain name alias (e.g. example): The ZENworks Mobile Workspace domain that end users may use to login into the workspace. (e.g. With the domain alias example.local,” end users will be allowed to login with username@example.local.)

  • Username for LDAP queries (e.g. bind-user@example.local): A service account with read rights.

  • Password for LDAP queries: The password related to the above account.

Bind ZENworks Mobile Workspace with an IBM Lotus Domino server

ZENworks Mobile Workspace with IBM Lotus Domino Server
Figure 2. ZENworks Mobile Workspace with IBM Lotus Domino server

ZENworks Mobile Workspace, when used with your own Lotus Domino server, will synchronize groups and users with the LDAP server within your Domino environment. You will need to enter the following information to accommodate that:

  • LDAP hostname (e.g. ldap://ldap.domino.local): The URL of your Lotus Domino server

  • LDAP base: Leave blank.

  • Domain name alias (e.g. domino): The ZENworks Mobile Workspace domain that end users may use to login into the workspace. (e.g. With the domain alias domino end users will be allowed to login with username@domino.)

  • Username for LDAP queries (e.g. bind-user): An user’s account with read rights.

  • Password for LDAP queries: The password related to the above account.

Bind ZENworks Mobile Workspace with NetIQ eDirectory

ZENworks Mobile Workspace with NetIQ eDirectory
Figure 3. ZENworks Mobile Workspace with NetIQ eDirectory

ZENworks Mobile Workspace, when used with NetIQ eDirectory, will synchronize groups and users with your eDirectory server. You will need to enter the following information to accommodate that:

  • LDAP hostname (e.g. ldap://edirectroy.example.local): The URL of your eDirectory server

  • LDAP base (e.g. O=example): The base context under which users to synchronize are located in the LDAP directory.

  • Domain name alias (e.g. groupwise): The ZENworks Mobile Workspace domain that end users may use to login into the workspace. (e.g. With the domain alias groupwise end users will be allowed to login with username@groupwise.)

  • Username for LDAP queries (e.g. cn=bind-user,ou=users,O=example): The distinguished name (DN) of an account with read rights.

  • Password for LDAP queries: The password related to the above account.

If you want to use a limited rights account for the eDirectory synchronization, the selected account needs to have read rights to the CN attribute for group objects.

ZENworks Mobile Workspace External address

In this panel you must specify the external address which will be used by the ZENworks Mobile Workspace client to reach the server. The address must be entered as it will be seen from the internet.

Trusted TLS/SSL certificate

To follow the best practices, we strongly recommend to purchase a TLS/SSL certificate from a well-known certificate authority. This is mandatory to ensure best in class security and user friendliness.

ZENworks Mobile Workspace in front

The presented certificate will be directly installed on ZENworks Mobile Workspace server. You will be able to provide the certificate in the next panel.

ZENworks Mobile Workspace in front
Figure 4. ZENworks Mobile Workspace in front
ZENworks Mobile Workspace behind a reverse proxy

The presented certificate is installed on a reverse proxy. You will be requested to install a certificate in the next panel.

Note: You can connect iOS devices to ZENworks Mobile Workspace by importing the wildcard certificate to the reverse proxy server. However, to connect Android devices to ZMW, you need to import the entire certificate chain to the reverse proxy server.

ZENworks Mobile Workspace behind reverse proxy
Figure 5. ZENworks Mobile Workspace behind proxy

Internally signed TLS certificate

If you have an internal PKI, you could use your certificate signed by your CA but the CA certificate must be installed and trusted on the device as well. You will be able to provide the certificate in the next panel.

Internally signed TLS certificate
Figure 6. Internally signed TLS certificate

Self-Signed TLS certificate

Self-signed certificates are not accepted by mobile constructor. Therefore, no TLS connection can established using this method. Use HTTP connection instead.

Self-signed TLS certificate
Figure 7. Self-Signed TLS certificate

ZENworks Mobile Workspace Encryption only

For testing or demonstration purpose, it is possible to use ZENworks Mobile Workspace without TLS connection. Then, only the ZENworks Mobile Workspace encryption will keep your data safe.

ZENworks Mobile Workspace Encryption only
Figure 8. ZENworks Mobile Workspace Encryption only

Import TLS certificate

If you have chosen to expose an HTTPS connection in the previous panel, please provide the TLS certificate in PKCS12 format and enter the private key password.

If you have chosen to expose an HTTP connection, this panel will be skipped.

Email settings

Enter the settings that match your mail server:

  • Server type (e.g. Exchange, Office365, Domino or GroupWise): Select the type of mail server you have according to your infrastructure. If you select Office365, Connect using TLS ? and Hostname fields will be automatically filled in.

  • Hostname (e.g. exchange.example.com): The hostname or ip address of your mail server.

  • Connect using TLS ?: Select it if your Exchange server needs to be connected with an SSL connection. For Domino, please follow instructions in the knowledge base article: Enable TLS Connection Between ZENworks Mobile Workspace and IBM Domino

  • Always trust TLS connection: This option must be used only if your mail server does not use an TLS certificate signed by a trusted CA or uses a self-signed certificate.

  • Username and password for test: Enter username or password if you want to test entered information.

Document Server Settings

Use this panel to enter the configuration of your Document server:

  • Full URL This is the location of the CMIS service.

  • Always trust TLS connection This option is only used when the service requires TLS connection, but there are some issues with certificate or the trust chain.

  • You can test your connection settings with Test Connection button.

Installer Processes

The Pack installation progress bar will appear. When finished, click Next.

The processing installer jobs will scroll and finish, click Next.

The installation completes! Click Done.

ZENworks Mobile Workspace services

Once the installation completed, the ZENworks Mobile Workspace server service is started automatically.

If you open the Services.msc console, you can verify that both the Database and the Server services are running.

Starting ZENWorks services
Figure 9. Starting ZENWorks services

To ensure that the server is running correctly, try to open the Administration console using a local Web browser: http://localhost:8080/sense/secserver