18.2 Installing ZENworks 7 Desktop Management with SP1 in a Windows Environment

Use the following information if you are performing a new installation of ZENworks 7 Desktop Management with Support Pack 1 in a Windows environment:

18.2.1 Preparing ZENworks 7 Desktop Management with SP1 for Installation in a Windows Network Environment

Expected Network Setup

The following Windows network setup is assumed for the back end of this sample Windows environment:

  • A Windows Server 2003 (SRV-01), to serve as the Active Directory Domain Controller of an Active Directory domain.

  • The ZENworks 7 Middle Tier Server with SP1 installed on a Windows Server 2003 server (SRV-02) where Microsoft IIS is installed. This server must be in the same domain as the Active Directory Domain Controller. It can be the same server that has ZENworks software installed, but you should consider keeping the IIS server independent to minimize performance issues. You must also keep it on a separate server from the Password Synchronization Module in Identity Manager.

  • The ZENworks 7 Desktop Management Server with SP1 installed on a Windows Server 2003 (SRV-03) with Novell eDirectory, the Novell Client, Novell ConsoleOne, Identity Manager 3 Bundle Edition, and Novell iManager 2.6 installed. This server must be in the same domain as the Active Directory Domain Controller, but it is not the domain controller.

For information about the user workstation configuration options for ZENworks in a Windows environment, see ZENworks Desktop Management User Workstation Configuration Options.

ZENworks Desktop Management User Workstation Configuration Options

ZENworks Desktop Management can run on user workstations using either the Novell Client or by using two other non-client modes:

It is assumed that in a Windows network environment, the Novell Client is not used on user workstations; therefore, you need to decide on the features you need in your network and configure ZENworks Desktop Management for your users in one of the non-client modes.

Application Browser View Mode

In this mode, a single Application Browser View is delivered when a user connects to IIS and opens the application page (myapps.html) provided by ZENworks Desktop Management. The Web view is automatically installed on the workstation if the user has rights to install applications locally.

The Application Browser mode can deliver applications to the workstation only when the user connects to a personalized application Web page. Dynamic local user account creation, hardware and software inventory, automated imaging services, and remote management capabilities are not included in this mode.

Full Desktop Management Agent Mode

In Full Desktop Management Agent mode, all of the Desktop Management components are installed on the workstation by an administrator, as part of an image, or by the user. By including all of the Desktop Management components in the Desktop Management Agent installation, you provide your users all of the capabilities that ZENworks Desktop Management has to offer.

If you want to create a Dynamic Local User account on the workstation, you can configure the Desktop Management Agent to prompt the user to log in to eDirectory prior to the local login to Windows. When the agent has this configuration, the user is prompted for an eDirectory user name and password (which should be the same as the Active Directory account, because the two accounts are being synchronized by Identity Manager 3), then ZENworks Desktop Management creates a local account on the workstation if one is not present and logs the user into Windows with the provided username and password.

If you do not require Dynamic Local User account creation, ZENworks silently passes Novell user credentials to Windows when the user logs into the workstation if that user already has an account on the workstation (the user does not need an account on the workstation if he or she is logging in to Active Directory and the workstation is part of the Active Directory domain). The Desktop Management Agent then connects to eDirectory using the provided username and password in order to distribute applications to the user.

NOTE:With the Desktop Management Agent installed on the workstation, you might still choose to deliver applications through the browser view only.

Minimum Software Requirements

ZENworks 7 Desktop Management with Support Pack 1 requires the following software in this sample Windows network:

  • Installed on one Windows Server 2003 (SRV-02) in a Windows domain:

    • Microsoft IIS Web Server

  • Installed on a second Windows Server 2003 (SRV-03):

    • Novell Client 4.91 SP2 (or higher) for Windows 2000/XP/2003, necessary for installing ZENworks (not otherwise installed in a Windows network)

      You can download the client from the Novell Download Web site.

    • The following software is available on The Novell ZENworks 7 with Support Pack 1 Companion 1 CD:

      • eDirectory 8.8 (or later)

      • Novell ConsoleOne 1.3.6e (or later) for managing ZENworks resources in eDirectory

      • Novell iManager 2.6 for configuring and administering the Identity Manager drivers.

    • The following software available on The Novell ZENworks 7 with Support Pack 1 Companion 2 CD

      • Novell Identity Manager 3 Bundle Edition to synchronize eDirectory resources with Active Directory

Identity Manager Engine and Drivers

The Identity Manager (IDM) engine provides the ability to synchronize eDirectory data with any outside data service. The IDM engine has several drivers that describe how output and input should be sent between data sources.

The driver for Active Directory is specifically designed to synchronize data between Novell eDirectory and Microsoft Active Directory. The synchronization is bidirectional; you determine whether information should flow to and from both directories, or whether information should flow only from one directory to the other.

Many Identity Manager drivers are available for installation on Windows Server 2003 for synchronization with other data sources such as PeopleSoft, JDBC, any LDAP directory, Lotus Notes, SAP HR, and WebSphere MQ. For information about other drivers, see the Novell Identity Manager Web site or the Identity Manager Drivers Guides.

IDM architecture uses a publisher/subscriber model. In this model, the publisher's responsibility is to place information into eDirectory while the subscriber places changes from eDirectory into the external, synchronized data source. The behavior of the publisher and subscriber and the attribute mapping are determined by a set of rules that are part of the driver. Drivers can be customized through XML rules to deliver nearly any data configuration you want.

For more details about how IDM can be configured, see the Novell Identity Manager 3 documentation Web site.

For information about licensing IDM 3, see Activating the Identity Manager 3 Bundle Edition.

Activating the Identity Manager 3 Bundle Edition

The Novell ZENworks 7 with Support Pack 1 Companion 2 CD includes Novell Identity Manager 3 Bundle Edition. For more information about activating the bundle, see Section D.0, Using Identity Manager 3 Bundle Edition for ZENworks 7 with SP1.

18.2.2 Installing ZENworks 7 Desktop Management with SP1 in a Windows Network Environment

When you install ZENworks in a Windows network environment/Active Directory test environment, you need perform the following tasks in order:

  1. Configuring a Test Lab

  2. Accessing Software on the ZENworks 7 with SP1 Companion CDs

  3. Installing the Novell Client

  4. Installing eDirectory

  5. Installing ConsoleOne

  6. Installing and Setting Up iManager 2.6

  7. Verifying the Viability of the Directory Tree

  8. Installing Identity Manager 3 Bundle Edition

  9. Configuring DirXML Drivers

  10. Installing Password Synchronization and Enabling Universal Password

  11. Finalizing DirXML Driver Configuration

  12. Verifying that eDirectory, DirXML, and Universal Password Are Working Properly

  13. Installing the Desktop Management Server

  14. Installing the ZENworks Middle Tier Server

  15. Installing ODBC Drivers for Sybase

  16. Deploying the Desktop Management Agent to User Workstations

Configuring a Test Lab

An actual enterprise environment might include many servers used for a variety of things, such as application execution, terminal services, and so on. This section uses the following small-scale Windows network configuration as a sample test lab environment:

  • A Windows Server 2003, to serve as the Active Directory Domain Controller of the ZENDEMO domain. This server is designated as SRV-01.

  • A Windows Server 2003 with the IIS Web Server also installed. The server also needs Novell eDirectory, the ZENworks Desktop Management Server, Novell iManager, and Identity Manager 3 Bundle Edition (including Password Synchronization) installed. This server is a member of the ZENDEMO domain. It is designated as SRV-02.

  • A Windows Server 2003, where the ZENworks Middle Tier Server is installed. It is designated as SRV-03.

  • A Windows XP Professional SP1a (or later) workstation, which will operate in the Desktop Management Agent mode (that is, where all components of the Desktop Management Agent are installed). This workstation is designated as WKS-01.

  • A Windows XP Professional SP1a (or later) workstation where the Application Browser View of the Novell Application Launcher is installed. This workstation is designated as WKS-02.

NOTE:This is a sample configuration only to be used as a test environment. For information about the server platforms and user workstations that are supported, see Section 8.0, Platform Support for the Desktop Management Infrastructure and Section 6.0, User Workstation Requirements.

Accessing Software on the ZENworks 7 with SP1 Companion CDs

As you set up ZENworks 7 with SP1 in a Windows network environment, you need to access the first two Novell ZENworks 7 with Support Pack 1 Companion CDs.

You can access the contents of the Companion CDs through the installation program. To do so, insert any Novell ZENworks 7 with Support Pack 1 CD into the CD drive of a Windows workstation. The installation program should run automatically. If it does not, run winsetup.exe from the root of the CD. Click Companion Programs and Files, insert the CD you are prompted for (if needed), then browse for the component you need on one of the two menu pages.

You need the following components from the Companion CDs:

  • Novell Identity Manager 3 Bundle Edition, available on the Novell ZENworks 7 with Support Pack 1 Companion 2 CD. The IDM 3 installation program (install.exe) is available on the Novell ZENworks 7 with Support Pack 1 Companion 2 CD in the \nsure identity manager 3 bundle edition\nt directory.

  • Novell eDirectory 8.8.1 for Windows Server 2003. The self-extracting .zip file (edir_88_win.exe) containing the eDirectory 8.8.1 installation program is available on the Novell ZENworks 7 with Support Pack 1 Companion 1 CD in the \novell edirectory for windows 2k directory.

  • Novell ConsoleOne 1.3.6e. The ConsoleOne installation program (c1.exe) is available on the Novell ZENworks 7 with Support Pack 1 Companion 1 CD in the \novell consoleone directory.

  • Novell iManager 2.6. The .zip file (iman_26_nw65_standalone.zip) containing the iManager 2.6 installation program is available on the Novell ZENworks 7 with Support Pack 1 Companion 1 CD in the \novell imanager\program files\installs\win directory.

Installing the Novell Client

We recommend that you install the latest Novell Client for Windows, which is available for download from the Novell Product Download web site

To download the client:

  1. Download the client self-extracting file to a temporary directory.

  2. In the temporary directory, double-click the file and specify the path where you want the files to be extracted.

    A specific directory structure will be created in the path you specify.

  3. Click Unzip and follow the on-screen instructions

To install the client, follow these instructions:

  1. Double-click setupnw.exe in the download_location\winnt\I386 directory.

  2. In the Novell Client license agreement dialog box, click Yes.

    (Conditional) If you do not agree with the terms of the license agreement, do not install the software. Click Cancel.

  3. Select Custom Installation, then click Next.

  4. Verify that only the client is selected on the modules list, then click Next.

  5. Verify that NMAS and NICI are selected and that NetIdentity is deselected, then click Next.

  6. Select IP Only and Remove IPX (if present), then click Next.

  7. Select NDS to instruct the client to default to using NDS connections, click Next, then click Finish.

  8. When the installation is finished, select Reboot.

Installing eDirectory

NOTE:The bundling of eDirectory 8.8.1 with ZENworks Suite 7 with Support Pack 1 constitutes a valid license; that is, when you license ZENworks, you also license eDirectory.

To start the eDirectory installation program for the SVR-02 server in your Windows network environment test system:

  1. Log onto the SVR-02 Windows Server 2003 as administrator and launch the eDirectory installation program from the Novell ZENworks 7 with SP1 Companion 1 CD (see Accessing Software on the ZENworks 7 with SP1 Companion CDs). The CD should autorun. If not, run winsetup.exe located at the root of the CD.

  2. Select Companion Programs and Files, select Novell eDirectory to launch a program that unpacks the eDirectory installation files into a specified directory, specify the c:\edir88 directory to unzip the files, then click Close when the files are extracted.

  3. Browse to the c:\edir88\nt directory and launch setup.exe, then click Install.

    The Novell eDirectory 8.7 Installation program.

  4. At the eDirectory Installation Welcome dialog box, click Next.

  5. Read the license agreement, then click I Accept if you agree with the terms of the license agreement.

    (Conditional) If you do not agree with the terms of the license agreement, do not install the software. Click Cancel.

  6. Select a language for the installation, then click Next.

  7. Click Next to accept the default installation path. If the path has not been created previously, the installation program prompts you for authorization to do so.

  8. Click Yes to create the new directory.

  9. Click Next to accept the default installation path for the location of a new Directory Information Base (DIB). If the path has not been created previously, the installation program prompts you for authorization to do so.

  10. Click Yes to create the new directory.

  11. Select Create a New eDirectory Tree, then click Next.

  12. Set up the access to the new tree and server.

    1. Specify a name for the new tree, such as ZENTREE.

    2. Specify a Server object context, such as SVR-02.SERVICES.ZEN.

      This document assumes that you are creating an Organization container in eDirectory named ZEN, an Organizational Unit container named SERVICES where SVR-02 will reside, and an Organizational Unit container named USERS where the Admin user object will reside.

    3. Specify the name of the Admin user object, such as Admin.

    4. Specify the password of the Admin user object, such as Novell, then click Next.

  13. On the HTTP Server Port Configuration page, accept the HTTP Stack Ports as default, because there will be no conflicting ports on this server, then click Next.

  14. On the LDAP Configuration page, specify which LDAP ports to use.

    The LDAP Configuration page of the eDirectory installation program.

    When Active Directory and eDirectory are installed on the same Windows server, you need to choose other LDAP ports, because eDirectory must not interfere with default Active Directory ports 389 and 636.

    1. Change the Clear Text Port number to 388, then change the SSL Port to 635.

    2. Deselect Require TLS for Simple Bind with Password to allow password synchronization to function, then click Next.

  15. Click Next to accept the default NMAS login method.

  16. Click Finish to complete the eDirectory installation.

    The eDirectory installation program performs the installation on the SRV-02 server. When the program completes successfully, click Close in the Success dialog box.

Installing ConsoleOne

When the eDirectory installation is complete, you need to manually install ConsoleOne on SRV-02.

  1. Insert the Novell ZENworks 7 with Support Pack 1 Companion 1 CD into the CD drive of SRV-02 (see Accessing Software on the ZENworks 7 with SP1 Companion CDs). If the CD does not autorun, run winsetup.exe from the root of the CD.

  2. Select Companion Programs and Files, then select Novell ConsoleOne.

  3. In the WinZip self-extractor dialog box, click Setup to launch the extraction and to start the ConsoleOne installation program.

  4. On the ConsoleOne Installation Wizard welcome page, click Next.

  5. Read the License agreement, then click I Accept if you agree with the terms of the License Agreement.

    (Conditional) If you do not agree with the terms of the license agreement, do not install the software. Click Cancel.

  6. Accept the default installation path, then click Next.

  7. Accept the default components for installation, then click Next.

  8. On the Additional Languages page, select any additional languages you want to install, then click Next.

  9. Read the JInfoNet Licensing Agreement page, then click I Accept if you agree with the terms of the license agreement.

    (Conditional) If you do not agree with the terms of the license agreement, do not install the software. Click Cancel.

  10. On the ConsoleOne Installation Summary page, click Finish to install ConsoleOne 1.3.6e on the SRV-02 server.

  11. On the ConsoleOne Installation Success page, click Close.

Installing and Setting Up iManager 2.6

The iManager 2.6 tool is required for configuring Identity Manager 3 drivers, which are used to synchronize Active Directory and eDirectory.

NOTE:We recommend that you install Novell iManager on a server where the Microsoft IIS Web server has already been installed. Although iManager can run on Windows 2003 servers without IIS installed, the absence of IIS requires that you install the Apache Web server with the Tomcat servlet.

When the eDirectory installation is complete, you can manually install and set up Novell iManager 2.6 on SRV-02.

  1. Insert the Novell ZENworks 7 with Support Pack 1 Companion 1 CD into the CD drive of SRV-02. If the CD does not autorun, run winsetup.exe from the root of the CD.

  2. Select Companion Programs and Files, then select Novell iManager.

  3. On the Novell iManager Installation Wizard welcome page, click OK.

  4. On the iManager Introduction page, click Next.

  5. Read the License agreement, click I Accept if you agree with the terms of the License Agreement, then click Next.

    (Conditional) If you do not agree with the terms of the license agreement, do not install the software. Click Cancel.

  6. On the Detection Summary page, make sure that the IIS Web server is already installed (version 6 on Windows Server 2003), visually check the other default values, then click Next.

    If the IIS Web server is not already installed, the iManager installation program installs the Apache Web server with the Tomcat servlet.

  7. On the Choose Install Folder page, accept the default on the installation path, then click Next.

  8. On the Get User and Tree Names page, fill in the fields:

    Username: Specify the username and context (for example, admin.users.novell) of the administrative account with which you will configure iManager and its modules.

    Tree Name: Specify the name of the eDirectory Tree that iManager will primarily manage, for example ZENTREE.

  9. On the Pre-Installation Summary page, click Install.

  10. On the Install Complete page, click Done to finish the iManager installation on the SRV-02 server.

Setting Up iManager for Launch

Use the following steps to complete the setup of iManager for launching:

  1. From the Windows desktop, double-click the Novell iManager shortcut to launch Internet Explorer and display the Getting Started with Novell iManager help page.

    The Novell iManager help page.

  2. In Internet Explorer, click Tools > Internet Options to open the Internet Options dialog box.

  3. From the Internet Options dialog box, click Security, click Trusted Sites, then click Sites to open the Trusted Sites dialog box.

  4. In the Add This Web Site to the Zone field of the Trusted Sites dialog box, specify the URL of SRV-02 (for example, http://server_IP_address), click Add, click Close, then click OK to open the iManager Login page.

  5. From the iManager Login page, make sure the Username, Tree Name or IP is supplied, then enter the user password to launch iManager.

  6. From the iManager Home page, click the View Objects icon, then click the Browse tab in the left pane to locate the tree (ZENTREE) and to verify that the Admin object and the server are present.

Verifying the Viability of the Directory Tree

When the installation of eDirectory and iManager is complete, verify that the tree is viable:

  1. Log in to eDirectory.

    1. From the Windows server desktop, right-click the red N in the taskbar and select NetWare Login.

    2. Type Admin in the Username field.

    3. Type novell in the Password field.

    4. Click Advanced to open the NDS page of the login dialog box.

    5. Type ZENTREE in the Tree field.

    6. Type USERS.ZEN in the Context field.

    7. Type SRV-02 in the Server field, then click OK to log in to eDirectory.

      The Novell Client login dialog box with Advanced NDS login configuration open.

  2. To verify that you are logged into the tree as Admin, right-click the red N in the taskbar, select NetWare Connections, verify that a resource is listed for ZENTREE and for the username (CN=Admin).

    The authentication state for this connection should be listed as Directory Services.

  3. Click Close to close the NetWare Connections dialog box.

  4. Create a shortcut on your server for c:\novell\nds\ndscons.exe.

    NDSConsole is a utility that lets you view the state of the eDirectory tree and the services that are running.

  5. Click the NDSConsole shortcut, then verify that at least ds.dlm and nldap.dlm are running.

You now have an eDirectory tree running on your Windows Server 2003.

Installing Identity Manager 3 Bundle Edition

When eDirectory is running and stable, you need to install Novell Identity Manager 3 Bundle Edition (IDM 3) with the proper drivers so that users can be synchronized between your Active Directory Domain and eDirectory.

Before you install IDM 3, make sure you read and understand the information included in Section C.0, Using the Identity Manager Bundle 2 Edition for ZENworks 7 Desktop Management.

IMPORTANT:Make sure that no ZENworks services are running on the Windows server when you install IDM 3.

  1. Log on to the SRV-02 Windows Server 2003 as administrator and into eDirectory as admin.

  2. Insert the Novell ZENworks 7 with Support Pack 1 Companion 2 CD into the CD drive of SRV-02, then use Windows Explorer to browse to the \nsure identity manager 3 bundle edition folder.

  3. Double-click setup.bat to launch the IDM 3 installation program.

  4. On the Identity Manager Welcome page, click Next.

  5. Read the License agreement, then click I Accept if you agree with the terms of the license agreement.

    (Conditional) If you do not agree with the terms of the license agreement, do not install the software. Click Cancel.

  6. On the Identity Manager Overview page, click Next twice.

  7. On the component selection page, select Novell Identity Manager Metadirectory Server, select Identity Manager Web Components, deselect Utilities, then click Next.

    The component selection page of the Novell Nsure Identity Manager Installation Wizard showing the DirXML Engine and Drivers option, and the DirXML Management Utilities option, and the Password Sync Agent option selected.

  8. On the Select Drivers for Engine Install page, click Clear All, select Metadirectory Engine, select Active Directory (in the Identity Manager Drivers list), then click Next.

    The Select Drivers for Engine Install page of the Novell Nsure Identity Manager Installation Wizard.

  9. (Conditional) On the Identity Manager Warning: Activation Notice dialog box, you are reminded to license Novell Identity Manager. Click Next.

    If you continue without activating the license, these components function only for a 90-day evaluation period. A license for the Metadirectory engine and Active Directory driver is included as part of the overall ZENworks 7 with SP1 license. If you choose not to activate the license, you can return and do so later.

  10. (Conditional) In the Password Synchronization Upgrade Warning dialog box, you are informed that older versions of Password Synch need to be upgraded. Read the information in the dialog box if applicable, then click OK.

  11. On the Schema Extension page, verify that the tree is appropriate (ZENTREE), type or browse to and select the fully distinguished name (DN) of the admin user and the user's password (admin user name is CN=admin,OU=Users,O=ZEN), then click Next.

  12. On the Select Components to Install page, retain the selected defaults, then click Next.

    The Select Components to Install page of the Novell Nsure Identity Manager Installation Wizard.

  13. Read the Summary page, then click Finish.

  14. In the Installation Complete dialog box, click Close for DirXML to finish the installation.

  15. Reboot the server to allow the drivers to be properly registered.

When you have finished installing the Novell Identity Manager 3 Bundle Edition, you must configure the Identity Manager drivers before synchronization can occur. For more information, see Configuring Identity Manager Drivers.

Configuring Identity Manager Drivers

When you have finished installing eDirectory and Identity Manager on the SRV-02 server, you need to configure the Identity Manager drivers to begin synchronization between Active Directory Domain and eDirectory.

  1. Log on to the SRV-01 server as the Active Directory administrator.

  2. Insert the ZENworks 7 with Support Pack 1 Companion 2 CD into the server's CD drive, browse to the nsure identity manager 3 bundle edition\nt\dirxml\utilities\ad_disc folder, then double-click admanager.exe to run the Active Directory Driver Preparation Tool.

    The main window of the Active Directory Driver Preparation Tool. Four fields are called out: Item 1 identifies the Account DN field, Item 2 identifies the Domain Controller field, Item 3 identifies the Domain DN field, and Item 4 identifies the Domain name field.

    1. Click Discover.

      The tool runs and discovers data for the fields on the tool window.

    2. In the Proposed DirXML Driver Account grouping of the tool window, locate the Password field, type the password, locate the Re-enter Password field, type the password again, then click Update.

    3. In the Create Account Notification dialog box, click OK.

    4. Copy and paste the Domain, Domain DN, Domain Controller, and Account DN into a text file, then save the file to the desktop so that you can have access to the data later.

      HINT:If you prefer, you can leave the tool running. You will then be able to retrieve (copy) this data directly from the tool one field at a time for pasting into the fields of another configuration tool. See Step 12 for more information.

    5. Click Done to close the Preparation tool.

  3. Complete the security setup for the DirXML account user.

    1. From the Windows desktop, click Start > Programs > Administrative Tools, then select Domain Controller Security Policy.

    2. In the Tree view, click Security Settings > Local Policies > User Rights Assignment.

    3. Double-click Log On As a Service > click Security > Add User or Group > Browse > Advance > Find Now.

    4. Select the user you created (ADDriver_zendemo), click OK, then click OK again in the three succeeding dialog boxes.

    5. Close the Domain Controller Security Policy.

  4. At SRV-02, extend the eDirectory schema to accommodate the new Active Directory driver.

    1. In the Windows Control Panel, double-click Novell eDirectory Services.

    2. In the Novell eDirectory Services dialog box, select install.dlm, then click Start.

    3. Click Install Additional Schema Files, then click Next.

    4. Type the eDirectory admin login name (admin), type the context (ZEN\Users), type the password (novell), then click OK.

    5. Browse to and select c:\novell\nds\dvr_ext.sch, then click Open.

    6. Click Finish to apply the schema.

    7. Click the close (X) button in the Novell eDirectory Services dialog box.

  5. At SRV-02, launch iManager, then click the Roles and Tasks icon Roles and Tasks icon in iManager to open the iManager Roles and Tasks pane of the main iManager page.

    Novell iManager main page with the Roles and Tasks pane open.

  6. From iManager, create a new organizational unit (OU) container under the ZEN organizational container, then name this OU container IDM3.

  7. In the Roles and Tasks pane, click Identity Manager Utilities, then click New Driver to open the Create New Driver Wizard.

    The Create New Driver Wizard pane opened on the main page of Novell iManager.

  8. On the Create Driver Wizard opening page, click In a New Driver Set, then click Next to open the Create Driver page.

    The Create Driver Wizard opened on the main page of Novell iManager.

  9. On the Create Driver page, fill in the fields:

    Name: Type a driver set name, for example ADDriverSet.

    Context: Browse to and select the IDM3 container.

    Server: Browse to and select the SRV-02 server.

  10. Click Next.

    The wizard creates the objects for the driver set, then displays the ADDriver Set page.

    The Create Driver Wizard opened on the main page of Novell iManager. The ADDriverSet subpage is also opened.

  11. Select Import a driver configuration from the server (.XML File), browse to and select Active Directory from the drop-down menu, then click Next to display the Page 1 of the Active Directory Driver Set in the Create Driver Wizard.

    The Create Driver Wizard opened on the main page of Novell iManager. The Active Directory Driver Set page is opened.

  12. Configure the driver parameters in the Create Driver Wizard:

    1. On Page 1 of the Create Driver Wizard, fill in the fields that are listed (visible by scrolling):

      Driver Name: Leave the name of the driver as the default.

      Authentication Method: Use the default value (Negotiate).

      Authentication ID: Type the AD Domain Name (NetBios) followed by a forward slash and the Driver Account User that was created (see Step 2.b). You can obtain the Driver Account User from the Account DN name you copied in Step 2.d. (Also see item 1 in the graphic referenced in Step 2.d).

      For example, enter ZENDEMO/ADDriver_zendemo on this line.

      Authentication Password: Use the same password used to create the Proposed DirXML Driver Account in the admanager.exe tool (see Step 2.b).

      Reenter the Password: Re-enter the password you used in the field above.

      Authentication Context: Copy and paste the Domain Controller name from the line items that you saved in a text file as you used admanager.exe (see Step 2.d and item 2 shown on the screen shot referred to in this step).

      Domain Name: Copy and paste the Domain DN name from the line items that you saved in a text file as you used admanager.exe (see Step 2.d and item 3 shown on the screen shot referred to in this step).

      Domain DNS Name: Copy and paste the Domain name from the line items that you saved in a text file as you used admanager.exe (see Step 2.d and item 4 shown on the screen shot referred to in this step).

      Driver Polling Interval: Specify the polling interval you want. In a lab environment, the interval should be set at approximately one minute. In a production environment, you should set the interval at approximately 15 minutes.

      Password Sync Timeout (minutes): Retain the default value (5 minutes).

      Driver is Local/Remote: Retain the default value (Local).

      Click Next to continue to Page 2 of the Create Driver Wizard.

      The Create Driver Wizard opened on the main page of Novell iManager. The Active Directory Driver Set page is opened.

    2. On Page 2 of the Create Driver Wizard, fill in the fields that are listed (visible by scrolling):

      Base Container in eDirectory: Specify the container where you want your users to be created and synchronized with Active Directory (for example, users.zen). You can browse for this container by clicking Browse. If you are going to mirror the Active Directory containers, this would be the top container in eDirectory.

      Publisher Placement: Select Flat or Mirror. If you choose Flat, all user objects coming from Active Directory are placed in the same container. If you choose Mirror, all user objects and containers are re-created in eDirectory.

      Base Container in Active Directory: Type the name of the base container in Active Directory. This is the container where you want users to be synchronized with eDirectory (for example, CN=Users,DC=zendemo,DC=com).

      Active Directory Placement: See the Publisher Placement field to choose your placement.

      Configure Data Flow: Retain the default value (Bi-directional).

      Password Failure Notification User: Leave the field blank.

      Configure Entitlements: Select No from the drop down list.

      Click Next to continue to Page 3 of the Create Driver Wizard.

      The Create Driver Wizard opened on the main page of Novell iManager. The Active Directory Driver Set page is opened.

    3. On Page 3 of the Create Driver Wizard, fill in the fields that are listed (visible by scrolling):

      Exchange Policy: Retain the default value (No).

      Group Membership Policy: Choose a method for assigning group membership in Active Directory. Set to None for the purpose of this lab.

      For more information, see the Group Membership Policy field in Configuration Parameters in Configuring the Active Directory Driver in the Novell Identity Manager Driver for Active Directory Implementation Guide.

      Click Next to continue to Page 4 of the Create Driver Wizard.

      The Create Driver Wizard opened on the main page of Novell iManager. The Active Directory Driver Set page is opened.

    4. On Page 4 of the Create Driver Wizard, fill in the fields that are listed:

      Name Mapping Policy Selection: Retain the default (Accept) displayed in the drop down list.

      Click Next to continue to Page 5 of the Create Driver Wizard.

      The Create Driver Wizard opened on the main page of Novell iManager. The Active Directory Driver Set page is opened.

    5. On Page 5 of the Create Driver Wizard, fill in the fields that are listed:

      User Principal Name Mapping: Retain the default (None) displayed in the drop down list.

  13. Click Next to launch the Security Equivalences page of the Create Driver Wizard.

    The Create Driver Wizard opened on the main page of Novell iManager. The Security Equivalences page is opened.

  14. Click Define Security Equivalences to launch the Security Equals window.

    The Security Equals window of the Create Driver Wizard.

  15. Click Add to launch the browser window, browse to and select the Admin.Users.ZEN user, add this user to the Selected Objects list, click OK, then click OK again.

  16. On the Security Equivalences page of the Create Driver Wizard, click Exclude Administrative Roles.

  17. In the Synchronization Exclusion window, click Add, browse to and select all users that are administrators of eDirectory, then click OK.

    This prevents the users from being created in the Active Directory domain and synchronized later.

    The Summary - Current Driver Configuration page of the wizard is displayed.

    The Create Driver Wizard opened on the main page of Novell iManager. The Summary - Current Driver Configuration page is opened.

  18. Click Finish.

Before the Identity Manager driver can run, you need to install the Password Synchronization software. For more information, see Installing Password Synchronization and Enabling Universal Password.

Installing Password Synchronization and Enabling Universal Password

Password Synchronization allows each user object automatically created in Identity Manager to have the same password as the corresponding user you created in Active Directory. This is necessary to allow for single login to both Active Directory and eDirectory when users log into their workstations.

Password Synchronization requires that platform-specific password policies are not in conflict with each other. Password policies that are in conflict prevents successful password synchronization. For example, if eDirectory passwords are required to be at least eight characters in length and Windows passwords have no length requirements, users could create shorter Windows passwords that would not be accepted by eDirectory. Password Synchronization does not override platform policies.

Identity Manager lets you generate an initial password for an account based on the account's attributes or other information available through Java services. For instance, you can generate a password based on a user's surname plus a four-digit number. Generating an initial password requires driver customization, but it is a good way for you to manage passwords when you provision an account through an existing personnel management toolset.

iManager lets you set an initial password when you create a user account if you select Assign NDS Password, then select Prompt During Creation. In this case, iManager sets the password before an account is associated in NT or Active Directory accounts. This prevents the initial password from being synchronized. Passwords are synchronized only after the first password change. To avoid this delay, you can do one of the following things:

  • Deselect Assign NDS Password During User Creation and assign the password later. A brief delay allows account associations to be completed.

  • Select Prompt User on First Login so that password setting is delayed until the account is actually used.

The Microsoft Management Console (MMC) lets you set an initial password on a user account by typing the password when you create the account. The password is set before Password Synchronization is able to associate an eDirectory account with the Active Directory account, so the Password Synchronization service is not able to update the eDirectory account immediately. However, the service will retry the password update and the account will be properly updated within several minutes.

To install Password Synchronization on your servers:

  1. Log in to the SRV-02 server as administrator, then log in to eDirectory as Admin.

  2. In iManager, click the Roles and Tasks icon Roles and Tasks icon in iManager, then in the left pane, click Passwords, click Password Policies, then click New to open the Password Policy Wizard.

  3. Configure the Password Policy.

    1. In the Policy Name field, enter a name for the policy (such as IDM UnivPassword), then click Next to display the Step 2 page of the wizard.

      Step 2 page of the Password Policy Wizard in Novell iManager.

    2. On the Step 2 page of the wizard, click View Options to open the password synchronization options.

      Step 2 page of the Password Policy Wizard with the password synchronization options displayed.

    3. Select Synchronize Simple Password When Setting Universal Password, then click Next.

    4. On the Advanced Password Rules page, click Next.

    5. On the Step 4 page of the wizard (Enable Forgotten Password Feature), retain the default (No), then click Next.

    6. Click Next twice to skip the Step 5 page and the Step 6 page of the wizard.

    7. On the Step 7 page of the wizard (Assign the Password Policy), select Browse to open the browse window, select the Users.ZEN container, click OK, then click Next to display the Step 8 page of the wizard (Summary of the Password Policy).

      Step 8 page of the Password Policy Wizard with the Password Policy Summary displayed.

    8. Click Finish, then click Close.

  4. From the Windows desktop, click Start > Settings > > Control Panel, then double-click DirXML PassSync.

  5. In the PassSynchConfig dialog box, click Yes for the question “Is this machine where the DirXML Driver is configured to run?”

    The Password Synchronization dialog box is displayed.

    The Password Synchronization dialog box.

  6. In the Password Synchronization dialog box, click Add.

    The Password Synchronization - Add Domain dialog box is displayed.

    The Password Synchronization - Add Domain dialog box.

  7. In the Password Synchronization - Add Domain dialog box, open the drop-down list in the Domain field, select ZENDEMO from the list, then click OK.

    Do not add information to the Computer field.

  8. In the PassSyncConfig dialog box, click Yes.

  9. Select the Domain DNS Name, then click Filters to display the Password Filters dialog box.

    The Password Filters dialog box.

  10. In the Password Filters dialog box, select the Domain Controller name, then click Add.

    This option copies files to the Domain Controller. After the copy is complete, the status changes to “Installed - Needs Reboot.”

  11. Click Reboot, then wait until the server reboots and the dialog box shows that it is running, then click Refresh after SRV-01 restarts (if the status has not changed).

  12. Click OK, then click OK again.

  13. Reboot the SRV-02 server to complete the installation.

Finalizing DirXML Driver Configuration

When you have installed and configured both the DirXML drivers and the PasswordSync driver, you need finalize the configuration so that these drivers start automatically and function properly. Use the following steps to finalize the configuration:

  1. Log on to the SRV-02 server as administrator.

  2. From the Windows Server 2003 desktop, click Start > Settings > Control Panel > Novell eDirectory Services to open the Novell eDirectory Services dialog box.

    The Novell eDirectory Services dialog box.

  3. Click Services, select the dstrace.dlm service, then click Start to display the Novell eDirectory Trace window.

    The Novell eDirectory Trace window.

  4. In the Novell eDirectory Trace window, click Edit > Options to open the Novell eDirectory Trace Options dialog box.

    The Novell eDirectory Trace Options dialog box.

  5. On the Events page of the dialog box, click Clear All, select DirXML, select DirXML Drivers, then click OK.

    Make sure you leave the Novell eDirectory Trace window open.

  6. Launch iManager, then click the server link to log in as Admin.

  7. In iManager, click the Roles and Tasks icon Roles and Tasks icon in iManager to open the Roles and Tasks left pane, click Identity Manager, then click Identity Manager Overview to open the Identity Manager Overview utility in the right pane.

    The DirXML Overview utility in Novell iManager.

  8. In the Identity Manager Overview utility, select Search Entire Tree, then click Search to open the Active Directory- eDirectory configuration page.

    The Active Directory - eDirectory configuration page of the DirXML Overview utility in Novell iManager.

  9. Click the Roll-over icon icon to open a menu options list, then select Start Driver.

    When you start the driver, the Novell eDirectory Trace window displays red messages as errors, yellow messages as warnings, and green messages as successful processes. Although there might be initial errors and warnings, the final message should be green and the status shown as Success for the Active Directory DirXML log event.

    When the driver is running successfully, the Roll-over icon icon changes to the Driver Active icon. icon.

  10. Click the Driver Active icon. icon, then select Edit Properties to open the Modify Object window.

    The Modify Object window of the DirXML Overview utility in Novell iManager.

  11. (Conditional, if a Certificate Authority has not been installed on your network). In the Modify Object Window, select the Identity Manager tab, click Driver Configuration, scroll to the Authentication Options section of the window, then, in the Use SSL for encryption field, select Yes in the drop-down menu.

    A certificate must be enabled in Active Directory for SSL configuration to work in the driver.

  12. In the Modify Object window, select the Identity Manager tab, click Driver Configuration, scroll to the Startup Option section of the window, select Auto Start, then click OK.

    A message dialog box displays the question, “Do you want to restart the driver to put your changes into effect?”

  13. Click OK in the message dialog box to restart the driver.

  14. Roll your mouse pointer over the Driver Active icon. icon to reveal the status message: “Driver is Running.”

  15. (Conditional) If it is not already open (see Step 2), open the Novell eDirectory Services dialog box, then verify that dirxml.dlm is running.

Verifying that eDirectory, DirXML, and Universal Password Are Working Properly

To verify that eDirectory, DirXML, and Password Synchronization are working properly in your environment, you need to create a few users in Active Directory to verify that they are automatically created in eDirectory with the proper passwords.

  1. Log on to server SRV-01 as the administrator of the Active Directory Domain.

  2. Launch the Active Directory administration tool and create a test user in Active Directory

    Example: TestUser1@zendemo.com

  3. Log in to SRV-02 as the administrator of the domain and as admin in eDirectory.

  4. Open iManager, then verify that TestUser1 has been created in the administered container.

    You might need to wait for a synchronization cycle to complete before the user is listed in eDirectory.

  5. Log in to eDirectory as TestUser1, verify that the password is the same as the one given in Active Directory, then verify that you successfully authenticated to eDirectory.

    Another synchronization cycle might be necessary before the password is updated.

  6. For completeness, create a user in eDirectory (using iManager while logged in as Admin), then verify that the user is now in the domain and that you can log in to the domain as that user using the password you specified in eDirectory.

    The default synchronization rules do not create an Active Directory user until the full name attribute field is populated in eDirectory. Check this in iManager > Roles and Tasks > Users > Modify > User_object > General > Identification > Full Name.

    IMPORTANT:If the password still fails to work for an eDirectory user being synchronized to Active Directory, see TID 10092646 and TID 10092822 in the Novell Knowledgebase for information on how to correct the issue.

Installing the Desktop Management Server

Although you might not choose to install all of these components, this section explains the installation procedure for each of them.

Use the following steps to install the Desktop Management Server onto SRV-02 server, where you previously installed eDirectory.

  1. Log on to the SRV-02 server as administrator, then log in to eDirectory as Admin.

  2. At a Windows workstation, insert the Novell ZENworks 7 Desktop Management CD.

    The winsetup.exe program will autorun. If it does not autorun, launch it from the root of the CD.

    If you run the installation from a directory location where you have copied the ZENworks Desktop Management ISO files, make sure that all of these files are copied to the same location from which you are running winsetup.exe.

    In this situation, the installation program notifies you that it might not run properly. This is because the options you choose during the installation might require a CD swap.

    IMPORTANT:If you remove the Novell ZENworks 7 Desktop Management CD from the CD drive during the installation, or if you lose your connection to the server you are installing to, the installation program stops and does not proceed. To terminate the installation process, open the Windows Task Manager click Processes, select javaw.exe, then click End Process.

    Screen shot of the opening page of the ZENworks installation program, showing the general installation options.

  3. Click Desktop Management to display a page with options to install in various languages.

  4. Click English to display a page with Desktop Management installation options.

    The ZENworks 6.5 Desktop Management Installation menu.

  5. Click Desktop Management Services to launch the Desktop Management Server installation wizard.

  6. On the first Installation page, read the details about running the installation program, then click Next.

  7. Read the License agreement, then click Accept if you agree with the terms of the License Agreement.

    (Conditional) If you do not agree with the terms of the license agreement, do not install the software.

  8. On the Installation Requirements page, read the requirements for installing the Desktop Management Server software, make sure that the server where you plan to install meets the listed requirements, then click Next.

  9. On the Tree Selection page, type or browse to the name of the Novell eDirectory tree on the SRV-02 server (ZENTREE). If you have not already extended the schema for this installation (see Section 9.1.1, Extending the Schema Before the Installation), select Extend Schema to extend the schema on the tree where you will be installing Desktop Management Server software, then click Next.

    You cannot install Desktop Management Server software on multiple trees at the same time.

    The Tree Selection page of the ZENworks Desktop Management Server Installation wizard.

    You need to extend the schema on a tree only once. You can authenticate to a tree by clicking the Login button and entering a user ID and password with the appropriate rights.

  10. On the ZENworks Desktop Management Licensing page, specify the license code that was e-mailed to you as part of the SmartCert product registration package.

    The ZENworks Desktop Management Licensing page of the Desktop Management Server Installation Wizard.

    If you do not specify a license code on this page, the wizard considers this installation of ZENworks Desktop Management to be an evaluation version. If you install for an evaluation, you are periodically reminded to license the product. After 90 days, the product evaluation version no longer functions.

  11. On the Server Selection page, click Add Servers to browse to the SRV-02 server.

    You can select servers only from the ZENTREE tree. You can install to up to 7 servers at a time.

    1. (Optional) In the Add Servers dialog box, you can list servers by their eDirectory tree names. To install to a server, select eDirectory Trees, browse to and click the name of the SRV-02 server, click the right-arrow button to move your selected servers to the Selected Servers list, then click OK.

      If you want to add a Windows server that you might not be authenticated to, you can double-click the server icon to display a dialog box where you can enter credentials to allow for Windows authentication.

    2. (Optional) In the Add Servers dialog box, you can specify the hostname or IP Address of a server in the Add Server Via Hostname/IP Address field. The value that you provide must be resolvable to the name of a server.

      Click Button used to accept the resolveable IP or Hostname you enter for a server. to begin the name resolution process and add the server to the Selected Servers list.

  12. On the now-populated Server Selection page, you can further specify the services you want to install for the Desktop Management components you previously selected, then click Next to save your settings.

    The list of settings includes the following:

    Local Workstation: Even though the ConsoleOne 1.3.6 installation program lets you install ConsoleOne files to a local hard drive (minor performance enhancements can be achieved by doing so) such an installation does not include the Desktop Management Services snap-ins.

    You have the option of installing Desktop Management Services snap-ins to your local workstation by selecting Desktop Management Service Snap-ins under the Local Workstation option. ConsoleOne must be installed on the workstation before the snap-ins can be added.

    Desktop Management Services: Desktop Management Services (collectively referred to as the “Desktop Management Server”) are commonly used files and programs that enable the configuration and distribution of workstation applications and policies. These services provide automatic management of Windows applications, user and workstation configurations, processes, and behaviors.

    • Application Management: Select this option to install software that enables the automated distribution, healing, and tracking of applications, updates, and patches.

    • Workstation Management Common Components: Select this option to install workstation-resident modules that are used to authenticate the user to the workstation and network, and used to transfer configuration information to and from eDirectory.

    • Remote Management: Select this component to install files and programs that enable the remote management of workstations from a central console. Make sure that the selected servers do not have the ZENworks for Servers 3.0.2 (or earlier) Remote Management component already installed.

    Additional Options: If you want to customize your deployment of Desktop Management Services, there are a number of services to choose from, each with a specialized purpose.

    • Desktop Management Database: Select this option if you want to install a network database to be used by the Novell Application Launcher as a repository for data about application events (install, launch, cache, and so forth) that have occurred.

    • Inventory Database: Select this option if you want to install a network database to be used by Workstation Inventory as a repository for hardware and software inventory information collected from inventoried workstations.

      IMPORTANT:If you want to use the Inventory database with an existing Oracle or MS SQL setup, do not select this option during the Server Inventory installation. Follow the steps in Setting Up the Inventory Database in the Novell ZENworks 7 Desktop Management Administration Guide.

    • Inventory Server: Select this option if you want to install files and programs to enable the gathering and viewing of hardware and software inventory information for managed workstations.

      If the selected servers have the Server Inventory component of ZENworks for Servers 3.0.2 or earlier installed, you must upgrade the component to ZENworks 7 Server Management.

    • Inventory Proxy Server: Select this option if you want to install a proxy service that enables the roll-up of inventory scan data to an Inventory server located across a network firewall. Make sure that the selected servers do not have the ZENworks for Servers 3.0.2 (or earlier) Inventory component already installed.

    • Imaging Server: Select this option if you want to install a Linux imaging environment to be used to create, store, send, or restore workstation image files to a workstation.

      IMPORTANT:You should install the Imaging Server service and the PXE Server service on the same server; do not install the PXE Server service separately.

    • PXE Server: Select this option if you want to install Preboot Execution Environment (PXE) protocols and programs to be used by the server to communicate with a PXE-enabled workstation and to enable sending imaging tasks to that workstation.

      When you install Preboot Services, one of the components that is installed is the Proxy DHCP server. If the standard DHCP server is on the same server where you are installing the Proxy DHCP server, you must set option tag 60 in DHCP services.

      IMPORTANT:You should install the Imaging Server service and the PXE Server service on the same server; do not install the PXE Server service separately.

    • Workstation Import/Removal Server: Select this option if you want to install files and programs that add workstation objects into eDirectory (or remove those already added), where they can be managed to receive applications or computer settings.

    • Desktop Management Services Snap-Ins: Select this option if you want to install additions to ConsoleOne to enable you to launch Desktop Management tools and utilities, to view Desktop Management object property pages in eDirectory, and to browse and configure those objects.

    You can perform a “custom selection” by selecting one or more servers and right-clicking to display a pop-up menu with options to add Database Services, Inventory Services, or Imaging Services to all of the servers you have selected. The Default option returns the selections to their initial state. The Custom selection launches another dialog box that you can use to select specific components for all of the selected servers. This selection overrides any other selections you have made.

  13. (Optional) Prerequisite Check is selected by default. Retain the selection if you want the installation program to verify that the server or servers meet the installation requirements for ZENworks Desktop Management Services. The installation program checks the version of the server's network operating system (including any required service or support packs), the presence and version of the Novell Client (4.9 SP1a) on Windows servers and on the installing workstation, and the presence and version of ConsoleOne (1.3.6).

    If the server operating system and support/service packs are not the correct version, the installation displays a warning message, and does not continue. The installation displays a warning and does not continue until the required software is installed and detected or until you deselect the check box.

  14. (Optional if Workstation Inventory or Remote Management is selected.) On the File Installation Location page, select one or more target servers in the Selected Servers list, then browse for or type the volume or drive where you want the Workstation Inventory or Remote Management files to be installed. The default is C: for Windows servers.

    If a previous installation of ZENworks 7 Workstation Inventory or Remote Management component is detected on the machine, the existing path is displayed and dimmed. The current installation installs all the files in the same path.

  15. (Optional) The Database Location Installation page is displayed if you choose to install the Inventory database or the Desktop Management database. Select a previously designated server in the left pane, then in the Database Path field, browse for or type in the name of the volume or drive where the database file will be installed, then click Next.

    You can provide a different drive for each database server. However, you cannot have multiple instances of the database files on the same server because you can run only one instance of the database engine per server.

  16. (Optional) The Inventory Standalone Configuration page is displayed if you choose to install the Inventory Server and the Inventory Database on the same server. If you want the installation program to automatically create the Server Package and to start the Inventory Service on the server, configure the settings on the Inventory Standalone Configuration page.

    Select Configure Standalone, select the server or servers that you want to point to a common Database Location Search Policy, type in the name or browse to the tree container where you want to create and configure the Server Package containing this policy, then click Next.

  17. (Optional) On the Inventory Proxy Service Configuration page, select the server or servers with a port you want to designate as one to allow XMLRPC requests pass through to the Inventory Proxy service, then in the Proxy Port field, designate the port you want to use.

    You can configure the same port number for all servers by selecting all of them, or you can define the values individually by selecting the servers one at a time. If you want to change the Port 65000 default, specify a value between 0 and 65535. Ensure that the port number is not used by other services on the server.

  18. On the Summary page, review the list of components and their parts that are to be installed. If the summary is correct, click Finish to launch the installation program.

    You can click Back as many times as necessary to make changes.

    If you click Cancel, no installation information is saved.

    You can review the installation log file after the installation has completed. The log file name is datestamp_timestamp_zdmserver_install.log (for example: 20040304_024034_zdmserver_install.log). It is located in the \novell\zfdtemp directory on the machine you are installing from. This log file indicates whether any component failed to install.

    You can also review the installation summary to review the selections you made. The summary is saved in a log file named datestamp_timestamp_zdmserver_installsummary.log (for example: 20040304_024034_zdmserver_installsummary.log). It is also located in c:\novell\zfdtemp.

  19. In ConsoleOne, select the tree where you installed the Desktop Management Server software, then right-click the LDAP Group > click Properties > General > select Allow Clear Text Passwords.

    If you use ConsoleOne 1.3.6e, Require TLS For Simple Binds With Password must be deselected in the LDAP Group object for each server acting as the Authentication Domain for a ZENworks Middle Tier Server. If you need to set this parameter after you have installed the Desktop Management Server, make sure you reboot the ZENworks Middle Tier Server after you change the setting.

    If you are installing to Windows servers in an Active Directory domain, configure the LDAP Group object for servers that are to be used as Authentication Domains to use an alternate port number, because Active Directory will use ports 389 and 636.

    If you have already installed the ZENworks Middle Tier Server, you need to reboot the ZENworks Middle Tier Server so that it recognizes the change to LDAP clear text passwords at the Desktop Management Server.

Installing the ZENworks Middle Tier Server

To deliver Desktop Management features through an Internet browser, you must install the ZENworks Middle Tier Server. In this deployment scenario, you install the software on SRV-02, where the Microsoft IIS Web server has already been installed. The Middle Tier Server installation program requires the presence of the Novell Client on the installing workstation or server, so you must first install the Novell Client on the SRV-03 server and then install the ZENworks 7 Middle Tier Server on the same server. You can download the Novell Client (version 4.90 SP1a or later) from the Novell downloads Web site.

When the client has been installed, you can use the following procedure to install the Middle Tier Server:

  1. Log on to SRV-03 as local workstation administrator of the server.

  2. Insert the Novell ZENworks 7 Desktop Management CD.

    The winsetup.exe program autoruns. If it does not autorun, launch the program from the root of the CD.

    If you run the installation from a directory location where you have copied the ZENworks Desktop Management ISO files, make sure that all of these files are copied to the same location from which you are running winsetup.exe.

    In this situation, the installation program notifies you that it might not run properly. This is because the options you choose during the installation might require a CD swap.

    IMPORTANT:If you remove the Novell ZENworks 7 Desktop Management CD from the CD drive during the installation, or if you lose your connection to the server you are installing to, the installation program stops and does not proceed. To terminate the installation process, open the Windows Task Manager, click Processes, select javaw.exe, then click End Process.

    Screen shot of the opening page of the ZENworks installation program, showing the general installation options.

  3. Click Desktop Management to display a page with options to install in various languages.

  4. Click English to display a page with Desktop Management installation options.

    The ZENworks 6.5 Desktop Management Installation menu.

  5. Click Middle Tier Server to launch the Middle Tier Server installation program.

  6. On the first Installation page, read the details about running the installation program, then click Next.

  7. Read the License agreement, then click Accept if you agree with the terms of the License Agreement.

    (Conditional) If you do not agree with the terms of the license agreement, do not install the software.

  8. On the Installation Requirements page, read the requirements for installing the Middle Tier Server software, make sure that the server where you plan to install meets the listed requirements, then click Next.

  9. On the eDirectory Location and Credentials page, fill in the fields:

    The Primary eDirectory Location and Credentials page of the ZENworks Middle Tier Server Installation wizard.

    DNS/IP Address: Specify the DNS name or IP address of the SRV-02 server, where eDirectory is installed.

    Username (full DN): Specify the fully-qualified distinguished username of the Middle Tier proxy user account (for example,admin.users.zen). To ensure that these credentials remain secure, you can set up an arbitrary user with specific administrative rights.

    For a description of the required rights, see Section 10.3, Required Rights for the Middle Tier Proxy User Account and the NSAdmin Utility.

    Password: Specify the eDirectory password for the Middle Tier proxy user.

  10. On the ZENworks User Context page (Users Context field), specify the eDirectory context where the Middle Tier Server can look for user objects to be used by Desktop Management. For this example, the context is Users.

    You should use the context of the highest-level container where user objects reside. This value is passed to the ZENworks Middle Tier Server, which uses it as a starting point in searching for a user.

    For any Middle Tier Server you designate during this installation, currently configured authentication domains (for example, the authentication domain configured for NetStorage) are replaced by a single authentication domain with the context that you specify here.

    After the installation, you can reconfigure this authentication domain context using the NSAdmin utility. You can open the utility in a Web browser (http://srv-02/oneNet/nsadmin).

    The installation program verifies the existence of the context (that is, the container) before continuing.

  11. On the ZENworks Files Location page, select the network location where you will access application and policy files managed by ZENworks.

    The ZENworks Middle Tier Server requires access to ZENworks files installed elsewhere on your network. As the ZENworks Administrator, you define the location of these files when you create policies or applications for distribution. The information you provide on this page is used to help the Middle Tier Server determine how to access different file systems. This decision is necessary for the installation now, even if you have not yet created any ZENworks files.

    • Select the first option button if your ZENworks-managed application and policy files will be located on NetWare servers only.

    • Select the second option button if some or all of your ZENworks-managed application and policy files will be located on Microsoft Windows servers.

    If your ZENworks files will be located in a Windows file system, the Middle Tier Server might not be able to access them using a username and password for Novell eDirectory; instead, it requires Windows domain credentials to access the files.

    If the files are located on a server not belonging to a domain, enter server-specific credentials.

    Domain Username

    Specify the username of any user in the Microsoft domain who has Windows file system rights to the ZENworks file locations.

    Password

    Specify the password for the user in the Microsoft domain who has file system rights to ZENworks files.

    Confirm Password

    Specify the same password to confirm that it was entered correctly.

    The ZENworks Files Location page of the ZENworks Middle Tier Server Installation wizard.

  12. On the Server Selection page, you need to build a list of target servers that you want to function as Middle Tier Servers. The Add Servers button calls a dialog box that is used to find and add servers to the list. The Remove Servers button lets you delete servers from the target list after they are added. Click Add Servers.

    The Server Selection page of the ZENworks Middle Tier Server Installation wizard.

  13. (Optional) Prerequisite Check is selected by default. Retain this selection if you want the installation program to verify that the server or servers meet the installation requirements for ZENworks Middle Tier Servers.

    The installation program checks the version of any previously installed Middle Tier Server software, the server's network operating system (including any required service or support packs), the presence and version of the IIS Web server on Windows servers, the presence and version of the appropriate Web server on NetWare servers, and the presence and version of NetStorage (2.6.0) on target servers.

    If the server operating system and support/service packs are not the correct version, the installation displays a warning message, but can continue. If other requirements are not met, the installation displays a warning and does not continue until the required software is installed and detected.

  14. In the Add Servers dialog box, open the List Servers By drop-down list to show the options of listing the servers according to their location in Novell eDirectory trees, in Microsoft Windows Network structures, or in Microsoft Active Directory trees.

    You can install the ZENworks Middle Tier Server software to several servers during the installation. When you have finished adding servers to the list, click OK.

    Both the Desktop Management Server installation program and the Middle Tier Server installation program allow you to select servers from only one eDirectory tree. If you run either of these installation program from a Windows server and if that server is not part of the tree you have selected, you cannot install the Desktop Management Server locally.

    1. (Conditional if you want to list servers in Microsoft Windows Network structure.) In the List Servers By drop-down list, select Microsoft Windows Network to list all of the Windows Workgroups and Microsoft Domains to which you are currently authenticated, browse the structure to the server of your choice, then click the double right-arrow to move it to the Selected Servers list box.

      The Add Servers dialog box called from the Server Selection page of the ZENworks Middle Tier Server Installation wizard. The dialog box shows the Microsoft Domain option in the List Servers By drop-down list.

      Other options in this dialog box include the following:

      • You must be an administrative user for a server in order to add it to the Selected Servers list. If you are not authenticated to a server, the object is designated by a question mark. You can double-click the question mark to authenticate to the server, then click the double-right arrow to move the server to the Selected Servers list, provided it is a supported server platform for ZENworks 7 Desktop Management.

      • When you list servers in Microsoft domains, NetWare servers are not listed for browsing because ZENworks files that are located on a Windows server cannot be obtained through a Middle Tier Server installed on NetWare.

      • You can specify the hostname or IP Address of a server in the Add Server Via Hostname/IP Address field. The value that you enter must be resolvable to the name of a server located in the designated operating environment.

        Click Button used to accept the resolveable IP or Hostname you enter for a server. to begin the name resolution process and add the server to the Selected Servers list.

        If you are using multiple hostname aliases for a Windows server, the first alias must be the physical name of your Windows server.

      • If the credentials you provided for authentication to the server (see Step 11) are not administrative credentials, you can add it as a target server, but you are re-prompted for Administrative credentials when you close the Add Servers dialog box.

      • Click Add All Servers to add all of the servers in a selected domain or workgroup. Selecting a domain or workgroup selects all of the authenticated servers in that domain or workgroup.

      • To remove a server from the Selected Servers list and return it to the Available Servers list, click the server name in the Selected Servers list, then click the double left-arrow. You can remove multiple servers from the Selected Servers list by selecting them with the Shift and Ctrl keys.

    2. (Conditional if you want to list servers in a Microsoft Active Directory.) In the List Servers By drop-down list, select Microsoft Active Directory. If your workstation is a member of an Active Directory, the domains in the Active Directory trees are displayed. You can browse to all of the servers listed in Active Directory (on a per domain basis), browse the structure to the server of your choice, then click the double right-arrow to move it to the Selected Servers list box.

      The Add Servers dialog box called from the Server Selection page of the ZENworks Middle Tier Server Installation wizard. The dialog box shows the Active Directory option in the List Servers By drop-down list.

      Other options in this dialog box include the following:

      • You can also click Browse Unlisted Tree to open a dialog box where you can specify the name of the domain you want to add, then authenticate to it with the proper credentials prior to displaying its servers in the List Servers By drop-down list.

        Authentication dialog box displayed after clicking Browse Unlisted Tree, an option available in the Microsoft Active Directory mode of Adding Servers for the Middle Tier Server installation.

      • You can specify the hostname or IP address of a server in the Add Server Via Hostname/IP Address field. The value that you enter must be resolvable to the name of a server located in the designated operating environment.

        Click Button used to accept the resolveable IP or Hostname you enter for a server. to begin the name resolution process and add the server to the Selected Servers list.

      • Right-click a domain object to select one of three search methods:

        Search Standard Locations: Lists the computers and domain controllers at the root of the domain. This is the default search method.

        Search Entire Directory: Lists all directory containers where computers are located.

        Browse Directory Hierarchy: Lists all of the containers in the directory, which you can expand and browse one at a time to find the computer you want. This search method might be useful if you have computers in a non-standard location of a large directory.

      • Click Add All Servers to add all of the servers in a selected domain or container. Selecting a domain or container selects all of the servers in that domain or container.

      • To remove a server from the Selected Servers list and return it to the Available Servers list, click the server name in the Selected Servers box, then click the double left-arrow. You can remove multiple servers from the Selected Servers list by selecting them with the Shift and Ctrl keys.

  15. On the Summary page, review the location where you have chosen to install the ZENworks Middle Tier Server software and the Desktop Management Server to which it is associated, then click Finish to begin the installation process if the summary is correct.

    The Middle Tier Server Installation Wizard launches another installation program. Wait until this program is completed.

    IMPORTANT:You can review the installation log file after the installation has completed. The log file name is datestamp_timestamp_zdmmidtier_install.log (for example: 20040304_024034_zdmmidtier_install.log). It is located in the \novell\zfdtemp directory on the machine you are installing from. This log file indicates whether any component failed to install.

    You can also review the installation summary to review the selections you made. The summary is saved in a log file named datestamp_timestamp_zdmmidtier_installsummary.log (for example: 20040304_024034_zdmmidtier_installsummary.log). It is also located in c:\novell\zfdtemp.

  16. In ConsoleOne pointing to eDirectory on the Desktop Management Server, make sure you have set up the Desktop Management Server to allow clear text passwords.

  17. Reboot the server where you installed the ZENworks Middle Tier Server software.

  18. Verify that the ZENworks Middle Tier Server is installed and running by entering one of the following URLs at a browser on the workstation:

    http://srv-02/oneNet/xtier-stats

    http://srv-02/oneNet/zen

    If the ZENworks Middle Tier Server is running, the first URL opens a Web page where server statistics are displayed. You should be able to see where the request count increases by clicking the Refresh button on your browser.

    The second URL launches a dialog box that prompts for user credentials.

  19. At a network browser, enter http://srv-02/oneNet/nsadmin and log in as the Admin user to eDirectory to change the LDAP ports to match those you changed in Step 14.a in Installing eDirectory.

    Because eDirectory and Active Directory are installed on the same network server, you might not be able to log in to eDirectory. If this is the case, go to the registry of the server where the ZENworks Middle Tier is installed, then change the LDAP Port DWord value of the HKLM\Software\Novell\Xtier\Configuration\Xsrv registry key to the port you specified in Step 14.a in Installing eDirectory.

Installing ODBC Drivers for Sybase

Before running the inventory reports, review the following:

  • Make sure that the appropriate ODBC client for Sybase, Oracle, or MS SQL is installed on the machine running ConsoleOne. The ODBC driver is automatically configured on the machine when you invoke the Inventory report.

    To install the ODBC driver for the Sybase database,

    • 1. In the Novell ZENworks 7 with Support Pack 1 Companion 2 CD, open the \database drivers directory
    • 2. Follow the instructions in the odbcreadme.txt file in the \database drivers directory. The information helps you to set up the address of the Sybase database and verify that you can make a connection

    For Oracle, you must install the appropriate client for ODBC. For example, for Oracle9i Inventory database, install the Oracle9i client because Inventory reports are not compatible with either the older or the later version of the client.

    For MS SQL, the client is available on all Microsoft Windows operating systems.

  • Make sure that at least MDAC 2.6 SP1 (Microsoft Data Access Component) is installed particularly on a Windows NT machine for running Crystal Reports. Check the version of MDAC on your box, select Control Panel > ODBC Data sources > the About tab pane. The minimum version required is 3.520.7326.0. If the version you have does not match the minimum requirement, you need to upgrade the ODBC core components by downloading them from the Microsoft Download Center.

Deploying the Desktop Management Agent to User Workstations

When ZENworks 7 Desktop Management with SP1 is running in a Windows server environment., you need to install the Desktop Management Agent onto user workstations and begin to use the Desktop Management features to manage those workstations.

The Desktop Management Agent Distributor facilitates the initial deployment and future upgrades of the ZENworks Desktop Management Agent through the use of Microsoft domains and Microsoft Active Directory. The Agent Distributor uses Microsoft domains and Active Directory when selecting target workstations and during deployment of the Desktop Management Agent to those same target workstations.

For more information about using the Desktop Management Agent Distributor to deploy the Desktop Management Agent to workstations in your Windows network, see Section 12.5, Using the Desktop Management Agent Distributor to Deploy the Agent to Workstations in a Microsoft Domain.