Novell ZENworks 11
Previously available as four standalone products, Novell's ZENworks 11 is billed as an integrated 'single pane of glass', bringing together all of the tools needed to manage and secure network endpoints (effectively desktop PCs and servers) using just a single console and one, distributed, agent. Identity and location awareness features have also been added, to manage devices based on where they are and who's using them, with added facilities to manage power settings and patch both Windows and Linux systems in this new release.
Given the aims of ZENworks, it comes as no surprise to discover that it's a very large and complex application designed for enterprises with hundreds or thousands of users, rather than small businesses. That said, it's also a very modular solution, with the four constituent products retaining their individual identities and available independently to mix and match as required.
The principal component is ZENworks Configuration Management which, as the name implies, can be used to remotely identify, configure and lock down both server and desktop settings. ZENworks Endpoint Security Management adds tools to do things such as configure firewall setups, limit access to particular hardware and software, force the use of VPN connections for remote connectivity and so on. ZENworks Patch Management looks after the distribution and installation of updates, while ZENworks Asset Management helps network managers keep track of hardware and software assets and manage software licences.
That's quite a lot to get to grips with — and, as we found out, it's quite time consuming to get up and running.
Installing ZENworks 11
To install the Novell software you need at least one server, running either Windows Server or SUSE Linux (either 32-bit or 64-bit in both cases); a ready-to-run SUSE-based virtual appliance is also available. You need a database to hold the ZENworks management information, and we went for the embedded Sybase SQL Anywhere server that's included with the product. This is a reasonably scalable solution, but large customers will probably prefer to connect to an existing database server such as Sybase, SQL Server or Oracle.
Our installation proved to be a lengthy process, taking several hours to load everything onto our Windows 2003 R2 server. The documentation didn't make it any easier, leading us up a number of blind alleys along the way. We also had to stop and install a specific copy of the Microsoft .NET Framework (3.5 SP1) before the setup would load the ZENworks code in earnest.
Duriing setup we were warned that out server might be too slow (Novell suggests a 2GHz processor or faster); on large networks, a distributed setup across multiple servers is recommended.
Getting started with ZENworks 11
Once installed, the product is managed from a web-based console (the ZENworks Control Center) which we found surprisingly easy to navigate and, although a little idiosyncratic in places, reasonably easy to understand.
One of our first tasks was to discover devices on the network. Although simple enough to initiate, this took a very long time to complete — we're talking hours for a large network. On the plus side, ZENworks was able to identify and manage a mix of Windows and Linux systems, although the demand for Linux desktop management is debatable and limited to Red Hat and SUSE Enterprise distros in this edition.
ZENworks management modules all use the same agent to manage both Windows and Linux clients
Another advantage is that, unlike a lot of other desktop management applications, only one client agent is required. Known as the Zen Adaptive Agent, this is employed regardless of which of the tools is involved. Our second task was therefore to deploy the agent out to our newly-discovered servers and desktops.
Again, this proved deceptively easy — at least to begin with. Unfortunately the Windows agent was quite large and took a long time to distribute and install, even on our small test network. Scale that up to a large enterprise and you're looking at a substantial rollout needing careful management in order to avoid disruption.
We also encountered a couple of glitches with the deployment. This is not unusual with this type of product; ultimately, the issue was overcome by manually installing the client on the affected systems.
Finally we setup the software to use Active Directory as our user authentication source. A very straightforward procedure, this enabled us to import existing user accounts and use those details when creating and applying management policies.
The core configuration management module can collect inventory information from and manage Windows and Linux endpoints
Using ZENworks 11
We spent best part of a day getting ZENworks up and running. However, once we had the product fully installed and working, it proved much easier to use. We particularly liked the way the Control Center suggested appropriate tasks as we navigated our way through the various displays: we were soon able to gather hardware and software inventory information both from Linux and Windows systems, and then lock down file shares and configure power management, printer setup and other desktop settings.
The ZENworks Control Center provides a "single pane of glass" from which to manage endpoints on the network
Remote control is built-in, making it easy to troubleshoot problems without a deskside visit; file transfer facilities, are also provided to help support staff with their work. On the deployment side, it's easy to set up tasks to install new applications, with disk imaging tools also provided to help with rolling out new systems.
All the tools to remotely manage endpoints are available from the web-based ZENworks Control Center
Using the Endpoint Security Management tools we were able to control Windows firewall settings, deny access to Wi-Fi networks and so on. Here, too, it was possible to configure and apply different policies based on user and location information. For example, when one of our test notebooks was connected to a home Wi-Fi network, we could enforce a much more strict security policy that when it was cabled to the office LAN.
The ZENworks Endpoint Security Management module can be used to enforce security policies on Windows endpoints
The more we used ZENworks, the more we grew to like it. On a large network it could rapidly become an invaluable management tool, with reporting tools and the ability to delegate management among other key features. On the downside there's nothing in ZENworks 11 to help manage the mobile devices (Novell has a separate product for this) and we'd also like to see more virtualisation support included.
Licensing for ZENworks 11 is quite complex, and it required several emails to unravel. Here's the story as we understand it.
For our review we looked at the Standard edition of the ZENworks 11 suite which, as with all the suites on offer, includes all four of the core ZENworks components. However, the £61 (ex. VAT) Standard edition licence is for ZENworks Configuration Management only, the other modules being licensed for 60-day evaluation only.
The additional components can, of course, be activated by typing in a key but there is a cost involved. ZENworks Patch Management is £13 (ex. VAT); ZENworks Asset Management costs £28 (ex. VAT), while, ZENworks Endpoint Security Management is £59 (ex. VAT). All of these components are licensed per device with one year standard maintenance included.
Alternatively there's an Advanced edition (£130 ex. VAT per managed device) with bundled licences for configuration and patch management. And an Enterprise bundle (£184 ex. VAT per device) with licences for all four component modules included.