Novell ZENworks Configuration Management Design and Implementation Best Practices

Novell ZENworks ® ®

Configuration Management
Design and Implementation Best Practices

Mark Schouls Andy Philp
Senior Product Manager Product Manager
Novell Inc.,/mschouls@novell.com Novell Inc.,/aphilp@novell.com

Agenda

Pre-Design activities
Critical information required for design
Design activities
Deploying Novell ZENworks Configuration
® ®

Management
Best practice recommendations
Question and answer

2 © Novell, Inc. All rights reserved.

Pre-Design Activities

• There are several things you want to cover.
– Business Assessment
– Technical Assessment
– Gather other critical information
– Develop a high level design
– Complete the documentation based on the above listed
activities and put it somewhere where people can find it


Business Assessment

• If you do not have a solid understanding of what the
overall business needs you cannot design a solution
that will meet them.
• The best way to handle this is through a set of informal
workshops.
– The idea of the meeting is to inform them enough so they begin
to give you feedback as to how they will leverage the system.
– Remember, the three main reasons you hold these workshops
is to...
> Inform them of what you are doing
> Get their buy-in
> Get their feedback in the form of requirements


Business Assessment
(cont.)

Some ideas on how to perform the business
assessment include:

– Hold informal workshops and invite leaders from each
department to attend.
– Survey departmental leaders and find out what they need in
order to become more effective in their roles – how their staff
can become more effective given what the software you are
deploying does.
> Getting them to answer a written survey can be very effective here and can
give you a lot of detail that can be used when building the high-level, and
more detailed design.


Technical Assessment

• The purpose of the technical assessment is to review what
you have, identify what you need, and document it all.
• The two main outputs from a technical assessment are:
– Documentation on your findings.
– A set of tasks that you will need to perform.
• It is recommended that you perform this after the Business
Assessment.
• The two assessments should take no longer than a week to
perform, depending on the size and/or complexity of the
organization and it's infrastructure.


(cont.)

• Know of your existing infrastructure well, before you
introduce ZENworks Configuration Management (ZCM)
®

into the environment.
• Workshops work well!!
• Things you most definitely need to understand include:
– Operating systems which need to be supported.
– Number of users that will need to be supported by the solution.
– Support for roaming users.
– Number of offices/sites, and how many users at each location.
– Locations of all data centers.
– Network architecture with details on links speeds, etc.


(cont.)

• If you need to apply any updates to your existing
servers, etc
• Structure of the DNS infrastructure
• Structure of the DHCP infrastructure
• IP subnet design
• Network access methods
• Network infrastructure components and design
• Directory services design


Gather Other Critical Information

• You should also be very familiar with other services that
are running on the network that rely on the
infrastructure as well.
• It would be best to try and prioritize these services so
you can start to better understand bandwidth utilization,
and service levels that have been assigned to specific
functions.
• If the organization is implementing ITIL best practices
you should know about all disciplines that are currently
being leveraged.


Gather Other Critical Information

• Other stuff you should consider exploring and asking:
– Is there a service desk in place?
– Is there an SLA process in place?
– Does a disaster recovery plan exist?
– What about a CMDB?
– Are there formal change management processes in place?
– Are there formal packaging processes in place?
– Do you have a Definitive Software Library in place?
– Any other projects on the go?


Develop a High Level Design

• A high-level design document that outlines the
general placement of services across the company's
infrastructure.

• As a supplement to the high-level design document you
should also develop a graphical representation of the
infrastructure.

– This diagram should reflect exactly what you have described in
the document, and it should be high-level so that everyone can
see what the infrastructure is going to look like once the
deployment is complete


Documentation

• It is important that you develop your documentation and
then discuss this with all parties that have a stake in the
success of this project.
– Documentation is a must-have.
• Discussing the findings and recommendations in detail
are going to be key to the success of this phase of the
project, and the more detailed design phase.
– Incorporate any changes immediately... before you forget!!


Outputs from Pre-Design Activities

• The main outputs include:
– Assessment document – This document highlights all of your
findings from the business and technical assessments that you
performed.
> Requirements gathered during meetings/workshops with department leaders
and others inside the organization that will have an influence on what
services Novell ZENworks will deliver.
® ®

> A detailed summary of your technical findings, and what needs to change in
order to support ZENworks in the infrastructure.
> High-level design information including general placement of services, and
other infrastructure components.
– High-level design diagram – This diagram is used to visually
understand what the infrastructure will look like after the
deployment is complete. This will be refined further.


Critical Information Required for Design

Know Everything

• Design criteria
• Scalability of the Primary Server
• Scalability of the Satellite Server
• Considerations for the Database Server
• Virtualization


Scalability of the Primary Server
Factors Influencing Scale

• There are a number of factors that directly influence the
scalability of the Primary Server. These include...
– RAM: The majority of operations are performed by two
processes – zenserver and zenloader. These can take up to
approximately 1.2 GB of RAM each.
– Disk I/O: When serving content for applications and updates.
– Other non server-hardware related factors, including...
> Refresh frequency, what are they being utilized for, number of administrators,
frequency, and quantity of uploading content into the content repository,
number of reports that are being run by administrators, and are you utilizing
load balancing.
> There are others, but you get the point.


SuperLab Test – Average Time to Refresh

• The graphic shows scale of the Primary Server under
considerable load. The test shows increasing numbers
of Managed Devices hitting the Primary Server at the
same time during a refresh.


SuperLab Test – Average Time to Download

• The graphic shows scale of the Primary Server under
considerable load. The test shows increasing numbers
of Managed Devices hitting the Primary Server at the
same time downloading 100MB of Bundle content.


SuperLab Test – Administrative Tasks Under Load

• The following results are a series of Administrative
Tasks performed on a server with no load and then with
a load.

Test Name Test De scription Primary Server Under Primary Server Under
No Load Load
BOE Report Run Predefined BOE report - Bundle Deployment Status 15 seconds 18 seconds
(313 pages)
Inventory Report Run canned report “Devices By Machine / Login Name” 7 seconds 8 seconds
Policy Create policy, assign it to 60 devices and perform a Quick 7 minutes 43 seconds 7 minutes 45 seconds
Task on all 60 devices to get policy
Multicast Create Multicast bundle and multicast to 60 devices 4 minutes 20 seconds 4 minutes 27 seconds
Bundle Create an MSI Bundle of Open Office, assign it to 60 25 minutes 30 seconds 1 hour 10 minutes 17
devices and refresh all 60 using a Quick Task seconds


Description of Daily Use Test

• The test environment in the SuperLab consists of the following
components:
– Single server running Windows Server 2003 (64 bit)
– Server hardware – Dell 2950, Quad Core 2.0 MHz, 8GB RAM
– External Microsoft SQL Server 2005 database
• Definition of “Daily Use”
– 24 hour period simulated in 4 hours
– 3 Bundle pushes of 105 chained bundles (30MB to 1KB)
– 1 full and 3 delta inventory scans
– 1 patch distribution
– 4 device refreshes
– 10 devices continually restoring images


Achieving Scalability in the Real World

• Tests are performed in the SuperLab to find the “breaking point” of the
system and it's components, real scalability on the other hand is achieved
through...
– The proper placement of services
– A well thought out design
– The proper configuration of services within the Novell ZENworks
® ®

system itself

• There is a big difference between what we “find” and what we “suggest”.
– For Primary Servers we recommend the following as a starting point:
> Three (3) Primary Servers to – load and fault tolerance
> A dedicated database server


Achieving Scalability in the Real World, (Cont.)

• The recommendations on the previous slide would be
further enhanced by considering the following as well:
– Exclude servers to ensure that certain Primary Servers are
dedicated to specific functions.
– Dedicate a Primary Server as the Novell ZENworks Reporting
® ®

Server.
– A dedicated Primary Server for ZENworks Control Center.
– The use of Satellite Servers for distribution, collection, and local
site authentication.



• Some of the major factors that you need to consider
with ZCM and Primary Servers are the following:
– They can handle between 1,000 and 1,500 concurrent
connections.
– The rule of thumb is a Primary Server for every 3,000 devices
you will register into the Zone.
– A ZENworks Zone will scale to 40,000 devices. This is what has
®

been validated in the SuperLab and what Novell recommends
®

is the upper limit to the Zone size.



• It is recommended that Primary Servers and the
Database Server be on the same network.
• It is NOT recommended (typically) that Primary Servers
span any WAN links.
• Network utilization issues will appear quickly, and this is
mainly due to...
– SQL traffic between Primary Servers and the Database server.
– Replication of content in the Primary Servers content repository.
– Potential spanning the WAN by Managed Devices.


Scalability of the Satellite Server
Factors Influencing Scale

• There are a number of factors that directly influence the
scalability of the Satellite Server. These include...
– Physical memory installed on the machine.
– Disk I/O from the requests being handled by the machine.
– What services are being handled by the Satellite Server
> Collection, content, imaging, authentication.
– The number of managed devices that are hitting the server, and
how frequently.
– Frequency of distributions.
– Class of hardware.
– Class of Operating System.


SuperLab Test Number 1

• This is useful when you begin to estimate how many
Satellite Servers are required.
• Try to calculate estimated load during the design
phase.
Bundle Size Server OS Server OS Workstation OS Workstation OS
(MB) No. of Managed No. of Managed No. of Managed No. of Managed
Devices in Test Devices Successful Devices in Test Devices Successful
6 1004 1004 259 259
10 1004 1004 259 259
25 1004 968 259 259
50 1004 801 259 248
1200

1000

800

600 Server OS
Workstation OS
400

200

0
6 10 25 50



• The second test shows the results of a Satellite Server
running on a Server OS delivering multiple chained
bundles to connected managed devices.
• This information is very useful when trying to calculate
how much load you can place on the Satellite Server
(with a Server OS) when deploying applications that
are chained together.
Number of Bundle Sizes Total No. of Managed No. of Managed Devices
Bundles Devices Successful
5 10, 15, 20, 25, 30 (in MB) 999 996
4 5, 10, 15, 20 (in MB) 999 996



• The third test shows the results of a Satellite Server
running on a Workstation OS delivering multiple
chained bundles to connected managed devices.
• This information is very useful when trying to calculate
how much load you can place on the Satellite Server
(with a Workstation OS) when deploying applications
that are chained together.
Number of Bundle Sizes Total No. of Managed No. of Managed
Bundles Devices Devices Successful
5 10, 15, 20, 25, 30 (in MB) 259 259
4 5, 10, 15, 20 (in MB) 259 259


Achieving Scalability in the Real World

• Once again, tests performed in the SuperLab locate the
“breaking point” of the service.
• We assume the following...
– The Satellite Server running on server-class hardware can
handle up to 1,000 Managed Devices
– The Satellite Server running on workstation-class hardware can
handle up to 250 Managed Devices
• For larger sites (250 devices and beyond)...
– Use multiple Satellites for redundancy and load balancing
• For smaller sites (up to 250 devices)...
– Use your judgment


The Database Server
Scalability

• The main things you need to consider when it
comes to the database server are:
– How many devices are you managing? If the number is
greater than 10,000 then you may want to consider
using Oracle or Microsoft SQL Server.
– Will you be able to utilize clustering technologies to
achieve a higher level of fault tolerance.
> You need more details on the organizational continuity and
availability management plans.

• Novell does not recommend use of the
®

Embedded Sybase database for production use.
– This is a single point of failure and should be avoided.


The Database Server
Scalability (cont.)

• Follow vendor-specific best practices when it comes to
database backup, tuning, and maintenance.
– It is critical that you completely understand the vendors
recommendations and best practices.
– You database administrator(s) need to be very close to this
project.
Database Platform Scope / Number of devices
Sybase (embedded) Testing / Development – not recommended for production use/deployment
Sybase (remote) Production / < 1,500 up to 5,000
Microsoft SQL Server 2005 Production / < 5,000 up to 40,000
Oracle 10g Production / < 5,000 up to 40,000


The Database Server
Backup – Sybase

• One of the most important aspects of Sybase database
maintenance is regular backups of the database files.
• Sybase provides it's own backup tool to do this, and it
is freely available for you to download off of the
Ianywhere website.
– The name of the backup tool is dbbackup.
• Details on the tool can be found here:

http://www.ianywhere.com/developer/product_manuals/sqlanywhere/1000/en/html/dbdaen10/da-dbbackup.htm


The Database Server
Backup – Sybase (cont.)

• Novell does not provide any support for this tool – all
®

issues related to the use of this tool must be logged
with Sybase.
• The Sybase database can be backed either when it is
running or shut down.
– When it is running you will use dbbackup.
– When it is shut down you can perform a simple file copy.


The Database Server
Considerations – Microsoft SQL Server

• The most important aspects of managing and
maintaining your database server that is hosted on a
Microsoft SQL Server are the following:
– You must have the skills in-house, or be readily available to
them (contractor, consultant, or partner) to manage and
maintain the Microsoft SQL Server based on the best practices
that Microsoft outlines for regular database management.
– There must be regular database backup routines in place. This
should also be documented or noted in the design document.


The Database Server
Considerations – Microsoft SQL Server (cont.)

• There must be regular database maintenance routines
in place. This should also be documented or noted in
the design document.
• Considerations for clustering (high availability) of the
database server should be made and documented.
• The organization needs to be familiar with the tools that
Microsoft provides to plan, analyze, and maintain their
Microsoft SQL Server infrastructure.
• Check out Microsoft's website for more details –
there is a wealth of information available to you.


The Database Server
Recommendations – Oracle

• You must rely on the skills of the in-house database
administrator(s) to ensure you are installing, updating,
and maintaining the database properly.
• The individual(s) responsible for the day-to-day
management of the Oracle infrastructure must be
involved in the ZCM deployment project from day one.
• Be familiar with the documents Oracle makes available
on their website.


The Database Server
Database Sizing and Performance

• As a general rule of thumb, Novell has seen that the
®

database size increases at a rate of approximately 1GB
per one thousand (1,000) devices in the zone.
• Best practices around fault tolerance, maintenance,
and performance need be considered alongside the
general calculations for overall database size, and they
are just as (if not more) important.
• For sites with more than 10,000 devices RAID 0+1
(mirror with stripe) is recommended.


The Database Server
Database Sizing and Performance (cont.)

• Database servers are very sensitive to disk
performance.
– More smaller disks are always faster than fewer larger disks.
• A single 10GB drive for a 10,000 device site may not
perform adequately, although it may meet the database
sizing formula.
– Ten smaller drives will perform much better.
• Testing and monitoring are an essential part of
database configuration.
• It is very important to note that ZCM performs better
with a dedicated database server, and it is not shared
with other database applications.

DNS and DHCP Services

• DNS forward and reverse lookup is properly configured
so that you can resolve servers using both their DNS
name and IP address.
• It helps when workstations are registered in DNS as
well – DDNS required.
• DHCP needs to be properly configured for imaging
purposes.
• PXE may need to be enabled on workstations.


Time Synchronization

• Everything has a time stamp.
– Ensure everything is time synchronized, it's important.
• All servers in your zone must have time
synchronization configured. It is not needed for
devices but it is recommended to ensure a well
tuned infrastructure.
• For Novell eDirectory customers it may be an
®
™

option to point the ZCM servers to eDirectory
Time Sources via NTP. Usually all clients use
the same time sources via the Novell Client, so ®

the system will be in complete harmony.


Virtualization

• Remember to plan your installation carefully, and
allocate the right amount of resources if you are going
to install in a virtualized environment.
• Currently Novell supports the following platforms:
®

– XEN
– VMware ESX
– VMware Workstation
– Microsoft Virtual Server


Design Activities

• This is where you will spend the bulk of your “planning
and testing” time.
– You will build your design (how and what) and validate it in a lab
setting to ensure you have built everything correctly and nothing
is missing.
– We will once again stress the importance of solid and accurate
documentation to back up all of the decisions you have made.
• It is estimated that you will spend approximately 80% of
your time in this planning and testing phase, and the
remainder of your time will be spent on pilots and the
wider deployment where you simply are executing
against your plan.


Design Activities
(cont.)

• Just because we stress the need for proper design
activities does not mean that this is, or needs to be
complex.
– It is just good project management in action.
– Once again, you want to be successful the first time and avoid
the need for major design changes after the deployment has
started.
This could be very disruptive for your end users.


Design Activities
(cont.)

• Three recommendations need to be made:
– Hold design workshops with everyone involved, and those that
have say in how things need to look and feel – these provide
tremendous value and keep the project organized and running.
– Go through every aspect of what the system will look like, and
all of the features you will leverage.
> Document everything along the way.
– Test everything in a lab environment – your use cases, features,
functions, etc., etc.
> This does not need to be physical machines – leverage virtualization
capabilities to create your lab.
> Keep you lab running well after the project – you never know if you'll need it
again, and it can provide a lot of testing value down the road (and time).


Deploying ZENworks Configuration
®

Management

Steps to a Successful Deployment

• The steps are straight forward – if you follow these
simple steps you will increase your level of success.
– Pre-deployment planning
– Pre-deployment documentation
– Pre-deployment testing
– Pilots
– Migration (if applicable)
– Wider deployment
– Post-deployment documentation and validation


Zone Settings

• The topics we will cover today include:

– Organized Management
– Content Replication
– Device Management
– Event and Messaging
– Infrastructure Management
– Inventory
– Licensing and administration


Organized Management

• Folder Structures

– Functional or geographical?

• Static and Dynamic Groups


Folder Structures

• Organize your Bundles in folders, use registration
rules/keys, and avoid dumping everything in one place
– be organized and you'll thank us later.
• Register devices into specific folders (site/location,
department, role, etc.) - decide on what makes the
most sense to you, and stick with it.
• Leverage folder structure for content assignment to
make things as simple as possible.
– User based structure from your User Source.
– Device based structure from what you've created.


Using Groups

• Leverage Device based “Dynamic Groups” whenever
possible. These group memberships are calculated for
you and takes the guessing out of the game.
• Create “Static Groups” if you need to.


Content Replication

• Define by bundle folders
– Good for Patch Management content
• Prioritize content deliver between sites based on type
– Control schedule, length of window and bandwidth consumption


Primary Server Replication

• Take advantage of these settings to specify which
Primary Servers will include or exclude new content by
default.
– ZCM 10 SP3 allows this to be set at the bundle folder
– This could be very useful for complex designs.


Satellite Server Replication

• Once again, same goes for the Satellite Servers as
well.
– This could be useful when you require a very controlled design
and implementation.


Content Replication

• Make sure you set this up according to both your
needs, and policies set by the networking group(s).
– ZCM 10 SP3, ZCM introduces content types


Satellite Server – Offline Replication

• If on-boarding a new remote site, consider content
export features:
– Set content schedule to “None”
– Define content requirements
– <zman ssec> command to export
– <zac cic> command to import


Device Management

• Device refresh schedule
– How often do you need to force updates?
• Disable unnecessary modules
– Different devices have different requirements
• Inventory
– Tracking your assets
• Imaging
– Windows 7 anyone?


Device Refresh Schedule

• In most cases the default
is OK... but modify if
required before you start
registering devices into
the Zone.
– This goes for Full and Partial


ZENworks Agent ®

• Choose whether or not you allow your users to uninstall
the agent.
• Modify settings for individual modules.


Inventory

• Make sure you set this up according to your
requirements.
– A “fresh” install assumes you will set this up, so do not
necessarily accept the defaults.


Imaging

• Embrace “Universal Imaging” in your organization, and
cut down on the overhead involved in managing
multiple images.
– Are you moving to Windows 7?
• Visit the other sessions covering imaging:
– Specifically go see what ENGL have to say in their session:
EM300 - Windows 7 Deployment with Novell ZENworks ® ®

Configuration Management and ENGL Imaging Toolkit


Infrastructure Management

• Closest Server Rules
– Define where devices go for each service type
• System Update Settings
– Define your update strategy
• Event Messaging
– Beware – DB growth!
• User Sources
– Enable user based management
• Satellite Device Roles


Closest Server Rules

• Larger deployments will
always use custom rules.
• Designs with satellite
locations will always use
custom rules.
• The Default Rule may be
OK for small, single-site
implementations.


System Update Settings

• Make sure you set this up according to your
requirements.
• A “fresh” install assumes you will set this up.


System Update Agent

• Get your System Update
settings done before you
start deploying. The
defaults are OK, but may
not work for you.


Centralized Message Logging

• For complex deployments
consider designating a
specific Primary Server as
the Maintenance Server.
– Maybe the ZCC Server.
– Select a few days to clean
up.
– Designate a time... the
default
may not work for you.


User Sources

• ZCM 10 SP3 introduces:
– Satellite Authentication Roles
– Smart card authentication

|


User Sources
(cont.)

• Remember, multiple sources are supported.
• Remember, multiple connections are now supported


Satellite Server Roles

• Remember to specify the role(s) of each of your
Satellite Servers.
– The Authentication Role is
new to ZCM 10.3.


Licensing and administration

• Also found on the “Configuration Page”

– Administrators

– Roles

– License info


Administrators

• Make sure you set administrative accounts early on by
creating them in ZCC or referencing them from either
Novell eDirectory or Active Directory.
®
™

• Don't give everyone “god” privileges in the system. Be
specific with roles (next slide).
• Keep the “Administrator” account under lock and key
and don't give out the password.


Roles

• You need to get specific here.
• Give out only that which they need.


Licenses

• Use this feature to turn on (and off) functionality in
ZCC.
• Excellent feature to only show what you've licensed in
ZCC – avoids any confusion.


Unpublished Work of Novell, Inc. All Rights Reserved.
This work is an unpublished work and contains confidential, proprietary, and trade secret information of Novell, Inc.
Access to this work is restricted to Novell employees who have a need to know to perform tasks within the scope
of their assignments. No part of this work may be practiced, performed, copied, distributed, revised, modified,
translated, abridged, condensed, expanded, collected, or adapted without the prior written consent of Novell, Inc.
Any use or exploitation of this work without authorization could subject the perpetrator to criminal and civil liability.

General Disclaimer
This document is not to be construed as a promise by any participating company to develop, deliver, or market a
product. It is not a commitment to deliver any material, code, or functionality, and should not be relied upon in
making purchasing decisions. Novell, Inc. makes no representations or warranties with respect to the contents
of this document, and specifically disclaims any express or implied warranties of merchantability or fitness for any
particular purpose. The development, release, and timing of features or functionality described for Novell products
remains at the sole discretion of Novell. Further, Novell, Inc. reserves the right to revise this document and to
make changes to its content, at any time, without obligation to notify any person or entity of such revisions or
changes. All Novell marks referenced in this presentation are trademarks or registered trademarks of Novell, Inc.
in the United States and other countries. All third-party trademarks are the property of their respective owners.

Novell ZENworks Configuration Management Design and Implementation Best Practices

Recommended

Recommended

More Related Content

What's hot

What's hot (20)

Viewers also liked

Viewers also liked (14)

Similar to Novell ZENworks Configuration Management Design and Implementation Best Practices

Similar to Novell ZENworks Configuration Management Design and Implementation Best Practices (20)

More from Novell

More from Novell (20)

Novell ZENworks Configuration Management Design and Implementation Best Practices