By Martin Kuppinger
Before Novell acquired Suse, they reached the headlines in the summer of 2003 by taking over the reins of the well-known Ximian software company. Novell integrated Ximian's system management software, Red Carpet, into their ZENworks family to create ZENworks Linux Management (ZLM).
The new owners continued to build on that Ximian foundation, releasing versions 6.5 and 6.6, but the tool's Red Carpet history was still clearly visible. ZLM showed few signs of progress until the recent appearance of Version 7. ZLM 7 (Figure 1) reveals increasing evidence of Novell's influence, including a new administration interface, architectural changes, and many additions to the feature set.
Novell originally planned to introduce a common interface and unified architecture for the full set of ZENworks sub-components - Server Management, Desktop Management for Windows, and Asset Management - with Version 7. As it turns out, ZLM 7 was the only component that was ready on time. The other ZENworks 7 products introduce some new features but still use the fairly antiquated ConsoleOne Java application for administration, and they do not use an external database server as a repository.
Because ZLM 7 is the first ZENworks product with the new look that will one day belong to the entire family, this latest ZLM reveals some insights on where the whole ZENworks product suite is heading.
Novell's ZENworks is a lifecycle management solution that aims to handle managed systems throughout their entire working life, from original deployment to retirement. To achieve this aim of serving the complete system history, ZENworks not only has software distribution and patch management features, but also comes with a set of OS deployment and update tools, as an initial approach to configuration management, along with inventorying and remote control tools.
All of these functions support centralized management. The design focuses on policy-based management. Users of other ZENworks products should be familiar with this approach. Policies are used to control system configurations and to restrict the visibility of and access to a system's features.
At the same time, ZENworks has a full set of reporting tools that log events and generate predefined or customized reports driven by events, inventory data, and other kinds of information.
ZLM uses a hierarchical tree structure to divide up the section of the network you ask it to manage. The top level is a management zone. A network can contain multiple management zones with a single server, or multiple servers, responsible for each zone. This makes sense, as imaging in particular causes a heavy load. The administrator needs to register the devices in a management zone to create meta-information in a central database. In contrast to the other ZEN-works versions, which use eDirectory as their repository, an external database system is used here.
This introduces two issues: for one thing, administrative users need special treatment, which can hardly be regarded as a state-of-the-art approach. One might have expected something more inventive from a vendor like Novell that places so much emphasis on the integration of credentials. The biggest problem is that ZENworks does not even let you create groups of administrators with uniform administrative privileges.
For another thing, ZLM's approach means that it recognizes workstations, but not the users on workstations. This makes it impossible to handle scenarios where multiple users share a machine.
Within the management zones, the administrator defines bundles and policies, which can be assigned to groups, and folders, which inherit properties. As inheritance is a hierarchic process by nature, exceptions for individual group members are permitted at the lower levels. This design allows for efficient administration even in larger-scale environments.
The most important change to ZLM 7 is the introduction of policy-based management. Policies describe which users are permitted to perform which actions. For example, there is a general Gnome policy, an Epiphany policy, an Evolution policy, and a Firefox policy.
These policies are just a first step compared with the policies in ZENworks 7 Desktop Management (ZDM), the ZEN-works Windows administration product. Although ZENworks policies support modifications to the desktop, and allow you to restrict access to the local filesystem, ZENworks still has not achieved truly granular and comprehensive desktop control.
| ZENworks Linux Desktop Management |
|
ZENworks 7 Linux Desktop Management is another product in the ZEN-works 7 suite. Linux Desktop Management is a variant of ZENworks 7 Desktop Management (ZDM), that is, of the management tool for Windows clients. In contrast to ZDM, ZENworks 7 Linux Desktop Management runs only on Linux servers. You no longer need a Windows or NetWare server. This makes it an interesting option for companies that decide to keep Windows on the desktop but migrate to a Linux-based server landscape. There are no functional differences between this product and the classical ZDM, and you still need ConsoleOne for administrative tasks, which means you still need a Windows client. This will change when the next major ZENworks release becomes available, and when the new administration interface, which is currently restricted to ZLM, becomes available for the other ZENworks products. |
The second major change is that of integrated imaging, or to be more specific, the Preboot Services for operating system deployment. This feature allows administrators to automate the installation of new systems. Images or source files provide the basic material. Support for ZENworks and for the installation of Suse Linux and Red Hat via AutoYAST or KickStart is available. ZENworks supports a multicast approach to system installation; this is a useful feature for regular re-installs of computers in a classroom, for example.
Your preferred installation approach will typically depend on the extent to which you need to modify the standard system installation to meet your own requirements. As ZLM 7 supports no less than five different approaches, you should have no trouble finding the right approach for Suse Linux and Red Hat Linux.
Inventorying is also new to ZENworks. It allows administrators to gather a full set of data on managed hardware and software and to query the data to generate reports (Figure 3). This allows admins to discover the packages deployed on managed systems, thus discovering any modifications to preconfigured sample installations.
Software distribution remains the core feature in ZLM. Version 7 provides no major changes in this area. Automatic dependency checking is now integrated. Besides the bundles mentioned earlier on, admins can now use catalogs. Whereas a bundle contains packages for mandatory installation, users can choose packages to install from catalogs. The feature only supports RPM packages, by the way. Software distribution and patch management in ZLM 7 is as rock-solid as it always has been.
A graphical web interface is available for ZLM 7, as is a command line tool. The GUI-based interface is fairly reliable, simple to use, and easy to learn. However, the web interface still lacks some desirable capabilities in environments with a large number of managed systems. The large collection of command-line tools are likely to prove popular with admins in large networks, and if this is you, the command line is probably your best approach to administration with ZLM 7.
Although ZLM 7 is a convincing product on the whole, it still has its share of weaknesses. Although you can configure clients to pull updates via YOU or RHN, a simple and documented interface to support automatic importing of software bundles is still missing. Workflow tools that would let an administrator configure a process for testing and releasing patches are also missing. This is a general weakness of the ZENworks product family, but one that is becoming increasingly hard to accept.
It is also a pity that ZLM 7 is still completely isolated from its Windows ZDM 7 counterpart; administrators in environments that use both Linux and Windows on the desktop need to learn two management interfaces and work with two distinct infrastructures. Of course, integration would not be trivial to achieve, but it would reduce the administrative effort considerably in heterogeneous environments.
Platform support is strange. ZLM 7 does not (!) run on Novell OES for Linux but is restricted to SLES 9.x. Additionally, Konqueror, the standard browser for Suse Linux, is not officially supported, which leads to warning messages popping up on your screen when you launch the management tool. Other weaknesses include the lack of eDirectory integration.
ZLM Version 7 has matured considerably. The new functions represent a genuine improvement with respect to efficient, distributed management of Linux desktops. But if you compare ZLM 7 with ZDM 7, that is, the Novell product for Windows desktop management, you'll see that there is quite obviously much room for improvement. Improvements would include user-dependent configuration of Linux desktops, along with more, and more comprehensive, management policies for the target system. But all in all, Novell is definitely heading in the right direction.