Section 2.2.1, Configuring the Remote Management Settings on a Linux Device
Section 2.2.2, Configuring the Remote Management Agent Password on a Linux Managed Device
Section 2.2.3, Starting Remote Management Operations on a Linux Device
Section 2.2.4, Preparing a Linux Device for a Remote Login Session
The Remote Management settings are rules that determine the behavior or the execution of the Remote Management service on the managed device. The settings include configuration for the ports, session settings, and performance settings during the remote session. These settings can be applied at zone, folder, and device levels.
NOTE:On Linux devices, only password based authentication is enabled for remote management and the rights based authentication is disabled by default. It is recommended to set a password for the Linux device to secure it from unauthorized access.
The following sections provide information on configuring the Remote Management settings at the different levels:
By default, the Remote Management settings configured at the zone level apply to all the managed devices.
In ZENworks Control Center, click Configuration.
In the Management Zone Settings panel, click Device Management, then click Remote Management.
Click the Linux Settings tab.
Select Run Remote Management Service on Port and specify the port to enable the Remote Management service to run on that port.
By default, the Remote Management service listens on port number 5950.
Select one of the following options:
Allow Full Control: Enables the administrator to remotely control and also remotely view the managed device.
Allow View Only: Enables the user to remotely view the managed device.
Select the Ask for permission from user on the managed device option to request the permission from the user on the managed device before starting a Remote Control or Remote View session on the device.
Select the option to enable the Remote Login service. By default, the Remote Login service listens on port number 5951. You can choose to specify a different port number.
To configure the password policy for handling the remote sessions on the device, select one of the following:
Use the Same Password Across Sessions: This is the default option of the password policy and enables the administrator to use the same password across all the remote sessions on the device. For information on setting the password on the managed device, see Setting Up the Remote Management Agent Password on the Managed Device.
Clear the password After Every Session: If this option is selected, the user must set the password for every session and communicate the password to the remote operator through out-of-band means such as telephone. The password is cleared after every successful or unsuccessful attempt for a Remote Management operation. For information on setting the password on the managed device, see Setting Up the Remote Management Agent Password on the Managed Device
No Password: If this option is selected, then Remote Control, Remote Login, and Remote View sessions are launched without asking for a password.This option is not recommended because it allows access to the managed device without any password.
(Optional) Configure a remote management proxy to perform remote operations on the managed device.
If the managed device is on a private network or is on the other side of a firewall or router that is using NAT (Network Address Translation), the remote management operation of the device can be routed through a remote management proxy. You must install the proxy separately. For information on installing the remote management proxy, see Section 2.5.1, Installing a Remote Management Proxy.
Task |
Details |
---|---|
Add a remote management proxy |
|
Delete a remote management proxy |
|
Click Apply, then click OK.
These changes are effective on the device, when the device is refreshed.
By default, the Remote Management settings configured at the zone level are applied to all the managed devices. However, you can modify these settings for the devices within a folder:
In ZENworks Control Center, click Devices.
Click the folder (details) for which you want to configure the Remote Management settings.
Click Settings, then click Device Management > Remote Management.
Click Override.
Edit the Remote Management settings as required.
To apply the changes, click Apply.
or
To revert to the system settings configured at the zone level, click Revert.
Click OK.
These changes are effective on the device, when the device is refreshed.
By default, the Remote Management settings configured at the zone level are applied to all the managed devices. However, you can modify these settings for the managed device:
In ZENworks Control Center, click Devices.
Click Servers or Workstations to display the list of managed devices.
Click the device for which you want to configure the Remote Management settings.
Click Settings, then click Device Management > Remote Management.
Click Override.
Edit the Remote Management settings as required.
To apply the changes, click Apply.
or
To revert to the previously configured system settings on the device, click Revert.
If the Remote Management settings on the device were configured at the folder level, the settings revert to the configured folder level settings; otherwise, they revert to the default zone level settings.
Click OK.
These changes are effective on the device, when the device is refreshed.
If the password policy for performing remote session on a Linux managed is configured to use a password to remotely connect to the device, the user on the managed device must set a Remote Management Agent password and communicate the password to the remote operator. For more information on setting the password policy for Remote Management sessions, see Configuring the Remote Management Settings at the Zone Level of a Linux Device.
The user on the managed device must create a Remote Management Agent password on the device and communicate the password to a remote operator in order to enable the remote operator to remotely manage the device.
To set the Agent password on the managed device, enter the following command at the shell prompt:
# /opt/novell/zenworks/sbin/zrmservice --passwd
The password is case-sensitive and should be between three to eight characters in length.
NOTE:You need not set the password on the device if the Password Policy is configured to No password.
To clear the Agent password on the managed device, enter the following command at the shell prompt:
# /opt/novell/zenworks/sbin/zrmservice --clrpasswd
The remote session is initiated by the administrator on the management console. The management console is typically placed within an enterprise network and the managed device can be either within or outside the enterprise network. The following illustration depicts a remote session initiated on the managed device from the management console.
Figure 2-3 Console-Initiated Session on a Linux Device
The Remote Management Agent starts automatically when the managed device boots up. A default Remote Management policy is created on the managed device when the device is deployed. You can remotely manage the device using this default policy in rights-based authentication mode only. If you create a new Remote Management policy, the new policy overrides the default policy.
If the ZENworks Management Zone setup is spread across two or more NAT-enabled private networks that are interconnected by a public network, you must deploy DNS_ALG on the gateways of these private networks. DNS_ALG ensures that the DNS lookup queries initiated by the ZENworks components return the correct private address mapped hostname and enables the communication between the management console and the managed devices. For more information on DNS_ALG, refer to DNS ALG RFC - 2694 (http://www.ietf.org/rfc/rfc2694).
If you want to remotely manage a device by using its DNS name, ensure that Dynamic DNS service is deployed in the network.
To initiate a Remote Management session on a Linux device
In ZENworks Control Center, click the Devices tab.
Click Servers or Workstations and select the device you want to remotely manage. Click Action, then select the Remote Management operation you want to perform.
or
In Device Tasks in the left pane, select Remote Control.
In the Remote Management dialog box, select Remote Control, Remote View, or Remote Login.
Fill in the options in the dialog box that displays. The following table contains information on the various options available:
Field |
Details |
---|---|
Device |
Specify the host name or the IP address of the device you want to remotely manage. |
Operation |
Select the type of the remote operation you want to perform on the managed device. |
Authentication |
The Password-Based Authentication is the only mode of authentication. |
Port |
Specify the port number on which the Remote Management service is listening. By default, the port number is 5950 |
Enable Logging |
Logs session and debug information in the novell-zenworks-vncviewer.txt file. The system saves the file in the install location of the ZCC Helper. |
Route Through Proxy |
Enables the remote management operation of the managed device to be routed through a remote management proxy. If the managed device is on a private network or is on the other side of a firewall or router that is using NAT (Network Address Translation), the remote management operation of the device can be routed through a remote management proxy. NOTE:The Route Through Proxy option is not yet supported on Linux. Fill in the following fields: Proxy: Specify the DNS name or the IP address of the remote management proxy. By default, the proxy configured in the Proxy Settings panel to perform the remote operation on the device is populated in this field. You can specify a different proxy. Proxy Port: Specify the port number on which the remote management proxy is listening. By default, the port is 5750. NOTE:The Remote Management Audit displays the IP Address of the device that is running the remote management proxy and not the IP address of the management console. |
Click OK to launch the selected remote operation.
NOTE:The Auto mode might not work properly for SLES10 64-bit devices. You can select a scale of 25 to 150% from the remote viewer Display option.
If you choose to remotely login to a Linux device, a grey screen might appear if some settings are not configured on the device. To enable a Remote Login session to be successfully launched on a Linux managed device, you must enable the XDMCP configuration on the device and disable the firewall For more information on preparing a Linux device for a Remote Login session, review the following sections:
Run the following command to enable the Gnome Display Manager (GDM):
sh /opt/novell/zenworks/sbin/novell-rm-fixrl.sh -dm gdm -cf /etc/opt/gnome/gdm/gdm.conf enable
Run the following command to restart the Display Manager.
/etc/init.d/xdm restart
Edit the /etc/X11/xdm/Xaccess file to uncomment the following line:
* # only local host can get a login window
Edit the /opt/kde3/share/config/kdm/kdmrc file to enable XDMCP to true.
Run the following command to restart the Display Manager.
/etc/init.d/xdm restart
Run the following command to display a fonts directory:
mkdir -p /usr/X11R6/lib/
Run the following command to link the /usr/share/X11 directory to the newly created fonts directory:
ln -s /usr/share/X11/ /usr/X11R6/lib/X11
Edit the file /etc/gdm/custom.conf and add the following entry:
[xdmcp]
Enable=true
Run the following command to restart the Display Manager:
init 3
init 5
Run the following command to create a fonts directory:
mkdir -p /usr/X11R6/lib/
Run the following command to link the /usr/share/X11 directory to the newly created fonts directory:
ln -s /usr/share/X11/ /usr/X11R6/lib/X11
Enable the Remote X GUI Login on the device by using XDMCP and KDM configuration. For more information on how to enable the Remote X Login, see Red Hat documentation.
Run the following commands as root to restart the X Server:
init 3
init 5
Run the following command to display a fonts directory:
mkdir -p /usr/X11R6/lib/
Run the following command to link the /usr/share/X11 directory to the newly created fonts directory:
ln -s /usr/share/X11/ /usr/X11R6/lib/X11
Edit the file /etc/gdm/custom.conf and add the following entry:
[xdmcp]
Enable=true
Run the following command to restart the Display Manager:
init 3
init 5
Run the following command to enable the Gnome Display Manager (GDM):
sh /opt/novell/zenworks/sbin/novell-rm-fixrl.sh -dm gdm -cf /etc/dbus-1/system.d/gdm.conf enable
Run the following command to restart the Display Manager.
/etc/init.d/xdm restart
NOTE:You must use only a Gnome Display Manager to remotely login a SLES 11 or a SLED 11 device.
Run the following command to enable the Gnome Display Manager (GDM):
sh /opt/novell/zenworks/sbin/novell-rm-fixrl.sh -dm gdm -r -cf /etc/dbus-1/system.d/gdm.conf enable
Run the following command to restart the Display Manager.
systemctl restart display-manager.service