If you want to remotely connect a managed device that is in a private network or on the other side of a firewall or router that is behind NAT (Network Address Translation), a remote management proxy server should be installed on the same NAT environment that the device is in. For this, an interface machine is required.
Finding the interface machine is difficult in cases where the Managed device is moved out of the zone to home. As each individual home is a NAT environment, one remote management proxy is required for each home to remotely control the device in home. There is no single remote management proxy for devices across many NAT environments. Different remote management proxy servers are required for different NAT environments.
However you can use the Join Proxy Satellite server that allows multiple devices to connect to it for remote management operations. The devices will connect to the Join Proxy based on the locations configured for them, so an interface machine is not required. You can easily promote a device to and demote a device from the Join Proxy role.
You can add Join Proxy role to a ZENworks 11.3 or later version of a Windows or Linux managed device to make it a Join Proxy server for performing remote management operations on Windows managed devices that are in a private network.
NOTE:Primary servers by default have a Join Proxy role. If you select a Primary Server for the Join Proxy role, there is no need to further configure the server in ZENworks Control Center. However, you can reconfigure the Join Proxy configuration settings by manually editing the joinproxy.properties file on the Primary Server device in the following location:
ZENWORKS_HOME\conf\
Configuring Join Proxy Closest Server rules for the location and network environment helps the managed devices to connect to the closest Join Proxy servers defined for them in the location. For more information, see Creating Closest Server Rules for a Location
and Creating Closest Server Rules for a Network Environment
in ZENworks Location Awareness Reference.
Example 12-1 For example:
For Join Proxy services, a device receives the following server list from the ZENworks system. It attempts to connect to the first server in the list, then the second, and so on until it is successfully connected.
Server4 (network environment)
Server5 (network environment)
Server3 (location)
For more information, seeCreating Closest Server Rules for a Location
in ZENworks Location Awareness Reference.
NOTE:You can promote only ZENworks 11.3 or later versions of Windows or Linux managed devices to the Join Proxy Satellite role. Using the Join Proxy Satellite Server, you can perform remote management operations only on Windows managed devices that are in a private network.
To configure the Join Proxy role:
First identify the ZENworks Windows or Linux managed device in the demilitarized zone (DMZ).
In ZENworks Control Center, select the check box next to Join Proxy, then click Configure.
In the Join Proxy Role Settings dialog box, specify the port on which the Join Proxy listens for connection. The default port number is 7019.
Specify the maximum number of devices to be allowed to connect to the Join Proxy. The default value is 1000, but you can change it to any value up to 1000. Because satellite servers are dedicated to join proxy service, they allow more such connections without being overloaded.
NOTE:For a Primary server, the default value is 100.To manually increase this limit, update the joinproxy.properties file and restart the Join Proxy service. Increasing the join proxy connection limit on a Primary server might overload it when more devices start connecting to the Primary server.
Though the range for maximum number of connections is from 1- 65535, if you specify a number greater than 1000, the following message is displayed:
Maximum number of connections exceeding 1000 may impact the performance of Join Proxy adversely. Do you want to continue anyway?
Specify the frequency interval at which the Join Proxy should check if the devices are still connected to it or not. The default value is one minute.
NOTE:Based on the frequency specified here, Join Proxy will send packets to all the managed devices connected to it to detect the connection status and update it in the database. This enables remote operators to connect to managed devices through Join Proxy for performing remote sessions on Windows managed devices that are in a private network.
If you specify a lower value in this field, status updates are quicker in the database. However, this might result in higher traffic on the network, depending upon the number of devices connected to the Join Proxy.
Click Ok to return to the Add Satellite Server dialog box.
Configure any additional roles as desired, then click OK.
Create locations and assign Join Proxy devices to them.
For more details, see Creating Closest Server Rules for a Location
ZENworks Location Awareness Reference. You can have multiple Join Proxies configured for a single location. You can include even Primary Servers in the Closest Server rules for the Join Proxy.
Double - click the Z icon of the Join Proxy server to view the Join Proxy Server’s configuration details.
NOTE:Linux or Mac devices cannot connect to Join Proxy. However you might find Join Proxy listed as the Closest Server in Zicon Properties page of Linux or Mac devices when they are moved to a location that has Join Proxy.