2.5 Configuring Remote Management Proxy

Remote Management proxy forwards Remote Management operation requests from the Remote Management Viewer to a managed device. The proxy is useful when the viewer cannot directly access a managed device that is in a private network or on the other side of a firewall or router that is using NAT (Network Address Translation). As a prerequisite, the proxy must be installed on a Windows managed device or Linux device.

Review the following sections for information on installing and configuring the proxy:

2.5.1 Installing a Remote Management Proxy

If a managed device is on a private network or is on the other side of a firewall or router that is using Network Address Translation (NAT), the remote management operation of the device can be routed through a Remote Management proxy. The proxy can be installed on a Windows or Linux managed device. By default, the remote management proxy listens on port 5750.

For more information on the Remote Management proxy, see Section 1.4, Understanding Remote Management Proxy.

For information on the system requirements that a Windows or Linux managed device must meet to enable the proxy to be installed on the device, see Managed Device Requirements in ZENworks 2017 Update 3 System Requirements.

Review the following sections for information on installing the Remote Management proxy:

Installing the Remote Management Proxy on a Windows Device

  1. On the device, open the following ZENworks download page on a Web browser:

    https://server/zenworks-setup

    Replace server with the DNS name or IP address of a ZENworks Server.

  2. In the left navigation pane, click Administrative Tools.

  3. Click novell-zenworks-rm-repeater-<version>.msi and save the file to a temporary location.

    version is the version of the ZENworks product.

  4. Install the proxy application by executing the following command:

    msiexec /i novell-zenworks-rm-repeater-<version>.msi TARGETDIR="ZENworks_Installation_directoryā€¯.

The Remote Management proxy is designed to run automatically upon installation. You can choose to customize its behavior by modifying the default settings for the device. For more information on the Remote Management proxy settings, see Section 2.5.2, Configuring a Remote Management Proxy.

Installing the Remote Management Proxy on a Linux Device

  1. On the device, open the following ZENworks download page on a Web browser:

    https://server/zenworks-setup

    Replace server with the DNS name or IP address of a ZENworks Server.

  2. In the left navigation pane, click Administrative Tools.

  3. Click novell-zenworks-rm-repeater-<version>.noarch.rpm.

  4. Decide whether to immediately install the proxy or save the proxy RPM file to install it later.

    • To immediately install the proxy, click Open With to open the Remote Management Proxy with zen-installer, specify the root password, then click OK.

    • To save the proxy RPM file to the default download directory so that you can install it later, click Save to Disk. To install the RPM, do one of the following:

      • Click the proxy RPM file, specify the root password, then click OK.

      • Run the following command as a superuser or root user:

        rpm -ivh novell-zenworks-rm-repeater-<version>.noarch.rpm

The Remote Management proxy is designed to run automatically on installation. You can choose to customize its behavior by modifying the default settings for the device. For more information on the Remote Management proxy settings, see Section 2.5.2, Configuring a Remote Management Proxy.

Installing the Remote Management Proxy on an Unmanaged Linux Device

  1. Copy the following files from a ZENworks Linux device to the proxy device:

    • /etc/opt/novell/zenworks/security/ca.cert

      /etc/opt/novell/zenworks/security/rm.cert

  2. (Conditional) If the Remote Management proxy has already been installed on the device, run the following command to restart the proxy:

    /etc/init.d/nzrepeaterd restart

    or

    Install the proxy on the device. For more information on installing the proxy on the device, see Installing the Remote Management Proxy on a Linux Device.

2.5.2 Configuring a Remote Management Proxy

When you install a Remote Management proxy on a device, certain settings are configured on the device, by default. You can choose to edit the settings.

Remote Management Proxy Settings on a Windows Managed Device

On a Windows device, the registry settings for the Remote Management proxy are available at HKLM\SOFTWARE\Novell\ZCM\Remote Management\Proxy.

ClientPort: Specifies the port number that the proxy uses to listen for any remote session requests from the Remote Management Viewer. The default value is 5750.

SessionEncryption: Specifies whether the initial flow of data between the proxy and the Remote Management Viewer is encrypted. The default value is True. This setting is not applicable after the proxy establishes a connection with the managed device. The session encryption is then governed by the Remote Management policy and the preferences of the remote operator. You should mark this setting as True because setting it to False allows unauthenticated external processes other than the Remote Management Viewer to make connections to devices in the private network.

SSLClientAuthentication: Specifies whether the proxy should accept connection requests from a viewer that does not have a valid certificate. The possible values are True and False. The default value is True.

Remote Management Proxy Settings on a Linux Device

On a Linux Primary Server or Satellite Server, the settings for the Remote Management proxy are available in the /etc/opt/novell/zenworks/repeater/nzrepeater.ini file.

viewerport: Specifies the port number that the Remote Management proxy uses to listen for any remote session requests from the Remote Management Viewer. The default value is 5750.

runasuser: Specifies the user that the proxy should impersonate. The Remote Management proxy requires only user privileges to perform remote operations. The default value is zenworks. However, you can specify a different user.

strictimpersonation: Specifies if the remote session should continue as root when the user specified as the runasuser does not exist. The possible values are true and false. The default value is false, which indicates that the remote session continues as root when the user specified as the runasuser does not exist.

sslauth: Specifies whether SSL authentication is enabled or disabled. The possible values are 0 and 1. The default value is 1, which indicates that SSL authentication is enabled.

WARNING:Disabling SSL authentication is not recommended because it allows external processes to access the network devices without any authentication.

verifyViewerCert: Specifies if the Remote Management Viewer certificates needs to be verified. This setting is applicable only when SSL authentication is enabled. The possible values are 0 and 1. The default value is 1, which indicates that the Remote Management Viewer certificates must be verified. When a session is initiated from a stand-alone viewer, the remote operator might not have the required certificates that are chained to the root Certificate Authority. As a result, the proxy fails to connect to the server.

loggingenabled: Specifies whether the messages should be logged on the device. The possible values are true and false. The default value is true.

For information on other registry settings, see the /etc/opt/novell/zenworks/repeater/nzrepeater.ini file.