After the system update is prepared, it should be configured before deploying. During configuring the system update, ZENworks collects information that is required for the update.
To enhance the system security, from ZENworks Update 3 onwards, the ZENworks Server service is split into two separate instances, ZENworks Client Management, and ZENworks Administration Management.
The new ZENworks Administration Management instance will host all the administrative services including the ZENworks Control Center. For this, a new port (default port 7443) should be configured before deploying the system update. The specified port will be used to run all the administrative services across all the primary servers. This port will be opened in the server firewall when the system update is deployed on a primary server. The ZENworks Client Management services will continue to run on the existing port to ensure the continuity of managed device communication. The default port here is 443.
To configure a system update:
In ZENworks Control Center, click Configuration in the left pane, then click the System Updates tab.
In the Available System Updates panel, select the check box next to an update, click Action, and then click Download Updates. For more information, see Downloading Updates.
Select the check box next to an update, click Action, then click Authorize Update.
Select the check box next to the same update, click Action, then click Configure Update.
After clicking Configure Update, the System Update Configuration page is displayed.
On the System Update Configuration page, click Next.
Specify the port to run the administrative services including the ZENworks Control Center.
NOTE:
The port that you specify will be used across all primary servers. Ensure that the port is available on all primary servers.
It is recommended that you login to the ZCC using the host name.
IMPORTANT:While configuring the update, the following warning messages might be displayed:
Warning: The zone contains one or more SLES 12 or SLES 15 non-Appliance Primary Servers. For this system update, ensure that the 'libseccomp2' package is at 2.4.1-11.3.2 or later version.
In this scenario, check the libseccomp2 package version on all the SLES 12.x and SLES 15.x Primary Servers in the zone and then perform the following:
If the version is 2.4.1-11.3.2 or higher, then you can ignore the warning and deploy the update.
If the version is lesser than 2.4.1-11.3.2, then ensure that you update the version to 2.4.1-11.3.2 or higher before deploying the system update.
Warning: The zone contains managed devices running on operating systems that do not support strong ciphers for secure communication with ZENworks servers. By registering managed devices running on an operating system that requires weak and vulnerable ciphers to communicate with ZENworks servers, you are reducing the security provided by default, thereby exposing the system to increased security risks. By proceeding, you understand and agree to assume all associated risks and hold Open Text harmless for the same. The capability is provided "as is". For more information, see the online documentation.
This message is displayed because the zone contains legacy Windows devices as mentioned below, that require weak ciphers to be enabled to communicate with the ZENworks Primary Servers. To restore the strong ciphers configured by default, all such devices need to be deleted from the zone.
Following are the legacy Windows devices that are supported in backward compatibility mode:
Windows 7 (all variants, including SP1)
Windows Server 2012 (all variants, including R2)
NOTE:If weak ciphers are enabled in the zone, it does not block the system update. However, it is recommended that you disable the weak ciphers immediately after the system update. For more information, see Disabling Weak Ciphers.