3.4 Discovery and Deployment Strategies

As a core part of all of the integrated ZENworks products, Micro Focus provides the ability to discover network-attached devices and then to perform a push deployment of the ZENworks Agent to the devices that can be managed by ZENworks. This section describes the best practices for the device discovery and deployment capabilities of ZENworks products.

3.4.1 Device Discovery

When it comes to device discovery, you need to perform your discoveries and deployments in stages. Use the recommendations in this section for discovery and deployment in order to avoid massive amounts of discovery traffic on the LAN/WAN.

Consider the following when considering device discovery:

  • Discover assets subnet-by-subnet.

  • Discover assets building-by-building.

  • Discover assets site-by-site.

  • Import devices from Active Directory or eDirectory by using LDAP discovery tasks.

  • Import devices from a spreadsheet (CSV) if they are well documented and the list is available for you to use.

  • Use the ZENworks Migration wizard to migrate your devices from eDirectory and target them for deployment to avoid discovery of the initial assets that are already part of an existing ZENworks system.

  • Use pilot groups.

These tips help you discover assets and roll out the ZENworks Agent in a very manageable way, which avoids failures for deployment and installation.

Table 3-1 lists the duration and CPU usage for a discovery task performed by using the MAC Address technology. This information helps you to configure the discovery settings in an efficient way.

Table 3-1 Discovery Task Time and CPU expectations

IP Address Range

Duration of Discovery Task

Additional Details

Single IP

Less than 1 minute

This discovery task starts immediately when it is launched.

/24 Subnet (254 devices)

10 minutes

This discovery task starts immediately when it is launched.

/16 Subnet (65534 devices)

30 hours

This discovery task starts immediately when it is launched.

/8 Subnet (16,277,214 devices)

Always in a Pending state

This discovery task is not started. The status of the task remains as Pending.

CPU usage is normal,10 minutes after the discovery task is launched.

If any other discovery or loader task is running simultaneously, it might take a considerable time to complete.

There are several things you can do to increase the speed of IP Discovery tasks.

  • Increase the Maximum Concurrent Discoveries from 5 to 20. This allows more addresses to be scanned simultaneously.

  • Select only the discovery technologies that are required. We recommend enabling only the discovery technologies that are configured within the environment. If SSH, NMAP, or SNMP is not available or is not configured in the environment, do not enable it. Every discovery technology that is scanned for an IP address adds time to the discovery task. As a rule of thumb, start with only WinAPI and the ZENworks discovery technologies enabled for the Management Zone. You can override discovery technologies in the discovery task, which means that specific discovery technologies can be directed at certain subnets.

  • Configure only the necessary authentication credentials. The more authentication credentials configured, the longer each scan takes.

  • Disable the MAC Address discovery technology. Any device with a MAC address is discovered via this technology. The devices show up in the discovered list with an unknown operating system, which causes the deployable device list to be inaccurate.

All discoveries are performed from the Deployment tab in ZENworks Control Center.

Agent State

A discovery task returns Management Zone information to devices with a ZENworks agent installed. The discovered devices can be viewed from the ZENworks Control Center > Devices > Discovered tab. It is possible to see which devices are registered with another Management Zone and which agents are currently unregistered.

The name of a managed device residing within the same Management Zone as the Primary Server is displayed in green and the name of a managed device residing in a different Management Zone is displayed in yellow.

Schedule

A Discovery task returns device information only if the device is turned on, and it can be contacted. A Discovery task should be run regularly on different days and times to ensure that the entire environment is captured.

For more information, see the ZENworks Discovery, Deployment, and Retirement Reference.

3.4.2 ZENworks Agent Deployment

ZENworks provides a variety of methods that you can use to install the ZENworks Agent on the devices:

  • Use ZENworks Control Center to deploy the agent from the ZENworks Server to the device.

  • On the device, use a Web browser to download and install the agent from the ZENworks Server.

  • Include the agent in an image and apply the image to the device.

  • Use a login script, Windows group policy, or ZENworks 7 application object to install the agent.

Because ZENworks is usually implemented in large environments, we recommend deploying the ZENworks Agent automatically. Where possible, avoid installing the agent manually.

The following sections provide more information on deploying the ZENworks Agent:

Default Deployment Packages

The best option for accessing the default deployment packages is through ZENworks Control Center:

  1. From the Home page in ZENworks Control Center, click Download ZENworks Tools in the left pane.

  2. Download the default package that you require.

These packages are also available from the /zenworks-setup page on your Primary Servers. We recommend using one of the following deployment methods:

  • Use the Deployment task from ZENworks Control Center, after discovering or importing devices.

  • Use your existing software distribution tool to deploy the agent.

  • Include the ZENworks Agent in a new image.

For all methods, you must have registration keys in place. For more information, see Creating Registration Keys and Rules in the ZENworks Discovery, Deployment, and Retirement Reference.

Custom Deployment Packages

During the ZENworks installation, default ZENworks Agent deployment packages are created. These packages are tied to the ZENworks Primary Server and contain the URI of this server to register the devices. There are no registration keys configured and the registration process uses default rules to register devices.

It is a good practice to always use custom deployment packages when pushing the ZENworks Agent to your discovered or imported devices. You should avoid the use of the default agent deployment packages that are created, because these include only default parameters that might not meet the needs of your organization.

You must be familiar with the registration process to properly understand your needs before you commence testing.

3.4.3 Registration

Registration is the process of enrolling the ZENworks device into the ZENworks zone. During registration, a workstation or server object is created to represent the managed device. Once an object is created, you can assign configuration policies and software bundles, and modify the settings of those bundles.

By default, the host name of a device is used as its ZENworks name. It is added to the /Servers or /Workstations folder, and it is not given membership in any group. You can manually move devices to other folders and add them to groups, but this can be a difficult task if you have a large number of devices, or if you are consistently adding new devices. The best way to manage a large number of devices is to have them automatically added to the correct folders and groups during registration.

To add devices to folders and groups during registration, you can use registration keys, registration rules, or both. Both registration keys and registration rules let you assign folder and group memberships to a device. However, there are differences between keys and rules that you should know before choosing whether you want to use one or both methods for registration.

The following sections contain more information:

Registration Rules

If you do not want to enter a registration key during deployment, or if you want devices to be automatically added to different folders and groups based on predefined criteria (for example, operating system type, CPU, or IP address), you can use registration rules.

ZENworks includes a default registration rule for servers and another one for workstations. If a device registers without a key, the default registration rules are applied to determine the folder and group assignments. These two default rules ensure that all servers are added to the /Servers folder and all workstations to the /Workstations folder.

These two default rules are designed to ensure that no server or workstation registration fails. Therefore, you cannot delete or modify these two default rules. You can, however, define additional rules that enable you to filter devices as they register, and add them to different folders and groups. If you have established folders for devices with similar configuration settings and groups for devices with similar assignments, newly registered devices automatically receive the appropriate configuration settings and assignments.

Additionally, in some highly secure environments, it may be desirable to disable the default registration rules from the Registration Settings page. This means that a device will only register in the zone if it meets either a pre-defined rule or a key is specified at the time of registration.

The best practice is to utilize registration rules where possible, as this provides the most hands-off way for registering the device.

For more information, see the ZENworks Quick Start Reference.

Registration Keys

A registration key is an alphanumeric string that you manually define or randomly generate. During the deployment of the ZENworks Agent on a device, the registration key must be provided. When the device connects to a ZENworks server for the first time, the device is added to the folder and groups defined within the key.

You can create one or more registration keys to ensure that devices are placed in the desired folders and groups. For example, you might want to ensure that all the workstations belonging to the Sales department are added to the /Workstations/Sales folder. However, they should be divided into three different groups (SalesTeam1, SalesTeam2, or SalesTeam3), depending on their team assignments. You could create three different registration keys and configure each one to add the sales workstations to the /Workstations/Sales folder and the appropriate team group. As long as each workstation uses the correct registration key, it is added to the appropriate folder and group.

Registration keys should be used to register devices that should be an exception to the rules that you have created.

For more information, see the ZENworks Quick Start Reference.

Registration Settings

Registration settings can be set only at a zone-wide level, and they allow you to control the following:

  • Whether the default registration rules are enabled: Generally we recommend you keep these rules enabled, unless your environmental security requirements dictate otherwise.

  • Whether devices should be automatically renamed in the console when their naming attributes change on the device: We recommend enabling this setting to help keep the ZENworks view of the device in sync with the local view.

    This feature provides a very flexible way to handle some desktop management processes such as renaming or re-installation. During the ZENworks framework-based installation process, the device name changes to a randomly generated name. However, if this feature is in place and you have a working imaging partition, all references are automatically maintained by the ZENworks Agent registration process.

  • If and how device reconciliation should be achieved: Device reconciliation allows devices to re-register to the system in the case of a system failure or other event when the agent loses knowledge of its identity in the zone. From the registration settings you can determine whether the Serial Number, MAC Address or Host name are used to uniquely identify the device in your environment so that these attributes can be used for reconciliation. It is recommended that you do not disable reconciliation to prevent duplicate device objects in the zone.

For more information, see the ZENworks Management Zone Settings Reference.