All design features of the ZENworks architecture flow from the basic Micro Focus philosophy of the Open Enterprise: a simple, secure, productive, and integrated IT environment across mixed systems. ZENworks empowers IT staff to manage systems to support real users, with all their various security, location, device, and other needs, while keeping simple, centralized control over the entire end-user environment. It also supports the idea that IT staff should be empowered to manage systems according to the paradigm that best reflects the organization’s business policies and the IT staff’s preferred working style.
ZENworks provides the flexibility to manage systems tactically (on a device-by-device basis) or strategically, using any combination of the following four distinct management paradigms:
Two of the most important considerations when evaluating any unified endpoint management solution are how well the administration design scales and what burdens it places on the IT staff as they update the solution to accommodate changing business policies. Micro Focus is a pioneer of “management by exception,” and ZENworks continues to offer this powerful method of continuously adapting, with minimal IT effort.
Management by exception is a complement to policy-driven management. It allows the general rules of configuration management to be at a high level across user or device groups, while permitting exceptions at a more granular level to accommodate more specialized needs.
For example, normal business policies might allow employees to remotely access the corporate network. However, applying this policy across the board to all desktops, including devices in the finance and legal departments, could expose the organization to regulatory penalties and corporate spies. Exception-based management allows IT staff to create and automatically enforce general access policies, as well as more restrictive policies that are enforced on top of the general policies, to protect devices and users that require a higher degree of security. In this case, the exception policy restricts access to normal business hours, on-site, and by authorized users. Exception-based management allows complete management flexibility in accordance with business policies, without requiring IT staff to manage separate policy silos for each type of user and machine.
User-centric management, which leverages user identities, group roles, and business policies, is the gold standard for automation, security, and IT control, and has always been a ZENworks strength.
True user-centric configuration management separates users from the specific devices they use, and treats the users as the company’s most valuable asset to be managed. Devices serve their proper role as tools. Allowing users, rather than devices, to be managed as a first-class configured entity means that policies, applications, and other configuration details can follow users from device to device. User-based management also ties IT policies directly to business policies, which increases responsiveness to the changing business conditions. User centric management also leverages identity stores and business systems across the enterprise to eliminate errors, increase security, standardize workflows, document regulatory compliance, and support effective decision making.
User-centric management can be defined as strategic, while device-based management is tactical. In ZENworks, both can be mixed and matched according to business and IT requirements, by using management by exception. For example, a general policy can be applied to a specific device and then overridden, depending on the identity information for the user who is currently logged on. Or, a general policy based on user identities and roles can be overridden, depending on the device being used and its context, such as a mobile device attempting to access the network from beyond the firewall.
The ZENworks architecture adds device-centric management as a tool that can be used, in addition to the other management styles, to fill specialized needs. For example, manufacturing-floor devices, public kiosks, and call centers where multiple users work different shifts and share a single device are all instances where device-centric management might be more appropriate than user-based management. Additionally, companies that normally rely on user-centric management might need the ability to quickly set up a device for one-time use. For example, a customer might need to configure a device to auto-run a presentation in a conference center without having to bother about creating a new user for this one instance. With the ZENworks architecture, customers have the option of using device-based management whenever it suits their specific needs.
Because device-centric management is the most familiar method for most IT professionals, and because it is the fastest way to configure a device in a short term, before setting up long-term user-based policies, device-centric management is the default management model after installing ZENworks.
ZENworks introduces the concept of locations to endpoint management to further enhance the flexibility and power of managing endpoints. Locations can use the concept of Closest Server Rules (first introduced in ZENworks 10) to allow the administrator to define in detail all locations that contain managed devices.
Locations can be defined using very specific criteria such as DNS server, gateway, and subnet. After a location and its network environments have been defined, ZENworks policies and bundles can be applied to allow ZENworks to automatically adjust the configuration and security posture of the device.
Location awareness originates from the ZENworks Endpoint Security Management product, which is one of the products integrated in the common ZENworks architecture. The ability to utilize locations is another example of the benefits of an integrated architecture for all unified endpoint management products.