9.6 Remotely Managing Devices

ZENworks Configuration Management provides Remote Management functionality that lets you remotely manage devices. Remote Management supports the following operations:

Remote Operation

Description

Additional Details

Remote Control

Lets you control a managed device from the management console so you can provide user assistance and help resolve problems. You can perform all the operations that a user can perform on the device.

For more information on Remote Controlling a Windows device, see Performing Remote Control, Remote View, and Remote Execute Operations on a Windows Device.

For more information on Remote Controlling a Linux device, see Performing Remote Control, Remote View, and Remote Login Operations on a Linux Device.

Remote View

Lets you connect with a managed device so that you can view the managed device instead of controlling it. This helps you troubleshoot problems that the user encountered.

For example, you can observe how the user at a managed device performs certain tasks to make sure that the user performs a task correctly

For more information on Remotely Viewing a Windows device, see Performing Remote Control, Remote View, and Remote Execute Operations on a Windows Device.

For more information on Remotely Viewing a Linux device, see Performing Remote Control, Remote View, and Remote Login Operations on a Linux Device.

Remote Execute

Lets you run any executable on a managed device from the management console.To remotely execute an application, specify the executable name in the Remote Execute dialog box. If the application is not in the system path on the managed device, then provide the complete path of the application.

For example, you can execute the regedit command to open the Registry Editor on the managed device. The Remote Execute dialog box displays the status of the command execution.

For more information on Remotely Executing a Windows device, see Performing Remote Control, Remote View, and Remote Execute Operations on a Windows Device.

This operation is supported only on a Windows managed device.

Remote Diagnostics

Lets you diagnose and analyze the problems on a managed device. This helps you to shorten problem resolution times and assist users without requiring a technician to physically visit the problem device. This increases user productivity by keeping desktops up and running.

For more information on Remote Diagnosis of a device, see Performing a Remote Diagnostic Operation.

This operation is supported only on a Windows managed device.

File Transfer

Lets you to transfer files between the management console and a managed device.

For more information on File Transfer operation, see Performing a File Transfer Operation.

This operation is supported only on a Windows managed device.

Remote Login

Lets you log in to a managed device from the management console and start a new graphical session without disturbing the user on the managed device; however, the user on the managed device cannot view the Remote Login session.

For more information on Remotely Logging a Linux device, see Performing Remote Control, Remote View, and Remote Login Operations on a Linux Device.

This operation is supported only on a Linux managed device.

You must log into the device with a non-root user credentials.

Remote SSH

Lets you securely connect to a remote Linux device and safely execute commands on the device.

For more information on Remotely Logging a Linux device, see Performing Remote SSH Operation on a Linux Device

This operation is supported only on a Linux managed device.

The following sections explain how to set up Remote Management and perform each of the operations:

Watch a video to learn about remote management of devices.

9.6.1 Creating a Remote Management Policy

By default, a secure Remote Management policy is created on the managed device when the ZENworks Agent is deployed with the Remote Management component on the device. You can use the default policy to remotely manage a device. The default policy allows you to perform all the Remote Management operations on a device To override the default policy, you can explicitly create a Remote Management policy for the device.

You can assign a Remote Management policy to devices or users.

To create a Remote Management policy:

  1. In ZENworks Control Center, click the Policies tab.

  2. In the Policies panel, click New > Policy to launch the Create New Policy Wizard.

  3. Select Windows Configuration Policies, then click Next.

  4. Follow the prompts to create the Remote Management policy.

    Click the Help button on each wizard page for detailed information about the page. When you complete the wizard, the policy is added to the Policies panel. You can click the policy to view the policy’s details and modify assignments, schedules, and so forth.

  5. Assign the Remote Management policy to users and devices:

    1. In the Policies panel, select the check box next to the policy.

    2. Click Action > Assign to Device.

      or

      Click Action > Assign to User.

    3. Follow the prompts to assign the policy.

      Click the Help button on each wizard page for detailed information about the page.

      When you complete the wizard, the assigned devices or users are added to the policy’s Relationships page. You can click the policy to view the assignments.

9.6.2 Configuring Remote Management Settings

The Remote Management configuration settings, located on the Configuration page, let you specify settings such as the Remote Management port, session performance, and available diagnostic applications.

The settings are predefined to provide the most common configuration. If you want to change the settings:

  1. In ZENworks Control Center, click the Configuration tab.

  2. In the Management Zone Settings panel, click Device Management > Remote Management.

  3. Modify the settings as desired.

    Click the Help button on the page for detailed information about the page.

  4. When you are finished modifying the settings, click Apply or OK to save your changes.

9.6.3 Performing Remote Control, Remote View, and Remote Execute Operations on a Windows Device

  1. In ZENworks Control Center, click the Devices tab.

  2. Navigate the Servers or Workstations folder until you locate the device you want to manage.

  3. Select the device by clicking the check box in front of the device.

  4. In the task list located in the left navigation pane, click Remote Control Workstation or Remote Control Server to display the Remote Management dialog box.

  5. In the Remote Management dialog box, fill in the following fields:

    Device: Specify the name or the IP address of the device you want to remotely manage.

    Always default to IP address for all devices: Select this if you want the system to display the device IP address instead of the DNS name.

    The values that you provide to access a device while performing Remote Control operation are saved in the system, when you click OK. Some of these values are automatically selected during subsequent Remote Control operations, depending on the device or the remote operator.

    Operation: Select the type of the remote operation (Remote Control, Remote View, or Remote Execute) you want to perform on the managed device:

    Authentication: Select the mode you want to use to authenticate to the managed device. The two options are:

    • Password: Provides password-based authentication to perform a Remote Control operation. You must enter the correct password as set by the user on the managed device or as configured by the administrator in the security settings of the Remote Management policy. The password set by the user takes precedence over the password configured by the administrator.

    • Rights: This option is available only when you select the managed device on which you want to perform the remote operation. If an administrator has already assigned Remote Management rights to you to perform the desired remote operation on the selected managed device, you automatically gain access when the session initiates.

    Port: Specify the port number on which the Remote Management Agent is listening. By default, the port number is 5950.

    Session Mode: Select one of the following modes for the session:

    • Collaborate: Allows you to launch a Remote Control session and a Remote View session in collaboration mode. However, you cannot first launch a Remote View session on the managed device. If you launch the Remote Control session on the managed device, then you get all the privileges of a master Remote Operator, which include:

      • Inviting other Remote Operators to join the remote session.

      • Delegating Remote Control rights to a Remote Operator.

      • Regaining control from the Remote Operator.

      • Terminating a Remote Session.

      After the Remote Control session has been established for the managed device in the Collaborate mode, the other remote sessions on the managed device are Remote View sessions.

    • Shared: Allows more than one Remote Operator to simultaneously control the managed device.

    • Exclusive: Allows you to have an exclusive remote session on the managed device. No other remote session can be initiated on the managed device after a session has been launched in Exclusive mode.

    Session Encryption: Ensures that the remote session is secured by using SSL encryption (TLSv3 protocol).

    Enable Caching: Enables caching of the remote management session data to enhance performance. This option is available only for Remote Control operation. This option is currently supported only on Windows.

    Enable Dynamic Bandwidth Optimization: Enables detection of the available network bandwidth and accordingly adjusts the session settings to enhance performance. This option is available only for Remote Control operation.

    Route Through Proxy: Enables the remote management operation of the managed device to be routed through a proxy server. If the managed device is on a private network or is on the other side of a firewall or router that is using NAT (Network Address Translation), the remote management operation of the device can be routed through a proxy server. Fill in the following fields:

    • Proxy: Specify the DNS name or the IP address of the proxy server. By default, the proxy server configured in the Proxy Settings panel to perform the remote operation on the device is populated in this field. You can specify a different proxy server.

    • Proxy Port: Specify the port number on which the proxy server is listening. By default, the port is 5750.

    Use the Following Key Pair for Identification: If an internal certificate authority (CA) is deployed, the following options are not displayed. If an external CA is deployed, fill in the following fields:

    • Private Key: Click Browse to browse to and select the private key of the remote operator.

    • Certificate: Click Browse to browse to and select the certificate corresponding to the private key. This certificate must be chained to the certificate authority configured for the zone.

      The supported formats for the key and the certificate are DER and PEM.

    Install Remote Management Viewer: Click on the Install Remote Management Viewer link to install the Remote Management Viewer. This link is displayed only if you are performing the Remote Management session on the managed device for the first time or if the Remote Management Viewer is not installed on the managed device.

  6. Click OK to launch the session.

9.6.4 Performing a Remote Diagnostic Operation

  1. In ZENworks Control Center, click the Devices tab.

  2. Navigate the Servers or Workstations folder until you locate the device you want to manage.

  3. Select the device by clicking the check box in front of the device.

  4. In the task list located in the left navigation pane, click Remote Diagnostics to display the Remote Diagnostics dialog box.

  5. In the Remote Diagnostics dialog box, fill in the following fields:

    Device: Specify the name or the IP address of the device you want to remotely diagnose.

    Always default to IP address for all devices: Select this if you want the system to display the device IP address instead of the DNS name.

    The values that you provide to access a device while performing Remote Control operation are saved in the system when you click OK. Some of these values are automatically selected during subsequent Remote Control operations, depending on the device or the remote operator

    Application: Select the application you want to launch on the device to remotely diagnose.

    Authentication: Select the mode you want to use to authenticate to the managed device. The two options are:

    • Password: Provides password-based authentication to perform a Remote Diagnostic operation. You must enter the correct password as set by the user on the managed device or as configured by the administrator in the security settings of the Remote Management policy. The password set by the user takes precedence over the password configured by the administrator.

    • Rights: This option is available only when you select the managed device on which you want to perform the remote operation. If an administrator has already assigned Remote Management rights to you to perform the desired remote operation on the selected managed device, you automatically gain access when the session initiates.

    Port: Specify the port number on which the Remote Management Agent is listening. By default, the port number is 5950.

    Session Mode: Does not apply to the Remote Diagnostics operation.

    Session Encryption: Ensures that the remote session is secured by using SSL encryption (TLSv3 protocol).

    Enable Caching: Enables caching of the remote management session data to enhance performance. This option is currently supported only on Windows.

    Enable Dynamic Bandwidth Optimization: Enables detection of the available network bandwidth and accordingly adjusts the session settings to enhance performance.

    Route Through Proxy: Enables the remote management operation of the managed device to be routed through a proxy server. If the managed device is on a private network or is on the other side of a firewall or router that is using NAT (Network Address Translation), the remote management operation of the device can be routed through a proxy server. Fill in the following fields:

    • Proxy: Specify the DNS name or the IP address of the proxy server. By default, the proxy server configured in the Proxy Settings panel to perform the remote operation on the device is populated in this field. You can specify a different proxy server.

    • Proxy Port: Specify the port number on which the proxy server is listening. By default, the port is 5750.

  6. Click OK to launch the session.

9.6.5 Performing a File Transfer Operation

  1. In ZENworks Control Center, click the Devices tab.

  2. Navigate the Servers or Workstations folder until you locate the device you want to manage.

  3. Select the device by clicking the check box in front of the device.

  4. In the task list located in the left navigation pane, click Transfer Files to display the File Transfer dialog box.

  5. In the File Transfer dialog box, fill in the following fields:

    Device: Specify the name or the IP address of the device you want to access.

    Always default to IP address for all devices: Select this if you want the system to display the device IP address instead of the DNS name. The values that you provide to access a device while performing Remote Control operation are saved in the system when you click OK. Some of these values are automatically selected during subsequent Remote Control operations, depending on the device or the remote operator.

    Authentication: Select the mode you want to use to authenticate to the managed device. The two options are:

    • Password: Provides password-based authentication to perform an operation. You must enter the correct password as set by the user on the managed device or as configured by the administrator in the security settings of the Remote Management policy. The password set by the user takes precedence over the password configured by the administrator.

    • Rights: This option is available only when you select the managed device on which you want to perform the remote operation. If an administrator has already assigned Remote Management rights to you to perform the desired remote operation on the selected managed device, you automatically gain access when the session initiates.

    Port: Specify the port number on which the Remote Management Agent is listening. By default, the port number is 5950.

    Session Mode: Does not apply to the File Transfer operation.

    Session Encryption: Ensures that the remote session is secured by using SSL encryption (TLSv3 protocol).

    Route Through Proxy: Enables the remote management operation of the managed device to be routed through a proxy server. If the managed device is on a private network or is on the other side of a firewall or router that is using NAT (Network Address Translation), the remote management operation of the device can be routed through a proxy server. Fill in the following fields:

    • Proxy: Specify the DNS name or the IP address of the proxy server. By default, the proxy server configured in the Proxy Settings panel to perform the remote operation on the device is populated in this field. You can specify a different proxy server.

    • Proxy Port: Specify the port number on which the proxy server is listening. By default, the port is 5750.

  6. Click OK to launch the session

9.6.6 Performing Remote Control, Remote View, and Remote Login Operations on a Linux Device

  1. In ZENworks Control Center, click the Devices tab.

  2. Navigate the Servers or Workstations folder until you locate the device you want to manage.

  3. Select a Linux device by clicking the check box in front of the device.

  4. Click Action > Remote Control to display the Remote Management dialog box.

  5. In the Remote Management dialog box, fill in the following fields:

    Device: Specify the name or the IP address of the device you want to remotely manage.

    Always default to IP address for all devices: Select this if you want the system to display the device IP address instead of the DNS name.

    The values that you provide to access a device while performing Remote Control operation are saved in the system when you click OK. Some of these values are automatically selected during subsequent Remote Control operations, depending on the device or the remote operator.

    Operation: Select the type of the remote operation (Remote Control, Remote View, or Remote Login) you want to perform on the managed device:

    Port: Specify the port number on which the Remote Management Agent is listening. By default, the port number is 5950 for Remote Control and Remote View operations; and 5951 for Remote Login operation.

    Route Through Proxy: Enables the remote management operation of the managed device to be routed through a proxy server. If the managed device is on a private network or is on the other side of a firewall or router that is using NAT (Network Address Translation), the remote management operation of the device can be routed through a proxy server. Fill in the following fields:

    • Proxy: Specify the DNS name or the IP address of the proxy server. By default, the proxy server configured in the Proxy Settings panel to perform the remote operation on the device is populated in this field. You can specify a different proxy server.

    • Proxy Port: Specify the port number on which the proxy server is listening. By default, the port is 5750.

    Install Remote Management Viewer: Click on the Install Remote Management Viewer link to install the Remote Management Viewer. This link is displayed only if you are performing the Remote Management session on the managed device for the first time or if the Remote Management Viewer is not installed on the managed device.

  6. Click OK to launch the session.

9.6.7 Performing Remote SSH Operation on a Linux Device

  1. In ZENworks Control Center, click the Devices tab.

  2. Navigate the Servers or Workstations folder until you locate the device you want to manage.

  3. Select a Linux device by clicking the check box in front of the device.

  4. Click Action > Remote SSH to display the Remote SSH dialog box.

  5. In the Remote SSH dialog box, fill in the following fields:

    Device: Specify the name or IP address of the device you want to remotely connect to. If the device is not in the same network, you must specify the IP address of the device.

    User Name: Specify the username used to log in to in the remote device. By default, it is root.

    Port: Specify the port number of the Remote SSH service. By default, the port number is 22.

    Clicking OK prompts you to launch Remote SSH Java Web Start Launcher. Click Yes to accept the certificate, then click Run. To continue connecting to the device, Click Yes. You are prompted to enter the password to connect to the managed device.

  6. Click OK to launch the session.

9.6.8 Where to Find More Information

For more information about remotely managing devices, see the ZENworks Remote Management Reference.