Security requirements for a device can differ from location to location. You might, for example, have different personal firewall restrictions for a device located in an airport terminal than for a device located in an office inside your corporate firewall.
To make sure that a device’s security requirements are appropriate for whatever location it is in, Endpoint Security Management supports both global policies and location-based polices. A global policy is applied regardless of the device’s location. A location-based policy is applied only when the device’s current location meets the criteria for a location associated with the policy. For example, if you create a location-based policy for your corporate office and assign it to a laptop, that policy is applied only when the laptop’s location is the corporate office.
If you want to use location-based policies, you must first define the locations that make sense for your organization. A location is a place, or type of place, for which you have specific security requirements. For example, you might have different security requirements for when a device is used in the office, at home, or in an airport.
Locations are defined by network environments. Assume that you have an office in New York and an office in Tokyo. Both offices have the same security requirements. Therefore, you create an Office location and associate it with two network environments: New York Office Network and Tokyo Office Network. Each of these environments is explicitly defined by a set of gateway, DNS server, and wireless access point services. Whenever the Endpoint Security Agent determines that its current environment matches the New York Office Network or Tokyo Office Network, it sets its location to Office and applies the security policies associated with the Office location.
Unknown is the default location that is automatically created after you install ZENworks 11. If ZENworks Adaptive Agent is unable to find a location that matches its current environment, the managed device is associated with the Unknown location. You cannot delete or rename the Unknown location.
The following sections explain how to create locations:
When you create a location, you provide a location name and then associate the desired network environments with the location.
In ZENworks Control Center, click Configuration > Locations.
In the Locations panel, click New to launch the Create New Location Wizard.
On the Define Details page, specify a name for the location, then click Next.
As you complete the wizard, if you need more information about any fields or options, click the Help button located in the upper-right corner of ZENworks Control Center.
On the Assign Network Environments page:
Select Assign existing network Environments to the Location.
Click Add, select the network environments you want to define the location, then click OK to add them to the list.
Click Next when you are finished adding network environments.
On the summary page, click Finish to create the location and add it to the Locations list.
When you add a new location, the Unknown location is listed last, and its order cannot be changed.
For more information on how the location and the network environment are selected on a managed device, see Section 12.3.3, Location and Network Environment Selection on a Managed Device
The following information is displayed for each location you add to the list:
Name: The name assigned to the location.
Reference Count: The number of ZENworks objects that are associated to a location.
The following table lists the tasks you can perform to manage locations:
|
Task |
Steps |
Additional Details |
|---|---|---|
|
Edit a location |
|
For an Unknown location, you can edit only the throttle rate (in the Details tab) and the Location Closest Servers settings (in the Servers tab). If you choose to exclude the Closest Server default rule and do not configure Configuration and Authentication servers for a location, then the location is considered as a disconnected location. During the next general refresh of the managed device, the location is displayed as Unknown in the ZENworks icon properties page. |
|
Delete a location |
|
You cannot delete the Unknown location. You cannot delete a location that has ZENworks objects associated. To delete a location that has ZENworks objects associated, you must first remove the association and then delete the location. |
|
Rename a location |
|
The name must conform to the ZENworks object naming conventions. You cannot rename the Unknown location. IMPORTANT:If the location is referenced by a Location Assignment policy (one of the security policies used with Endpoint Security Management), the Location Assignment policy must be republished before the name change will be reflected on assigned devices. For information about republishing a security policy, see |
|
Reorder the locations |
|
The order of the list determines which location is used if the Adaptive Agent matches multiple locations. For more information on how the location and the network environment are selected on a managed device, see Section 12.3.3, Location and Network Environment Selection on a Managed Device When you add a new location, the Unknown location is listed last, and its order cannot be changed. |
|
View the list of ZENworks Objects associated to a location |
|
The Relationships page displays the ZENworks objects such as policies and bundles that are associated to the location. A ZENworks object such as a bundle or policy is associated with a location only if it contains a reference to the location through system requirement or policy configuration. The list displays the following information:
|
The network environments within L1 are listed in the following order: NE1, NE2, and NE4.
The network environments within L2 are listed in the following order: NE2, NE3, and NE4.
The Adaptive Agent on the managed device detects that NE2, NE3 and NE4 all match on the managed device.