Novell ZENworks Endpoint Security Management 3.5 Manuale Utente

ZENworks® ESM 3.5

Administrator’s Manual

19

The Management Service launches immediately following installation, with no reboot of the 
server required. The Management Console is used to manage the data on the Management 
Service. See “Infrastructure and Scheduling” on page 28. for more details. 

For other monitoring capabilities see:

•

•

The Management Service automatically distributes credentials to each ZSC when it is installed 
and checks-in to the Management Service for the first time. Once this credential is distributed, the 
ZSC will be permitted to receive policies from the Policy Distribution Service, and provide 
reporting data to the Reporting Service. 

Cryptographic best practices dictate that the KMK be renewed at regular intervals to prevent 
certain cryptographic attacks from being practical. This need only take place on a relatively long 
cycle: typically on the order of once every year, and should not be done too frequently because the 
change-over does involve some effort and bandwidth costs. 

To renew the KMK, perform the following steps:

Step 1: Open the Communications Console on the Management Service (Start/Programs/Novell/

Running the Communications Console will cause the Management Service to lose user and log data, 
however, policy data will not be deleted.

Step 2: Allow the Communications Console to run a complete check.

Step 3: Have all end-users authenticate to the Management Service (either via VPN or while inside 

the appropriate firewall), by right-clicking the ZSC task-tray icon and selecting “Check 
for Policy Update.”

Step 4: The Management Console will automatically pass the new KMK credentials down. In 

some cases, the user will have to authenticate to the domain (username and password).

Until the endpoints renew their KMK, they will not be able to communicate with the Policy 
Distribution Service.