Setting Up a Container Policy PackageSearch Policy

Setting Up a Container Policy Package Search Policy

A Search Policy governs the behavior of the ZENworks for Servers 3 agents as they search for all other policies. With all the ZENworks for Servers 3 agents, there could be some significant walking of the tree as they search for the policies, especially if the tree is of a significant depth. This is the reason why ZENworks for Servers 3 has this search policy. Often, the performance of your network searching with ZENworks for Servers 3 is not significant until you cross a partition boundary. When you cross a partition boundary, the system must make a connection and authenticate to another server. This is particularly time-consuming should the system need to cross a WAN link.

The search policy tells the ZENworks for Servers 3 agents how far up the tree they should search and what order (object, group, container) should be followed to find the policies. Remember that the order is significant because often the first policy found governs the behavior of the system. In ZENworks for Servers 3 only the distributor and the server inventory agents use the Search Policy; all other agents receive their policies through the Distributed Policy Package and therefore are not required to search the tree. Defining and activating the following policies in a Distributed Policy Package is as described except all policies are in the Distributed Package rather then in separate packages.

NDS Rights, Other, and Rights to Files and Folders pages are described earlier in the chapter in the "Setting Up a Container Policy Package" section.

Looking at the Search Level Page

This page enables the administrator to identify how far up the tree the ZENworks for Servers agents should traverse in their search for policies. Figure 5.9 shows this page.

Figure 5.9. Search Level page of a Search Policy within a Container Policy package.

graphics/05fig09.gif

The following fields may be administered in the Search Level features of the Search Order policy:

  • Search for policies up to. This field enables you to specify the container in the tree that will complete the search. The choices that can be made through the drop-down list may be any of the following:

    • [Root]. Search up to the tree's root.

    • Object container. Search up to the container that holds the object that is associated with the policy. If you were searching for a server policy package, for example, the object container would be the context of the server object.

    • Partition. Search up the tree to a partition boundary. Crossing a partition boundary causes connections to other systems in the tree. This option is available for performance considerations.

  • Selected container. This searches up to the specified container. When this option is chosen, the Selected Container field is activated and you can then browse in this field to the desired container.

  • Search level. This field enables you to specify an additional level of containment beyond that given in the Search for Policies Up To: field. A search-level value of 0 causes searches to be limited to the specified container. A search level of a positive numerical value enables searching up to the specified container and then continues searching upward through the number of levels specified by the positive number. Should the search level be a negative number, the search proceeds only up to the number of levels specified below the specified container. Suppose the value of Object Container is selected, the object is in the Provo.Utah.Novell container, and the search level is 0. The searching stops at the Provo.Utah.Novell container. If the search level is 2, the searching continues to the Novell container. If the search level is 1, no policy is found because the object container is already above the search level.

At first, it may seem that no reason exists for having a negative search level, but there is some value in having this option. Suppose that your tree is set up as Organization.Region.Company, where Organization is the container that is given to each organization in the company and Region represents the area of the company. Now suppose that you want policies to be effective only for each organization. You could set up one single search policy at the Region.Company level with a selected container of Region.Company and a search level of 1. This would enable each organization to have a customized policy and ensure that no organization's policies would impact another because the search would stop at the Organization level.

Describing the Search Order Page

This page enables the administrator to identify the order in which the agents should go looking for policies. The default is object, then group, then container. This policy enables the administrator to change this order.

You can modify the search order by selecting the item in the search order list and then clicking the up or down arrows to rearrange the list. Clicking the Remove button removes the selected association type. Clicking the Add button adds that association type to the search order.

Because the first policy that is found has the greatest significance in the system's behavior, you should be sure that you have the order set (from top to bottom) in the way that you want to find that first policy.

You should be aware that it is a good idea to use the search order policy. Because many ZENworks for Servers 3 features stop walking up the tree when a policy is found, it is wise to make policies search on object, container, and then group. The proximity of these objects in the tree is always going to be closer to the partition on the server. The object is obviously always the closest in the tree to the server object. Next, the container is the closest in the tree-walking scenario because the container must be known for the object to be found in the tree. Consequently, the container is very close in the local replica to the object. Groups, however, can be stored in any container, and they could be in a completely different part of the tree than the object. Therefore, the potential amount of walking of the tree with a group is significant. With any significant walk of the tree there is a corresponding performance cost, and you should consider this as you manage your tree and search policies.

Understanding the Refresh Interval Page

This policy page enables the administrator to identify whether the Policy Manager should refresh the set of policies from NDS and how often to check NDS for new or changed policies. The Policy Manager in ZENworks for Servers 3 is an agent that resides on the server and is responsible for getting ZENworks for Servers 3 policies and enforcing them on the server. This page gives this refresh interval configuration to this agent. If the check box is not selected, meaning the agent should not refresh from NDS, the agent gets the policies only at initialization time and only again should the server or the agent be restarted. If the check box is checked, the agent checks for any changes or new policies every time the interval has passed.



Novell's ZENworks for Servers 3. Administrator's Handbook
Novell's ZENworks for Servers 3. Administrator's Handbook
ISBN: 789729865
EAN: N/A
Year: 2003
Pages: 137

flylib.com © 2008-2017.
If you may any questions please contact us: flylib@qtcs.net