Novell's ZENworks for Servers 3. Administrator's Handbook
Setting Up a Container Policy Package Search Policy
A Search Policy governs the behavior of the ZENworks for Servers 3 agents as they search for all other policies. With all the ZENworks for Servers 3 agents, there could be some significant walking of the tree as they search for the policies, especially if the tree is of a significant depth. This is the reason why ZENworks for Servers 3 has this search policy. Often, the performance of your network searching with ZENworks for Servers 3 is not significant until you cross a partition boundary. When you cross a partition boundary, the system must make a connection and authenticate to another server. This is particularly time-consuming should the system need to cross a WAN link. The search policy tells the ZENworks for Servers 3 agents how far up the tree they should search and what order (object, group, container) should be followed to find the policies. Remember that the order is significant because often the first policy found governs the behavior of the system. In ZENworks for Servers 3 only the distributor and the server inventory agents use the Search Policy; all other agents receive their policies through the Distributed Policy Package and therefore are not required to search the tree. Defining and activating the following policies in a Distributed Policy Package is as described except all policies are in the Distributed Package rather then in separate packages. NDS Rights, Other, and Rights to Files and Folders pages are described earlier in the chapter in the "Setting Up a Container Policy Package" section. Looking at the Search Level Page
This page enables the administrator to identify how far up the tree the ZENworks for Servers agents should traverse in their search for policies. Figure 5.9 shows this page. Figure 5.9. Search Level page of a Search Policy within a Container Policy package.
The following fields may be administered in the Search Level features of the Search Order policy:
At first, it may seem that no reason exists for having a negative search level, but there is some value in having this option. Suppose that your tree is set up as Organization.Region.Company, where Organization is the container that is given to each organization in the company and Region represents the area of the company. Now suppose that you want policies to be effective only for each organization. You could set up one single search policy at the Region.Company level with a selected container of Region.Company and a search level of 1. This would enable each organization to have a customized policy and ensure that no organization's policies would impact another because the search would stop at the Organization level. Describing the Search Order Page
This page enables the administrator to identify the order in which the agents should go looking for policies. The default is object, then group, then container. This policy enables the administrator to change this order. You can modify the search order by selecting the item in the search order list and then clicking the up or down arrows to rearrange the list. Clicking the Remove button removes the selected association type. Clicking the Add button adds that association type to the search order. Because the first policy that is found has the greatest significance in the system's behavior, you should be sure that you have the order set (from top to bottom) in the way that you want to find that first policy. You should be aware that it is a good idea to use the search order policy. Because many ZENworks for Servers 3 features stop walking up the tree when a policy is found, it is wise to make policies search on object, container, and then group. The proximity of these objects in the tree is always going to be closer to the partition on the server. The object is obviously always the closest in the tree to the server object. Next, the container is the closest in the tree-walking scenario because the container must be known for the object to be found in the tree. Consequently, the container is very close in the local replica to the object. Groups, however, can be stored in any container, and they could be in a completely different part of the tree than the object. Therefore, the potential amount of walking of the tree with a group is significant. With any significant walk of the tree there is a corresponding performance cost, and you should consider this as you manage your tree and search policies. Understanding the Refresh Interval Page
This policy page enables the administrator to identify whether the Policy Manager should refresh the set of policies from NDS and how often to check NDS for new or changed policies. The Policy Manager in ZENworks for Servers 3 is an agent that resides on the server and is responsible for getting ZENworks for Servers 3 policies and enforcing them on the server. This page gives this refresh interval configuration to this agent. If the check box is not selected, meaning the agent should not refresh from NDS, the agent gets the policies only at initialization time and only again should the server or the agent be restarted. If the check box is checked, the agent checks for any changes or new policies every time the interval has passed. |