ZENworks® ESM 3.5 Administrator’s Manual 19
Running the Service
The Management Service launches immediately following installation, with no reboot of the
server required. The Management Console is used to manage the data on the Management
Service. See “Infrastructure and Scheduling” on page 28. for more details.
For other monitoring capabilities see:
• “Server Communication Checks” on page 214
• “System Monitor” on page 221
Distributing ESM Credentials (Key Management Key)
The Management Service automatically distributes credentials to each ZSC when it is installed
and checks-in to the Management Service for the first time. Once this credential is distributed, the
ZSC will be permitted to receive policies from the Policy Distribution Service, and provide
reporting data to the Reporting Service.
Periodic Renewal of the Key Management Key (KMK)
Cryptographic best practices dictate that the KMK be renewed at regular intervals to prevent
certain cryptographic attacks from being practical. This need only take place on a relatively long
cycle: typically on the order of once every year, and should not be done too frequently because the
change-over does involve some effort and bandwidth costs.
To renew the KMK, perform the following steps:
Step 1: Open the Communications Console on the Management Service (Start/Programs/Novell/
Management Service/ESM Communications Console).
Running the Communications Console will cause the Management Service to lose user and log data,
however, policy data will not be deleted.
Step 2: Allow the Communications Console to run a complete check.
Step 3: Have all end-users authenticate to the Management Service (either via VPN or while inside
the appropriate firewall), by right-clicking the ZSC task-tray icon and selecting “Check
for Policy Update.”
Step 4: The Management Console will automatically pass the new KMK credentials down. In
some cases, the user will have to authenticate to the domain (username and password).
Until the endpoints renew their KMK, they will not be able to communicate with the Policy
Distribution Service.