ZENworks® ESM 3.5 Administrator’s Manual 69
Optional Server Configurations
Multiple CLAS iterations may be installed on servers throughout the enterprise, to either
cryptographically assure additional locations, or to assure that if the primary CLAS server goes
down, the location can still be verified by the ZENworks Security Client.
In the case of the second scenario, the private key is located based on URL, rather than IP address.
Therefore, a block of servers can be set up to share a single URL. CLAS may either be installed
on a single server, then that server's image can be copied to each additional server, or it may be
installed on each server separately, and the private and public keys can be copied over to the other
servers. ALL servers in a URL block MUST have the same private and public keys.
Transferring the Public Key to the Management Service
After installation has completed, the generated public key, which will be transferred via security
policy to the ZSC, is located in the \Program Files\Novell\Novell ESM CLAS directory on the
server. The public key is identified by the filename publickey. This filename can be changed to
any name desired.
The public key file will need to then be copied and transferred to the Management Service
(anywhere on the service), which will allow the Management Console to access and distribute the
key to all ZENworks Security Clients through a security policy.
The public key contains both the matching key information and the CLAS URL information. This
information is imported into the Management Console and sent down through a security policy.
Updating the Encryption Keys
Encryption keys can be periodically updated (recommended) by uninstalling and reinstalling
CLAS. When CLAS is reinstalled, new private and public keys are generated. The public key
should then be transferred to the management service and imported again into the affected
security policies to update all ZENworks Security Clients at their next policy check-in.
