Cybersecurity
DevOps Cloud
IT Operations Cloud
This article describes some advanced options for installing Novell SecureLogin (NSL) client using a ZENworks Configuration Management bundle.
- Silent installation with MSI install parameters. (without responsefile)
- Installing with MST (transform) file – for languages other than english.
Authors:
Gaurav Vaidya
Shashikala BV
Table of Contents
1. Assumptions
2. Problem Statements
2.1 Silent Install for NSL with MSI Install Parameters
2.2 Installing NSL in Language other than English through ZCM
3. Using MSI Install parameters of NSL with ZCM
3.1 Introduction to NSL MSI Install Properties
3.2 Installing NSL through ZCM using MSI install properties
3.3 Sample Combinations of parameters for NSL deployments
4. Performing Non-English Installation with ZCM
4.1 Introduction to MST files
4.2 Using MST files for installation through ZCM
5. Conclusion
It is assumed for this document that the Novell SecureLogin version is 7.x and the ZCM version is 10.x. ZCM server is already deployed and agents are also configured.
This document describes all the necessary steps required for deployment with ZCM.
ZCM deployment is available (both server and agents).
2.1 Silent Install for NSL with MSI Install Parameters
Novell SecureLogin silent installation can be performed in two ways – (1) by using Responsefile.ini which can be either obtained by doing a manual installation of the product once OR using some responsefile generator script. (2) otherwise one can use MSI install parameters for NSL to specify the installation options.
Option (1) may become tedeous if the administrator requires different types of installation across the organization and also with respect to distributing responsefile.ini with each install bundle. Using option (2) provides flexibility to administrators for specifying and maintaining silent install parameters as needed.
2.2 Installing NSL in Language other than English through ZCM
For NSL versions prior to 6.1, users were prompted for a choice to select the installation language during installation. In the current version of NSL, the user is not given any option to select the install language and the installation proceeds with default English language. However NSL provides an option to use supplied MST (Transform) files to customize the installation language. This can also be achieved while distributing the NSL package through ZCM.
This section describes the steps needed to deploy the Novell SecureLogin client silently on the end user devices without having a need to generate a Responsefile.ini. This can be achieved through using MSI install parameters supported by Novell SecureLogin in conjunction with the feature provided by the ZENworks Configuration Management bundle.
3.1 Introduction to NSL MSI Install Properties
MSI installer properties are global variables that are used in configuring the installation. Typically these Property-Value pairs are used during command line installation for packages or to carry out silent installation. Novell SecureLogin provides multiple install properties for customizing the installation through MSI. Following are the most commonly used NSL install properties:
Property |
---|
Values |
---|
Description |
---|
X_INSTALLTYPE |
EDIR LDAP MAD ADAM STANDALONE |
This parameter defines the location where SecureLogin will store data. |
LDAPMODE |
GINA CRED APP |
This option, LDAP is choice of communication protocol for both eDir or non-eDir data stores. This option specifies when SecureLogin will try to login to the data store. |
LDAPSERVERADDRESS |
<server ip> |
Used to specific LDAP server address in all LDAP modes. |
LDAPPORT |
<port number> |
Used to specific port to be used for LDAP server. |
SW_INST |
Yes |
Used to enable installation of Secure Workstation. |
X_INSTALLADMIN |
Yes |
Install slmanager on client. |
X_INSTALLCITRIX |
Yes |
Install Citrix support. |
There are some properties which are applicable only when X_INSTALLTYPE is EDIR. These properties should not be defined for any other data store.
Property |
---|
Values |
---|
Description |
---|
PROTOCOLFOREDIR |
LDAP NDS |
In case Install Type is chosen as EDIR, the protocol for communicating with eDirectory has to be specified. |
IS_SECRETSTORE |
1 0 |
Specifies if the client-server shall use SecretStore or Not (To provide additional layer of security for NSL Data) |
NMASCLIENT |
1 0 |
Specifies if NMAS methods are to be supported, by installing NMAS client. |
There are many other install parameters supported by Novell SecureLogin. For the complete listing refer to the SecureLogin Install guide at the Novell product documentation site.
3.2 Installing NSL through ZCM using MSI install properties
For larger deployments administrators typically provision the SecureLogin package on end user devices through applications like ZCM. The process of deploying NSL without using a Responsefile (and using MSI install properties is as follows)
3.3 Sample Combinations of parameters for NSL deployments
Following are sample combinations of a typical set of Install properties to be configured for various SecureLogin installation types.
To deploy SecureLogin with eDirectory in LDAP-GINA mode with SecureWorkstation, use the following options:
Property |
---|
Value |
---|
X_INSTALLTYPE |
EDIR |
PROTOCOLFOREDIR |
LDAP |
LDAPMODE |
GINA |
LDAPSERVERADDRESS |
<Server.IP.Address> |
LDAPPORT |
<Port> |
XW_INST |
Yes |
To deploy SecureLogin with Active Directory in LDAP - Credential provisioning mode with Citrix support, use the following options:
Property |
---|
Value |
---|
X_INSTALLTYPE |
MAD |
LDAPMODE |
CRED |
LDAPSERVERADDRESS |
<Server.IP.Address> |
LDAPPORT |
<Port> |
X_INSTALLCITRIX |
Yes |
As mentioned above from NSL version 6.1 onwards, users are not given option to select the language during install and the install always proceeds with the default language as English. But there are means by which the default installation language for NSL installation could be changed – using MST files.
Novell SecureLogin is shipped with 5 MST files bundles with the build. This can support 5 additional install languages other than English. Each MST file is named as Language code which denotes the following:
1041 - Japanese language
1036 - French language
1046 - Brazilian language
1031 - German language
1034 - Spanish language
A transform file (.mst) is used to specify a set of modifications to be performed while deploying a MSI file. It passes customized configuration settings to the installer package. One of the applications of transforms is to support multiple national languages. This is what is utilized by Novell SecureLogin to support multiple language install.
If one is installing the SecureLogin client manually, the transform files can be used through command line options.
msiexec.exe /i "Novell SecureLogin.msi" TRANSFORMS=<lang-code>.mst
4.2 Using MST files for installation through ZCM
As stated earlier for larger deployments administrators typically provision the SecureLogin package on end user devices through applications like ZCM. Now if they want to provide a customized installation language for end users using MST files, it can be a achieved through ZCM as follows:
Follow the steps 1 to 7 as mentioned in Section 3.2 and continue with the following steps:
ZENworks Configuration Management (ZCM) provides easy options to perform NSL client deployments without using a Responsefile and applying Language transform for non-English installations.