Home > Intel Communities > Open Port IT Community > Intel® vPro™ Expert Center > Blog > 2007 > November
Up to Blog Posts in Intel® vPro™ Expert Center
Previous Next

Intel vPro Expert Center Blog

November 2007
Josh Hilliker
7

I thought I would raise the stakes, therefore for the first compliant entry (see details below), I went out and purchased a NIB (new in box) of the following to give to the contestant:

 

DX38BT Board -> http://www.intel.com/products/motherboard/dx38bt/

Core 2 Extreme QX9650 -> http://www.intel.com/performance/desktop/extreme/index.htm

 

 

_So... POST your video as a REPLY on this WIKI_

 

 

Full Contest Details

Video must be no longer than 3 minutes in length.

The video must be good enough quality must allow viewers to hear & see the information clearly.

The video needs to include a description of your challenge, the environment in which the problem exists and how big of a challenge it is (in terms of scope & size). If the video is about a Intel vPro™ technology use case please, reference the specific use case and explain in detail the environment in which the change will take place,. Please be as descriptive as possible.

The video needs to be in English to facilitate the judging process.

7 Comments Permalink Tags: vpro_expert_center, vpro, free, josh_hilliker
Terry Cutler
2

A new resource has been created - a collection of short videos - based on enterprise workshops for enabling Intel vPro in an Altiris environment.

 

Check out the resource - http://communities.intel.com/docs/DOC-1261

2 Comments Permalink
Josh Hilliker
0

Awhile back (October 31st), Mike Seawright posted a follow-on to the Quick Start Guide just for LANDesk. I wanted to highlight if your about to use LANDesk console this is an excellent quick start guide to leverage. http://communities.intel.com/docs/DOC-1212

 

If there are other consoles that you would like to see quick start guides on please let us know....

 

Josh H

0 Comments Permalink Tags: landesk, vpro, vpro_expert_center, josh_hilliker, manageability
Ylian Saint-Hilaire
0

 

Many months ago when Intel AMT 3.0 computers were still in pre-production, a test group at Intel came over and dropped one of these prototypes in my lab. "Have a good time" the guy said. He smiles and walked away. At the time, my lab was only composed of AMT 1.0 and AMT 2.0 computers and so, I was very excited to get one of the first AMT 3.0 computers, before anyone else outside of INtel. 24 hours later, I had built heuristic filter support in Intel AMT Commander and very quickly, Commander was the leading AMT 3.0 test tool within Intel. Later on, I also built Intel Net Traffic, a small tool to help test heuristic filters.

 

 

The heuristic filter feature of AMT 3.0 is an extension of the existing Intel AMT System Defense feature. It's a new and special type of filter that looks only at outgoing packets to see if the computer is attacking other computers. Just to be clear, heuristic filters don't protect the computer from attack; it's built to prevent the computer from attacking others. Using Intel AMT Commander, if you connect to an AMT 3.0 computer, you will see a heuristic folder in the "Network" filter of the computer. You can set the heuristic policy timeouts, what happens when it triggers and if the action is permanent or if after a while, the heuristic filter should be reset.

 

 

Testing heuristic filters is straight forward. Run "IntelNetTraffic.exe -advanced" on the AMT 3.0 computer and start a UDP packet sweep on a range of IP addresses. You can sweep at, say, 20 packets per second a given range and if you set the heuristic filter right, it will notice the sweep and block the traffic. One common mistake made when testing heuristic is that if you sweep a set of IP addresses within your own subnet, Microsoft Windows (SP2 or Vista) will block packets from being sent unless the target computer within the subnet responds to ARP requests. Unless you have a subnet with a lot of computers, most IP addresses in that sweep will not answer ARP requests and Microsoft Windows will block the packet, resulting in AMT never seeing that packet and heuristic never triggering. To fix this, just sweep a range of IP addresses located outside your own subnet.

 

 

By the way, I designed Intel Net Traffic to also allow testing of rate throttling network filters. This feature is almost never demonstrated, but it's been available since AMT 2.0. You just need to setup two Intel Net Traffic and have one send packets to the other. Then, add and activate an AMT network filter that limits the rate down. You will see the impact on the receiving Net Traffic immediately.

 

 

Ylian (Intel AMT Blog)

 

 

0 Comments Permalink Tags: intel, amt, heuristic, filters, rate, throttling, dtk, commander, nettraffic
Josh Hilliker
1

I heard this the other day & had to share it out.. I especially like the intro, especially since I was in the Help Desk Support for a number of years. I cut out the first intro lead as it is pretty funny & attached the original file I think from the agency.

 

Full Version

 

Intro

 

Hey .. it's Friday & thought this would be fun to share..

1 Comments Permalink Tags: vpro
Todd Sussman
2

If you're like me then you love gadgets, gizmos, do-hickeys and cool new inventions. If so, then check out Time Magazines latest list of "[The Best Inventions of the Year]". Everything from Flexible, ultra-thin LED screens  that can actually bend and twist to the latest in robot gardening to a little known product called the iPhone*. And in the Computer category, Intel's engineers have been recognized for their hard work in leveraging a new alloy, Hafnium, which cuts down on electricity leakage in the new Intel(r) 45-nanometer Core processor . Congratulations!

 

 

 

Check it out >

2 Comments Permalink Tags: gadgets, inventions, hafnium, technology
Jackson He
0

So far, we have talked so much about Intel® vPro, Intel® cPro, and Intel® AMT deployment and usages. Are you ready for something different? I am going to raise your attention to something that is outside the normal uses of Intel® vPro and Intel® cPro.

 

 

 

 

During the Intel® vPro and Intel® AMT POC we did with customers, we came across an end user who wanted to leverage the computing power of Intel® Core 2 Due and Intel® AMT remote management capabilities in an environment that does not require human interaction with the system - such a "headless" platform does not require the typical PC or laptop configurations with monitor, keyboard, and mouse, but rather require requires more compact form factor and more resilient to harsh environment (temperature, dust, and radiation disturbance, etc.) This clearly calls out usages of Intel® vPro Technology beyond the typical desktop and laptop platform.

 

 

 

 

 

This type of new usages opens a new perspective of Embedded Intel Architecture (EIA) applications. Our experience with end users shown that the same concept of Intel® AMT management is very appealing for customers with needs to deploy client solutions at remote locations with little human intervention, such as remote railway stations, network management nodes, weather observation stations, etc. In this type of situation, an embedded system is typically deployed at a remote location with little local IT expertise on site. There is little needs for interaction user interfaces in this type of situation and the system is dedicated for data processing. Intel® AMT is proven to be extremely useful as IT engineers could manage these remote embedded systems remotely regardless the system state. They can remotely power on/off the system, monitoring the system status, update software/patches as needed, and track system inventory without taking the time and effort to travel to the remote site - the same Intel® AMT benefit we are familiar with for the desktop/laptop usages. In addition, the computing power of Intel® Core 2 Due processor offers unparallel capability and flexibility for the embedded system to perform different types of computation tasks, which allows the customers to innovate and develop solutions that best meet their business needs.

 

 

 

 

 

In the following sections, I am going to tell a real story how EIA platform based on Intel® vPro Technology used in a video surveillance system in China railway systems.

 

 

 

 

 

First of all, here are some facts about China railway systems:

 

 

China has one of the largest railway networks in the world that covers a vast area of the country. It is about 80,000 KM today and will reach 120,000 KM and 5,000 railway stations by 2015. At the same time building out the railway infrastructure, China Ministry of Railway (MOR) is in the process of modernize the information system infrastructure and use technology to remotely operate/manage services along the railway and handle emergency situations effectively.

 

 

 

 

 

 

 

 

 

 

 

 

 

China Railway Network

 

 

 

 

 

 

 

 

The proof of concept (POC) project using EIA with vPro Technology was focused on developing digital security surveillance (DSS) solution with intelligent video recognition front-end. Such a solution could be deployed to remote railway stations and along railway to monitor all kind of operation issues and alter the railway operators to take appropriate actions to response emergency situations.

 

 

 

 

 

 

 

 

!IPTV-R DSS POC.jpg!

 

 

DSS POC Architecture

 

 

 

 

 

 

 

 

The figure above is a conceptual diagram of such of the POC. In this context, an EIA system with Intel® vPro Technology is used as the front-end video aggregation node for video recognition and video compression. As the video recognition requirements could be differ depending on the location of a camera, time of the day, and functionality assigned to the camera, it requires the front-end node to be capable of running different video recognition algorithm and power enough to multiple process the video streams and real-time. The computing power of Intel® Core 2 Due processor is suitable for this context. In the test we had one EIA front-end node handle 6 concurrent video feeds at 25-frames/second without any performance problems.

 

 

 

 

 

In addition, the location of these front-end nodes could be at remote and hard to reach places in a railway station or along the railway lines. Managing these systems and making sure software is up to date are critical. This is where Intel® AMT comes to play. With Intel® AMT remote management technology, these front-end could be remotely monitored, power cycled, patched, and tracked for inventory management purposes from a central location by IT engineers.

 

 

 

 

 

This POC system was piloted at Beijing Railway Station. The customers were very impressed with the power and flexibility offered by the intelligent video recognition capability, so that they do not have to have a person to watch the video monitors 24x7. They were also impressed with the remote management capabilities provided by Intel® AMT, which make it possible for such a solution to be deployed and managed in the railway environment.

 

 

 

 

This POC is a clear example that Intel® vPro Technology is not limited for desktop and laptop usages. There are more than exciting new usages to be explored to uncover the potentials of Intel® vPro Technology. I hope to learn more about your thoughts of innovative usages that can benefit in your business.

 

 

0 Comments Permalink
Josh Hilliker
0

I was out surfing around & found this on Adobe's site. V. Cool.

 

Adobe - Site of the Day Showcase

 

check it out quick.. because the day is almost over..

0 Comments Permalink Tags: silicon_commander, vpro
Josh Hilliker
0

Hi all, we’re almost 3 month’s into the community & I thought it would be a good time to stop for a minute to ask what you need from the community. ? I've created a poll on the home page to obtain your feedback so it's easy & quick. However if you would like to reply to this blog with input please do so..

 

I'm looking forward to hearing from you..

0 Comments Permalink Tags: vpro, vpro_expert_center, josh_hilliker
Ylian Saint-Hilaire
0

 

The time has come to release a new version of the Intel AMT DTK v0.44. It was released publicly yesterday along with full source code. In this new version we again added many more improvements and bug fixes, but these are a few of the major highlights:

 

  • Korean Translation. One more complete surprise from a fellow employee from Intel China who translated most of the DTK to Korean. As a result, the DTK installer keeps getting larger, but there is something really cool about Commander showing up on Korean. I also translated more of the DTK into French, especially Intel AMT Defender.

  • Intel AMT Switchbox Controller. Added a new tools, it's not finished and so, it's only a preview, but it's basically a new interface for Intel AMT Switchbox. We have not updated the web UI for a while and so, we will do that too. This new controller tool subscribed to events, makes use of IAmtTerm, etc. to make it really easy to use Switchbox features.

  • New WMI management infrastructure. This new version of the DTK improves the WMI query system. Intel AMT Outpost serial agent can receive WMI queries and answer them with a compressed response. Intel AMT Outpost can also make a set of queries and store the results into 3PDS. Intel AMT Commander can than use the same WMI management UI to make both interactive queries using SOL or view stored queries using 3PDS.

  • Improved 3PDS support. Intel AMT Commander and Intel AMT Outpost have improved 3PDS support. The data viewer can now display HEX, UTF-8 or Images (JPEG, GIF, PNG...). You can also drop & drop a file right into a 3PDS data block and Commander or Outpost will save that file to the block. This is great for demonstrating 3PDS since you can drop and drop a picture in Outpost and view it in Commander.

  • Intel AMT Outpost Kerberos support. Added Kerberos support to Intel AMT Outpost. That feature was already present in Intel AMT Commander for a while now. Also, Intel AMT Outpost will show connection warnings if connecting in TLS mode and the Intel AMT certificate is not correct.

 

Ylian (Intel AMT Blog)

 

 

0 Comments Permalink Tags: intel, amt, dtk, developer, tool, kit, korean, switchbox, commander, wmi, 3pds, outpost, defender
Terry Cutler
0

Here are a few quick updates on OEM systems that may help with Intel vPro deployments:

 

  • Intel Centrino Pro systems do support USB one-touch, although experiences may differ. For best results, ensure the system BIOS has Intel AMT and USB enabled for this capability. Below is a screenshot of an HP6910p - with the targeted feature highlighted
    !HP6910p USB enable.gif!


Systems are showing all zero or same UUID across multiples systems in the provisioning console or when accessing the WebUI. This error has appeared on many platforms and is due to an incorrect setting in the MEBx firmware. The system and MEBx UUID should match for each. The UUID is required to uniquely identify the system (hence the name - universally unique identifier). On some platforms, the UUID reported by the MEBx appears valid yet is the same on multiple systems. The following methods can be applied to remedy this situation.


  • Apply the latest BIOS\firmware updates for the target platform. For HP Centrino Pro units - refer to SP36968. For Dell 755 - refer to BIOS A04 or higher. Other OEM vendors may have similar BIOS\firmware updates to address (if not - see next item)
  • Fully unprovision the MEBx. This will reload the system UUID into the MEBx tables.
  • If deploying the SMS add-on, include hotfix 3

Intel vPro systems that are in a setup state (e.g. the pre-shared provisioning keys have been entered into the system), will retain the state if the firmware is updated. This becomes pertinent for Intel AMT 2.1 to 2.2 updates (similarly for systems that support Intel AMT 2.5 to 2.6 upgrades).

If a system is in a setup state for enterprise provisioning, and the hello packet sequence has stopped, the following options are available.


  • An ISV provided agent to restart the hello packet sequence. One example is the Altiris OOB Task Agent.
  • For environments using the Intel Setup and Configuration service (check windows services for "AMTconfig.exe"), the Remote Configuration Tool (RCT.exe) can restart packets on Intel AMT 2.2 and 3.0 systems. The utility is available within the latest Intel SCS download
  • Remove and reapply power to the system. For Intel Centrino Pro systems, powering the system off and unplugging the power cord will suffice. Realize this option is not favorable when multiple systems have been deployed - yet this is viable for lab, staging, and testing environments.

 

</ul>

 

Hope these tidbits help.

 

Well - it's back into the trenches. Until next time

0 Comments Permalink Tags: amt, mebx, centrino_pro, vpro
Josh Hilliker
1

If you see this pop up on your PRO machines and you would like to turn it off..

 

 

Check out what Gael already wrote on this on the Manageability Developers site

 

 

 

 

 

 

1 Comments Permalink Tags: vpro, manageability, josh_hilliker, client_management, troubleshoot
Ajay Mungara
1

Watch this video series where a admired IT administrator teams up with a brilliant developer for a remote management solution. Where IT and Dev team up to battle the EVIL in order to deploy the right solution. There is action, drama, suspense .. and lots of fun. What else were you expecting "Romance"? Give it a peek and pass it along. Also, stop by the

Super Secret Organization

.

 

Background:

 

The super secret organization (SSO) is a elite covert services company where IT services and security issues are a matter of life and death. So begins the saga of a Whiz Dev, a brilliant developer, and IT smith, a genius IT administrator. Whiz Dev and IT smith must depend on each other to defend their honor, their company and the best kept secrets. And, we have the bumbling interno who is constantly looking to enter this secret world.

 

Episode 1 "IT smith meets the bumbling interno"

 

Episode 2 "Whiz dev and IT smith"

 

Stay tuned for the episode 3 --- "The fate of SSO"

 

Video thumbnail. Click to play Click To Play Episode 1

Video thumbnail. Click to play Click To Play Episode 2

 

1 Comments Permalink Tags: manageability, remote, management, videos, vpro
Ylian Saint-Hilaire
4

One of the tasks every BIOS vendors has to do when building a BIOS that sits on top of a Intel AMT enabled computer is to convert the text-mode display into a series of VT100 codes that are sent into the Intel AMT serial-over-LAN port to a terminal console. As I noticed when building IAmtTerm.exe , BIOS vendors do this very differently and sometimes very inefficiently.

 

The BIOS is in a position to capture displayed text when it's on the screen, something that the management engine (ME) on which Intel AMT runs can't do. Simply put, display and keyboard information does not flow thru Intel AMT. In order to provide text display and keyboard input remotely, Intel AMT provides the pipe (the virtual serial port) but needs the BIOS to do the rest. BIOS vendors where left to build code that would convert incoming VT100 codes into user key strokes and display changes into VT100 codes. As a result, how this operation is performed varies greatly from vendors to vendors, even for different BIOS from the same manufacturer (mobile vs. desktop).

 

 

The first difference is the handling of keys such as F1 to F10, there are no less than 3 different ways BIOS perform this conversion and so, IAmtTerm.exe provides 3 different mappings. Users have to change the key mapping manually and try them out. Secondly, some BIOS vendors tested against different VT100 terminals, notably terminals with only 24 lines instead of 25 lines. A real display and IAmtTerm.exe both have 25 lines, but many terminals have 24 since it was the convention during the modem days of the 80's to use the bottom text line as terminal status line. Some BIOS will try various tricks to display only 24 lines, hiding the top line, etc. Users that use IAmtTerm's "Terminal Analyzer" will also notice that different BIOS vendors convert text to VT100 differently. Some BIOS will send a full line whenever anything on that line has changed. Sometimes the codes for moving the cursor will be sent when the terminal cursor is already at that exact position on the screen. In one case, I even saw all of the display attributes (foreground and background color) be sent before each character on the screen, slowing down the display significantly.

 

 

In the latest versions of the Intel AMT Developer Tool Kit (DTK), I added Intel AMT Guardport, a light-weight C/C++ based serial agent. This new agent allows the user to shell to a command prompt and for the first time, Guardport also includes most of the same VT100 conversion that BIOS perform. When building Guardport, we took care to support all 3 F1 to F10 key mappings, and optimize VT100 display conversion to provide the best possible display speed. As a bonus, we also added proprietary mouse support, so you can enter a mouse enabled text application such as "Edit" and move the mouse over the application.

 

 

Ylian (Intel AMT Blog)

 

 

4 Comments Permalink Tags: intel, amt, sol, serial, vt100
Jeff Torello
0

What are the rules for creating ME passwords? I can't tell you how many times I've been asked this, and I'm sure I'm not the only one. In reality we've documented these rules in explicit detail in the Network Interface Guide of the AMT SDK . However that's not something a general end-user is typically going to want to read.

 

Gael Holmes has recently blogged about these rules. If you're at all interested, check out her post .

 

 

 

 

 

 

-jeff

 

 

0 Comments Permalink Tags: vpro, password, rules, manageability, manageability_engine
Josh Hilliker
0

Are you the Pro-est of Pro's? Are you an IT Evangelist? We are looking for your biggest IT challenge or what Intel® vPro™ technology Use Case will change your world. You could win a free Intel® Centrino® Pro™ processor technology machine from either Lenovo* or Hewlett Packard*.

 

Full Contest Details

 

Contest Rules (Legal said I had to)

 

 

I'm looking forward to seeing what you have.. Please reply with your submissions to the full contest details link above.

0 Comments Permalink Tags: intel_vpro, vpro_expert_center, rock_your_world, centrinopro, free_centrinopro, proest_of_pros, open_port
Sandy Wood
1

As a network administrator for a small local government agency, I have been tasked to deploy Intel's Active Management Technology (AMT) into our network environment. Having sold our IT management on the benefits of vPro technology and how it can revolutionize our system management capabilities, I am ready to move forward and get AMT installed . In addition, today I learned that we will begin receiving brand spanking new HP systems in January that will have the latest greatest vPro technology aboard. I've got a few months to become an AMT expert and be ready for the new systems. Life is good!

 

 

Where To Start

 

The first thing I did after learning about vPro and AMT was to visit the Intel vPro Expert Center web site. There I found a great variety of resources to help me with my deployment. This is a good site to get help and guidance. The only problem I have with the site is that there's no link to download the AMT docs or software. You'll want to get your hands on the Intel Active Management Technology Setup and Configuration Service (SCS) - Installation and User Manual. You can get this document as well as the software from http://softwarecommunity.intel.com/articles/eng/1025.htm. Since SCS is the foundation and support structure of everything that goes on in the AMT and vPro world, this was the most logical place to start.

 

 

In addition, since I plan on integrating SCS with my existing SMS 2003 infrastructure, I also downloaded the Intel Active Management Technology Add-on for Microsoft SMS 2003 - Installation and User's Guide. Getting this was a bit of a challenge so stay with me on this one. I had to navigate to another good link you'll want to keep and refer to, The Intel Management Developer Community. From here I searched for "SMS 2003" and found the link to the SMS 2003 Add-on document. For non-developers like me, this site can appear to be not exactly what we do everyday, but hang in there, this site has a lot of info too. Now I had the documents I needed. They created the basis on which I would start to plan and deploy AMT into my network.

 

 

Read, read, read

 

 

The first thing I did after printing the documents was to read them over several times so I could get the gist of just how all the pieces played together. Then I read them again. After the first pass, it all looked pretty daunting and difficult, but after reading many of the sections over, it all started to come together and make sense. Read. Read. Read.

 

 

Time to lay things out

 

 

Ok, now I had a pretty good idea of what everything did and why, it was time to make sure I had everything I needed to make the pieces work together. I began to try and lay out what I needed to have to make AMT work.

 

 

Servers - I need to decide where to install SCS. I had a recently rebuilt Windows 2003 R2 server available that also had SQL 2005 on it. Plenty of disk space and horsepower. This was good. We were using this server to host our Help Desk application and it didn't appear to be over taxed in any way. The hardware and base OS part was taken care of. The server happened to be in our central office which was also a benefit. Our office is put together in a spoke and wheel configuration with all outer offices connecting to the central office over fast network connections. This would be good when we start to provision systems from outer office locations.

 

 

Active Directory - SCS / AMT relies on and utilizes Active Directory quite a bit. Our Active Directory is at Windows 2003 R2 level so I'm good to go. Also, as a Domain Admin, I have the ability to make any changes necessary to Active Directory.

 

 

Security - AMT supports Transport Layer Security (TLS) for secure communications between AMT devices and management console applications. TLS is optional for AMT, however we wanted to make all our communications as secure as possible so we're going for a full TLS implementation. This requires certificates and fortunately we have a Microsoft Certificate Authority server in our network that will make things easy to manage.

 

 

Database - SCS stores all its information in a database. We're going to use the existing SQL 2005 database on the server we're going to install SCS on.

 

 

AMT Device Location - Where were the new systems coming into and who was handling them? In the past when new systems came in, our Help Desk techs were very efficient in imaging them and deploying them right out the door. I need to make sure that everyone in our Help Desk group was tuned into what we were trying to do. We'll need to have a meeting to discuss what's going to happen after they plug in a system to the network for the first time.

 

 

Now that I've gotten my infrastructure laid out, it's time to start installing software. Yeah!

 

 

Next time I'll detail the steps I took in actually installing SCS into my network. As always, any comments and suggestions are warmly welcomed.

1 Comments Permalink Tags: amt, client_management, josh_hilliker, manageability, scs, tools, vpro, vpro_expert_center
Michele Gartner
1

Using the Intel® Active Management Technology (Intel® AMT) add-on for Microsoft SMS 2003* on a Dell 755 returns a UUID error

PROBLEM

Using the Intel® AMT add-on for Microsoft SMS 2003* on a Dell 755 returns this error:
+Current system UUID is different from last discovered UUID. Please rediscover the system.+

 

RESOLUTION

An Intel® AMT add-on for Microsoft SMS 3.0 hot fix 3 is available online at http://www.intel.com/software/sms-add-on.
This hot fix removes the continuity check between the SMBIOS and the Digest UUID, which was determined to be an unnecessary check.

 

MORE INFORMATION

Click here to download the hot fix.
Please review the release notes and the Read Me file to learn more.

1 Comments Permalink Tags: amt, troubleshoot, vpro, vpro_expert_center, sms

Popular Blog Posts