Matt Royer wrote in June about some of the new AMT-related features being included in Service Pack 2 for Microsoft System Center Configuration Manager 2007. I recently installed ConfigMgr SP2 in my lab environment, and wanted to follow up on Matt's post by sharing some screenshots of the new AMT features, for those of you that may not be beta testing SP2 
** The updated AMT Settings screen, which now features the option to set the power package for the management controller.
** The new Provisioning Schedule screen (no more editing your sitectrl.ct0 file!)
** The new main 802.1x & Wireless Profile Configuration screen (there are a couple of detail screens below)
** The new Wireless Profile Detail screen
** The new 802.1x Profile Detail screen
I don't have a provisioned client in my lab yet, but once I do, I will see if I can investigate the updated Microsoft OOB Console, and capture some screenshots. As Matt's post stated, there should be added functionality for inputting information into the 3PDS (Third-party data store), so I assume there will at least be that change.
Cheers,
Trevor Sullivan
Systems Engineer
New Kids on the Block: TriActive joins the running of ISV's with vPro
Posted by Kelsey Witherow Jul 16, 2009TriActive, Inc., founded in 1997, has recently added AMT (vPro) capabilities to their software. This product is called Systems Management On Demand and you can read more about it here. In their own words, "TriActive was a pioneer of delivering Systems Management solutions using a SaaS (Software-as-a-Service) model to organizations of all sizes for laptops, desktops, servers, and network devices." (from their website) Below we have provided some screen shots of their newly acquired AMT capabilities...
- Systems Management Overview Video
- LAN and Web-based remote control & diagnostics
- Intel vPro with AMT support when Microsoft Windows is not running
- Asset hardware, software, security inventory with change history
- Fully integrated SW delivery, Patch mgmt, License Compliance
- Case Studies - From Newsweek to the YMCA, they've aquired a pretty good range of customers.
- "We were very keen on getting full infrastructure coverage almost instantaneously. TriActive's hosted service got us up and running within days. We did not have to install any software, and we have no software to maintain. TriActive promised us a solution that worked immediately, and that's what we got, without any of the hassles of typical software installations," says the CTO of Newsweek.
TriActive - Systems Management On Demand - Screen Shots
AMT Remote Options
AMT Status
AMT Event Log
Initiate SOL
SOL Boot to BIOS
AMT PowerOn
AMT PowerOff
You’re a small businessperson, and the office computer guy (who actually knows nothing about computers, but was selected because he successfully hooked up a game console to his TV last Christmas) tells you that two of your 10 office PCs are down with viruses or “something,” bringing a halt to a customer proposal that’s on deadline. Two others in accounting keep pausing long enough for workers to take coffee breaks while the systems mull over their keystrokes, pushing the billing process into overtime. Revenue is at a standstill.
“What are my options?” you ask. “We could maybe buy some stuff to upgrade them, and call in a computer repair service,” the computer guy shrugs. Buying new computers in the economic downturn seems a questionable call. The computers are only three or four years old and likely you could get another year or two out of them.
Nonetheless, while you’re small, these decisions aren’t just about survival and cutting back spending. They’re about remaining competitive and having an edge when the Dow Jones climbs for real. And the business doesn’t run without computers. So, what do you tell your computer guy?
OK, I’m an Intel PR guy, so you know where this is going. Nonetheless, bare with me for a bit and there might be some ROI. Rob Crooke, VP for Intel’s Business Client Group, recently tackled some of the key questions around this dilemma in conjunction with a press briefing on a new study by Techaisle. The study looks at the financial aspects of maintaining computers for SMBs.
Here’s what the Techaisle study says: The average maintenance cost for a small business on a computer that’s more than three years old is $545. On the average, that includes $326 for maintenance, $99 for those upgrades you’re considering and $120 for out-of-warranty service costs. If you bought the extended warranty, reduce the latter. If you buy a new computer, the maintenance cost drops to $126, the first-year maintenance cost from a study by Jack Gold (Techaisle doesn’t provide a first-year cost.) So, the difference is $419.
“Yeah, sure,” you say, “but I have to buy a new computer!” Yes, but let’s see how that $419 might cut the pain. PDS has Intel Core2 Duo-based desktop PCs starting at $540 and CDW offers notebooks beginning at $700. If you add Intel vPro for additional manageability and security, you could move up for $699 and $830, respectively. So, you can buy the new desktop system for as low as $121, a 15-month payback. Now, if you’re larger than small, say 50-100 employees, you can see from the chart below that the payback is less than a year, and will actually make you a $40 profit. OK, OK, I’m a PR guy, but cut me some slack. I’m not making up the numbers.
Now that’s just the hard dollars that Techaisle captured. A new PC can have other benefits – reduced downtime from viruses, improved energy efficiency and enhanced productivity to name a few. So, maybe investing a few dollars could save you money in the slightly longer run and possibly help you keep your revenue flowing.
For more information, you might want to look at the Techaisle study. For a quicker overview check out the fact sheet and white paper, or better see the media briefing with Rob Crooke, ASUSTeK and Gigabyte.
Hello vPro Experts!
I would like to pass on some information that I discovered a while ago, based on a Microsoft Premiere Support ticket. I was having trouble getting the Microsoft Out-of-Band (OOB) Management Console functioning from a Windows XP system. I tried everything on a fresh, standard build of Windows XP, but nothing would work.
After working with Premiere Support, we finally discovered that Windows XP Service Pack 3 (SP3) was required for proper functioning of the Microsoft OOB console.
This behavior is actually related to some functionality that was added in SP3, specifically in the winhttp.dll library. There is a function called WinHttpSetOption in the WinHttp library, which is called with a parameter enabling the WinHttp Option Flag named WINHTTP_ENABLE_SPN_SERVER_PORT. This flag enables the WinHttp library to include the server port in the Kerberos Service Principle Name (SPN), since the AMT web service is running on a non-standard HTTP port (16993).
The Windows XP Service Pack 2 (SP2) version of the WinHttp library does not include this capability, and consequently fails to authenticate. In order to properly connect to ConfigMgr-provisioned AMT devices with the Microsoft OOB Console, please make sure your helpdesk / support systems are running Windows XP SP3.
If you have any questions, feel free to post them in the comments section, and I will do my best to answer them.
Trevor Sullivan
Systems Engineer
OfficeMax Corporation
Hello vPro Experts,
In case you've worked with any of the Powershell code samples I've previously posted, you've probably noticed that the AmtSystem.Connect() method executes asynchronously, and returns immediately. In this case, you'd have to develop some sort of loop in order to determine whether or not the connection was successful. Typically, I would just use this code to prevent a script from continuing before the connection was established:
while ($amtdevice.State -eq "Connecting") { Start-Sleep 1 }
But that's ugly, because, what happens if it never connects? Although it's nice to have the ability to asychronously connect to AMT devices, writing code and understanding the logic, to handle async processes is significantly more difficult than writing code that is synchronous. For this reason, we will look at how to modify and recompile the ManageabilityStack .NET assembly in the Intel AMT Developer Toolkit (DTK) to allow synchronous connections to AMT from PowerShell code.
In order to perform the next steps, you'll need the following:
- The Intel AMT DTK source code
- Microsoft Visual Studio 2008 (the Express edition is fully functional and free!)
- Microsoft Windows PowerShell 1.0 or 2.0 CTP3
Once you've installed these components, continue on:
- Download the Intel AMT DTK source code and extract to a folder
- Navigate to <Source>\Manageability Stack and open the Manageability Stack.csproj file in Visual Studio 2008
- Open the AmtSystem.cs file in the Visual Studio Solution Explorer
- Rename the Connect() method to ConnectAsync()
- Copy the following code above the ConnectAsync() method:
public void Connect()
{
if (State != AmtSystemObjState.Disconnected) return;
ChangeState(AmtSystemObjState.Connecting);
ConnectEx(this);
} - In the Visual Studio Solution Explorer, right-click the Manageability Stack project, and click Build
- Go to your <Source>\Manageability Stack\obj\Debug folder, and grab your new ManageabilityStack.dll .NET assembly
Now that you have a recompiled ManageabilityStack assembly, you can load this into PowerShell, and connect synchronously using the Connect() method!
Update: I attached the AmtSystem.cs file to this blog post, if you're not comfortable modifying source code yourself! You'll still need to replace the file, open the project, and recompile the library though
Trevor Sullivan
Systems Engineer
OfficeMax Corporation
Serial over LAN, or SOL for short, is a great tool for diagnostics. Combined with IDE redirection, or IDER, there’s a tremendous amount of things you can do remotely to manage clients. One of the areas where SOL can be helpful is for delivering status updates for IDER boot images that use a graphical interface. Instead of asking someone to read what’s on the screen to you, you can have a clear picture of what’s going on.
The key to this is to include the SOL driver in your live CD boot image. The actual process of including this driver will vary depending on the live CD tools you are using. I won’t go into specific details on the steps needed to include the driver in this post. The popular live CD tools, such as the Windows AIK, have a lot of information available on how to include drivers.
Once you have the SOL driver included in your live CD you can begin to take advantage of the SOL interface by sending text output to the SOL serial port. In most cases the port is COM3, but it may be on another COM port. You will need to do some testing to see which COM port your hardware platforms use for SOL.
Here’s one common scenario where this can be very handy. Let’s say you have a live CD that includes an in-band remote access tool, like PC Anywhere or a VNC server. You can include a startup script that echo’s out the computer’s hostname and IP address information to COM3. That way, you will know when the live CD has booted and the information it may have registered with DNS/DHCP. If you are using a Windows based live CD all you need to do is include commands like this:
echo %computername% >com3
ipconfig >com3
You can even incorporate some ANSI control codes to control formatting. For instance, if you want to have the remote SOL terminal clear it’s screen, you can send the Esc+[2J. The trick is generating the “Esc+” part. In order to do this in Windows, you need to hold down the Alt key, press 0027 on the ten key pad (make sure you include the two zeros) and then let the Alt key go. Unfortunately, Notepad does not seem to support this functionality. As an alternative, I recommend using Notepad++. Once you are done, you should have something like this:
echo ^[[2J >com3
Note: The escape character may appear as "^[" or something else altogether, like a little arrow or block character. It depends on your OS and application.
Here’s an example of the output I get from a Live CD I built using Bart’s PE Builder.
Intel® vPro™ Technology Readiness Reporting with NetX Appliance
Posted by Justin Van Buren May 4, 2009