Intel vPro Expert Center Blog : Tags : client

0

Video Testimonials from IT Managers on Symantec Altiris Client Management Suite with Intel vPro Technology

Posted by Justin Van Buren Apr 26, 2009

While at Symantec ManageFusion 2009, we had a chance to talk to IT executives and managers from Las Vegas Sands Corporation, Blue Cross Blue Shield and McCormick Spice Company and Lee Bender, senior technical manager from Symantec. In this video, they talk about benefits of Symantec Altiris Client Management Suite v6.5 (and above) with Intel vPro Technology, including power management, remote diagnosis and repair, and fast call for help.

To learn more about Intel's presence at Symantec ManageFusion 2009, go to: http://www.intel.com/go/managefusion/

0 Comments Permalink Tags: power, intel, managefusion, suite, green, altiris, cms, vpro, symantec, vegas, management, bender, energy_cost, las, mccormick, managefusion_2009, client, lee, control, it, sands, otal_cost_ownership, version

1

Gen-Y Workers: IT’s Friend or Foe?

Posted by Scott Smith Apr 10, 2009

My son, Andrew, graduated from college in December and moved back into his room at home (or my den of four years, depending upon your point of view) while looking for a job. Andrew, Gen Y to his core, conducts much of his life through a host of electronic accessories.

Nearly as I can tell, his ear buds are permanently affixed. He’ll hush me in midsentence to respond to a text message. He devotes time each day to a social website that keeps him in touch with his former college friends. He conducted his job search completely online, even the networking with friends, friends of friends and those strangers he hoped might befriend him. In fact, he ventured out of my hope-to-be-again-some-day den only for interviews. Then nervously watched his e-mail for responses.

He regards these tools as an entitlement, much like we Baby Boomers regarded television in our younger days – “Gee, Dad, you mean you didn’t have television at all? You must have been really poor.” He wondered aloud one day why I hadn’t responded to his text message. To avoid admitting I didn’t know how, I told him he was grown up now and should send e-mail like an adult.

Paradoxically, he harbors a general disdain for the technology underlying his electronic accoutrements, no more wanting to understand the risks of viruses or personal data theft than the potential consequences of driving his car with the oil light glowing (another failed conversation). This nonchalance makes him a bit of risk at home. We have periodically lost Internet contact with the outside world when he tried to connect his computer to the cable network. We also did without telephone service for some time, victims of a rewiring mishap. He innocently accepted e-mail viruses until his computer, flickering only faintly, coasted to the side of the digital highway.

Andrew recently scored a great job, but I wonder how his Gen-Y attitude and use of technology will mesh with a corporate IT organization, which is more than likely designed and maintained by Baby Boomers. What got me thinking about this is an Intel-sponsored study that looks into how IT is coping with the influx Gen-Y workers like Andrew and his friends who are entering the workforce. We became interested in it because of work we’re doing around “dynamic virtual clients.” These are computing models that enable IT departments to centralize PC images on a server then use data streaming and virtualization to distribute them to end-users. IT gets the security and maintenance ease of centralized management, and users retain the mobility and performance that’s important to them. More on DVC can be found here.

According to the study, 82 percent of IT professionals see Gen Yer’s as a positive influence – “They understand the newest and latest tools.” Many IT organizations are taking advantage of the potential for increased productivity with these new technologies, including enabling e-mail and Internet access on personal smart phones (60 percent), allowing personal PCs access to the corporate networks (39 percent) and relaxing rules regarding participation in social media sites as a company representative (34 percent).

At the same time, 50 percent see Gen Y’ers as a security risk as well – “They share personal and company information on network sites and through email.” In fact, three out of five point to Gen Y’ers use of downloadable applications and social media tools as particularly concerning. But IT professionals also are looking at ways to protect data and their networks. Most said that network security software and hardware solutions are the standard fare. However, roughly half have also implemented application management, streaming, virtualization and chip-based solutions in an effort to keeping their computer fleets running safely and smoothly.

That’s what the poll said, but I was curious about Intel’s strategy regarding Gen Y’ers. So, I talked with my buddy Dave Buchholz. Dave is Intel’s IT technology evangelist and is our point person in evaluating the potential of new technologies. Here’s what Dave told me.

1 Comments Permalink Tags: pc, it@intel, dvc, dynamic_virtual_client, client, dave_buchholz, virtualization

0

Symantec Workspace Streaming Demo with Notebook PCs and Intel vPro Technology

Posted by Justin Van Buren Apr 3, 2009

In the opening keynote at the recent Symantec ManageFusion 2009, Intel Vice-President Gregory Bryant talked about joint efforts between Symantec and Intel around product offerings that help with centralizing management of applications and licensees, while still enabling end-users to have a responsive experience with rich-client desktop PCs and notebook PCs. The below demonstration by Symantec's Brian Duckering illustrates how Intel and Symantec are bringing these benefits to customers with Symantec Workspace Streaming and Intel vPro technology.

To learn more about Intel's presence at ManageFusion 2009, please go to http://www.intel.com/go/managefusion/

0 Comments Permalink Tags: streaming, management, local, endpoint, pcs, virtual, symantec, license, notebook, application, pc, resources, duckering, virtualization, asset, vpro, intel, centrino, thin, oob, centralized, client, brian, workspace, dynamic

0

Highlights of Gregory Bryant (Intel VP) in the opening Symantec ManageFusion 2009 keynote

Posted by Justin Van Buren Mar 20, 2009

On May 10th, Intel Vice-President Gregory Bryant was part of the opening ManageFusion keynote led by Symantec's Steve Morton.

Gregory talked about how customers are realizing value today with Intel vPro technology and getting a return on investment that pays for itself in less than one year. He also talked about new Intel vPro technology product developments with Altiris Client Management Suite Version 7 and Symantec Workspace Streaming. View the highlights below or click here to see the full keynote.

0 Comments Permalink Tags: management, 2009, gregory, streaming, managefusion, refresh, bryant, roi, intel, altiris, vpro, workplace, symantec, client, morton, technology, steve, pc

Intel AMT Provisioning Issues with ConfigMgr SP1

Posted by Trevor Sullivan Nov 18, 2008

Hello,

This is my first contribution to the Intel vPro Expert center, and although I would not consider myself an expert on this product, I've still been graciously allowed to post here. Thanks Josh!

I'd like to start out by introducing myself. My name is Trevor Sullivan, and I am a desktop systems engineer at a large retail corporation. Over the past 8 months or so, I've been working quite a bit with several people from Intel and Microsoft to better understand the Intel vPro technology, and how it can benefit my company. Overall, I'm really impressed with the technology, and I am fortunate enough to be working with an environment that has a pretty decent install base of Intel vPro-enabled systems.

I'd like to take a few minutes to explain a few issues that we recently experienced with our production vPro implementation.

-

Provisioning Certificate Chain Invalid

We're using Intel vPro with Microsoft Configuration Manager 2007 SP1, and for a while, we had been running into issues that prevented us from provisioning a vPro device. It turns out that the reasoning behind this was related to our provisioning certificate. We requested a certificate from Verisign, and imported it into our central SCCM site server. We have several child primaries to our central SCCM primary site server, however, and we were using the same provisioning certificate on those systems (Intel confirmed that this was possible).

When I exported the certificate (using the Certificates MMC snap-in), with its private key, from my central SCCM site server, I did not choose the option to export the certificate chain with it. Importing the certificate, with its private key, went just fine on the other SCCM primaries, but provisioning just didn't work. After working with Bill York from Intel for several hours, it was finally determined that the Verisign Class 3 Intermediate Certificate Authority's public key certificate was expired in the Intermediate certificate store on the SCCM site server running the out-of-band (OOB) service point. I imported the updated Verisign Intermediate certificate into the server's Intermediate CA certificate store, which resolved the issue I was having.

If you are experiencing this specific problem, you should see something like the following in your amtopmgr.log on the SCCM site server running the OOB service point:

Try to use provisioning account to connect target machine vprosystem.subdomain.mydomain.com...

Server unexpectedly disconnected when TLS handshaking.

**** Error 0x382b948 returned by ApplyControlToken

Although this probably should have been obvious to me, I did not actually open the provisioning certificate on the server I had imported the certificate on, to verify that the certificate was valid. If I had done so, I would have seen a message stating that the certificate was invalid, and then I could have looked at the certificate chain tab to see that the Verisign Intermediate CA's certificate was not valid. After examining the certificate for the Intermediate CA, it was determined that it had expired, causing my provisoning certificate to become invalid.

-

Microsoft PKI -Auto-Approval of Pending Certificate Requests

After resolving the certificate issue, we started seeing another issue. This issue was related to our internal Microsoft PKI. The next symptom we saw was again in the amtopmgr.log file (+in case you haven't figured it out, this is probably the most useful AMT log in SCCM). Here are the messages we saw:

Send request to AMT proxy component to generate client certificate. (MachineId = 60752)

Successfully created instruction file for AMT proxy task: D:\SMS\inboxes\amtproxymgr.box

RETRY(1) - Validate client certificate for AMT device vprosystem.subdomain.mydomain.com being generated.

Wait 20 seconds to find client certificate for AMT device vprosystem.subdomain.mydomain.com being generated again...

AMT Provision Worker: Wakes up to process instruction files

AMT Provision Worker: Wait 20 seconds...

RETRY(2) - Validate client certificate for AMT device vprosystem.subdomain.mydomain.com being generated.

Wait 20 seconds to find client certificate for AMT device vprosystem.subdomain.mydomain.com being generated again...

AMT Provision Worker: Wakes up to process instruction files

AMT Provision Worker: Wait 20 seconds...

RETRY(3) - Validate client certificate for AMT device vprosystem.subdomain.mydomain.com being generated.

Wait 20 seconds to find client certificate for AMT device vprosystem.subdomain.mydomain.com being generated again...

AMT Provision Worker: Wakes up to process instruction files

AMT Provision Worker: Wait 20 seconds...

RETRY(4) - Validate client certificate for AMT device vprosystem.subdomain.mydomain.com being generated.

Wait 20 seconds to find client certificate for AMT device vprosystem.subdomain.mydomain.com being generated again...

AMT Provision Worker: Wakes up to process instruction files

AMT Provision Worker: Wait 20 seconds...

RETRY(5) - Validate client certificate for AMT device vprosystem.subdomain.mydomain.com being generated.

Error: Missed device certificate. To provision device with TLS server or Mutual authentication mode, device certficate is required. (MachineId = 60752)

Error: Can't finish provision on AMT device vprosystem.subdomain.mydomain.com with configuration code (0)!

>>>>>>>>>>>>>>>Provision task end<<<<<<<<<<<<<<<

What this is telling you, is that the OOB service point was unsuccessful with its attempt to generate and retrieve a web server certificate, for the vPro client, from your internal Microsoft CA (either root or subordinate, but in our case, a subordinate). Although we had duplicated and configured the web server certificate template on our CA, the certificate was not getting created as we expected. The issue, in this case, was that our CA was not configured to automatically approve pending certificate requests.

In order to resolve this issue, follow these steps:

1. Open the Certification Authority MMC snap-in and connect to your CA

2. Right-click the CA node, and select Properties

3. Select the "Policy Module" tab

4. Click the Properties button

5. Choose the lower radio button (It reads: "Follow the settings in the certificate template, if applicable. Otherwise, automatically issue the certificate.")

6. Click OK on all dialog boxes

7. Restart the CA service, to allow the setting to take effect

-

I have a few more issues I'd like to talk about, mostly related to DNS. I will post again with details.

Thanks for reading,

Trevor Sullivan

Systems Engineer

Permalink Tags: trevor, sullivan, sccm, configuration, manager, configmgr, microsoft, sms, 2007, sp1, sccm_sp1, vpro, amt, provision, oob, out-of-band, generate, client, certificate, ca, pki, webserver, template, web_server, error, failure, fail, applycontroltoken

0

Intel vPro Technology with Altiris Client Management Suite Demonstration

Posted by Justin Van Buren Apr 22, 2008

While at ManageFusion, we had Symantec Director of Strategic Alliances Kevin Unbedacht discuss how Intel vPro Technology enhances the Symantec Altiris Client Management Suite. The videos below include demonstrations around power management with secure power-on, remote diagnosis and repair of troubled PCs, isolation and repair of infected PCs, and discovery of PC assets.

Hardware-assisted Power Management with Secure Power-On

]]>

Hardware-assisted Diagnosis and Repair of PCs Remotely (by getting into PC's BIOS settings):

]]>

Hardware-assisted Diagnosis and Repair of PCs Remotely (by remote booting PC to fix-it image on the network):

]]>

]]>

Hardware-assisted Isolation and Recovery of Infected PCs:

]]>

Hardware-assisted Discovery of PC Assets

]]>

Click here to learn more about the combination of Symantec products with Intel vPro technology: http://www.earlyroi.com/

0 Comments Permalink Tags: altiris, centrino_pro, amt, system, defense, symantec, manageability, client, suite, vpro, intel, cms, management