Home > Intel Communities > Open Port IT Community > Intel® vPro™ Expert Center > Blog > Tags > intel
Up to Blog Posts in Intel® vPro™ Expert Center
1 2 3 ... 6 Previous Next

Intel vPro Expert Center Blog

76 Posts tagged with the intel tag
Trevor Sullivan
3

Matt Royer wrote in June about some of the new AMT-related features being included in Service Pack 2 for Microsoft System Center Configuration Manager 2007. I recently installed ConfigMgr SP2 in my lab environment, and wanted to follow up on Matt's post by sharing some screenshots of the new AMT features, for those of you that may not be beta testing SP2

 

** The updated AMT Settings screen, which now features the option to set the power package for the management controller.

 

Sccm Sp2 - Oob Amt Settings Expanded Edited.png

 

** The new Provisioning Schedule screen (no more editing your sitectrl.ct0 file!)

Sccm Sp2 - Oob Provisioning Schedule.PNG

 

** The new main 802.1x & Wireless Profile Configuration screen (there are a couple of detail screens below)

Sccm Sp2 - Oob 802.1x & Wireless.PNG

** The new Wireless Profile Detail screen

 

Sccm Sp2 - Oob Wireless Profile Detail Edited.png

 

** The new 802.1x Profile Detail screen

 

Sccm Sp2 - Oob 802.1x Profile Edited.png

 

I don't have a provisioned client in my lab yet, but once I do, I will see if I can investigate the updated Microsoft OOB Console, and capture some screenshots. As Matt's post stated, there should be added functionality for inputting information into the 3PDS (Third-party data store), so I assume there will at least be that change.

 

Cheers,

 

Trevor Sullivan

Systems Engineer

3 Comments Permalink Tags: service, 2, sccm_sp2, amt, sccm, pack, microsoft, manageability, oob, console, isv, vpro, intel
Justin Van Buren
0

A hobby of many IT professionals is playing video games ... so we asked the question: "What Video Game Would Intel vPro Technology Be?" while at Symantec ManageFusion 2009 from March 10th to 12th. Check out the responses below from IT executives and managers, Intel partners and industry analysts.

To learn more about Intel's presence at Symantec ManageFusion 2009, go to: http://www.intel.com/go/managefusion/

0 Comments Permalink Tags: elevator, of, altiris, mccormick, call, 16, intel, one, action, madden, joe, 2009, enterprise, tony, spice, duty, football, associates, company, symantec, idc, montana, vpro, hawk, management, managefusion, formula, nfl
Justin Van Buren
0

While at Symantec ManageFusion 2009 from March 10th to 12th, we had a chance to talk to IT executives and managers, Intel partners and industry analysts who were all familiar with the capabilities of Intel vPro technology. In this video, they discuss what Rock Star or what type of music Intel vPro Technology could be ...

To learn more about Intel's presence at Symantec ManageFusion 2009, go to: http://www.intel.com/go/managefusion/

0 Comments Permalink Tags: rockstar, intel, vpro, symantec, managefusion, 2009, vegas, bono, beethoven, u2, kiss, world_music, altiris, rock, clapton, hawkins, idc, blue, spice, it, taylor, las, company, eric, borden, netx, cross, mccormick, disney, rob, sands, shield, star, paul, mccartney
Justin Van Buren
1

While at Symantec ManageFusion 2009, we had a chance to talk with Mike Dunham, Executive Director of Product Management for Incendio Technology. In the video below, he talks about the Incendio vMinder Portal, which allows IT profrossional to utilize the Symantec Altiris Client Management Suite without needing console access. From the Incendio vMinder Portal, the IT professional can access Intel vPro technology features such as reliable remote power control that are part of the Symantec Altiris Client Management Suite.

To learn more about Intel's presence at Symantec ManageFusion 2009, go to: http://www.intel.com/go/managefusion/

1 Comments Permalink Tags: altiris, amt, incendio, vminder, portal, symantec, power, control, green, it, cms, mike, dunham, centrino_pro, vpro, intel
Justin Van Buren
0

While at Symantec ManageFusion 2009, we had a chance to talk with Antwune Gray, a Director at NetX. In the video below, he talks about how the NetX Appliance discovers which PCs in your business environment have Intel vPro technology, as well as the version and setup status of Intel vPro technology.

To learn more about Intel's presence at Symantec ManageFusion 2009, go to: http://www.intel.com/go/managefusion/

0 Comments Permalink Tags: netx, intel, vpro, readiness, reporting, discovery, setup, status, activation, altiris, amt, centrino_pro, symantec
Justin Van Buren
0

While at Symantec ManageFusion 2009, we had a chance to talk to IT executives and managers from Disney International, Fox Interactive Media, Blue Cross Blue Shield and McCormick Spice Company and industry analysts from Enterprise Management Associates and Ptak, Noel & Associates LLC. In this video, they talk about the security benefits of Intel vPro technology - which include the ability to deploy software patches faster into the installed PC base, and the ability to quarantine infected PCs and remotely remediate them.

To learn more about Intel's presence at Symantec ManageFusion 2009, go to: http://www.intel.com/go/managefusion/

0 Comments Permalink Tags: vpro, intel, security, managefusion, 2009, bluecrossblueshield, disney, fox, mccormick, ptak, ema, pc, refresh, viruses, malware, quarantine, pcs, system, defense, isolate, recover, patching, faster, patches, conficker, altiris, centrino_pro, client_management, symantec, amt
Justin Van Buren
0

While at Symantec ManageFusion 2009, we had a chance to talk to IT executives and managers from Las Vegas Sands Corporation, Blue Cross Blue Shield and McCormick Spice Company and Lee Bender, senior technical manager from Symantec. In this video, they talk about benefits of Symantec Altiris Client Management Suite v6.5 (and above) with Intel vPro Technology, including power management, remote diagnosis and repair, and fast call for help.

To learn more about Intel's presence at Symantec ManageFusion 2009, go to: http://www.intel.com/go/managefusion/

0 Comments Permalink Tags: power, intel, managefusion, suite, green, altiris, cms, vpro, symantec, vegas, management, bender, energy_cost, las, mccormick, managefusion_2009, client, lee, control, it, sands, otal_cost_ownership, version
Trevor Sullivan
2

I wanted to quickly share an example of how to set the current power state of a provisioned Intel vPro system using Windows Powershell!

 

Take a moment, and ask yourself these quick questions:

 

  • Have you ever wanted to be able to automate the powering up, or powering off, of multiple computers?
  • Is your company interested in saving money by not needlessly leaving computers powered on at night?
  • Do you have a time-critical environment, such as a call center, where you need to reliably power up your computers so they are ready to go in the morning for agents?
  • Do you want to be able to create your own helpdesk tools to enable remote reset of hung systems?

 

If you answered "yes" to any of the previous questions, then hopefully this Powershell code will help you, as an administrator, achieve your goals! Let's take a look at how to perform the actions of:

 

  • Powering up a vPro (AMT) system
  • Powering down a vPro (AMT) system (not gracefully, just FYI)
  • Power cycling a vPro (AMT) system (also not graceful)

 

For the sake of simplicity, we'll continue to work with the ManageabilityStack.AmtSystem object that I have referenced in my previous article(s). If you aren't sure how to get the $Global:Amtdevice Powershell variable, please look back at my other articles. This will also require the download of the Intel AMT Developer Toolkit. You'll need the Manageability Stack.dll library contained within.

 

-------------------

In order to control the remote power state of an AMT system, all you really need to know are these 3 hex values:

 

0x10 = System reset

0x11 = Power on

0x12 = Power off

0x13 = Reset w/ power cycle

 

These hex values will be used with the $AmtSystem.Remote.SendRemoteControl() method to alter the power state of the remote system. The SendRemoteControl() method included with the DTK includes a number of parameters that go beyond the scope of this article, so we will pass hex value 0x0 to these parameters for the time being. In order to use the above hex values, simply pass the hex value as the first parameter of the SendRemoteControl() method. In order to fulfill the parameter requirements of this method, pass 5 additional parameters with the value 0x0. Here are some examples:

 

Powering up an AMT System

 

$Result = $AmtDevice.Remote.SendRemoteControl(0x11, 0x0, 0x0, 0x0, 0x0, 0x0)

Write-Host "Power command resulted with: ${Result}"

 

Powering off an AMT System

 

$Result = $AmtDevice.Remote.SendRemoteControl(0x12, 0x0, 0x0, 0x0, 0x0, 0x0)

Write-Host "Power command resulted with: ${Result}"

 

Power cycling an AMT System

 

$Result = $AmtDevice.Remote.SendRemoteControl(0x10, 0x0, 0x0, 0x0, 0x0, 0x0)

Write-Host "Power command resulted with: ${Result}"

 

The above samples show how to use the SendRemoteControl() method of the AmtRemoteControl .NET type in the Intel AMT Developer Toolkit (DTK) to control the power state of a remote AMT device.

 

If you have any questions about this, please leave a comment or send me a private message.

 

Sincerely,

 

Trevor Sullivan

Systems Engineer

OfficeMax Corporation

2 Comments Permalink Tags: customize, vpro, roi, administrator, manageability, trevor, sullivan, script, automate, automation, developer, intel, amt, dtk, sdk, microsoft, windows, powershell
Justin Van Buren
0

While at Symantec ManageFusion 2009, we had a chance to talk to IT executives and managers from Disney International, Fox Interactive Media, Blue Cross Blue Shield, Las Vegas Sands Corporation and McCormick Spice Company and industry analysts from IDC, Enterprise Management Associates and Ptak, Noel & Associates LLC about Intel vPro technology and industry trends.  In the video below, they discuss how PC refresh and Intel vPro technology helps minimize total cost of ownership.

To learn more about Intel's presence at Symantec ManageFusion 2009, go to: http://www.intel.com/go/managefusion/

0 Comments Permalink Tags: mccormick, refresh, vpro, disney, idc, intel, lower_cost, bluecrossblueshield, sands, ema, manageability, fox, vegas, total_cost_ownership, ptak, las, pc
Justin Van Buren
0

While at Symantec ManageFusion 2009, we had a chance to talk to IT executives and managers from Disney International, Fox Interactive Media, Las Vegas Sands Corporation and McCormick Spice Company and industry analysts from IDC, Enterprise Management Associates and Ptak, Noel & Associates LLC about Intel vPro technology and industry trends.  In the video below, they discuss the impact of Intel vPro technology on power consumption reduction and energy cost reduction.

To learn more about Intel's presence at Symantec ManageFusion 2009, go to: http://www.intel.com/go/managefusion/

0 Comments Permalink Tags: vpro, intel, ema, altiris, manageability, control, green, sands, client_management, ptak, power, idc, amt, it, fox, energy_cost, las, symantec, disney, vegas, mccormick, managefusion
Justin Van Buren
0

In the opening keynote at the recent Symantec ManageFusion 2009, Intel Vice-President Gregory Bryant talked about joint efforts between Symantec and Intel around product offerings that help with centralizing management of applications and licensees, while still enabling end-users to have a responsive experience with rich-client desktop PCs and notebook PCs. The below demonstration by Symantec's Brian Duckering illustrates how Intel and Symantec are bringing these benefits to customers with Symantec Workspace Streaming and Intel vPro technology.

To learn more about Intel's presence at ManageFusion 2009, please go to http://www.intel.com/go/managefusion/

0 Comments Permalink Tags: streaming, management, local, endpoint, pcs, virtual, symantec, license, notebook, application, pc, resources, duckering, virtualization, asset, vpro, intel, centrino, thin, oob, centralized, client, brian, workspace, dynamic
Justin Van Buren
0

At the recent Symantec ManageFusion 2009, Symantec announced the general availability of Symantec Altiris Client Management Suite Version 7.

One of the new features in Symantec Altiris Client Management Suite Version 7 is support for Intel Centrino 2 with vPro technology's "Fast Call for Help."  The video below by Symantec's Senior Technical Manager Lee Bender is a demonstration of how an end-user would connect back to the Altiris Client Management Suite for remote diagnosis and repair of his notebook even though he connect boot into Windows and is outside of the corporate firewall.

To learn more about Intel's presence at ManageFusion 2009, please go to http://www.intel.com/go/managefusion/

0 Comments Permalink Tags: bender, management, oob, intel, outside, corporate, blue, fast, centrino, diagnosis, call, with, firewall, screen, firewall., vpro, console, windows, and, for, technology, remote, repair, symantec, lee, help, altiris, v7.
Justin Van Buren
0

On May 10th, Intel Vice-President Gregory Bryant was part of the opening ManageFusion keynote led by Symantec's Steve Morton.

Gregory talked about how customers are realizing value today with Intel vPro technology and getting a return on investment that pays for itself in less than one year.  He also talked about new Intel vPro technology product developments with Altiris Client Management Suite Version 7 and Symantec Workspace Streaming. View the highlights below or click here to see the full keynote.

0 Comments Permalink Tags: management, 2009, gregory, streaming, managefusion, refresh, bryant, roi, intel, altiris, vpro, workplace, symantec, client, morton, technology, steve, pc
Trevor Sullivan
3

Hello vPro Experts!

 

I would like to take some time to touch on exploration of the management engine via the local interface (specifically the HECI driver). In order to follow the exercise here, you'll need to have Windows Powershell installed, have the Intel AMT Developer Toolkit downloaded and installed, and have an AMT client (does not need to be provisioned) with the HECI driver installed. The HECI driver should be downloadable from your OEM.

 

To give you a high-level idea of the program flow we'll use to access the AMT device, consider the following:

 

  1. Load the "Manageability Stack.dll" .NET library
  2. Create an instance of the ManageabilityStack.HeciWrapper object
  3. Reference the properties and methods of the HeciWrapper object, and the HeciMeInfo object (provided by the HeciWrapper.MeInfo property)

 

Here is the Powershell code that correlates to the above process:

 

Loading the .NET Library

 

# Load the Manageability Stack .NET library

$AmtLib = "C:\Program Files\Intel\Manageability Developer Tool Kit\Manageability Stack.dll"
[System.Reflection.Assembly]::LoadFile($AmtLib)
# Create a HeciWrapper object

$Heci = New-Object ManageabilityStack.HeciWrapper

 

# Pipe the $Heci variable into the Get-Member cmdlet to determine what properties

# and methods are available to us.

$Heci | Get-Member

 

Obtaining a list of embedded certificate hashes

 

# List embedded certificate hashes
$Heci.MeInfo.EnumerateHashHandles()

 

Getting the BIOS and AMT Versions

 

# Retrieve the AMT version
Write-Host "AMT version: $($Heci.Versions.Versions["AMT"])"
# Retrieve the BIOS version
Write-Host "BIOS version: $($Heci.Versions.BiosVersion)"

 

Retrieving Provisioning Information

 

# Retrieve the provisioning server name
Write-Host "Provisioning server: $($Heci.MeInfo.GetAuditRecord().ProvServerFQDN)"
# Determine provisioning date
# This will return "01/01/0001 00:00:00" if not provisioned
Write-Host "Provision date: $($Heci.MeInfo.GetAuditRecord().TlsStartTime)"
# Get provisioning mode (Enterprise, SMB, etc.)
Write-Host "Provision mode: $($Heci.MeInfo.GetProvisioningMode().ProvisioningMode)"
# Get provisioning state
Write-Host "Provision state: $($Heci.MeInfo.GetProvisioningState())"

 

-----------------------------------

 

I hope these code samples are able to help you out in your administration / engineering endeavors! Please let me know if you have any questions, and don't forget that in Powershell .... when in doubt .... use Get-Member to discover what information is available to you!

 

Trevor Sullivan

Systems Engineer

OfficeMax Corporation

3 Comments Permalink Tags: vpro, engineer, troubleshoot, automate, deploy, microsoft, amt, administration, sullivan, tools, powershell, script, intel, automation, trevor, manage
Joel Smith
1

The release of the Notification Server 7.0 platform will provide a new design and infrastructure.  Out of Band Management will also provide a new release with this platform.  First I’ll provide a brief description of what Out of Band Management is used for.  This article will also cover the differences between the 6.2 version of Out of Band and version 7.0.  The changes include UI improvements, relabeling to be in line with current Intel terms, and the addition of limited Dash support.

INTRODUCTION

Out of Band Management 7.0 allows an administrator or IT Professional to setup and configure several protocol technologies for use in the greater Notification Server infrastructure, or even any other solution that supports the protocols handled by Out of Band Management.  The supported technologies are:

  • Intel AMT (Active Management Technology) or vPro
  • ASF (Alerts Standard Format) primarily from Broadcom
  • DASH technology support (open architecture)

The greater focus is on Intel’s AMT technology.  Using the provided configuration pieces with Out of Band, systems with the above technologies can be configured to respond to functions called from either the RTSM interface or via Task Server.  Once configured, the Notification Server is a trusted entity to the local systems and all available functions are available.

More information can be found by browsing through the articles generated on Out of Band Management 6.x at http://www.symantec.com/community/intel.

Terms/Term changes

It’s important to understand the changes in terminology and labeling so the transition from 6.2 to 7.0 Out of Band Management goes smoothly.  This section will also help explain the naming scheme for Out of Band Management.  The following list provides the term, and the previous label (if different), and a brief description:

  1. Configuration, AKA Setup and Configuration – Previous term: Provisioning – Intel has standardized on using Configuration as the term for activating a vPro system.  This more aligns with what is occurring and avoids confusion with basic industry understanding of what provisioning means (putting an OS on the system). 
    NOTE: Since this word is used throughout documentation for 6.x it is important to understand the change!
  2. TLS – Transport Layer Security can be considered the next generation of SSL (Secure Sockets Layer).  It’s used in 2 sections of Configuration: Remote Configuration authentication, and TLS within the Configuration Profile.
  3. Remote Configuration – This specifically means the process for automatic Configuration via the handshake with a TLS certificate, usually purchased from Verisign, GoDaddy, Comodo.

Out of Band Portal

Out of Band Management now has a Portal page that provides access to most function from a user-friendly UI.  It’s accessed in the Symantec Management Console by going to Home > Remote Management > and click on Out of Band Management.  The following screenshot shows a view of the portal:

OOBPortal.jpg

The upper left-hand pane shows a list of setting groups that will enable a user to go through those steps necessary to enable or complete Out of Band setup and configurations.  Please note the following items and what they can be used for:

  • Configuration Service Settings – This provides all the nodes that are used in the Setup and Configuration process for AMT.
  • Basic Configuration (without TLS) – This takes you through the process of setting up Configuration where TLS will not be used in the Configuration Profile (not to be confused with Remote Configuration TLS).  See this screenshot for the way the steps are setup:
    AMTConfigSteps.jpg
  • Enable Remote Configuration – This walks you through setting up the Notification Server to accept Configuration requests using TLS certificates.  Note that 2.6, 3.0+ AMT systems are automatically configured to send out requests using this method.
  • Enable Security (TLS) – This walks you through setting up the Notification Server to use TLS when managing AMT systems.
  • Intel AMT Tasks – This is a quick area that reveals the Task Server tasks that directly utilize AMT.
  • Configure Site Server – This is a link that opens the Site Server Configuration page as part of the Notification Server Platform.  This is available here because OOB has a Site Service that can be deployed to Site Servers.

As a note, Site Servers allow distribution of Out of Band functions across the environment, and helps alleviate any problems with large rollouts involving a large amount of Configuration.  This brings us closer to having true hierarchy support with Out of Band Management.

UI Changes

Those who are familiar with Out of Band Management 6.2 can use this section to find corresponding functions, configuration pages, and utilities when upgrading to Out of Band 7.0.  If you are unfamiliar with this version skip to the next section.

Out of Band Management looks much the same as it did in 6.2, with some notable exceptions.  The following items cover the differences between the two.  The method used to reach the console area for Out of Band Management is as follows: Browse down through Settings > All Settings > in the left-hand tree browse down through Remote Management > Out of Band Management.  The three subfolders are by the same name as they were in 6.2, lacking the fourth folder: Delayed Provisioning.

  1. *Provisioning > Configuration – I called this out previously in this article but with my experience the double-exposure is necessary.  In reference to managing vPro AMT systems, consider the previously used term Provisioning to now be Configuring, or Provision to now be Configuration.  If you’re like me and have the word provisioning ingrained in your mind, it will take some getting used to.
  2. Auxiliary Profiles – Three new nodes have been added to this folder.  They are described below:
    1. Management Presence Server – (MPS) This is the secure gateway CIRA technology will use to connect securely with the network where the NS resides for remote management from anywhere on the Internet.
    2. Remote Access Policies – In relation to the above MPS, this policy dictates how CIRA connections are handled by the Notification Server.
    3. Trusted Root Certificates – Also in relation to MPS, these are required to establish so that trust can be formed from the calling AMT system, the MPS, and the Notification Server.
  4. Configuration Profiles – Formerly known as Provision Profiles.  The following items have been added as tabs within the profile configuration.  Descriptions of the items are supplied as well:
    1. Domains – Allows the ability to configure AMT to operate in more than one Domain.
    2. Remote Access – This ties directly to the Remote Access Policies found under the Auxiliary Profiles node.  Edits here will take effect in both places.
  6. The remaining nodes under the Configuration Service Settings folder are the same between versions 6.2 and 7.0.
  7. Delayed Setup and Configuration – Formerly known as Delayed Provisioning, this has been renamed to fit the proper naming convention.  It also no longer has its own folder, but can be found under the Intel® AMT Systems folder above the Intel AMT Systems node.
  8. The following screenshot shows the layout of the console:
    ConfigConsole.jpg

Intel SCS

The component that Out of Band Management plugs into has not changed between versions.  Intel SCS (Setup and Configuration Services) is still the backbone of Out of Band, and handles all the transactions between the server and the remote Intel AMT clients during the Configuration process.  Please note that management functions of AMT are NOT handled by Intel SCS.  SCS stands for only the Configuration process, including maintenance and reconfiguration tasks (for example for profile updates) as part of maintaining the configured state.

Out of Band Management 6.2 used Intel SCS version 3.0 (or 3.2.1 per the Knowledgebase article found at this location: https://kb.altiris.com/article.asp?article=40076&p=1).  Intel SCS version 5.0 ships with Out of Band Management.  While the UI does not reveal all the additional capabilities, SCS 5.0 comes with a tool called Activator.  This utility can handle a number of scenarios that were sticky points in the previous versions of Out of Band and Intel SCS.  The abilities include the following:

  1. FQDN Name Change – The Activator, when run on the local AMT system, can tell AMT to send updated information to Intel SCS on its FQDN.  This is especially important if the FQDN has changed in Windows, thus changing the identity of the machine.
    • The problems associated with this are the failure of AMT systems to authenticate using TLS due to FQDN sensitivity if enabled, and also the inability of Intel SCS to contact back a system whose FQDN has changed.
  3. Resending of Hello Packets – While the 3.0 version of Out of Band had the ability to send Hello packets using the Delayed Provisioning (AKA Delayed Configuration) task, it did not have the ability to send PSK (pre shared keys) packets if the 24 hour cycle of the hello packets sequence expires.  This functionality was also added to verison 3.2.1 of Intel SCS.
    • The problems associated with this are when systems are not configured within that 24-hour cycle they need to be acted upon to get the needed information to the server for configuration.

The above two functions can be utilized by sending Activator down using a Delivery Software job in the Software Management Solution.

Conclusion

Hopefully this introduction will help those familiar with Intel vPro, and especially familiar with Out of Band Management in the Notification Server 6.0 infrastructure, to understand the changes and functions in version 7.0 of Out of Band Management.  In depth articles will be generated in the future to cover some of the new features such as the MPS and CIRA functionality.

1 Comments Permalink Tags: altiris, amt, symantec, vpro, intel, activation
1 2 3 ... 6 Previous Next

Popular Blog Posts