The release of the Notification Server 7.0 platform will provide a new design and infrastructure.  Out of Band Management will also provide a new release with this platform.  First I’ll provide a brief description of what Out of Band Management is used for.  This article will also cover the differences between the 6.2 version of Out of Band and version 7.0.  The changes include UI improvements, relabeling to be in line with current Intel terms, and the addition of limited Dash support.

INTRODUCTION

Out of Band Management 7.0 allows an administrator or IT Professional to setup and configure several protocol technologies for use in the greater Notification Server infrastructure, or even any other solution that supports the protocols handled by Out of Band Management.  The supported technologies are:

• Intel AMT (Active Management Technology) or vPro
• ASF (Alerts Standard Format) primarily from Broadcom
• DASH technology support (open architecture)

The greater focus is on Intel’s AMT technology.  Using the provided configuration pieces with Out of Band, systems with the above technologies can be configured to respond to functions called from either the RTSM interface or via Task Server.  Once configured, the Notification Server is a trusted entity to the local systems and all available functions are available.

More information can be found by browsing through the articles generated on Out of Band Management 6.x at http://www.symantec.com/community/intel.

Terms/Term changes

It’s important to understand the changes in terminology and labeling so the transition from 6.2 to 7.0 Out of Band Management goes smoothly.  This section will also help explain the naming scheme for Out of Band Management.  The following list provides the term, and the previous label (if different), and a brief description:

1. Configuration, AKA Setup and Configuration – Previous term: Provisioning – Intel has standardized on using Configuration as the term for activating a vPro system.  This more aligns with what is occurring and avoids confusion with basic industry understanding of what provisioning means (putting an OS on the system). 
   NOTE: Since this word is used throughout documentation for 6.x it is important to understand the change!
2. TLS – Transport Layer Security can be considered the next generation of SSL (Secure Sockets Layer).  It’s used in 2 sections of Configuration: Remote Configuration authentication, and TLS within the Configuration Profile.
3. Remote Configuration – This specifically means the process for automatic Configuration via the handshake with a TLS certificate, usually purchased from Verisign, GoDaddy, Comodo.

Out of Band Portal

Out of Band Management now has a Portal page that provides access to most function from a user-friendly UI.  It’s accessed in the Symantec Management Console by going to Home > Remote Management > and click on Out of Band Management.  The following screenshot shows a view of the portal:

The upper left-hand pane shows a list of setting groups that will enable a user to go through those steps necessary to enable or complete Out of Band setup and configurations.  Please note the following items and what they can be used for:

• Configuration Service Settings – This provides all the nodes that are used in the Setup and Configuration process for AMT.
• Basic Configuration (without TLS) – This takes you through the process of setting up Configuration where TLS will not be used in the Configuration Profile (not to be confused with Remote Configuration TLS).  See this screenshot for the way the steps are setup:
  
• Enable Remote Configuration – This walks you through setting up the Notification Server to accept Configuration requests using TLS certificates.  Note that 2.6, 3.0+ AMT systems are automatically configured to send out requests using this method.
• Enable Security (TLS) – This walks you through setting up the Notification Server to use TLS when managing AMT systems.
• Intel AMT Tasks – This is a quick area that reveals the Task Server tasks that directly utilize AMT.
• Configure Site Server – This is a link that opens the Site Server Configuration page as part of the Notification Server Platform.  This is available here because OOB has a Site Service that can be deployed to Site Servers.

As a note, Site Servers allow distribution of Out of Band functions across the environment, and helps alleviate any problems with large rollouts involving a large amount of Configuration.  This brings us closer to having true hierarchy support with Out of Band Management.

UI Changes

Those who are familiar with Out of Band Management 6.2 can use this section to find corresponding functions, configuration pages, and utilities when upgrading to Out of Band 7.0.  If you are unfamiliar with this version skip to the next section.

Out of Band Management looks much the same as it did in 6.2, with some notable exceptions.  The following items cover the differences between the two.  The method used to reach the console area for Out of Band Management is as follows: Browse down through Settings > All Settings > in the left-hand tree browse down through Remote Management > Out of Band Management.  The three subfolders are by the same name as they were in 6.2, lacking the fourth folder: Delayed Provisioning.

1. *Provisioning > Configuration – I called this out previously in this article but with my experience the double-exposure is necessary.  In reference to managing vPro AMT systems, consider the previously used term Provisioning to now be Configuring, or Provision to now be Configuration.  If you’re like me and have the word provisioning ingrained in your mind, it will take some getting used to.
2. Auxiliary Profiles – Three new nodes have been added to this folder.  They are described below:
3. 1. Management Presence Server – (MPS) This is the secure gateway CIRA technology will use to connect securely with the network where the NS resides for remote management from anywhere on the Internet.
   2. Remote Access Policies – In relation to the above MPS, this policy dictates how CIRA connections are handled by the Notification Server.
   3. Trusted Root Certificates – Also in relation to MPS, these are required to establish so that trust can be formed from the calling AMT system, the MPS, and the Notification Server.
4. Configuration Profiles – Formerly known as Provision Profiles.  The following items have been added as tabs within the profile configuration.  Descriptions of the items are supplied as well:
5. 1. Domains – Allows the ability to configure AMT to operate in more than one Domain.
   2. Remote Access – This ties directly to the Remote Access Policies found under the Auxiliary Profiles node.  Edits here will take effect in both places.
6. The remaining nodes under the Configuration Service Settings folder are the same between versions 6.2 and 7.0.
7. Delayed Setup and Configuration – Formerly known as Delayed Provisioning, this has been renamed to fit the proper naming convention.  It also no longer has its own folder, but can be found under the Intel® AMT Systems folder above the Intel AMT Systems node.
8. The following screenshot shows the layout of the console:
   

Intel SCS

The component that Out of Band Management plugs into has not changed between versions.  Intel SCS (Setup and Configuration Services) is still the backbone of Out of Band, and handles all the transactions between the server and the remote Intel AMT clients during the Configuration process.  Please note that management functions of AMT are NOT handled by Intel SCS.  SCS stands for only the Configuration process, including maintenance and reconfiguration tasks (for example for profile updates) as part of maintaining the configured state.

Out of Band Management 6.2 used Intel SCS version 3.0 (or 3.2.1 per the Knowledgebase article found at this location: https://kb.altiris.com/article.asp?article=40076&p=1).  Intel SCS version 5.0 ships with Out of Band Management.  While the UI does not reveal all the additional capabilities, SCS 5.0 comes with a tool called Activator.  This utility can handle a number of scenarios that were sticky points in the previous versions of Out of Band and Intel SCS.  The abilities include the following:

1. FQDN Name Change – The Activator, when run on the local AMT system, can tell AMT to send updated information to Intel SCS on its FQDN.  This is especially important if the FQDN has changed in Windows, thus changing the identity of the machine.
2. • The problems associated with this are the failure of AMT systems to authenticate using TLS due to FQDN sensitivity if enabled, and also the inability of Intel SCS to contact back a system whose FQDN has changed.
3. Resending of Hello Packets – While the 3.0 version of Out of Band had the ability to send Hello packets using the Delayed Provisioning (AKA Delayed Configuration) task, it did not have the ability to send PSK (pre shared keys) packets if the 24 hour cycle of the hello packets sequence expires.  This functionality was also added to verison 3.2.1 of Intel SCS.
4. • The problems associated with this are when systems are not configured within that 24-hour cycle they need to be acted upon to get the needed information to the server for configuration.

The above two functions can be utilized by sending Activator down using a Delivery Software job in the Software Management Solution.

Conclusion

Hopefully this introduction will help those familiar with Intel vPro, and especially familiar with Out of Band Management in the Notification Server 6.0 infrastructure, to understand the changes and functions in version 7.0 of Out of Band Management.  In depth articles will be generated in the future to cover some of the new features such as the MPS and CIRA functionality.

Last month, Intel introduced Intel® Anti-Theft Technology with support from Lenovo and Absolute Software.

There are various use models that this new technology enables, such as:

·            

Watch the following Intel Anti-Theft Technology demo with Intel executives Dadi Perlmutter and Pat Gelsinger from Fall IDF 2008 and learn more about how this new technology helps with theft deterrance.

For a more in-depth demonstration of Intel Anti-Theft Technology with Absolute Software, watch the following video:

Listen to industry analysts discuss benefits of Intel Anti-Theft Technology and why this technology is an important milestone that will help with notebook PC theft deterrence in the future.

Listen to a Lenovo executive discuss the benefits that Intel Anti-Theft Technology will bring to Lenovo based notebook PCs.

Listen to Absolute executives discuss how they are taking advantage of Intel Anti-Theft Technology in their software and services.

Last, listen to Intel's Anand Pashupathy, George Thangadurai and Duncan Glendinning comment on the benefits of the new technology.

Another Add, here's Josh Hilliker talking about Anti-Theft Technology @ the beach.

Hello, vPro Experts!

I've uploaded an updated document with additional troubleshooting measures related to Intel vPro and Microsoft Configuration Manager. Please download and provide feedback on it.

Troubleshooting Intel AMT and ConfigMgr

Thanks!

Trevor Sullivan

Systems Engineer

OfficeMax Corporation

Hello vPro community!

I rather quickly posted the Powershell code I got functioning yesterday just to make sure that I didn't forget to post it at some point, but if you're new to Powershell, you might not understand everything that's going on here. If I left your head spinning, then I apologize, but tonight, I'm wrapping back around to help describe to you the thought process behind the script I posted!

On top of that, once I put together some notes from earlier today, I will post later on about some of my newest findings! To give you a teaser, I found a method of setting AMT power profiles using Powershell code! I'll be sure to get this posted as soon as I can, but for now, I think it would be most beneficial to understand the basics of connecting to a vPro system.

I'm going to step through the script line-by-line and leave some comments about each of them. Comments will be denoted by lines beginning with a pound sign (#). This is because Powershell uses this character as a "comment" character.

If you're experienced with .NET, then you'll probably either already know about, or want to get familiar with, the tool known as the .NET Reflector. This utility allows you to "reflect" over a .NET library, and discover the objects, methods, and properties that are available to you to use in your Powershell scripts. It's not always a simple task to figure out how to use .NET objects, especially if there is either poor documentation, or none at all, but this tool definitely makes it easier.

----------------------------------

# The following 6 lines are simply variables that we are setting

# to make troubleshooting and customizing our script easier.

# We will be instantiating (creating) an object of the data type

# "AmtSystem" that requires these values as params to its

# constructor method.

# This is the domain\userID we want to authenticate as

$amtusername = "vprodemo\DomainUser"

# This is the password for the user account to authenticate
$amtpassword = "P@SSW0Rd"

# This is the FQDN of the vPro client system we want to connect to
$amthostname = "vproclient.vprodemo.com"

# This is the TCP port that we want to connect to the vPro client on

# TCP 16993 is used for TLS communications to AMT clients

$amtport = 16993

# This parameter determines whether or not your password is

# saved in the AmtSystem object (I think)
$amtrecallpassword = $false

# I haven't verified this, but I believe that this parameter determines

# whether or not WS-MAN is used exclusively on vPro clients

# that support it. Otherwise, it will attempt to use EOI (SOAP).
$amtwebservicesonly = $false

# Next, this variable stores the path to the "Manageability Stack.dll"

# which is included with the Intel AMT Developer Toolkit (DTK).

# Be sure to download the latest version from the Intel website.

# This DLL is a .NET library, written in C#, that provides an API

# to interact with Intel vPro clients.

$manageabilitystack = "C:\Program Files\Intel\Manageability Developer Tool Kit\0.6.08325.2\Manageability Stack.dll"

# This line uses the built-in Assembly class (part of .NET reflection)

# to load the .NET DLL containing the AMT API. The Out-Null Powershell

# cmdlet is used to suppress any console output of the LoadFile() method.

[System.Reflection.Assembly]::LoadFile("$ManageabilityStack") | Out-Null

# The Write-Host cmdlet is built into Powershell and simply writes

# some text to the console. We are using inline variables to dynamically

# display the information about the client we're connecting to.

Write-Host "Connecting to $amthostname on port $amtport"

# This is the line that's actually getting the object that we will use to

# reference our target Intel AMT client. We are creating a global variable

# name "amtdevice" and setting its value to a "New-Object" of datatype

# ManageabilityStack.AmtSystem (you can use .NET Reflector to find this)

# and then passing the parameters that we defined before to its constructor.

# If the below line wraps in your browser, please be sure to put it all on one line in your script.

$global:amtdevice = New-Object ManageabilityStack.AmtSystem -ArgumentList $amthostname,$amtport,$amtusername,$amtpassword,$amtrecallpassword,$amtwebservicesonly

# Footnote: With respect to variable scope in Powershell, the reason I am

# defining this as a global variable explicitly, is because if you copy and paste

# this code into a script, and then run that script from within an interactive

# Powershell session, the $amtdevice will now be defined as global to the session

# and will not be deleted when the script exits. This allows you to run the script to

# retrieve the device object, but then continue to work with it interactively once

# the connection is established!

# Tell the AmtSystem object that we want to use TLS

$amtdevice.UseTls = $true

# Enable WS-MAN support (if available) on the connection
$amtdevice.WsManSupport = $true

# Once we've set up all of our configuration options about the connection,

# this next line actually establishes the connection.

$amtdevice.Connect()

# The "State" property of the AmtSystem object is "Connecting" until the

# connection either succeeds or fails. We want to monitor the status until

# this occurs.

while ($amtdevice.State -eq "Connecting") { Start-Sleep 1 }

# Finally, once the connection either succeeds or fails, we write out the

# State property to the console so that we know what the outcome was.

Write-Host "AMT device is in state $($amtdevice.State.ToString())"

-----------------------------------

So, there you have it. That is the code, with my comments inline. If you have any questions or feedback on my articles, please feel free to comment on this blog article. I will try my best to answer them, although please understand that I am still working on comprehending this great API! If this is useful to any of you, I would like to know that, and if not, then please recommend something that you would like to hear about!

As promised, I will eventually write another follow-up article on how you can set Management Engine (ME) power profiles on a provisioned AMT client remotely, using Powershell! Until next time ...

Happy Powershell Scripting!!

Trevor Sullivan

Systems Engineer

OfficeMax Corporation

Hello everyone!

I have been working on understanding the Intel AMT Developer's Toolkit (DTK) so that I can begin developing some custom tools around Intel vPro. One of the tools that I am planning on working with is Microsoft's Windows Powershell. Windows Powershell is a very powerful, object-oriented command-line replacement for Windows XP, Vista, 2003, and 2008. It's an administrative scripting language that is significantly more powerful than VBscript, and has the entire power of the Microsoft .NET Platform behind it.

Just today, I've had my first success in using the Intel DTK with Windows Powershell, in my quest to automate Intel vPro related tasks using Powershell!

This is some really cool stuff, and I just had to get it out there to share with the community. I can't wait to see what else people build off of this!

Here is the first sample code that I've gotten to function correctly. I'm using it against a Dell Optiplex 755 running AMT firmware version 3.2.1, which was provisioned through ConfigMgr SP1.

-------------

$amtusername = "vprodemo\DomainUser"
$amtpassword = "P@SSW0Rd"
$amthostname = "vproclient.vprodemo.local"
$amtport = 16993
$amtrecallpassword = $false
$amtwebservicesonly = $false

$manageabilitystack = "C:\Program Files\Intel\Manageability Developer Tool Kit\Manageability Stack.dll"

[System.Reflection.Assembly]::LoadFile("$ManageabilityStack") | Out-Null
Write-Host "Connecting to $amthostname on port $amtport"
$amtdevice = New-Object ManageabilityStack.AmtSystem $amthostname,$amtport,$amtusername,$amtpassword,$amtrecallpassword,$amtwebservicesonly
$amtdevice.UseTls = $true
$amtdevice.WsManSupport = $true
Write-Host "TLS: $($amtdevice.UseTls), WsMan Support: $($amtdevice.WsManSupport)"
$amtdevice.Connect()

while ($amtdevice.State -eq "Connecting")
{
Start-Sleep 1
}
Write-Host "AMT device is in state $($amtdevice.State.ToString())"

-------------

Unfortunately that's all I can post for now, but I definitely plan on continuing work on this development!

Trevor Sullivan

Systems Engineer

OfficeMax Corporation

The 3rd generation of Intel vPro technology that was launched yesterday, along with the recently launched Intel Centrino 2 with vPro technology, will, for the first time, enable IT to manage PCs beyond the corporate firewall even when the PC is off or the OS is unavailable. There are various use models that this new functionality enables, such as:

• Fash Call for Help

• Scheduled Remote Maintenance

• Remote Alerts

]]>

Steve Grobman, Intel's Director of Client Business Architecture, gives an excellent overview of the new benefits that come with support outside the corporate firewall. Watch below and also see a demo of this new functionality with the Symantec Altiris Client Management Suite.

]]>

]]>

Also, see how this new functionality is supported with the LANDesk Management Suite.

]]>

]]>

With Intel vPro technology now out in the marketplace for more than 2 years, hear from industry analyst Peter Kastner on the impact Intel vPro technology has had in the marketplace.

]]>

]]>

Also, hear from Symantec and LANDesk, on how their end-customers are taking advantage of Intel vPro technology, and how they will take advantage of new 2008 features.

]]>

Symantec with Intel vPro technology:

]]>

]]>

LANDesk with Intel vPro technology:

]]>

]]>

Another exciting development with Intel vPro technology has been the emergence of virtualized PC models. Hear from Citrix and VirtualLogix on these new PC models.

]]>

Citrix with Intel vPro technology:

]]>

]]>

Demo of Citrix software with Intel vPro technology:

]]>

]]>

VirtualLogix with Intel vPro technology:

]]>

]]>

We also had Infineon talk about how they are using an industry-standard TPM that is now part of Intel vPro technology to store keys in hardware. Listen to their video below.

]]>

]]>

Citrix and Intel have been working together to deliver a solution that builds on both companies expertise. The end-to-end solutions, application delivery, and virtualization software that Citrix provides combined with the manageability, performance, and security from vPro deliver a novel solution. The solution allow the IT OS build to go through a secure or trusted boot, where the hardware and software used to launch the OS is measured for integrity before the program executes. The OS can be streamed off a remote server, and the end-user gets the rich client side local execution experience.

In this video, Citrix Software's Paul Hahn, Director of Business Development / Virtualization & Management Division, and Matt Edwards, Product Manager, talk about how Citrix Systems is developing products for OS/App Streaming on top of Intel vPro technology. You will see that the virtualized, measured, and streamed OS is able to still render and rotate a rich CAD drawing.

NOTE: If you have not read parts 1 through 5, please read these before reading this part as this is a continuation of the story begun in the previous sections. http://juice.altiris.com/book/4687/altiris-and-intel-vpro-use-cases

The Might Modern Marketing IT team has just seen two suspected competitors encroach on the home turf. What can they do in light of this brazen intrusion? Can Altiris and Intel's vPro help them gain the upper hand when the opposition brings the fight to the very top? In this part of the story we'll learn the final outcome of their major competitor's struggle to gain the majority share of the market through fierce competition and unscrupulous IT sabotage.

Mighty Modern Marketing HQ - Boston, Massachusetts

"Bobby!" Jessica Langley whispered loudly. Or, more accurately, she said loudly to just pierce the cacophony of fans filling the server room. She turned the corner and saw Bobby perched at his desk. His hands rested on his keyboard, as if posed to begin coding at an instant's notice. He seemed to be looking intently at his monitor.

"Bobby?" she urged, stepping closer. He didn't respond, and as she watched his head tipped forward. He jerked, a loud snort escaping his nose. He glanced around, blinking bleary eyes, before his eyelids seemed to close of their own volition. He settled back into his chair, hands still poised.

Jessica tapped him on the shoulder. He didn't respond. She tapped harder, and he shrugged, but his eyes remained closed. She shook the back of his chair, and he jumped, hand flailing out to grab the sides of his desk. He whirled around, staring at her with wide, reddened eyes.

"Jessica!" he said, blinking rapidly. "Something wrong?"

She folded her arms. "Yes, something's wrong," she responded tersely. "We're under attack."

He wiped at his face with his long-fingered hands. "A virus?"

"No, something a bit more direct. I saw that ninja guy again, and some smooth-slick character with him. He might be Jake, the New Nifty Network CEO."

"The ninja? The guy I thumped with the laptop??"

"Yes."

Bobby looked at her wide-eyed. His eyes darted about, and he finally picked up a power strip, gripping the plug and cord. He twirled a few times, and Jessica backed away.

"What are you doing?" she demanded.

"I need something in case he comes after me for revenge!"

"Is that supposed to be a ball and chain?"

He glanced down at the strip, the empty black slots seeming to stare back up at him forlornly.

"Yes. No. Maybe... I don't know!"

She reached out and took it from him. "Tevita's following them, but we need to lock things down."

Bobby rubbed his hands together, his expression tightening a little. "I always have things locked down," he said. "You're insulting my..."

"No time for that. Lock up all the servers, and backup all databases right now. If possible bring non essential applications down until we get these guys out of here. And call security."

Bobby nodded. "There's a ton of locks. Can you help while I call?"

As Jessica set locks on the server's chassis and covers, she watched the door leading into the server room. She couldn't seem to keep her eyes away from it, half expecting one of the suspects to barge in waving a bat around and demanding their most sensitive data. Halfway through the process Bobby gave her a large key ring full of small metal keys with short-stubby teeth.

"Go check the server racks and lock any covers that are open with those," he instructed.

She stared at him. "There are a hundred keys here, and none of them are labeled!"

"I know. I keep meaning to get around to label them, but... well... how fun would that be?"

"Yeah, how fun?" she mumbled as she headed around the corner. She started down the row, checking the front of the cases. She made it almost halfway around before she found one that opened. She looked down at the mass of keys and sighed.

She only had inserted about thirty keys, all without budging the lock, when her mobile phone rang. She quickly fished it out of her jacket pocket, glancing at the number before putting it to her ear as she pushed the answer button.

"Tevita?" she prompted.

"Jessica! They're up here on the executive level!" he said in a loud whisper, and she had to press her phone hard against her ear to hear.

"Bobby called security..."

"These guys are really delivering packages as if they're legit, but that taller guy, the slick one, keeps looking around as if expecting to see something."

"Why don't you go tell Mr. Johnson? I think that's Jake Wells."

"That's a good idea. I'll call back if I need anything..."

"Just be careful..." she started to say when the line dropped. She locked the keypad and slipped the phone back in her pocket. She stared down at the keys on her other hand, and finally decided she had better things she could do. She walked quickly to Bobby's office. He started intently at his screen, his fingers flying over the keyboard so fast they seemed to blur in her vision. She placed the key ring on his desk and he looked up.

"The first half of them are secure," she said, not mentioned she hadn't needed the keys for any of those.

"That was fast..."

"I got a call from Tevita. I think I need to secure some of the more vital PCs in the office, here. Did you ever finish those network filters I asked for?"

Bobby nodded. "I did. I still need to test the last one..."

"But the accounting and executive filters are ready?"

He nodded again. "Yes. I'll email them to you now. It wasn't easy, what with the limitation on how many filters I can apply, but I weeded out the nonessentials. Instant Messenger won't work, nor will standard Internet Explorer stuff, but all the applications the two groups will use respectively are available."

"Email?"

"I think so... it's not reliable..."

She shrugged. "Better than nothing. Thanks!"

She hurried out the door. Her eyes looked around the office as she walked tensely back towards her desk. She expected to see signs of stress or something, but everyone acted normally. Several even said hi, and she managed to smile back, though the smile felt stiff on her face. Why couldn't she have a normal IT job where emergencies consisted of no coffee in the break room, or typical, non-intentional application crashes? Couldn't someone simply forget their domain password for the highlight of the day? That kind of stress she could handle without her stomach tying itself into knots.

She sat down as a new email came in from Bobby. She opened the email, and downloaded the attachments to a share on the Notification Server. She quickly initiated a Remote Desktop to the Notification Server. When she clicked connect, she received a message indicating the max number of session had been reached. She stared at the screen.

"No way," she muttered as she jumped to her feet. She hurried over to Tevita's desk, but he'd locked all his systems. Definitely wise, but If he had sessions open she'd be unable to close them. She hurried back and launched the Altiris Console on her own desktop. She'd wanted to add the filters in the right places on the drive of the server, but it wasn't necessary. The console came up, and she browsed through Manage, clicked on Jobs, browsed through Tasks and Jobs, Server Tasks, Real-Time System Manager, and clicked on Network Filtering Task.

Jessica right-clicked on the Task and choose "Clone". She named it "Accounting Network Filtering Task" and clicked OK. The new filtering task appeared, the task configuration loading in the right pane. She clicked the Edit button on the icon bar with the small pencil symbol. Under the section ‘Filter network traffic other than to and from the Notification Server' she changed the radial selection to ‘Import network filtering settings from the custom XML file'. Under the section ‘Location of the file to import from:' she clicked the Browse button. In the subsequent window she browsed to the share she'd copied the custom files Bobby had created and selected the Accounting one. She clicked Open which returned her to the Settings page.

At the bottom of the right-pane she clicked the Apply button. Next, she clicked on the ‘Run Now' button on the icon bar. Within the pop-up window that appeared she set the ‘Run name' field as ‘Accounting Lockdown SOS'. Under the ‘Connection credentials settings' section she clicked on the hyperlink labeled: Runtime Profile. From the list she selected the list of credentials containing her Domain credentials that had full rights to all AMT systems. When she'd committed the changes she then clicked the hyperlink under the Resources heading labeled ‘Select computers'. The Task Server resource selection window appeared.

In the left most pane she expanded the Computer Collections folder and the My Collections folder. Under this section she highlighted the collection labeled: All Accounting Computers. By double-clicking on this collection the picker added it to the right most pane, labeled Selected Items. She clicked OK to add the collection to the Task. On the main Run Task screen she hovered the mouse-pointer over the ‘Run Now' button. She wondered if both words were capitalized to emphasis the finality of the button! She believed the filter would work since she had faith in Bobby's skills, but if something went wrong...

For just a moment she paused, taking her hand off the mouse. Over reacting might save the day if these two interlopers really came with Mighty Modern Marketing's determent in mind, but if she'd jumped to the wrong conclusions she might just create a huge mess for no reason at all.

Another thought, one she'd had previously, surfaced in her mind. If Bobby hadn't verified the filter worked, and it somehow invoked a filter that did NOT give access to the systems via Notification Server, she might just decapitate every single one of the Accounting department's computers with a single click. She shuddered as she imagined Tevita and her running from computer to computer in a desperate effort to manually disengage the network filter using their credentials. There was a reason Bobby tested all the filters he created, and that same reason applied as to why she and Tevita each independently tested them again.

So far Bobby always got it right, at least from the Notification Server aspect. Sometimes the other filter items didn't work properly, but she'd still be able to quickly remove the filter from all the systems. She sat up straighter in her chair, her lips pressed into a firm line, and took hold of the mouse again. With only the briefest of hesitations she slicked the ‘Run Now' button.

She waited a minute, then refreshed the status display. So far so good. She quickly ran through the same procedure, but this time setting the Task to quarantine, this time for the system's own protection, the Executive systems. She paused before running it, then quickly picked up the phone and dialed Mr. Johnson's number.

"Mr. Johnson's office," a young voice greeted.

She paused. She didn't recognize the voice, but didn't attribute it to the two she'd seen. "Uh, yes, this is Jessica Langley down in the IT department. Is Mr. Johnson available?"

"No, ma'am. He's currently in a meeting. Can I take a message?"

"When did he get a secretary?"

She heard a chuckle. "I'm not a secretary, I'm his son, Roger. It's ‘Go to Work With Mom or Dad' day at school. I'd rather be here than school, so... here I am."

"Okay... Can you tell him this is urgent?"

"I would, except he left for the meeting and I don't know where."

She sighed. "Thanks Roger." As she hung up the phone she clicked the ‘Run Now' button.

Leaning back in her seat, she folded her arms, eyes on the Altiris Console. Having applied the filters she did feel a little better, but she still couldn't sit still. She stood and walked to the drinking fountain, trying to think what next she needed to do to ensure whatever their competitors planned didn't cripple the business. Her eyes roved over the immediate area. It seemed everyone moved calmly, with occasional conversations heard above the hum of computers. She fished in her pocket and removed her cell phone, staring at the display as it lighted up. If Tevita was hiding somewhere, calling him might give him away. But surely he'd have placed in phone on vibrate...? She hated not knowing where and what Tevita did, and what the interlopers meant to do.

She found herself facing the stairs. Part of her wanted to run up there and blow the whole thing wide open so that the sheer number of Might Modern Marketing's employees would stop whatever they planned. Of course if it ended up being an innocent visit... she threw that thought aside. They'd shown up looking like delivery guys, and the furtive glances from the "ninja" seemed to proclaim their guilt. She reached up and rubbed at her eyes, trying to decide what to do next.

They'd locked down the servers, taking down nonessential applications, and employed filters against critical systems. She squared her shoulders and entered the stairwell, hurrying up the two flights to the third floor. When she reached the door at the top she stopped, taking out her cell phone again. She dialed Tevita's number and pressed the send button. The phone rang several times before his voicemail started playing. She hung up the phone, fidgeting with it for a few moments before slipping it back into her pocket.

She tried to square her shoulders again, but somehow the thought of heading through the door started her stomach doing flips. She pressed a hand against her middle, trying to physical calm her nerves. It wasn't like these guys were armed... were they? So far the incidents had all been non-violent, but had desperation driven them to take extreme measures? Thinking about her job description, the security and protection for the intellectual property of Might Modern Marketing fell under her job description. These rubes from New Nifty Networks certainly qualified as a threat, but where should she draw the line?

She smiled wryly, decided she didn't like the spineless turn of her thoughts. True, there could be real danger on the floor, but most of the people up here she knew well and trusted. She opened the door and stepped through.

To the left sat the accounting team, most in closed-door offices to help with keeping sensitive data from wandering eyes. She saw one of them exit his office, a frown on his face. She walked towards him, intending to head through towards the executive staff area, when he looked up.

"Hi Jessica," he said, the tight expression on his face easing. "Can you help? I'm having internet problems right now."

"I know," she responded with what she hoped was a firm but friendly smile. "We have a security issue I'm dealing with and we've locked most systems. You should still be able to run the Accounting software... Balance Act. Have you had any problems with it?"

"No... I just... well... do you know when we'll get it back?"

"Hopefully soon. I'll send out a notice when it's back up."

"Okay. Thanks..."

She nodded and continued on her way. She heard him behind her start talking to another of the accountants, and he sounded a little annoyed, but she thought that better than any wrath had the critical application Balance Act gone down. She smiled, hoping someone would try to strip the data from the application and try to send it out, only to find that they couldn't make a connection to anything. She hoped they stewed over it, trying to figure out why the computer wouldn't connect to anywhere despite showing a network connection.

She tried to look casual as she raced towards the executive area. What would she find? By the look of people on the floor, no one had any inkling that two unwanted people prowled the hallways. As she turned the corner, her eyes followed the line of doors, most of them open. The sound of conversations floated out of a few, all sounding normal and unhurried. She noticed that Mr. Johnson's door remained closed. She walked on her tiptoes for a few steps, trying to look down into the cubes opposite the CEO's office. The first two stood empty, while the next two held their normal occupants, none looking more harried than normal.

She reached his door and glanced through the side window set to the left of the door. She noticed a young man sitting at the computer. He slouched back in the office chair, right hand moving around the mouse, his hair spiky and bleached blond. She assumed this was Roger, and moved on. She fished her phone out of her pocket and dialed Tevita gain. For the second time he didn't answer and she reached his voicemail. This time she left a short, terse message asking him to call her, and hung up.

She looked either way down the hall, her stomach slowly turning over. So far everything looked fine, except that Mr. Johnson wasn't at his office and Tevita wouldn't answer his phone. Many possibilities as to why held nothing malicious, and probably nothing amiss had happened. Somehow she couldn't convince her body of that, and found herself walking stiffly down the hall towards the set of conference rooms at the end. She couldn't unlock her knees, as if her joints had seized up. She wrung her hands in a gesture she'd long ago overcome, and forced her arms to swing normally at her side. Even that gesture felt forced, and she shook herself, trying to loosen up her tense muscles.

One of the conference room doors held shut, the other room's doors open and the lights out. Light streamed under the door and through the indoor window of the occupied conference room. She sidled up to it, trying to peer in without showing her face. She caught of glimpse of Tevita, standing against the wall. His normal smiley features pulled down in a frown, his arms folded tightly across his chest. She knew he only folded his arms like that when angry. Not just a little angry, but very angry. She quickly backtracked to approach the door from the other side.

The first person she saw held a sly smile on his face, his slick features seeming to hold confidence to overflowing. He spoke, his mouth quirking at the corner as if he had trouble keeping a secret. He pointed at a laptop plugged into one of the network cables snaking out of the middle of the large oval conference table. It looked like one of their field laptops meant for Sales Engineers or Consultants. She even saw the telltale barcode they stuck on all laptops before shipping them out, but also noted it was vPro capable. She glanced around, but in the dead-end hallway no one paid her any mind. She ducked down and put her ear against the door, trying to hear inside.

"...really think you're as spineless as that, old man." The voice reminded Jessica of a new car salesman who knew he could really sell cars.

Mr. Johnson's voice sounded as measured and confident as always. "You know that's not true, Jake."

"I do have to give you credit, Mr. Unflappable. You act like you aren't phased, but I've seen your employees run around like chickens with their heads cut off from time to time. I was hoping to reach an agreement today, to avoid future... incidents."

"We're not afraid of you," Tevita said hotly, the words loud enough to cause her to flinch.

She could just imagine Mr. Johnson holding up a placating hand to Tevita. "Why do we need an agreement? You've seen the projected numbers, I assume. You've done no real harm."

"Oh? You seem to forget I have access to your network, as this laptop proves. I know everything, including pending projects, budget allotment, fiscal year targets, and actual revenue both real and pending."

"You love the threat," Mr. Johnson said, a hint of mocking in his tone. "Did you think I'd be impressed that you'd have the gall to walk in here and make ludicrous demands?"

"You'll notice that security hasn't stopped me yet. If you need proof, let me show you..."

Jessica glanced through the window, her eyes trying to focus on the number printed below the barcode. If she knew which machine this was, she might be able to control it. She quickly pulled out her cell phone and punched in the number. She then quickly retreated, heading back quickly towards the stairs. She scampered down them, only to almost fall as the heel on her left shoe broke off. She skidded down the last few steps, barely catching the rail to stop a certain face plant. She quickly slipped both shoes off, hurrying down to the first floor.

She reached her cube, glad she'd left the Altiris Console up. She used the barcode in Asset Management to find the name of the system. She browsed in the console under View, Solutions, Real-Time Console Infrastructure, Tools, and clicked on the Manage node. She quickly typed in the name and clicked OK. A window appeared, giving her the RTSM interface. A grim smile slipped on her lips as the tree loaded, giving her all of the Real-Time System Manager functionality. In the left-hand pane she browsed down into Real-Time Consoles, Real-Time System Manager, Administrative Tasks, and selected Hardware management.

With her hand hovering over the mouse, her mind whirled through the possibilities. With vPro, she had a lot more power. Taking control of the system wouldn't do much since she could only access a non-graphical interface with Serial Over LAN. Anything else she might do would only alert them to what was occurring. She needed to do something fast. She selected to reboot the system, checking the option under Redirection options labeled, Perform boot from: and Display task progress and remotely control computer. She selected to provide a CD image, browsing to a utility for disk formatting. The utility had the ability to quickly write zeroes to the drive. This essentially cleared the hard drive of all data.

It was a good first step, and she initiated the reboot, redirection. She wished she could see the snide smile vanish as the computer abruptly turned off without any warning. She knew the laptops had reasonable boot times, but it seemed to take an eternity to load the utility. She half expected the laptop to be removed from the network, the SOL session dropping, but eventually the utility's interface appeared. She glanced at her watch. It took forty seconds, though she swore it had to be at least five fretful minutes.

She quickly selected the option to wipe the drive, quickly pressing through the double-warning that all data would be lost as quickly as she could. With luck the two dimwits wouldn't realize what was happening until it was too late.

Now what had he said about security? Bobby said he'd called them, so why hadn't anyone responded? She pushed to her feet as she locked her computer, hurrying towards the front desk area. When she reached the front desk she found it unoccupied. A visitor stood at the front of the desk, looking around with a frown and lines creasing his forehead.

"It's about time," the man said, visibly trying to smooth his expression. "I have an interview and need a temp badge."

Jessica shook her head. "Sorry, I'm not with security," she said hurriedly as she picked up the phone.

"If you're an employee, you can escort me," he said with the words forceful. She paused, looking him over quickly. He carried a thin folder under his left arm, with his arms held closely to his sides, his legs shoulder-length apart. His dark eyes watched her far too intently, hardly a blink to disrupt his scrutiny. Despite his oversized short, she could see the honed muscles tensed underneath.

She swallowed the lump that formed in her throat. If she hadn't failed Drama in high school she wouldn't be as worried as she tried to smooth her expression.

"It's against policy," she said, grateful the words came out firmly. "Without a badge... I'm sure security will return shortly."

The man's lips thinned. "You don't understand..."

She dialed the phone as if she wasn't two millimeters away from bolting back into the secured section of the building. The wide desk might give her enough lead time to get through before this suspicious man grabbed her. If he chased her, would she try to force the door closed behind her, or simply start screaming? Her face felt cold, but she still found the whole situation absurdly funny.

Bobby answered his phone. "What, IM broken again?"

"Hi, this is Jess. I came up to talk to the front desk folk, but nobody's here. Can you page them?"

The man standing in front of the desk scowled. "Look, I can't wait any longer..."

"Really? I called and told them the situation."

"I know. I need to take care of the power problem to the servers we discussed earlier, and need someone from facilities here, now. Can you try again?"

"Power...? Oh. I see. I'll get right on it."

"Thanks."

She hung up the phone. She contemplated calling the police, but she wondered if the two stooges upstairs had actually broken any laws. If they hadn't, what would the police think? She knew something had to be illegal, but did police get involved in this kind of thing? She continued to watch the man carefully. He stood stiff, visibly trying to keep his face smooth.

"Sorry," she said. "I can't help you, but someone should be here soon."

"That might be too late," the man said, throwing his free hand up into the air, almost dropping the folder with the other. "I'm supposed to do sneaky about this, but it's been too long. I'm Detective Cassidy from the Boston Police Department and believe some criminal activity is being conducted in this facility."

He reached back into his pocket and produced a wallet. He flipped it open, revealing a gleaming badge.

She stared at him, mouth open for a moment. "You're with the police?" she managed to say.

"Yes, now get me into that building unless you want to be held culpable as well!"

"Culpable? No, by all means! Please, come in."

She walked over to the main door, pulling her badge up to the magnetic reader. Her heart hammered in her chest, relief flowing through her limbs until she felt almost weak. She held the door open for the detective. He walked in, eyeing her suspiciously.

"I'm Jessica Langley," she offered. "I'm on the IT staff."

"Jessica... I'm surprised you'd offer your name so freely," he said, eyes moving over the collection of cubes.

"Why? Whatever you've heard, you'll see the truth soon enough."

"The truth, eh?" he said with a hint of a dry smile. "Okay. Lead on."

They quickly headed up the stairs, through the marketing section, past the executive offices, to finally reach the one closed door in the conference area.

"That guy there, Jake Wells I believe is his name, is the CEO of New Nifty Networks."

Cassidy peered in.

"Fix it!" Jake demanded with his face an unhealthy shade of red. The "ninja", still sporting his delivery guy outfit, fussed with the computer.

"It's dead..." he said. "Somehow I can't boot to the hard drive."

Mr. Johnson sighed. "Are we done here? I have a business to run."

"No!" Jake exclaimed. "I don't know how you did it, but this isn't the only laptop of yours I have, of course. I can access everything, even your accounting software..."

Cassidy stepped back, fingering his chin. "Well. This is certainly odd. But a few unanswered facts are now coming into focus."

Jessica gestured towards the door. "So you came here thinking we're doing something illegal?"

"No, according to the evidence presented to us, you were doing illegal stuff. This all but confirms the counter-theory that Jake Wells, a well-known business criminal, was in fact setting you guys up. Alright, don't tell him I came here as I need to get the right evidence in place before arresting him..."

"What if he gets violent?" Jessica asked as Detective Cassidy began hurrying away.

"Violent? Not likely, but if so, I'll have an officer waiting outside the building. Now if you'll excuse me..."

The man practically ran away, hurrying down the stairs. Jessica watched him disappear, and then heard the door behind her open. She turned around to face Jake Wells.

"Hello," Jake said with his broad smile just a little strained.

"Uh, hi," she responded, stepping to the side. She half-expected him to see right through her wary expression, but he simply walked on past, his cohort the ninja following behind, carrying the now defective laptop behind him.

Later Tevita, Jessica, Bobby, Edgar, and Daniel the CSO sat in Mr. Johnson's office. The CEO smiled, a look of relief cracking his normally stoic demeanor.

"Perfect," he said, standing up to offer his hand to Jessica. She blushed furiously as she rose and accepted the hand shake.

"Was nothing," she mumbled.

"Nonsense. You not only stole his thunder, that which he enjoys the most, but you unmasked his entire operation to the police. His sly and underhanded method to use the police to clear out our own security in his plans was ingenious, I must admit, but it certainly backfired. Bobby. Thank you for digging through the servers to find which stolen laptops made the illicit connections to our network to fudge our accounting procedures. Tevita. Well done identifying and cutting off access for those computers and those accounts on them. By removing that potential threat we've finished securing ourselves against any current threat, and with Jake Wells back under the watchful eye of the police, we will likely have a good respite."

"You're welcome," several said at the same time.

He smiled again. "Take the rest of the day off. Expect a bonus soon for all your troubles, but most of all, I'm letting half of you take next week off, and the other half the following week, and you won't have to use your accrued vacation days."

Jessica smiled. Vacation. She hadn't been able to think about it for months now with the ongoing threat, and the idea almost put her to sleep on the spot. She yawned, then offered a nod of thanks.

She didn't really believe things would suddenly become easy as sliding across a newly iced hockey rink, but surely things couldn't be as bad as they'd been?

As she traveled home on the early metro commuter train, a thought struck her hard. She'd said to Tevita that things should be easier. Knowing fate, and her own unlucky streak, she'd just opened herself up to an even harder, scarier situation; one that would probably arise on the first day of her vacation. She considered throwing her mobile phone out the window, but as she raised her arm she stopped. That would be drastic; besides, fate wasn't really against her, was it? And if it was, wouldn't the arsenal provided by Intel's vPro, Altiris Manageability Platform, and tighter security policies stop it?

She didn't throw the phone out the window, but she did turn it off, vowing to turn it back on only when Sunday arrived before she was to return.

The End of Part 6

This concludes this story arc. I hope you enjoyed reading as much as I enjoyed writing this. I hope also that some of the value of vPro has been properly communicated through this story, highlighting some of the features that could be used in a security situation.