Home > Intel Communities > Open Port IT Community > Intel® vPro™ Expert Center > Blog
Up to Blog Posts in Intel® vPro™ Expert Center
1 2 3 4 ... 34 Previous Next

Intel vPro Expert Center Blog

500 Posts
Julie Whitcraft
2

In today’s environment, the pressure to justify any investment is high and often, delaying your PC refresh cycle seems like an easy answer.   Join me tomorrow for a webinar with Dave Bowers from Dell for a discussion on the financial reasons to renew, redeploy and refresh an aging PC fleet.   We’ll cover key areas to consider that can impact the total cost of ownership for your PC fleet – such as energy savings, security, and productivity.  We’ll also provide you with access to tools that you can use to develop your own analysis and assist you in your budgeting conversations for next year.  Learn more about optimizing your PC refresh cycle and reducing your total costs.

 

Register here and ask your finance colleague to join you!

2 Comments Permalink Tags: events, webinar, vpro, roi
Tal Elgar
0

What is it?

When vPro and more specifically AMT was initially designed and engineered it was architected to work on an internal corporate network which allowed for the Server to client communications model. The problem was that many organisations have client PCs that are actually situated outside the corporate environment and were excluded from the reach of the vPro benefits available to systems residing within the corporate network. The reason for this is that client PCs that are not on the corporate environment would be sitting behind a home router and would actually posses a private local IP address that is not publicly addressable - i.e. it is not unique and the Management Console has no way of reaching that remote client. The solution to this situation is what is called CIRA - Client Initiated Remote Access.

 

The term Fast Call for Helpis what we refer to the use case that is enabled by CIRA (which is a means to an end, but not a use case on its own). It specifically addresses a help desk type scenario where the PC is broken and it is being fixed from remote by an administrator or technician.


How does it work?

It works on the principle that as with any usage of a PC behind a NAT'd router, once the client initiates a request (say for a web page) and the information returned comes back to the router, the router knows locally which PC to forward the information back to. The important distinction from the analogy used is that this connection is created Out of Band and does not rely on the operating system or some local software client agent being available or in a healthy state.

 

The connection that is initiated by the client arrives at the vPro Enabled Gateway which needs to be 'publicly reachable' - so it would typically reside in a DMZ and by protected by an external firewall which might have some port forwarding.

 

The management console has a listner for incoming CIRA connections and once such a connection arrives it can perform AMT commands on the remote vPro client.

 

The high level flow is as follows (with a graphical representation below):

  1. The user of the remote vPro client initiates the connection to a component that acts as a proxy Server and is called the vPro Enabled Gateway (aka MPS - manageability presence server).
  2. The connection can either be initiated manually by a user in an OS level utility or pre-OS level with a key combination
  3. Alternatively, the connection can be scheduled to automatically be initiated according to a pre-determined time frequency
  4. Once the connection reaches the Gateway, a secure encrypted tunnel is established back to the vPro client
  5. At this point the Management Console which is sitting inside the corporate environment is notified of the incoming connection from the vPro client
  6. The administrator/technician which is using the Management Console can now initiate any AMT command to the remote vPro client

CIRA.bmp

What components are required for getting CIRA and Fast Call for Help to work?

  1. vPro systems
  2. Management software that has built in support for Fast Call for Help
  3. vPro Enabled Gateway

 

In addition, you should also be aware that there are configuration files that need to be edited for the vPro Enabled Gateway, some configurable ports need to be open and that AMT provisioning (with CIRA profiles) are a pre-requisite.

Which vPro Hardware do I need to take advantage of Fast Call for Help?

Any vPro system that has AMT Firmware 4.0 and above supports Fast Call for Help. That means any 4.x, 5.x and now the up and coming 6th generation of vPro which is being released in the 1st quarter of 2010. The new capability which is being introduced in 2010 is that this CIRA connection can be initiated over a wireless network interface as well, whereas today it is limited to being initiated over a wired network connection.

Which manageability software is available today for implementing a utilise CIRA capabilities?

  1. Symantec Management Suite version 7 (formerly Altiris Management Console and aka CMS7) Beta II
  2. LANDesk Management Suite 8.8 SP3
  3. Setup and Configuration Service (SCS) 5.x and above (including the Intel DTK) also support CIRA

 

Which vPro Enabled Gateway products are available today for setting up a CIRA capable infrastructure?

  1. Checkpoint Secure Gateway (interoperable with the Symantec Management Console, but not with the LANDesk console)
  2. LANDesk Gateway which is embedded inside the LANDesk Management Console (however does require to run specific installer for MPS)

 

Why am I blogging about this now?

CIRA and Fast Call for Help were actually supported in Intel Firmware from version 4.0 which was released about 1.5 years ago. Unfortunately all the components required to make Fast Call for Help work were either unavailable or had stability issues. However, today the components exist and are validated to work successfully (with a few known issues that are being addressed). Therefore, if this is of interest to you then you are in a position to implement Fast Call for Help in your environment today. We would welcome anyone out there that is interested in trying to implementing this

 

Is this everything I need to know?

There are more technical details required for a successful implementation, however this should provide a good introduction and starting point. If you have any questions, please don't hesitate to contact me.

0 Comments Permalink Tags: tal_elgar, fast_call_for_help, cira, symantec, landesk, vpro_enabled_gateway, mps, amt_4.0, amt_4
Michele Gartner
0

We've started to add some new content to the community over the last couple of months that we're pretty excited about - Use Case Reference Designs. Have you checked them out yet? We have a team focused on creating these drop-in solutions that help you start seeing the benefits of Intel vPro technology as soon as possible.

 

Check Them Out

Radmin* - Help Desk Tool for Use With Intel vPro TechnologyHelp desk personnel don't usually have access to the management console. This use case reference design shows how the help desk tech can use Radmin to perform basic Intel® AMT functions.

 

Windows* 7 OS, Microsoft* ConfigMgr SP2 and Intel® vPro™ Technology Use Microsoft ConfigMgr to wake up your vPro systems that are running Windows XP, install Windows 7 on them, link the data back & *poof* the machine will be migrated the next time the user logs in.

 

Intel AMT Firmware Update Using Microsoft Configuration Manager 2007 SP1 and Intel vPro TechnologyThis use case reference design is helpful if you are activating your vPro fleet on your own - and helps you perform Intel AMT firmware version detection and updates using Microsoft Configuration Manager 2007 SP1.

 

Local Setup and Configuration Using a USB Flash DriveThis is a new one from Jake Gauthier- just published today! This use case reference design shows how a small/medium business can speed up the setup and configuration process.

 

And here's the library of Use Case Reference Designs:Use Case Reference Designs for Intel vPro Technology

 

What's Next?

The team has some really cool stuff planned:

 

Remote remediation solution which will allow a help desk tech to mount the vPro client's drive remotely - the help desk tech could then do things like run local anti-virus software to do a remote scan for threats on the mounted drive.

 

Remote KVM. The engineers are developing a standalone solution so that you can start using the remote KVM functionality the day that Intel AMT 6.0 launches. Why is this big? Because your management console won't have this support yet!

0 Comments Permalink Tags: vpro, use_cases, michele_gartner
Jake Gauthier
0

Are you a small business looking to use vPro? Are you satisfied with non-TLS management operations? The Local Setup and Configuration Using a USB Flash Drivedocument outlines a process by which Intel Active Management Technology can be setup and configured without a config server, in the fewest steps possible. The trick lies in using the OS to prepare a USB Key for setup and configuration on the fly. Just insert the key, and allow the batch file to auto-run. The system will reboot and prompt to accept the configuration. Choose Y and you're done. Once you've configured, check out Radmin* - Help Desk Tool for Use With Intel vPro Technology for a quick way to gain value in vPro...remotely manage a downed system.

0 Comments Permalink
Josh Hilliker
2

Thewebsiteisdown.com gives us a new installment.  While I agree this is possible from the admin standpoint, I don't encourage you to try it at this scale.

 

2 Comments Permalink Tags: vpro
Florence Lo
0

Take a look at the posted document on Radmin (Remote Administrator).  This free tool (Viewer) allows technicians to gain access to AMT basic functions and will work with any provisioned ISV under SMB or Non-TLS Enterprise Mode.  This tool can be provided to IT Techicians who may not have access to the ISV console to perform the basic AMT functions on a provisioned client.

 

 

http://communities.intel.com/docs/DOC-4309

0 Comments Permalink Tags: radmin, amt, vpro
Michele Gartner
0

Here's a compilation of some of the issues that were added in the last few months to the Known Issues, Best Practices, and Workarounds wiki:

 

 

 

 

 

 

 

 

 

0 Comments Permalink Tags: landesk, configmgr, sccm, intel_amt, troubleshoot, vpro
Michele Gartner
0

Our most recent issue of the Intel vPro Technology Heartbeat was published this morning. This newsletter is a compilation of Intel vPro resources that were collected over the last two weeks. In this issue, check out the article series on Intel Active Management Technology that was published by our partners at the Intel Software Network's Manageability community. We also have a bunch of webinars coming up around Windows 7 and Dynamic Virtual Computing. Registration links are in the newsletter!

 

Read the newsletter, or subscribe to receive it in your inbox automatically.

0 Comments Permalink Tags: vpro, newsletter
Josh Hilliker
0

It's been way to long since I did a video, so here's a quick one..   I highly encourage you to subscribe to the vPro lists on myitforum.com.  Here's a quick video of me showing you how..

 

    

0 Comments Permalink Tags: josh_hilliker, myitforum.com
Terry Cutler
0

Take a look at a recently posted document providing insights on what might cause a rapidly expanding database, key learnings how to minimize the growth and provide good performance, and more.

 

http://communities.intel.com/docs/DOC-4306

 

The document may be updated over time, depending on requests, inputs, and so forth

0 Comments Permalink Tags: vpro, intelamt, scs
Josh Hilliker
2

 

Over the last week I decided to take a journey, one without social media and interacting with folks online.  What I learned is the following:

  • Took longer to do my job (it’s true!!)
  • Missed out a few key interactions that would have helped me – it’s true, I am now combing back through to look a few posts – example:  Spiceworks just announced a new plug in capability that is leveraging vPro
  • Realized I was not sharing as much as I could have – I was working on win7 & vPro for SMB, defining the ease of use of both technologies in the 3-5 PC space.  I missed sharing this information out to the team and group.
  • Had a few dialogues around me missing something online – a few folks ping’d me throughout the week if I had seen certain things (from technology to people movement inside Intel)


So why does this matter to vPro?  Well, I believe part of the success of realizing your vPro value is to use our community, interact with us on twitter and be a part of the technology adoption and usage.    I also realized that usage of our technology is not confined to how we believe it will help you, but also how it will be used in different situations, location’s, and relevant to your business.   

If you want to connect with us, here’s who’s on twitter for vPro?  Here’s a few accounts.

IntelvPro twitter.com/intelvpro

SmartchickPdx twitter.com/smartchickpdx

Joshprostar twitter.com/joshprostar

I also missed the interactions online that I usually participate in throughout the week.

 

 

 

2 Comments Permalink Tags: vpro_expert_center, vpro, josh_hilliker, twitter
Terry Cutler
0

Earlier this year, Lenovo made a small change on their T400 and related platforms.   The Ctrl-P option disappeared when attempting to access the MEBx (Management Engine BIOS Extension screens for Intel Active Management Technology).   If you browse through the Lenovo BIOS update posting, there is a brief mention of this change.

 

The main reason was to improve boot times.   The difference is a few seconds.   All of the Intel AMT functionality is still present.

 

To access the MEBx screen, press F12 during the POST process to access the Boot Menu.

 

access-MEBx-T400.gif

The option "Enter ME Configuration Screens" will access the MEBx.

 

The option "Initiate a Remote Connection" is for the Client Initiated Remote Access (CIRA), more commonly referred to as "Fast Call for Help" - the ability for Intel AMT to make a call home for assistance.

0 Comments Permalink Tags: lenovo, mebx, vpro
Josh Hilliker
1

HI all,

 

Internally we are cooking up a # of topics that we would like to share from Use Cases, BIOS versions, form factor's, etc..   However we wanted to ask you first as a community, what would you like to hear more on?  What piece of vPro do we need to show more?

 

Let us know.. leave a comment or shoot me an email josh@intel.com.

 

Thank You

 

Josh H

1 Comments Permalink Tags: vpro, vpro_expert_center, josh_hilliker
Michele Gartner
0

This week's newsletter highlights success stories by Intel IT, BMW, Valerent, Compucom, and Computacenter. In addition, find our latest webinar offerings, known issues, and quick links to useful documents on the Intel vPro Expert Center.

 

Click here to view the newsletter.

 

Want to receive this bi-weekly newsletter in your inbox? Click here to subscribe.

0 Comments Permalink Tags: vpro, newsletter
Terry Cutler
1

In recent weeks, I've received a number of questions about Dell Client Manager 3.0 ability to configure Intel vPro technology.

 

I have not had the opportunity to review the latest official documentation from Symantec\Altiris or Dell on how to configure Intel vPro technology. 

 

Therefore, this blog provides my perspective and approach.  As I'm working with Altiris 7 and vPro on an almost daily basis, authoring a complete set of new documentation has not been accomodating to present schedules, tasks, etc.

 

 

I ask for your patience and understanding.   This is by no means the final and complete answer - it's a "best effort"

 

 

A few key points to keep in mind. 

So - you've started to deploy Intel vPro systems from Dell and are using their Dell client manager. 

 

Altiris 7 requires SCS 5.x to configure vPro.   If vPro is already configured - it's just a matter of enabling OOB Discovery and configuring the Pluggable Protocol Architecture (PPA).. see blip.tv video referenced above.

On the Dell Client Manager, check to see if the following fileshare exists – “\\localhost\nscap\bin\x86\Out of Band Management\IntelSCS”
If so – within that directory, find AMTconfserver.exe.   This is the Intel SCS service installation.   File should be version 5.0.2.4
On the Dell Client Manager, check for “c:\Altiris OOB Configuration” directory.  If present, you should see two files – Interop.AeXClient.dll and OOBProv.exe.
The preferred approach is to install Intel SCS via the Altiris (or Dell Client Manager) interface... but sometimes that scripted install fails without direct indication as to what happened.   Although a little advanced, it may be best to directly install the Intel SCS... which is the configuration service for Intel vPro technology.

Two key challenges I’ve seen in directly installing AMTconfserver.exe is that the webdirectories (AMTSCS and AMTSCS_RCFG) need to be set to no TLS and the the integration to SCS via the OOBprov.exe is not done.   The TLS settings are handled via the advanced installation options.   The OOBprov.exe is the configuration script which checks the Symantec\Altiris database against the IntelAMT database for new records, matching UUID\FQDN, recent vPro configuration events, and so forth.

As to what configuration script will be used, this setting is made in the IntelAMT database.   My preference is to use the SCS console to adjust the setting.   SCS console is available with the full download at http://software.intel.com/en-us/articles/download-the-latest-version-of-intel-amt-setup-and-configuration-service-scs/... The other good item here is the updated version of SCS 5.x  (presently SCS 5.2.0.34B)

So that's the brief summary. 

 

As stated previously - my intent was not to provide a complete answer, yet to provide a brief insight and references.

Interested to hear from the community.   Did this help?  More information needed?

1 Comments Permalink Tags: vpro, provisioning, configuration, dell
1 2 3 4 ... 34 Previous Next

Popular Blog Posts