Intel vPro Expert Center Blog

Intel vPro Expert Center Blog

Intel vPro Expert Center Blog : July 2008

Previous Next
Click to view Sophia.Stalliviere's profile
0


I had the pleasure of sitting in on a presentation that Josh Hilliker and Todd Christ for some clients this last week about vPro. As I was sitting there, it dawned on me I didn't realize how good the maintenance is. It really came to me because of Josh's passion and Todd's Knowledge drove it home during this presentation.


The chipset has a lot to do with it. Active Management Technology (AMT) is the featured product. I know I have mentioned a lot about AMT but I never really dove into this subject. It is such a vital part of vPro. This little chipset makes sure that the Operating System (OS) is not jeopardized by outside sources. No matter what state the OS is in, AMT will go in and protect it. AMT would tell the server that its needs help then IT would "cut" most of the connection to only enough to communicate remotely between the server and the client. To make this user friendly on the sever side IDE-Redirection (IDE-R) and Serial over LAN (SOL) are there to help the operator with remotely diagnosing and repairing client systems. To go further on how it has been done Brad Lund did a blog called Using SOL/IDE-R to Diagnose and Repair vPro Clients on the vPro expert center site.


AMT is a force of nature in the chip world. Not only does it help with the protection of the hardware it also makes sure the hardware is up to date, nothing is wrong with it, if there was a problem with it then it would let the server know about it. All of the points are below which tells its main benefits. The name and link is Intel® Active Management Technology.

Features and Benefits


Intel® Active Management Technology (Intel® AMT)

Out-of-band system access Discover. With built-in manageability, Intel AMT allows IT to discover assets even while PCs are powered off.¹ Plus, remote consoles don't rely on local software agents, helping to avoid accidental data loss.
Remote trouble-shooting and recovery Diagnose. Providing out-of-band management capabilities, Intel AMT allows IT to remotely isolate and recover systems after OS failures while alerting and event logging helps reduce downtime.
Hardware-based agent presence checking Verify. Ensuring better protection for your enterprise, hardware-based agent presence checking proactively detects that software agents are running while missing agents are automatically detected and alerts are sent to the management console.
Proactive alerting Isolate. Proactively blocking incoming threats, Intel AMT System Defense contains infected clients before they impact the network while alerting IT when critical software agents are removed.
Remote hardware and software asset tracking Update. Helping to keep software and virus protection up-to-date across the enterprise, Intel AMT also enable third-party software to store version numbers or policy data in non-volatile memory for off-hours retrieval or updates.

For a business, this is solid reasoning to insure that your information isn't going to be destroyed. That could cost a company millions in time and money if the information is gone. Think for a moment that I was sitting here, writing on a blog and suddenly my computer caught a virus. With out this featured product to protect my computer from hazards then all my work would be gone. That would make for a very unhappy intern. Computers just might fly through the air. Ahhh, but the pleasure of having such a luxury like vPro makes life so much better. I wouldn't have to worry about my work being gone. And I wouldn't feel bad because I wouldn't get anybody else infected with that pesky virus.


There was another thought in all of this, I am really bad at keeping up to date on my hardware and software. Even if it give me the sign saying that I need to update my items, I tend to either ignore them or I just plain forget them (of course I check all the time on my work computer, J). It would be even better for employees and me to have our computers update while we are not at our computers. While the employees are gone, IT can set up a script for vPro to check all of the points and update the licenses, then shut down the computer once again (or restart the computers; however, the company would like to do it). When the employees come back, everything would be as if they never left. That would save companies a lot alone because they are getting more productivity time.


This little piece of equipment is so vital to the pulse of vPro. The three words that come best that I found through my research is that AMT "Discovers, heals, and protects".

0 Comments Permalink Tags: amt, josh_hilliker, vpro_expert_center, vpro, manageability
Click to view Kelsey_Witherow's profile
0

Listen in as your hosts talk with Dave McCray, Intel's IT Program Manager. Intel IT is a leader in the activation and use of AMT. They have activated & provisioned over 10k machines - hear how they did it, why they are doing it & how to make your integration better based on Intel IT's best known methods. Also get a scoop on what you'll find in the coming year.
Date/Time: 8/4/2008 3:30PM
Call-In Number: (347) 326-9831
You can also visit Open Port Radio or Stream this Show Online

7-29-2008 10-14-06 AM.png


UNTIL THEN...Be sure to download our prior segments of the show. You can find them on iTunes by searching for "Intel vPro" or on the Open Port Radio site,http://www.blogtalkradio.com/openport. Thanks for listening!

0 Comments Permalink Tags: radio, vpro, blogtalkradio, it@intel, itunes
Click to view Sophia.Stalliviere's profile
0

I got to enjoy a hand's on experience with vPro this morning, I got tired of just reading everything. Another intern, Nick Molina showed me some capabilities that I have only read in whitepapers and postings from vPro experts. I am not sure on how you like to learn, but one of the best ways for me to learn is to see the product in action. Plus I didn't really understand it until it was put in front of me.

Nick was able to show me different remote capabilities, how the server is able to power on and off the client computers, and how to read the hardware from the client computer through the server. He also showed me how you can apply filters to the network interface that would cut out any outside source (e.g. through the WLAN) that would put the client and/or server in harm.

To be able to see this better you should see this YouTube video which shows the same thing as what I was learning from Nick. It's a bit shorter than what I have experienced, but it gives you the same idea. Watching this, and after reading my blogs of course, it gives you a better understanding of what vPro can do.

Intel vPro Technology integration w/Symantec Backup&Restore


Chapter 4 should be coming soon. It will be on trusted environments. Stay tuned!!


Understanding vPro: Chapter 1- What is it?

Understanding vPro: Chapter 2-What is it used for/ why should I use it

Understanding vPro: Chapter 3- Proactive Security- Does it have a tiny guard dog???

0 Comments Permalink Tags: vpro, virtualization, vpro_expert_center
Click to view michelegartner's profile
0

Check out the new articles this week!






0 Comments Permalink Tags: best-practices, troubleshoot, sccm_sp1, landesk
Click to view blund's profile
1

My name is Brad Lund; I work in the Enterprise End User Integration Lab (EIL) as a Senior Systems Engineer. This article is the first in a series of blogs I plan to deliver describing how, with the aid of some very useful tools, we can use IDE Redirection (IDE-R) and Serial over LAN (SOL) to provide the console operator with a more user friendly approach to remotely diagnosing and repairing client systems.

SOL is a great technology that has been around for a number of years. It is generally used in data centers for taking control of a computer in order to make changes to its BIOS. Since output from BIOS is by nature "pure text", SOL, whose interface is based on VT-100 terminal emulation, works fine. But what if the problem requires the console operator to interact with the client in a manner that dictates a graphic interface be present to load and run diagnostic applications?

Since the Enterprise Integration Lab are End User focused, we have had several customers ask us how they could leverage this Usage Scenario to take control of an AMT client while providing the operator with a more intuitive and useful interface. Additionally, every one of the End Users we interact with has a set of tools they use to perform diagnostics and repair. But if the client system is out-of-band, meaning no O/S present, it is NOT a BIOS related issue and the diagnostic tools require the operator to have a graphic view of the client system, how can we deliver on this request?

This series of blogs will attempt to show various ways to address these questions and more. I will start this blog series with the client residing inside the Enterprise using AMT to contact the console operator and utilizing very basic tools - take control. Upcoming blogs will show how to do this for clients residing outside the Enterprise (in the internet cloud) using Client Initiated Remote Access (CIRA) to contact the console via of a Management Presence Server in the DMZ and more robust tools - very cool!

So let's get on with it shall we?

The Tool Set

For this first installment I am using AMT Commander from the AMT DTK to initiate a client connection and perform console redirection (IDE-R). The client platform is Montevina (AMT v4.0). I will also push a Pre-installation Environment (PE) down the wire to boot the client into a graphic environment; either WinPE 2.0 or BartPE can be used. Whichever the choice, the greatest thing about a PE is its ability to be customized. You can build a PE to include not only the necessary drivers to bring a system up, but also all the required software for a technician to truly diagnose and practically correct any problem. A full explanation of PE's is beyond the scope of this blog but easily searchable via your favorite search engine. Lastly, to complete the process I will use UltraVNC, a publicly available application that gives the console operator the ability to view the remote client screen; graphically!

The Scenario

In this setting we have a client system where the O/S fails to boot-up (see Figure 1 - left image). This could happen if the client did something to their system which caused the registry to become unreadable by the O/S. Or perhaps the owner of the system accidentally deleted a critical file(s) required by the O/S to boot properly. In any case, the client calls their support center and is walked thru the required steps to perform BIOS initiated AMT. Once initiated, the console operator can then connect to the client; Figure 1 - right image.

http://communities.intel.com/openport/servlet/JiveServlet/downloadImage/38-11385-1654/Figure1.JPG
Figure 1: Remote client screen on left - Console operator screen on right

After connecting to the client, the console operator opens the SOL/IDE-R mapping interface and assigns the appropriate .iso images for Floppy and CD-R redirection (see Figure 2 - left image). Note: You must assign both a Floppy and a CD image for SOL/IDE-R to operate properly. Also, while you can use IDE devices physically attached to the console system, working with .iso images are faster and more flexible.

http://communities.intel.com/openport/servlet/JiveServlet/downloadImage/38-11385-1659/Figure2.jpg
Figure 2: Point device mapping to .iso images, start SOL/IDE-R, take control of client system.

The next step after starting redirection is to take control of the remote client as shown in Figure 2 - right image and indicate which image to boot from. In this case since we have our PE stored as a CD-R .iso image we tell it to "Remote Reboot to Redirected CD" Figure 3.


Figure3.jpg
Figure 3: Remote reboot to CD-R image

At this point the client system has started a reboot and loading the PE image from the console. However, because we are using SOL the console operator can only see the "text" generated information. Notice the screen in the foreground of Figure 3 titled "PuTTY", this is the SOL interface and portrays only the "please wait" line from the boot loader; not very intuitive or useful. As a result the console operator will have to ask the client to inform them when the PE has finished loading on their system (see Figure 4).

Figure4.jpg
Figure 4: Client system completed boot to PE and ready for remote control

Here is where the fun begins. After the PE loads onto the client system, the console operator starts UltraVNC; pointing it to the client, Figure 5 - left image. Part of the PE build includes the necessary network drivers to give this system an IP stack so it can be accessed via UltraVNC Once UltraVNC connects it opens a graphic window where we can actually see and control the client as though we are sitting at their machine, Figure 5 - right image. Again, we are using the SOL interface to show us text information and the TCP/IP protocol to allow UltraVNC to connect an OOB client - pretty cool huh?

http://communities.intel.com/openport/servlet/JiveServlet/downloadImage/38-11385-1662/Figure5.jpg
Figure 5: UltraVNC to display client screen on console operator system

From here we can invoke a whole series of commands and view the results in real-time. In the example shown in Figure 5 - right image, I am running regedit - OK I realize it is showing the PE registry but with the right tools we can load and analyze the client registry or any other application and/or device.

Remember I said the beauty of PE's lie in their ability to be customized? If your shop use specific diagnostic tools you can include them into the PE at build time and use them here by simply clicking on the orange "GO" button (different PE's have different ways to access applications).

What I have shown here is the ability to use some very rudimentary protocols along with widely available tools to perform very powerful diagnostic and repair functions on a broken client. Keep in mind however this is only one of many ways to achieve this capability. In fact, this particular example can take a fair amount of time to load depending on network traffic and size of .iso image. But it is much better than the down time required to bring the remote system into the support center.

EIL are constantly finding solutions to answer the hard questions for our End Users. In upcoming blogs I plan to show similar capabilities using different techniques to minimize load times while maximizing efficiency. I hope you found this blog useful if you have any questions please feel free to ask. See you soon...

1 Comments Permalink Tags: vpro, cira, brad_lund, eil, epi, winpe, bartpe, sol, ider, tools, utilities, system_maintenance
Click to view Ylian Saint-Hilaire's profile
0


Hi everyone. A few days ago, I did a demonstration of Intel AMT at an Intel event. This is a standard demonstration of Intel AMT with reboot, remote BIOS edit and the unique TCP-over-SOL to perform a VNC session on a computer that has the operating system network stack disabled.

This video is also available in high quality within the YouTube site. You have to go into YouTube and click ont the high quality link. I am pretty impressed how must better the quality is when viewing it in high quality.

The VNC-over-SOL demonstration is probably my number one demonstration for WOW'ing an audience with Intel AMT. I sometimes also do demonstration on agent presence that is also unique to the DTK.

Ylian

0 Comments Permalink Tags: intel, amt, dtk, vpro_tools, video, demonstration, ylian
Click to view Kelsey_Witherow's profile
0

7-29-2008 10-14-06 AM.png
Topic: Listen in as your hosts talk with Dave McCray, Intel's IT Program Manager. Intel IT is a leader in the activation and use of AMT. They have activated & provisioned over 10k machines - hear how they did it, why they are doing it & how to make your integration better based on Intel IT's best known methods. Also get a scoop on what you'll find in the coming year.
Date/Time: 8/4/2008 3:30PM
Call-In Number: (347) 326-9831
You can also visit Open Port Radio or Stream this Show Online

btrbetalogo.gif
The vPro Expert Center's BlogTalkRadio show is hosted by Josh Hilliker, Russ Pam, and Jeff Torello. This bi-weekly informal show covers a variety of topics and is a perfect avenue to get your questions answered. Listen in live, give your two cents, or just download the show after it has aired. Make sure not to miss out on this awesome opportunity to learn and engage with the vPro experts. Can’t join us live? Have no fear, blogtalkradio let’s you listen to the show whenever you have the time. Visit the Open Port Radio site (link is above) to hear previous shows and even catch a glimpse of what’s to come!

0 Comments Permalink Tags: blogtalkradio, vpro_radio, josh_hilliker, kelsey_witherow, russ_pam, jeff_torello, dave_mccray, intel_it, activation
Click to view Sophia.Stalliviere's profile
0


Since the previous blog was Proactive Security I feel it is only suiting to discuss the trusted environment. What the trusted environment comes down to is the hardware. Even though trusted environments are virtual, the hardware is needed to feed out any of the potential problems that can occur. Items such as viruses and hackers that can take over the PC and destroy any information we have on there, vPro will be able to, as I said in previous blog, weed out any problems. This is so cool, just think about it, it would be like a six foot, hammering crazy man, finding problems and taking care of them with his deadly hammers. (If I was a bug, I would be scared!)


http://communities.intel.com/openport/servlet/JiveServlet/downloadImage/1640/l_c3a0b9cc9bac46bcc2ad8e81ee39985b.jpg


This trusted environment is very much an issue in today's world. With vPro technology, it will help reduce this vulnerability. The trusted execution technology (TXT) is a new technology that helps within the virtualized computing environments. It will help on getting less software issues to come up. How this works is the TXT work with the virtualization technology for Directed I/O, the hardware will protect or isolate assigned memory to make the virtual machine less prone to attacks.


I came across a case study in my research: a huge hospital by the name of Nottingham University Hospitals (NHS) that has two different primary sites that are 30 min apart. With 6,000 desktops that are there imagine how much they would spend in IT alone. Once this was implemented in the two primary sites, it takes them only 10 minutes to deal with support calls, which would even mean when the client is powered down, instead of two hours. If you would like to read more about this case study go to The Future of IT Support.


Where else would you want a trusted environment to happen? Make sure nobody can get your personal information that you do not want to, but when other physicians and/or staff that need to get to your records, they are able to. If that computer that has all your information is not working properly then other problems can occur and it would be a domino effect. vPro will be able to let the server have access this information and plug it into another client.


Let us look beyond this; how about Financial institutes'? They have a lot of personal information there. If the clients went down at a branch, a main server can come in and fix most software problems from a main site. Less desk side service would mean more money that would be distributed. I like more money also I like having reliability in an area that is holding my money. For some reason I like to retrieve what I put in. Stock markets have many people with computers, which would mean that there could be potential problems. If that happens instead of trying to figure out where that person is, they can fix the problem remotely. The main server that IT works on would make sure that all of the clients are protected from harmful outside sources.


See now don't you wish you always had a big guy with hammers to destroy anything bad!!


Understanding vPro: Chapter 1- What is it?

Understanding vPro: Chapter 2-What is it used for/ why should I use it

Understanding vPro: Chapter 3- Proactive Security- Does it have a tiny guard dog???

0 Comments Permalink Tags: txt, vpro_expert_center, vpro, security, sophia_"the_intern"_stalliviere
Click to view Ylian Saint-Hilaire's profile
0

I often get questions about the Intel AMT serial port. Ever since the DTK started to make heavy use of it, serial-over-LAN has gotten a lot of attention. First, how do you change the COM port number of the Intel AMT serial port? The COM number (COM3: for example) is assigned by the operating system, so you don’t see that is any AMT/BIOS/MEBx option. You have to go into Microsoft Windows Device Manager, go to the properties of the “Intel(R) Active Management Technology – SOL” port. Then go into the “Port Settings” tab and press the advanced button. There, you can change the COM port.

Also, it’s often useful for application to be able to automatically detect the AMT serial port. In Intel AMT Outpost, I scan the device drivers looking for the “Intel(R) Active Management Technology – SOL” device and read the COM port number that follows in that string. Sofar, it seems to work great, even in non-English countries, something I am always worried about.

The Intel AMT serial port is much like any other serial port, but it has a PCI device identifier that is not normally known to Microsoft Windows and so, Windows does not know what to do with this device. On Intel’s web site, there is an SOL driver available. The serial driver itself is just a small .INF that tells Microsoft Windows to load and use the standard serial driver. In fact, one can manually force the standard Windows serial driver to be used for this device. You need to go in the device manager and pick a driver from the list, select Microsoft as the manufacturer and you will see it. Even if it’s possible, I don’t recommend it because the DTK code will no longer recognize that COM port as being the AMT port, it’s going to work but will have the wrong name for auto-detection.

Lastly, if someone needed to know if a computer is AMT enabled without having to load any drivers, one way to do it would be to detect the presence of the Intel AMT serial port. It is always present even when AMT is un-provisioned, and it can’t be turned off, unless AMT is disabled entirely in MEBx. This can be a good way to figure out if you need to start considering a computer for AMT setup.

Ylian
(Intel AMT Blog)

0 Comments Permalink Tags: intel, amt, dtk, ylian, serial, sol
Click to view josh.hilliker's profile
3

If your headed to IDF (Intel Developers Forum) in San Francisco this year we will have a booth, classes and great folks to talk with about Integration, Activation & tools.


I will post out a list of Client classes in the next few days.

3 Comments Permalink Tags: idf_2008, idf2008, josh_hilliker, vpro, idf
Click to view BobStoddard's profile
1

Manageability & Automation - It is all about planning!!!


How can Architecture help:

The primary role of architecture is to provide an orchestrated plan to meet short term and long term Manageability & Automation (M&A) objectives. Architecture is all about technical planning and can enable reduced operational costs and agility if done correctly. I strongly believe that architecture can help accelerate the rate of change and provide real value for "M" and for "A".

Some specific Architecture-enabling activities include:

  • Service Definition - Define the core Services and what are in/out Scope. Example below.

http://communities.intel.com/openport/servlet/JiveServlet/downloadImage/1613/Scope.jpg

  • Taxonomy - Define the next level of Services details. Example below.

http://communities.intel.com/openport/servlet/JiveServlet/downloadImage/1614/Taxonomy.jpg

  • Establish a high-level Strategy and Conceptual Architecture (5-10 year vision). Example below.

http://communities.intel.com/openport/servlet/JiveServlet/downloadImage/1615/Architecture.jpg

  • Define a strategy with a set of guiding principles / policies to enable the M&A. These may include:
    • Vendor strategy (single / multiple sourcing)
    • Integration "Frameworks and/or Point Solutions" (or combo) strategy
    • Operation model strategy (centralized / distributed)
    • Data strategy


  • Define a 3-year horizon "capabilities" roadmap with the first year committed (partnership of Architecture, Operations and Engineering) and the last two years a best guess based on realistic funding, estimated vendor product delivery schedules, business trends, emerging / disruptive technologies, etc. Use this roadmap to communicate and synchronize with vendor roadmaps, driving your requirements into their products.


  • Establish governance to insure compliance to guiding principles and capability roadmaps.


  • Define specific detailed architecture (reference, service and solution) to connect the dots. Depending on the detail, they may include: logical diagrams, ports, protocols, product names, configuration standards, naming conventions, etc.


  • Be vocal when it comes to new concepts/technologies and push back it they do not make sense or pull if they do. In our enterprise, some worthy examples include: SOA, OS/Apps streaming, virtualization, IAMT.

We have seen architecture help. Two years ago, we started assembling an architecture plan (definition of the business, conceptual architecture and a capabilities roadmap). We focused resources and funding (consistent with the roadmap) on improving the "M" (Manageability) first. We have been very successful in key areas like compliance auditing, patching, basic autonomic responses to exceeded thresholds, etc. for servers and clients. We will focus the next couple of years on: increased "A" (Automated responses) and prevention for core platforms, integrating data (for business health reporting and enabling Automation), extending capabilities (like more event sources from storage and data center facility), extending remote management (IAMT), developing Capacity & Performance Mgt to a new level of sophistication and actively enabling automation to meet the operational business needs. The key is to have an agreed to vision and deliverables with some meat around governance to make it happen. This is more like a marathon, not a sprint.

I hope this was thought provoking.

Regards,

Bob

For context, Introduction of the "Relevance of Manageability & Automation Architecture" topic.

Supporting content is at:

Relevance of Architecture: Part 1 - Observations
Relevance of Architecture: Part 2 - Current Situation

1 Comments Permalink Tags: manageability, automation, architecture, datacenter
Click to view josh.hilliker's profile
0

Hi all,

Olde Fashion Shout out.. I wanted to personally thank the community for making vPro Expert Center a great community. Thank you..

So...

We’re almost a year old in the community and I have a few exciting things to share. The vPro Radio show is now listed in the Itunes directory, search for Intel vPro and you will see the show. So if your on the go and want to hear us talk about vPro.

OpenPortItunes.JPG


We have also started a blossoming partnership with myitforum.com which they have created an email distribution list that you can subscribe to. Click here and you can subscribe to the list, we just started this and already the dialogue last week was great.
vPro_Myitforum.JPG

Also we are working on fixing it so providing feedback, wiki updates and Ask the Experts thread is better for the community. Stay tuned as we fix this over the next week (or so)..

If you have additional feedback please post a comment here, or send me an email. josh@intel.com.

Thank You

Josh H
Intel Architect / Community Manager

0 Comments Permalink Tags: vpro_expert_center, josh_hilliker, amt
Click to view josh.hilliker's profile
0

Hi all, While Terry is out I wanted to highlight this new 4 Part series on deployment scenarios over on the Altiris Juice site. thank you Terry for posting.

http://juice.altiris.com/article/4801/deployment-scenarios-intel-vpro-part-1-deployment-scenarios-introduction

0 Comments Permalink Tags: altiris, deployment, terry_cutler
Click to view josh.hilliker's profile
1

Highlights of the new Centrino 2 platform and the impact to the IT shops.

1 Comments Permalink Tags: centrino2, centrino_2, josh_hilliker, todd_christ, brian_tucker
Click to view josh.hilliker's profile
0

vPro radio was live this morning and our topic was on SCE/SCOM and vPro support through the vPro Management Pack. Matt Royer joined us alongside one of the original developers (Nachman Israel) to discuss the use cases, the market focus, and more!


Visit Open Port Radio or Stream this Show Online

0 Comments Permalink Tags: vpro_radio, vpro_expert_center, kelsey_witherow, josh_hilliker, jeff_torello, russ_pam, matt_royer, microsoft
Click to view Sophia.Stalliviere's profile
5

In today's world we want top notch security to protect our lives. Since our computer holds a cornucopia of our information that if lost or stolen would become detrimental to our lively hood. We need to do all we can to make sure our information is not going to be in the wrong hands. Companies have to ensure that private information is protected from malicious attacks from people who are trying to make a quick buck, or revenge, or whatever latest motivation tomorrows hacker may have (just ask around at defcon 16 to find some motivations). For me, security is a big issue so I want to dive into this one a little early compared to some of the other topics that I will get into.


Intel vPro addresses these concerns with the chipset (a tiny processor on the motherboard) and processor features along with the capabilities of Active Management Technology (AMT). I have been reading several whitepapers on the subject this last week, and have learned a lot about the security system that vPro provides.

As I understand it, vPro has three layers of security:

  • Filtering threats and isolating PC's
  • Nonvolatile memory and third party data storage for software agents
  • Virtualization and Trusted Execution Technologies

Filtering Threats (the tiny guard dog)

vPro can identify threats before they reach the Operating System (OS) by inspecting the network traffic to your computer. When something looks fishy, IT can isolate your computer quickly, and use the remote management features of vPro to fix your computer. After your computer is working again, they then restore your connection, and all is well with your system. IT can specify certain system agents stay active, and if these are disabled (either by you, or bad software), they can fix it without corrupting the system. The vPro hardware filters are programmable and watch the characteristics of the traffic that comes in and out of the OS (it doesn't know that you're writing an email to a long lost friend - but does know if your system is trying to infect the rest of the network). When a problem has been identified, IT has the ability to flip a "switch" and limit your network connection so that only they can access your computer (and you no longer pose a risk to the rest of the environment).

Nonvolatile Memory and Third Party Data Storage for Software Agents

Ok - that's a mouth full!!! What is a third party software agent? A third party agent would be a piece of software which runs on your computer to make sure things are working well (thin firewall, antivirus, or any of those hundreds of little icons on the taskbar). These software agents can store information in the nonvolatile memory (memory that stays around when the computer is powered off), and then remote applications can read or update this information even when the computer is frozen or turned off. Other information which can be stored in the third party data storage can be anything from system configuration (making sure someone hasn't compromised your system) to how many times you booted your computer without having the keyboard plugged in... By knowing this information, the security experts in the world are able to help ensure your cornucopia of information stays safe! For example, lets say your virus scanner stored information about how up-to-date your protection is, the IT department can check this information and figure out if your system needs updated (even when the computer is turned off).

Trusted Execution Technology and Virtualization

This, I feel, is the most interesting. It is a simple but complex thought. With vPro, servers can access any vPro enabled computer. With virtualization, the computer now is able to run multiple OS environments at the same time. If you were to run two operating systems on the same computer, you can layers the access to core parts of the computer and in turn increase security. With Trusted Execution Technology (TXT) programs can execute in an secure memory space and not allow other programs to modify it - done at a hardware level making it much more safe.

What other things would you expect for security? Post it!


The BriForum Experiance:Through the eyes of the intern

“The Intern’s” Understanding vPro: Chapter 2-What is it used for/ why should I use it?

5 Comments Permalink Tags: amt, vpro, vpro_expert_center, security, sophia_"the_intern"_stalliviere
Click to view josh.hilliker's profile
0

In prior posts I shared out the CIRA (Client Initiated Remote Access) technology. Since the release is coming closer it's time to start talking about what this means for the IT shop and what the exact touch points are. here is a quick flow that shows the touch points, whic highlights this new MPS (Management Presence Server), which sits in your DMZ and acts like a proxy between the client and the management console. this is that final mile of connecting your notebooks when they are out of your corporate enterprise. I listed out the limitations in my last post that I reference below.

EntArch_Cira.jpg
(note: Thanks to Kyle in Brand Promise Validation for this great flow..)

Here are the prior posts on CIRA
Client Initaitied Remote Access - vPro in 2008 - IDF

Here is the Centrino2 one stop shop wiki
Centrino 2 vPro - One Stop Shop Wiki

I'm working on posting a video to showcase CIRA and also will be looking to post who supports this capability in their console.

0 Comments Permalink Tags: centrino2, cira, vpro_expert_center, josh_hilliker, centrino_pro
Click to view Kelsey_Witherow's profile
2

THIS WEEK: Our topic will be around SCE/SCOM and vPro support through the vPro Management Pack. We'll have Matt Royer alongside one of the original developers, Nachman Israel, to discuss the use cases, the market focus, and more! Tune in live!
Date: 7/14/2008 9:30 AM
Call-in Number (Listen live!): (347) 326-9831
Visit Open Port Radio or Stream this Show Online

btrbetalogo.gif

Incase you weren't aware...vPro Expert Center's BlogTalkRadio is hosted by Josh Hilliker, Russ Pam, and Jeff Torello. This bi-weekly informal show, produced by me, covers a variety of topics and is a perfect avenue to get your questions answered. Listen in live, give your two cents, or just download the show after it has aired. Make sure not to miss out on this awesome opportunity to learn and engage with the vPro experts. Can’t join us live? Have no fear, blogtalkradio let’s you listen to the show whenever you have the time. Visit the Open Port Radio site (link is above) to hear previous shows and even catch a glimpse of what’s to come!

2 Comments Permalink Tags: blogtalkradio, hilliker, russell_pam, jeff_torello, kelsey_witherow, vpro_radio, radio, talk_show, sce, scom
Click to view josh.hilliker's profile
1

Community Members,

I can't tell you how excited I am to share this with you as I have been waiting awhile to showcase more about CIRA & what is coming in Montevina from a vPro stand point. I remember awhile back I was asked by a group of students if this capability would exist like this in the future & finally I can showcase more of the pieces of the puzzle to the world. For the folks out there that asked me about this & I just smiled.. well.. here's more of the puzzle..

Here is the AMT 4.0 (Cira, Montevina) Platform User Guide that explains the MEBx settings in detailed screen views.
AMT 4.0 (Cira, Montevina) - MEBx Platform User Guide

Also here is my first post on CIRA about what it does in picture format.
Client Initaitied Remote Access - vPro in 2008 - IDF

If you have any questions let me know & hopefully soon to follow will be a youtube video to show off these new capabilites of the new mobile platform.

Please watch out for this new platform to hit the news wire in the near future.....

1 Comments Permalink Tags: cira, josh_hilliker, vpro_expert_center, amt4.0, montevina, centrino_2, centrino2
Click to view joelsmith's profile
0

NOTE: If you have not read parts 1 through 3, please read these before reading this part as this is a continuation of the story begun in the previous sections. Altiris and Intel vPro Use Cases

Security is only as tight as the weakest link in your environment. More often than not it's internally where the security holes are created, either inadvertently from carelessness or intentionally from a disgruntled or disillusioned employee. The hardware and software security can be top of the line, but if the human factor doesn't adhere to policy, it may not make any difference. This part follows the IT team for Mighty Modern Marketing as they try to track down a security hole where productivity is taken down through the very tools used to defend and manage the network.

Mighty Modern Marketing HQ - Boston, Massachusetts

Somehow the air inside the building congealed hotter than the heavy, humid swelter wallowing outside. Tevita, sweat running down the sides of his face, fanned himself with an empty binder. He stared at his screen, the image thereon frozen.

"I think one of the servers seized up," he said. Jessica Langley glanced at her Remote Desktop window. The previously blinking text icon in the script she edited no longer blinked, and as she watched the disconnected icon appeared, the remote screen graying-out. She closed it with a quick click of the white on red X.

She took a long drink of water. "If they don't fix the AC soon, I'm going home," she announced.

"They'll have it up soon. Besides, it's never been so quiet here. I only have one system running, and I think I'm approaching something like Zen. Either that or I'm about to pass out."

"Any more missing application tickets?"

Tevita groaned. "Oh yeah. Five so far today. It's like the uninstall faerie ran around randomly touching computers with her magic star-wand. I've taken care of it."

Jessica stood, feeling sodden. "Thanks. I'll check on Bobby to make sure he hasn't suffered from heat stroke."

The server room actually felt cooler despite the cacophony of running servers that reminded her of the sound and feel of a jet engine escalating towards takeoff. Somehow Bobby had created a wind tunnel with large fans, and she felt her hair whip away from her as she stepped directly in the wind's path. She shielded her eyes and walked to the developer's cube area. The pull of the moving air seemed to try and yank her off her feet by her dress-suit jacket. She folded her arms as she stepped into the relative stillness of the cube.

Bobby looked like a wilted plant. He looked up, and sighed. "What, IM down again?"

"Of course not," she responded with a smile. "You holding up in here?"

He shrugged. "I'll survive, though it reminds me of Phoenix, Arizona, except here it's like standing in front of a vat of boiling water. Phoenix is like standing in front of the open door to a blast furnace."

"The SQL Server locked again."

Bobby nodded. "I did a hard reset just a minute ago. I had to open the case and point a fan right at the CPUs. I think it'll stay up this time."

"Good."

Bobby shrugged again. He looked back at his screen, then back up at her. "You need something else?"

"Not really. You want to go to lunch with Tevita and I? The local Italian place has great AC."

"No, I'm good. My lunch cooked itself in this heat, so I ate already."

"Alright. See you later."

When she returned Tevita still sat in front of his computer, sweating profusely. He looked up as she passed by, a frown on his face.

"The facilities guy just passed by," he said as she sat down. "He says someone deliberately messed with the AC. He's fixed and says it'll be up and running any time now."

"Someone sabotaged the AC?" she inquired.

"Yep."

She sighed. "Just when I thought we were done with the underhanded antics."

Tevita nodded. "The AC guy put thick padlocks on all the control panel cases. Too bad we don't have any way to track who goes in and out of that room. A magnetic badge reader would work."

The next hour passed in receding misery as the AC kicked on and began liberating the employees in Might Modern Marketing's Headquarters from oppressive heat. Jessica checked the Altiris Notification Server Logs, ignoring the SQL errors for the times the SQL server seized up. Except for an occasional error where an event arrived for a package already deleted from the Notification Server, the logs looked clean.

"Mrs. Langley," Edgar's dry tones greeted.

Right on cue, she thought. Despite the heat things had been going too smoothly. She turned around and stood.

"Hello Edgar."

"I wanted to let you know that the budget we set aside for the mess with New Nifty Networks is on target, thanks to everyone's diligence," he said, eyes briefly moving down to the papers clasped in his hands. "We've even been able to devote some resources to Legal. It won't be long before we can put this whole ordeal behind us."

Tevita rolled over in his chair. "What, and I've done nothing?" The expression on his face and tone of his voice took away any sting of the words.

"Both of you have performed exceptionally," Edgar said, shuffling the papers in his hands. "Though it's not official, I believe you will both receive a merit increases for your performances."

"You're kidding!"

"I do not kid, Mr. Tatafu."

"So be honest, was it hard to allow that through?"

The barest hint of a smile touched the corners of Edgar's thin lips. "Yes, adding my approval felt much like pulling out stitches. Now don't you both have work to do?"

He shuffled away, his posture a little bent.

Tevita gave Jessica a thumbs up. "Ha! So some good is coming from this whole competition nightmare."

"Perhaps," she said noncommittally, having trouble suppressing a smile. "It's not over yet, not until this school-friend of Mr. Johnson's finally gives up. I'm hoping it happens soon so we can go back to normal."

"Normal?" countered Tevita. "When is IT work normal? It changes faster than the seasons."

She opened her mouth to respond when her telephone rang. The caller ID noted Johnson. She quickly picked up the handset.

"Mighty Modern Marketing, this is Jessica," she greeted as cheerily as she could.

"Jessica, this is Mr. Johnson," greeted the CEO. "Can you please come up to my office immediately? We have a sensitive matter to discuss."

"Of course. I'll be up right away."

"Please have Tevita join us as well. See you in a minute."

"Will do. Thanks. Bye."

When she looked up Tevita had his day planner in one hand, the other locking his computers.

"Ready for lunch?" he inquired.

"Change of plans," she said, rising. "Mr. Johnson wants to see us in his office immediately."

Tevita stared at her for a moment, then tossed in planner onto his chair, a wry smile twisting his mouth. "Wonderful. Somehow even though everything he says sounds enthusiastic and wonderful, we end up with a pile of work."

"Job security," she responded.

The CEO's office, remarkably, looked very much like the other offices in the entire building. She glanced through the window on the door, then knocked politely. Mr. Johnson, looking as refreshed and lively as ever, waved her in. The building continued to cool, but still hovered near eighty degrees. Though she felt sweaty and rumpled, Mr. Johnson appeared completely unaffected by the heat, his hair perfectly combed and his clothing pressed and clean. He smiled warmly as they sat down in the two chairs set before his desk.

A man sat next to him, and though she knew she should know who he was, she couldn't place his face in her memory.

"Thank you for coming up so quickly," he said, rising to shake their hands. "This is Dan Williams, Chief Security Officer."

She said hello, shaking Dan's hand. Funny how she knew the name so well from countless emails and conference calls. She felt she knew him despite only seeing him on rare occasions, all from electronic or audio correspondence. Somehow she'd never put that voice with this face.

"Jessica, Tevita," he said in way of greeting in that familiar voice. "We need to meet more often, especially with how much I depend on both of you."

"Definitely," Tevita responded as he sat down.

Jessica had trouble controlling a laugh that threatened to escape. "Mr. Williams, you don't look like I imagined."

Dan smiled, amusement dancing in his eyes. "What did you think I looked like?"

She blushed. "Well... you sound like Chuck Norris. But you're more like..."

Mr. Johnson started. "Chuck...?" He burst into laughter. Tevita's booming lau