Intel vPro Expert Center Blog

We want to hear your favorite story? PEBKAC anybody?

josh.hilliker — Mon, 06 Oct 2008 17:19:04 GMT

We have all heard of PEBKAC (Problem Exists Between the Keyboard and Chair) and we've heard the stories, seen the video's.

So.. Wendy (vPro Comms) and I were talking today about wanting to hear your favorite PEBKAC stories within the vPro community, please take a moment and share your favorite one out.

Looking forward to getting a good laugh.. LOL..

What's New in 2008 with Intel vPro technology

jlvb — Wed, 24 Sep 2008 06:59:55 GMT

The 3rd generation of Intel vPro technology that was launched yesterday, along with the recently launched Intel Centrino 2 with vPro technology, will, for the first time, enable IT to manage PCs beyond the corporate firewall even when the PC is off or the OS is unavailable. There are various use models that this new functionality enables, such as:

Fash Call for Help
Scheduled Remote Maintenance
Remote Alerts

Steve Grobman, Intel's Director of Client Business Architecture, gives an excellent overview of the new benefits that come with support outside the corporate firewall. Watch below and also see a demo of this new functionality with the Symantec Altiris Client Management Suite.

Also, see how this new functionality is supported with the LANDesk Management Suite.

With Intel vPro technology now out in the marketplace for more than 2 years, hear from industry analyst Peter Kastner on the impact Intel vPro technology has had in the marketplace.

Also, hear from Symantec and LANDesk, on how their end-customers are taking advantage of Intel vPro technology, and how they will take advantage of new 2008 features.

Symantec with Intel vPro technology:

LANDesk with Intel vPro technology:

Another exciting development with Intel vPro technology has been the emergence of virtualized PC models. Hear from Citrix and VirtualLogix on these new PC models.

Citrix with Intel vPro technology:

Demo of Citrix software with Intel vPro technology:

VirtualLogix with Intel vPro technology:

We also had Infineon talk about how they are using an industry-standard TPM that is now part of Intel vPro technology to store keys in hardware. Listen to their video below.

Citrix Software with Intel vPro Technology part 2 - the demonstration

Jason A. Davidson — Tue, 23 Sep 2008 05:33:22 GMT

I recently blogged about the interview with Citrix Software's Paul Hahn, Director of Business Development / Virtualization & Management Division, and Matt Edwards, Product Manager at: http://communities.intel.com/openport/blogs/ecmf/2008/09/22/citrix-software-with-intel-vpro-technology

For part 2 of this blog, you can view the actual demonstration of the software below. In this demonstration, you will see the solution explained in much more detail.

Citrix Software with Intel vPro Technology

Jason A. Davidson — Mon, 22 Sep 2008 21:21:46 GMT

Citrix and Intel have been working together to deliver a solution that builds on both companies expertise. The end-to-end solutions, application delivery, and virtualization software that Citrix provides combined with the manageability, performance, and security from vPro deliver a novel solution. The solution allow the IT OS build to go through a secure or trusted boot, where the hardware and software used to launch the OS is measured for integrity before the program executes. The OS can be streamed off a remote server, and the end-user gets the rich client side local execution experience.

In this video, Citrix Software's Paul Hahn, Director of Business Development / Virtualization & Management Division, and Matt Edwards, Product Manager, talk about how Citrix Systems is developing products for OS/App Streaming on top of Intel vPro technology. You will see that the virtualized, measured, and streamed OS is able to still render and rotate a rich CAD drawing.

Using Out of Band Management with Intel SCS in a Multiple Notification Server Environment - Part 3: Best Practices for Non-NS Installs

joelsmith — Mon, 08 Sep 2008 21:04:28 GMT

Through trial and error I've come across a working method for installing Intel's Setup and Configuration Service (SCS) on a server that does not have Notification Server, and thus Out of Band Management, installed. When NS is installed, all rights, etc, are already assumed by logging in as the Application Identity. Intel SCS installs fine this way, but when on a separate server certain prerequisites and configurations need to be met before the installed SCS will function properly.

Introduction

For the best results, the prerequisites should be met before hand. If SCS has already been installed, the necessary components can be added or configuration changed to support it properly. The first section of this article I'll assume we'll do the install from scratch, while with the second I'll cover how to reconfigure SCS if it has already been installed so it works successfully. This is with version 6.2 of Out of Band Management Solution.

New SCS Installation

NOTE: This is for an Intel SCS installation that is not on an existing Notification Server with Out of Band Management installed.

First, we need to prep the system for the actual install of Intel SCS. The following components are required for Intel SCS to function normally:

Windows 2000 Server, Windows 2003 Server
Internet Information Services (IIS)
Microsoft .NET 2.0

Run through the following steps to install Intel SCS. I've assumed the above prerequisites have already been met.

Log onto the system as the Application Identity user for Notification Server.
Using the ‘Pull' method, install the Altiris Agent from the Server that houses Out of Band Management:
1. Typically the URL is formatted as: http://%3cnsname%3e/Altiris/NS/Agent/AltirisAgentDownload.aspx.
2. Use the resulting page to download and install the Altiris Agent. Typically it takes a few minutes to complete the process of installing and registering with the Notification Server.
If needed, provide the App ID account local administrator rights on this Server. In one case this was not the case, and the service was unable to connect to the NS.
Browse to the following path on the NS: \\<NS_Name>\NSCap\Bin\Win32\X86\OOB\IntelSCS\
Launch the EXE AMTConfServer.exe.
Click ‘Next' on the Welcome screen and accept the license agreement and click ‘Next'.
Choose ‘Complete' as the type of setup and click ‘Next'.
In the User name and Password fields put in the Application Identity for the NS.
Check the Web details.
Leave ‘Force Secure Connections (HTTPS)' checked if you will use TLS to encrypt AMT traffic, or uncheck it if you will not be using TLS. Click ‘Next'.
Under ‘Database Server' select the database name and instance to use. This should be the SQL Server used to install the IntelAMT database when OOB was originally installed on the notification Server, or if the database was never created, this should be the same server and SQL Instance where the Altiris database that hosts Out of Band Management is installed.
Check the database details. Click ‘Next'.
Click the ‘Install' button to proceed with the install using the parameters set.
If the IntelAMT database was previously created, you'll receive a notice saying that the database IntelAMT already exists. Make sure to click ‘Yes' so it uses the existing one. This is especially important if you have provisioned systems already in the database. If no database exists by name IntelAMT, a new one will automatically be created and no prompt will appear.
At the Complete screen, leave the ‘Start Intel® AMT Config Service' checked and click ‘Finish'
From the Notification Server, at this location: \\<NS_Name>\c$\Program Files\Altiris\OOBSC\, copy the file oobprov.exe to the same path on the SCS Server (default will be C:\Program Files\Altiris\OOBSC\).
NOTE! You must use the same path that it used on the Notification Server, this is a limitation with our implementation at this time.
Copy to the same folder the attached file Interop.AeXClient.dll.

Normally the script (oobprov.exe) is properly registered to the correct path, but if it is not, we must manually change it.
NOTE: Using this option to install SCS on a different server than the NS often leaves the csti_configuration table poorly configured. If this is the case, the following two steps must be done to fix the problem.
Open SQL Query Analyzer or SQL Enterprise Manager. Run the following query:
1. USE IntelAMT
  SELECT Props_script_path, use_props_script
  FROM csti_Configuration
Check the path and make sure it matches the remote and local Intel SCS install. Also verify that the use_props_script is set to 1, which means ‘True' (0 means ‘False'). Now run the following query if they need to be updated, but take note to change the path to match your environment:
1. UPDATE csti_configuration
  SET props_script_path = ‘C:\Program Files\Altiris\OOBSC\oobprov.exe'
  SET use_props_script = 1
  WHERE configuration_id = 1
Everything should now be in place for the new Intel SCS install to work with systems being provisioned, including all maintenance and post-provisioning actions.
As one last check, let's ensure the Intel SCS installation registered itself in the IntelAMT database. If this part has failed the service AMTConfig will not be able to start, throwing an exception about database connection in the Application Event Log.
On the Database Server, run the following query:
USE IntelAMT
SELECT * FROM csto_servers
You should have one entry for every Intel SCS install you've completed, even the original OOB install if you also installed Intel SCS originally on the NS. Note the server_name column to contain the name of the server you installed Intel SCS onto. If it is not here the problem generally stems from SQL database access rights on the SQL Server. Please ensure the account you are using has rights to create a new database, or update an existing one.

Fixing a Previous SCS Install

If you've already install SCS, and provisioning is not occurring (see the following article group for troubleshooting steps: http://juice.altiris.com/book/3699/troubleshooting-altiris-manageability-toolkit-vpro-technology), we need to go through the steps to provide the remote Intel SCS Install the necessary configuration to properly work with the remote IntelAMT database and Notification Server.

The following steps provide the right changes to ensure everything is setup correctly:

Log onto the Server with the NS Application ID.
Uninstall the Altiris Agent from the system. If it is not installed simply continue through the steps.
Check to ensure the account that is running the Intel SCS service, AMTConfig, has admin rights to the NS. If it does not, add the user to the Admin group on the Notification Server.
Check to ensure the Application ID has local administrative rights to the server Intel SCS is installed on.
Install or reinstall the Altiris Agent, ensuring it is pointing to the NS where Out of Band Management is hosted.
Once the five preceding steps are completed successfully, move to Database server and launch SQL Enterprise Manager against the IntelAMT database.
Run the following query:
USE IntelAMT
SELECT Props_script_path, use_props_script
FROM csti_Configuration
Please note the following details from the resulting line:
- use_props_script - This column needs to be set to TRUE (1). If this is set to 0 no provisioning attempts will even be executed. I've seen this set to 0 at times.
- props_script_path - This value is passed to the Intel SCS service that's available to run oobprov.exe. This must be the same location on both the NS and the remote server.
- props_script_timeout - This timeout should be set at 180.
If the values are not set right, use the following query to update the table to have the correct values (note that the props_script_path may be different in your environment. If so, change the query to match your installation setup):
UPDATE csti_configuration
SET props_script_path = ‘C:\Program Files\Altiris\OOBSC\oobprov.exe'
SET use_props_script = 1
SET prop_script_timeout = 180
WHERE configuration_id = 1
Once the above changes have been made, restart the AMTConfig service on the local Intel SCS Server to have all cached items dropped so the changes are filtered down properly.

Functional Intel SCS

The immediate question after installing and/or fixing an existing install of Intel SCS is are things working correctly? Time will definitely tell, but if you want to know immediately you can use the following process to check the workability of the install:

On the Intel SCS server, go into the Services Manager within Administrative Tools. Is the AMTConfig service running? If not, try to start it. Also check the Event Log for failures. If it stays running, it can successfully start and then connect to the IntelAMT database. Note that if it starts but then stops a minute or two later, the database is likely unreachable by the service.
On the Notification Server, browse in the Altiris Console from View > Solutions > Out of Band Management > Configuration > Provisioning > Logs > Actions Status. Do you see any successful Provisioning requests since the time you finished configuring the Intel SCS install?
If possible, manually configure a system to provision and see if it goes through. The reason the existing ones trying to provision may not work is due to IP Address changes that make it impossible or SCS to connect back to the system. New Hello Packets will remedy this situation in the long-term.

Conclusion

These processes should allow you to properly install and configure Intel SCS on a server that is not where the Notification Server and Out of Band Management are installed and running.

Altiris and Intel vPro Use Cases - Part 6 - Competitive Advantage

joelsmith — Wed, 03 Sep 2008 17:02:19 GMT

NOTE: If you have not read parts 1 through 5, please read these before reading this part as this is a continuation of the story begun in the previous sections. http://juice.altiris.com/book/4687/altiris-and-intel-vpro-use-cases

The Might Modern Marketing IT team has just seen two suspected competitors encroach on the home turf. What can they do in light of this brazen intrusion? Can Altiris and Intel's vPro help them gain the upper hand when the opposition brings the fight to the very top? In this part of the story we'll learn the final outcome of their major competitor's struggle to gain the majority share of the market through fierce competition and unscrupulous IT sabotage.

Mighty Modern Marketing HQ - Boston, Massachusetts

"Bobby!" Jessica Langley whispered loudly. Or, more accurately, she said loudly to just pierce the cacophony of fans filling the server room. She turned the corner and saw Bobby perched at his desk. His hands rested on his keyboard, as if posed to begin coding at an instant's notice. He seemed to be looking intently at his monitor.

"Bobby?" she urged, stepping closer. He didn't respond, and as she watched his head tipped forward. He jerked, a loud snort escaping his nose. He glanced around, blinking bleary eyes, before his eyelids seemed to close of their own volition. He settled back into his chair, hands still poised.

Jessica tapped him on the shoulder. He didn't respond. She tapped harder, and he shrugged, but his eyes remained closed. She shook the back of his chair, and he jumped, hand flailing out to grab the sides of his desk. He whirled around, staring at her with wide, reddened eyes.

"Jessica!" he said, blinking rapidly. "Something wrong?"

She folded her arms. "Yes, something's wrong," she responded tersely. "We're under attack."

He wiped at his face with his long-fingered hands. "A virus?"

"No, something a bit more direct. I saw that ninja guy again, and some smooth-slick character with him. He might be Jake, the New Nifty Network CEO."

"The ninja? The guy I thumped with the laptop??"

"Yes."

Bobby looked at her wide-eyed. His eyes darted about, and he finally picked up a power strip, gripping the plug and cord. He twirled a few times, and Jessica backed away.

"What are you doing?" she demanded.

"I need something in case he comes after me for revenge!"

"Is that supposed to be a ball and chain?"

He glanced down at the strip, the empty black slots seeming to stare back up at him forlornly.

"Yes. No. Maybe... I don't know!"

She reached out and took it from him. "Tevita's following them, but we need to lock things down."

Bobby rubbed his hands together, his expression tightening a little. "I always have things locked down," he said. "You're insulting my..."

"No time for that. Lock up all the servers, and backup all databases right now. If possible bring non essential applications down until we get these guys out of here. And call security."

Bobby nodded. "There's a ton of locks. Can you help while I call?"

As Jessica set locks on the server's chassis and covers, she watched the door leading into the server room. She couldn't seem to keep her eyes away from it, half expecting one of the suspects to barge in waving a bat around and demanding their most sensitive data. Halfway through the process Bobby gave her a large key ring full of small metal keys with short-stubby teeth.

"Go check the server racks and lock any covers that are open with those," he instructed.

She stared at him. "There are a hundred keys here, and none of them are labeled!"

"I know. I keep meaning to get around to label them, but... well... how fun would that be?"

"Yeah, how fun?" she mumbled as she headed around the corner. She started down the row, checking the front of the cases. She made it almost halfway around before she found one that opened. She looked down at the mass of keys and sighed.

She only had inserted about thirty keys, all without budging the lock, when her mobile phone rang. She quickly fished it out of her jacket pocket, glancing at the number before putting it to her ear as she pushed the answer button.

"Tevita?" she prompted.

"Jessica! They're up here on the executive level!" he said in a loud whisper, and she had to press her phone hard against her ear to hear.

"Bobby called security..."

"These guys are really delivering packages as if they're legit, but that taller guy, the slick one, keeps looking around as if expecting to see something."

"Why don't you go tell Mr. Johnson? I think that's Jake Wells."

"That's a good idea. I'll call back if I need anything..."

"Just be careful..." she started to say when the line dropped. She locked the keypad and slipped the phone back in her pocket. She stared down at the keys on her other hand, and finally decided she had better things she could do. She walked quickly to Bobby's office. He started intently at his screen, his fingers flying over the keyboard so fast they seemed to blur in her vision. She placed the key ring on his desk and he looked up.

"The first half of them are secure," she said, not mentioned she hadn't needed the keys for any of those.

"That was fast..."

"I got a call from Tevita. I think I need to secure some of the more vital PCs in the office, here. Did you ever finish those network filters I asked for?"
Bobby nodded. "I did. I still need to test the last one..."

"But the accounting and executive filters are ready?"

He nodded again. "Yes. I'll email them to you now. It wasn't easy, what with the limitation on how many filters I can apply, but I weeded out the nonessentials. Instant Messenger won't work, nor will standard Internet Explorer stuff, but all the applications the two groups will use respectively are available."

"Email?"

"I think so... it's not reliable..."

She shrugged. "Better than nothing. Thanks!"

She hurried out the door. Her eyes looked around the office as she walked tensely back towards her desk. She expected to see signs of stress or something, but everyone acted normally. Several even said hi, and she managed to smile back, though the smile felt stiff on her face. Why couldn't she have a normal IT job where emergencies consisted of no coffee in the break room, or typical, non-intentional application crashes? Couldn't someone simply forget their domain password for the highlight of the day? That kind of stress she could handle without her stomach tying itself into knots.

She sat down as a new email came in from Bobby. She opened the email, and downloaded the attachments to a share on the Notification Server. She quickly initiated a Remote Desktop to the Notification Server. When she clicked connect, she received a message indicating the max number of session had been reached. She stared at the screen.

"No way," she muttered as she jumped to her feet. She hurried over to Tevita's desk, but he'd locked all his systems. Definitely wise, but If he had sessions open she'd be unable to close them. She hurried back and launched the Altiris Console on her own desktop. She'd wanted to add the filters in the right places on the drive of the server, but it wasn't necessary. The console came up, and she browsed through Manage, clicked on Jobs, browsed through Tasks and Jobs, Server Tasks, Real-Time System Manager, and clicked on Network Filtering Task.

Jessica right-clicked on the Task and choose "Clone". She named it "Accounting Network Filtering Task" and clicked OK. The new filtering task appeared, the task configuration loading in the right pane. She clicked the Edit button on the icon bar with the small pencil symbol. Under the section ‘Filter network traffic other than to and from the Notification Server' she changed the radial selection to ‘Import network filtering settings from the custom XML file'. Under the section ‘Location of the file to import from:' she clicked the Browse button. In the subsequent window she browsed to the share she'd copied the custom files Bobby had created and selected the Accounting one. She clicked Open which returned her to the Settings page.

At the bottom of the right-pane she clicked the Apply button. Next, she clicked on the ‘Run Now' button on the icon bar. Within the pop-up window that appeared she set the ‘Run name' field as ‘Accounting Lockdown SOS'. Under the ‘Connection credentials settings' section she clicked on the hyperlink labeled: Runtime Profile. From the list she selected the list of credentials containing her Domain credentials that had full rights to all AMT systems. When she'd committed the changes she then clicked the hyperlink under the Resources heading labeled ‘Select computers'. The Task Server resource selection window appeared.

In the left most pane she expanded the Computer Collections folder and the My Collections folder. Under this section she highlighted the collection labeled: All Accounting Computers. By double-clicking on this collection the picker added it to the right most pane, labeled Selected Items. She clicked OK to add the collection to the Task. On the main Run Task screen she hovered the mouse-pointer over the ‘Run Now' button. She wondered if both words were capitalized to emphasis the finality of the button! She believed the filter would work since she had faith in Bobby's skills, but if something went wrong...

For just a moment she paused, taking her hand off the mouse. Over reacting might save the day if these two interlopers really came with Mighty Modern Marketing's determent in mind, but if she'd jumped to the wrong conclusions she might just create a huge mess for no reason at all.

Another thought, one she'd had previously, surfaced in her mind. If Bobby hadn't verified the filter worked, and it somehow invoked a filter that did NOT give access to the systems via Notification Server, she might just decapitate every single one of the Accounting department's computers with a single click. She shuddered as she imagined Tevita and her running from computer to computer in a desperate effort to manually disengage the network filter using their credentials. There was a reason Bobby tested all the filters he created, and that same reason applied as to why she and Tevita each independently tested them again.

So far Bobby always got it right, at least from the Notification Server aspect. Sometimes the other filter items didn't work properly, but she'd still be able to quickly remove the filter from all the systems. She sat up straighter in her chair, her lips pressed into a firm line, and took hold of the mouse again. With only the briefest of hesitations she slicked the ‘Run Now' button.

She waited a minute, then refreshed the status display. So far so good. She quickly ran through the same procedure, but this time setting the Task to quarantine, this time for the system's own protection, the Executive systems. She paused before running it, then quickly picked up the phone and dialed Mr. Johnson's number.

"Mr. Johnson's office," a young voice greeted.

She paused. She didn't recognize the voice, but didn't attribute it to the two she'd seen. "Uh, yes, this is Jessica Langley down in the IT department. Is Mr. Johnson available?"

"No, ma'am. He's currently in a meeting. Can I take a message?"

"When did he get a secretary?"

She heard a chuckle. "I'm not a secretary, I'm his son, Roger. It's ‘Go to Work With Mom or Dad' day at school. I'd rather be here than school, so... here I am."

"Okay... Can you tell him this is urgent?"

"I would, except he left for the meeting and I don't know where."

She sighed. "Thanks Roger." As she hung up the phone she clicked the ‘Run Now' button.

Leaning back in her seat, she folded her arms, eyes on the Altiris Console. Having applied the filters she did feel a little better, but she still couldn't sit still. She stood and walked to the drinking fountain, trying to think what next she needed to do to ensure whatever their competitors planned didn't cripple the business. Her eyes roved over the immediate area. It seemed everyone moved calmly, with occasional conversations heard above the hum of computers. She fished in her pocket and removed her cell phone, staring at the display as it lighted up. If Tevita was hiding somewhere, calling him might give him away. But surely he'd have placed in phone on vibrate...? She hated not knowing where and what Tevita did, and what the interlopers meant to do.

She found herself facing the stairs. Part of her wanted to run up there and blow the whole thing wide open so that the sheer number of Might Modern Marketing's employees would stop whatever they planned. Of course if it ended up being an innocent visit... she threw that thought aside. They'd shown up looking like delivery guys, and the furtive glances from the "ninja" seemed to proclaim their guilt. She reached up and rubbed at her eyes, trying to decide what to do next.

They'd locked down the servers, taking down nonessential applications, and employed filters against critical systems. She squared her shoulders and entered the stairwell, hurrying up the two flights to the third floor. When she reached the door at the top she stopped, taking out her cell phone again. She dialed Tevita's number and pressed the send button. The phone rang several times before his voicemail started playing. She hung up the phone, fidgeting with it for a few moments before slipping it back into her pocket.

She tried to square her shoulders again, but somehow the thought of heading through the door started her stomach doing flips. She pressed a hand against her middle, trying to physical calm her nerves. It wasn't like these guys were armed... were they? So far the incidents had all been non-violent, but had desperation driven them to take extreme measures? Thinking about her job description, the security and protection for the intellectual property of Might Modern Marketing fell under her job description. These rubes from New Nifty Networks certainly qualified as a threat, but where should she draw the line?

She smiled wryly, decided she didn't like the spineless turn of her thoughts. True, there could be real danger on the floor, but most of the people up here she knew well and trusted. She opened the door and stepped through.

To the left sat the accounting team, most in closed-door offices to help with keeping sensitive data from wandering eyes. She saw one of them exit his office, a frown on his face. She walked towards him, intending to head through towards the executive staff area, when he looked up.

"Hi Jessica," he said, the tight expression on his face easing. "Can you help? I'm having internet problems right now."

"I know," she responded with what she hoped was a firm but friendly smile. "We have a security issue I'm dealing with and we've locked most systems. You should still be able to run the Accounting software... Balance Act. Have you had any problems with it?"

"No... I just... well... do you know when we'll get it back?"

"Hopefully soon. I'll send out a notice when it's back up."

"Okay. Thanks..."

She nodded and continued on her way. She heard him behind her start talking to another of the accountants, and he sounded a little annoyed, but she thought that better than any wrath had the critical application Balance Act gone down. She smiled, hoping someone would try to strip the data from the application and try to send it out, only to find that they couldn't make a connection to anything. She hoped they stewed over it, trying to figure out why the computer wouldn't connect to anywhere despite showing a network connection.

She tried to look casual as she raced towards the executive area. What would she find? By the look of people on the floor, no one had any inkling that two unwanted people prowled the hallways. As she turned the corner, her eyes followed the line of doors, most of them open. The sound of conversations floated out of a few, all sounding normal and unhurried. She noticed that Mr. Johnson's door remained closed. She walked on her tiptoes for a few steps, trying to look down into the cubes opposite the CEO's office. The first two stood empty, while the next two held their normal occupants, none looking more harried than normal.

She reached his door and glanced through the side window set to the left of the door. She noticed a young man sitting at the computer. He slouched back in the office chair, right hand moving around the mouse, his hair spiky and bleached blond. She assumed this was Roger, and moved on. She fished her phone out of her pocket and dialed Tevita gain. For the second time he didn't answer and she reached his voicemail. This time she left a short, terse message asking him to call her, and hung up.

She looked either way down the hall, her stomach slowly turning over. So far everything looked fine, except that Mr. Johnson wasn't at his office and Tevita wouldn't answer his phone. Many possibilities as to why held nothing malicious, and probably nothing amiss had happened. Somehow she couldn't convince her body of that, and found herself walking stiffly down the hall towards the set of conference rooms at the end. She couldn't unlock her knees, as if her joints had seized up. She wrung her hands in a gesture she'd long ago overcome, and forced her arms to swing normally at her side. Even that gesture felt forced, and she shook herself, trying to loosen up her tense muscles.

One of the conference room doors held shut, the other room's doors open and the lights out. Light streamed under the door and through the indoor window of the occupied conference room. She sidled up to it, trying to peer in without showing her face. She caught of glimpse of Tevita, standing against the wall. His normal smiley features pulled down in a frown, his arms folded tightly across his chest. She knew he only folded his arms like that when angry. Not just a little angry, but very angry. She quickly backtracked to approach the door from the other side.

The first person she saw held a sly smile on his face, his slick features seeming to hold confidence to overflowing. He spoke, his mouth quirking at the corner as if he had trouble keeping a secret. He pointed at a laptop plugged into one of the network cables snaking out of the middle of the large oval conference table. It looked like one of their field laptops meant for Sales Engineers or Consultants. She even saw the telltale barcode they stuck on all laptops before shipping them out, but also noted it was vPro capable. She glanced around, but in the dead-end hallway no one paid her any mind. She ducked down and put her ear against the door, trying to hear inside.

"...really think you're as spineless as that, old man." The voice reminded Jessica of a new car salesman who knew he could really sell cars.

Mr. Johnson's voice sounded as measured and confident as always. "You know that's not true, Jake."

"I do have to give you credit, Mr. Unflappable. You act like you aren't phased, but I've seen your employees run around like chickens with their heads cut off from time to time. I was hoping to reach an agreement today, to avoid future... incidents."

"We're not afraid of you," Tevita said hotly, the words loud enough to cause her to flinch.

She could just imagine Mr. Johnson holding up a placating hand to Tevita. "Why do we need an agreement? You've seen the projected numbers, I assume. You've done no real harm."

"Oh? You seem to forget I have access to your network, as this laptop proves. I know everything, including pending projects, budget allotment, fiscal year targets, and actual revenue both real and pending."

"You love the threat," Mr. Johnson said, a hint of mocking in his tone. "Did you think I'd be impressed that you'd have the gall to walk in here and make ludicrous demands?"

"You'll notice that security hasn't stopped me yet. If you need proof, let me show you..."

Jessica glanced through the window, her eyes trying to focus on the number printed below the barcode. If she knew which machine this was, she might be able to control it. She quickly pulled out her cell phone and punched in the number. She then quickly retreated, heading back quickly towards the stairs. She scampered down them, only to almost fall as the heel on her left shoe broke off. She skidded down the last few steps, barely catching the rail to stop a certain face plant. She quickly slipped both shoes off, hurrying down to the first floor.

She reached her cube, glad she'd left the Altiris Console up. She used the barcode in Asset Management to find the name of the system. She browsed in the console under View, Solutions, Real-Time Console Infrastructure, Tools, and clicked on the Manage node. She quickly typed in the name and clicked OK. A window appeared, giving her the RTSM interface. A grim smile slipped on her lips as the tree loaded, giving her all of the Real-Time System Manager functionality. In the left-hand pane she browsed down into Real-Time Consoles, Real-Time System Manager, Administrative Tasks, and selected Hardware management.

With her hand hovering over the mouse, her mind whirled through the possibilities. With vPro, she had a lot more power. Taking control of the system wouldn't do much since she could only access a non-graphical interface with Serial Over LAN. Anything else she might do would only alert them to what was occurring. She needed to do something fast. She selected to reboot the system, checking the option under Redirection options labeled, Perform boot from: and Display task progress and remotely control computer. She selected to provide a CD image, browsing to a utility for disk formatting. The utility had the ability to quickly write zeroes to the drive. This essentially cleared the hard drive of all data.

It was a good first step, and she initiated the reboot, redirection. She wished she could see the snide smile vanish as the computer abruptly turned off without any warning. She knew the laptops had reasonable boot times, but it seemed to take an eternity to load the utility. She half expected the laptop to be removed from the network, the SOL session dropping, but eventually the utility's interface appeared. She glanced at her watch. It took forty seconds, though she swore it had to be at least five fretful minutes.

She quickly selected the option to wipe the drive, quickly pressing through the double-warning that all data would be lost as quickly as she could. With luck the two dimwits wouldn't realize what was happening until it was too late.

Now what had he said about security? Bobby said he'd called them, so why hadn't anyone responded? She pushed to her feet as she locked her computer, hurrying towards the front desk area. When she reached the front desk she found it unoccupied. A visitor stood at the front of the desk, looking around with a frown and lines creasing his forehead.

"It's about time," the man said, visibly trying to smooth his expression. "I have an interview and need a temp badge."

Jessica shook her head. "Sorry, I'm not with security," she said hurriedly as she picked up the phone.

"If you're an employee, you can escort me," he said with the words forceful. She paused, looking him over quickly. He carried a thin folder under his left arm, with his arms held closely to his sides, his legs shoulder-length apart. His dark eyes watched her far too intently, hardly a blink to disrupt his scrutiny. Despite his oversized short, she could see the honed muscles tensed underneath.

She swallowed the lump that formed in her throat. If she hadn't failed Drama in high school she wouldn't be as worried as she tried to smooth her expression.

"It's against policy," she said, grateful the words came out firmly. "Without a badge... I'm sure security will return shortly."

The man's lips thinned. "You don't understand..."

She dialed the phone as if she wasn't two millimeters away from bolting back into the secured section of the building. The wide desk might give her enough lead time to get through before this suspicious man grabbed her. If he chased her, would she try to force the door closed behind her, or simply start screaming? Her face felt cold, but she still found the whole situation absurdly funny.

Bobby answered his phone. "What, IM broken again?"

"Hi, this is Jess. I came up to talk to the front desk folk, but nobody's here. Can you page them?"

The man standing in front of the desk scowled. "Look, I can't wait any longer..."

"Really? I called and told them the situation."

"I know. I need to take care of the power problem to the servers we discussed earlier, and need someone from facilities here, now. Can you try again?"

"Power...? Oh. I see. I'll get right on it."

"Thanks."

She hung up the phone. She contemplated calling the police, but she wondered if the two stooges upstairs had actually broken any laws. If they hadn't, what would the police think? She knew something had to be illegal, but did police get involved in this kind of thing? She continued to watch the man carefully. He stood stiff, visibly trying to keep his face smooth.

"Sorry," she said. "I can't help you, but someone should be here soon."

"That might be too late," the man said, throwing his free hand up into the air, almost dropping the folder with the other. "I'm supposed to do sneaky about this, but it's been too long. I'm Detective Cassidy from the Boston Police Department and believe some criminal activity is being conducted in this facility."

He reached back into his pocket and produced a wallet. He flipped it open, revealing a gleaming badge.

She stared at him, mouth open for a moment. "You're with the police?" she managed to say.

"Yes, now get me into that building unless you want to be held culpable as well!"

"Culpable? No, by all means! Please, come in."

She walked over to the main door, pulling her badge up to the magnetic reader. Her heart hammered in her chest, relief flowing through her limbs until she felt almost weak. She held the door open for the detective. He walked in, eyeing her suspiciously.

"I'm Jessica Langley," she offered. "I'm on the IT staff."

"Jessica... I'm surprised you'd offer your name so freely," he said, eyes moving over the collection of cubes.

"Why? Whatever you've heard, you'll see the truth soon enough."

"The truth, eh?" he said with a hint of a dry smile. "Okay. Lead on."

They quickly headed up the stairs, through the marketing section, past the executive offices, to finally reach the one closed door in the conference area.

"That guy there, Jake Wells I believe is his name, is the CEO of New Nifty Networks."

Cassidy peered in.

"Fix it!" Jake demanded with his face an unhealthy shade of red. The "ninja", still sporting his delivery guy outfit, fussed with the computer.

"It's dead..." he said. "Somehow I can't boot to the hard drive."

Mr. Johnson sighed. "Are we done here? I have a business to run."

"No!" Jake exclaimed. "I don't know how you did it, but this isn't the only laptop of yours I have, of course. I can access everything, even your accounting software..."

Cassidy stepped back, fingering his chin. "Well. This is certainly odd. But a few unanswered facts are now coming into focus."

Jessica gestured towards the door. "So you came here thinking we're doing something illegal?"

"No, according to the evidence presented to us, you were doing illegal stuff. This all but confirms the counter-theory that Jake Wells, a well-known business criminal, was in fact setting you guys up. Alright, don't tell him I came here as I need to get the right evidence in place before arresting him..."

"What if he gets violent?" Jessica asked as Detective Cassidy began hurrying away.

"Violent? Not likely, but if so, I'll have an officer waiting outside the building. Now if you'll excuse me..."

The man practically ran away, hurrying down the stairs. Jessica watched him disappear, and then heard the door behind her open. She turned around to face Jake Wells.

"Hello," Jake said with his broad smile just a little strained.

"Uh, hi," she responded, stepping to the side. She half-expected him to see right through her wary expression, but he simply walked on past, his cohort the ninja following behind, carrying the now defective laptop behind him.

Later Tevita, Jessica, Bobby, Edgar, and Daniel the CSO sat in Mr. Johnson's office. The CEO smiled, a look of relief cracking his normally stoic demeanor.

"Perfect," he said, standing up to offer his hand to Jessica. She blushed furiously as she rose and accepted the hand shake.

"Was nothing," she mumbled.

"Nonsense. You not only stole his thunder, that which he enjoys the most, but you unmasked his entire operation to the police. His sly and underhanded method to use the police to clear out our own security in his plans was ingenious, I must admit, but it certainly backfired. Bobby. Thank you for digging through the servers to find which stolen laptops made the illicit connections to our network to fudge our accounting procedures. Tevita. Well done identifying and cutting off access for those computers and those accounts on them. By removing that potential threat we've finished securing ourselves against any current threat, and with Jake Wells back under the watchful eye of the police, we will likely have a good respite."

"You're welcome," several said at the same time.

He smiled again. "Take the rest of the day off. Expect a bonus soon for all your troubles, but most of all, I'm letting half of you take next week off, and the other half the following week, and you won't have to use your accrued vacation days."

Jessica smiled. Vacation. She hadn't been able to think about it for months now with the ongoing threat, and the idea almost put her to sleep on the spot. She yawned, then offered a nod of thanks.

She didn't really believe things would suddenly become easy as sliding across a newly iced hockey rink, but surely things couldn't be as bad as they'd been?

As she traveled home on the early metro commuter train, a thought struck her hard. She'd said to Tevita that things should be easier. Knowing fate, and her own unlucky streak, she'd just opened herself up to an even harder, scarier situation; one that would probably arise on the first day of her vacation. She considered throwing her mobile phone out the window, but as she raised her arm she stopped. That would be drastic; besides, fate wasn't really against her, was it? And if it was, wouldn't the arsenal provided by Intel's vPro, Altiris Manageability Platform, and tighter security policies stop it?

She didn't throw the phone out the window, but she did turn it off, vowing to turn it back on only when Sunday arrived before she was to return.

The End of Part 6

This concludes this story arc. I hope you enjoyed reading as much as I enjoyed writing this. I hope also that some of the value of vPro has been properly communicated through this story, highlighting some of the features that could be used in a security situation.

IDF: Lucky little intern!!

Sophia.Stalliviere — Wed, 20 Aug 2008 23:22:35 GMT

I am so lucky to experience IDF (thank you Jason Davidson, Josh Hilliker and Kevin Ma). The atmosphere here is amazing. Wide varieties of people are here to enjoy what is new coming out of Intel. Opening key notes were invigorating and exciting. Craig Barrett kicked off the experience with his speech, "Small deeds done are better than great deeds planned," what a simple and powerful saying in Craig Barrett's speech.

Going through show floor area, where the majority of the demos are located, there is so much exciting new stuff, everything from virtualization to new hardware. Let me key you in on something that is going to big with vPro: remote help for your home computer. With this technology, you can have a key stroke on your PC, it will send a signal to several qualified providers that you can choose from, they will receive a code, and the one of your choice can fix your PC remotely. You would not even need to bring in your PC or have a tech come to your place of residence for most problems. Josh Hilliker is going to be putting up w a PDF about it here on the vPro Expert Center. Keep your eye out for some clips and more cool new features from different people on the Open Port site.

(Some cool give-a-ways!!)

Altiris and Intel vPro Use Cases - Part 5 - Tightening AMT Security

joelsmith — Mon, 11 Aug 2008 16:01:21 GMT

NOTE: If you have not read parts 1 through 4, please read these before reading this part as this is a continuation of the story begun in the previous sections. Altiris and Intel vPro Use Cases

Learning from previous mistakes, CSO Dan Williams discusses what they can do to better secure the powerful AMT functionality. Since the human factor is the biggest weakness, what can they do to strengthen this? Obviously they can't remove it altogether; might as well shut the company down. In Intel vPro the human factor can be minimized due to available strong security technologies. AMT can be made more secure, but the continuing threats are emphasized when a computer is hijacked. What can be done to regain control?

Mighty Modern Marketing HQ - Boston, Massachusetts

Bright sunlight filtered through the distant windows , overshadowing the bland fluorescent lights lit above. Jessica Langley watched the distant pedestrians seen in a narrow view near the street moving past with varying degrees of enthusiasm. The hot summer held to the south temporarily by a low pressure that brought in the cool Atlantic breezes. She imagined being able to hear the conversations of those passing, wondering what they spoke of, and if any of them had as crazy a life as her.

"Ah, this is the life," Tevita said as he leaned back. He placed his hands behind his head and stretched out his legs, pushing his office chair as far back as possible. With what looked like a deliberately casual gesture he tossed his headset onto his desk.

"You should be worried," Jessica commented dryly.

"Worried? Why?"

Jessica gestured sharply at her phone. "No one can call us with the phones down, so our work is just piling up while we sit here."

"Hey, we have our mobile phones. If it's not important enough for them to look up our numbers, then why worry about it?"

"You know that's not how it'll happen. As soon as the phones get up... WHAM! We're here until the sun drops below the trees in the west."

Tevita's smile lessened, but only a little. "They've been down for two hours. Perhaps they'll be down all day, and we can leave early."

"Right."

The Tongan shrugged, and Jessica briefly envied his ability to shove aside problems when they weren't directly in front of him. He could have two amazingly nasty issues to work on, and he'd easily concentrate on one at a time as if the other issue didn't exist. She wished she could compartmentalize in that manner, but when she had two critical issues to work on they hung over her like a dark shroud. Usually the one she wasn't currently working pressed down as if to accuse her of negligence, but she couldn't do two things at once. It wasn't like knitting while watching TV.

Like now, when she knew issues piled up while their phones remained down. She reached down and pulled up her mobile phone in case she'd missed an incoming call, but nothing showed. She sighed, standing up and stretching. Tevita frowned at her.

"You aren't going to bug the phone people again, are you?" he asked, as if accusing her of turning him in for some crime.

"No," she said. "Daniel Williams wanted to talk to me today so I'm heading up to his office."

"Good. Don't mention the phone issue to the CSO..."

She rolled his eyes at him, but he only smiled, large hands moving deftly across the keyboard. Without phone call interruptions Tevita would clear out the email queue in no time.

She took the stairs, hoping to work off the donut she'd eaten earlier that morning. It seemed no matter how resolute she thought she was to eat healthier, as soon as someone brought in free goodies her willpower vanished and she indulged. She doubted the climb from the first floor to the third made any real difference, but at least her husband wouldn't get on her case about taking the elevator when she had two perfectly working legs.

The door to Daniels office sat closed, and she peeked into the glass valance to the side. Daniel stared at his computer screen, his brows drawn low. He didn't touch the keyboard and mouse, eyes moving across his monitor as if trying to puzzle something out. He just reached for the mouse when she knocked quietly on the window.

He turned, a smile easing his expression. He waved her in, and she quickly hurried through the door."

"You wanted to see me?" she inquired.

"Yes, please sit down," he said, gesturing to one of the empty chairs across his desk. She sat while he turned back to his computer.

"Please watch," he said as he launched Internet Explorer. "I'm going to talk you through what I'm doing, and I don't want you to interrupt until I'm done. Okay?"
Jessica felt a twinge of uneasiness stiffen her spine. "Of course," she responded, trying to instill confidence in her voice. "What are you doing?"

He only smiled. "First, I've discovered what password I can use to access AMT on all our vPro enabled computers..."

She stood up. "What...?"

He held up his hand, not unkindly. "Please humor me."

She sat back down, her unease blooming. She clasped her hands in her lap so she wouldn't fidget, usually in the form of smoothing down her already crisp and wrinkle-free dress jacket. She couldn't sit completely still, and found herself tapping her toe. Fortunately the carpet, however uninviting bland, muffled the sound.

"Okay," Daniel continued. "I don't have access to Altiris though I have tried to gain it, unofficially of course."

"Of course," she said, and quickly clamped her teeth together before she asked another question.

Daniel continued, "In light of that I've done some Googling and found that AMT has a web-interface that anyone can access using a browser. I haven't figured out how yet, but I don't think it'll take me long. Let's see... how to access AMT via a browser... This first hit talks about someone who is unable to access it."

Url: (http://softwarecommunity.intel.com/isn/Community/en-US/forums/thread/30249624.aspx).

"Ah, in his post he says, "When I try to access the Web Interface (localhost:16992 or name:16992)... that means I can access my test in the same manner. Let's watch."

Jessica bit her lip to keep from saying anything, determined to keep quiet until he'd finished his demonstration. She really wanted to ask him how he acquired the password, but she supposed she should wait until he validated that claim first. Plus, he'd asked her to keep quiet, and she didn't want the CSO annoyed with her.

Daniel clicked on the address bar, deleting the current address. He then typed in MMMAMT0043:16992 in the address bar. When he hit Enter the page refreshed, showing him the initial AMT login screen. He clicked the ‘Log On' button, which provided a standard Windows security prompt. He entered in Admin as the username, and then typed in a password. Jessica's stomach dropped. She didn't see exactly what he put it, but it did look like he put in the right password.

The Intel Active Management Technology web interface appeared, giving Daniel full access to the system. Jessica reached up and rubbed at her eyes.

"Please tell me you simply asked Tevita for it," she said when he turned to her.

"No, but no need for you or Tevita to worry about that," he said with what Jessica assumed was a reassuring smile. It didn't help. "I believe I used the same methods our traitorous employee working in cahoots with Nifty Networks used to gain these powerful credentials. I'll be conducting security training for our employees soon to try and plug that method."

"So how did you do it?"

Daniel nodded. "Good question, but the better question I'm posing to you is this: how can we better secure the AMT technology? See here under Remote Control? I can remotely reboot this person's system and boot it up into an application I can use to wreak havoc. Nifty, no?"

She swallowed hard. "No, not nifty."

"Good. You see the issue. I'm tempted to not tell you how I did it. Mystery lends me an air of the supernatural, or at least my uber-geekness. Why reveal how? That's like a magician revealing his secrets. Once the how is known, it isn't so magical anymore. Okay, so I'm taking far too much pleasure out of this. I simply watched you and Tevita closely and caught you entering the password. It took several tries before I finally got it right."

The beginning of a migraine colored Jessica's vision. "Great. I thought we had that password locked down..."

"As I said before, don't worry about it. Everyone is too trusting when entering passwords. I'll address that in our upcoming security meeting. What I want to discuss is how we can rectify this situation? Specifically I want to remedy the fact that anyone who does a smidgen of research will know that the administrative username for AMT is admin. We've handed any potential hacker one half of the credential equation."

Jessica nodded. "Yes, I see your point. Luckily I already know how to fix that. It's as simple as making the admin password random on each system and using Kerberos to use our Domain credentials for access."

"Good. The second point is I noticed that I can use a non-secure web address to access this. Can you get SSL enabled for all AMT communication?"

Jessica nodded again. "Yes, specifically AMT uses TLC, the successor to SSL. I believe I saw an article on how to enable that on Symantec Juice."

"Even better. Get those measures in place, and let me know when it's completed."

She nodded, shaking his hand when he offered it. She left his office and headed back down, taking the stairs despite the throbbing in her head. When she reached her cube she noted that Tevita had his headset on, his previous smile absent from his face. She gave him a grin when he glanced over, and this time he rolled his eyes. She should get onto the phones, but she wanted to get those changes implemented as soon as possible so that even Daniel couldn't crack the system... as long as Tevita and she carefully entered their passwords so others couldn't eyeball them.

She sat down and pulled up the Altiris Console. Both of her actions required a new vPro Profile to be pushed down to all the AMT systems, but that was the easy part. She started by enabling TLS on the server. Until she pushed down the new profile the AMT functions would not work. She leaned over to Tevita, and he glanced at her as she rolled closer in her chair.

"AMT will be available for a time," she said.

Tevita reached up and muted his headset. "Why?"

"I'm enabling TLS. You know, encryption. When I enable it on the server side the clients will not be able to communicate back with the server until I update the profile and they have the right certificates."

He shivered. "Is that such a good idea? Certificates are tricky... we could easily mess up the whole thing and have no AMT access..."

"Tevita, it isn't that complicated. I have all the Altiris documentation on how to do it. Besides, there's a specific article on how to do it after the installation, here: http://juice.altiris.com/article/2737/how-enable-tls-within-out-band-management-after-install. Piece of cake."

"If you say so..."

"Trust me. If we had a hierarchal structure of certificate authorities, it might get a bit dodgy, but I'm just setting up the one root."

"Yeah, and the flux capacitor needs just such and such gigawatts of power..."

"Just read up on it! It's not that hard."

Tevita spoke for a moment into his headset, and took it off. "I don't know anyone who understands it all that well."

She planted her hands on her hips. "It's really simple. We give the root CA, aka the King, the credentials that are acceptable. Secondly, the Altiris server gets the credentials so it can work with the CA and the clients. We then load the matching credentials on the clients via the Provisioning Profile. Now everyone has the credentials."
He smiled. "What about client-side and server-side certificates?"

"Again, simple. Communication is unidirectional for a given parent/child certificate set. With basic TLS in vPro, all the clients have server certificates. The Altiris Server uses a client certificate to authenticate with the client so that the client machine will accept the AMT commands sent it."

"Alright. That sounds simple enough, but what about the CA? What's that for?"

Jessica looked at him, her eyes narrowing. "What's with the third degree? 'Tell me Master Qui-Gon. What are midichlorians'?"

Tevita burst out laughing. "Am I that transparent? I didn't know you liked Starwars..."

"I don't. Like that movie quote, your questions are contrived..."

"Hehe, yeah. I'm just trying to prove a point. It's not that simple..."

"But it isn't that complex, either. The CA tells the server-side component (the AMT Client) if the client connection (from the Altiris Server) is to be trusted. I know having the AMT clients act as the server seems a bit backwards, but since we want AMT functionality to be secure, it makes sense. The Altiris Server that tells AMT what to do needs to prove itself. This ensures a rogue server can't just initiate any AMT functionality without having the proper certificate. So the server provides a client certificate, which the AMT system authenticates with the CA before allowing the Altiris Server ‘in'."

"Okay, okay. That sounds simple enough. I'll be sure to avoid AMT until next week when you get TLS finally working... kidding! Take it easy, I'm just joking."

She wanted to keep the stern look on her face, but a smile cracked through. "You just watch it, Mister."

Jessica turned her attention back to the Altiris Console. She opened up a browser on her second monitor and pulled up the Juice article she'd shown Tevita. She walked through the steps, sometimes checking back on the Altiris Administrator's Guide for Out of Band Management, found at http://www.altiris.com/Support/Documentation.aspx. She finished the processes except for updating the profile since she needed to also update the Admin password settings.

She browsed in the Altiris Console under View, Solutions, Out of Band Management, Configuration, Provisioning, Configuration Service Settings, and clicked on Provision Profiles. She highlighted her active profile and clicked the pencil icon in the icon bar to edit it. Under the General tab, to the right of the window, she changed the Intel® AMT 2.0 password: setting from Manual to Random creation. She then clicked on the TLS tab and, using the previous directions, enabled TLS within the profile.

She sat back as she clicked OK. Now that the Altiris Server was setup properly, she needed to push the new profile out. From her place in the console she backed up into the Provisioning folder, and then expanded the Intel AMT Systems folder and highlighted the Intel AMT Systems node. All Intel AMT Systems showed within the right pane. She clicked on the top one, scrolled down, and, while holding shift, clicked on the bottom one. She right-clicked and selected the ‘reprovision' option.

With a sly smile she glanced over at Tevita. He wore his headset again, though he looked less stressed than before. She rolled over and wrote on his whiteboard "AMT back up in a few hours". For the time being they could rely on the Runtime Profile for authentication. Since Altiris knew all the random passwords for the Admin account, via Altiris they should have no problems with security. However she needed to quickly implement AD integration with Kerberos authentication just in case.

She got up to take a quick break. She stretched, looking out over the cubes. She froze in mid stretch for a moment, before quickly pulling down her arms, her eyes widening. Two men in blue jumpsuits walked nonchalantly through the building, one holding a sheaf of what looked like generic forms and the other with a nondescript box. Despite their "non"-threatening postures, something about them bothered her. At first she simply watched them, trying to figure it out.

The man in front emanated confidence like a shiny sword and shield, his smile infectious and full of perfectly white and straight teeth. His strong features seemed chiseled from brilliant marble, as if he'd been carved amid the statues of Rome. Not one of the rich brown hairs on his head stood out of place, his hazel eyes roving over the office as if memorizing all the details. He didn't act suspicious, but his very manner belied the blue-collar worker outfit he wore.

Right behind him strode the other man. He wore a beard, a hat pulled low over his eyes. She squinted, hunching down a little so she didn't rise so high above the cube walls. He carried the box, his muscles tensed. He walked jerkily, each step seeming just a little unsteady. Sweat beaded on what little she could see of his forehead.

"Tevita," she whispered. "Does that guy look familiar to you?"

He appeared beside her. "Who? Those two delivery guys?"

"Yes. The one carrying the box."

Tevita turned to stare at her. "It's the ninja!"

She shook her head, though the sudden clenching in her stomach belied the action. "No way, he's in jail, right?"

"Probably not. He didn't threaten anyone or do any actual damage, and the price of the hard drives he tried to steal doesn't equal enough to be a felony, especially since he claims he was only after the hardware..."

"But why come back here? We know who he is..."

He just shrugged. "Maybe he's turning a new leaf..."

She gestured at the other man just as they disappeared into the stairwell. "Maybe, but that other guy gives me the creeps. I wouldn't be surprised if his name happens to be Lex Luther."

Tevita nodded. "Let's follow them."

She shook her head. "No way! Let's just call security and let them deal with it."

The Tongan only shook his head slowly. "The security company might be too slow to respond. Heck, they took forever to show up when our ninja friend showed up the first time. You go tell Bobby and I'll shadow these two shifty guys."

Before she could respond he hurried away, surprisingly quiet for his bulky, muscled size. She clenched her teeth together, torn by indecision for a few precious seconds. She then turned and hurried towards the server rooms, hopping Tevita wouldn't get himself into too much trouble.

END Part 5

This concludes Part 5. This cliff-hanger will be continued in an even more unbelievable conclusion, Part 6. Now that the competitor has breached the office once again, can Might Modern Marketing's IT staff protect their infrastructure, data, and themselves from this all out attack?

Intel AMT demonstration

Ylian Saint-Hilaire — Tue, 29 Jul 2008 19:46:54 GMT

Hi everyone. A few days ago, I did a demonstration of Intel AMT at an Intel event. This is a standard demonstration of Intel AMT with reboot, remote BIOS edit and the unique TCP-over-SOL to perform a VNC session on a computer that has the operating system network stack disabled.

This video is also available in high quality within the YouTube site. You have to go into YouTube and click ont the high quality link. I am pretty impressed how must better the quality is when viewing it in high quality.

The VNC-over-SOL demonstration is probably my number one demonstration for WOW'ing an audience with Intel AMT. I sometimes also do demonstration on agent presence that is also unique to the DTK.

Ylian

Fun facts about the Intel AMT serial port

Ylian Saint-Hilaire — Fri, 25 Jul 2008 07:30:15 GMT

I often get questions about the Intel AMT serial port. Ever since the DTK started to make heavy use of it, serial-over-LAN has gotten a lot of attention. First, how do you change the COM port number of the Intel AMT serial port? The COM number (COM3: for example) is assigned by the operating system, so you don’t see that is any AMT/BIOS/MEBx option. You have to go into Microsoft Windows Device Manager, go to the properties of the “Intel(R) Active Management Technology – SOL” port. Then go into the “Port Settings” tab and press the advanced button. There, you can change the COM port.

Also, it’s often useful for application to be able to automatically detect the AMT serial port. In Intel AMT Outpost, I scan the device drivers looking for the “Intel(R) Active Management Technology – SOL” device and read the COM port number that follows in that string. Sofar, it seems to work great, even in non-English countries, something I am always worried about.

The Intel AMT serial port is much like any other serial port, but it has a PCI device identifier that is not normally known to Microsoft Windows and so, Windows does not know what to do with this device. On Intel’s web site, there is an SOL driver available. The serial driver itself is just a small .INF that tells Microsoft Windows to load and use the standard serial driver. In fact, one can manually force the standard Windows serial driver to be used for this device. You need to go in the device manager and pick a driver from the list, select Microsoft as the manufacturer and you will see it. Even if it’s possible, I don’t recommend it because the DTK code will no longer recognize that COM port as being the AMT port, it’s going to work but will have the wrong name for auto-detection.

Lastly, if someone needed to know if a computer is AMT enabled without having to load any drivers, one way to do it would be to detect the presence of the Intel AMT serial port. It is always present even when AMT is un-provisioned, and it can’t be turned off, unless AMT is disabled entirely in MEBx. This can be a good way to figure out if you need to start considering a computer for AMT setup.

Ylian
(Intel AMT Blog)