Intel vPro Expert Center Blog

15 Posts tagged with the sccm tag
Click to view jlvb's profile
0

We had the Intel vPro technology Challenge at MMS 2008 - a competition where teams of two competed to fix a troubled PC using Microsoft System Center Configuration Manager 2007 with PCs with Intel vPro technology. Check out how much fun this Challenge was at MMS 2008 this year:
To see more videos from MMS 2008, go to: http://www.intel.com/go/mms/

0 Comments Permalink Tags: centrino_pro, vpro, challenge, microsoft, system, center, configuration, manager, mms, sccm, sccm_sp1, sms
Click to view jlvb's profile
0

At Intel, we're always looking for feedback on the way IT should be. Therefore, at the recent MMS 2008 Conference, we had Intel customers, partners, and technical experts from Microsoft and Intel tell us their meaning of IT Utopia.




To see more videos from MMS 08, go to http://www.intel.com/go/mms/

0 Comments Permalink Tags: vpro, intel, microsoft, mms, 08, sccm_sp1, sccm, roi
Click to view jlvb's profile
0

When Intel released Intel vPro technology into the marketplace in 2006, the press asked us what the "v" in Intel vPro technology meant. Now that the technology has been in the marketplace for almost two years, we thought that the best answer to the question, "What does the "v" in Intel vPro technology mean to you?" would come from Intel customers, as well as from some of the technical experts from Intel and our partners who deal with our customers on an almost daily basis. See their answers below.



To see more videos from MMS 2008, go here: http://www.intel.com/go/mms/

0 Comments Permalink Tags: mms, vpro, sccm_sp1, sccm, intel, microsoft, vpro, mms, 2008, system, center, configuration, manager, sms, justin_van_buren
Click to view josh.hilliker's profile
0

MMS: Live at the vBar

Posted by josh.hilliker Apr 30, 2008

Brad Anderson & Gregory Bryant took a few moments to talk to a few folks about vPro & SCCM SP1.

Here's a few comments to share out:

GB - 800Million transitors in the chip. Transistors are focused on solving IT problems now.. (good news to IT folks).

Brad - key message is that users are moving to SCCM & the request is out to join up & give feedback to MS on the new console. (that's SCCM SP1).

GB - ROI's are positive, definitely a focus on changing the biz process is important.

Brad - Config Mgr is making life easier.

NOTE: Tom Quillin did a stellar job of hosting the session.. Kudos Tom.

Now onto a few audience questions.. if your not here @ MMS, your missing out..

0 Comments Permalink Tags: gregory_bryant, josh_hilliker, vpro_expert_center, sccm, sccm_sp1
Click to view Kelsey_Witherow's profile
0

Coming Up: We are going to have Matt Royer join us again on the show. Josh, Russ, & Jeff Torello will be getting the latest information on WS-MAN translator integration and SMS/SCS to SCCM Migration. Hope you are able to join us!
When: April 21st @ 3:30 PM
Call-in Number: (347) 326-9831

Check out these blog posts from Matt Royer to get an insight on what our show will be about:
SCCM SP1 & WS-MAN Translator: How vPro firmware versions less than 3.2.1 are supported
Overview of SMS/Intel SCS migration to SCCM SP1

btrbetalogo.gif
http://www.blogtalkradio.com/openport
Here's the scoop, yet again, for those who haven't heard...
Hosted by Josh Hilliker, Russ Pam, & Jeff Torello this bi-weekly informal show will be covering a variety of topics and is a perfect avenue to get your questions answered. Listen in live, give your two cents, or just download the show after it has aired. Make sure not to miss out on this awesome opportunity to learn and engage with the vPro experts. Can’t join us live? Have no fear, blogtalkradio let’s you listen to the show whenever you have the time. Visit the Open Port Radio site (link is above) to hear previous shows and even catch a glimpse of what’s to come!

0 Comments Permalink Tags: matt_royer, josh_hilliker, russ_pam, jeff_torello, sccm, sms, ws-man, kelsey_witherow
Click to view miroyer's profile
3

Note: This information is based off Microsoft System Center Configuration Manager 2007 SP1 RC and is subject to changes between now and RTM.


With the upcoming release of Microsoft SCCM SP1 and native support for vPro manageability, there may be a scenario where you have vPro Clients that are activated (provisioned) under Microsoft SMS with the Intel SMS Add-on / Intel SCS that you need to migrate to SCCM SP1. As may have read in the previous blog, Microsoft does not use the Intel SCS for provisioning and configuration of the vPro Clients. Instead, Microsoft as part of their SCCM SP1 implementation, have chosen to develop and integrate their own code base for provisioning and configuration management of vPro Clients. So to migrate vPro Clients from SMS / Intel SCS to SCCM, Intel will be providing a migration utility to help make this transition.

Before we get into the details of the migration utility, let us first discuss at a high level the overall SMS to SCCM migration process. The first thing to keep in mind is that the vPro client migration from SMS to SCCM SP1 is just a post step after you perform the recommend steps that Microsoft provides for upgrading your SMS environment to SCCM. Microsoft has created an excellent Configuration Manager Upgrade, Interoperability Planning and Deployment guide that walks a customer through the planning and upgrade path from SMS to SCCM. Once these steps are completed, the migration of the vPro Client from the Intel SCS to SCCM SP1 can be initiated.

(Click picture for higher resolution image)

High Level SMS to SCCM Migration Process.png

Now let us talk a little about the migration utility… At the most fundamental level, the migration utility prepares the vPro Client to be natively reprovisioned by SCCM SP1. The process can be broken into several key steps.

  1. Extract list of vPro Clients from the Intel SCS to be migrated to SCCM (List used to track migration progress)
  2. Generate a vPro Client list import file that can be natively used by SCCM SP1
  3. Using the "Import Computer for Out of Band Management wizard" within SCCM SP1, import the list of vPro Clients to be provisioned by SCCM
  4. Connect to each vPro Client to be migrated and prepare it for reprovisioning by SCCM SP1.
  5. Once the vPro provisioning hello packet is received, SCCM SP1 will begin its native provisioning process for the vPro Client

(Click picture for higher resolution image)

Intel vPro SMS SCS Migration Tool Detail.png


You may conclude that “preparing the vPro Client to migrated” is basically performing an unprovision. For the most part that is correct; however, as part of the preparation step we are setting some critical values to allow it to be reprovision without having to physically touch the client. For example, we are setting values such as Remote Configuration Certification hash used by SCCM, PID/PPS pair (used for WS-MAN Translator for firmware version that do not support Remote Config), and Provisioning Server FQDN / Port (if different then provisionserver DNS entry and 9971).

At the time you initially run the migration tool, there may be a chance that not every vPro Client will be accessible (for example mobile clients that are not on the network when you initiate the migration). The migration utility will have the ability to log and track which vPro clients have been successfully prepared for migration and which ones where unable to be contacted. Re-running the migration utility at a future dates will attempt to connect to vPro clients that were inaccessible at previous runs. If you still have vPro Clients that are being logged as inaccessible after a couple runs of the migration utility, you may be required to investigate the root cause on why those vPro Clients are not accessible.

For those that have vPro Clients deployed in your environment but not activated and you are planning on deploying SCCM SP1, Microsoft has enabled their SCCM SP1 Client agent to initiate and authorize the provisioning process through policy. This provides a fairly straight forward and easy mechanism for provisioning your non-activated vPro Clients. To take advantage of this in a no physical touch scenario, your vPro Clients will be required have a firmware version that supports remote configuration (2.2, 2.6, 3.x). If you are not able to upgrade your firmware to a version that supports remote configuration, you will be required to configure (either manually in the MEBx or USB one touch) the PSK PID/PPS pair expected by the WS-MAN translator.

In the upcoming weeks, we will post our initial beta version of the SMS/Intel SCS to SCCM Migration Utility for vPro Expert Center community review along with a deeper drive into the configuration and usage of the migration utility. Please keep tuned for more detail to come.

Matt Royer

3 Comments Permalink Tags: sccm_sp1, sccm, amt, vpro
Click to view miroyer's profile
1

Note: This information is based off Microsoft System Center Configuration Manager 2007 SP1 RC and is subject to changes between now and RTM


So as you read through the Microsoft documentation for SCCM SP1, you will most likely notice that Microsoft SCCM SP1 states they have native support for vPro clients with firmware versions 3.2.1 or higher. If Microsoft only natively supports vPro clients 3.2.1 or higher, you may be asking how vPro clients that are running firmware versions 2.x, 3.0, and 3.1 are supported.

Not to worry; through the use of the Intel WS-MAN translator, SCCM SP1 will be able to provide provisioning and manageability support for earlier versions of vPro firmware. As part of SCCM SP1 Release Candidate, Microsoft has introduced integration support for the WS-MAN Translator (It was not available as part of the initial SCCM SP1 Beta release).

In a future blog, we will provide a little more detail on the Install, Configuration, and SCCM Enablement of the WS-MAN translator; however, let us take this opportunity to talk little more about SCCM SP1 interaction with the WS-MAN Translator.

So why doesn't SCCM support earlier vPro firmware versions? The core reason is that SCCM only know how to communicate to vPro Clients in WS-MAN (Web Service Management). Prior to AMT firmware version 3.0, vPro Client only knew how to communicate in a protocol called EOI (External Operations Interface). So just like one person speaking English to another person that only understands French, when SCCM SP1 tries to communicate with a vPro client with a firmware version of 2.x, the vPro client does not understand what the management console wants it to do. So, simular to a person translating for our French and English speaking persons, the WS-Translator translates WS-MAN calls to EOI and from EOI to WS-MAN.

Ok, so vPro clients with AMT version 3.0 know how to speak WS-MAN. Why do you need the translator for firmware version 3.0 and 3.1? Well without getting into the excessively technical details, there were some changes required in the AMT 3.x firmware to make SCCM SP1 work properly with vPro client running firmware 3.x; these changes were introduced in vPro firmware version 3.2.1. To allow for vPro firmware 3.0 and 3.1 to be supported, we were able to mask those changes that SCCM SP1 required in the WS-MAN Translator.

The other thing that the WS-MAN translator enables is support for PSK vPro Client provisioning. Natively, Microsoft SCCM SP1 only supports PKI (also commonly referred to as Remote Configuration) for provisioning. vPro firmware version 3.0 supported PKI provisioning from the initial release; however, vPro firmware version 2.x did not received PKI provisioning support until versions 2.2 & 2.6. Although we recommend that you upgrade your vPro firmware to the latest version supported by the OEM, there may be some cases were upgrading 2.2 or 2.6 is not a viable option. So to support clients that are running 2.0, 2.1 and 2.5 firmware, the WS-MAN translator offers a means of supporting PSK provisioning. The key item to keep in mind about PSK support within the WS-MAN translator is that it only supports one PID/PPS pair; the same PID/PPS will be used for all your vPro Clients using PSK for provisioning.

If desired, you can use PSK provision through the WS-MAN translator for all vPro firmware versions; however, since SCCM SP1 only uses the WS-MAN Translator for firmware versions less then 3.2.1 you are required to use PKI provisioning for any vPro Client firmware version 3.2.1 or higher. It is for this reason (and the fact that you can take advantage of vPro Remote Configuration) that we recommend you upgrade your vPro Clients to 2.2, 2.6, and 3.2.1 were supported by the OEM.

If you have no vPro Clients in your environment that are less then firmware version 3.2.1, there is no need to use the WS-MAN translator; SCCM SP1 will natively provision and manage vPro clients without the need for the WS-MAN Translator.

As previously noted, stay tuned for more information on vPro Expert Center about the WS-MAN translator in the next couple weeks.

Matt Royer

1 Comments Permalink Tags: sccm_sp1, sccm, amt, vpro
Click to view miroyer's profile
0


Note: This information is based off Microsoft System Center Configuration Manager 2007 SP1 RC and is subject to changes between now and RTM.

Microsoft has just release System Center Configuration Manager 2007 SP1 Release Candidate. As previously noted in a past blog, SCCM SP1 is Microsoft's first release that provides native manageability support for vPro Technology.


Some of the high level changes associated to vPro between SCCM SP1 Beta and RC1 are:

  • Kerberos support for Out of Band Console
  • Maintenance Tasks for Certificate Expiration and Kerberos Master Key renewal
  • Update Out of Band Console UI
  • Integration support for the Intel WS-MAN Translator (provides legacy support for firmware version less then 3.2.1)
  • Active Directory Integration


To gain access to Microsoft System Center Configuration Manager 2007 SP1 RC, you can request access by:

Set-up an account. on MS Connect.
MS Connect Website
http://www.connect.microsoft.com/
After you've logged in, select "Available Connections" from the menu on the left side of the screen.
Select "System Center Configuration Manager 2007". You will be asked to fill out a questionnaire so they can get some background and demographic information.
Matt Royer

0 Comments Permalink Tags: sccm_sp1, sccm, amt, vpro
Click to view miroyer's profile
1

The Intel® Active Management Technology's (Intel® AMT) Setup and Configuration Service (Intel ®SCS or SCS) provides developer or ISV with the tools to set up and configure Intel AMT devices. The Setup and Configuration Service (SCS) allows for most aspects of setup and configuration to be completed through a remote management console. The service package consists of a configuration engine and installer in binary form, plus a reference graphical user interface that the ISV may integrate into their Manageability Product.


So where is the Intel® SCS in Microsoft System Center Configuration Manager (SCCM) SP1? The short answer is MS SCCM SP1 does not use the Intel SCS. The longer answer is that Microsoft, as part of their architectural design of SCCM SP1, has chosen to develop their own mechanism for performing the initial provisioning and configuration of the Intel® vPro Clients. This is different from the requirement the Intel Client Manageability Add-on for SMS 2003 had on the Intel SCS for enterprise provisioning and configuration.


Each ISV, as part of their enablement of vPro Management Technology within their product, can choose to leverage the Intel® SCS or use it as a reference design to develop their own implementation. Microsoft, with SCCM SP1, is not the only ISV that chose to develop their own capability for provisioning and configuring vPro Client; did you know that LANDesk also does not use the Intel SCS for vPro Client provisioning and configuration?


Matt Royer

1 Comments Permalink Tags: sccm, sccm_sp1, vpro, amt
Click to view josh.hilliker's profile
0

Wednesday - Russ will be co-hosting with me as we discover more about Microsoft SCCM SP1 with Matt Royer. You may have seen the river of great posts from Matt around SCCM and he's a known pro on SCCM. Matt will be discussing the following topics:

• SCCM SP1 Provisioning and Ease of vPro Client Provisioning
• SCCM SP1 Collection Based Power Management and Task Sequence Power On Capability
• SCCM SP1 Out of Band Management Console for 1 to 1 vPro Client Management

We usually do this every two weeks, however with all that is happening with SCCM SP 1 we thought it would be great to discuss this as soon as we could pull this together. I hope you can join us. Here's the data on the Talk Show:

Dial In: (347) 326-9831
Time: 1:30PM PST

You can listen here or go to the URL below as well .


or

http://www.blogtalkradio.com/openport/2008/02/27/vPro-Expert-Center-On-The-Air

If you have questions fire up chat during the call & ask the experts...

Josh H

0 Comments 0 References Permalink Tags: vpro, sccm_sp1, sccm, microsoft, josh_hilliker, matt_royer, russell_pam
Click to view miroyer's profile
0

Note: This information is based off Microsoft System Center Configuration Manager 2007 SP1 Beta and is subject to changes between now and RTM.

Once the vPro client has been provisioned by SCCM SP1, you can now start performing vPro Client Manageability through either Collection based power operation or through the “Out of Band Console”.

To invoke vPro power management feature from within a collection, you can right click on a single client (or multi-select several clients) and select “Out of Band Management” -> “Power Control”. After which, a “Power Control” Screen will appears for the client(s); from there you can select whether to power on, power off, or restart the vPro Clients.

Here is a video that visually goes through the process:


To perform more vPro client manageability options, right click on the client in the collection to manage and select “Out of Band Management” -> “Launch Out of Band Console”. It may take several seconds for the “Launch Out of Band Console” to fully load; make sure that System status in the bottom left section of the “Out of Band Console” reads as “System: Connected”. Once the “Out of Band Management” is loaded, you will see 7 menu options:

  • System Status: Displays the following for the connected computer:
    • The power state
    • IP address
    • Computer name
    • System ID
    • System date
    • System time
  • System Inventory: Displays the hardware inventory information for the connected computer.
  • Power Control: Initiates one of the following power control actions:
    • Power on the computer
    • Power off the computer
    • Restart the comput
    • If you power on or restart the computer, select one of the supported boot options that is retrieved from the computer. These can typically include the following:
      • Normal boot
      • Boot from local CD/DVD drive
      • Boot from local hard drive
      • Boot from alternative media (and specify the image file in Alternative media path)
      • Boot from the network
      • Boot to BIOS
  • System Event Log: Displays activity for the management controller on the selected computer. You can also clear and set log levels from this screen.
  • System Audit Log: Displays IDE redirection and PXE boot information.
  • Serial Connection: Starts a terminal emulation session so that you can run commands and character-based applications. After invoking an IDER or BIOS redirections, you will want to come to this screen to interaction with the SOL session.
  • Configuration: Allows you to perform either a full or partial unprovision of the vPro Client
    • Full Unprovision: “Delete both configuration data and identification data from the management controller”
    • Partial Unprovision: “Delete configuration data and retain identification from the management controller”


Here is a video that visually goes through the process:


Matt Royer

0 Comments 0 References Permalink Tags: sccm_sp1, vpro, amt, sccm
Click to view miroyer's profile
3

Note: This information is based off Microsoft System Center Configuration Manager 2007 SP1 Beta and is subject to changes between now and RTM.

Here are some general steps to provisioning an AMT client using SCCM SP1 Import Out of Band Computers Wizard. Please note that until the WS-MAN translator is released, you will only be able to Provision and Manager AMT 3.x or higher machines.

  1. Within the Configuration Manager Console, expand “Site Database” -> “Computer Management” -> “Collections” -> “All Systems”. Right click on “Collections” and select “Import Out of Band Computers”.
  2. When the “Import Computer for Out of Band Management Wizard” appears, select “Import single computer” and then click “Next”.
  3. When asked for the information associated to the vPro client you are importing, enter in the following and press “Next”:
    • Computer Name
    • FQDN
    • MAC Address
    • SMBIOS GUID (aka UUID) \\\\Note: The Computer Name, FQDN, and UUID are required for provisioning. The MAC Address is used for conflict resolution and not required. Feel free to use all 1’s in the MAC Address.
  4. On the “Data Preview” screen, confirm the entries entered and click next.
  5. On the “Choose Target Collection” Screen, select “Add New Computers only to the All Systems Collection” and click next. When presented with the Confirmation Screen, click “Next”. You may choose to put the client in another collection if you wish.
  6. On the “Confirmation” Screen, confirm that import was a success, and click “Close”.
  7. Right Click on “Collection” and select “Update Collection Membership”. Click “Yes” to confirm that you want to proceed.
  8. Within the Configuration Manager Console, expand “Site Database” -> “Computer Management” -> “Collections” -> “All Systems”. Right Click on “Refresh” and confirm that AMT client is now in the collection list.
  9. You should now see the vPro Client in the Collection in an “unprovisioned” state. The provisioning process may take a couple minutes. You can track the provisioning process in the c:\program files\Microsoft Configuration Manager\Logs\amtopmgr.log Log.
  10. Right Click on “Collection” and select “Update Collection Membership”. Click “Yes” to proceed. Within the Configuration Manager Console, expand “Site Database” -> “Computer Management” -> “Collections” -> “All Systems”.
  11. Right Click on “Refresh” and confirm that AMT client is now in the collection list. Once the provisioning process has been completed you should see the device listed as “Provisioned” in the Collection list.

Here is a video that visually goes through the process:


Matt Royer

3 Comments 0 References Permalink Tags: sccm_sp1, vpro, amt, sccm
Click to view miroyer's profile
0

Here are the high level steps to configure SCCM SP1 so that you can begin provisioning and managing vPro Clients out of band. This does not take in consideration any additional configuration settings you may want to enable based on your business needs. Please note that until the WS-MAN translator is released, you will only be able to Provision and Manager AMT 3.x or higher machines.

Configure AMT Certificate on Enterprise CA for SCCM SP1


  1. Open of the Certification Authority Management Console for the Certificate Authority that will issue your AMT certificates.
  2. Expand the menu so that the “Certificate Templates” drill down is available.
    Right Click on “Certificate Templates” and select “Manage”.
  3. When the “Certificate Templates” windows appears, Select “Web Server” from the Template Display list.
  4. Right Click on “Web Server” Template and select “Duplicate Template”.
  5. When the “Properties of New Template” appears, ensure the “General” tab is select and enter in the “AMT Certificate” in the “Template Display Name” field and check “Publish certificate in Active Directory”.
  6. Within the “Properties of New Template” windows, click on the “Security” tab.
  7. Click “Add” and add the server name of the SCCM SP1 Site Server.
  8. Ensure you give the SCCM SP1 Site computer name read, Enroll, & Autoenroll permissions and then click “OK”.
  9. Close the “Properties of New Template” window
  10. Right Click on “Certificate Templates” and select “New”, then “Certificate Template to Issue”
  11. When the “Enable Certificate Templates” window appears, select “AMT Template” and click “OK”.

Here is a video that visually goes through the process for configuring the CA:


Adding “OOB Service Point” Role


  1. Open up “Configuration Manager Console”Expand “Site Database”-> “Site Manager” -> Site server Name -> “Site Settings” -> “Site Systems”. Right click on the SCCM Server and select “New Roles”.
  2. When the “New Site Role” wizard appears, click “Next”.
  3. Check the “OOB Service Point” and click “Next”.
  4. When presented with the “Transmission” options, leave default unless business needs dedicate otherwise and click “Next” to finish.

Configure “Out of Band Management”


  1. Open up “Configuration Manager Console”.
  2. Expand “Site Database”-> “Site Manager” -> Site server Name -> “Site Settings” and click on “Component Configuration”.
  3. Right click on “Out of Band Management” and select “Properties”.
  4. Under the “Provisioning Settings”, click “Set” near the MEBx Account.
  5. When the windows appears in the “General” tab, enter in the MEBx password that you want the MEBx password to be or what you have had your OEM preconfigured it with. SCCM SP1 will try the default (admin) password first (no configuration required) if necessary. Once completed, click “OK”.
  6. Within the “General” tab, check the “Register provisioning server in DNS for zero touch provisioning”. This will register provisionserver on your DNS server.
  7. Under “Certificates”, click the “Browse” next to “Provision Certificate”.
  8. On the “Select Provisioning Certificate” window, click “Browse” and choose your Remote Provisioning Certificate and then OK. Then enter in the password associated to the certificate and click “OK”. Please check of the following blogs to get more detail on Remote Configuration and process to create the certificate Please check out Terry Culter’s blog on Remote Configuration - What is it? How does it work? When will it be available?
  9. Back on the “General” tab, Click the “Select” next to “Certificate Template”.
  10. Once the “AMT Certificate Configuration Dialog” window appears and fully loads, select “AMT Certificate” under the “AMT Device Certificate Template” and click “OK”.
  11. Back on the “Out of Band Management Properties”, click the “AMT Settings” tab.
  12. Click the “New Icon” next to “AMT User Accounts”. When the “AMT User Account Setting” appears, click “Browse”, choose your desired groups or users, and click “OK”. Once the group has been selected, identify which permissions to authorize for that group or user. Click “OK” when completed
  13. On the “AMT Settings” tab, ensure that “Enable Web interface”, Enable Serial over LAN and IDE redirection for AMT devices”, and “Allow ping responses”. You may choose which options you want based on your business needs.
  14. Back on the “Out of Band Management Properties”, click the “Provisioning” tab.
  15. Click the “New Icon” next to “Provision Accounts”. When the “Windows User Account” appears, enter in a user name and password. This will allow you to specify user accounts that have been configured in the firmware for AMT-based computers, and can provision these computers. Once satisfied, check “OK”.
  16. Click “Apply” and “OK” to save the changes for the “Out of Band Management”.

Configure “Wake on LAN” settings to work with AMT


  1. Open up “Configuration Manager Console”.
  2. Expand “Site Database”-> “Site Manager”, right click on Site server Name and “Properties”.
  3. On the “Wake On LAN” tab, check “Enable Wake on LAN for this site” and click “OK”. Checking this option will allow SCCM SP1 Wake on LAN to use AMT remote power up control.

Enable Network discover of Out of Band Management


  1. Open up “Configuration Manager Console”
  2. Expand “Site Database”-> “Site Manager”, right click on Site server Name -> “Discovery Methods” and double click on “Network Discovery”.
  3. When the “Network Discovery Properties” appears, check “Enable network discovery” and “Enable discovery of baseboard management Controller”. Then click “OK”.
  4. On the “Wake On LAN” tab, check “Enable Wake on LAN for this site” and click “OK”. Checking this option will allow SCCM SP1 Wake on LAN to use AMT remote power up control.

Here is a video that visually goes through the process four steps above:


Matt Royer

0 Comments 11 References Permalink Tags: sccm_sp1, amt, vpro, sccm
Click to view miroyer's profile
2

Note: This information is based off Microsoft System Center Configuration Manager 2007 SP1 Beta and is subject to changes between now and RTM.

This is not a replacement for the install documentation that Microsoft provides for installing System Center Configuration Manager SP1, but is merely a high level guide on how to get SCCM SP1 up and running. This does not take in consideration how you should implement SCCM SP1 in your environment, what features beyond vPro Out of Band Management to enable, nor does it take in consideration upgrade paths from SMS 2003. In a supplement blog, I will describe the post installation configuration steps to allow "Out of Band Management" capability to be used within SCCM SP1.

Before you begin the install, there are both infrastructure and base server (the server that SCCM SP1 Site server will be installed on) configuration that need to be performed / consider first.

Infrastructure prerequisites for Out of Band Management


  • Microsoft Enterprise Certification Authority (CA) is necessary for serving web server certification for authentication of the AMT-based computer during out of band management.
  • AMT provisioning certificate from either your own PKI infrastructure or a third party certification from a vendor supported by the vPro platform is required for provisioning vPro clients.
  • vPro Desktops or Laptops that are running AMT firmware version 3.2 or later should have the Intel HECI Driver installed; backward compatibility for AMT firmware version 3.x and 2.x within SCCM SP1 will be provided with the implementation of the Intel WS-MAN Translator which is expected to be release in conjunction with SCCM SP1 RTM.
  • Active Directory and SCCM SP1 Site Server is required to have the correct security permissions in the Active Directory to publish clients. Please note that it is NOT required to extend the AD Scheme to take advantage of SCCM SP1 Out of Band Management capability; however, it may be required to use non-AMT rekated SCCM SP1 Features.
  • You will need to have a DNS Server that resolves the host name ProvisionServer to the Out of Band Service Point for remote configuration of AMT clients. This is not required if you are planning on exclusively using the Configuration Manager 2007SP1 client installed (agent) for provisioning.
  • DHCP with an active scope is necessary. You will need to ensure that DNS servers (006) and Domain name (015) are configured within the scope and the DHCP server is dynamically updating the DNS records.
  • Microsoft SQL 2005 with SP2 needs to be available for the SCCM SP1 Site System Collection Database to be installed on.

SCCM SP1 Site System Server Prerequisites


Installing Microsoft SCCM SP1 is pretty straight forward. The install wizard walks you through all the main configuration steps. To install SCCM SP1, you:

  1. Decompress the SCCM SP1 Install package and run splash.hta.
  2. When the Splash Screen is presented, click "Configuration Manager 2007" under the Install Option.
  3. Verify that you have completed the pre-tasks and click "Next".
  4. Select the "Install a Configuration Manager site server" and click "Next".
  5. Read / Accepted the Microsoft Software License Terms and click "Next".
  6. Select "Custom settings" and click "Next"
  7. Select "Primary site" and click "Next".
  8. Chose whether to participate in "Microsoft's Customer Experience Improvement Program" and click "Next".
  9. Enter in your "Product Key" and click "Next".
  10. Unless otherwise required, choose the default installation directory and click "Next".
  11. Enter in your "Site code", "Site name" and click "Next".
  12. Select "Configuration Manager Mixed Mode" and Click "Next". Reference the Microsoft SCCM SP1 Documentation to determine
  13. if you have a requirement to run SCCM SP1 in a "Configuration Manager Native Mode".
  14. Select the desired "Client Agents" to be enabled and click "Next".
  15. Specify the "SQL Server and instance" to be used and the name of the "ConfigMgr site database". Once entered, click "Next".
  16. Specify the location of the "SMS Provider" and click "Next".
  17. Specify the location of the "Configuration Manager Management Point" and click "Next".
  18. Choose the appropriate client communication port and click "Next".
  19. Select "Check for updates and download newer version to an alternate path" and click "Next"; you will be required to have access to the internet to perform this option. If you have already downloaded the packages, select "The latest updates have already been download to an alternate path" and point to that location on the following screen.
    Specific a folder to download the Prerequisite Component to and click "Next".
  20. Allow the required packages to be downloaded. You will be notified when the download is complete.
  21. Confirm the settings you have chosen and click "Next".
  22. Click "Run Check" and verify that no errors were found in the "Installation Prerequisite Check"; if any errors or undesirable warnings were discovered, click on the items to review the corrective action. Note that "AD Schema Extensions" are not required for vPro Client Manageability. When you are satisfied with the Prerequisite Check, click "Begin Install".
  23. Allow SCCM SP1 wizard to install the selected components.
  24. Once the install is complete, click "Finish",
Here is a video with screen captures of the install process.

Matt Royer

2 Comments 0 References Permalink Tags: sccm_sp1, amt, vpro, sccm
Click to view miroyer's profile
1

Note: This information is based off Microsoft System Center Configuration Manager 2007 SP1 Beta and is subject to changes between now and RTM.

Microsoft has just release System Center Configuration Manager 2007 SP1 beta. As part of SCCM 2007 SP1, Microsoft has included native support for several of the core vPro Out of Band Management use cases.

Security-based management: Through the use of public key infrastructure (PKI), SCCM 2007 SP1 allows for remote provisioning and out of band management communication through Kerberos authentication and Transport Layer Security (TLS) Channels. Activities are also recorded and auditable to ensure traceability and compliance.
AMT Provisioning: SCCM SP1 provides native provisioning capabilities for vPro Base clients through both bare metal (agent-less) and Configuration Manager 2007 SP1 client (agent based).
Inventory Data: SCCM 2007 SP1, through the use of core vPro capability, provides enhanced support for hardware base inventory. Inventory data such as BIOS UUID, power states, memory, process, hard drive information, etc that can all be retrieved out of band and independent of power state.
Power Control: SCCM 2007 SP1 enables you to perform both in and out of band power controls for vPro Clients such as power on, power off, and restart capabilities for a single computer or a selection of vPro clients in the collection.
Out of Band Manager Console: Within SCCM 2007 SP1, you are able to interaction directly with each vPro client and invoke AMT use cases through the Out of Band Manager Console. This capability allows you leverage additional power control options including the use of Serial over LAN (SOL), IDE Redirect (IDER), and detail vPro Audit / Event logs. SOL allows you to perform terminal emulation to the vPro client and perform character-based commands and/or interact with the systems BIOS. IDER enables you to boot from a remote or local image to take advantage of alternate boot environment or diagnosing / repair tools.
To gain access to Microsoft System Center Configuration Manager 2007 SP1 Beta, you can request access by:


  1. Set-up an account. on MS Connect.
    MS Connect Website
    http://www.connect.microsoft.com/
  2. After you've logged in, select "Available Connections" from the menu on the left side of the screen.
  3. Select "System Center Configuration Manager 2007". You will be asked to fill out a questionnaire so they can get some background and demographic information.

Matt Royer

1 Comments 191,051 References Permalink Tags: sccm_sp1, amt, vpro, sccm