Intel vPro Expert Center Blog

19 Posts tagged with the sccm_sp1 tag 1 2 Previous Next
Click to view michelegartner's profile
0

Check out the new articles this week!






0 Comments Permalink Tags: best-practices, troubleshoot, sccm_sp1, landesk
Click to view jlvb's profile
0

We had the Intel vPro technology Challenge at MMS 2008 - a competition where teams of two competed to fix a troubled PC using Microsoft System Center Configuration Manager 2007 with PCs with Intel vPro technology. Check out how much fun this Challenge was at MMS 2008 this year:
To see more videos from MMS 2008, go to: http://www.intel.com/go/mms/

0 Comments Permalink Tags: centrino_pro, vpro, challenge, microsoft, system, center, configuration, manager, mms, sccm, sccm_sp1, sms
Click to view jlvb's profile
0

At Intel, we're always looking for feedback on the way IT should be. Therefore, at the recent MMS 2008 Conference, we had Intel customers, partners, and technical experts from Microsoft and Intel tell us their meaning of IT Utopia.




To see more videos from MMS 08, go to http://www.intel.com/go/mms/

0 Comments Permalink Tags: vpro, intel, microsoft, mms, 08, sccm_sp1, sccm, roi
Click to view jlvb's profile
0

When Intel released Intel vPro technology into the marketplace in 2006, the press asked us what the "v" in Intel vPro technology meant. Now that the technology has been in the marketplace for almost two years, we thought that the best answer to the question, "What does the "v" in Intel vPro technology mean to you?" would come from Intel customers, as well as from some of the technical experts from Intel and our partners who deal with our customers on an almost daily basis. See their answers below.



To see more videos from MMS 2008, go here: http://www.intel.com/go/mms/

0 Comments Permalink Tags: mms, vpro, sccm_sp1, sccm, intel, microsoft, vpro, mms, 2008, system, center, configuration, manager, sms, justin_van_buren
Click to view wryork's profile
0

I have recently posted a resorce pertaining to SCCM SP1 and Out of Band Management.

  1. SCCM SP1 Help file- This is the help file that ships with SCCM SP1 RC1. It is a great resource to used to get all of the details specific to SCCM as well as a section devoted to Out of Band Management

0 Comments Permalink Tags: sccm_sp1, out_of_band_management
Click to view josh.hilliker's profile
0

At the MMS booth I was asked this question & was able to sit down with Matt for a minute. Here is the answer to when will you see WS MAN & the Migration Tool for Microsoft Service Center configuration manager SP1

0 Comments Permalink Tags: mms, sccm_sp1, josh_hilliker, vpro_expert_center, matt_royer
Click to view josh.hilliker's profile
0

MMS: Live at the vBar

Posted by josh.hilliker Apr 30, 2008

Brad Anderson & Gregory Bryant took a few moments to talk to a few folks about vPro & SCCM SP1.

Here's a few comments to share out:

GB - 800Million transitors in the chip. Transistors are focused on solving IT problems now.. (good news to IT folks).

Brad - key message is that users are moving to SCCM & the request is out to join up & give feedback to MS on the new console. (that's SCCM SP1).

GB - ROI's are positive, definitely a focus on changing the biz process is important.

Brad - Config Mgr is making life easier.

NOTE: Tom Quillin did a stellar job of hosting the session.. Kudos Tom.

Now onto a few audience questions.. if your not here @ MMS, your missing out..

0 Comments Permalink Tags: gregory_bryant, josh_hilliker, vpro_expert_center, sccm, sccm_sp1
Click to view josh.hilliker's profile
1

Top 5 questions from the vPEc booth
#1. How do you get started
http://communities.intel.com/openport/blogs/proexpert/2008/02/09/high-level-guide-to-installing-sccm-sp1-beta or
http://communities.intel.com/docs/DOC-1499

#2. What about legacy support
http://communities.intel.com/openport/blogs/proexpert/2008/04/16/sccm-sp1-38-wsman-translator-how-vpro-firmware-versions-less-than-321-are-supported

#3. What are the top features that I capture about
Top features are in band client agent provisioning and integration of power control in collection based operation and task sequence support.

#4. Why does SCCM matter for vpro?
Sccm is microsoft's first managiblity software that provides native support for vpro capibility. You are able to have a single software provide you on on complete software solution for you vpro client fleet.

#5. What is the difference between Wake On LAN
http://softwarecommunity.intel.com/articles/eng/1151.htm#2 (abstract from the site)

Q1: Does the Intel® Active Management Technology (Intel® AMT) feature of Intel vPro technology support Wake On LAN* (WOL), Pre-boot eXecution Environment (PXE), and Alert Standard Format* (ASF)?

A1: Yes. A PC with Intel® vPro™ Technology can be managed using legacy tools that utilize WOL, PXE, and ASF when Intel® AMT is turned off , so existing tools that use these protocols can be used. However, Intel® AMT provides higher levels of security & functionality. Intel® AMT provides mutual authentication between client and console along with encrypted communication to guard against unauthorized access to networks and PCs, along with the ability to read hardware and software asset information even from PCs that are turned off or down.

Q2: How is Intel® Active Management Technology (Intel® AMT) feature of Intel® vPro™ technology different from ASF and Wake-On-LAN?

A2: Intel® AMT provides more security and functionality than ASF or Wake-On-LAN. Unlike legacy technologies, the Intel® System Defense feature within Intel ® AMT proactively helps prevent the spread of viruses by blocking transmissions from infected PCs. Intel® AMT also provides authentication and encrypted communication of management traffic so the Intel® AMT features can only be activated by authorized management consoles. Its out-of-band management capabilities include not only the ability to reboot PCs and send alerts, but also allow remote control, remote BIOS updates, and access to event logs and asset information regardless of system state or operating system presence. Alerting is policy based rather than based on preset criteria, allowing additional flexibility in IT processes. And Intel® AMT is designed to ensure management traffic can pass through network routers allowing remote management of a greater portion of your installed base.

1 Comments Permalink Tags: mms, josh_hilliker, sccm_sp1
Click to view josh.hilliker's profile
2

I am looking forward to joining my fellow vPro experts out at MMS in Las Vegas in a week. Here's a quick video we shot while Frank was driving. If your headed out to Vegas let us know..


  • Josh H

2 Comments Permalink Tags: josh_hilliker, vpro_expert_center, sccm_sp1, mms
Click to view miroyer's profile
2

Note: This information is based off Microsoft System Center Configuration Manager 2007 SP1 RC and is subject to changes between now and RTM.


With the upcoming release of Microsoft SCCM SP1 and native support for vPro manageability, there may be a scenario where you have vPro Clients that are activated (provisioned) under Microsoft SMS with the Intel SMS Add-on / Intel SCS that you need to migrate to SCCM SP1. As may have read in the previous blog, Microsoft does not use the Intel SCS for provisioning and configuration of the vPro Clients. Instead, Microsoft as part of their SCCM SP1 implementation, have chosen to develop and integrate their own code base for provisioning and configuration management of vPro Clients. So to migrate vPro Clients from SMS / Intel SCS to SCCM, Intel will be providing a migration utility to help make this transition.

Before we get into the details of the migration utility, let us first discuss at a high level the overall SMS to SCCM migration process. The first thing to keep in mind is that the vPro client migration from SMS to SCCM SP1 is just a post step after you perform the recommend steps that Microsoft provides for upgrading your SMS environment to SCCM. Microsoft has created an excellent Configuration Manager Upgrade, Interoperability Planning and Deployment guide that walks a customer through the planning and upgrade path from SMS to SCCM. Once these steps are completed, the migration of the vPro Client from the Intel SCS to SCCM SP1 can be initiated.

(Click picture for higher resolution image)

High Level SMS to SCCM Migration Process.png

Now let us talk a little about the migration utility… At the most fundamental level, the migration utility prepares the vPro Client to be natively reprovisioned by SCCM SP1. The process can be broken into several key steps.

  1. Extract list of vPro Clients from the Intel SCS to be migrated to SCCM (List used to track migration progress)
  2. Generate a vPro Client list import file that can be natively used by SCCM SP1
  3. Using the "Import Computer for Out of Band Management wizard" within SCCM SP1, import the list of vPro Clients to be provisioned by SCCM
  4. Connect to each vPro Client to be migrated and prepare it for reprovisioning by SCCM SP1.
  5. Once the vPro provisioning hello packet is received, SCCM SP1 will begin its native provisioning process for the vPro Client

(Click picture for higher resolution image)

Intel vPro SMS SCS Migration Tool Detail.png


You may conclude that “preparing the vPro Client to migrated” is basically performing an unprovision. For the most part that is correct; however, as part of the preparation step we are setting some critical values to allow it to be reprovision without having to physically touch the client. For example, we are setting values such as Remote Configuration Certification hash used by SCCM, PID/PPS pair (used for WS-MAN Translator for firmware version that do not support Remote Config), and Provisioning Server FQDN / Port (if different then provisionserver DNS entry and 9971).

At the time you initially run the migration tool, there may be a chance that not every vPro Client will be accessible (for example mobile clients that are not on the network when you initiate the migration). The migration utility will have the ability to log and track which vPro clients have been successfully prepared for migration and which ones where unable to be contacted. Re-running the migration utility at a future dates will attempt to connect to vPro clients that were inaccessible at previous runs. If you still have vPro Clients that are being logged as inaccessible after a couple runs of the migration utility, you may be required to investigate the root cause on why those vPro Clients are not accessible.

For those that have vPro Clients deployed in your environment but not activated and you are planning on deploying SCCM SP1, Microsoft has enabled their SCCM SP1 Client agent to initiate and authorize the provisioning process through policy. This provides a fairly straight forward and easy mechanism for provisioning your non-activated vPro Clients. To take advantage of this in a no physical touch scenario, your vPro Clients will be required have a firmware version that supports remote configuration (2.2, 2.6, 3.x). If you are not able to upgrade your firmware to a version that supports remote configuration, you will be required to configure (either manually in the MEBx or USB one touch) the PSK PID/PPS pair expected by the WS-MAN translator.

In the upcoming weeks, we will post our initial beta version of the SMS/Intel SCS to SCCM Migration Utility for vPro Expert Center community review along with a deeper drive into the configuration and usage of the migration utility. Please keep tuned for more detail to come.

Matt Royer

2 Comments Permalink Tags: sccm_sp1, sccm, amt, vpro
Click to view miroyer's profile
1

Note: This information is based off Microsoft System Center Configuration Manager 2007 SP1 RC and is subject to changes between now and RTM


So as you read through the Microsoft documentation for SCCM SP1, you will most likely notice that Microsoft SCCM SP1 states they have native support for vPro clients with firmware versions 3.2.1 or higher. If Microsoft only natively supports vPro clients 3.2.1 or higher, you may be asking how vPro clients that are running firmware versions 2.x, 3.0, and 3.1 are supported.

Not to worry; through the use of the Intel WS-MAN translator, SCCM SP1 will be able to provide provisioning and manageability support for earlier versions of vPro firmware. As part of SCCM SP1 Release Candidate, Microsoft has introduced integration support for the WS-MAN Translator (It was not available as part of the initial SCCM SP1 Beta release).

In a future blog, we will provide a little more detail on the Install, Configuration, and SCCM Enablement of the WS-MAN translator; however, let us take this opportunity to talk little more about SCCM SP1 interaction with the WS-MAN Translator.

So why doesn't SCCM support earlier vPro firmware versions? The core reason is that SCCM only know how to communicate to vPro Clients in WS-MAN (Web Service Management). Prior to AMT firmware version 3.0, vPro Client only knew how to communicate in a protocol called EOI (External Operations Interface). So just like one person speaking English to another person that only understands French, when SCCM SP1 tries to communicate with a vPro client with a firmware version of 2.x, the vPro client does not understand what the management console wants it to do. So, simular to a person translating for our French and English speaking persons, the WS-Translator translates WS-MAN calls to EOI and from EOI to WS-MAN.

Ok, so vPro clients with AMT version 3.0 know how to speak WS-MAN. Why do you need the translator for firmware version 3.0 and 3.1? Well without getting into the excessively technical details, there were some changes required in the AMT 3.x firmware to make SCCM SP1 work properly with vPro client running firmware 3.x; these changes were introduced in vPro firmware version 3.2.1. To allow for vPro firmware 3.0 and 3.1 to be supported, we were able to mask those changes that SCCM SP1 required in the WS-MAN Translator.

The other thing that the WS-MAN translator enables is support for PSK vPro Client provisioning. Natively, Microsoft SCCM SP1 only supports PKI (also commonly referred to as Remote Configuration) for provisioning. vPro firmware version 3.0 supported PKI provisioning from the initial release; however, vPro firmware version 2.x did not received PKI provisioning support until versions 2.2 & 2.6. Although we recommend that you upgrade your vPro firmware to the latest version supported by the OEM, there may be some cases were upgrading 2.2 or 2.6 is not a viable option. So to support clients that are running 2.0, 2.1 and 2.5 firmware, the WS-MAN translator offers a means of supporting PSK provisioning. The key item to keep in mind about PSK support within the WS-MAN translator is that it only supports one PID/PPS pair; the same PID/PPS will be used for all your vPro Clients using PSK for provisioning.

If desired, you can use PSK provision through the WS-MAN translator for all vPro firmware versions; however, since SCCM SP1 only uses the WS-MAN Translator for firmware versions less then 3.2.1 you are required to use PKI provisioning for any vPro Client firmware version 3.2.1 or higher. It is for this reason (and the fact that you can take advantage of vPro Remote Configuration) that we recommend you upgrade your vPro Clients to 2.2, 2.6, and 3.2.1 were supported by the OEM.

If you have no vPro Clients in your environment that are less then firmware version 3.2.1, there is no need to use the WS-MAN translator; SCCM SP1 will natively provision and manage vPro clients without the need for the WS-MAN Translator.

As previously noted, stay tuned for more information on vPro Expert Center about the WS-MAN translator in the next couple weeks.

Matt Royer

1 Comments Permalink Tags: sccm_sp1, sccm, amt, vpro
Click to view miroyer's profile
0


Note: This information is based off Microsoft System Center Configuration Manager 2007 SP1 RC and is subject to changes between now and RTM.

Microsoft has just release System Center Configuration Manager 2007 SP1 Release Candidate. As previously noted in a past blog, SCCM SP1 is Microsoft's first release that provides native manageability support for vPro Technology.


Some of the high level changes associated to vPro between SCCM SP1 Beta and RC1 are:

  • Kerberos support for Out of Band Console
  • Maintenance Tasks for Certificate Expiration and Kerberos Master Key renewal
  • Update Out of Band Console UI
  • Integration support for the Intel WS-MAN Translator (provides legacy support for firmware version less then 3.2.1)
  • Active Directory Integration


To gain access to Microsoft System Center Configuration Manager 2007 SP1 RC, you can request access by:

Set-up an account. on MS Connect.
MS Connect Website
http://www.connect.microsoft.com/
After you've logged in, select "Available Connections" from the menu on the left side of the screen.
Select "System Center Configuration Manager 2007". You will be asked to fill out a questionnaire so they can get some background and demographic information.
Matt Royer

0 Comments Permalink Tags: sccm_sp1, sccm, amt, vpro
Click to view miroyer's profile
1

The Intel® Active Management Technology's (Intel® AMT) Setup and Configuration Service (Intel ®SCS or SCS) provides developer or ISV with the tools to set up and configure Intel AMT devices. The Setup and Configuration Service (SCS) allows for most aspects of setup and configuration to be completed through a remote management console. The service package consists of a configuration engine and installer in binary form, plus a reference graphical user interface that the ISV may integrate into their Manageability Product.


So where is the Intel® SCS in Microsoft System Center Configuration Manager (SCCM) SP1? The short answer is MS SCCM SP1 does not use the Intel SCS. The longer answer is that Microsoft, as part of their architectural design of SCCM SP1, has chosen to develop their own mechanism for performing the initial provisioning and configuration of the Intel® vPro Clients. This is different from the requirement the Intel Client Manageability Add-on for SMS 2003 had on the Intel SCS for enterprise provisioning and configuration.


Each ISV, as part of their enablement of vPro Management Technology within their product, can choose to leverage the Intel® SCS or use it as a reference design to develop their own implementation. Microsoft, with SCCM SP1, is not the only ISV that chose to develop their own capability for provisioning and configuring vPro Client; did you know that LANDesk also does not use the Intel SCS for vPro Client provisioning and configuration?


Matt Royer

1 Comments Permalink Tags: sccm, sccm_sp1, vpro, amt
Click to view josh.hilliker's profile
0

Wednesday - Russ will be co-hosting with me as we discover more about Microsoft SCCM SP1 with Matt Royer. You may have seen the river of great posts from Matt around SCCM and he's a known pro on SCCM. Matt will be discussing the following topics:

• SCCM SP1 Provisioning and Ease of vPro Client Provisioning
• SCCM SP1 Collection Based Power Management and Task Sequence Power On Capability
• SCCM SP1 Out of Band Management Console for 1 to 1 vPro Client Management

We usually do this every two weeks, however with all that is happening with SCCM SP 1 we thought it would be great to discuss this as soon as we could pull this together. I hope you can join us. Here's the data on the Talk Show:

Dial In: (347) 326-9831
Time: 1:30PM PST

You can listen here or go to the URL below as well .


or

http://www.blogtalkradio.com/openport/2008/02/27/vPro-Expert-Center-On-The-Air

If you have questions fire up chat during the call & ask the experts...

Josh H

0 Comments 0 References Permalink Tags: vpro, sccm_sp1, sccm, microsoft, josh_hilliker, matt_royer, russell_pam
Click to view miroyer's profile
0

Note: This information is based off Microsoft System Center Configuration Manager 2007 SP1 Beta and is subject to changes between now and RTM.

Once the vPro client has been provisioned by SCCM SP1, you can now start performing vPro Client Manageability through either Collection based power operation or through the “Out of Band Console”.

To invoke vPro power management feature from within a collection, you can right click on a single client (or multi-select several clients) and select “Out of Band Management” -> “Power Control”. After which, a “Power Control” Screen will appears for the client(s); from there you can select whether to power on, power off, or restart the vPro Clients.

Here is a video that visually goes through the process:


To perform more vPro client manageability options, right click on the client in the collection to manage and select “Out of Band Management” -> “Launch Out of Band Console”. It may take several seconds for the “Launch Out of Band Console” to fully load; make sure that System status in the bottom left section of the “Out of Band Console” reads as “System: Connected”. Once the “Out of Band Management” is loaded, you will see 7 menu options:

  • System Status: Displays the following for the connected computer:
    • The power state
    • IP address
    • Computer name
    • System ID
    • System date
    • System time
  • System Inventory: Displays the hardware inventory information for the connected computer.
  • Power Control: Initiates one of the following power control actions:
    • Power on the computer
    • Power off the computer
    • Restart the comput
    • If you power on or restart the computer, select one of the supported boot options that is retrieved from the computer. These can typically include the following:
      • Normal boot
      • Boot from local CD/DVD drive
      • Boot from local hard drive
      • Boot from alternative media (and specify the image file in Alternative media path)
      • Boot from the network
      • Boot to BIOS
  • System Event Log: Displays activity for the management controller on the selected computer. You can also clear and set log levels from this screen.
  • System Audit Log: Displays IDE redirection and PXE boot information.
  • Serial Connection: Starts a terminal emulation session so that you can run commands and character-based applications. After invoking an IDER or BIOS redirections, you will want to come to this screen to interaction with the SOL session.
  • Configuration: Allows you to perform either a full or partial unprovision of the vPro Client
    • Full Unprovision: “Delete both configuration data and identification data from the management controller”
    • Partial Unprovision: “Delete configuration data and retain identification from the management controller”


Here is a video that visually goes through the process:


Matt Royer

0 Comments 0 References Permalink Tags: sccm_sp1, vpro, amt, sccm
1 2 Previous Next