Intel vPro Expert Center Blog

17 Posts tagged with the tools tag 1 2 Previous Next
Click to view blund's profile
1

My name is Brad Lund; I work in the Enterprise End User Integration Lab (EIL) as a Senior Systems Engineer. This article is the first in a series of blogs I plan to deliver describing how, with the aid of some very useful tools, we can use IDE Redirection (IDE-R) and Serial over LAN (SOL) to provide the console operator with a more user friendly approach to remotely diagnosing and repairing client systems.

SOL is a great technology that has been around for a number of years. It is generally used in data centers for taking control of a computer in order to make changes to its BIOS. Since output from BIOS is by nature "pure text", SOL, whose interface is based on VT-100 terminal emulation, works fine. But what if the problem requires the console operator to interact with the client in a manner that dictates a graphic interface be present to load and run diagnostic applications?

Since the Enterprise Integration Lab are End User focused, we have had several customers ask us how they could leverage this Usage Scenario to take control of an AMT client while providing the operator with a more intuitive and useful interface. Additionally, every one of the End Users we interact with has a set of tools they use to perform diagnostics and repair. But if the client system is out-of-band, meaning no O/S present, it is NOT a BIOS related issue and the diagnostic tools require the operator to have a graphic view of the client system, how can we deliver on this request?

This series of blogs will attempt to show various ways to address these questions and more. I will start this blog series with the client residing inside the Enterprise using AMT to contact the console operator and utilizing very basic tools - take control. Upcoming blogs will show how to do this for clients residing outside the Enterprise (in the internet cloud) using Client Initiated Remote Access (CIRA) to contact the console via of a Management Presence Server in the DMZ and more robust tools - very cool!

So let's get on with it shall we?

The Tool Set

For this first installment I am using AMT Commander from the AMT DTK to initiate a client connection and perform console redirection (IDE-R). The client platform is Montevina (AMT v4.0). I will also push a Pre-installation Environment (PE) down the wire to boot the client into a graphic environment; either WinPE 2.0 or BartPE can be used. Whichever the choice, the greatest thing about a PE is its ability to be customized. You can build a PE to include not only the necessary drivers to bring a system up, but also all the required software for a technician to truly diagnose and practically correct any problem. A full explanation of PE's is beyond the scope of this blog but easily searchable via your favorite search engine. Lastly, to complete the process I will use UltraVNC, a publicly available application that gives the console operator the ability to view the remote client screen; graphically!

The Scenario

In this setting we have a client system where the O/S fails to boot-up (see Figure 1 - left image). This could happen if the client did something to their system which caused the registry to become unreadable by the O/S. Or perhaps the owner of the system accidentally deleted a critical file(s) required by the O/S to boot properly. In any case, the client calls their support center and is walked thru the required steps to perform BIOS initiated AMT. Once initiated, the console operator can then connect to the client; Figure 1 - right image.

http://communities.intel.com/openport/servlet/JiveServlet/downloadImage/38-11385-1654/Figure1.JPG
Figure 1: Remote client screen on left - Console operator screen on right

After connecting to the client, the console operator opens the SOL/IDE-R mapping interface and assigns the appropriate .iso images for Floppy and CD-R redirection (see Figure 2 - left image). Note: You must assign both a Floppy and a CD image for SOL/IDE-R to operate properly. Also, while you can use IDE devices physically attached to the console system, working with .iso images are faster and more flexible.

http://communities.intel.com/openport/servlet/JiveServlet/downloadImage/38-11385-1659/Figure2.jpg
Figure 2: Point device mapping to .iso images, start SOL/IDE-R, take control of client system.

The next step after starting redirection is to take control of the remote client as shown in Figure 2 - right image and indicate which image to boot from. In this case since we have our PE stored as a CD-R .iso image we tell it to "Remote Reboot to Redirected CD" Figure 3.


Figure3.jpg
Figure 3: Remote reboot to CD-R image

At this point the client system has started a reboot and loading the PE image from the console. However, because we are using SOL the console operator can only see the "text" generated information. Notice the screen in the foreground of Figure 3 titled "PuTTY", this is the SOL interface and portrays only the "please wait" line from the boot loader; not very intuitive or useful. As a result the console operator will have to ask the client to inform them when the PE has finished loading on their system (see Figure 4).

Figure4.jpg
Figure 4: Client system completed boot to PE and ready for remote control

Here is where the fun begins. After the PE loads onto the client system, the console operator starts UltraVNC; pointing it to the client, Figure 5 - left image. Part of the PE build includes the necessary network drivers to give this system an IP stack so it can be accessed via UltraVNC Once UltraVNC connects it opens a graphic window where we can actually see and control the client as though we are sitting at their machine, Figure 5 - right image. Again, we are using the SOL interface to show us text information and the TCP/IP protocol to allow UltraVNC to connect an OOB client - pretty cool huh?

http://communities.intel.com/openport/servlet/JiveServlet/downloadImage/38-11385-1662/Figure5.jpg
Figure 5: UltraVNC to display client screen on console operator system

From here we can invoke a whole series of commands and view the results in real-time. In the example shown in Figure 5 - right image, I am running regedit - OK I realize it is showing the PE registry but with the right tools we can load and analyze the client registry or any other application and/or device.

Remember I said the beauty of PE's lie in their ability to be customized? If your shop use specific diagnostic tools you can include them into the PE at build time and use them here by simply clicking on the orange "GO" button (different PE's have different ways to access applications).

What I have shown here is the ability to use some very rudimentary protocols along with widely available tools to perform very powerful diagnostic and repair functions on a broken client. Keep in mind however this is only one of many ways to achieve this capability. In fact, this particular example can take a fair amount of time to load depending on network traffic and size of .iso image. But it is much better than the down time required to bring the remote system into the support center.

EIL are constantly finding solutions to answer the hard questions for our End Users. In upcoming blogs I plan to show similar capabilities using different techniques to minimize load times while maximizing efficiency. I hope you found this blog useful if you have any questions please feel free to ask. See you soon...

1 Comments Permalink Tags: vpro, cira, brad_lund, eil, epi, winpe, bartpe, sol, ider, tools, utilities, system_maintenance
Click to view josh.hilliker's profile
0

Monday we're cooking up a great show, Russ, Jeff & I are going to be talking with Michele Gartner about the Activation zone and the latest status on how to self activate. We will also be talking about our top tool picks that we use for troubleshooting & enabling vPro. Definitely a show you won't want to miss out on. Also you can either stream, dial in or download after the show is over to listen. We will also have the chat line open for any and all questions related to vPro.

Here's the info:

http://www.blogtalkradio.com/openport/2008/06/02/Intel-vPro-Expert-Center-Topic-TBD

Number: (347) 326-9831
Date/Time: 6/2/2008 3:30 PM (pacific)

Listen to Intel Open Port Radio on internet talk radio

0 Comments Permalink Tags: vpro_radio, josh_hilliker, russ_pam, jeff_torello, activation, michele_gartner, tools
Click to view josh.hilliker's profile
0

I wanted to share out why my top 3 tool picks are for starting up with vPro, usually I am using these tools when I'm working on connectivity, packets or errors in the logs in the mgmt console. I also often find that I'm using these tools late at night when i'm deep in troubleshooting mode & trying to do a root cause on why something is not working as planned i.e. hello packets are not starting on a given hardware platform, etc.. (I'll save the showcase for a youtube video soon)..

here they are.................

#1. MEinfowin.exe - Brian C posted a good link of where & how to get this from Lenovo's BIOS update. I highly recommend this tool for troubleshooting version of the ME, SOL, etc.. it also has good information on setup & configuration, link status, etc..
http://communities.intel.com/message/3649#3649

#2. Wireshark - Joel Smith (altiris) wrote about this in his blog, which is where I initially found the link. http://juice.altiris.com/article/3636/troubleshooting-altiris-manageability-toolkit-vpro-technology-part-1-provisioning-clien

Wireshark
While the two above tools are distinctly for Out of Band Provisioning, Wireshark tells the whole story of what is coming and going across the wire. It's important to know what the AMT clients are sending, especially in the 'Hello' packet, and what the server is responding with.

Wireshark can be obtained from: http://www.wireshark.org/. While this is the recommended tool, any network trace capture program can be used to examine the network traffic between the AMT client and the Provisioning Server.

#3. Intel® vPro™ Technology Test Utility - this is the old faithful tool to ensure your vPro system has the right ingredients.
http://downloadcenter.intel.com/Product_Filter.aspx?ProductID=2575

These are my top 3, however if I were to go, in SMB mode I utilize the vPro Packet decoder and the AMT reflector, however I use those at very specific times when i've passed the top 3 and I am digging in even deeper.

I hope you enjoy the list and if you have a TOP tool favorite write a comment at the end of the blog and let me know as I am always looking for new tools that help troubleshooting.

Josh H

0 Comments Permalink Tags: tools, josh_hilliker, vpro_expert_center, manageability, troubleshoot, vpro, amt
Click to view josh.hilliker's profile
0

Hi all,

Tim's Tool team continues to deliver new tools to the community almost weekly. You can check the latest on the Tool Wiki @ http://communities.intel.com/docs/DOC-1171. Also if you have a need for a new tool please let him know by responding to the wiki.

If you are trying to use a tool and not having success please let us know as well as your feedback helps shape the tools the team works on.

I also know that Tim is defining a higher level picture of the typical IT infrastructure and how each tool can be used to troubleshoot different connection points. Stay tuned for this..

0 Comments Permalink Tags: tools, vpro_expert_center, josh_hilliker, tool, troubleshoot
Click to view josh.hilliker's profile
0

torello.jpg

Jeff talked about this in the last show on vPro Radio (http://blogtalkradio.com/openport) about his latest Intel vPro training modules. We finally have those posted and here is the link to get started..


http://download.intel.com/business/vpro/ActivationClass/main.html

I believe he posted six out of nine, with the final three still in progress. If you have any questions please let Jeff know.

0 Comments Permalink Tags: vpro_expert_center, vpro, training, tools, josh_hilliker, jeff_torello
Click to view josh.hilliker's profile
1

On my travel's out of the factory and on the road with vPro users, I was able to see a new tool that I had not seen to date. When the User pulled up resource manager he showed me a new way to fast track to a machine. The Screen looked like this.

SickTool.gif

I asked where the tool was and was given this link on Altiris Juice.

Here is the code you will see in the VBS file.

REM Authored by: Benjamin Palmer
REM Company:

strAnswer = InputBox("Please enter a computer name you would like to view the resource information for:",".oO - Quick View Resource Manager - Oo.")

If strAnswer = "" Then
Wscript.Quit
Else
strURL = "http://Deploy1/Altiris/Resource/ResourceManagerConsole.aspx?Name="&strAnswer
Set objShell = CreateObject("Wscript.Shell")
objShell.Run(strURL)
End If

I found this a very useful tool for Altiris Users that know the machine and want to fast track to the notebook/desktop. Or you could give this tool to your help desk for them to easily get to a machine vs. navigating through the console.

NOTE: please make sure you change out the "DEPLOY1" with your console name.

If you have a great tool like this that you use, please share out..

Cheers..

1 Comments Permalink Tags: altiris, josh_hilliker, vpro, tools
Click to view michelegartner's profile
0


0 Comments Permalink Tags: amt, tools, troubleshoot, scs
Click to view josh.hilliker's profile
0

10:30am Russ & I are talking with Tim the Tool guy about vPro Tools.

Call-in Number: (347) 326-9831

http://www.blogtalkradio.com/openport/2008/03/11/vPro-Expert-Center-On-The-Air-vPro-Tools

Listen in & chat with us online..

0 Comments Permalink Tags: russ_pam, josh_hilliker, vpro, vpro_radio, tim, tools
Click to view tcduncan's profile
0

Last month's post of the open source packet decoder is just the first of a strong list of tools planned by the team that brings you the Technology Test Utility. The iCSO software engineering team is charted with making utilities and applications available to the public that accelerate and simplify the adoption and activation of Intel vPro technology.

We will be maintaining these tools and look forward to your feedback, suggestions, and participation in making these tools the best they can be for you and the marketplace. Our commitment is to post new versions of each tool at least every other month and of course post earlier if issues are found that render the tool less than useful.

The next tool we will be posting is a Pre-Installation Utility intended to speed the first user experience and automate as much as possible the initial setup of the Intel® AMT(tm) Setup and Configuration (aka SCS) environment in enterprise mode. Coupled with post setup wizards it will enable users to provision devices with minimal effort and time.

We look forward to hearing your feedback on our efforts.

Intel's iCSO Software Engineering Team

0 Comments 0 References Permalink Tags: amt, centrino_pro, client_management, developer, intel, pro, scs, tool, tools, vpro, source, open_source, code
Click to view josh.hilliker's profile
0

I recently received feedback on how to find key links, tools, and the BKM Wiki. I thought it would be good to create a Tools & Solutions call out box that was easy to find with links that are relevant to the community. I collected up a few relevant links & created the call out box on the left column of the community site.

If you have input on other links I should add to this box please let me know and I will add ASAP. Thank you for your input.

Josh H

0 Comments 0 References Permalink Tags: vpro, solutions, vpro_expert_center, josh_hilliker, tools
Click to view josh.hilliker's profile
0

Recently I was out deploying vPro I ran into a situation that I needed to validate the SCS configuration & ensure that I was seeing the right data in the ISV console that I was working on. I also remember hearing from Matt about a nice little utility call AMT SCS console.exe that would do the trick. I downloaded the SCS zip file @ http://softwarecommunity.intel.com/articles/eng/1025.htm. Which I believe is posted on the tools wiki.

I opened up the zip & installed the AMTConsole.exe & did a direct connection to the SCS.. Powerful yes, good validation tool - yes. I recommend this very highly if you are interested in deeper troubleshooting than the standard tools out there.

0 Comments Permalink Tags: amt, tools, vpro, vpro_expert_center, josh_hilliker
Click to view swood's profile
1

As a network administrator for a small local government agency, I have been tasked to deploy Intel's Active Management Technology (AMT) into our network environment. Having sold our IT management on the benefits of vPro technology and how it can revolutionize our system management capabilities, I am ready to move forward and get AMT installed . In addition, today I learned that we will begin receiving brand spanking new HP systems in January that will have the latest greatest vPro technology aboard. I've got a few months to become an AMT expert and be ready for the new systems. Life is good!

Where To Start

The first thing I did after learning about vPro and AMT was to visit the Intel vPro Expert Center web site. There I found a great variety of resources to help me with my deployment. This is a good site to get help and guidance. The only problem I have with the site is that there's no link to download the AMT docs or software. You'll want to get your hands on the Intel Active Management Technology Setup and Configuration Service (SCS) - Installation and User Manual. You can get this document as well as the software from http://softwarecommunity.intel.com/articles/eng/1025.htm. Since SCS is the foundation and support structure of everything that goes on in the AMT and vPro world, this was the most logical place to start.

In addition, since I plan on integrating SCS with my existing SMS 2003 infrastructure, I also downloaded the Intel Active Management Technology Add-on for Microsoft SMS 2003 - Installation and User's Guide. Getting this was a bit of a challenge so stay with me on this one. I had to navigate to another good link you'll want to keep and refer to, The Intel Management Developer Community. From here I searched for "SMS 2003" and found the link to the SMS 2003 Add-on document. For non-developers like me, this site can appear to be not exactly what we do everyday, but hang in there, this site has a lot of info too. Now I had the documents I needed. They created the basis on which I would start to plan and deploy AMT into my network.

Read, read, read

The first thing I did after printing the documents was to read them over several times so I could get the gist of just how all the pieces played together. Then I read them again. After the first pass, it all looked pretty daunting and difficult, but after reading many of the sections over, it all started to come together and make sense. Read. Read. Read.

Time to lay things out

Ok, now I had a pretty good idea of what everything did and why, it was time to make sure I had everything I needed to make the pieces work together. I began to try and lay out what I needed to have to make AMT work.

Servers - I need to decide where to install SCS. I had a recently rebuilt Windows 2003 R2 server available that also had SQL 2005 on it. Plenty of disk space and horsepower. This was good. We were using this server to host our Help Desk application and it didn't appear to be over taxed in any way. The hardware and base OS part was taken care of. The server happened to be in our central office which was also a benefit. Our office is put together in a spoke and wheel configuration with all outer offices connecting to the central office over fast network connections. This would be good when we start to provision systems from outer office locations.

Active Directory - SCS / AMT relies on and utilizes Active Directory quite a bit. Our Active Directory is at Windows 2003 R2 level so I'm good to go. Also, as a Domain Admin, I have the ability to make any changes necessary to Active Directory.

Security - AMT supports Transport Layer Security (TLS) for secure communications between AMT devices and management console applications. TLS is optional for AMT, however we wanted to make all our communications as secure as possible so we're going for a full TLS implementation. This requires certificates and fortunately we have a Microsoft Certificate Authority server in our network that will make things easy to manage.

Database - SCS stores all its information in a database. We're going to use the existing SQL 2005 database on the server we're going to install SCS on.

AMT Device Location - Where were the new systems coming into and who was handling them? In the past when new systems came in, our Help Desk techs were very efficient in imaging them and deploying them right out the door. I need to make sure that everyone in our Help Desk group was tuned into what we were trying to do. We'll need to have a meeting to discuss what's going to happen after they plug in a system to the network for the first time.

Now that I've gotten my infrastructure laid out, it's time to start installing software. Yeah!

Next time I'll detail the steps I took in actually installing SCS into my network. As always, any comments and suggestions are warmly welcomed.

1 Comments Permalink Tags: amt, client_management, josh_hilliker, manageability, scs, tools, vpro, vpro_expert_center
Click to view Ylian Saint-Hilaire's profile
1

It's time for one more release of the Intel AMT DTK v0.43. Here are the major changes in this release:

  • New Installer. Probably the most visible change is the new installer. The Intel AMT DTK is no longer a self-extract and I am looking for feedback on the installer and it's ease of use. I think users will appreciate that you can selectively install only portions on the DTK that make sense on a given computer (Console, Agent, Switchbox, Utilities).
  • New Japanese translation. All of the DTK tools got a new Japanese translation this week thanks for employees from Intel Japan. Intel AMT Defender got it's first translation into a new language, and many of the new features in Intel AMT Commander and Intel AMT Director are now translated to Japanese.
  • New Resource Translation Tool. I added the Intel Resource Translation tool in the DTK package. I am looking for people to translate portions of the DTK into other languages and this tool makes it very easy. Just run, load the dictionary, select a language and start translating. You can also select what tool or form you want to translate. When done, send me the dictionary file, my e-mail address is in the readme.txt file or about box and I will make it part of the next release. I also will be giving out prises, I will be figuring something out.
  • Console & mouse support. Intel AMT Guardport has a new "CMD" command allowing the administrator to shell to the command prompt and access all of the power of a text mode command prompt. As a bonus, I also added mouse support in the terminal, so you can enter EDIT and move the mouse and click to get into text mode menus.
  • New WMI-over-SOL. I started work on performing Windows Management Instrumentation (WMI) queries over Serial-over-LAN. It is early work, but it's looks like a powerful new way of managing and fixing computers remotly.

Download: Intel AMT DTK v0.43 Audio Blog (.mp3)

Ylian (Intel AMT Blog)

1 Comments Permalink Tags: intel, amt, commander, developer, dtk, outpost, switchbox, tool, tools, vpro
Click to view josh.hilliker's profile
4

Over the last year I have worked with our internal IT shop to implement vPro & CentrinoPro into the environment. While that was fun & rewarding, I thought now would be a good time to implement a smaller instance w/ a mix of clients & try out the new Intel System Defense Utility that I put a link on the tool page..

I've currently procured a centrinoPro, vPro(AMT2.x) & working on obtaining a vPro(AMT3.0) box to showcase all use cases & functionality, especially the Remote Configuration feature. What is good to note is that Matt Royer already helped me demonstrate Remote Configuration in San Francisco IDF & it was very nice to watch the out of the box to having the console automatically provision & show the vPro machine. However now the immediate challenge is for me to set this up w/ ISDU & see what use cases I can utilize.

if your on this path as well, let me know. I like to hear how you are using AMT (active management technology).

Cheers. Off to Provisioning....

UPDATE
I updated the BIOS via USB on the CentrinoPro & vPRO machines to ensure latest bios. I will work to get the post up this week on how to create a dos bootable USB stick & the preferences on size of the stick.

I then downloaded the Intel System Defense Utility, then I hard lined the CentrinoPro machine for now as I have not changed my Access Point settings for WPA at this point
(remember i'm doing this in SMB mode).

I then started the scan & was able to see both machines. If you click on link below you will find that I was able to detect both machines. I started first with inventory to show what I could validate from the Machines. Good to note is that both machines are Plugged into the network & the power (desktop - of course, notebook - yes). I wasn't satisified with the results so I went to each of the machines Web UI to ensure I could connect.


Initial Scan to obtain machines on the subnet, while this took longer than I expected it did find all the machines.
FindScreen.bmp

After finding you double click on each PC & it connects you to the Firmware.
Connected.bmp

Then I pulled an asset mgmt screen on both the notebook & desktop to show that I can pull inventory, take in account each machine is powered down at this point.
AssetMgmtDesktop.bmp
AssetMgmtNotebook.bmp

Now to be sure you can establish communication I went to the Web UI on both, which in the ISDU tool it is simple to click the link & hit the admin login.
WebUIDesktop.bmp
WebUILaptop2.bmp

While this is good, it's time to now showcase the rest of the use cases, including System Defense with a few good filters. I was out hunting for a good virus & found the backdoor.darkmoon. One of the ports is listens on is 6868 & 7777.. I was able to use System Defense as seen below to block these ports by doing the following:
#1. Open up Intel System Defense Utility
#2. Connect to the impacted machine
#3. Select the "System Defense" tab
#4. Select "Block LImited Services"
#5. Uncheck all items & then in blocked ports in put "6868,7777"
#6. Hit Apply Settings, then Apply Changes

DONE - I've now protected my machine quickly against the potential exploit. It doesn't fix it for cleaning, however it does protect the virus from communicating & receiving future instruction.

Now I can remote control it, turn it on, update the DAT files.

4 Comments Permalink Tags: vpro, vpro_expert_center, centrino_pro, tools, isdu, josh_hilliker, manageability
Click to view josh.hilliker's profile
0

Fellow Pro's. Sometimes finding the right tool is a challenge, so.. I've started a "PRO Tool Wiki" on the site that will feature all known tools and new tools as they get released.

PRO TOOL WIKI
Purpose: Create a single page of key tools that help you integrate & utilize your vPro & CentrinoPro machines.

If you have ideas on tools that would be valueable please let me know, or add links to known good tools on the wiki.

Josh

0 Comments Permalink Tags: josh_hilliker, vpro, vpro_expert_center, tools, vpro_tools
1 2 Previous Next