1 2 3 81 Previous Next

Intel vPro Expert Center Blog

1,206 Posts

With the release of Intel 4th generation core vPro processors comes new AMT versions, 9.0 and 9.5. This means that some of our favorite Use Case Reference Designs (UCRD) need driver updates. Well, fret no longer; 2 stage boot (iFast) and Remote Drive Mount (RDM) have been updated.

 

For those not in the know, RDM is a remote repair use case. Basically a technician can access the hard drive(s) of a remote system at the block level, even if Windows will no longer start.

 

iFast is a "building block" use case that makes remote booting faster, making it feasible to use larger ISOs, like WinPE, for remote repair and/or OS imaging. Check them out below

 

Remote Drive Mount

2 stage boot

 

Jake Fritz, vPro Expert

Read other posts from Jake

WA07

Intel Control Center software

Posted by WA07 Feb 17, 2014

I need to download Intel Control Center software to replace what I inadvertently uninstalled.  What version of Intel Control Center software is compatible with a notebook, Windows 7, 64 bit.?

Things are changing around here! Do you want to receive support direct from an Intel engineer? Intel® Business Support is a new portal designed to provide faster, more personalized assistance. Users submit tickets, track their tickets’ progress, and get their environment up and running faster within the Intel® Business Support website. Users are eligible to submit tickets by filling out a quick enrollment form.

 

If you choose not to enroll, you can access community-based support at the Intel® vPro™ Expert Center. The community, however, will no longer be supported by Intel experts. The only way to get assistance direct from Intel will be by enrolling. Enroll now and get your environment back on the fast track to success!

 

Intel® Business Support

Getting your business back to what’s important, faster.

https://www.bizsupport.intel.com/

This simple Infographic illustrates the benefits of utilizing Intel Setup and Configure Software (Intel SCS) in your enterprise IT environment. Discover, configure & manage many Intel capabilities in your environment. For more in depth details, visit> http://intel.ly/1gq07yA

 

Intel_SCS_Infographic_Final.png

Intel® SCS with SSD Pro Series Plug-in

Unlock the potential!

 

The value you find in an Intel® Solid-State Drive Professional 1500 Series (Intel® SSD Pro 1500 Series) is built-in. Get even more value from your drives with a new plug-in from Intel® Setup and Configuration Software (Intel® SCS). This allows IT departments to easily access information and configure the drives in your managed devices.

 

Intel® SCS’s new modular framework allows you to add “plug-in” functionality and feature sets into an existing Intel SCS installation (v9.0 and above). With one such plug-in, you can use Intel SCS to tune your Intel® SSD Pro 1500 Series drives and collect drive health data and allow IT to make proactive business decisions.

 

Manageability

Discoverable and configurable through Intel® SCS

Rollup of drive health statistics for proactive health management & monitoring

 

Enhanced Security

Protects Data (Self-Encrypting)

No Encryption Overhead

OPAL Key Management

 

Download Intel® SCS & Get Started!

Follow us @IntelvPro

Discover. Configure. Manage.

Intel® Setup and Configuration Software:

A modular cross-platform experience for securely

discovering, enabling, and managing Intel features in business.
  

We're pleased to announce the latest version of Intel® Setup and Configuration Software (Intel® SCS). For years, this software has brought ease to the IT shop in assisting them to discover and turn-on key features of Intel® Active Management Technology (Intel® AMT) in the enterprise. A secure connection from the management console to the enterprise environment is now extending beyond AMT alone. Configure policies for IT manageability with the security and flexibility you need. In addition, the modular design supports 3rd-party solutions; so you choose the features you need! It is also compatible with MS System Center ConfigMgr (versions '07 & '12) via an add-on. Intel® SCS is even available in two additional languages: Simplified & Traditional Chinese.

 

With the latest version of Intel® SCS you can discover even more Intel® capabilities on Intel® platforms in your environment such as:

  • Intel® AMT
  • Intel® SSD Pro 1500 Series
  • Intel® Smart Connect Technology
  • Intel® Small Business Advantage

   

Download Intel® SCS today

Follow us @IntelvPro or learn more at intel.com/go/scs

Recent generations of HP laptops with Intel vPro Technology may not show wireless settings for Intel AMT.

 

The Intel AMT WebUI example below shows an HP9470p system with no listing for wireless settings.

image1.png

The feature must be enabled in the BIOS of the platform.   The feature will not appear in the BIOS menus, but will appear and can be enabled via a commandline tool within the HP SSM package.    The commandline tool is "BiosConfigUtility.exe".

 

image2a.png

  • Open the text file and locate setting for Wireless Manageability. 
  • In the example below, the asterisk symbol indicates the set value.   In the excerpt below - the "Wireless Manageability" is disabled.

image2.png

  • Change the setting to Enable for Wireless Manageability

image2b.png

  • Save the text file.  

 

The saved text file with BIOS settings can be applied to all systems of that model and similar BIOS settings.

 

To apply the settings and enable the wireless features:

  • On target HP platform with Intel vPro Technology and wireless not showing, run the following at the command line:  BiosConfigUtility /setconfig:"hp_wifi.txt"

image2c.png

  • Restart the client system for the BIOS changes to take affect
  • Open the Intel AMT WebUI for the system.   The wireless options are now shown and can be configured manually as shown in the screen below or via the Intel AMT configuration profile as defined by Intel SCS.

image3.png

If the configuration of Intel AMT is compatible, multiple applications are able to communicate and utilize the technology.    A common example is an environment with Microsoft SCCM for PC lifecycle management and McAfee ePO for endpoint security.   Both consoles can communicate to Intel AMT if the underlying configuration is compliant.

 

Two articles have been posted to summarize the main steps for the following scenarios (click on the title\words for the respective document)

 

The materials intentionally point to McAfee ePO Deep Command in connection with Intel SCS for the configuration of Intel AMT. 

McAfee ePO Deep Command provides beyond-the-operating-system security management.    The product is well aligned with Intel AMT for discovery, configuration and usage of the technology.   Plus - once Intel AMT is configured other capable applications can utilize.

 

What might not be known by all - there are different features and functions supported by Intel AMT.   Not only a generation or version difference, but a level of manageability.

 

The following article on McAfee Community walks through the good, better, and best scenarios.

 

McAfee Communities: Deep Command - Good, Better, and Best Scenarios

Understanding AMT, UEFI BIOS and Secure boot relationships

Notes from the lab.

 

As part of AMT validation, our functional testing lab verifies AMT use cases with UEFI BIOS. I found that many questions popped up by AMT users, so I decided to write this brief explanation about the relationships between AMT, UEFI and Secure boot.

This is not a comprehensive explanation of UEFI, as I focused only on the details which are necessary in order to understand the AMT related subjects.

If you want to learn more about UEFI, refer to UEFI page in Intel.com and the UEFI forum page.

 

Let’s start with the basic definitions:

 

UEFI

UEFI stands for Unified Extensible Firmware Interface, which is a specification of interfaces for modern BIOS firmware.

 

UEFI disk devices handling

Part of the UEFI specification is the disk device handling. The UEFI specification defines a "boot manager" that is in charge of loading the OS loader. Auto-detection of the boot loader relies on a standardized file path to the OS loader, depending on the actual architecture to boot (\EFI\BOOT\BOOT[architecture name].EFI, e.g. \EFI\BOOT\BOOTx64.EFI).

 

Compatibility Support Module (CSM)

The UEFI boot manager is able to load legacy BIOS environment using the Compatibility Support Module (CSM). This module is able to emulate legacy BIOS environment and allow booting legacy operating  systems or new operating systems which were installed without UEFI boot loader.

 

Secure boot

Secure boot can secure the boot process by preventing the loading of drivers or OS loaders that are not signed with an acceptable digital signature. The BIOS maintains a list of platforms keys which are used to verify that the OS loader and drivers are secure. Secure boot is supported by Windows 8, Windows Server 2012, and selected Linux distributions. In order to use it, BIOS must have the public key which signed the OS. When using Secure boot, Compatibility Support Module (CSM) must be disabled.

 

Key points:

 

UEFI

  • In order to use the UEFI based OS loader,
    the disk media has to contain the loader that must be located in the standard
    file path to enable auto detection.
  • If we want to use the UEFI OS loader in
    our OS, we need to boot the installation media through the UEFI based OS
    loader so that it will install the OS with a UEFI OS loader.
  • Compatibility Support Module (CSM)
  • Secure boot can be used in order to verify that
    the loaded OS is signed. In order to use Secure boot, you must disable the CSM
    in BIOS settings.

 

AMT

AMT Remote control operations offers boot control capabilities that allow the IT administrator to perform boot from different Media types like local hard disk, or local CD. It also supports boot from virtual CD or virtual floppy through IDE redirection session(IDEr). The same rules of the UEFI BIOS devices handling applies when boot options and operations are done by AMT with the exception of Secure boot during IDEr session.

 

Secure boot disable on IDEr

In order to allow IT administrator to use a non signed OS’s to heal the system, when boot from IDEr media is performed, AMT communicates to the BIOS to disable Secure boot of the IDEr media. This should not affect Secure boot of non IDEr devices. Disable of Secure boot does not necessary means that Compatibility Support Module(CSM) is enabled. This depends on the BIOS manufacturer implementation.

It is possible to enforce secure boot during IDEr session from the management console by using WSMAN command to set the EnforceSecureBoot  property of the AMT_BootSettingData  class to ‘true’ as documented in the AMT SDK. This boot capability must be This boot capability must be supported by the OEM in order that Secure boot disable on IDEr will work.

 

Disabling secure boot on IDEr is supported in AMT version 8.1 and above.

 

 

Testing

In case you want to test your platform or management console application operation with UEFI based disk handling capabilities and AMT, first verify that your platform’s BIOS settings and OS media are correct:

 

Configure the desired settings in BIOS like compatibility Support Module(CSM) enable/disable, Secure boot enable/disable and Secure boot keys. Verify that the Media you are attempting to boot installed according to the desired boot loader type.

When all the settings are defined, attempt to load the media on the platform local devices and make sure that the platform’s behavior is as expected. Only then try to perform remote control operations or IDEr boot.

 

Q & A

 

Q: Do I have to disable Compatibility Support Module (CSM) in order to boot with UEFI based OS loader?

A: No. a UEFI BIOS should be able to detect and boot from Media that has a UEFI based OS loader

 

Q: Can I configure Secure boot when with Compatibility Support Module (CSM) enabled?

A: No. You must disable Compatibility Support Module (CSM) in order to configure secure boot. BIOS may configure it automatically, depending on implementation.

 

Q: Why can’t I boot from my legacy bootable CD during IDEr session although Secure boot should be disabled during when booting an IDEr CD?

A: When Secure boot is configured in BIOS, Compatibility Support Module (CSM) is disabled too. BIOS writers are required to disable Secure boot on IDEr, but are not required to enable CSM, so this behavior may vary between BIOS types and versions.

In case you want to use legacy media with IDEr and BIOS does not enable CSM on IDEr automatically, you may configure the BIOS to enable CSM before reboot. This can be done from the remote console using AMT KVM or SOL capabilities.

ci5vpro_h_rgb_3000.pngci7vpro_h_rgb_3000.png

Intel® 4th Gen Core™ vPro™ Processor &

Intel® Active Management Technology (version 9.0)

Configuration Management Product Implications

 

Intel® vPro™ Technology

Product Advisory                                                                       

 

Summary:

Customers using IT configuration management products with support for Intel® AMT may be affected by a change in version 9.0.  Intel® 4th Gen Core™ vPro™ Processors ship with Intel® AMT version 9.0 in 2013.

 

1. What specifically is different about Intel’s 4th gen Intel® Core™ Processor platforms with Intel® AMT?

Intel’s Core™ Processor Platforms prior to 4th generation with Intel® AMT supported the EOI communication protocol.  Starting with Intel® AMT 3.2, an industry standard protocol for out-of-band management was adopted.  That protocol is WS-Management (WS-MAN).   Intel supported both protocols from Intel® AMT 3.2 until 8.x.   Plans to remove the older EOI protocol were stated in 2009 with Intel® AMT 9.x as the first generation that only supports the WS-MAN protocol.

 

2. How do I know if I am affected? 

There are IT configuration management products that have not made the transition to WS-MAN for Intel® AMT.  These products may require that the customer perform an upgrade to their configuration management product, to maintain compatibility with new platforms starting with Intel® 4th Gen Core™ vPro™ Processors.  Please check with your ISV to see if an upgrade is required to maintain compatibility.

 

3. How will this change impact customers’ experience?

If a customer is using an IT configuration management product that is not affected, then there is no change to the customer experience.  For customers using an IT configuration management product that requires an upgrade, there will be changes to the customers’ business processes.

 

4. In the meantime, what is the impact with current Intel® vPro™ customers?

Existing Intel® vPro™ Platforms with Intel® AMT that have already been provisioned will continue to be managed with IT configuration management products.  Customers with Intel® vPro™ Platforms that have not provisioned Intel® AMT should check with their ISV for specific list of supported Intel® AMT features and prior versions.

 

5. How will customers be supported? 

Customers are encouraged to contact their ISV directly for support.

 

6. Who can I contact with questions or for more information?

  • Intel Customer Support: www.support.intel.com
  • For information about: Intel® vPro™ Platforms: www.intel.com/go/vpro

Detecting, configuring, and maintaining the Intel AMT configuration across an enterprise requires automation.

 

Setting up a lab or initial pilot environment through McAfee ePO should be simple without any 3rd party software or infrastructure customization.

 

Announcing McAfee Deep Command 2.0 Beta

  • Simple - "One-Click" configuration of Intel AMT from McAfee ePO
  • Microsoft CA optional - generate and apply Intel AMT certificates via McAfee ePO (including CIRA\Gateway Certificates)
  • Planning for the future - works with McAfee ePO 4.6.x or 5.0

 

The beta starts April 30th.

 

See the introductory video at https://community.mcafee.com/videos/1600

 

Interested in beta participation?  Subscribe to https://community.mcafee.com/groups/epo-direct-beta

 

New to McAfee ePO Deep Command?   See recorded demonstration of version 1.5 at https://community.mcafee.com/videos/1499

 

Note: Viewing content on McAfee Community will require a logon account.

Intel IT is fully engaged in the process of integrating Windows* 8 into the corporate environment now that the new OS is running on thousands of business Ultrabooks, other mobile devices, and desktop PCs at Intel. Checkout today's live webinar where Intel experts Tiffany Pany and David Scheer will share their team’s insights and experiences on integrating Windows* 8. Register now!

Project Informatica.jpgDownload Now

 

Italian ICT specialist Project Informatica needs the latest mobile computing devices—combining all the best elements of performance, security and usability—to show off to customers and keep its employees productive in the office or on the road. After rigorous testing, it chose the Samsung Slate* 700T, a tablet based on the second-generation Intel® Core™ i5 processor and the Windows* 8 operating system.


“The touch-based tablet powered by the Intel Core i5 processor and Windows 8 is strategic for our sales team," explained Alberto Ghisleni, managing director at Project Informatica.  "It allows them to save time while having a more appealing and interactive graphic interface for their most commonly-used applications.”

 

Learn all about it in our new Project Informatica business success story. You can find more like this one on the Intel.com Business Success Stories for IT Managers page or the Business Success Stories for IT Managers channel on iTunes. And to keep up to date on the latest stories, follow ReferenceRoom on Twitter.

 

*Other names and brands may be claimed as the property of others.

Unisys.jpgDownload Now

  
To speed the time it takes clinicians to get to critical patient records, IT solutions provider Unisys is developing an application called MovilMed* that compiles data from multiple systems into one interface that’s easily accessible. Tablets featuring 3rd generation Intel® Core™ and Intel® Core™ vPro™ processors and Intel® Atom™ processors will give medical staff access to MovilMed no matter where they are. The Intel processor-based tablets also support Microsoft Windows* 8, giving IT a common platform.


“We’re developing the MovilMed solution around the Intel platform, which provides an environment that’s easy to manage and delivers the performance we need,” explained David Howard, director of IT automation for Unisys.


Read all about it in our new Unisys business success story. You can find more like this one on the Intel.com Business Success Stories for IT Managers page or the Business Success Stories for IT Managers channel on iTunes. And to keep up to date on the latest stories, follow ReferenceRoom on Twitter.


*Other names and brands may be claimed as the property of others.

Filter Blog

By author:
By date:
By tag: