Deploying or exploring Microsoft's Network Access Protection (NAP) in your environment?  Ditto with vPro?  Then you’ll want to check this out. Typically the operating system authenticates to the network and verifies the System of Health (SOH) with the NAP Server. Intel has worked with Microsoft to enable Intel Core vPro processor systems to communicate in a NAP environment when the system is turned off.  This happens because vPro can now, on its own, authenticate itself on a NAP network, which will allow out-of-band communications. 

Learn more about NAP here.

Download the Intel® vPro™ NAP System Health Validator package here.

Intel demonstrated Microsoft PowerPivot at Microsoft TechEd 2010 - showing an end-to-end solution with Intel Xeon 7500 series on the server side and Intel Core i5 and i7 on the client side.

 

mschulien

Intel AT and Malware

Posted by mschulien Jul 27, 2010

I had a question the other day on whether Intel AT could or would be able to detect Malware infestations and be able to quarantine the hostel bug – good question but unfortunately the answer today is no.  While I do not want to say that Intel AT will never do anything with regard to detecting and or quarantining Malware I cannot comment on what if anything we are working on today that has not been considered POR (Plan Of Record).  It seems that people just are not happy if they are not causing mayhem and other people (PC’s) grief. Intel AT is directed at protecting both the physical asset and the (more importantly) data on the asset.  Intel AT does that via a HW switch (it is more involved than that but the analogy fits) built into the chipset and when either a local based timer expires or a internet based "Kill Pill" message (3G, Wi-Fi or wired) is sent to that PC, the PC "bricks" (locks up) and cannot be brought back to life without a special code.  Reloading the BIOS or OS has no affect as the switch is at the HW level and cannot be bypassed or disabled on the system once locked.  The IT department or the end user can "recover" the PC if the system receives an unlock command via the internet and then gets the restore PW entered. Intel AT 2.0 (released early 2nd qtr this year) adds some unique capabilities to help insure that data is not compromised - it now works in conjunction with WinMagic and soon PGP to combine FDE (Full Disk Encryption) and the HW switch capability.  AT 2.0 and an FDE solution assure data protection by storing the encryption keys in the AT ME (Management Engine) and not the hard drive so that when a system is bricked the ME deletes the encryption keys and makes the HD worthless for data recovery.  There is more involved and some other features but again this is the main point of Intel AT 2.0.  Intel AT both versions 1.0 and 2.0 do require a third party service in order to be used - today we have 2 ISVs on board Absolute and WinMagic with PGP coming online later this year.  Absolute has a product called CompuTrace and does not today offer a FDE solution - they are more about physical asset recovery and bricking the PC (can also DELETE the data on the hard drive - non recoverable model) and using their location tracking (combo of GPS and or 3G) to locate missing devices.  WinMagic and eventually PGP are mainly concerned about data protection and preventing its loss - so they combine their FDE solution with Intel AT and make a very formidable data security solution.  FDE with the encryption keys in the AT Management Engine, so that when a PC is marked as stolen the Encryption keys are actually deleted.  Of course data can be compromised very quickly and any PC security protection solution is only as good as the person carrying the data or physical asset – it remains true that if the system is not locked (in the encryption state) the data is accessible as long as the PC is NOT listed as stolen. When a PC goes missing it must be reported ASAP (immediately if at all possible) to the IT department or solution provider so that it can be marked as stolen  - even if it is recovered shortly thereafter - so that the data can be locked down and protected. If you have any questions or want to discuss further how Intel AT can be incorporated into your environment, please contact me directly you can reach me at my email: mike.schulien@intel.com

Over the last five years I have searched the globe for use cases that impress, amaze and showcase how companies can think out of the box when deploying Intel Technologies.  This one specific use case was culminated on a call over a year back when I was introduced to a company with a vision, their vision was to be a game changer for how to sell ranches in the 21st Century.    While still in the exploring phase, they received a little help from Intel and rapidly transformed their ideas into reality.   First let me introduce the company, it’s Ruple properties in San Antonio Texas http://southtexasranches.com   Here’s a few of their properties that they are selling at the time I’m writing this update.

 

 

 

Exotic_whitetail_hunting_ranch_edwards_county_for_sale_mountain_home_rocksprings_texas_tx_hill_countr.gif

 

 

 

This company had a vision of how they could create a work environment for their sales forces (agents) that would enable them to make the deals happen.    The team @ ruple properties had a saying they shared with me “Time Kills Deals” and everything had to work flawlessly to make that happen.   When I met with the team we talked about leveraging building blocks for connectivity, remote manageability, video, GPS and SW.    At this time the team agreed that a Truck is to be the central hub of operations with interaction from Cockpit ó Car ó Customer.   The truck’s requirements are to bring all the necessary pieces together and be accessible from the office in the event of a SW/HW issue.  

 

We can do with the following as our Bill of Materials (BOM):

 

Building Block

Manufacturer

Purpose

Semi-rugged Tough book

Panasonic -T8

Provide a low weight, semi-rugged laptop to be mounted in a truck and plane.

Connectivity

Cradle point + 3G USB modem

Provide on the road & in the air connectivity for communication

GPS

Garmin

Provide Location awareness

Remote Manageability

Intel – (Intel® vPro™ Technology)

Provide both in band & out of band access to fix the laptop regardless of location.

Video

Xacti camera

Video’s + Stills that could be immediately uploaded to the website or shown to customer on the spot

 

 

 

When you take all these pieces and integrate them, you get a really cool solution that enables the company to speed up their transaction time, resulting in more sales. Let’s explore a couple of examples of how this technology is already being utilized.

 

 

Example #1:   “New Property Listing”  - While en route to a property, Scott Ruptier (Realtor) told me that, when listing a new property, time to post a property is a big factor in the customer making a decision to list with a company.  With the new setup he is able to drive to a new property without seeing it prior,  map it, take pictures, size the property and list it all while being onsite for the first time.  This includes being able to integrate what he is seeing in the air with the plane, downloading all the content from the cockpit and making a single package for the new customer.  This example alone is making the technology worth the investment.  Another important piece to their ranch realty is troubleshooting when something goes awry out on the job. These listings can be 3-6 hours away from their corporate office, therefore if there is a SW/HW problem it is a “MUST-Have” for some sort of remote manageability / connectivity back to corporate to aide them in troubleshooting and resolving the problem.   During our discussion and my visit we didn’t see a HW/SW failure. (That’s good news)

 

 

Example #2:   “Selling the Ranch” -   One of the use cases that I was able to fully test was the sale of a ranch.   The company took me through the entire process, which included driving a “MULE” all-terrain vehicle around a ranch, driving the entire site, including the deer pins (which is where the deer are managed) and then taking it in the air to see the overhead view of the entire ranch.  All of this together enables the realtor to have a full and complete package for the end customers.  They can pull real time cockpit information above to show land marks, size of the ranch and pin-point any key areas to visit .  Then they take it to the mule and explore all of the trails, the infrastructure, that is onsite (wells, water, home, etc..).    This use case is the base of the video.

 

 

Onto the Video, here is what I was able to capture over 2 days of exploring, and what I can say is the most innovative use case to date (from my perspective).  

 

 

 

 

I would like to thank a few key folks that helped me get this started,  Andy Tryba (Intel Marketing), Michele Gartner (Community & Use case guidance), Kelsey Witherow (building the 1st real foil of this use case), Tim C (Panasonic), Cradle point, and of course Ruple properties for being the visionary in making this use case a reality.   I want to thank Joe Ruple for taking me up in their plane and letting me witness firsthand what they do every day in making their job possible.  Thank you Scott Ruptier for giving me a ton of information, mind sharing around this use case and ultimately helping to deploy this solution. Scott was also my tour guide for the visit and took me to some pretty remote locations to see why remote manageability is so important.    The next big question you may be thinking about is ROI, well they don’t have that yet and I think that may be something in the future to explore after all their trucks are enabled and they have a few months of operating in this new model.  

 

 

 

What I would like to do is catch up with them in Q4, see how their full integration is going and report out live from the ranch on how Intel vPro Technology is making their jobs easier and truly changing the game for their business model.   

 

 

If you have a use case that really rocks let us know and maybe we can come visit your company as well to “grok” what you have done.   Thank You.

 

 

Josh Hilliker

What's your bright idea?

vProContest_Manageability_216x216_v2.jpg

We kicked off a contest this week - the Intel vPro Technology Innovation Contest. Create a 3-minute video demonstrating innovation, using one of the Intel vPro technology capabilities:

 

  • Virtualization
  • Manageability
  • Security

 

What's at stake?

The Grand Prize is a 3-day pass to IDF (San Franciso, September 13-15, 2010), plus an American Express* Gift Card valued at $4,000.00 for travel expenses. Winner's innovation will be featured in the Intel vPro Technology Community Booth at IDF.

 

The Deadline

Submit your video by August 20, 2010 at 11:59 pm PDT.

 

See the Intel vPro Technology Innovation website for more details.

Earlier this year during Symantec Vision 2010, I led a session entitled "Intel vPro Technology: A Well Managed Client is a Secure Client"

There were three demonstration shared during that session.   The videos were uploaded to Youtube as shown below.  

 

Demo 1 - Access the NTFS partition of the remote client and remove virus Media

 

 

Demo 2 - power-on and install Symantec Endpoint protection

 

 

Demo 3 - Use customized network filter with pcAnywhere to remotely remediate a situation

 

Also at the event, a live recording was done showing two of the demonstrations.   See related blog post at http://communities.intel.com/community/openportit/vproexpert/ssp/blog/2010/07/12/improving-client-security-via-improved-client-management

We are kicking off a new online chat series, beginning on 7/29/10. We've hosted Ask An Expert chats in the past - this time we are inviting our Intel experts - as well as our software partner experts - to come in and chat about the technology.

 

Our first topic is Intel Anti-Theft technology. Intel® Anti-Theft Technology is a new technology that provides an added level of hardware-based security to protect a laptop and its data if it is lost or stolen.  With physical security being a leading cause of data breaches, new technologies built into end point devices form a critical piece of your IT security strategy. Designed to work as a service “ingredient” to data encryption and theft management solutions, Intel® Anti-Theft Technology provides hardware-strong client-side intelligence to help secure sensitive data, regardless of the state of the OS, hard drive, boot order, or network connectivity.

 

We will discuss your security concerns, exchange ideas and ask questions. Intel content experts will include Mike Schulien, Intel Solution Architect, and Maurcio Cuervo, Intel Product Manager. On July 29th, join us!

 

Another exciting aspect about this chat series is that there is a contest! You must be present to win, so... again, join us! An Intel SSD (160GB!!) is at stake here.

In this episode of Tech 10, Jake Gauthier (AKA vPro Uber Geek) demos KVM Remote Control and how to fix a blue screened PC. He gets me back on Facebook, and that's all that really counts - right?

 

 

Additional links:

Out-of-Box Configuration for KVM Remote Control

Have you wondered what root certificate hashes are on a system, and wanted to validate without entering the MEBx?

 

Try the ztclocalagent.exe utility with a -discovery option.   ZTClocalagent is available with the Intel AMT SDK - http://software.intel.com/en-us/articles/download-the-latest-intel-amt-software-development-kit-sdk/.   Look in the subdirectory \Windows\Intel_Manageability_Configuration\Bin  (source code also available in the download)

 

If you've decided to apply custom root hashes in your environment - this could help to quickly determine whether a custom hash is loaded.

 

If you're unsure whether the latest VeriSign, GoDaddy, or other root hash is on a platform - or the specific AMT version - this approach could help.   (for background data on the root certificate hashes - see http://communities.intel.com/community/openportit/vproexpert/blog/2010/02/12/verisign-provisioning-certs)

 

Also - if you're using the latest vPro Activator (version 5.1.x or higher), you will also see the root certificate hashes

 

There is an improved local AMT discovery capability coming - but if you need a solution today, try this out

 

Here's an example of the output as shown from one of my systems.   Note that all of the root certificate hashes are listed below

 

The following was obtained by running ztclocalagent -discovery

 

You will need to run with local administrator rights and the HECI driver must be loaded for this to work.   I've seen situations with Win7 64-bit where a command prompt must be opened with "run as administrator" for this to work.

 

******************************

Intel ZTCLocalAgent Version: 3.0.0.1

BIOS Version:            6IET57H1 (1.17 )

Intel AMT code versions:

        Flash:                                            6.1.0

        Netstack:                                     6.1.0

        AMTApps:                                   6.1.0

        AMT:                                             6.1.0

        Sku:                                               24584

        VendorID:                                   8086

        Build Number:                           1042

        Recovery Version:                   6.1.0

        Recovery Build Num:              1042

        Legacy Mode:                            False

Setup and Configuration:

Not started

Found 8 certificate hashes in following Handles:

0,1,2,3,4,5,6,7,

Certificate hash entry:

Friendly Name = VeriSign Class 3 Primary CA-G1

Default = true

Active = true

Hash Algorithm = SHA1

Certificate Hash:

74 2C 31 92 E6

07 E4 24 EB 45

49 54 2B E1 BB

C5 3E 61 74 E2

Certificate hash entry:

Friendly Name = VeriSign Class 3 Primary CA-G3

Default = true

Active = true

Hash Algorithm = SHA1

Certificate Hash:

13 2D 0D 45 53

4B 69 97 CD B2

D5 C3 39 E2 55

76 60 9B 5C C6

Certificate hash entry:

Friendly Name = Go Daddy Class 2 CA

Default = true

Active = true

Hash Algorithm = SHA1

Certificate Hash:

27 96 BA E6 3F

18 01 E2 77 26

1B A0 D7 77 70

02 8F 20 EE E4

Certificate hash entry:

Friendly Name = Comodo AAA CA

Default = true

Active = true

Hash Algorithm = SHA1

Certificate Hash:

D1 EB 23 A4 6D

17 D6 8F D9 25

64 C2 F1 F1 60

17 64 D8 E3 49

Certificate hash entry:

Friendly Name = Starfield Class 2 CA

Default = true

Active = true

Hash Algorithm = SHA1

Certificate Hash:

AD 7E 1C 28 B0

64 EF 8F 60 03

40 20 14 C3 D0

E3 37 0E B5 8A

Certificate hash entry:

Friendly Name = VeriSign Class 3 Primary CA-G2

Default = true

Active = true

Hash Algorithm = SHA1

Certificate Hash:

85 37 1C A6 E5

50 14 3D CE 28

03 47 1B DE 3A

09 E8 F8 77 0F

Certificate hash entry:

Friendly Name = VeriSign Class 3 Primary CA-G1.5

Default = true

Active = true

Hash Algorithm = SHA1

Certificate Hash:

A1 DB 63 93 91

6F 17 E4 18 55

09 40 04 15 C7

02 40 B0 AE 6B

Certificate hash entry:

Friendly Name = VeriSign Class 3 Primary CA-G5

Default = true

Active = true

Hash Algorithm = SHA1

Certificate Hash:

4E B6 D5 78 49

9B 1C CF 5F 58

1E AD 56 BE 3D

9B 67 44 A5 E5

So now that you have taken a look at the Intel Core vPro Process PowerShell Module previous Blogs (Introduction and Part 1), let’s take a look at different ways that you can use the CMDLets within the it.  Although the different CMDLets will most likely have different parameters, the methodology discussed here in this blog will apply to the remaining vPro CMDLets; for this example we will use the Invoke-AMTPowerManagement CMDLet.  Just to keep the examples consistent, let’s assume that the vPro / AMT client was provisioned with TLS (remember Port 16993) using Kerberos accounts to authenticate.

 

Now for the examples…

 

This will power on vProClient.vprodemo.com using your local logged on Kerberos credential.  ComputerName, Port, and Operation parameters passed by Parameter Name.

C:\PS>Invoke-AMTPowerManagement -ComputerName:vproclient.vprodemo.com -Port:16993 -Operation:PowerOn

 

This will prompt for the password for the ITHelpDeskUser Kerberos user (which is different than your local logged on credential) and then power on vProClient.vprodemo.com using that credential.  ComputerName, Port, Operation, and UserName parameters passed by Parameter Name.

C:\PS>Invoke-AMTPowerManagement -Computername:vproclient.vprodemo.com -Port:16993 -Operation:PowerOn -Username:vprodemo\ITHelpDeskUser

 

This will allow you to set a credential (stored for multiple uses) and then that credential is used to power on vProClient.vprodemo.com.  ComputerName, Port, and Operation parameters parameter position; Credential passed by Parameter Name

C:\PS> $MyCred = Get-Credential

C:\PS>Invoke-AMTPowerManagement vproclient.vprodemo.com 16993 PowerOn –Credential: $MyCred

 

This will power on vProClient.vprodemo.com and vProClient2.vprodemo.com using your local logged on Kerberos credential.  ComputerName, Port, and Operation parameters passed by Parameter Name.

C:\PS> Invoke-AMTPowerManagement -ComputerName vProClient.vprodemo.com, vProClient2.vprodemo.com –Port 16993 –Operation PowerOn

 

This will allow you to set a variable with a FQDN and then power on client listed in the variable using your local logged on Kerberos credential.  ComputerName, Port, and Operation parameters passed by parameter name.

C:\PS> $MyHost = “vProClient.vprodemo.com”

C:\PS> Invoke-AMTPowerManagement -ComputerName $MyHost –Port 16993 –Operation PowerOn

 

You have list of computer names in a text file.  That text file is piped into Invoke-AMTPowerManagement and the computers in that list are powered on using your local logged on Kerberos credential.  ComputerName parameter is piped in By Value; Port and Operation parameters passed by Parameter Name.

C:\PS> Get-content Computers.txt | Invoke-AMTPowerManagement –Port 16993 –Operation PowerOn

 

You have a custom script you wrote that pulls the list of clients out of your activate directory and creates a PSobject  with the  ComputerName as a member (principle name from AD) and “16993” as a static member.  That powershell script is piped into Invoke-AMTPowerManagement  and the ComputerNames in that PS Object output are powered up using your local logged on Kerberos credential.  ComputerName and Port parameter is piped in By Property Name; Operation parameter passed by Parameter Name.

C:\PS> .\MyADScript.ps1 | Invoke-AMTPowerManagement –Operation PowerOn

 

This will power on vProClient.vprodemo.com using your local logged on Kerberos credential, but only display computer where the power on failed to execute (because they were not on the network).  ComputerName, Port, and Operation parameters passed by Parameter Name.

C:\PS>Invoke-AMTPowerManagement -ComputerName:vproclient.vprodemo.com -Port:16993 -Operation:PowerOn | Where {$_.Status -eq "Failed"}

 

 

The methodology used were demonstrated with the Invoke-AMTPowerManagement CMDLet.  As previously noted, the other CMDLet supported within the Intel Core vPro Process PowerShell Module can be executed in the same fashion.

 

 

--Matt Royer

In a previous blog, we noted  the release of the Intel Core vPro Processer PowerShell Module.  The focus of this blog is to you get up and running with the vPro PowerShell Module.

 

If you haven’t already downloaded the vPro PowerShell Module, you can obtain it from the following location:

 

Configuring PowerShell and WinRM

Assuming that you already have PowerShell and WinRM installed, if not you can get it from here with the Windows Management Framework, you do need to perform some basic configuration to allow the vPro PowerShell Module to work properly

 

  1. By default, PowerShell has the Execution Policy set to Restricted.  At a minimum you need to change the execution policy to Allsigned; the vPro PowerShell Module can be ran at lower execution levels such as unrestricted and remotesigned if you so choose.  To change the Execution Policy to Allsigned, run  Set-ExecutionPolicy Allsigned within PowerShell
  2. If your Intel Core vPro Processor enabled client is configured in a Non-TLS and/or you are authenticating via Digest credentials, it will be necessary to adjust the WinRM configuration.
      • To configure WinRM to allow for unencrypted communication: winrm/config/client @{AllowUnencrypted="true"}
      • To configure WinRM to allow for digest authentication: winrm set winrm/config/client/auth @{Digest="true"}
      • To configure WinRM so that you can communicate with specific hosts, if may be necessary to configure the trusted hosts: winrm set winrm/config/client @{TrustedHosts="*"}

     

     

    Installing the Powershell Module

    You will see in the download zip 2 main directories: x32 and x64.  In each of the folders you find install binaries for the vPro PowerShell module.  Select the desired directory, based on the 32bit or 64bit windows OS you are running, and run setup.exe.  Simply follow the on screen instructions and allow the Module to install.  The installer is just copying the associated libraries and PowerShell scripts / CMDLets to the proper PowerShell Module directory.  If you want to take a peek at what was installed, you can look in the following folder: C:\Windows\System32\WindowsPowerShell\v1.0\Modules\IntelvPro

     

     

    Make sure the Client is Provisioned and you have an Account to use

    Before you can use the Intel Core vPro Module on a capable client, you need to make sure that the vPro / AMT client has already been provisioned.  This provisioning can be done with any ISV or method; however, to invoke the use cases via the PowerShell Module, you will need to know an AMT Credential (Kerberos or Digest with sufficient access) that was configured on the vPro / AMT client along with knowing if the AMT Client was configured in a TLS / Non-TLS mode.  Knowing if TLS / Non-TLS mode was configured on the client is important because this will determine if you need to connect to the client over port 16992 (non-TLS) or 16993 (TLS).  If you are unsure, consult you vPro / AMT provisioning server documentation.

     

     

    Importing the Intel Core vPro Processor PowerShell Module

    Just like other PowerShell modules, before you can use it you need to import it.  To import the vPro PowerShell module, execute Import-Module IntelvPro from within PowerShell.  If you are not sure if you installed the vPro Powershell Module, you can run a Get-Module –ListAvailable to see if it is there.  Unless you place the import command into your powershell profile, you will need to import the module each time you open PowerShell.

     

     

    Using the Intel Core vPro Processor PowerShell Module

    Alright, you got PowerShell configured and the Module Imported, let’s start using it.  To get a list of CMDLets available in the module, just type Get-Command –Module IntelvPro.  With version 1.0 of the Intel Core vPro Processor PowerShell module, you will see the following list of CMDLets in list:

    • Clear-AMT3PDS
    • Clear-AMTAlarmClock
    • Clear-AMTSystemDefense
    • Get-AMT3PDS
    • Get-AMTAlarmClock
    • Get-AMTSystemDefense
    • Invoke-AMTForceBoot
    • Invoke-AMTPowerManagement
    • Set-AMT3PDS
    • Set-AMTAlarmClock
    • Set-AMTSystemDefense

     

    To view more detail and examples usage for each CMDLet, you can access the integrated help on any of the vPro PowerShell Module CMDLets by use the Get-Help command.  For example Get-Help Invoke-AMTPowerManagement -Full

     

     

    Some additional things to consider

     

    CMDLet Authentication

    To invoke commands against the Intel vPro / AMT Client, you must specific a set of credentials to authentication with.  Typical behavior of the Intel Core vPro Process PowerShell Module CMDLets are the follows:

    • When no credential is provided as a parameter, the script will use the local logged on Kerberos credential.
    • When only the username (Kerberos or Digest) parameter is included, you will be prompted to provide the associated password.
    • If you have your credential stored as a PowerShell PSCrendential variable, you may pass it into the script with the credential parameter.

    Note: When authenticating with Kerberos, for Active Directory authentication to work correctly you need to specify a hostname or the Full Qualified Domain Name (FQDN) as the computername parameter.

     

     

    Working with AMT Clients configured in Non-TLS and TLS

    If the AMT / vPro Client has been configured to use TLS (a web server certificate has been issued to the AMT management engine), you will be required to use port parameter 16993.  Non-TLS will use port parameter 16992.  When managing an AMT / vPro client over TLS (Port 16993), it is important that the computername parameter matches the primary subject name of the issued TLS certificate.  Typically this is the Full Qualified Domain Name (FQDN).

     

     

     

    --Matt Royer

    The initial version (Version 1.0) of the of Intel Core vPro Processor Module for Windows PowerShell  has just released.  Microsoft’s implementation of Windows PowerShell allows IT professionals to achieve greater control and productivity of their environment through a powerful command line shell and scripting language.  With this admin-focused scripting language,  consistent syntax and utilities, the delivery of a Intel Core vPro Processor PowerShell Module will allow IT professionals to extend their PowerShell reach to include direct manageability of Intel Core vPro Processor client independent of Power state or Operating System Health.

     

    The focus areas of the Intel Core vPro Processor PowerShell Module were to:

    • Make available a PowerShell Module that incorporates the PowerShell community best practices / standards in the context of invoking Intel AMT Out of Band Management capabilities
    • Allow the ability to invoke Intel vPro / AMT Use Cases outside a standard ISV environment on a scriptable platform
    • Interoperate with vPro / AMT clients independent on “how” and / or “who” provisioned it
    • Simple enough for an IT Professionals to use w/o learning something new
    • Flexible enough for IT Admins and developers to extend

     

     

     

    With this initial release of the Intel Core vPro PowerShell Module, Intel focused on five key AMT out of band use cases:

    • Power Control: AMT Power Management allows you to power up, power down, or perform a power reset on a client remotely independent of Operating System state or hardware sleep state.
    • Force Boot: AMT Force boot allows you to remotely over the network reboot a client to an alternative boot device such as PXE, CD/DVD, or Local HardDrive.
    • Alarm Clock Configuration: A configurable option that allows you to set a specific or periodical interval to wake the Intel AMT Client out of sleep states.
    • System Defense: System Defense allows you to define network security policies, such as filtering out / preventing network traffic from getting to the operating system, while still having the ability to manage the client out of band.
    • 3PDS: 3PDS is a persistent, nonvolatile memory space accessible to write and read data to even when the OS is unresponsive or management agents are missing.

     

     

    We will continue to look for opportunities to extend and expand the Intel Core vPro PowerShell Module with support for additional AMT Out of Band Use Cases; however, we believe the initial release of the PowerShell Module will provide IT Practitioners and developers a solid PowerShell framework to begin invoking AMT Out of Band Use Cases on PowerShell.

     

     

     

    The Intel Core vPro Processor Module for Windows PowerShell can be obtained from the following download location.

    --Matt Royer

    Attend this webinar to learn more about XenClient and Intel vPro technology!

     

    Desktop Virtualization for Mobile Users

    Wednesday, July 21, 2010 1:00 PM - 2:00 PM EDT

    Register to learn more about Citrix XenClient and Intel vPro Technology

     

    Desktop virtualization is rapidly being adopted as the best way to deliver Windows® desktops to business users because it offers significant benefits, including user flexibility, desktop management cost reduction, and enhanced data security and access control. Laptops are fast becoming the desktop of choice in corporate environments, and while they meet the need for a great user experience and the ability to work from anywhere, anytime, they also introduce more complexity and greater risk for corporate data loss.

     

    Now, organizations can extend the benefits of desktop virtualization to mobile laptop users for new levels of portability and security. Citrix® XenClient™ delivers the no-compromise control and security that IT demands and the performance and flexibility mobile laptop users expect.

     

    Attend this webinar and learn how XenClient:

    • Extends the benefits of desktop virtualization to mobile users
    • Delivers the security that IT needs with the flexibility that users demand
    • Uses Intel vPro technology to ensure local VMs run at maximum performance

     

    Speakers:
    Simon Crosby
    CTO, Virtualization and Management
    Citrix Systems

     

    Richard Uhlig
    Intel Fellow & Chief Virtualization Architect
    Intel Corporation

    With all the talk of Intel vPro Technology around platform manageability, security, and virtualization.... you may have missed something that got introduced with 32-nm Westmere systems (i.e. Intel Core i5 and i7 processors).   It's called Advanced Encryption Standard New Instructions, or AES-NI.

     

    For those wanting the details on the instruction set, see http://softwarecommunity.intel.com/isn/downloads/intelavx/AES-Instructions-Set_WP.pdf

     

    Basically - it optimizes the AES mathematical operations thus helping to speed up applications.

     

    This would imply the applications use AES and have been recompiled to the optimized instruction set.   With that, see the following silent video demonstration.

     

     

    An automated script is used to encrypted 384MB of files using WinZIP version 14.   The exact same processor and computer were used for the two part demonstration.   The exact same automated session was used to click through and type items as needed.   The only difference is whether AES-NI is used or not.   In this recorded demonstration, you will noted the "non AES-NI" AES-256 encryption sequence takes 9.09 seconds, whereas the AES-NI run of the code only requires 3.64 seconds.   That's a significant difference!  

     

    The numbers may very from one platform to the next since there are a number of variables that can be associated.   In this case, the focus was just on the encryption.   Encrypt\decrypt is a frequently used item in the business world.

     

    Now you might be thinking... "Great... But, what applications are compiled to supported AES-NI"

     

    AES-NI is appearing in applications that perform whole-disk encryption (i.e. McAfee, Microsoft Bitlocker, Checkpoint, etc), file storage\encryption solutions (i.e. WinZIP 14), internet security solutions, VoIP, and more.   Did you know VMware workstation 7.1 supports it?   (for improving virtual machine encrypt\decrypt).  

     

    If you're unsure - ask your software vendor.

     

    Keep in mind - Intel vPro Technology platform is more than out-of-band management, security, and virtualization.   It's also about improved performance\optimization for business applications.   In this case - applications that use AES-NI.

    Take a look at the article posted on Symantec Connect

     

    http://www.symantec.com/connect/articles/setting-and-using-kvm-remote-control

    What if you could access the NTFS partition of a remote client, even though the remote client is not bootable?  What if you could restrict the physical communications at the hardware layer to remediate a situation?   These are two examples how improved client management via Intel vPro Technology combined with the Symantec Management Platform can benefit your environment

     

    Take a look

     

    While at the recent Symantec Vision and Microsoft Management Summit events, we had a chance to interview IT managers and ecosystem partners and ask them to help with our marketing of Intel Core vPro processors. Specifically we asked them to fill in the blank to this line: "Intel® Core™ vPro™ processors have the intelligence of (Fill in the blank) on every chip." Watch the video to see what they said.

     

    Try downloading ZIP file at http://www.vproexpert.com/E24VZ/Altiris7Trng/Altiris7Trng.zip (right click link and click "save target as")

     

    It's about 157MB in size.

     

    Once you download - extract to directory and open index.html via browser.   You should be presented with a Camtasia Studio 6 recording with navigation on the left and bottom.

    We hosted a webinar earlier this week with Dai Vu (Microsoft), Calvin Hsu (Citrix), and Tom James (Intel). It was a great discussion on the different desktop virtualization options. We ran out of time to answer audience questions, so I tracked down the experts to get them answered. See below for the questions. Also, you can find the presentation attached to this blog post.

     

    Click here to view the desktop virtualization webinar. FYI, This site requires registration.

     

    How will you help customers make the right decisions?

    Citrix, our channel partners and solution integrator partners all offer assessment services to help customers understand and segment the different user cases, application requirements and desktop requirements. These tools will help customers find the right blend of virtualization technologies to implement. The important thing from a Citrix perspective is that regardless which technologies are required for various use cases, they are all enabled by one license for XenDesktop.

     

    Aren’t Xen-App and App-v competing technologies?

    No, XenApp works with App-V to expand its reach and offer additional delivery options.  Think of XenApp as a complete application delivery system for hosted apps and virtualized apps, going to any sort of device over any network. Those apps could original from the MS RDS platform or App-V.

     

    When can we expect or where can we find documentation to put together a Proof of Concept lab for the combined Citrix and Microsoft VDI solutions using XenDesktop4 and App-V and Med-V?

    Citrix and Microsoft have collaborated on a number of reference architectures and PoC scenarios. So far we have done XenDesktop 4 with Hyper-V and System Center. There are others in the works that reference using App-V but unfortunately I do not have a confirmed completion date at this time.

     

    Could you talk more specifically about the difference or similarities between Citrix HDX 3D for Professional Graphics and Microsoft RemoteFX?

    HDX3D is really targeted at high-end professional graphics use cases, and currently, it is designed to be most optimized with some fairly high-end GPU hardware running on a dedicated workstation for each user. Our goal was to be able to support very complex 3D models and rendering over the WAN. For everyday desktop graphics, this type of horsepower is excessive. RemoteFX is designed to enable multiple users to share a GPU for more moderate, everyday desktop graphics, delivered over a LAN to users.

    Filter Blog

    By author:
    By date:
    By tag: