In a previous article, I discussed Link Preference and how it enables better KVM user experience over wireless. In this article, I will discuss Profile Synchronization, another important capability that makes AMT over wireless a seamless experience.
What challenge are we trying to solve? Although we can configure in advance wireless networks in AMT, but what if the client roams in a new network; one that was never configured before? You can’t have access to AMT unless AMT is aware of that network. Profile synchronization solves that problem by pushing the OS’s currently used network's parameters to AMT.
OK, so how does it work?
First: Not all AMT wireless profiles are born equal!
AMT defines two types of profiles:
Admin profiles: Profiles known in advance and entered by IT administrator (during provisioning or manually using Web-UI for example)
User profiles: Networks discovered by the OS after the client has been deployed. AMT get User Profiles only though synchronization.
Up to 15 Admin Profiles and 8 User Profiles can be defined in AMT.
Other key differences
- While Admin Profiles require TKIP or CCMP with WPA minimum encryption, User Profiles have more relaxed requirements and can be configured with WEP or no encryption.
- User Profiles are not viewable from Web-UI, only Admin Profiles are viewable *
Wireless Profile Synchronization modes
Profile Synchronization supports three modes:
- Normal (default)
Whenever the OS connects to a new wireless network the profile is pushed to AMT but requires user acknowledgment before synchronization.
- Always reject
Synchronization of any new profiles are rejected and no user notification displayed.
- Always accept
Synchronization accepted with no user notification (“Silent Synchronization”)
PROSet is currently the only Wireless Connection Manager that supports Profile Synchronization.
- The Full PROSet package (except GUI) must be installed. The ‘drivers only’ installation does not have the necessary API to support that feature.
- Install PROSet with the following option to enable/disable synchronization:
- MEPROFILESYNC=ACCEPT (silently accepts all profile sync)
- MEPROFILESYNC=BLOCK (silently blocks all profile sync)
- If desired, instead of setting the MEPROFILE though PROSet, the registry value can be edited directly:
define ENABLE_USER_ACCEPT 0x10 // accept all USER profiles, no popup
#define ENABLE_USER_BLOCKED 0x20 // reject all USER profiles, no popup
Other important points about Profile Synchronization:
- Only currently connected network is pushed to AMT (discovered networks are ignored).
- Both sides of synchronization (OS & AMT) must be enabled:
- OS side (“push” ): PROSet synchronization is enabled as described above
- AMT side (“accept”): Configured in the Provisioning Profile: “Enable Synchronization” box
- LMS is required for Profile Synchronization.
PROSet communicates with AMT through LMS.
Profile Synchronization user acknowledgment:
What happens when User Profile password changed?
PROSet will NOT synchronize changes in the profile’s password. The proper procedure to change profile password is:
- First disconnect and delete the network from PROSet
- PROSet synchronization will remove the wireless profile from AMT.
- Create a new profile with the new password.
- Upon connecting to that network, PROSet synchronization will add the profile to AMT.
What happens when max of 8 User profiles reached?
When AMT has already maxed out at 8 User Profiles, a newly synchronized network will override the profile that has not been used for the longest time.
What happens during provisioning and re-provisioned?
Un-Provisioning deletes, as expected, all Admin Profiles as well as User Profiles.
Re-Provisioning however is less intuitive:
During re-provisioning, only Admin Profiles are deleted (and new ones installed based on what is configured in the provisioning profiles), User Profiles however, are NOT removed ** and although the provisioning process competes successfully it gives warning: “ClearWirelessSettings failed” and “Access Denied”. The warnings look scary but don’t be alarmed, it only means that user profiles could not be deleted but that’s not an issue.
Here is a screen sample of such warning message after re-provisioning completes:
* This can be confusing, particularly during debugging: you connect with Web-UI and don’t see any User Profiles; you may think they are simply not there, which may or may not be the case. Knowing this would save you some grief during debugging.
** User Profiles are saved in User Space that certain applications (Ex. Web-UI) and Re-Provisioning cannot access or remove.