Skip navigation

McAfee® ePolicy Orchestrator™ Deep Command™ employs Intel® vPro® Active Management Technology for automated, beyond the operating system management.  ePO Deep Command helps organizations using Intel® vPro® to get more value out of the features of Intel® vPro® by allowing access to PCs whehter powered off or disabled.

 

This animation will show how this offers benefits IT to help reduce operational costs, enhancing security and compliance and enabling “green’” practices for idle PCs.

 

Click here to view the animation: http://www.intel.com/content/www/us/en/enterprise-security/core-vpro-mcafee-epo-deep-command-video.html

 

Check out this blog on McAfee's site about the new features in the latest version of ePO Deep Command: Get The Most Out Of Your Intel vPro-based PCs With McAfee ePO Deep Command

We've re-vamped and updated a great new animated training takes you through the preparation and configuration methods for setting up features and manageability capabilities (Intel® AMT) available on the Intel® vPro™ Platform. Take a step-by-step approach to find the configuration method that is right for you based on your own choices. We hope you find this animated wizard helpful in setting up and configuring your Intel vPro clients.

 

Check Out the Training Tool Now!

 

main page shot.PNG

Last week I wrote a blog showing how to subscribe to and trap AMT WSEvents in PowerShell using the High Level API (HLAPI). That information works great if you want to subscribe to WS-Events, but what about PET events? I will run through a similar demo, only this time we will use PET events:

Again, you will want to load the HLAPI assemblies in PowerShell:

[Reflection.Assembly]::LoadFrom('C:\HLAPI\HLAPI.dll')

[Reflection.Assembly]::LoadFrom('C:\HLAPI\IWSManClient.dll')

And just as we did with the WS-Eventing sample last week, we need to create a connection to our AMT client. Because I am using Digest and Non-TLS mode for this example, I can connect this way:

$auth = [Intel.Manageability.ConnectionInfoEX+AuthMethod]::Digest

$cs = New-ObjectIntel.Manageability.ConnectionInfoEX(“localhost”,”admin”,”P@ssw0rd”,$False,"",$auth,$null,$null, $null)

$amt = [Intel.Manageability.AMTInstanceFactory]::CreateEX($cs)

This is where we start to differ from the WS-Eventing sameple. The PET event will be sent to port 162. Instead of indicating a listener address with a Port Number, we just assign the address (without the HTTP):

$lstn = "192.168.0.5"

Similar to the WS-Eventing example, we also need to choose what Event filter we want to subscribe to. You can find a list of them and what events they cover at this Link

For my simple demo, I just used the “All Events” filter, basically telling AMT to send me an event for any action. Notice the PET filter is defined slightly different than the WS-Eventing example:

$petfilter = New-Object Intel.Manageability.Events.Filter("All_Events")

Next step is to define the senderID type, again I will use FQDN:

$sidtype = [Intel.Manageability.Events.SenderIDType]::FQDN

Now we can pull it all together into a “subscription”:

$sub = New-Object Intel.Manageability.Events.PETSubscription($lstn,$petfilter,$sidtype)

And finally we can use our AMT connection to subscribe, making sure we select PETEvents this time.

$amt.Events.PETEvents.Subscribe($sub)

Now that we have our subscription, we can move over to our server and create a listener. We start out again by loading the HLAPI:

[Reflection.Assembly]::LoadFrom('C:\HLAPI\HLAPI.dll')

[Reflection.Assembly]::LoadFrom('C:\HLAPI\IWSManClient.dll')

We can now create our listener:

$listener = New-Object HLAPI.Services.PETEventListener

Now we just need to define what happens when we receive a new message. For this example we will just capture the FQDN of the system sending the message:

Register-ObjectEvent $listener OnNewEventArrived -SourceIdentifier $listener.OnNewEventArrived  -Action {write-host ""; write-host "FQDN: "$Event.SourceEventArgs.Sender ;}

Now all that is left is to start the listener:

$listener.StartListening()

Now we are ready to generate another event from my AMT client.

I will push the "Get Technical Help" button again:

pet.PNG

As you can see the listener received the alert and displayed the FQDN of the AMT client!

 

For more information regarding the High Level API and Events check out this Link.

We've updated the Intel® Core™ vPro™ processor add-on for System Center Configuration Manager* to include support for both SCCM 2012 and SCCM 2007.

 

For details on how the add-on works, check out my previous blog post and video here: The Intel® Core™ vPro™ processor add-on for System Center Configuration Manager 2007

 

You can download the updated add-on here: http://downloadcenter.intel.com/Detail_Desc.aspx?agr=Y&DwnldID=21835

*****************************************

All Intel-provided code snippets in or attached to this blog are provided under the Intel Software Community License unless otherwise specified.

 

Any user submitted code or materials posted on this blog is supplied under license from the submitter, and should be used or downloaded in accordance with any license terms specified. Intel is not responsible for user submitted code nor warrants that it will work correctly.  If no license is provided, you should contact the submitter.

*****************************************

 

 

 

So I have been using the Intel Setup and Configuration Software to manage my vPro AMT clients in my test network. I have to admit it is quite nice to have things just work when I want to setup and configure Intel vPro AMT.

 

But how do I manage those systems? Come on – you know me…I use the Intel vPro Technology Module for PowerShell. I helped make it.

 

So then the question becomes, how do I get a list of configured computers from the SCS Database? Well, the SCS includes a WMI interface to the data. Great! Now I just need to make a couple wmi calls. And thanks to all the built in PowerShell WMI goodness, those calls are pretty easy.

 

All my clients are in my network subdomain domain “ent.vprodemo”. I also have an RCS server setup. My credentials I am storing in $cred, and the server’s IP address is stored in $ServerIP.

 

So here is a sample script that gets all the AMT system Full Qualified domain names and sends them to invoke-amtgui.ps1:

 

$computerList = @()

$query = "SELECT * FROM RCS_AMT"

 

$output = Get-WMIObject -computername $serverIP -credential $cred -namespace "root/Intel_RCS_Systems" –query $query -authentication PacketPrivacy

 

foreach ($item in $output)

{

                $computerList += $item.AMTfqdn

}

 

invoke-amtgui $computerList -credential $cred

 

If doesn't have to be invoke-amtgui - you could send all the machine to invoke-amtpowermanagement just as easily.

 

Of course, we could use the IP address as well by using the following line:

$computerList += $item.AMTIPv4

 

invoke-amtgui.png

 

Want to see what else is available? Just write-host $output. Here are the results from one of the systems:

 

You can see the name, AD OU, AMT version, managed state, LOTs of stuff. Awesome!

 

wmiobject.PNG

 

In my environment I am using Kerberos, so authentication is covered. But what happens if your environment uses digest credentials? Well, you can use WMI to ask for the digest admin password on a machine:

 

$output = invoke-WMIMethod -computername $serverIP -credential $cred -Namespace "root/Intel_RCS_Systems" -class "RCS_Systems_RemoteConfigurationService" -name GetConfiguredPassword -authentication PacketPrivacy -argumentlist $FQDN, $IPAddress, $true, $UUID

 

$output.Password

 

The WMI interface checks with the machine by logging into it to ensure that it returns the correct password to you. So if the machine is not available you will not be able to get the password. But that is ok since you could not manage it anyways.

 

How do you get the $UUID and $FQDN? From that WQL query we made earlier –

 

$query = "SELECT * FROM RCS_AMT"

 

Just make sure you grab the data you need:

        $FQDN = $item.AMTfqdn

$uuid = $ item.name

$AMTIPv4 = $ item.AMTIPv4

Among the many enhancements with latest generation Intel SCS releases, one that you may have overlooked is Digest Master Passwords

 

First - some contextual understanding

The idea of a Digest Master Password (DMP) is to provide one password to Intel SCS which is used to randomize the Intel AMT admin password on every system configured.

 

To help put that in context, shown below is the Intel SCS console view to enable and set the Digest Master Password

DMP1.png

Once a Digest Master Password has been established, when defining the Network Setting within a Configuration Profile, a third option appears to "Use Master Password to create a password for each system"

DMP2.png

Those who have appropriate permissions to the Intel SCS console can lookup the password of an individual system.   As shown below, all of the systems have been configured using Digest Master Password.   The per-system Intel AMT password is a unique string.   The notepad provides a few example randomized passwords due to Digest Master Password.

DMP3.png

 

With the contextual understanding above, here are the four reasons to use Digest Master Password (DMP)

  1. Simple to add an additional Intel SCS or in disaster recovery scenarios - If you have already configured Intel AMT systems using Digest Master Password, additional Intel SCS instances can start communicating with them immediately.   All you need to provide is the DMP in the Intel SCS console.  (I'm looking forward to Intel AMT capable applications using DMP)
  2. No Database Required - In the past, a randomized password option could be used with each individual password stored in the Intel AMT database.   If you lose or corrupt the database, you lose the passwords.   This is not true with DMP - since the randomized password is calculated dynamically per an algorithm.   (Again - I hope in the future Intel AMT capable applications will use DMP)
  3. Simplifies reconfiguration, delta configuration, and unconfiguration options - If you have manually typed the ACUconfig commands, you noticed a command option "/Adminpassword".   This is the Intel AMT admin password, and if you must directly specify it in the command line there is a security risk.   In contrast, if DMP is enabled the ACUconfig command execution will determine the Intel AMT admin password.
  4. Easy to maintain-  Intel SCS will remember the last 8 DMP's used.   If you update the DMP on the Intel SCS console, the change can be applied to systems in your environment causing a new random Intel AMT admin password per client to be generated and assigned.   Until that job has completed, which is complicated with systems that may be disconnected from the network for a period of time, there is a good possibility that some systems may not get the update immediately.   No worries - Intel SCS knows the previous DMPs used and can apply those if needed.

 

Ensure you secure the DMP

A final thought for this blog - be sure to secure the Digest Master Password.   As shown above, the individual randomized passwords are accessible via the Intel SCS console.   To calculate or obtain the Digest Master Password requires access to the Intel_RCS_Master_Password WMI namespace as shown below

 

DMP4.png

 

Do you have an additional reason for using Digest Master Passwords?  Please do tell

Good news for IT administrators struggling to find an effective way to manage lost or stolen laptops. Now, McAfee ePolicy Orchestrator (aka McAfee ePO), an enterprise-class console for security management software, soon will be able to go further and securely disable stolen or lost laptops in order to protect the most valuable company asset: information.

 

This capability comes as joint effort of Intel, McAfee and Softex, that was announced last week during IDF in San Francisco, when Softex announced that has joined the McAfee Security Innovation Alliance (SIA) partner program in order to develop this capability and integrates as plug-in to McAfee ePO that will be called Softex SecureDisable.

 

There are several reasons to it be a good news:

  1. It’s a long time desired capability, since corporations started replacing regular desktops by laptops.
  2. Intel® Anti-Theft technology is an integral component of business-class laptops Intel® vPro™.
  3. It is already integrated with McAfee ePO and provide an integration component for Microsoft System Center 2007.
  4. McAfee ePO Deep Command already brings a key feature for “road warriors” called Fast Call for Help (aka FCFH). This allows remote users, even with damaged OS, to connect to corporate network and let a help desk technician provide support using KVM, now with AT feature, steroids the solutions for these workers and improve efficiency for IT department, not only to provide a fast back to work but also protecting organization information and assets.

 

Softex is planning to provide this capability as cloud computing offering, hosted in their facilities or hosted on-premise in enterprise boundaries.It will allow great flexibility on how to deploy and manage this capability across the board.

 

Now, as never before, “road warrior” workers are able to experience service and security protection as if they were working inside corporate boundaries.

 

Best Regards!

Recently I started working with AMT and WS-Eventing and wanted to share a few things I learned along the way. I found the quickest and easiest way to get started was to download the AMT SDK / High Level API (HLAPI) (link) and start digging into the samples there.  It was pretty straight forward to get the samples working and I was actually able to create a subscription to an event and trap the alerts on my SCS server! Great! After that bit of success I wanted to see if I could replicate the functionality in PowerShell.

 

First off, I needed to load the High Level API assemblies in PowerShell:

 

[Reflection.Assembly]::LoadFrom('C:\HLAPI\HLAPI.dll')

[Reflection.Assembly]::LoadFrom('C:\HLAPI\IWSManClient.dll')

As you can see all you need to do is load the HLAPI.DLL and the IWSManClient.DLL. Once loaded we can create a connection to our AMT client and create a subscription to some events.

Next we just need to create a connection to the AMT client. For my test I just used my local machine, digest user and non-TLS:

$auth = [Intel.Manageability.ConnectionInfoEX+AuthMethod]::Digest

$cs = New-Object Intel.Manageability.ConnectionInfoEX(“localhost”,”admin”,”P@ssw0rd”,$False,"",$auth,$null,$null, $null)

$amt = [Intel.Manageability.AMTInstanceFactory]::CreateEX($cs)

 

We also need to indicate where the “Listener” will be located:

$lstn = "http://192.168.1.10:999"

 

We also need to choose what Event filter we want to subscribe to. You can find a list of them and what events they cover at this Link

For my simple demo, I just used the “All Events” filter, basically telling AMT to send me an alert for any event.

$wsfilter = [Intel.Manageability.Events.FilterName]::All

 

Next we need to indicate the SenderIDType and where you want to place that SenderID. You can read more about this in the HLAPI/SDK documentation here, but your choices here are: CurrentAddress, FQDN, NONE or UUID.

$sidtype = [Intel.Manageability.Events.SenderIDType]::FQDN

$sip = [Intel.Manageability.Events.SenderIDPlacing]::ReferenceParameter

 

Now we can pull it all together into a “subscription”:

$sub = New-Object Intel.Manageability.Events.Subscription($lstn,$wsfilter,$sidtype)

 

 

Now that we have the subscription defined, we can use the connection to our AMT device to apply it:

 

$amt.Events.WSEvents.Subscribe($sub)

 

 

Now we have a subscription created on our local host that will generate a WSEvent when our filter criteria are met!

I went ahead and modified this a bit and wrapped a GUI around it:

 

1.png

It works great on the command line, but sometimes it’s nice to have that GUI experience as well.

 

So now we are generating alerts off of AMT events, but how can we “Trap” them?

Let’s create a simple PowerShell / HLAPI based WSevent Trap / Decoder:

 

It starts out similar to that of the subscriber script, you have to load the HLAPI assemblies:

 

[Reflection.Assembly]::LoadFrom('C:\HLAPI\HLAPI.dll')

[Reflection.Assembly]::LoadFrom('C:\HLAPI\IWSManClient.dll')

 

 

Next we just need to create a WSEventListener on our “Listening Server” indicating which IPAddress and Port I want to listen on:

 

$listener = New-Object HLAPI.Services.WSEventListener([IPAddress]::Any,'999')

 

 

Now we need to register an Object Event that will fire when we receive an alert:

 

Register-ObjectEvent $listener OnNewEventArrived -SourceIdentifier $listener.OnNewEventArrived  -Action {write-host ""; write-host "Address: "$Event.SourceEventArgs.Sender ;    write-host "Alert Type: "$Event.SourceEventArgs.EventData.AlertType ;    write-host "Filter Name: "$Event.SourceEventArgs.EventData.IndicationFilterName ;    write-host "Indication Time: "$Event.SourceEventArgs.EventData.IndicationTime ;    write-host "Message: "$Event.SourceEventArgs.EventData.MessageDescription ;  }

 

 

Here you can see that when the listener receives data, it fires off an Action. In our case it’s going to write out to the screen some information about the event such as the Alert Type, Filter Name, Indication Time and the Message of the event.

 

Once we have our listener created, we can start the listener on our server:


$listener.StartListening()

 

 

Now I have my AMT client ready to send out alerts based on events and we have our listener ready to trap them.

In my demo I used the Get Technical Help icon in the Intel Management and Security Status Icon:

 

2.png

 

Now when I hit the “Get Technical Help” button or hit the appropriate key sequence during the boot process, I can trap that event on my server:

 

3.png

 

Since we subscribed to All Events, it will also trap other event alerts. For example I pulled the battery out of my local machine:

 

4.png

 

There are plenty of options when it comes to creating subscriptions / subscribing to events, be sure to check out the SDK/HLAPI documentation online for more information: Link

If you have installed Microsoft* Windows 8*, you probably noticed it includes Internet Explorer 10* on the desktop. If you try to install a certificate from Microsoft Active Directory Certificate Services you will see the error message “This Web browser does not support the generation of certificate requests”.

In order to display the certificate website, you will need to switch browser modes. Internet Explorer 10* provides the following browser modes:

  • Internet Explorer 10
  • Internet Explorer 10 Compatibility View
  • Internet Explorer 9
  • Internet Explorer 8
  • Internet Explorer 7

 

The Internet Explorer 10* Compatibility View will allow the certificate website to display properly. To change browser modes open Internet Explorer 10* and either select Tools > F12 Developer Tools, or press F12.

At the bottom of the Internet Explorer 10* window another set of menus will appear. Select the Browser Mode tab, and then select Internet Explorer 10* Compatibility View. Now your certificate website will display correctly, allowing you to request a certificate on your client system.

McAfee® DeepDefender™

McAfee® DeepDefender™ with DeepSafe™ technology protects against known and unknown threats. It uses virtualization technology included on Intel® vPro™ Platforms.

DeepDefender.png

Requirements:

  • EPO Server – ePolicy Orchestrator
  • VSE – Virus Scan Enterprise Workstation
  • McAfee Agent
  • HIPS – Host Intrusion Protection

Intel® vPro™ Platforms

Systems based on the Intel® vPro™ Platform include Intel® Active Management Technology (Intel® AMT), which provides the capability for IT departments to manage client systems even when the PCs are powered down or operating systems are unresponsive.

Protect / Defend / Update / Diagnose / Repair

Together, McAfee® DeepDefender™ on Intel® vPro™ Platforms provide IT organizations with the ability to proactively protect, defend, update, remotely diagnose, and repair their HW and SW assets.

DeepDefender™ provides hardware assisted security

  • Real time protection
  • Blocking stealth threats
  • CPU and Memory monitoring
  • Zero-day threat detection
  • Automatic threat blocking and quarantine

 

DeepDefender™ Prevents:

  • Buffer overflow
  • HW level exploits
  • Rootkits

 

Intel® Active Management Technology provides:

  • Remote power on capability (S3/S4/S5)
  • Remote boot and edit BIOS settings
  • Remote boot to CD drive / ISO image / HDD
  • Fast Call For Help
  • KVM Remote Control

 

For additional information:

http://www.mcafee.com/us/products/deep-defender.aspx

http://www.mcafee.com/us/resources/data-sheets/ds-deep-defender.pdf

http://www.intel.com/content/www/us/en/enterprise-security/vpro-mcafee-epo-deep-defender-demo-video.html

 

I'm sitting in an airplane seat, 38,000 feet high heading to Portland International airport. I'm due to attend an Intel Technical Leadership conference to deliver a session on our most recent project with vPro AMT managing hardware based encryption.

In between channel surfing on this nice VOD touchscreen on the back of the seat in front of me, I thought of sharing this concept with you.

 

Many of the companies I know, that are using Intel(R) AMT, are mostly using it for power control, PC alarm clock, or waking up their vPro clients for patching and installations. These use cases are great introductions to AMT, but I would encourage IT admins running vPro to not stop there.

 

Let me share the story of Self Encrypting Drive management, as an example. We explained the solution in details in this white paper, but in this post, I’ll use this to illustrate my point.

 

A while back, I was approached by the client security service manager in Intel IT, who asked me to come up with a solution to manage self-encrypting drives. At the time, we were already deploying these types of drives at Intel IT, but without utilizing their encryption capabilities. In fact, since we did not have a management solution, we were forced to add another software-based encryption application on top of the hardware-based encryption, a redundant and more costly approach. Since Opal compliant solutions are not yet widely available, we needed to be creative.

 

First, we needed to find a way to secure the encryption key on the drive. We decided to use the ATA password, interfaced through the BIOS for this. Secondly, we had to automate the process of sending this password into the BIOS, and create a randomly created master password for each encrypted device. Then we had to provide remote management capabilities to our Service Desk, to support cases when the user forgets the password, and also to ensure we have zero data loss across the enterprise.

 

We gathered some smart engineers from IT and the AMT engineering teams, and came up with our solution.

Using manageability web services as the heart of the solution, we can interact with the client PC's Manageability Engine using the SOL protocol and automatically configure the BIOS with the passwords. A simple password management application installed locally on the client PC provides the end user with a GUI while a centralized secured database stores all master passwords for the encrypted devices. All communication channels are SSL encrypted, as well.

 

During our work on this project, we gained additional benefits that we didn't even think of before we started. Specifically, we created tools that enable our IT Operations folks to better control and maintain our vPro fleet, and we also improved our data and reporting capabilities for the clients’ hardware inventory and encryption status. This is, of course, in addition to the obvious gain of providing a hardware-based encryption solution, make this new solution very compelling for Intel and Intel IT.

 

This was a unique project because it didn’t just implement one of the obvious and most common AMT usages. In fact, using SOL for most of the activity might be considered antiquated by some, but we decided to use SOL as it allowed us to support all generations of vPro clients and not just the newer KVM models.

 

AMT is a powerful technology. It can be used for many reasons and through many methods. When you look at enabling AMT in your organization, don't just look to implement the obvious, try to think of other possibilities it could provide you as well. If you are already using AMT, I encourage you to consider how else you can benefit from it. As in many other IT domains, the key to getting the added value is to think out-of-the box.

Computacenter.jpgDownload Now 

 

Computacenter is Europe’s leading provider of IT infrastructure services, advising corporate and government organizations on their IT strategies, implementing technologies from a wide range of vendors and, managing its customers’ technology infrastructures.

 

The company is always looking for new ways to meet its customers’ changing needs. Since it needed to understand virtualized desktops in depth and be able to speak credibly to customers about the latest hardware and software to support these environments, it launched a dynamic client infrastructure (DCI) framework that offers customers a comprehensive consulting approach to an end-device virtualization infrastructure. Computacenter now recommends devices based on 3rd generation Intel® Core™ vPro™ processors as one of the best hardware platforms for running virtualized client infrastructure, with Ultrabook™ devices as the most versatile device.

 

“3rd generation Intel® Core™ vPro™ processors offer the best in terms of remote manageability and a comprehensive suite of security solutions that enable customers to better protect their valuable corporate data,” explained Joerg Tewes, solution manager for Computacenter.

 

Learn more in our new Computacenter business success story. Find more business success stories like these on Intel.com and iTunes.  And to keep up to date on the latest business success stories, be sure to follow ReferenceRoom on Twitter.

Introduction

Systems based on the Intel® vPro™ Platform include Intel® Active Management Technology (Intel® AMT), which provides the capability for IT departments to manage client systems even when the PCs are powered down or operating systems are unresponsive. There were no differences identified with Intel® AMT on Windows 8* verses Windows 7*. As expected, any OEM issues that existed with Windows 7*, such as text wrapping problems with SOL, were also present on Windows 8*.

The results below apply to Intel® AMT 5/6/7/8.

Testing included Wired and Wireless networking, as well as different management consoles. Most of the testing was performed with Windows 8 Enterprise*, but Professional* was also used. Standard BIOS and OS installations were used.

 

Manageability Features

  • Remote Power On (S3/S4/S5) – Remote Power On functioned properly with Windows 8*. There were no differences compared to Windows 7*.
  • Intel® AMT Provisioning – Windows 8* platforms were able to provision in the various modes successfully.
  • SOL boot to BIOS – There is no difference in using this feature on a Windows 8* platform. Although there are a couple of OEM systems with known issues displaying text using SOL. The behavior is consistent with Windows 7* across those OEM models.
  • Boot to CD/ISO/HDD– Redirection to CD/ISO/HDD functioned properly with Windows 8*.
  • Fast Call For Help – Fast Call For Help functions normally with Windows 8*.
  • KVM Remote Control– KVM with Windows 8* functions identical to Windows 7*.
  • BIOS Updates – There were no issues updating Firmware with Windows 8*.

 

A Word about Start Menu and the New User Interface included in Windows 8*

The Intel® Management and Security Status (IMSS) application continues to reside on the Windows 8* desktop user interface. However, there is an IMSS tile present on the new Windows 8* Start Menu. Selecting IMSS from the Start Menu will switch the user from the new Windows 8 * user interface to the desktop interface and launch the application. User consent messages, which display the User Consent Code, will appear on whichever interface is active at the time.

Conclusion:

There were very no differences observed between Windows 7* and Windows 8* when using Intel® Active Management Technology.

Intel® vPro™ Platforms continue to provide IT organizations with the ability to manage Business Clients when upgrading to Windows 8*.

I’ve seen a few Lenovo ThinkPad X1 Carbons around the office lately and they’re pretty cool.  The X1 Carbon is a new Ultrabook that’s also an Intel vPro Platform.

 

The X1 Carbon makes an immediate first impression with its ultra cool and sleek carbon fiber exterior.  But as they say, beauty is only skin deep and that’s where the carbon comes into play.  You see, carbon fiber is pretty tough stuff.  As strong as aluminum with only one third the weight (think Formula 1 cars or the Boeing 787 Dreamliner) carbon fiber is amazingly durable which helps reduce system flex and better protect key components like the display.  Speaking of the display, the ThinkPad X1 Carbon’s screen is made from scratch resistant Corning Gorilla Glass. Lenovo says the Thinkpad X1 Carbon has passed eight rugged, military spec tests.  One reviewer described the X1 Carbon as  “…a G.I. Joe strapped with Kevlar.”

 

The X1 Carbon is the ideal mobile office with a high tech home theatre and mobile video conferencing system all rolled into one. Its Dolby Home Theater v4 delivers clear, crisp surround sound, and it dual-microphones with audio canceling software automatically filter out background noise during conference calls.  The ThinkPad X1 Carbon’s 720p high-definition camera has face tracking software so users don’t have to worry about staying on camera.

 

The X1 Carbon comes packed with advanced security features like an encrypted hard drive, an integrated fingerprint reader, Lenovo remote security management and is even pre-loaded with Norton® Internet Security 2011.  Also, Because the ThinkPad X1 Carbon is an Intel vPro Platform, it includes hardware enhanced authentication and is able to remotely disable access to data or disable the hardware itself, if lost or stolen.

 

If you’re looking for a system that both users and IT will love, the new Lenovo ThinkPad X1 Carbon Ultrabook should be on your list.

 

ThinkPad-X1-Carbon-Ultrabook.jpg

We cannot go back to a world without computing any more than we can go back to a world without electricity.  Making computing secure is essential to live up to all that computing has to offer.  Intel and McAfee delivers a new level of hardware-enhanced security that provides unprecedented protection for a safer, more worry-free computing experience from the device to the cloud

 

See the Intel with McAfee sales brief to see the real benefits of how we are delivering a new level of security by combining hardware with software for unprecedented protection and a safer, more worry-free computing experience across clients, data center, and the cloud.

 

Intel and McAfee 2012 Security Benefits: Sales Brief

Are you attending the Intel Developer Forum in San Francisco this year?  If so, I invite you to attend a session that I will be co-presenting along with two of my teammates from the Business Client Platform Division here at Intel.

 

We will be highlighting several different ways you can develop solutions for the Intel vPro and Small Business Advantage platforms.  This session is targeted at both IT practitioners and software developers.  The class will naturally have slides, but will also include a number of live demos.  So, if you are interested in learning how you can create solutions for Intel’s business client platforms, I encourage you to attend and bring any questions you have.

 

Here are the details on the class from the IDF website:

 

Session ID: BCSS001


Date/Time: 09/13/12 @ 10:15 am

 

Title: 2013 Business Client Solutions: Intel® vPro™ Technology and Intel® Small Business Advantage

 

Abstract:

 

Whether you are an IT practitioner with Intel® vPro™ Technology clients in your enterprise, a medium business wanting to enhance your existing business process automation or a small business looking to improve efficiency and productivity of your PC assets, this is the session for you. Come see a glimpse of the innovative 2013 Business Client platforms, including the Ultrabook™, All-In-One and ultra-small form factors. Experience technical deep dives and demonstrations on how to easily incorporate Intel vPro Technology into your existing environment through a variety of Independent Software Vendors integration points, scripting tools, and developer Software Development Kits. This session will also focus on a rich set of capabilities provided through the Intel® Small Business Advantage platform that delivers out of the box experience for small businesses.


Key topics covered include:

• Intel Small Business Advantage Overview
• Intel vPro Technology Use Cases / Independent Software Vendor integration
• Developer and IT Tools providing automation for Intel vPro Technology features including: High Level API (HLAPI), Software Developer Kits (SDKs), Microsoft* Windows* PowerShell


In addition to this class, the we have two additional classes at IDF San Francisco this year:


BCSS002 - Security for Intel® Architecture Based Business Clients - 9/13 @ 12pm

BCSS003 - Enabling Consumerization Through Client Based Desktop Virtualization - 9/13 @ 1:15pm


You can find further details on these sessions, as well as all the others here:


http://intel.activeevents.com/sf12/scheduler/public.jsp

Introduction from Blair Muller's Blog 9/1/2012 from the link cited below:

 

"Hi All,

 

As some of you may know, I have been engaged by Intel to activate Vpro for 7 clients this financial year. We are focusing on clients with System Center Configuration Manager and integrating SCS with SCCM.

At this point, we have reached out to two major clients in Australia and assisted there internal IT team reach their goal of activating Vpro. (Video presentations from clients to come, watch this space)

 

I thought I would share my thoughts that I have learnt during the journey of activating Vpro and integrating it into SCCM.

If you haven’t had a chance, you should check out my previous blogs on Vpro.

I will also assume you have read and understood the Automated Console Integration scripts for MS SCCM 2007 & Intel® SCS 8"

________________________________________________________________________

 

Read the blog here:

Blair Muller's Blog: What I have learnt about the automated console integration scripts for MS SCCM 2007 & Intel SCS 8

Today’s rapidly evolving business environment is creating a new set of security challenges. From rootkit attacks to international security breaches, threats have grown more advanced. The Intel® vPro™ Platform has a set of security and manageability capabilities built right into the hardware. While Intel vPro technology is conveniently built in, it still requires setup and configuration. Thanks to Intel® Setup and Configuration Software, IT managers can implement Intel vPro processor-based PCs or workstations in a matter of minutes.

 

Follow these step by step instructions on how to purchase and install Go Daddy certificates for all capable PCs with Intel AMT remote set-up and configuration!

 

How to Purchase and Install Go Daddy Certificates v1.1: Download Center



 

 

If you have McAfee ePO 4.6 or higher in your environment today, and you want an accurate summary of your Intel AMT capable systems - try using a free utility provided by McAfee.

 

The McAfee ePO Deep Command Discovery and Report Module is a free utility that can provide dashboards and related information such as the following

dashboard.jpg

While many Intel AMT detection capabilities provide only a subset of data points, McAfee's Discovery and Report utility captures over 50 data points. Even if the Intel Management Engine Interface (MEI) driver is not present, the McAfee utility will capture basic information including the exact OEM and model of the system.

AMT data.jpg

In addition, the McAfee ePO Discovery and Report tool comes with 15 predefined queries. Adding your own queries in connection with other McAfee ePO collected data is simple.

queries.png

Learn more about how to discovery and report on Intel AMT capable systems in your environment - https://community.mcafee.com/docs/DOC-3297

Filter Blog

By date: By tag: