NOTE: This resource and the associated series are a re-post of information provided at http://juice.altiris.com/node/4636 and related articles linked therein. Although the title and material make reference to Altiris, the core concepts apply to most Intel SCS based solutions.
The previous article in this series is http://communities.intel.com/docs/DOC-1918
Part 3 - OOB Task Agent and Delayed Provisioning
The previous article in this series referenced how to use OOB Discovery and OOB Task Agent to update the dynamic provisioning collections for Altiris Out of Band Management. If the environment is configured to support remote configuration (more information available at http://juice.altiris.com/node/4496), then the Intel® vPro provisioning process can commence. In addition to using in-band agents to initiate a remote configuration provisioning process, the Delayed Provisioning task can also be used to Switch to AMT within the MEBx manageability feature. This article provides brief look at how to utilize the Delayed Provision task.
Enabling and Configuring Delayed Provisioning
Once the remote configuration certificate has been acquired and integrated into the environment, and systems have been identified which support remote configuration, the Delayed Provision task can be used. The default collection for the task is All Intel® AMT Computers in Delayed Provisioning State. This is dynamic collection updated via OOB Discovery and OOB Task Agent. If the updates are not timely or the environment requirements specify a different setup, different collections can be targeted as needed.
The DNS Suffix must match the DHCP option 15 and DNS context used by the remote configuration certificate. In the example shown below, the suffix is vprodemo.com
Override OTP allows for a custom one time password to be defined within the environment for the purpose of remote configuration. Unless the environment warrants a specific value, it may be best to leave this blank. The OTP is used for agent-based remote configuration.
Switch to AMT provides the capability to remotely change the MEBx manageability feature state from either None or ASF to AMT. This is unique to the Delayed Provisioning task, as utilities such as Intel® vProTM Activator Utility can only change from None to AMT. The following screenshot of the MEBx provides a visual of what is being targeted and changed - with a reminder that Delayed Provisioning is making this change remotely without requiring manual intervention via the MEBx console.
Note: Only a few OEM systems have set the manageability feature to None at time of manufacturing. This has commonly been seen on early versions of Lenovo M55p and T61 units, HP 6910p units, and Panasonic Toughbook units. In addition, some environments that were not ready to utilize the Intel® AMT functionality may have requested the feature to be disabled during the ordering or staging process. Altiris Delayed Provisioning and the Intel® vProTM Activator Utility are currently the only two known utilities to re-enable this setting back to AMT via an agent outside of the MEBx interface.
Note: Some OEMs and deployments initially used ASF (e.g. Alert Standard Format). During ManageFusion Las Vegas 2008, an attendee asked a key question on how this could be changed remotely. At the time, enough information and document was not available on the Delayed Provision task - yet subsequent lab tests showed this feature to work.
Enable Schedule must be selected and it may be best to run the event more frequently than the default schedule. The schedule determines the task interval, which may be affected by the present load on the Altiris NS server, higher priority tasks and events, and so forth. Experiences in the lab and some production environments have typically been an "enable and forget" approach, although the provisioning logs and Intel® AMT systems are monitored for updates or errors related to provisioning events.
What if there are remote configuration capable clients not appearing in the default collection?
As indicated earlier in this and a previous article, sometimes the OOB Discovery and OOB Task Agent processes may not have fully discovered a system or updated the Altiris CMDB. Time and patience may help, yet when preparing this article and working with lab systems - I wanted to raise my chances of the Delayed Provision task being associated to remote configuration capable systems. Therefore, I added a few additional collections to the list such as All Intel AMT Capable Computers and so forth.
Part 3 Summary:
Using the Delayed Provisioning task for environments capable of remote configuration provides an automated method to provision clients. In addition to initiating the provisioning event, the Delayed Provision task and accompanying agents deployed on the target systems can be used to change the Intel® Manageability Feature from None or ASF to AMT without directly accessing the MEBx. This presents a number of opportunities for environments where systems were already deployed yet not configured or provisioned to take advantage of the Intel® vProTM technology. A future article will address an alternative method using the Intel® vProTM Activator Utility, which presents some additional features and functions.
The next article in this series is http://communities.intel.com/docs/DOC-1921