Using Intel vPro to Remotely Diagnose to a Disconnected Operating System

Version 4

    An oft overlooked and misunderstood usage capability of Intel vPro Technology is remote remediation and repair of a system.   A "repair" might require a software component to be installed, or a Windows service\driver setting to be changed to fix the remote client.

     

    The Intel Active Management technology will allow remote power-on, boot redirection, system defense, and so forth.... and a management solution like Microsoft, Altiris, or LANDesk will communicate in-band to a management agent on the client to perform functions like software distribution.   But - what if the management agent cannot connect over the network interface of the operating system?   As a case in point - consider the situation of a remote client when Fast-Call-for-Help or Remote PC Assist are utilitized - these are technologies that all Intel vPro Technology capability to traverse the firewall with appropriate security\communications.   In such situations - the remote client might be powered-on, filtered via System Defense, or a boot redirection to a WinPE image initiated.... but how will software be installed or remote desktop connectivity be possible if an in-band connection cannot be established?

     

    Imagine the events and requirements of assisting a user that usually connects via VPN into a corporate environment.   However, that's user's VPN connection or even their operating system network connectivity are not present.... yet Intel Active Management Technology (within the vPro platform) is able to see the remote system, and the operating system is loaded.

     

    The attached paper explores some capabilities that have existed since Intel AMT version 2.x to remotely remediate a disconnected operating system.   Although physically possible, these features and capabilities are not present in any management console.... but those building their own tool sets have full access to the source code through the Manageability Development Toolkit as explained in the document.

     

    The following videos provide a brief visual demonstration summary of this capability.   In the video, I am using a Raritan IP KVM to show both the management console on the left (running AMT Commander) and the Intel AMT client on the right (with the network interface disabled inside the Microsoft Windows operating system)

     

    Reviewing the attached document and videos should provide a good starting point for your own internal testing and experimentation.

     

    Video Part 1 of 2

     

    Video Part 2 of 2

     

    Remember - this capability and demonstration requires the following:

    • Agent running on the remote client which can interface the Serial-over-LAN COM port
    • Application running on the management console that is connected to the remote agent
    • Intel AMT is configured and operational on the remote client
    • Credentials to the remote Intel AMT system are known

     

    Further development and enablement will be needed for a production implementation