1 Reply Latest reply on Mar 7, 2016 2:11 AM by dariusz.wittek@intel.com

    implementing v-pro

    Goutham

      Hi All,

       

      I'm new to V-pro can you please help with these questions?

       

      Do we need management server at each location for implementing v-pro

      Does it work with Wireless LAN?

      we can manage through Internet as well?

      any idea on pricing for enabling it, cost of licenses

        • 1. Re: implementing v-pro
          dariusz.wittek@intel.com

          Hi,

           

          Please note  that your question is related to Intel® AMT (Active Management Technology)  which is one of ingredient technologies of Intel®  vPro™ technology (which is more like business PC platform definition).

           

          For Intel® AMT let me quote Terry's Cutler from Intel  one simple rule: "Intel® AMT is HW & FW based network service, it has to be configured (enabled/provisioned/activated) to allow remote OOB management. Once Intel® AMT is configured it is sitting in your network and is waiting  for management conection to come, authorize and perform management action".

           

          The best source of  Intel® AMT technology details is  http://software.intel.com/sites/manageability/AMT_Implementation_and_Reference_Guide/default.htm

           

          So answering your questions:

          1. Q:"Do we need management server at each location for implementing v-pro? "
            It depends on your network structure, if you can resolve manager PC FQDN into its acctual IP address and establish TCP/IP connection to this host on AMT TCP ports - you can manage from any console PC/OS across all network.
            This is typical scenario for corporate network -Intranet and is used by multiple enterprise customers within their internal network across multiple sites and locations.

            But if your network (NATs, firewalls) limits you to separate "islands" - like Managed Services  Provider case - you may need separate management server (a PC +OS+ Intel® AMT enabled management SW) in each "Island"/domain/subnet.

            See also next answer.
          2. Q: "we can manage through Internet as well?"

            Yes BUT you need to implement Intel®  AMT Remote Access - Fast Call for Help feature with supporting management SW - Intel®  AMT MPS.
            As Internet locations (your branch/satelite offices) NAT will use private non routable IP addresses and Firewall blocking external (management server) originated connection over Internet - your management console SW will not be able to establish TCP connection to Intel®  AMT FW on its private IP address (ex 192.168.x.x).
            You need to reverse direction of  Intel® AMT connection to originate at  Intel® AMT FW towards management server. And it has to be secured/encrypted. This is exactly  what Intel® AMT Fast Call For Help feature does.

            On central management server side you need to implement Intel® AMT MPS (Managed Presence Server - kind of TLS tunnel termination and TCP/SOCS proxy to Management Console SW.
            Not every Intel® AMT management Console SW supports Intel® AMT Fast Call For Help.

            Commercial SW is McAfee ePO Deep Command with Remote Agent Handler.
            You can also explore Intel's Open Source project Mesh Central - www.meshcentral.com  and use binaries/source code to build  and host your own Mesh.
            Intel® AMT Software Development Kit (SDK) http://software.intel.com/en-us/articles/download-the-latest-intel-amt-software-development-kit-sdk also contains MPS sample code.
            see also Download Intel vPro Technology Use Case Reference Design - CIRA Ref Architecture
          3. Q: "Does it work with Wireless LAN?"
            YES, over Intel® Wireless WiFi products supporting vPro/AMT  ONLY. USB WiFi dongles and other vendor WiFi adapters do not suport Intel® AMT by design.
            You will have to configure Intel® AMT WiFi profiles (HW/FW level known & trusted WiFi networks - it is part of Intel® AMT configuration.
          4. Q: "any idea on pricing for enabling it, cost of licenses".

            If you have Intel®  vPro™  PC/laptop/tablet HW (check procesor sticker) - there is NO additional cost/license to Intel for enabling it in the HW/FW.

            You may need to purchase:

            - Intel® AMT provisioning certificate for configuring it with Remote Configuration Method into Admin Control Mode - for Wired LAN enabled systems - single certificate for your internal domain name - starting from $90/year. This certificate is not needed for  Host Based Configuration into Client Control Mode.
            - Professional Intel®  vPro™ enabled Management Console SW - like McAfee ePO Deep Command, MS SCCM 2012, Bomgar, LANDesk, DameWare, and bunch of others. No idea about the cost (it strongly depends on numer of end points to be manager). Most of those consoles include their Intel® AMT KVM Viewer.
            - standalone Intel® KVM Viewer application if not using any of above console SW - like Real VNC Viewer Plus - $99 per management seat.

            If your Management Console is MS SCCM 2012 you may use free of charge Intel® Core™ vPro™ processor KVM add-on for System Center Configuration Manager*  https://downloadcenter.intel.com/Detail_Desc.aspx?agr=Y&ProdId=3051&DwnldID=21835
            - You can enable/configure Intel® AMT on your own - but you have to invest time and headcount - see: 
            Intel® vPro configuration with  Intel® SCS Training http://www.intel.com/content/www/us/en/processors/vpro/vpro-activation-training-animation.html
            (or
            https://cqcontent.intel.com/content/dam/www/public/us/en/swf/demos/vpro-activation-training-animation/Main.html)
            Intel® Setup and Configuration Software Deployment Guide  included in Intel® SCS download) available as standalone  http://www.intel.com/content/www/us/en/software/scs-deployment-guide.html
            and Intel® vPro™ Expert Center

            OR look for experienced System Integrator able to do it - you will need then project budget $$.

          Regards

           

          Darek