How to enable and use ASF within the Altiris Notification Server Infrastructure

Article:HOWTO8529  |  Created: 2008-01-28  |  Updated: 2008-01-28  |  Article URL http://www.symantec.com/docs/HOWTO8529
Article Type
How To



Question
How do I enable and use ASF within the Altiris Notification Server Infrastructure?

Answer

How to enable and use ASF within the Altiris Notification Server Infrastructure

The hype for Intel vPro AMT technologyis high and exposure good. What about ASF? Broadcom and Intel put ASF onboard NICs before AMT. Altiris offers support for this technology with Out of Band Management, Real-Time Console Infrastructure, Real-Time System Manager Solution, Network Discovery, Task Server, and other OEM Solutions.Setting up ASF isn’t a simple as throwing a switch. This article covers how to enable and use ASF functionality in the Altiris Infrastructure.

Introduction

You may have ASF-capable computers out in the environment and not know it. Altiris can identify those systems and provide details of ASF’s current state. Does the NIC support ASF? Is ASF enabled or disabled in the BIOS? What steps need to be taken to enable ASF fully so that Solutions like Real Time Console Infrastructure and Real-Time System Manager Solution can use the technology? What can ASF do? These questions are answered here.

ASF Overview

ASF, or Alerts Standard Format, resides directly on the NIC with firmware. This provides out of band capabilities that sit below the hard drive and the loaded operating system.

Alert Functionality

ASF provides functionality for PET (platform event trap) alerts.Alert functions are limited to what the hardware OEM provides. The full list of potential alerts follows.

Alert

Description

Chassis: Chassis Intrusion - Physical Security Violation 

System chassis has been opened.

Chassis Intrusion - Physical Security Violation Event Cleared

System chassis intrusion alert has been cleared.

BIOS: Corrupt BIOS

The system BIOS is corrupted.

Corrupt BIOS Cleared

The system BIOS corruption has been resolved.

Boot: Failure to Boot to BIOS

The system BIOS did not complete loading upon initiation.

CPU: CPU DOA Alert

The CPU is not functioning properly.

CPU DOA Alert Cleared

The CPU is now running properly.

Heartbeats: Entity Presence

Periodic heartbeats transmitted to verify system presence.

Temperature: Generic Critical Temperature Problem 

System temperature is out of limits. 

Generic Critical Temperature Problem Cleared

The system temperature problem has been cleared.

Voltage: Generic Critical Voltage Problem 

The voltage from onboard voltage regulators is out of limits. 

Generic Critical Voltage Problem Cleared

The voltage problem has been cleared.

Power Supply: Critical Power Supply Problem 

System power supply voltage is out of limits. 

Critical Power Supply Problem Cleared

System power supply voltage problem has been resolved.

Cooling Device: Generic Critical Fan Failure 

Fan speed/rpm is out of limits. 

Generic Critical Fan Failure Cleared

Fan speed/rpm problem has been resolved.

Connectivity: Ethernet Connectivity Enabled 

Ethernet connectivity is enabled. 

Ethernet Connectivity Disabled

Connectivity is disabled.

Again note that all OEMs do not support all of the above alert features.

Remote Interaction Functionality

Not all the functionality is available through Altiris, but the following list shows the full remote functionality available on an ASF-enabled system.

  • Get System State: Returns the current system status.
  • Get Client Capabilities: Returns client ASF configuration per the DMTF ASF specification.
  • Presence Ping: Similar to Internet Control Message Protocol (ICMP) ping utility; responds with pong to verify the system presence.
  • Power up: Powers up the remote system.
  • Power down: Powers down the remote system.
  • Reboot: Reboots the remote system.
  • Reboot with a redirect: Reboots the remote system with options to boot to PXE, the local floppy or optical drives. (This isn’t a true IDE redirect.)

Enabling ASF

Enabling ASF requires a series of steps. This section outlines the steps as described within the Altiris Notification Server Infrastructure.The full steps are highly recommended to ensure that all functionality is enabled in ASF and available to the Notification Server and supporting Solutions.

Enabling Steps

Walk through the following steps to discover and enable ASF on all supported systems.

  1. Run an Out of Band Discovery on all applicable systems.This requires the Altiris Agent.The steps are as follows:
    1. In the Altiris Console, browse to View > Solutions > Out of Band Management > Configuration > Out of Band Discovery.
    2. Enable the policy labeled "Out of Band Discovery."
    3. Change the assigned collection if needed (this discovery can run on any Windows system and it does not harm none ASF or AMT systems).
    4. It will take time for this Task to propagate out to all systems and for the applicable data to be returned to the Notification Server.
  2. Once sufficient time has passed (a good time mark is 24 hours) identify which machines are ASF capable by browsing to View > Solutions > Out of Band Management > Collections and click on All ASF Capable Computers.
  3. In the BIOS, enable ASF. The OEM may ship systems as ASF enabled if so indicated during the ordering of the systems. This would greatly simplify the process since this step requires a remote or site boot into the BIOS to enable ASF. ASF enabling differs depending on the manufacturer and version of the BIOS.
  4.  Enable the rollout the Out of Band Task Agent.The steps are listed as follows:
    1. In the Altiris Console, browse to View > Solutions > Out of Band Management > Configuration > Out of Band Task Agent Rollout.
    2. Enable the Task "Out of Band Task Agent Install."
    3. It will take time for this Task to propagate out to all systems and for the agent to be installed.
  5. Update ASF Settings to enable all functionality. See the screenshot below and the following steps on how to do this:

 

    1. In Task Server, select the Client Task "Update ASF Settings" found under Manage > Jobs > Tasks and Jobs > Client Tasks > Out of Band Management.
    2. Edit the Task by clicking the Edit button or icon.
    3. Check the box labeled Modify ASF general settings.
    4. Make sure Enable ASF is checked.  
    5. Check the option Modify security settings.Current experience shows that each field should be populated by 40 digit keys. Once set, a profile can be created with the proper keys to authenticate in Real Time Console Infrastructure for both Out of Band Management Solution and Real-Time System Manager Solution use. See the section Utilizing ASF in Altiris below for details.
    6. Click Apply.
    7. Click Run Now.
    8. Give it a Run name that applies to your tracking methods.
    9. Select the systems or collections of systems to run the update task on by clicking the Select computers link.
    10. Click Run Now.
  1. Run Out of Band Management Solution Discovery again so that the system is seen as ASF Enabled in the collections.

Utilizing ASF in Altiris

Once enabled, Altiris can utilize ASF within its Task Server Infrastructure or individually through the Real-Time System Manager interface. To use Real-Time System Manager Solution or Task Server with ASF, a profile must be created that contains the proper security keys. See step 5-E under enabling steps above to see what keys are set. This can be done with the following steps:

  1. Browse in the Altiris Console under View > Solutions > Real-Time Console Infrastructure > Configuration and click on Manage Credentials Profiles.
  2. Create a new profile, or if one is already in use select and click Edit on the existing one.
  3. Click the ASF tab. The tab should appear like this screenshot:

  1. Check the box Enable this technology in the profile.
  2. Input the Generation key and the Authentication key set during step 5-E.
  3. Click OK to save the changes.

Task Server

The Task Server functions for ASF are built into the tasks available out of the box. The huge benefit of having this available in Task Server is the one to many capability. A single job or task can be run simultaneously on many systems. The following job contains ASF functions, as described:

Title: Power up, Update ASF Settings, Power Down

Screenshot:

Notes for the above job:

  • The power tasks are derived from the Power Management Task located under Server Tasks > Real-Time Console Infrastructure.AMT and WMI are also available in this type of task, though for the above example only ASF is enabled.
  • The Get ASF Inventory and Update ASF Settings tasks are simply the tasks already provided out of box.
  • The Get ASF Inventory and Update ASF Settings tasks require the Out of Band Task Agent to be installed (this should have been accomplished as part of the setup process).

Other Solution’s functionality can be added to the job, or ASF power functions can be added to reliably wake machines that are not powered on.

Real-Time System Manager

When connecting to a system through the Real-Time tab from Resource Explorer, available ASF functionality should be automatically detected. This assumes that ASF has been properly enabled and configured as per the previous steps. The Real-Time System Manager Solution console is a one-to-one console that allows direct interaction with a system. Most of the functions found in Task Server is also available, though it is direct manipulation and not a task-based execution.

This screenshot shows an example of how the Hardware Management page looks (where most of the functionality can be invoked from):

 

Conclusion

Understanding the steps for setting up and configuring ASF will enable you to properly configure all available ASF systems, making the technology available. Once available, power management becomes reliable. PXE boot can be directly invoked if necessary from the Real-Time System Manager Solution console, negating the need to visit a machine that is down for imaging or other PXE related tasks.


Legacy ID



40224


Article URL http://www.symantec.com/docs/HOWTO8529


Terms of use for this information are found in Legal Notices