Altiris and Intel vPro Use Cases – Introduction
The big question after successfully provisioning a vPro/Symantec-Altiris environment comes in the simple form of "Now what"? The article series: Utilizing Intel® vPro AMT Technology with Task Server covers a lot of the functionality directly (LINK: http://www.symantec.com/connect/node/2201). This article series takes it a few steps further, with real-world examples and use cases for taking advantage of Intel® vPro technology through Symantec/Altiris Notification Server.
There are two components for directly interfacing the AMT vPro technology. The first is Real-Time System Manager, the second Task Server. Both components utilize much of the same functionality, however RTSM provides a one to one interface, while Task Server allows a one to many task or job to execute against a group of vPro systems.
To understand how all the components work together, this Introduction walks through the basics of the components that will be used throughout the use cases. The list of solutions, or applications, that utilize Intel vPro technology is listed here along with a description:
- Real-Time Console Infrastructure This component is generally invisible when working directly with vPro AMT Systems. The Configuration of how to connect to systems and what credentials will be used can be found in the configuration pages for this product. It supports both the Real-Time tab and the Task Server vPro AMT tasks available.
- Real-Time System Manager The Real-Time tab functionality that directly interfaces with vPro AMT on a system per system basis provides a live tool for directly invoking vPro AMT functions as part of troubleshooting or maintaining a system directly. This is useful for troubleshooting problems with a specific system.
- Out of Band Management Out of Band Management will only lightly be covered in this article series. For the most part this solution is part of the setup and configuration of Intel vPro AMT systems so that vPro AMT functionality can be used. There are some maintenance and profile items that can be used as part of ongoing use of vPro AMT.
- Task Server Task Server is the engine used for a one to many task or job where specific vPro AMT functions, along with functions from a myriad of other Solutions, can be executed or scheduled to execute against a collection or list of systems. This is the integration framework that allows AMT to become part of a much larger Altiris functionality portfolio.
See the following diagram for a representation of how the two main functional engines work:
This series will focus on these two pieces (RTSM and Task Server) since they are the delivery mechanism for the vPro AMT functionality. Other Symantec Solutions can and will be used through the use cases.
Real-Time Console Infrastructure
Consider this the core underlining infrastructure for the Symantec use of Intel vPro AMT. All solutions that make use of this component will install it if it is not already installed. The primary products are Out of Band Management and Real-Time System Manager. Other Notification Server Partner solutions, such as HPCM and Dell Openview, will need RTCI installed in order to make use of the vPro AMT functions. The console pages available for this solution center around the configuration of the vPro AMT functions.
The configuration page for RTCI is found in the Altiris Console. In the Altiris Console 6.5, browse under View > Solutions > Real Time Console Infrastructure. Under the Configuration folder, the following nodes are available:
- Configuration Includes settings for vPro AMT Connections, such as Transport Level Security, Redirection Security, and other settings such as the connection timeout value. It also includes a page to configure where SNMP vPro AMT alerts are sent, and allows a default configuration for the System Defense filter (default is to 'Allow all network traffic').
- Edit Network Filters This page is only available if the ENF utility has been installed (see article http://www.symantec.com/connect/node/2645). If you do not have this node, install it so that you can configure what is allowed through the System Defense filter.
- Manage Credentials Profiles This node is vital for setting up connection profiles when using RTSM. It includes credentials for WMI and vPro AMT. Users who do not have rights to vPro AMT will need to use a profile that has a user configured with rights. This also includes the Run-Time profiles which is used by both Task Server and RTSM to use known good credentials when functioning against specific vPro AMT systems.
- Manage Views Views are custom-built consoles for RTSM.
- Purge Policy This page is used to configure how often and how much residual data RTCI purges. For large environments this will help keep the database size down to improve performance.
The Reports, Resources, and Tasks section contain the typical items for Altiris Solutions. Tasks include all the vPro tasks available through Task Server. See the subsequent Task Server section for more details.
The Tools folder is also found under the Real-Time System Manager section (it ties into the same data so the duplication is only visual). For vPro AMT, the two applicable nodes are:
- Activity Log This logs all functions executed while in a Real-Time session. This is useful to look at what operations have been run, one which computers, by whom, and utilizing what technology (WMI versus vPro AMT).
- Manage This node allows an IP address to be entered in directly for a launch of the Real-Time tab. This is especially useful for systems that are not in the Altiris database. This also allows a host-name to be entered, but keep in mind that if there is a DNS issue this may fail.
Real-Time System Manager
To simplify things, we'll simply define this product as 'The Real-Time tab within Resource Manager'. There are Partner Solutions for HP, Dell, and others that will add items to the left-hand tree, but the Real-Time System Manager node provides all functionality including all vPro AMT functionality available. See the following screenshot for details:
The console is a direct connection to the machine listed under 'Managing Resource'. As such this is a one to one implementation and is useful when troubleshooting a specific vPro AMT system. In the Use Cases where the use defines the target as one machine, often RTSM will be utilized.
Out of Band Management
Since Out of Band is primarily a Provisioning Solution, only a few of its functions will be used in the use-cases provided in this article series. The functions that apply are:
- Maintenance For security purposes, OOBM can be setup to run maintenance tasks against managed vPro AMT systems. The vPro AMT administrator password for a particular machine can be randomly changed. A re-provision, which reassigns the profile assign to it, will help keep vPro AMT systems up to date with profile settings and password information.
- Profiles In the profile setup while configuring an vPro AMT system users can be defined for having certain vPro AMT rights. This allows administrators to limit what type of worker can execute what vPro AMT functions.
Task Server is a sequencing engine, and RTCI provides vPro AMT targeted tasks that can be employed singly or jobs that can run a large variety of tasks or actions against a target collection of machines. In the preface to this article a link provided access to a series focusing on how vPro tasks can be utilized into Task Server, with articles covering additional Altiris/Symantec Solutions for further integration. Before walking through the Use Cases, it will help a great deal to understand how we're integrating the functionality and how Task Server functions in general.
The vPro AMT tasks themselves are provided by RTCI, including the engine that connects and executes functions against a vPro capable system. Task Server handles all the rest, including integrating other Solution functionality within Jobs.
Most automated processes to be executed against one or more vPro AMT systems will fall under Task Server. Task Server Jobs can be scheduled, or executed on demand. Notification Server Collections or individually picked vPro AMT systems can be targeted per Task or Job, allowing a large number of systems to execute at a time (Note: for large environments multiple Task Servers are recommended).
Before any of the Use Cases can be tested, all target AMT systems must be provisioned in one of the provisioning modes: Small Business (Low security), Enterprise Mode, Enterprise Mode with TLS. Once provisioned, Symantec, via RTSM and Task Server, can then work directly with the machines via vPro AMT.
I hope to cover common scenarios in this article series that can be of use to many environments. Most of the testing will be against a limited lab environment so results may vary and additional configuration may be required, all depending on the complexity and configuration of the environment. Since the hardware and software worlds introduce many levels of complexity and configuration, additional steps may be required to create workable jobs and functions. Having said that, hopefully these provide enough information to move forward.