This is the first of a few articles to discuss enterprise integration of the Intel® vPro processor technology and Intel® Centrino® Pro platforms in an Altiris environment. Subsequent articles will have a similar introduction to identify their respective contents and portions. This first article focuses on the overview of the approach, difference of SMB and Enterprise modes, the main focus points (which will be elaborated upon in subsequent articles), and separation of testing and production environments.Overview
With the first public announcement of Intel® vPro processor technology about a year ago, and in recent months having all major OEMs and ISVs supporting, we’re entering into a phase of integration and implementation. Add to this the near release of Intel® Centrino® Pro – which will extend the functionality of the desktop manageability and security solution to a mobile platform. Our customers and partners may have already heard about the technology and platform – now they want to implement and utilize.
This article is addressed to such an audience, and I am very interested to receive constructive comments and feedback on what additional information is needed to assist in successful implementations. Although I, like many of you out there, have a day job with other tasks, requests, deadlines, and more – it is best to educate than remain ignorant of the possibilities and requirements for deployment and integration.
Implementing Intel® vPro and Centrino® Pro platforms with the Altiris management suite requires a coordinated effort within a production environment. With four main components – production client hardware, supporting management software, supporting infrastructure systems, and adjusting management policies and practices – the solution may appear daunting at first. In addition, a successful implementation will require a coordinated effort, awareness, and approval across client, server, network infrastructure, governance, and other management teams and contacts. Hopefully I have not scared you away – because the solution does work, providing improved manageability and security to the client computing environment. Similar to other new technological introductions – like implementing network security – a coordinated effort and awareness has to occur. With a solid vision, business case, and project approach - these types of projects are on a path to success. In fact, there are environments today ranging from tens to hundreds of production Intel® vPro processor technology systems. They are starting to fully realize the benefits and capabilities of the platforms. Some environments are pushing forward for larger deployments – only a matter of time for client refresh cycles.Small and Medium vs. Enterprise Mode
Before deploying Intel® vPro processor technology in the enterprise, it may help to understand the main differences of Small and Medium Business (SMB) mode versus Enterprise mode. Both modes will support the core capabilities of the platform: discovery, power control, redirection, etc. Both modes are also supported by the management console vendors. The main differences occur in the authentication and configuration management of the systems.
- Small and Medium Business (SMB) Mode — Supports digest authentication (i.e. username and password). ACL (Access Control Lists) are configured via the WebUI, one console at a time. Unprovisioning and reprovisioning are performed deskside, thus more deskside visits required and not as elaborate or preferred for neither centralized nor remote management. For most large environments, SMB mode will likely not be used. However, for lab, demonstration, or workgroup environments – this mode may be sufficient.
- Enterprise mode — Support for authentication and encryption using Digital Certificates and TLS encryption. Access control is centralized via the Altiris console. Once the Intel® vPro systems are provisioned, remote configuration of AMT and ME parameters, including ACL and access to AMT security realms can be configured centrally. Systems can be remotely unprovisioned and reprovisioned. In general, a greater degree of configuration management and control down the wire is supported in this mode.
The sections below focus on enterprise mode deployment. The flexibility of the platform provides support for each, while still retaining the core system management and security functionality.Focus Points for Enterprise Integration
Let us first consider the larger picture of what is needed for a successful introduction and deployment of the platform into a production environment. The following main areas will be addressed individually:
- Current and Future State — Understanding the targets, expectations, and desires of the platform and key stakeholders
- Client Platform Readiness' — Client systems that support Intel® vPro processor technology will be branded accordingly. At this time, all major vendors have at least one offering.
- Management Software Readiness — Altiris is shipping supporting software today.
- Enterprise Infrastructure — Identifying and preparing the main infrastructure components and dependencies including directory services, DNS, DHCP, PKI\CA, network, etc.
- IT Governance and Processes — Identifying the main processes to the lifecycle of the client environment and how they may be affected or adjusted.
Once the current and future states are understood, the remaining focus points can be addressed in any preferred order. In fact, experience has shown that while the client platform environment may not be ready, efforts can be placed on the enterprise infrastructure of IT governance planning. This provides an opportunity to focus on what is needed and available.Separating the Test and Production Environments
Common within many information technology environments – any changes to the production network and environment require review by a change management and review board. How this review board operates and enforces policies will differ from one environment to the next, yet the common practice often exists to test, validate, gain familiarity, and know about a solution before introducing into the production environment. Since the Intel® vPro processor technology and new features within Altiris Out-of-Band management (OOBM), Real-time management (RTSM), and Manageability Toolkit for Intel® vPro platforms is relatively new – the recommendation holds true. Gain the familiarity of what is possible; understand how the technology will be introduced to the environment; define how accompanying support processes and governance will be affected or modified; train appropriate personnel to both support and utilize the new technology.
The following approaches are a few examples how different companies and environments are approaching these tasks with the intent to maximize understanding and benefits from the solution platform technologies and capabilities.
- Isolated environment — A test lab environment that may include replication of the production environment. The test lab is completely isolated from the production environment For certain production environments, this is mandatory – such as engineering, manufacturing, medical operations, or other mission critical environments.
- Semi-isolated environment — A less costly infrastructure approach to an isolated lab environment, this scenario shares portions of the production environment with lab, testing, training, and other non-production environments. Examples might include the production DNS, DHCP, PKI\CA, and networking infrastructures with the testing environment comprised of a separate domain, dedicated Altiris environment, and so forth. This may also be referred to as a staging environment, and is helpful to understand and model what the full production environment will look like, how it will respond, and so forth. Should issues arise, this environment provides a great troubleshooting and resolution discovery while minimizing impact to production or mission critical environments.
- Full Integrated environment — Introducing and integrating the Intel® vPro processor technology and supporting Altiris components into the production environment, with users and support staff directly benefiting from the improved manageability and security.
This concludes the overview section of Enterprise Integration. Look for subsequent articles with more details on the key focus points, a step through of the provisioning models for the Intel® vPro processor technology platform, and so forth. If there are specific requests to help prioritize what comes next – please provide a comment below.
The opinions expressed on this site are mine alone and do not necessarily reflect the opinions or strategies of Intel Corporation or its worldwide subsidiaries.