Client Management Suite

 View Only
Back to Library

How to Enable and Use ASF Within the Altiris Notification Server Infrastructure 

Jan 29, 2008 11:41 AM

The hype for Intel vPro AMT technology is high, and exposure good. What about ASF? Broadcom and Intel put ASF onboard NICs before AMT. Altiris offers support for this technology with Out of Band Management, Real-Time Console Infrastructure, Real-Time System Manager, Network Discovery, Task Server, and other OEM Solutions. Setting up ASF isn't a simple as throwing a switch. This article covers how to enable and use ASF functionality in the Altiris Infrastructure.

Introduction

You may have ASF capable machines out in the environment and not know it. Altiris can identify those systems and provide details of ASF's current state. Does the NIC support ASF? Is ASF enabled or disabled in the BIOS? What steps need to be taken to enable ASF fully so that Solutions like RTCI and RTSM can use the technology? What can ASF do? These questions are answered here.

ASF Overview

ASF, or Alerts Standard Format, resides directly on the NIC with firmware. This provides out of band capabilities that sit below the hard drive and the loaded operating system.

Alert Functionality

ASF provides functionality for PET (platform event trap) alerts. Alert functions are limited to what the hardware OEM provides. The full list of potential alerts follows.

Alert Description
Chassis: Chassis Intrusion - Physical Security Violation System chassis has been opened.
Chassis Intrusion - Physical Security Violation Event Cleared System chassis intrusion alert has been cleared.
BIOS: Corrupt BIOS The system BIOS is corrupted.
Corrupt BIOS Cleared The system BIOS corruption has been resolved.
Boot: Failure to Boot to BIOS The system BIOS did not complete loading upon initiation.
CPU: CPU DOA Alert The CPU is not functioning properly.
CPU DOA Alert Cleared The CPU is now running properly.
Heartbeats: Entity Presence Periodic heartbeats transmitted to verify system presence.
Temperature: Generic Critical Temperature Problem System temperature is out of limits.
Generic Critical Temperature Problem Cleared The system temperature problem has been cleared.
Voltage: Generic Critical Voltage Problem The voltage from onboard voltage regulators is out of limits.
Generic Critical Voltage Problem Cleared The voltage problem has been cleared.
Power Supply: Critical Power Supply Problem System power supply voltage is out of limits.
Critical Power Supply Problem Cleared System power supply voltage problem has been resolved.
Cooling Device: Generic Critical Fan Failure Fan speed/rpm is out of limits.
Generic Critical Fan Failure Cleared Fan speed/rpm problem has been resolved.
Connectivity: Ethernet Connectivity Enabled Ethernet connectivity is enabled.
Ethernet Connectivity Disabled Connectivity is disabled.

Again note that all OEMs do not support all of the above alert features.

Remote Interaction Functionality

Not all the functionality is available through Altiris, but the following list shows the full remote functionality available on an ASF-enabled system.

  • Get System State - Returns the current system status.
  • Get Client Capabilities - Returns client ASF configuration per the DMTF ASF specification.
  • Presence Ping - Similar to Internet Control Message Protocol (ICMP) ping utility; responds with pong to verify the system presence.
  • Power up - Powers up the remote system.
  • Power down - Powers down the remote system.
  • Reboot - Reboots the remote system.
  • Reboot with a redirect - Reboots the remote system with options to boot to PXE, the local floppy or optical drives (This isn't a true IDE redirect)

Enabling ASF

Enabling ASF requires a series of steps. This section outlines the steps as described within the Altiris Notification Server Infrastructure. The full steps are highly recommended to ensure that all functionality is enabled in ASF and available to the Notification Server and supporting Solutions.

Enabling Steps

Walk through the following steps to discover and enable ASF on all supported systems.

  1. Run an Out of Band Discovery on all applicable systems. This requires the Altiris Agent. The steps are as follows:
    1. In the Altiris Console, browse to View > Solutions > Out of Band Management > Configuration > Out of Band Discovery.
    2. Enable the policy labeled 'Out of Band Discovery'.
    3. Change the assigned collection if needed (This discovery can run on any Windows system and it does not harm none ASF or AMT systems).
    4. It will take time for this Task to propagate out to all systems and for the applicable data to be returned to the Notification Server.
  2. Once sufficient time has passed (a good time mark is 24 hours) identify which machines are ASF capable by browsing to View > Solutions > Out of Band Management > Collections > and click on All ASF Capable Computers.
  3. In the BIOS, enable ASF. The OEM may ship systems as ASF enabled if so indicated during the ordering of the systems. This would greatly simplify the process since this step requires a remote or site boot into the BIOS to enable ASF. ASF enabling differs depending on the manufacturer and version of the BIOS.
  4. Enable the rollout the Out of Band Task Agent. The steps are listed as follows:
    1. In the Altiris Console, browse to View > Solutions > Out of Band Management > Configuration > Out of Band Task Agent Rollout.
    2. Enable the Task 'Out of Band Task Agent Install'.
    3. It will take time for this Task to propagate out to all systems and for the agent to be installed.
  5. Update ASF Settings to enable all functionality. See the screenshot below and the following steps on how to do this:

    Click to view.

    1. In Task Server, select the Client Task 'Update ASF Settings' found under Manage > Jobs > Tasks and Jobs > Client Tasks > Out of Band Management.
    2. Edit the Task by clicking the 'Edit' button or icon.
    3. Check the box labeled 'Modify ASF general settings'.
    4. Make sure 'Enable ASF' is checked.
    5. Check the option 'Modify security settings'. Current experience shows that each field should be populated by 40 digit keys. Once set, a profile can be created with the proper keys to authenticate in RTCI for both OOB and RTSM use. See the section 'Utilizing ASF in Altiris' below for details.
    6. Click 'Apply'.
    7. Click the 'Run Now' button.
    8. Give it a Run name that applies to your tracking methods.
    9. Select the systems or collections of systems to run the update task on by clicking the 'Select computers' link.
    10. Click 'Run Now'.
  6. Run OOB Discovery again so that the system is seen as ASF Enabled in the collections.

Utilizing ASF in Altiris

Once enabled, Altiris can utilize ASF within its Task Server Infrastructure or individually through the Real-Time System Manager interface. To use RTSM or Task Server with ASF, a profile must be created that contains the proper security keys. Please see Step 5-E under enabling steps above to see what keys are set. This can be done with the following steps:

  1. Browse in the Altiris Console under View > Solutions > Real-Time Console Infrastructure > Configuration > and click on 'Manage Credentials Profiles.
  2. Create a new profile, or if one is already in use select and click 'Edit' on the existing one.
  3. Click the ASF tab. The tab should appear like this screenshot:

    Click to view.

  4. Check the box 'Enable this technology in the profile'.
  5. Input the Generation key and the Authentication key set during step 5-E.
  6. Click 'OK' to save the changes.

Task Server

The Task Server functions for ASF are built into the tasks available out of the box. The huge benefit of having this available in Task Server is the one to many capability. A single job or task can be run simultaneously on many systems. The following job contains ASF functions, as described:
Title: Power up, Update ASF Settings, Power Down
Screenshot:

Click to view.

Notes for the above job:

  • The power tasks are derived from the 'Power Management Task' located under Server Tasks > Real-Time Console Infrastructure. AMT and WMI are also available in this type of task, though for the above example only ASF is enabled.
  • The Get ASF Inventory and Update ASF Settings tasks are simply the tasks already provided out of box.
  • The Get ASF Inventory and Update ASF Settings tasks require the Out of Band Task Agent to be installed (this should have been accomplished as part of the setup process).

Other Solution's functionality can be added to the job, or ASF power functions can be added to reliably wake machines that are not powered on.

Real-Time System Manager (RTSM)

When connecting to a system through the Real-Time tab from Resource Explorer, available ASF functionality should be automatically detected. This assumes that ASF has been properly enabled and configured as per the previous steps. The RTSM console is a one-to-one console that allows direct interaction with a system. Most of the functions found in Task Server is also available, though it is direct manipulation and not a task-based execution.

This screenshot shows an example of how the Hardware Management page looks (where most of the functionality can be invoked from):

Click to view.

Conclusion

Understanding the steps for setting up and configuring ASF will enable you to properly configure all available ASF systems, making the technology available. Once available, power management becomes reliable. PXE boot can be directly invoked if necessary from the RTSM console, negating the need to visit a machine that is down for imaging or other PXE related tasks.

Statistics
0 Favorited
2 Views
0 Files
0 Shares
0 Downloads

Tags and Keywords

Comments

Migration User
Sep 30, 2009 03:06 PM

I'm going to pitch the Vpro/AMT to our company but now I need to engage with the DELL Rep or an Intel Rep.

Who will give me some help with a presentation and some raw costs for a 3-year plan of Vpro implementation?

Migration User
Aug 11, 2009 10:45 AM

Good article - I've been looking at the OOBM available in Altiris 6.5 and it seems to work okay but the Dell machines that we have (over 3300) have mixed results.  I'm having a hard time getting anyone in the Dell support area that has much experience with ASF.  It seems that nobody wants to support it because of AMT.  Do you know sources within Dell, Intel or Altiris/Symantec that will chat with me about my concerns?

Related Entries and Links

No Related Resource entered.