This article is meant to inspire some thinking, ideas, and solutions. Those reading it are welcome to add to the ideas. If you have already implemented a solution such as what is described below - please share the information and you could be eligible for extra points on Symantec Connect (see http://www.symantec.com/connect/articles/get-bonus-points-intel-and-symantec-solution-implementations)
Intel vPro technology has been available for about 4 years now, and a number of customers have become familiar with individual capabilities or usage models. A common thread points to how this technology might be enabled with or enhance helpdesk processes. Some customers have even contemplated and experimented with self-help portals. For example - could a user power on their own system without having access to the management console? (the quick answer is "yes" - this can and has been done)
Now the next step which may be a little more intriguing - use case examples which combine Intel vPro features with a process to solve a remote remediation challenge. Brief scenarios to consider:
- If a user's PC experiences a hard drive failure - could Intel vPro Technology help deliver a temporary work environment?
- If a user needs help - could they use Intel vPro Technology to alert the helpdesk and provide some initial data points such as the system's IP address, make\model, and so forth?
- If a technician suspected the user's PC was infected and unable to boot, could they scan the system "out-of-band" or recover important files before reimaging the PC?
There are a number of scenarios which have been contemplated, requested, and so forth. The rest of this article provides ideas on how the scenario could be... or in some cases... are being addressed today.
HelpDesk Framework Example for Intel vPro Technology
A few of my peers put together a helpdesk solution framework that may be agnostic to any particular helpdesk solution, yet could be very applicable to a Symantec ServiceDesk implementation. I share the following with their permission - giving credit by referencing the very materials they posted.
The solution framework is summarized in a few YouTube videos as noted below. Many of the enabling components which demonstrate how Intel vPro Technology could be used come from a list of Intel vPro Use Case Reference Designs (see http://communities.intel.com/docs/DOC-4080) - skip to the "HelpDesk" section which is about half way down the page.
In setting up the generic framework, the first video steps through a basic webpage setup for the HelpDesk technician to perform an Intel vPro Technology action to the target client system. References in the video to "ISO Launcher" and "AMT Library" are already provided via Symantec RTCI and RTSM components which should be exposed via the ASDK. The information in the first video will pale in comparison to a real solution like ServiceDesk - but the video provides some foundational points that will be referenced later.
The first video is available at http://www.youtube.com/watch?v=PDmzJxhfrwI and in the video there is a reference to an iFast ISO. This is actually the 2-stage boot redirection referenced at http://communities.intel.com/docs/DOC-5552.
The second video is a little more intriguing. It is available at http://www.youtube.com/watch?v=bmcctJLnvio. It shows that the HelpDesk technician can boot the remote client system into one of the following states:
- Linux based Outlook Webaccess environment. More info at http://communities.intel.com/docs/DOC-5513
- To a temporary Windows XP environment. This is basically bootable operating system environment loaded into memory - some might refer to this as a streamed OS environment. Very handy if the physical hard-drive fails yet the user needs a temporary work environment.
- A recovery operating system environment. The example listed is Microsoft Disaster Recovery Tool (MSDart). More information at http://communities.intel.com/docs/DOC-5616
- Password reset service. The text references resetting a Windows password, which is done today. The more intriguing idea is a full disk encryption unlock. The ability to send an ISO image to the client with a PBA (preboot authentication) sequence to unlock or reset the encryption passed. This has been done in labs and more information will be shared in the future
- Low level virus scan. Although not specifically called out in this video, see complimentary article on using Symantec Endpoint Recovery Tool - http://www.symantec.com/connect/articles/optimizing-sert-intel-vpro-technology
Each of the states mentioned above may require a large ISO image to be targeted at the Intel vPro client. This is why the first video references the "ifast ISO launcher" - in fact, additional work on that idea provides a menu system as to what target ISO should be launched.
Imagine if the helpdesk technician could perform these types remote remediation sequences which are enhanced via Intel vPro Technology.
Imagine how these sequences might be further automated, secured, and so forth.
One important piece not shown in the 2nd video is the association of the user to a target client, and ensuring the target client is vPro capable\configured to perform the requested operation. If you go to time segment 1:38 in the second video, notice the manual entry\selection of the target system... definitely something to be greatly enhanced within a ServiceDesk\Workflow environment. There are other examples where automation is missing in the demonstration. If you have a specific suggestion\insight - please share.
Self Service Portal
Using the above ideas, the next level of suggested usage models is a self service portal. Could a user notify the helpdesk of an issue? Could the helpdesk automated response allow the user to perform some basic "self service"?
Some customers have looked at a simple implementation via a portal site. User connects to the portal, the portal identifies the user and systems associated to the user, the user is then able to power-on a target system via Intel vPro technology. This is a fairly basic and non-automated sequence of events. If combined with the helpdesk framework components mentioned above, the self service portal becomes more intriguing to an enterprise customer.
Keep in mind that once configured, Intel vPro is a network service waiting for an authenticated and authorized request. Although the individual user might not be aware of this requirement nor have successful access to the Altiris console, they could interface with a portal or service which can act on behalf of the user. Hmm.... sounds like another workflow process with integration of RTCI and RTSM components exposed via the ASDK.
Take a look at the 3rd video from my associate on a self service solution framework from the perspective of the end user. http://www.youtube.com/watch?v=qHr17AO8t44
There is a unique capability shown where the user can initiate a request via a key sequence at startup. At Intel, we commonly call this a "Client Initiated Local Access" or CILA request. If you are familiar with Fast Call for Help, you may have heard about CIRA or "Client Initiated Remote Access". In principle, these are very similar. The key differences is instead of connecting from an Internet location, the request is directed internal to the environment. There are also some differences in protocol used. But - the keyboard sequence from the user's perspective is the same.
When completed - the user is given a menu of options similar what was listed in the previous section. That's right - the user could invoke an action to load an ISO image similarly to what the helpdesk technician would do.
More on how this solution framework was setup is shown at http://www.youtube.com/watch?v=YllDBttc_90. If you are interested in the specific scripts - please let me know.
Additional Options and Concluding Thoughts
The current Client Management Suite provides a number of capabilities with Intel vPro Technology. The following slide is a summary of what is possible today. The key is applying these capabilities or features within a process.
This is where the vPro Use Case Reference Designs and HelpDesk Solution Framework apply and help to inspire ideas.
Another resource is the Intel vPro PowerShell module. There are additional capabilities in the Intel vPro Technology platform such as PC Alarm Clock. There may be a need to perform 1:many power-on event outside of RTCI and TaskServer. Customers may have a unique requirement for accessing or storing data in the 3PDS (non-volatile memory) of the platform. For those wanting to explore these options, take a look at http://communities.intel.com/docs/DOC-4800
Outside of the Client Management Suite, there is a whole new focus point with system and data protection. Intel Anti-Theft Technology with PGP Remote Disable and Destroy. Take a look at the Idea submitted at http://www.symantec.com/connect/idea/inclusion-pgp-rdd-symantec-protection-center.
I am interested to know if this article has helped inspire some ideas for you or your customers. As mentioned above and repeated here - if you do post a complete solution, I will personally reward you with extra points and will be anxious to share your success with others. (see http://www.symantec.com/connect/articles/get-bonus-points-intel-and-symantec-solution-implementations)
The opinions expressed on this site are mine alone and do not necessarily reflect the opinions or strategies of Intel Corporation or its worldwide subsidiaries.