Video Screencast Help
Symantec to Separate Into Two Focused, Industry-Leading Technology Companies. Learn more.

Using Intel vPro Technology within Altiris Workflow Solution – Introduction

Created: 01 Aug 2008 • Updated: 01 Aug 2008
Language Translations
Joel Smith's picture
0 0 Votes
Login to vote

Workflow Solution has captured the attention of many in the industry. Intel, a strong supporter of the Altiris infrastructure, also sees a great deal of potential in this solution. Adding Intel vPro technology to the Workflow story will provide a wider range of abilities. In this series I will explore how the Altiris Manageability Toolkit for vPro Technology can integrate into Workflow Solution using the Notification Server 6.x infrastructure.

Introduction

To understand what Workflow is, I've provided the following overview. I've also lightly touched on Intel's vPro technology and the potential intersects to bolster Workflow's already impressive set of features. In subsequent parts I'll explore how to integrate the vPro functionality into Workflow Solution. At this point I'm not sure how far we can integrate, but with the versatility of the Notification Server infrastructure I expect most of the vPro features to become available in Workflow Solution.

Intel vPro Technology

Many articles have been posted on the Juice website (www.symantec.com/connect) concerning Intel vPro technology. I'll cover the bare-bones basics here, and provide some additional links for reference.

Client-side

Intel vPro provides out of band functionality to a workstation, independent of whatever Operating System may or may not be loaded on the hard drive. Intel vPro resides on the NIC and the Motherboard. Onboard chips contain firmware loaded with programmatic features, including:

  1. Remote Control via Serial Over LAN (SOL) - this is a text-based remote control that allows remote BIOS manipulation and other text base utility access directly on target systems.
  2. IDE Redirection (IDER) - Instead of booting the hard drive, boot to an ISO or other image, loading whatever tools or utilities wanted. This includes the ability to boot to another drive on the local system or even a drive on the Symantec Server.
  3. Reliable Power Management - Unlike Wake on LAN (WOL), vPro, via AMT, provides reliable, secure, and targeted power management capabilities, including waking a system from any of the standby or off power states.
  4. Network Filtering - Through System Defense capabilities, an admin can quarantine a system from most of the network, leaving communication only open to the Notification Server, allowing the NS to remediate the system before removing the vPro filter.
  5. AMT Inventory - Have you ever wanted to get the specs of a system when the hard drive bombs? With AMT Inventory you can obtain inventory from a system that has no OS loaded or where the OS cannot be loaded, providing a way to further troubleshoot hardware when the hard drive is unavailable.
  6. Secure Communications - Through the Setup and Configuration processes, systems are managed only after a trust relationship is established from the vPro system to the management console, specifically Altiris Notification Server.
  7. Remote Network Management - When a system is outside the network, for example someone who is traveling and in a hotel, an up and coming technology in AMT 4.0, a button will be available that makes an authenticated connection via the Internet and an MPS to Notification Server. This allows a remote user without VPN access (whether from failure or hard drive trouble) to reach the network, giving the IT staff access to the system for troubleshooting purposes.
  8. Disk Encryption - Another up and coming technology in Intel vPro is the ability to encrypt and decrypt data on the hard drive. Through Altiris a drive can also be remotely encrypted or decrypted as needed.

Server-side

Intel SCS, or Setup and Configuration Services, provides a database for setting up, configuring, and managing Intel vPro systems. Altiris (Symantec) uses this system to manage all vPro capable systems. SCS is integrated via a Resource Synchronization that adds vPro functionality to a system in the Altiris Console, and thus the NS infrastructure.

Due to this integration, reporting on vPro activities and data is available through Notification Server's reporting engine. Reporting can be completed against Audited for one-to-one vPro actions via Real-Time System Manager.

It can also be accomplished via Task Server data on one-to-many tasks.

Task Server provides the ability to invoke vPro functions to a large collection of vPro enabled systems via a single task. Note the following use case:

  1. A Task wakes up a large list of systems that aren't up and running in Windows, but leaves alone those that are already powered up. This task notes what state the system was in as an output. Since the wakeup task is AMT, systems reliably wake up.
  2. The next task invokes the Network Filter, securing communication and only allowing traffic to and from the Notification Server.
  3. The next task delivers a critical update to Anti-virus, invoking a reboot.
  4. The second to last task takes away the filter, allowing all communication.
  5. The last task uses the output from task #1 and powers off those systems that were off when the job started, and leaves those systems on that were already on.

The following links provide several good articles for reference:

There are many more articles, notably from Terry Cutler, that dig into the infrastructural aspects of vPro within the Altiris environment. To see the full category of articles, go to www.symantec.com/connect and click on the Intel | Altiris link in the left-hand menu near the top of the site.

Workflow Solution

Workflow Solution has many business applications. NS has primarily been a reporting tool for those who are not in the IT world, but with Workflow Solution the paradigm has shifted. Now less-technical people can use Workflow to help improve and streamline their business processes. Beyond that, even technical departments like IT can expedite and streamline their processes to increase ROI significantly. I haven't dug very deep into it, but I plan to while working on this article series, but I have seen the demos, and they are very promising!

Installing Workflow isn't the same as most other Altiris Solutions. Workflow contains the Solution aspects that are the integration points into the Notification Server infrastructure. Once these are installed, the actual Workflow applications need to be installed. A great resource on this can be found here:

To visualize what workflow does, consider any automated system. For example websites contain automated systems in abundance. The following process illustrates this:

  1. Log onto www.yahoo.com.
  2. Click on the link 'Free Email: Sign up' link.
  3. Fill out the forms presented and click 'Create Account'.
  4. Alternately you may cancel, which directs you to another page.
  5. Note that if you put a username that already exists, you will receive and error telling you to choose another one. Any other improperly filled out field will create a similar reaction.
  6. When you create the account, your information is entered into a database somewhere.
  7. An email account is setup on Yahoo's email servers that provides you access to their email infrastructure.
  8. You now have access to your Yahoo email account.

The above process in controlled by a flow. Different options take you different places, and problems with the forms result in an error that instructs you what you did wrong and how to correct it. By going through the forms certain automatic actions are taken, such as creating an email account according to your input.

In the same basic structure Workflow is the same, only it encompasses most of the abilities and functions of the Notification Server infrastructure. Actions can include a Software Delivery job, Patch job, Incident creation via Helpdesk, and any other system provided by Altiris. These workflows can encompass almost anything an IT Professional works through, but can also be used to manage non-technical items.

The following are some additional resources for learning some of the abilities of the Workflow product:

The key for this article series is to demonstrate how to integrate actions that invoke the powerful abilities of Intel vPro technology. For example if someone uses a custom-made Workflow to choose to install Microsoft Office and associated plug-ins and patches, the resulting Task Server actions against the machine can include the reliable power management features of vPro. In another example if a user chooses a form to submit for help with a suspected virus outbreak, the workflow can invoke the System Defense filter to quarantine the system.

Part 1 of this article series will concentrate on what components are available for Workflow that will be useful in integrating Intel vPro technology.

Conclusion

I hope to accomplish an easy and useful way of integrating all the Intel vPro technology into Workflow Solution, adding value to what Workflow can already accomplish. In so doing I also hope to familiarize those who focus on the vPro side with Workflow Solution and it's native abilities. As Workflow is in the introductory phase I believe I will need to use some of the existing Solutions such as Software Delivery and Task Server to accomplish this.