Intel® vPro AMT Inventory can be captured through Out of Band Management and Task Server. How do you capture this inventory, where is the inventory stored, and what can you do with it? Answer these questions, and learn what you can do with the power of Intel®vPro AMT technology and Altiris-Symantec Out of Band Management, within the Altiris CMDB.

Introduction

Inventory is useful for understanding what hardware you have out on your network. In the past Inventory required an Agent to be installed on the target system, or in a zero foot print environment a package or executable needed to be downloaded to the target system to run the actual inventory. While the Intel® vPro systems do not provide all Inventories available to a full inventory program like Altiris Inventory Solution, it does provide some core hardware details useful in analyzing systems for hardware maintenance, upgrades, or refreshes.

Intel® AMT Inventory

Intel® AMT Inventory is a hardware based inventory collection. It's outside the operating system and does not provide OS details, but focuses strictly on the system's hardware. For hardware reporting this information can be easily managed within the Altiris CMDB.

Inventory Mechanism

AMT Inventory is stored within the AMT chipset. AMT collects the inventory and stores it directly into the NVRAM (Non Volatile Random Access Memory) located on the AMT chip. The BIOS naturally captures hardware data into the SMBIOS tables located within the motherboard chipset. Once obtained the data is available whether the machine is on or off through the Intel ME power state. Thus systems that are off can still have Inventory collected from them through AMT.

That Inventory can be accessed through several methods, depending on the security model and settings for Intel vPro. The following methods are available:

• Web User Interface: using the common address of http://<IP_Address>:16992 (non-TLS) or http://<IP_Address>:16993 for TLS enabled systems a user interface can be accessed to not only control the Intel ME (for AMT and vPro), but also access the AMT Inventory directly.
• Altiris Out of Band Management Task Server Task: a task or a task within a job can be setup to capture the Inventory and insert the data into the Altiris CMDB. Reports and Collections can be utilized off this data.
• Altiris Real Time System Manager: RTSM can interface into AMT and pull up the inventory data. This does not take the data and place it in any kind of database, but is a live representation of the data pulled through AMT.
• Other third-party utilities

Hardware Details

Please refer to this Tech Tip for the list of hardware items captured by AMT.

The data described in the above article is directly available from AMT via the SMBIOS on the motherboard. Here is a tree example:

Click to view.

Altiris CMDB

Altiris takes the data captured by Intel® AMT and populates it into the Altiris CMDB, allowing the Altiris Notification Server to make full use the of the data, providing a myriad of uses. See the following diagram for a representation of how AMT and Out of Band integrate:

Click to view.

Capturing AMT Inventory into the Altiris CMDB

Out of Band Management supplies a Task Server Task to obtain AMT Inventory.

The full process for obtaining this Inventory is detailed in the following steps. This includes all steps on both Intel and Altiris sides. This involves running the single task for capturing Inventory, though this Server-based task scan be added as part of a larger Job.

1. During Power On, the BIOS populates the SMBIOS tables with hardware data detected during the boot.
2. In the Altiris Console go to Manage > Jobs > and browse to Tasks and Jobs > Server Tasks > Out of Band Management > and select Get Intel® AMT Inventory.
3. Click the 'Run Now' button at the top of the right-pane.
4. Provide a 'Run name:' for tracking purposes.
5. Click the link 'Select computers'.
6. Select Collections or computers as needed. Each computer in each collection and all individually selected computers will have this Task run on them.
7. Click the 'Run Now' button to execute the Task.
8. The status can be tracked on the lower-right Pane.
9. The Notification Server will query each system configured for the Task for the AMT Inventory.
10. Intel® AMT reads the hardware data from the SMBIOS dynamically on this request and passes it up to the Notification Server.
11. When received, NSE files containing the AMT Inventory will be generated into the queues located at \\<NS>\NSCap\evtqueue.
12. The NS data loader will take these files and process them, having the data inserted into the appropriate tables. The tables and their structure is covered hereafter.
13. Now the Inventory can be reported on.

Altiris Database and Reports

The following details explain the database Schema and how we store the AMT Information.

All database tables contain a _id column and a column named _ResourceGuid. The ID column is dynamically created sequentially as data is inserted into the table. Generally this isn't used in normal reporting. The _ResourceGuid column ties the row data to a specific resource or AMT enabled computer system. This column ties this data not only to a specific computer, but all other data collected for that system. This allows other data available through other Altiris Solutions to be available. The _ResourceGuid is unique for every system in the Notification Server infrastructure.

Schema:

• Inv_AMT_Base_Board : This contain details about the Motherboard of the system.
  • Manufacturer — of the motherboard
  • Product — Unique product identifier for the motherboard
  • Version — if applicable the version of the motherboard
  • Serial Number — This is considered the main Serial Number for the system
  • Asset Tag — If provided the asset tag of the motherboard
  • Replaceable
• Inv_AMT_BIOS : This specific details about the system's BIOS
  • BIOS Vendor : Who manufactured the BIOS
  • BIOS Version : Vender specific version for the BIOS
  • BIOS Release Date : When the BIOS was released to production
• Inv_AMT_Computer_System
  • Manufacturer
  • Name : The full make and model of the system
  • Version
  • Serial Number : The main system serial number (possibly same as in the Base_Board serial number field
  • UUID : The UUID of the system
• Inv_AMT_FRU : FRU, or Field Replaceable Unit, data is stored directly in the AMT NVRAM. This can be utilized even when the system is in a powered off state. The purpose of this data is to eliminate desk-side visits by accessing the inventory remotely to identify the various details about the unit so that a replacement can be ordered without requiring a visit to the system to obtain part numbers and other applicable information requested from the vendor.
  • Vender ID
  • Device ID
  • Revision ID
  • Proglf
  • SubClass
  • BaseClass
  • Subvender ID
  • Subsystem ID
  • Device Location
  • Row_ID
• Inv_AMT_Media_Device : This includes all media drives including DVDROM, Floppy, Flash drives, etc.
  • Model Number — The device's model information (ie: Plextor DVDR PX-755A for a DVDRom)
  • Volume SerialNumber — If available the Serial Number of the media devices drive volume
  • Size — If applicable the size of the media drive
  • Row_ID — Used for device identification per computer system (for example if the target system has two hard drives and a DVDROM, They would be sequentially marked as 0, 1, and 2)
• Inv_AMT_Memory_Device : This includes RAM information for the system.
  • Size — The amount of memory for the memory stick
  • Form Factor — Memory interface
  • Type — The type of RAM
  • Type Details
  • Speed — The BUS speed of the memory
  • Manufacturer — Maker of the RAM (Often this information is not captured in a recognizable form)
  • Serial Number — Serial number of the specific RAM module
  • Asset Tag — If available the asset tag of the specific RAM module
  • Part Number — Manufacturer's part number for the hardware (RAM)
  • Row_ID — Used for sequential module information per device
• Inv_AMT_Network_Info : Contains network specific information stored by AMT. Since AMT accesses the network even when power is off this information will be available whether the system is on or off. If the OS has loaded and made a DHCP request both AMT and the OS should be synchronized. The following information is typical Network information:
  • IP Address
  • Subnet Mask
  • Default Gateway
  • Primary DNS
  • Secondary DNS
  • Domain Name — This should be synched between AMT and the OS
  • Host Name — This should be synched between AMT and the OS
  • Is DHCP — Is DHCP enabled both in AMT and the OS? This state changes depending on if the OS is running or not.
  • Is VLAN Enabled
  • VLAN Tag — Associated VLAN tag if enabled
  • Is PING Enabled
  • Provisioning Mode — This is the Intel AMT security mode. Possible options are Small Business and Enterprise Modes
  • _Username — The AMT Username
  • _Password — The AMT user's password
  • _DiscDomain — What Domain the system was a part of when provisioned
• Inv_AMT_NV_RAM_Data : This is the data Altiris writes back to the NVRAM and does not include other vender information. This is written in by Network Discovery.
  • Discovery Date
  • Mac Address
• Inv_AMT_Processor : Information about the system's Processor
  • Device ID
  • Maximum Clock Speed
  • Current Clock Speed
  • Status — Used if there are more than one processor on the system
  • Type
  • Family — Type of processor such as Pentium IV or Centrino Pro
  • Upgrade Information
  • Socket Population — Provides the socket ID, starting with 0
  • Socket Designation — Socket Type
  • Manufacturer
  • Version — This is the type of CPU
  • Row_ID — Used as the previous Row_ID columns in preceding tables

The following Reports are available by default, though the above schema can be access via whatever SQL Query you can create for a report. The pre-canned reports are shown in the following screenshot:

Click to view.

The first four reports are ASF based, but the latter four refer directly to managing vPro systems. Again the database data is the limit in what can be reported. Reports can be built using:

1. Notification Server Simple Report Builder
2. Notification Server Advanced Report Builder
3. Direct SQL Query (advanced)

Conclusion

Learning basic SQL will allow great flexibility and understanding on how the reporting system can work. The data is there in the database for use in the Notification Server Reporting mechanism, or even through direct SQL Queries. Any reporting engine that can tie into Microsoft's SQL Server can be used against the Altiris database.

Utilizing Intel® vPro AMT Technology with Task Server – Part 1: Power Management

Utilizing Intel® vPro AMT Technology with Task Server – Part 3: Job Integration with Software Delivery