Note: This is a re-post from
http://communities.intel.com/thread/1703. Looking for Juice Community collaboration on this also...
With the many enabling features of vPro for out-of-band management - one that causes some additional questions is "how does vPro repair a remote operating system?"
I'm interested to hear from the community on how others are using the capabilities of vPro\AMT along with their software solution of choice to help realize real-world examples of remote diagnostics and repairs. Anyone willing to share?
At the core - vPro by itself doesn't directly repair an OS, just as it doesn't remotely power a system, invoke system defense filters, or other items often broadcasted. The key is the supporting software which has been enabled to take advantage of the vPro management technology. In addressing remote diagnostic and repair, the first question might be "what is it you are trying to do?".
First - I suggest a brief pre-reading of other posts and materials. The material focuses on Altiris - yet the concepts could also apply to other vendors enabled to support vPro
A common theme with remote diagnostic\repair is the redirection functionality. A quick review what this enables:
- Serial-over-LAN at the core provides an ANSI or VT100 terminal - no GUI. Great for accessing the BIOS or a Command Prompt. However, there are some ideas on how to further utilize and benefit from Serial-over-LAN with in-band agents (see http://softwarecommunity.intel.com/articles/eng/1222.htm)
- IDE-Redirect overrides the BIOS boot order - it CANNOT specify a partition, yet CAN specify a target drive or device noted in BIOS (optical, floppy, PXE LAN Boot)
- IDE-Redirect can be used to specify a remote boot device (the optical or floppy drive of the system initiating the request; this is NOT an ISO/IMG file, yet the actual bootable disk)
- IDE-Redirect can be used to specific a remote boot image - ISO or IMG - based on requesting console user's file access rights (unc path recommended)
- A combined Serial-over-LAN and IDE-Redirect could be used to provide a remote terminal while also redirecting the boot device
What could be possible by combining those capabilities with remote diagnostic\repair software, boot images, etc?
- Remote system network or security configuration prevents OS from connecting to corporate\production environment. User is unable to function - thus the "OS is down". Using idea posted at http://softwarecommunity.intel.com/articles/eng/1222.htm, an out-of-band session can be used to access the Windows interface.
- System affected by virus\worm - thus OS is down and remote scan\repair needed. Any early idea was demonstrated by Symantec at http://www.youtube.com/watch?v=dwScvM3bW3E. Other ideas are expected to come forward very soon. (and open to hear if community member has accomplished something similar)
- Need to obtain Windows memory dump for further analysis due to blue screen. See article http://www.networkworld.com/news/2005/041105-windows-crash.html as example of how to configure Windows OS to produce a memory dump, along with where the dump is located. Create bootable ISO\IMG for vPro\AMT. If IMG - have it get target client IP stack up\running and map to network share to run utilities. If ISO - have an NTFS driver embedded to enable access to the partition and grab the DMP file. For DOS environment - something like NTFS4DOS, for Linux environment something like http://www.ntfs-3g.org/ or http://www.ntfs-linux.com/
- Crashed OS environment is due to registry setting or mis-configured driver\application. To understand what happened - first need some data on last patch, memory dump report, and so forth. Determine the faulting application. Once that is done - support team better prepared to either run IDER session or visit desk for repair.... Or, they might choose to just reimage the system remotely which could be initiated via IDER session
The one I'm not as familiar with - yet am sure someone in the community has an answer or pointer to an answer - Remotely modifying a registry value or file based on mounted NTFS partition. There have been demonstrations of renaming\replacing the hall.dll as an example.
Other's out there asking these questions, contemplating these ideas... Better yet - willing to tell your story or provide tips\insights? Pls do - looking forward to it.