This article provides a summary reference for those getting started with Intel® vPro™ Technology in a Symantec Management Platform environment. Guidance provided is intended for those starting to explore Intel® vPro™ Technology, specifically the out-of-band management capabilities to be used with Altiris Client Management Suite. The article will be updated over time as new and relevant information becomes available. Much of the content is based on the guidance provided at http://www.intel.com/go/implementvPro, with direct insights tailored towards an Altiris Client Management Suite environment.
Part 1: Identify One or More Out-of-Band Use-Cases
The Altiris Client Management Suite has a number of integrated capabilities with Intel® AMT. The most common uses include:
Your assignment: Identify at least one use-case or capability for your environment. Determine personnel or processes that may benefit or will be involved.
Part 2: Setup Lab Demonstration Environment
The next set of tasks is to configure Intel® vPro™ Technology, integrate with your Symantec Management Platform in a test environment, and demonstrate the desired use-case or capability.
Configuration of Intel® vPro™ Technology for a small lab environment can be quick and simple. Download Intel® SCS 8 from http://www.intel.com/go/scs. Extract the files, copy the ACUwizard directory to the client, and run ACUwizard.exe. Select the first option to “Configure/Unconfigure this System” and follow the directions. This process works well for a single or small number of system configurations. Later in the article, an enterprise configuration process will be explained.
Once Intel® vPro™ Technology is configured, the capabilities must be discovered by the Symantec Management Platform. Not sure how to do this? See http://www.symantec.com/connect/articles/environment-assessment-report-intel-vpro-technology-part-1 - specifically the comment on Enabling OOB Discovery. This will run a discovery and detect process through the Symantec Management Agent on the client, and report the data back to the Symantec Management Platform. The article highlights a built-in and custom report using the collected data.
NOTE: The discovery process will require an Intel® AMT driver commonly referred to have the Intel® Management Engine Interface (MEI) driver. Refer to your OEM driver download site or try using Microsoft Windows Updates to obtain (click here for more information)
Now the Intel® vPro™ Technology is configured and the OOB Capabilities of the client system are recognized by the Symantec Management Platform, you are nearly ready to perform the use-cases mentioned in Part 1 above. The final step is updating the Connection Profile with the right credentials for Intel® AMT and WS-MAN access. Click here for video explanation on how to complete this step.
Your assignment: Validate the desired use-case or capability. Review with other personnel, identifying potential changes to process. Set a realistic goal for implementing the use case. (For example: “Obtain “x” percentage improvement in remote client management, saving “y” amount of operational dollars.)
Part 3: Planning for a Production Deployment
Based on the previous tasks completed, identifying Intel® vPro™ Technology systems throughout your environment will be relatively simple. Configuration of all the systems will be addressed in the next section. Two commonly skipped steps are firmware\software updates and assessing the operational aspect
To address the first – Intel® vPro™ Technology may require firmware and software updates to complete the configuration and ensure proper usability. Updates will more commonly be required on older generation Intel® vPro™ Technology platforms. Using the Environmental Assessment report, clients that report Intel® AMT version 2.6.x through 5.x should have a value of 20 or higher in the “x” spot. If not, contact your OEM or refer to their driver download website for updated firmware. Delivery of the firmware and Intel® AMT drivers updates can be completed via the software delivery mechanisms of the Symantec Management Platform. Some firmware packages may require re-packaging to enable silent mode. Refer to your OEM.
Note: Updates to Intel® AMT versions platforms above 6.x may be a consideration as suggested by an OEM.
To address the second item – operational integration – determine who will require access to the Symantec Management Platform console for the desired usage models? For example, if a HelpDesk technician will be expected to use KVM Remote Control this will require access to the Real-Time System Management (RTSM) views. Similarly, if a hardware based alert is generated by Intel® vPro™ Technology due to a system failure, what will be the automated response once that alert is received by the Symantec Management Platform? Roles, views, and console access security will be a common focus and is beyond the scope of this article.
Some customers have other tools in the environment that are Intel® AMT capable. The golden rule to remember here: “Once Intel® AMT is configured, it is a service awaiting an authenticated and authorized request”. If your desired operational usage model is impacted by intended-user access to the Symantec Management Platform with Real-Time System Management Console, consider use a secondary tool that is Intel® AMT capable.
Your assignment: Complete an initial deployment plan. Looking for a couple ideas what to include in your plans? See step 1 at http://www.intel.com/go/implementvpro. In addition, your plan should include references to personnel and operational tasks which may be affected by new out-of-band management.
Part 4: Configuring Intel® vPro™ Technology in Your Production Deployment
In part 2 of this article, a simple configuration process was used for a single client. For production environment, a different approach is needed. There are multiple methods to configuring Intel® AMT and the software provided directly by Intel provides the best flexibility. Instead of using the OOB Site Service, configuring Intel® AMT directly with Intel® SCS 8 available at http://www.intel.com/go/scs. On the center-right side of that webpage is a link for the Intel SCS8 Deployment Guide to assist in the decision process and actions required to configure Intel® AMT across an environment.
Note: The OOB Site Service uses Intel® SCS 5.x, which is no longer available nor supported by Intel. Use of the latest Intel SCS version is the focus of the guidance provided via the video series “Configure Intel AMT Before Integrating Into Altiris”. The recording show Intel SCS version 7.x. The same principles apply to the currently available Intel SCS versions.
If you have already started configured a large number of Intel® AMT system with the OOB Site Service, continue with that path for now. A migration path will be provided and more information will be posted once available. If starting on the configuration of Intel® AMT, it is recommend that the newer versions and associated options of Intel SCS be considered.
If planning to use Certificate based remote configuration, please refer to http://www.intel.com/content/www/us/en/remote-support/intel-vpro-certificates.html for step-by-step instructions in obtaining from the most commonly used public certificate authorities
Your assignment: As you decide on a configuration approach, try it on a few systems and capture key indicators. Ensure all client systems in the test pool were configured and out-of-band operations successful through the Symantec Management Platform. Refine your plan and approach as needed. Increase size of deployment pool, and so forth.
Concluding Thoughts
As stated at the beginning, the guidance provided is for those starting to explore Intel® vPro™ Technology in a Symantec Management Platform environment. Several supporting documents, videos, and materials are available on this site (Symantec Connect), the Symantec Product Document site, and Intel vPro Expert Center
Check back often as this article will be updated with new materials, responses to comments, and so forth.
The opinions expressed on this site are mine alone and do not necessarily reflect the opinions or strategies of Intel Corporation or its worldwide subsidiaries