1 / 14

Managing Computers With Intel AMT

Managing Computers With Intel AMT. Greg Rusu  +41 41 748 22 13  rug@brainware.ch. Agenda. Overview Network Requirements Certificates Intel SCS Server Columbus 6.10 Configuration Usage samples Columbus AMT License Key Requirements. Overview.

early
Download Presentation

Managing Computers With Intel AMT

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. Managing ComputersWith Intel AMT Greg Rusu  +41 41 748 22 13  rug@brainware.ch

  2. Agenda • Overview • Network Requirements • Certificates • Intel SCS Server • Columbus 6.10 Configuration • Usage samples • Columbus AMT License Key Requirements (c) 2008 Brainware Solutions AG

  3. Overview • AMT = “Active Management Technology” • Mechanism for securely managing PCs • Intel-proprietary, labeled as “vPro” • Two flavors: Enterprise & Small Business • Evolving technology • 4 versions of vPro firmware released in 2007 • 2 versions on Desktops, 2 on Notebooks • 3 versions of back-end server released in 2007 • Requires sophisticated environment • DHCP required and DNS must allow dynamic updates • IIS, ASP.Net 2.0, and MS SQL Server run the back-end • Certificate Authority required for secure net traffic • Firewalls/routers must allow specific ports • Competing technologies on the horizon • DASH is emerging as industry standard • Similar in approach to AMT • Intel AMT will evolve to support (c) 2008 Brainware Solutions AG

  4. Overview – „vPro“ Systems • The Intel AMT device functions only when “Provisioned” • Provisioning is the authentication and authorization process by which the AMT client and SCS server are bound together • The UUID and a Private Key shared by the AMT client and the SCS server are confirmed during the “provisioning” process (c) 2008 Brainware Solutions AG

  5. Overview – Enterprise & SMB (c) 2008 Brainware Solutions AG

  6. Overview – Enterprise & SMB (cont.) Columbus 6.10 Intel SCS Certificate Authority SQL Server 2005 or Express IIS .Net 2.0 SP1 Columbus 6.10 AD DNS DNS DHCP DHCP Windows 2003 Server SP2 Windows 2003 Server SP2 Multi-core Xeon, 4GB RAM, Dual-Core, 2GB RAM, Typical Enterprise Server Typical Small Business Server (c) 2008 Brainware Solutions AG

  7. Network Requirements – Minimum Must see DNS. Ports 9971, 16992-16994. 4 3 Must see DNS. Port 443, 9971, 16992-16994. 5 1 Schema is extended for Intel AMT objects Option 81 (Dynamic update of DNS name and PTR records) 2 “provisionserver” added to Forward and Reverse zones (c) 2008 Brainware Solutions AG

  8. Certificates • Required • TLS PSK • Preshared key used for the AMT Client to communicate with the SCS during setup. • Source: Intel SCS creates this. • Server Certificate • Certificate used to allow HTTPS communication with the Intel SCS. • Source: Microsoft Certificate Authority (CA). • Optional • TLS Certificate • Allows secure communication between the AMT client and the SCS. • Source: Microsoft CA, Verisign, etc. • 802.1x Certificate • Allows the AMT client to connect to a 802.1x secured network. • Source: Microsoft CA, Verisign, etc. • Mutual Authentication Root Certificate • Allows the AMT client to authenticate the SCS • Source: Microsoft CA, Verisign, etc. (c) 2008 Brainware Solutions AG

  9. Intel SCS Server Certificate needed for this HTTPS communication MS SQL Server 2005 or Express Optional component (c) 2008 Brainware Solutions AG

  10. Columbus 6.10 Configuration • Columbus AMT License key • Intel AMT requires advanced environment and specialized training • Special terms apply for obtaining a Columbus AMT License key • Installation • Select Intel vPro Support under Infrastructure Server and Management Console • Configuration • Infrastructure > Index Agent > AMT • Configure AMT • Configure SCS server • Management • “AMT Management” of selected clients (c) 2008 Brainware Solutions AG

  11. Usage Examples • System Discovery Discover systems even if powered off • BIOS/Firmware Update Reflash BIOS and set firmware remotely • Diagnostics Run remote diagnostics against defective systems • Quarantine Isolate suspect systems from the network (c) 2008 Brainware Solutions AG

  12. Pitfalls • FQDN Mismatch • SCS and AMT clients find one another through DNS • Multi-homed clients may not register the same FQDN • SCS cannot find the AMT client • Workaround – well-planned and controlled hostname assignments • SCS server capacity • SCS is improving but not fully matured • 1800 AMT clients will peg a quad-core 3GHz server for over two hours during setup • Encrypted communications, SOAP and database transactions are not optimized • Workaround – host SCS on multiple front-end servers with strong back-end database server (“Strong” = 4GB RAM, 3 GHz multi-core CPUs) • One Database • SCS uses one single MS SQL Server to store all AMT client information • Provisioned AMT clients will not “talk” to another SCS server that is not pulling from the same MS SQL Server and has the same certificates. • Workaround – cluster front-end SCS servers and replicate your one SQL Server instance across multiple physical servers (c) 2008 Brainware Solutions AG

  13. Columbus AMT License Key Requirements • Columbus Intel AMT vPro functionality is licensed under the following terms: • Columbus Enterprise or Complete licensing • License keys can only be issued to companies along with a booking of two days paid consulting services • Helpdesk does not service Intel AMT questions, and all related questions are subject to paid consulting hours (c) 2008 Brainware Solutions AG

  14. Questions & Discussion (c) 2008 Brainware Solutions AG

More Related