Who doesn't like robust technologies that allow remote administration, troubleshooting, and maintenance of desktops and laptops, even if the hard drive is fried? Who can claim to have been the first to put out such wonderful technology? With HP, Symantec, and Intel vPro you can have your cake and eat it too, right now! Explore the history of this revolutionary technology, see how HP has worked with customers to make the dream a reality, and learn how you, too, can be a part of the cutting edge.

Introduction

The first computer manufacturer to release a vPro capable system to the US market was none other than HP. With the DC7700 desktop system, the hype surrounding the Intel AMT and vPro technology became a solid reality. As the Symantec Sales team demoed this technology, surprise and amazement became the common reaction. An IT administrator can remotely manage a system even if no OS is available, even to the point of troubleshooting the hardware, pulling up Inventory, configuring or securing the NIC to allow only certain traffic.

Intel vPro capable HP Systems

The DC7700 was the first PC to hit the main US market with vPro capabilities. Intel and Symantec worked with several companies to rollout this cutting edge technology. Due to the long cycle of hardware refresh, the full realization of the capabilities will take time, but early experiences helped shape the direction of the technology, and as time progressed the process became more streamlined and user-friendly.

The next model to emerge contained the Centrino Pro technology (the mobile equivalent of vPro). The HP 6910p notebook computer with wireless provisioning capabilities was the first laptop in the US market to contain Centrino Pro, and I was able to obtain one for testing purposes. Not only did vPro make management of the system automatic, the general features of the laptop provided a robust system capable of running Windows Vista well and other business-related applications.

For many of the article I have written on the vPro functions and products I have used a DC7700 and HP 6910p. I enjoy the hardware, especially the finger-print reader on the notebook. Not only are these systems vPro capable, they're good all-round computers as well.

The following diagram represents the early release of hardware and software that gave the power of Intel vPro into the administrator's hands:

Click to view.

Desktop Management

Plug the desktop into the network and already you have a myriad of management capabilities to choose from using the Altiris Notification Server Infrastructure. These desktops offer duo-core processors to compliment the management capabilities. Check out the full articles available for all the benefits, at http://juice.altiris.com/intel.

Mobile Management

Besides the capabilities provided to desktop vPro systems, the mobile platform offers the functionality to fully provision a system that is connected to the network wirelessly. This allows those who do not dock into the main network to still be fully provisioned. The following use cases provide employ for this capability:

• Remote employees who work from home or a disconnected satellite office.
• Systems that are not docked long enough to complete the provisioning process and who connect wirelessly to the network to complete the process.
• Wireless management when a system has problems but can connect wirelessly.

Early Adoption

The name and identity of the company involved have been modified, but the facts are presented here for those who, using HP systems, adopted this technology right out of the gate. With an early start, they will realize the value of vPro within HP much sooner than others who start late. The standard hardware refresh cycle requires a fairly long implementation cycle.

Medicinal Medical Management

Medicinal Medical Management (Triple-M) wanted to tap the potential of Intel vPro technology. One major hurtle stood in the way of their implementation. The core issue stemmed from the procurement process. They adopted the acquisition of vPro systems, however these systems did not all arrive at the same location to follow a prep procedures. Many of the systems were shipped directly to the department and location that would use the PC.

HP worked with Triple-M and set all vPro systems into Configured mode. These systems came pre-configured with PID-PPS key pairs that were provided to the customer. Using Out of Band Management we were able to configure the system to automatically provision or configure when they came onto the network.

Triple-M Methodology

The process we adopted was as follows:

1. HP configured the systems with PID PPS security key pairs, putting the systems in a mode to send out 'hello' messages in search of a provisioning server.
2. Triple-M installed Altiris Out of Band Management Solution into their Notification Server Framework (OOBM is a free component).
3. Triple-M created a CNAME or Alias for the configuration server with the name "ProvisionServer". This pointed back to the Notification Server so all the 'hello' messages sent by the pre-configured systems sent by HP would automatically be routed to the Notification Server. The provisioning server is the Intel SCS component that is installed during the install of Out of Band Management Solution.
4. HP provided PID PPS keys to Triple-M containing all the security keys configured on those systems sent to them, regardless of where the order originated within the company.
5. Triple-M imported the keys into the Provisioning Server.
6. Once the configuration was completed, all systems coming into the environment were routed to the Notification Server automatically, and full provisioning occurred without the need for intervention or manual configuration.
7. A Resource Synchronization took the fully provisioned records within the Intel SCS component and created Notification Server resources, populating the AMT management collections.
8. These systems were then available for use within Out of Band Management Solution, the Real-Time tab via RTSM and RTCI, including Task Server, without the need to deploy an Agent. Basically when the systems arrived, when plugged into the network they would automatically provision.

Notice that most of the company-facing steps are done at an initial configuration level. To put it simply it's a configure and leave alone solution.

Issues and Resolutions

Some of the initial issues we ran into, including their fixes, are provided here:

1. AMTConfig service stability – This issue caused the Intel SCS component Service version 1.2 to crash occasionally.
   • RESOLUTION: First, we set the service to automatically reset. This helped alleviate the problem while the full fix was devised. Intel SCS 1.3 was provided to correct the stability problems.
2. Discovery of error 137 – The logs contained errors labeled Error 137 - Another process currently working on AMT.
   • RESOLUTION: See this article for details, but basically the message means another command is currently being executed on the target machine and the new request could not be processed: http://juice.altiris.com/article/2459/handling-co...
3. AMT Resources populating the AMT collections not at 100% – We found that not all fully provisioned AMT systems would appear in the corresponding Notification Server collections. First, note that the initial provisioning does not populate these collections, but a Resource Synchronization is required, as shown:
   
   

   Click to view.

   • RESOLUTION: We found a defect in the logic of the synchronization that precluded certain systems from the migration from the Intel SCS Component to the Notification Server infrastructure. This was corrected in Out of Band Management 6.2.

Future Implementation Considerations

Most new systems are automatically entering the system, however some systems acquired early on with AMT vPro technology did not have the pre-configuration, and other systems acquired through an alternate procurement process that are AMT capable may need to be discovered. The following items will provide remediation for this situation:

1. Out of Band Discovery – For systems with the Altiris Agent, the policy 'Out of Band Discovery' can be executed. This policy checks to see if the target system is AMT capable. If it is, data is sent back to the Notification Server and several things can be done to remediate the system.
   • Delayed Provisioning: For AMT 3.0 systems, this policy will automatically reinitiate the 'hello' packet sequence allowing the system to be automatically provisioned on infrastructures that support Remote Configuration
   • A report or collection can be used to identify the system so configuration can take place (using a one-touch USB method).
2. Remote Configuration – This new features in AMT 3.0 allows a TLS certificate-based automatic configuration. HP systems will already have the applicable certificates in the firmware, and will not require HP to conduct any pre-configuration on the system. This will allow systems to automatically provision.
3. Standard adoption of vPro capabilities – As more and more vPro/AMT capable systems come online within the environment, the vPro functions available through RTSM and Task Server will begin to be implemented within the life cycle management of the IT infrastructure. This will lower the cost of management significantly, and provide a much quicker turn around for hardware-related issues when the OS is unavailable.

Conclusion

With Intel, HP, and Symantec a new generation of tools and functions empower IT administrators to more fully troubleshoot, update, and maintain production systems in the company environment. Since the hardware refresh cycle will take time, start today in acquiring this great technology from HP, using Intel vPro to expand your ability portfolio, and use Symantec's Out of Band Management to tie it all together.