Managing Computers With Intel AMT Greg Rusu +41 41 748 22 13

Slides:



Advertisements
Similar presentations
automated single login access to Novell storage resources
Advertisements

The following 10 questions test your knowledge of Internet-based client management in Configuration Manager Configuration Manager 2007 Internet-Based.
Windows® Deployment Services
Chapter 8 Managing Windows Server 2008 Network Services
1.1 © 2004 Pearson Education, Inc. Exam Managing and Maintaining a Microsoft® Windows® Server 2003 Environment Lesson 1: Introducing Windows Server.
Nassau Community College
Chapter 7 HARDENING SERVERS.
Intel Confidential 1 Configure PKI Web Server Certificates for each Management Controller.
Implementing Native Mode and Internet Based Client Management.
Lesson 20 – OTHER WINDOWS 2000 SERVER SERVICES. DHCP server DNS RAS and RRAS Internet Information Server Cluster services Windows terminal services OVERVIEW.
Hands-On Microsoft Windows Server 2003 Networking Chapter 1 Windows Server 2003 Networking Overview.
Windows 2000 Remote Access. Remote Access Overview With Windows 2000 remote access, remote access clients connect to remote access servers and are transparently.
NETOP ONDEMAND What’s new in version 2.1? DECEMBER 09 NETOP ONDEMAND1.
Welcome Course 20410B Module 0: Introduction Audience
Module 2: Planning to Install SQL Server. Overview Hardware Installation Considerations SQL Server 2000 Editions Software Installation Considerations.
Microsoft Load Balancing and Clustering. Outline Introduction Load balancing Clustering.
Understanding Active Directory
VMware vCenter Server Module 4.
Windows Server 2008 Chapter 8 Last Update
Hands-On Microsoft Windows Server 2008 Chapter 8 Managing Windows Server 2008 Network Services.
11.1 © 2004 Pearson Education, Inc. Exam Managing and Maintaining a Microsoft® Windows® Server 2003 Environment Lesson 11: Introducing WINS, DNS,
Using RADIUS Within the Framework of the School Environment Ed Register Consultant April 6, 2011.
VPN Scenarios © N. Ganesan, Ph.D.. Chapter Objectives.
Assisting Enterprise iAMT Activation Infrastructure Specialist EDS, an HP Company.
Network Services Lesson 6. Objectives Skills/ConceptsObjective Domain Description Objective Domain Number Setting up common networking services Understanding.
MCITP Administrator: Microsoft SQL Server 2005 Database Server Infrastructure Design Study Guide (70-443) Chapter 1: Designing the Hardware and Software.
Clinic Security and Policy Enforcement in Windows Server 2008.
1 Objectives Windows Firewalls with Advanced Security Bit-Lock Update and maintain your clients using Windows Server Update Service Microsoft Baseline.
Module 7: Configuring TCP/IP Addressing and Name Resolution.

Name Resolution Domain Name System.
Module 8: Configuring Virtual Private Network Access for Remote Clients and Networks.
Module 9: Planning Network Access. Overview Introducing Network Access Selecting Network Access Connection Methods Selecting a Remote Access Policy Strategy.
MCSE Guide to Microsoft Exchange Server 2003 Administration Chapter Four Configuring Outlook and Outlook Web Access.
Windows Server 2008 R2 Domain Name System Chapter 5.
IT:NETWORK:MICROSOFT SERVER 2 DHCP AND WINDOWS DEPLOYMENT SERVICES.
INSTALLING MICROSOFT EXCHANGE SERVER 2003 CLUSTERS AND FRONT-END AND BACK ‑ END SERVERS Chapter 4.
Windows 2003 Overview Lecture 1. Windows Networking Evolution Windows for Workgroups – peer-to-peer networking built into the OS Windows NT – separate.
Microsoft Active Directory(AD) A presentation by Robert, Jasmine, Val and Scott IMT546 December 11, 2004.
70-411: Administering Windows Server 2012
Implementing Network Access Protection
Chapter 13 Microsoft DNS Server n DNS server: A Microsoft service that resolves computer names to IP addresses, such as resolving the computer name Brown.
Module 5: Designing a Terminal Services Infrastructure.
1 Introduction to Microsoft Windows 2000 Windows 2000 Overview Windows 2000 Architecture Overview Windows 2000 Directory Services Overview Logging On to.
Using Encryption with Microsoft SQL Server 2000 Kevin McDonnell Technical Lead SQL Server Support Microsoft Corporation.
Module 2: Overview of IIS 7.0 Application Server.
Windows Server 2003 La migrazione da Windows NT 4.0 a Windows Server 2003 Relatore: MCSE - MCT.
2.1 © 2004 Pearson Education, Inc. Exam Designing a Microsoft ® Windows ® Server 2003 Active Directory and Network Infrastructure Lesson 2: Examining.
1 Chapter Overview Planning to Install SQL Server 2000 Deciding SQL Server 2000 Setup Configuration Options Running the SQL Server 2000 Setup Program Using.
1 Week #5 Routing and NAT Network Overview Configuring Routing Configuring Network Address Translation Troubleshooting Routing and Remote Access.
Network Infrastructure Microsoft Windows 2003 Network Infrastructure MCSE Study Guide for Exam
Cloud Computing is a Nebulous Subject Or how I learned to love VDF on Amazon.
Network Servers Chapter 13 Release 16/7/2009. Chapter Objectives Describe Client-server and Peer to Peer network model Explain server Explain Domain.
MICROSOFT TESTS /291/293 Fairfax County Adult Education Courses 1477/1478/1479.
BÄTTRE UTBILDNINGSRESULTAT. NÅ HÖGRE MED KUNSKAP.
Microsoft ® Lync™ Server 2010 Setup and Deployment Module 04 Microsoft Corporation.
DNS, DHCP and VPN Borislav Varadinov Telerik Software Academy academy.telerik.com System Administrator
Windows Certification Paths OR MCSA Windows Server 2012 Installing and Configuring Windows Server 2012 Exam (20410) Administering Windows Server.
VIRTUAL SERVERS Chapter 7. 2 OVERVIEW Exchange Server 2003 virtual servers Virtual servers in a clustering environment Creating additional virtual servers.
COMP1321 Digital Infrastructure Richard Henson March 2016.
Pass Microsoft Installing and Configuring Windows Server 2012 exam in just 24 HOURS! 100% REAL EXAM QUESTIONS ANSWERS Microsoft Installing.
Architecting Enterprise Workloads on AWS Mike Pfeiffer.
Basharat Institute of Higher Education
MeshCentral 2.0.
Module 8: Networking Services
Unit 3 NT1330 Client-Server Networking II Date: 1/6/2016
Oracle Architecture Overview
Microsoft Virtual Academy
System Center Operations Manager 2007 – Technical Overview
SCCM in hybrid world Predrag Jelesijević Microsoft 7/6/ :17 AM
Presentation transcript:

Managing Computers With Intel AMT Greg Rusu

2 (c) 2008 Brainware Solutions AG Agenda Overview Network Requirements Certificates Intel SCS Server Columbus 6.10 Configuration Usage samples Columbus AMT License Key Requirements

3 (c) 2008 Brainware Solutions AG Overview AMT = “Active Management Technology” Mechanism for securely managing PCs Intel-proprietary, labeled as “vPro” Two flavors: Enterprise & Small Business Evolving technology 4 versions of vPro firmware released in versions on Desktops, 2 on Notebooks 3 versions of back-end server released in 2007 Requires sophisticated environment DHCP required and DNS must allow dynamic updates IIS, ASP.Net 2.0, and MS SQL Server run the back-end Certificate Authority required for secure net traffic Firewalls/routers must allow specific ports Competing technologies on the horizon DASH is emerging as industry standard Similar in approach to AMT Intel AMT will evolve to support

4 (c) 2008 Brainware Solutions AG Overview – „vPro“ Systems The Intel AMT device functions only when “Provisioned” Provisioning is the authentication and authorization process by which the AMT client and SCS server are bound together The UUID and a Private Key shared by the AMT client and the SCS server are confirmed during the “provisioning” process

5 (c) 2008 Brainware Solutions AG Overview – Enterprise & SMB FunctionalityEnterprise Small Business (SMB) Encrypted traffic with AMT client Frequent user or PC changes Static IP or Window Workgroups (i.e. NetBIOS) Active Directory

6 (c) 2008 Brainware Solutions AG Overview – Enterprise & SMB (cont.) Windows 2003 Server SP2.Net 2.0 SP1 IIS DHCP DNS AD SQL Server 2005 or Express Certificate Authority Intel SCS Columbus 6.10 Multi-core Xeon, 4GB RAM, Typical Enterprise Server Windows 2003 Server SP2 DHCP DNS Columbus 6.10 Dual-Core, 2GB RAM, Typical Small Business Server

7 (c) 2008 Brainware Solutions AG Network Requirements – Minimum Option 81 (Dynamic update of DNS name and PTR records) “provisionserver” added to Forward and Reverse zones Schema is extended for Intel AMT objects Must see DNS. Ports 9971, Must see DNS. Port 443, 9971,

8 (c) 2008 Brainware Solutions AG Certificates Required TLS PSK Preshared key used for the AMT Client to communicate with the SCS during setup. Source: Intel SCS creates this. Server Certificate Certificate used to allow HTTPS communication with the Intel SCS. Source: Microsoft Certificate Authority (CA). Optional TLS Certificate Allows secure communication between the AMT client and the SCS. Source: Microsoft CA, Verisign, etc x Certificate Allows the AMT client to connect to a 802.1x secured network. Source: Microsoft CA, Verisign, etc. Mutual Authentication Root Certificate Allows the AMT client to authenticate the SCS Source: Microsoft CA, Verisign, etc.

9 (c) 2008 Brainware Solutions AG Intel SCS Server Optional component Certificate needed for this HTTPS communication MS SQL Server 2005 or Express

10 (c) 2008 Brainware Solutions AG Columbus 6.10 Configuration Columbus AMT License key Intel AMT requires advanced environment and specialized training Special terms apply for obtaining a Columbus AMT License key Installation Select Intel vPro Support under Infrastructure Server and Management Console Configuration Infrastructure > Index Agent > AMT Configure AMT Configure SCS server Management “AMT Management” of selected clients

11 (c) 2008 Brainware Solutions AG Usage Examples System Discovery Discover systems even if powered off BIOS/Firmware Update Reflash BIOS and set firmware remotely Diagnostics Run remote diagnostics against defective systems Quarantine Isolate suspect systems from the network

12 (c) 2008 Brainware Solutions AG Pitfalls FQDN Mismatch SCS and AMT clients find one another through DNS Multi-homed clients may not register the same FQDN SCS cannot find the AMT client Workaround – well-planned and controlled hostname assignments SCS server capacity SCS is improving but not fully matured 1800 AMT clients will peg a quad-core 3GHz server for over two hours during setup Encrypted communications, SOAP and database transactions are not optimized Workaround – host SCS on multiple front-end servers with strong back- end database server (“Strong” = 4GB RAM, 3 GHz multi-core CPUs) One Database SCS uses one single MS SQL Server to store all AMT client information Provisioned AMT clients will not “talk” to another SCS server that is not pulling from the same MS SQL Server and has the same certificates. Workaround – cluster front-end SCS servers and replicate your one SQL Server instance across multiple physical servers

13 (c) 2008 Brainware Solutions AG Columbus AMT License Key Requirements Columbus Intel AMT vPro functionality is licensed under the following terms: 1.Columbus Enterprise or Complete licensing 2.License keys can only be issued to companies along with a booking of two days paid consulting services 3.Helpdesk does not service Intel AMT questions, and all related questions are subject to paid consulting hours

14 (c) 2008 Brainware Solutions AG Questions & Discussion

Feedback: Privacy Policy Feedback
Do Not Sell My Personal Information
About project: SlidePlayer Terms of Service

© 2024 SlidePlayer.com Inc. All rights reserved.