April WebEx Intel ® Active Management Technology (AMT) LANDesk Provisioning LANDesk Server Manager.
-
Upload
scarlett-greene -
Category
Documents
-
view
233 -
download
0
Transcript of April WebEx Intel ® Active Management Technology (AMT) LANDesk Provisioning LANDesk Server Manager.
April WebEx
• Intel® Active Management Technology (AMT)
• LANDesk Provisioning
• LANDesk Server Manager
LANDesk Management Suite 8.7 WebEx Slides
LANDesk® Software Confidential
2
WebEx Slides can be found at the following link: http://forum.landesk.com/showthread.php?t=9376
Please post any questions about the items covered in this WebEx.
LANDesk® Management Suite 8.7
Craig Middelstadt
May 3, 2007
Intel® Active Management Technology (AMT)
LANDesk Management Suite 8.7 AMT - Features
LANDesk® Software Confidential
4
What is AMT? – Active Management Technology. Technology developed and maintained by Intel Corp.
Intel AMT Provides the following:
• Discovery – LANDesk can discover Intel AMT-enabled systems even when they are off or in a bare-bones state. The hardware and software information can be found in non-volatile memory.
• Healing – Remotely access and repair systems when in-band remote control is not functioning. Utilize out-of-band (OOB) management capabilities to allow IT to remotely heal systems after OS failures.
• Protect – Agent presence: Monitors client and alerts Admins if the agent was removed. System Defense: Monitors network patterns and alerts Admins and/or stops network connection if specific patterns are detected.
LANDesk Management Suite 8.7 AMT – How does it work?
LANDesk® Software Confidential
5
How does it work? –
• The AMT firmware contains a Web service. When the machine is configured properly, you can view this web service by entering http://MACHINE:16992 or https://MACHINE:16993.
• LANDesk talks to the AMT machine via the same protocol. It uses SOAP calls provided by the AMT SDK to make http requests for data or to issue commands.
(See the next slide for a screenshot of the Web Service page)
LANDesk Management Suite 8.7 AMT – How does it work?
LANDesk® Software Confidential
6
LANDesk Management Suite 8.7 AMT – Configuration
LANDesk® Software Confidential
7
Configuration
• Download and install the latest BIOS and AMT update from the machine manufacturer.
• By default, AMT is turned off in the BIOS. Enable AMT and once in the AMT configuration window, set the password.
• Configure the Host Name and Provision Model to use Small Business mode (for this scenario).
• Turn on SOL (Serial Over LAN) and IDE-R (IDE Redirection)
• Escape out and the machine will be provisioned.
(See the next slide for a screenshot of the AMT config window)
LANDesk Management Suite 8.7 AMT – Configuration
LANDesk® Software Confidential
8
LANDesk Management Suite 8.7 AMT – Configuration
LANDesk® Software Confidential
9
Configuration
• Download and install the latest BIOS and AMT update from the machine manufacturer.
• By default, AMT is turned off in the BIOS. Enable AMT and once in the AMT configuration window, set the password.
• Configure the Host Name and Provision Model to use Small Business mode (for this scenario).
• Turn on SOL (Serial Over LAN) and IDE-R (IDE Redirection)
• Escape out and the machine will be provisioned.
(See the next slide for a screenshot of the AMT config window)
LANDesk Management Suite 8.7 AMT – Discovering
LANDesk® Software Confidential
10
Discover Intel AMT devices using the LANDesk Unmanaged Device Discovery (UDD) tool.
UDD Scanner
LANDesk® Software Confidential
11
Select Network Scan and input an IP Address range to search for.
Select Intel AMT and begin searching
LANDesk Management Suite 8.7 AMT and UDD
LANDesk® Software Confidential
12
Discover Intel AMT devices using UDD
AMT Unmanaged Device Menu Options
LANDesk® Software Confidential
13
AMT Unmanaged Device Menu Options
LANDesk® Software Confidential
14
LANDesk Management Suite 8.7 AMT Out of Band Inventory
LANDesk® Software Confidential
15
View inventory without LANDesk agents installed
View real time out of band inventory
Why can’t we see any real time inventory information?
Any troubleshooting suggestions?
LANDesk Management Suite 8.7
LANDesk® Software Confidential
16
Intel AMT is password protected.
LANDesk Management Suite 8.7 Intel AMT Password Configuration
LANDesk® Software Confidential
17
Configure Services tool
New tab called Intel AMT
Two passwords Current New
- Will change to new when deployed
- Stored on server
- Uses password to access client machine.
LANDesk Management Suite 8.7 Intel AMT – Password Requirements
LANDesk® Software Confidential
18
Strong password is required Must be 8 characters long Must have one number Must have one non-alphanumeric character Must contain at least one upper case letter Must contain at least one lower case letter
These restrictions enforced by Intel AMT help to reduce susceptibility of passwords to offline dictionary attacks
LANDesk Management Suite 8.7 AMT Out of Band Inventory
LANDesk® Software Confidential
19
View inventory without LANDesk agents installed
View real time out of band inventory Even if machine is not
responding or turned off but connected to the network
LANDesk® Software Confidential
20
AMT Right-Click Context Menu
LANDesk® Software Confidential
21
Intel® AMT Event Log
LANDesk® Software Confidential
22
LANDesk Management Suite 8.7 AMT Remote Boot Manager
LANDesk® Software Confidential
23
Use remote boot manager Power off Reboot Console redirection
- Remote control session while machine boots from bios to OS
LANDesk® Management Suite 8.7 Console Redirect - SOL
LANDesk® Software Confidential
24
LANDesk Management Suite 8.7 AMT Remote Boot Manager
LANDesk® Software Confidential
25
Use remote boot manager PXE boot Boot from CD Boot from remote CD – Reinstall
the OS remotely Console redirection
- Remote control session while machine boots from bios to OS
LANDesk Management Suite 8.7 AMT – After Installing LANDesk Agent
LANDesk® Software Confidential
26
LANDesk Management Suite 8.7 AMTMON.EXE
LANDesk® Software Confidential
27
AMTMON.EXE is a service that gets installed during the agent installation. The right-click context menu for the AMT enabled device will have three new menu items:1. Enable NIC
2. Disable NIC
3. Force vulscan on next reboot
Communication is done through the AMT and flash memory completely out of band even if OS is hung or not responding
LANDesk Management Suite 8.7 Configuring Client File AMTMON.EXE
LANDesk® Software Confidential
28
/createblock parameter initializes space in flash memory of AMT to receive commands from server
Runs as service on client machine
By default checks server every 15 seconds Configurable in registry:
- HKLM\software\landesk\amtmon\CheckInterval
- DWORD value is milliseconds. 15000=15 seconds
- Very low CPU usage for this check
- Default should be sufficient
LANDesk Management Suite 8.7 Intel AMT Port usage
LANDesk® Software Confidential
29
Intel AMT goes through port 16992
Configurable through AMT BIOS window on client
LANDesk® Management Suite 8.7
LANDesk Provisioning
Tracy Hammond
May 3, 2007
LANDesk® Management Suite 8.7
LANDesk Server Manager – Monitoring and Alerting
Ty Seager
May 3, 2007