Download - How Spiceworks Integrated Intel Technology into the Spiceworks IT Desktop - Kevin S. Havre, Intel
All New 2010 Intel® Core™ vPro™ Processor
Family for MSPsHow Spiceworks has integrated Intel
technology into the Spiceworks IT Desktop
Kevin S. HavreIntel CorporationSeptember 2010
1
Smart Security1
Intel® Core™ Processors and Piketon: Essential technology for SMB Desktop PCs
Intelligent Performance1 Easy PC Care1
Intel® Core™ processors deliver intelligent desktop performance that accelerates in response to demanding tasks helping improve business productivity, reduce energy consumption and enable smaller and more innovative form factors
Built-in smart security technologies to help guard against viruses, data loss or corruption and protect assets and data in the event of PC loss or theft
2
A new level of intelligent performance for desktop PCs
Industry leading technologies to help you or your service provider remotely manage and service PCs regardless of PC state or IT care model to help improve PC availability and reduce your IT support cost
All New 2010 Intel® Core™ vPro™ Processor Family:
IT Computer Within the Computer
Smart Security and Cost Saving Manageability with activated features2:
• Built into the hardware• Regardless of OS or software agent health
• Even when powered off
Specifically:• Secure power management• Network isolation• Remote remediation
2. Activated features include Intel Active Management Technology. Intel® Core™ vPro™ processor family includes Intel® Active Management Technology (Intel® AMT). Intel AMT requires the computer system to have an Intel AMT-enabled chipset, network hardware and software, as well
as connection with a power source and a corporate network connection.
Intel® vPro™ TechnologyIntel® AMT Architecture
Intel® AMT
Operating System
BIOS
HW Sensors Network Connection
SW Apps
SW Apps
HW Drivers
Network Stack
Non- Volatile Storage
Event Log, Alerts,
Redirection
Features
Secure Out Of Band access
Remote troubleshooting and recovery
Proactive alerting
More detailed HW inventory
Third-party, nonvolatile storage
SW Apps
SW Apps
SW Apps
Secure access and control of Intel® vPro™ machines, even OOB
Intel® vPro™ Processor TechnologyUsage summary
Usage to features OOB Access
Power Control
KVM/IDErSOL/ IDEr
iMST
HW maintenance tasksChange Management, Disk defrag, temp files, security credentials
SW / Anti-virus updatesChange management, compliancy, security
HW updates/remediation BIOS updates, HW/OS failure, disk image restore• More secure Out of band (OOB) access
External access to systems the consoles can “see”, with more secure posture than ASF or WOL, regardless of OS state and a detailed list of HW inventory since last boot.
• Power ControlGives consoles the ability to power up systems when they are needed and reboot when the OS is not working
• KVM and Serial-over-LAN (SOL) Remote ControlGives remote control consoles access to the system below the OS for seeing pre-boot messages, boot into and edit BIOS, launch OS into “Safe Mode”.
• IDE redirection (IDEr)Tricks the BIOS into booting to an OS image on the network; saving a truck roll onsite to trouble shoot even if the HDD has failed, or restore backup images.
• Intel Matrix Storage TechnologyInternal mirrored drives; local instant data back-up without the SW hassle. External cloned drive; protect your data and recover quickly
Spiceworks IT Desktop Demo
Provisioning Intel® AMT
Secure your customers Passwords! “Losing” them are as costly as key to your customers front door…
Type Used for
BIOS password BIOS access
Intel® AMT password
MEBx and Web UI access
Local admin password
OS level access
Management Application Passwords
Management console
For accessing PCs
• OS != AMT• Use strong Passwords
one char, number and UC letter.• Only assigned techs• Change regularly • Change when techs leave
your company
Password management
Intel AMT configurationIntel AMT configuration
DHCP• Intel AMT conforms its settings to the
host (the PC’s OS) network settings. IP address is the same for OS and MEBx, access; Intel AMT MEBx through port 16992...
Static• Use different IP addresses for Intel AMT
and the host (the PC’s OS).
Decide on IP addressing method
Common mistake: using a different hostname for Intel AMT MEBx than in the OS
Choosing a provisioning method
10
Manual Improved Manual Automatic (PSK) Automatic (PKI)
Level of
Effort
Labor Intensive
• Must visit every PC for initial & on-going configuration
• Must access the BIOS to make changes
• Error Prone
• English Only
Less Labor Intensive
• Must visit every PC for initial & on-going configuration
• Configuration data entered into Windows utility
• Less Error Prone
• Localized
Less Labor Intensive
• Must visit every; reboot only, no data entry
• Least error prone
• Localized
Least Labor Intensive
• Never requires a visit to the PC
• Least Error Prone
• Localized
Preparatio
n
• None • USB key purchase
• Download Intel AMT Configuration Utility
• USB key purchase
• Download & installIntel SCS 6.0 Lite
• Security Certificate Purchase
• DHCP server with option 15
• Download & install Intel SCS 6.0 Lite
Basic Provisioning – Manual Manually configuring in MEBx
Multiple settings typed into every computer in SMB
site
• Time consuming• Error Prone• Supported in all AMT versions
Basic One Touch ProvisioningSimple AMT Configuration using a USB Key
• Simple Windows wizard for local AMT Configuration using a USB Key
• Supported in AMT 4.0+ Only
Centralized ProvisioningEnter settings once, each PC calls in and provisions automatically
13
One Touch Remote Configuration
USB key loads provisioning “secret”,PSK or CA hash
Certificate hash already in firmware; purchase matching certificate and load on Provision Server
Onsite Server?
Onsite Server
More CapabilitiesIntegrated Graphics
KVM Remote Control1
New AES instructions (AES-NI)
More Performance Most cache, cores, threads & boost range
No integrated graphicsNO KVM Remote Control1 or AES-NI
Intel® Core™ vPro™ Processor Family
Using Integrated Graphics ONLY.
Intel® Core™ i5 & i7 vPro™ ProcessorsFor business clients
Intel® Core™ i7 vPro™ ProcessorsFor workstations and high performance products
1 – KVM = Keyboard, Video, & Mouse; KVM Remote Control ONLY works over Intel® integrated graphics, not available on Lynnfield processors
Desktop: i5-670, 660, 650Mobile: i5-580, 560, 540, 520, i7-640, 620
Desktop: i7-870, 860, 860sMobile: i7-840, 820, 740, 720
New
!
15
Revision - 01
Intel Confidential16
Legal Disclaimer Intel Confidential
• INFORMATION IN THIS DOCUMENT IS PROVIDED IN CONNECTION WITH INTEL® PRODUCTS. NO LICENSE, EXPRESS OR IMPLIED, BY ESTOPPEL OR OTHERWISE, TO ANY INTELLECTUAL PROPERTY RIGHTS IS GRANTED BY THIS DOCUMENT. EXCEPT AS PROVIDED IN INTEL’S TERMS AND CONDITIONS OF SALE FOR SUCH PRODUCTS, INTEL ASSUMES NO LIABILITY WHATSOEVER, AND INTEL DISCLAIMS ANY EXPRESS OR IMPLIED WARRANTY, RELATING TO SALE AND/OR USE OF INTEL® PRODUCTS INCLUDING LIABILITY OR WARRANTIES RELATING TO FITNESS FOR A PARTICULAR PURPOSE, MERCHANTABILITY, OR INFRINGEMENT OF ANY PATENT, COPYRIGHT OR OTHER INTELLECTUAL PROPERTY RIGHT. INTEL PRODUCTS ARE NOT INTENDED FOR USE IN MEDICAL, LIFE SAVING, OR LIFE SUSTAINING APPLICATIONS.
• Intel may make changes to specifications and product descriptions at any time, without notice.• All products, dates, and figures specified are preliminary based on current expectations, and are
subject to change without notice.• Intel, processors, chipsets, and desktop boards may contain design defects or errors known as
errata, which may cause the product to deviate from published specifications. Current characterized errata are available on request.
• Customers, licensees and other third parties are not authorized by Intel to use code names in advertising, promotion or marketing of any product or services and any such use of Intel's internal code names is at the sole risk of the user.
• Performance tests and ratings are measured using specific computer systems and/or components and reflect the approximate performance of Intel products as measured by those tests. Any difference in system hardware or software design or configuration may affect actual performance.
• Intel, Intel Inside, the Intel logo, vPro, Centrino, Centrino Inside, Intel Core, Intel Atom and Pentium are trademarks of Intel Corporation in the United States and other countries.
• *Other names and brands may be claimed as the property of others.• Copyright © 2010 Intel Corporation.