April WebEx

• Intel® Active Management Technology (AMT)

• LANDesk Provisioning

• LANDesk Server Manager

LANDesk Management Suite 8.7 WebEx Slides

LANDesk® Software Confidential

2

WebEx Slides can be found at the following link: http://forum.landesk.com/showthread.php?t=9376

Please post any questions about the items covered in this WebEx.

LANDesk® Management Suite 8.7

Craig Middelstadt

May 3, 2007

Intel® Active Management Technology (AMT)

LANDesk Management Suite 8.7 AMT - Features

LANDesk® Software Confidential

4

What is AMT? – Active Management Technology. Technology developed and maintained by Intel Corp.

Intel AMT Provides the following:

• Discovery – LANDesk can discover Intel AMT-enabled systems even when they are off or in a bare-bones state. The hardware and software information can be found in non-volatile memory.

• Healing – Remotely access and repair systems when in-band remote control is not functioning. Utilize out-of-band (OOB) management capabilities to allow IT to remotely heal systems after OS failures.

• Protect – Agent presence: Monitors client and alerts Admins if the agent was removed. System Defense: Monitors network patterns and alerts Admins and/or stops network connection if specific patterns are detected.

LANDesk Management Suite 8.7 AMT – How does it work?

LANDesk® Software Confidential

5

How does it work? –

• The AMT firmware contains a Web service. When the machine is configured properly, you can view this web service by entering http://MACHINE:16992 or https://MACHINE:16993.

• LANDesk talks to the AMT machine via the same protocol. It uses SOAP calls provided by the AMT SDK to make http requests for data or to issue commands.

(See the next slide for a screenshot of the Web Service page)

LANDesk Management Suite 8.7 AMT – How does it work?

LANDesk® Software Confidential

6

LANDesk Management Suite 8.7 AMT – Configuration

LANDesk® Software Confidential

7

Configuration

• Download and install the latest BIOS and AMT update from the machine manufacturer.

• By default, AMT is turned off in the BIOS. Enable AMT and once in the AMT configuration window, set the password.

• Configure the Host Name and Provision Model to use Small Business mode (for this scenario).

• Turn on SOL (Serial Over LAN) and IDE-R (IDE Redirection)

• Escape out and the machine will be provisioned.

(See the next slide for a screenshot of the AMT config window)

LANDesk Management Suite 8.7 AMT – Configuration

LANDesk® Software Confidential

8

LANDesk Management Suite 8.7 AMT – Configuration

LANDesk® Software Confidential

9

Configuration

• Download and install the latest BIOS and AMT update from the machine manufacturer.

• By default, AMT is turned off in the BIOS. Enable AMT and once in the AMT configuration window, set the password.

• Configure the Host Name and Provision Model to use Small Business mode (for this scenario).

• Turn on SOL (Serial Over LAN) and IDE-R (IDE Redirection)

• Escape out and the machine will be provisioned.

(See the next slide for a screenshot of the AMT config window)

LANDesk Management Suite 8.7 AMT – Discovering

LANDesk® Software Confidential

10

Discover Intel AMT devices using the LANDesk Unmanaged Device Discovery (UDD) tool.

UDD Scanner

LANDesk® Software Confidential

11

Select Network Scan and input an IP Address range to search for.

Select Intel AMT and begin searching

LANDesk Management Suite 8.7 AMT and UDD

LANDesk® Software Confidential

12

Discover Intel AMT devices using UDD

AMT Unmanaged Device Menu Options

LANDesk® Software Confidential

13

AMT Unmanaged Device Menu Options

LANDesk® Software Confidential

14

LANDesk Management Suite 8.7 AMT Out of Band Inventory

LANDesk® Software Confidential

15

View inventory without LANDesk agents installed

View real time out of band inventory

Why can’t we see any real time inventory information?

Any troubleshooting suggestions?

LANDesk Management Suite 8.7

LANDesk® Software Confidential

16

Intel AMT is password protected.

LANDesk Management Suite 8.7 Intel AMT Password Configuration

LANDesk® Software Confidential

17

Configure Services tool

New tab called Intel AMT

Two passwords Current New

- Will change to new when deployed

- Stored on server

- Uses password to access client machine.

LANDesk Management Suite 8.7 Intel AMT – Password Requirements

LANDesk® Software Confidential

18

Strong password is required Must be 8 characters long Must have one number Must have one non-alphanumeric character Must contain at least one upper case letter Must contain at least one lower case letter

These restrictions enforced by Intel AMT help to reduce susceptibility of passwords to offline dictionary attacks

LANDesk Management Suite 8.7 AMT Out of Band Inventory

LANDesk® Software Confidential

19

View inventory without LANDesk agents installed

View real time out of band inventory Even if machine is not

responding or turned off but connected to the network

LANDesk® Software Confidential

20

AMT Right-Click Context Menu

LANDesk® Software Confidential

21

Intel® AMT Event Log

LANDesk® Software Confidential

22

LANDesk Management Suite 8.7 AMT Remote Boot Manager

LANDesk® Software Confidential

23

Use remote boot manager Power off Reboot Console redirection

- Remote control session while machine boots from bios to OS

LANDesk® Management Suite 8.7 Console Redirect - SOL

LANDesk® Software Confidential

24

LANDesk Management Suite 8.7 AMT Remote Boot Manager

LANDesk® Software Confidential

25

Use remote boot manager PXE boot Boot from CD Boot from remote CD – Reinstall

the OS remotely Console redirection

- Remote control session while machine boots from bios to OS

LANDesk Management Suite 8.7 AMT – After Installing LANDesk Agent

LANDesk® Software Confidential

26

LANDesk Management Suite 8.7 AMTMON.EXE

LANDesk® Software Confidential

27

AMTMON.EXE is a service that gets installed during the agent installation. The right-click context menu for the AMT enabled device will have three new menu items:1. Enable NIC

2. Disable NIC

3. Force vulscan on next reboot

Communication is done through the AMT and flash memory completely out of band even if OS is hung or not responding

LANDesk Management Suite 8.7 Configuring Client File AMTMON.EXE

LANDesk® Software Confidential

28

/createblock parameter initializes space in flash memory of AMT to receive commands from server

Runs as service on client machine

By default checks server every 15 seconds Configurable in registry:

- HKLM\software\landesk\amtmon\CheckInterval

- DWORD value is milliseconds. 15000=15 seconds

- Very low CPU usage for this check

- Default should be sufficient

LANDesk Management Suite 8.7 Intel AMT Port usage

LANDesk® Software Confidential

29

Intel AMT goes through port 16992

Configurable through AMT BIOS window on client

LANDesk® Management Suite 8.7

LANDesk Provisioning

Tracy Hammond

May 3, 2007

LANDesk® Management Suite 8.7

LANDesk Server Manager – Monitoring and Alerting

Ty Seager

May 3, 2007