Intel vPro – The Basics of vPro

vPro Series of Posts


Hi. I’ve spent almost 6 months working on a vPro project at a college\department at OSU. Honestly, it’s been a tough technical road, but it’s relatively well-traveled.

So what is vPro? In short, it’s an embedded computer-on-a-chip built into the motherboard of many new enterprise-class systems. It provides management access to a system regardless of it’s Operating System or Power State. It’s also pretty awesome. Here are two links that provide a lot of good info.

Feature Overview

Here are the best features.

Most Commonly-Used Features

  1. KVM (Keyboard Video Mouse). With a vPro-enabled system (AMT version 6.0 and higher), you can actually use a specialized VNC client to connect to a computer. After connecting, you can mount ISO’s, Floppy images, reboot and change BIOS settings, PXE boot and image the computer with a new operating system, run system diagnostics, etc. This is independent of the Operating System.
  2. PC Alarm Clock. This lets you schedule a wake-up time for computers. This is useful for patch distribution.
  3. Asset Information. This reports some useful information like the type of RAM in each slot, disks, etc.
  4. Power Management. This lets you control the system power — power on, reboot, power off, etc.

Lesser-Known Features

There are several lesser-known features that are cool, but most people won’t use them directly.

  1. Serial-Over-LAN. This outputs the serial port over the vPro connection. It’s super-useful for Linux systems.
  2. Network Filters. This gives you limited firewall-like capability.
  3. Watchdog Policies. This lets you monitor Operating System processes.
  4. Heuristic Filters. This lets you configure an AMT service that rate-limits incoming\outgoing traffic when certain conditions are hit (virus found, etc).

Other General Info

vPro is primarily designed to be used as an underlying platform for vendor-specific implementations. Intel provides ‘reference’ designs and utilities which can be used stand-alone, but they don’t seem to outwardly or specifically support using their reference designs. The good news is that the reference designs are very stable.

For example, Microsoft SCCM has implemented Out-of-Band management support for vPro. Microsoft uses Intel API’s to do all the provisioning, security, and management of the vPro platform when used with SCCM. In this model, when you have a problem, you call up Microsoft (not Intel).

In subsequent blog posts, I’ll cover the installation and configuration of an Intel reference implementation of vPro. This will get you access to all of the vPro features. I’ll also cover vPro reference integration with SCCM, since SCCM’s native vPro support is somewhat dodgy.

vPro Tools

There are several vendor-neutral tools which can be used to connect to a vPro system. They have different purposes and strengths, and they’re all a tad buggy. Here’s a quick list that I’ve found.

  1. RealVNC+. This can be used to gain KVM and IDE Redirection (ISO and Floppy Mount) to a vPro-enabled system. It has problems waking up a PC from sleep, and it sometimes disconnects if you reboot a system. However, you can re-connect pretty quickly.
  2. Open Source Manageability Toolkit (AKA Manageability Commander). This can be used for everything except KVM, although it gives you a one-click KVM connect button as long as RealVNC+ is installed. This product is actively maintained by a very responsive and deeply knowledgeable person named Ylian Saint-Hilaire. The product currently has a bug when trying to use SOL or IDER to a Kerberos-enabled vPro system, but there is an easy workaround (more later).
  3. Intel Platform Solution Manager. This is Intel’s reference application. It gives you access to SOL, IDER, Power Management Features, and Asset Information. It’s the most stable, but doesn’t offer all of the features of the Manageability Toolkit.
  4. Intel Web-UI. This is a built-in web interface for all vPro enabled systems. It provides some basic asset information and power control.

Demo

Let’s see it in action! These systems and domains are all on test\dev boxes, so don’t get too excited by seeing the FQDN. 🙂

RealVNC+

vncplus-1

vncplus-2

vncplus-3

Open Source Manageability Commander

mcmdr1 mcmdr2

Intel vPro Solutions Platform

intel-solutionmgr1

Intel Web-UI

webui1 webui2

I’m sure you’re thinking, “OK, let’s go! Show me how to set this up!”. I’ll be going over the architecture and configuration in subsequent blog posts ASAP. Thanks!

Advertisements

12 thoughts on “Intel vPro – The Basics of vPro

  1. Pingback: Intel vPro – Configuration – Part 1 – Architecture Overview | windowsmasher

  2. Pingback: Intel vPro – Configuration – Part 2 – PKI Installation | windowsmasher

  3. Pingback: Intel vPro – Configuration – Part 3 – PKI Configuration | windowsmasher

  4. Pingback: Intel vPro – Configuration – Part 4 – Install and Configre Intel SCS | windowsmasher

  5. Pingback: Intel vPro – Configuration – Part 4 – Install and Configure Intel SCS | windowsmasher

  6. Pingback: Intel vPro – Configuration – Part 5 – Configure Active Directory | windowsmasher

  7. Pingback: Intel vPro – Configuration – Part 6 – Basic SCS Profile | windowsmasher

  8. Pingback: Intel vPro – Configuration – Part 7 – Provisioning Your First System | windowsmasher

  9. Pingback: Intel vPro – Configuration – Part 8 – Adding Kerberos | windowsmasher

  10. Pingback: Intel vPro – Configuration – Part 9 – Adding TLS | windowsmasher

  11. Pingback: Intel vPro – Configuration – Part 10 – SCCM Integration | windowsmasher

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s