Intel vPro® Platform
Intel Manageability Forum for Intel® EMA, AMT, SCS & Manageability Commander
2827 Discussions

implementing v-pro

gK5
Beginner
1,540 Views

Hi All,

I'm new to V-pro can you please help with these questions?

Do we need management server at each location for implementing v-pro

Does it work with Wireless LAN?

we can manage through Internet as well?

any idea on pricing for enabling it, cost of licenses

0 Kudos
1 Reply
Dariusz_W_Intel
Employee
453 Views

Hi,

Please note that your question is related to Intel® AMT (Active Management Technology) which is one of ingredient technologies of Intel® vPro™ technology (which is more like business PC platform definition).

For Intel® AMT let me quote Terry's Cutler from Intel one simple rule: "Intel® AMT is HW & FW based network service, it has to be configured (enabled/provisioned/activated) to allow remote OOB management. Once Intel® AMT is configured it is sitting in your network and is waiting for management conection to come, authorize and perform management action".

The best source of Intel® AMT technology details is http://software.intel.com/sites/manageability/AMT_Implementation_and_Reference_Guide/default.htm http://software.intel.com/sites/manageability/AMT_Implementation_and_Reference_Guide/default.htm

So answering your questions:

  1. Q:"Do we need management server at each location for implementing v-pro? "

     

    It depends on your network structure, if you can resolve manager PC FQDN into its acctual IP address and establish TCP/IP connection to this host on AMT TCP ports - you can manage from any console PC/OS across all network.

     

    This is typical scenario for corporate network -Intranet and is used by multiple enterprise customers within their internal network across multiple sites and locations.

     

     

    But if your network (NATs, firewalls) limits you to separate "islands" - like Managed Services Provider case - you may need separate management server (a PC +OS+ Intel® AMT enabled management SW) in each "Island"/domain/subnet.

     

     

    See also next answer.
  2. Q: "we can manage through Internet as well?"

     

     

    Yes BUT you need to implement Intel® AMT Remote Access - Fast Call for Help feature with supporting management SW - Intel® AMT MPS.

     

    As Internet locations (your branch/satelite offices) NAT will use private non routable IP addresses and Firewall blocking external (management server) originated connection over Internet - your management console SW will not be able to establish TCP connection to Intel® AMT FW on its private IP address (ex 192.168.x.x).

     

    You need to reverse direction of Intel® AMT connection to originate at Intel® AMT FW towards management server. And it has to be secured/encrypted. This is exactly what Intel® AMT Fast Call For Help feature does.

     

     

    On central management server side you need to implement Intel® AMT MPS (Managed Presence Server - kind of TLS tunnel termination and TCP/SOCS proxy to Management Console SW.

     

    Not every Intel® AMT management Console SW supports Intel® AMT Fast Call For Help.

     

     

    Commercial SW is McAfee ePO Deep Command with Remote Agent Handler.

     

    You can also explore Intel's Open Source project Mesh Central - http://www.meshcentral.com/ www.meshcentral.com and use binaries/source code to build and host your own Mesh.

     

    Intel® AMT Software Development Kit (SDK) http://software.intel.com/en-us/articles/download-the-latest-intel-amt-software-development-kit-sdk http://software.intel.com/en-us/articles/download-the-latest-intel-amt-software-development-kit-sdk also contains MPS sample code.

     

    see also https://downloadcenter.intel.com/download/22694/Intel-vPro-Technology-Use-Case-Reference-Design-CIRA-Ref-Architecture Download Intel vPro Technology Use Case Reference Design - CIRA Ref Architecture

     

  3. Q: "Does it work with Wireless LAN?"

     

    YES, over Intel® Wireless WiFi products supporting vPro/AMT ONLY. USB WiFi dongles and other vendor WiFi adapters do not suport Intel® AMT by design.

     

    You will have to configure Intel® AMT WiFi profiles (HW/FW level known & trusted WiFi networks - it is part of Intel® AMT configuration.
  4. Q: "any idea on pricing for enabling it, cost of licenses".

     

     

    If you have Intel® vPro™ PC/laptop/tablet HW (check procesor sticker) - there is NO additional cost/license to Intel for enabling it in the HW/FW.

     

     

    You may need to purchase:

     

     

    - Intel® AMT provisioning certificate for configuring it with Remote Configuration Method into Admin Control Mode - for Wired LAN enabled systems - single certificate for your internal domain name - starting from $90/year. This certificate is not needed for Host Based Configuration into Client Control Mode.

     

    - Professional Intel® vPro™ enabled Management Console SW - like McAfee ePO Deep Command, MS SCCM 2012, Bomgar, LANDesk, DameWare, and bunch of others. No idea about the cost (it strongly depends on numer of end points to be manager). Most of those consoles include their Intel® AMT KVM Viewer.

     

    - standalone Intel® KVM Viewer application if not using any of above console SW - like Real VNC Viewer Plus - $99 per management seat.

     

     

    If your Management Console is MS SCCM 2012 you may use free of charge Intel® Core™ vPro™ processor KVM add-on for System Center Configuration Manager* https://downloadcenter.intel.com/Detail_Desc.aspx?agr=Y&ProdId=3051&DwnldID=21835 https://downloadcenter.intel.com/Detail_Desc.aspx?agr=Y&ProdId=3051&DwnldID=21835 https://downloadcenter.intel.com/Detail_Desc.aspx?agr=Y&ProdId=3051&DwnldID=21835

     

    - You can enable/configure Intel® AMT on your own - but you have to invest time and headcount - see:

     

    Intel® vPro™ configuration with Intel® SCS Training <a href="http://www.intel.com/content/www/us/en/processors/vpro/vpro-activation-training-anim...
0 Kudos
Reply