All New 2010 Intel®
Core™ vPro™ Processor
Family for MSPs
How Spiceworks has integrated Intel
technology into the Spicewor...
Smart Security1
Intel® Core™ Processors and Piketon: Essential
technology for SMB Desktop PCs
Intelligent
Performance1 Eas...
All New 2010 Intel® Core™ vPro™ Processor Family:
IT Computer Within the Computer
Smart Security and
Cost Saving Manageabi...
Intel® vPro™ Technology
Intel® AMT Architecture
Intel® AMT
Operating System
BIOS
HW Sensors Network Connection
SW
Apps
SW
...
Intel® vPro™ Processor Technology
Usage summary
Usage to features
OOB
Access
Power
Control
KVM/IDEr
SOL/ IDEr
iMST
HW main...
Spiceworks IT Desktop
Demo
Provisioning Intel® AMT
Secure your customers Passwords!
“Losing” them are as costly as key to your customers
front door…
Type Used for
BIOS
passw...
Intel AMT configuration
DHCP
• Intel AMT conforms its settings to the
host (the PC’s OS) network settings. IP
address is t...
Choosing a provisioning method
10
Manual Improved Manual Automatic (PSK) Automatic (PKI)
LevelofEffort
Labor Intensive
• M...
Basic Provisioning – Manual
Manually configuring in MEBx
Multiple settings
typed into every
computer in SMB
site
•Time con...
Basic One Touch Provisioning
Simple AMT Configuration using a USB Key
• Simple Windows wizard for local AMT
Configuration ...
Centralized Provisioning
Enter settings once, each PC calls in and provisions
automatically
13
One Touch Remote Configurat...
More Capabilities
Integrated Graphics
KVM Remote Control1
New AES instructions (AES-NI)
More Performance
Most cache, cores...
15
Revision - 01
Intel Confidential
16
Legal Disclaimer Intel Confidential
• INFORMATION IN THIS DOCUMENT IS PROVIDED IN CONNECTION WITH INTEL® PRODUCTS. NO
LICE...
Upcoming SlideShare
Loading in …5
×

How Spiceworks Integrated Intel Technology into the Spiceworks IT Desktop - Kevin S. Havre, Intel

1,500 views
1,363 views

Published on

How Spiceworks Integrated Intel Technology into the Spiceworks IT Desktop - Kevin S. Havre, Market Development Manager, Intel Corporation

0 Comments
0 Likes
Statistics
Notes
  • Be the first to comment

  • Be the first to like this

No Downloads
Views
Total views
1,500
On SlideShare
0
From Embeds
0
Number of Embeds
0
Actions
Shares
0
Downloads
11
Comments
0
Likes
0
Embeds 0
No embeds

No notes for slide
  • Software-based communication (which is through the software stack in the OS) can be disrupted for a variety of reasons, as listed via power being off, OS not operational, software agent being disabled via virus attack and hard drive not functioning. Therefore- hardware-based management via Intel Core vPro processor family can help monitor, maintain, update, upgrade, and repair PCs when software-based management agents are not available.For instance, software-based management is often unavailable when an Operating System blue screens. Therefore, without Intel vPro technology, you cannot remotely manage the computer from the IT management console. Also - a PC with an Intel Core vPro processor uses TLS encryption to secure an out-of-band communication tunnel to the IT management console. Intel vPro technology secures the communication tunnel Advanced Encryption Standard (AES) 128-bit encryption and RSA keys with modulus lengths of 2,048 bits. Because the encrypted communication is out-of-band, the PC’s hardware and firmware receive the magic packet before network traffic reaches the software stack for the operating system (OS). Since the encrypted communication occurs “below” the OS level, it is less vulnerable to attacks by viruses, worms, and other threats that typically target the OS level.Legal Disclaimer2. Intel® Core™ vPro™ processor family includes Intel® Active Management Technology (Intel® AMT). Intel AMT requires the computer system to have an Intel AMT-enabled chipset, network hardware and software, as well as connection with a power source and a corporate network connection. Setup requires configuration by the purchaser and may require scripting with the management console or further integration into existing security frameworks to enable certain functionality. It may also require modifications of implementation of new business processes.
  • TLS encryption – buy one cert for every client – Server authentication – MTLS (cert for mgmt console, 1 for each AMT client)Create your own certificates – Remote config – buy GoDaddy cert and provision systems – export certificate hash and put onto each AMT clientDirector - ownGoDaddy – Provision Server buys a cert to provision any # of systems
  • How Spiceworks Integrated Intel Technology into the Spiceworks IT Desktop - Kevin S. Havre, Intel

    1. 1. All New 2010 Intel® Core™ vPro™ Processor Family for MSPs How Spiceworks has integrated Intel technology into the Spiceworks IT Desktop Kevin S. Havre Intel Corporation September 2010 1
    2. 2. Smart Security1 Intel® Core™ Processors and Piketon: Essential technology for SMB Desktop PCs Intelligent Performance1 Easy PC Care1 Intel® Core™ processors deliver intelligent desktop performance that accelerates in response to demanding tasks helping improve business productivity, reduce energy consumption and enable smaller and more innovative form factors Built-in smart security technologies to help guard against viruses, data loss or corruption and protect assets and data in the event of PC loss or theft 2 A new level of intelligent performance for desktop PCs Industry leading technologies to help you or your service provider remotely manage and service PCs regardless of PC state or IT care model to help improve PC availability and reduce your IT support cost
    3. 3. All New 2010 Intel® Core™ vPro™ Processor Family: IT Computer Within the Computer Smart Security and Cost Saving Manageability with activated features2: • Built into the hardware • Regardless of OS or software agent health • Even when powered off Specifically: • Secure power management • Network isolation • Remote remediation 2. Activated features include Intel Active Management Technology. Intel® Core™ vPro™ processor family includes Intel® Active Management Technology (Intel® AMT). Intel AMT requires the computer system to have an Intel AMT-enabled chipset, network hardware and software, as well as connection with a power source and a corporate network connection.
    4. 4. Intel® vPro™ Technology Intel® AMT Architecture Intel® AMT Operating System BIOS HW Sensors Network Connection SW Apps SW Apps HW Drivers Network Stack Non- Volatile Storage Event Log, Alerts, Redirection Features Secure Out Of Band access Remote troubleshooting and recovery Proactive alerting More detailed HW inventory Third-party, nonvolatile storage SW Apps SW Apps SW Apps Secure access and control of Intel® vPro™ machines, even OOB
    5. 5. Intel® vPro™ Processor Technology Usage summary Usage to features OOB Access Power Control KVM/IDEr SOL/ IDEr iMST HW maintenance tasks Change Management, Disk defrag, temp files, security credentials SW / Anti-virus updates Change management, compliancy, security HW updates/remediation BIOS updates, HW/OS failure, disk image restore • More secure Out of band (OOB) access External access to systems the consoles can “see”, with more secure posture than ASF or WOL, regardless of OS state and a detailed list of HW inventory since last boot. • Power Control Gives consoles the ability to power up systems when they are needed and reboot when the OS is not working • KVM and Serial-over-LAN (SOL) Remote Control Gives remote control consoles access to the system below the OS for seeing pre-boot messages, boot into and edit BIOS, launch OS into “Safe Mode”. • IDE redirection (IDEr) Tricks the BIOS into booting to an OS image on the network; saving a truck roll onsite to trouble shoot even if the HDD has failed, or restore backup images. • Intel Matrix Storage Technology Internal mirrored drives; local instant data back-up without the SW hassle. External cloned drive; protect your data and recover quickly
    6. 6. Spiceworks IT Desktop Demo
    7. 7. Provisioning Intel® AMT
    8. 8. Secure your customers Passwords! “Losing” them are as costly as key to your customers front door… Type Used for BIOS password BIOS access Intel® AMT password MEBx and Web UI access Local admin password OS level access Management Application Passwords Management console For accessing PCs • OS != AMT • Use strong Passwords one char, number and UC letter. • Only assigned techs • Change regularly • Change when techs leave your company Password management
    9. 9. Intel AMT configuration DHCP • Intel AMT conforms its settings to the host (the PC’s OS) network settings. IP address is the same for OS and MEBx, access; Intel AMT MEBx through port 16992... Static • Use different IP addresses for Intel AMT and the host (the PC’s OS). Decide on IP addressing method Common mistake: using a different hostname for Intel AMT MEBx than in the OS
    10. 10. Choosing a provisioning method 10 Manual Improved Manual Automatic (PSK) Automatic (PKI) LevelofEffort Labor Intensive • Must visit every PC for initial & on-going configuration • Must access the BIOS to make changes • Error Prone • English Only Less Labor Intensive • Must visit every PC for initial & on-going configuration • Configuration data entered into Windows utility • Less Error Prone • Localized Less Labor Intensive • Must visit every; reboot only, no data entry • Least error prone • Localized Least Labor Intensive • Never requires a visit to the PC • Least Error Prone • Localized Preparation • None • USB key purchase • Download Intel AMT Configuration Utility • USB key purchase • Download & install Intel SCS 6.0 Lite • Security Certificate Purchase • DHCP server with option 15 • Download & install Intel SCS 6.0 Lite
    11. 11. Basic Provisioning – Manual Manually configuring in MEBx Multiple settings typed into every computer in SMB site •Time consuming •Error Prone •Supported in all AMT versions
    12. 12. Basic One Touch Provisioning Simple AMT Configuration using a USB Key • Simple Windows wizard for local AMT Configuration using a USB Key • Supported in AMT 4.0+ Only
    13. 13. Centralized Provisioning Enter settings once, each PC calls in and provisions automatically 13 One Touch Remote Configuration USB key loads provisioning “secret”, PSK or CA hash Certificate hash already in firmware; purchase matching certificate and load on Provision Server Onsite Server? Onsite Server
    14. 14. More Capabilities Integrated Graphics KVM Remote Control1 New AES instructions (AES-NI) More Performance Most cache, cores, threads & boost range No integrated graphics NO KVM Remote Control1 or AES-NI Intel® Core™ vPro™ Processor Family Using Integrated Graphics ONLY. Intel® Core™ i5 & i7 vPro™ Processors For business clients Intel® Core™ i7 vPro™ Processors For workstations and high performance products 1 – KVM = Keyboard, Video, & Mouse; KVM Remote Control ONLY works over Intel® integrated graphics, not available on Lynnfield processors Desktop: i5-670, 660, 650 Mobile: i5-580, 560, 540, 520, i7-640, 620 Desktop: i7-870, 860, 860s Mobile: i7-840, 820, 740, 720
    15. 15. 15
    16. 16. Revision - 01 Intel Confidential 16
    17. 17. Legal Disclaimer Intel Confidential • INFORMATION IN THIS DOCUMENT IS PROVIDED IN CONNECTION WITH INTEL® PRODUCTS. NO LICENSE, EXPRESS OR IMPLIED, BY ESTOPPEL OR OTHERWISE, TO ANY INTELLECTUAL PROPERTY RIGHTS IS GRANTED BY THIS DOCUMENT. EXCEPT AS PROVIDED IN INTEL’S TERMS AND CONDITIONS OF SALE FOR SUCH PRODUCTS, INTEL ASSUMES NO LIABILITY WHATSOEVER, AND INTEL DISCLAIMS ANY EXPRESS OR IMPLIED WARRANTY, RELATING TO SALE AND/OR USE OF INTEL® PRODUCTS INCLUDING LIABILITY OR WARRANTIES RELATING TO FITNESS FOR A PARTICULAR PURPOSE, MERCHANTABILITY, OR INFRINGEMENT OF ANY PATENT, COPYRIGHT OR OTHER INTELLECTUAL PROPERTY RIGHT. INTEL PRODUCTS ARE NOT INTENDED FOR USE IN MEDICAL, LIFE SAVING, OR LIFE SUSTAINING APPLICATIONS. • Intel may make changes to specifications and product descriptions at any time, without notice. • All products, dates, and figures specified are preliminary based on current expectations, and are subject to change without notice. • Intel, processors, chipsets, and desktop boards may contain design defects or errors known as errata, which may cause the product to deviate from published specifications. Current characterized errata are available on request. • Customers, licensees and other third parties are not authorized by Intel to use code names in advertising, promotion or marketing of any product or services and any such use of Intel's internal code names is at the sole risk of the user. • Performance tests and ratings are measured using specific computer systems and/or components and reflect the approximate performance of Intel products as measured by those tests. Any difference in system hardware or software design or configuration may affect actual performance. • Intel, Intel Inside, the Intel logo, vPro, Centrino, Centrino Inside, Intel Core, Intel Atom and Pentium are trademarks of Intel Corporation in the United States and other countries. • *Other names and brands may be claimed as the property of others. • Copyright © 2010 Intel Corporation.

    ×