Professional Documents
Culture Documents
Intel vProTM
Processor
Technology
Integration Guide
PCs with Intel vProTM
Processor Technology and
N-able Technologies
N-central*
V 1.0
317306-001
Integration Guide:
Intel vPro processor technology and N-able Technologies N-central*
The information contained in this document is provided for informational purposes only and represents the current
view of Intel Corporation (Intel) and its contributors (Contributors), as of the date of publication. Intel and the
Contributors make no commitment to update the information contained in this document, and Intel reserves the
right to make changes at any time, without notice.
THIS DOCUMENT IS PROVIDED AS IS. NEITHER INTEL, NOR THE CONTRIBUTORS MAKE ANY REPRESENTATIONS
OF ANY KIND WITH RESPECT TO PRODUCTS REFERENCED HEREIN, WHETHER SUCH PRODUCTS ARE THOSE OF
INTEL, THE CONTRIBUTORS, OR THIRD PARTIES. INTEL AND ITS CONTRIBUTORS EXPRESSLY DISCLAIM ANY AND
ALL WARRANTIES, IMPLIED OR EXPRESS, INCLUDING WITHOUT LIMITATION, ANY WARRANTIES OF
MERCHANTABILITY, FITNESS FOR ANY PARTICULAR PURPOSE, NON-INFRINGEMENT, AND ANY WARRANTY
ARISING OUT OF THE INFORMATION CONTAINED HEREIN, INCLUDING WITHOUT LIMITATION, ANY PRODUCTS,
SPECIFICATIONS, OR OTHER MATERIALS REFERENCED HEREIN. INTEL AND ITS CONTRIBUTORS DO NOT
WARRANT THAT THIS DOCUMENT IS FREE FROM ERRORS, OR THAT ANY PRODUCTS OR OTHER TECHNOLOGY
DEVELOPED IN CONFORMANCE WITH THIS DOCUMENT WILL PERFORM IN THE INTENDED MANNER, OR WILL BE
FREE FROM INFRINGEMENT OF THIRD PARTY PROPRIETARY RIGHTS, AND INTEL AND ITS CONTRIBUTORS
DISCLAIM ALL LIABILITY THEREFORE.
INTEL AND ITS CONTRIBUTORS DO NOT WARRANT THAT ANY PRODUCT REFERENCED HEREIN OR ANY PRODUCT
OR TECHNOLOGY DEVELOPED IN RELIANCE UPON THIS DOCUMENT, IN WHOLE OR IN PART, WILL BE SUFFICIENT,
ACCURATE, RELIABLE, COMPLETE, AND FREE FROM DEFECTS OR SAFE FOR ITS INTENDED PURPOSE, AND HEREBY
DISCLAIM ALL LIABILITIES THEREFORE. ANY PERSON MAKING, USING OR SELLING SUCH PRODUCT OR
TECHNOLOGY DOES SO AT HIS OR HER OWN RISK.
Licenses may be required. Intel its contributors and others may have patents or pending patent applications,
trademarks, copyrights or other intellectual proprietary rights covering subject matter contained or described in
this document. No license, express, implied, by estoppels or otherwise, to any intellectual property rights of Intel
or any other party is granted herein. It is your responsibility to seek licenses for such intellectual property rights
from Intel and others where appropriate.
Intel hereby grants you a limited copyright license to copy this document for your use and internal distribution
only. You may not distribute this document externally, in whole or in part, to any other person or entity.
IN NO EVENT SHALL INTEL OR ITS CONTRIBUTORS HAVE ANY LIABILITY TO YOU OR TO ANY OTHER THIRD PARTY,
FOR ANY LOST PROFITS, LOST DATA, LOSS OF USE OR COSTS OF PROCUREMENT OF SUBSTITUTE GOODS OR
SERVICES, OR FOR ANY DIRECT, INDIRECT, SPECIAL OR CONSEQUENTIAL DAMAGES ARISING OUT OF YOUR USE
OF THIS DOCUMENT OR RELIANCE UPON THE INFORMATION CONTAINED HEREIN, UNDER ANY CAUSE OF ACTION
OR THEORY OF LIABILITY, AND IRRESPECTIVE OF WHETHER INTEL OR ANY CONTRIBUTOR HAS ADVANCE NOTICE
OF THE POSSIBILITY OF SUCH DAMAGES. THESE LIMITATIONS SHALL APPLY NOTWITHSTANDING THE FAILURE
OF THE ESSENTIAL PURPOSE OF ANY LIMITED REMEDY.
Intel vProTM processor technology includes Intel Active Management Technology (Intel AMT) and Intel
Virtualization Technology (Intel VT).
Intel Active Management Technology (Intel AMT) requires the computer system to have an Intel AMT-enabled
chipset, network hardware and software, as well as connection with a power source and a corporate network
connection. With regard to notebooks, Intel AMT may not be available or certain capabilities may be limited over a
host OS-based VPN or when connecting wirelessly, on battery power, sleeping, hibernating or powered off. For
more information, see http://www.intel.com/technology/iamt
Any third party links in this material are not under the control of Intel and Intel is not responsible for the content of
any third party linked site or any link contained in a third party linked site. Intel reserves the right to terminate any
third party link or linking program at any time. Intel does not endorse companies or products to which it links. If
you decide to access any of the third party sites linked to this material, you do so entirely at your own risk.
Intel, the Intel logo, Intel Core, and Intel vPro are trademarks of Intel Corporation in the United States and other
countries.
*Other names and brands may be claimed as the property of others.
Copyright 2007 Intel Corporation. All rights reserved.
-2-
Integration Guide:
Intel vPro processor technology and N-able Technologies N-central*
Revision History
Revision
1.0
Revision History
First release
Date
August 2007
-3-
Integration Guide:
Intel vPro processor technology and N-able Technologies N-central*
Table of Contents
Introduction
Introduction .......................................................................................................... 14
16
16
17
17
17
18
18
18
19
20
21
21
22
Introduction ..........................................................................................................
Order of deployment ..............................................................................................
Web console for validation of Intel AMT ................................................................
Deployment requirements .....................................................................................
-4-
27
27
29
29
29
29
30
32
32
32
33
33
Integration Guide:
Intel vPro processor technology and N-able Technologies N-central*
34
34
34
36
36
37
38
38
39
39
39
Section 3: Integration
Introduction .......................................................................................................... 41
42
42
45
45
47
54
57
57
58
62
64
65
68
Step 12. Verify that the Intel vPro service is assigned to the PC............................ 69
Step 13: Configure each PC.................................................................................... 72
-5-
Integration Guide:
Intel vPro processor technology and N-able Technologies N-central*
Verify integration................................................................................................... 81
92
93
95
96
97
Section 5: Troubleshooting
Introduction .......................................................................................................... 98
Categories of possible issues ................................................................................. 98
Support and validation tools .................................................................................. 99
-6-
115
121
124
127
Integration Guide:
Intel vPro processor technology and N-able Technologies N-central*
Step 1: Configure and validate Intel AMT via BIOS and MEBx...............................131
Step 2: Enable the Intel AMT respond-to-ping setting .........................................131
Step 3: Validate connectivity between N-central components ...............................132
If you have trouble with installation or validation...........................................132
Step 4: Verify network communication .............................................................133
Step 5: Log into N-central...............................................................................133
Step 6: In N-central, set Intel AMT credentials for the probe................................133
Step 7: Discover the PC..................................................................................134
If you have trouble discovering the PC .........................................................134
Step 8: Import the newly discovered PC ...........................................................135
Verify that the PC was imported into the management domain ........................135
Step 9. Verify that the Intel vPro service is assigned to the PC .............................136
Step 10: Configure each PC ............................................................................136
Step 11: Select the probe for power control ......................................................137
Verify integration................................................................................................. 137
Glossary............................................................................................................... 140
Acronyms............................................................................................................. 142
-7-
Integration Guide:
Intel vPro processor technology and N-able Technologies N-central*
List of Tables
Table
Table
Table
Table
Table
1-1.
1-2.
1-3.
1-4.
1-5.
Table 1-6.
Table 1-7.
Table
Table
Table
Table
Table
Table
Table
3-1.
3-2.
3-3.
3-4.
3-5.
16
19
22
23
24
25
26
Table 2-1.
Table
Table
Table
Table
Table
Table
Table
30
31
32
33
35
36
37
38
39
40
42
48
49
59
81
Table 4-1.
Table 4-2.
Table 5-1.
Table 5-2.
Table 5-9.
Table A-1.
Table A-2.
Table B-1.
Table
Table
Table
Table
Table
Table
5-3.
5-4.
5-5.
5-6.
5-7.
5-8.
-8-
Integration Guide:
Intel vPro processor technology and N-able Technologies N-central*
List of Figures
Figure 1-1.
Figure 1-2.
Figure 2-1.
Figure
Figure
Figure
Figure
Figure
Figure
Figure
Figure
Figure
Figure
Figure
Figure
Figure
Figure
Figure
3-1.
3-2.
3-3.
3-4.
3-5.
3-6.
3-7.
3-8.
3-9.
3-10.
3-11.
3-12.
3-13.
3-14.
3-15.
Figure
Figure
Figure
Figure
Figure
Figure
Figure
Figure
Figure
Figure
Figure
Figure
Figure
Figure
Figure
Figure
Figure
Figure
Figure
Figure
Figure
3-16.
3-17.
3-18.
3-19.
3-20.
3-21.
3-22.
3-23.
3-24.
3-25.
3-26.
3-27.
3-28.
3-29.
3-30.
3-31.
3-32.
3-33.
3-34.
3-35.
3-36.
Figure 3-37.
-9-
44
46
47
50
51
51
52
53
53
55
56
56
58
60
60
61
63
63
64
65
70
71
71
74
76
77
78
79
80
80
82
83
83
84
84
85
86
Integration Guide:
Intel vPro processor technology and N-able Technologies N-central*
4-1.
4-2.
4-3.
4-4.
4-5.
4-6.
Figure
Figure
Figure
Figure
Figure
5-1.
5-2.
5-3.
5-4.
5-5.
Figure A-1.
- 10 -
90
91
94
94
95
96
Integration Guide:
Intel vPro processor technology and N-able Technologies N-central*
Introduction
Welcome to the integration guide for Intel vProTM processor technology and N-able
Technologies (N-able) N-central*. This guide explains how to integrate PCs with Intel
vPro processor technology into an N-central service environment.
Intel vPro processor technology includes the powerful, hardware-based Intel Active
Management Technology (Intel AMT). Intel AMT is a new technology for remote
management and security of PCs. With Intel AMT, managed service providers (MSPs)
can monitor and manage PCs anytime even if PC power is off, the operating system
(OS) is inoperable, management agents are missing, or hardware (such as a hard
drive) has failed.
When integrated into a third-party management solution, such as N-able N-central,
Intel vPro processor technology lets service providers spend less time managing the
PC and more time focusing on strategic business initiatives.
This guide describes integration of PCs with Intel vPro processor technology into
N-Central v6.
- 11 -
Integration Guide:
Intel vPro processor technology and N-able Technologies N-central*
Note:
Intended audience
This guide is intended for MSPs using N-central to manage PCs with Intel vPro
processor technology. Users of this guide should be experienced in:
Setting up networks for SMB customers
Setting up, configuring, and using Microsoft networking, server, and OS applications
Communication and security methodologies and technologies, such as TCP/IP, HTTP,
HTTPS, and SSL
Scope
This guide includes step-by-step integration procedures for integrating an Intel AMTenabled PC into the N-central management environment.
To help with integration, this guide describes deployment requirements and
installation considerations for N-central.
Note that this guide does not explain how to install or setup N-central. Refer to your
N-able documentation for installation, setup, and validation procedures for N-central
This guide also includes hardware requirements for PCs, as well as some deployment
considerations for Intel AMT in the N-central environment.
Note that this guide does not explain how to configure Intel AMT parameters on the
PC. That information is located in the Intel AMT configuration guide for SMB
environments.
This guide assumes you are using probes to monitor the PCs. If you will be using
agents to monitor PCs, refer to your N-central documentation for installation and setup
procedures for agents.
- 12 -
Integration Guide:
Intel vPro processor technology and N-able Technologies N-central*
Contents
This guide includes these sections:
Section 1: Solution architecture, which explains the order of deployment and
briefly describes the architecture of Intel AMT and the N-central solution, including
key aspects of secure, remote communication between the elements of the N-central
managed environment.
Section 2: Deployment requirements, which provides requirements for hardware
and software, includes deployment recommendations, and briefly describes important
considerations for configuring the network, installing N-central, and setting up the
managed environment.
Section 3: Integration, which explains how to integrate an Intel AMT-enabled PC
into N-central.
Caution:
Section 4: Use cases, which provides simple procedures for updating security
software on a PC that is powered off, discovering PCs, and acquiring a hardware
inventory.
Section 5: Troubleshooting, which provides information and procedures that can
help resolve common issues with remote management.
Appendix A: Quick start, which provides abbreviated step-by-step procedures for
integrating the Intel AMT-enabled PC into N-central.
Appendix B: Accessing BIOS, which describes some ways to access BIOS for
common PC manufacturers.
Appendix C: Glossary and acronyms.
- 13 -
Integration Guide:
Intel vPro processor technology and N-able Technologies N-central*
Section 1:
Solution Architecture
Introduction
Intel vProTM processor technology delivers many high-performance features and
innovative capabilities for both users and IT administrators, all in an energy-efficient
platform that is Microsoft Windows Vista* ready. Among the innovative capabilities of
Intel vPro processor technology is Intel Active Management Technology (Intel AMT).
Intel AMT is powerful hardware-based technology for remote management and
security of PCs. These capabilities allows MSPs to monitor and manage PCs anytime,
even if PC power is off, the OS is unresponsive, management agents are missing, or
hardware (such as a hard drive) has failed.
With Intel AMT, authorized technicians can remotely and securely power on/off/reset a
PC, remote boot a PC to a clean state, redirect a PCs boot device to another device
(such as a CD or network share), use console redirection, and take advantage of
powerful hardware-based system-defense capabilities. Intel AMT also provides secure
access to detailed hardware asset information, the persistent Intel AMT event log, and
other critical system information virtually anytime. Service providers can now spend
less time managing the PC and more time focusing on strategic business initiatives.
This guide describes how to integrate PCs with Intel vPro processor technology into
N-able N-central* v6. N-central is taking advantage of several key Intel AMT
capabilities, including remote power on/off, access to the PCs unique universal
identifier (UUID), and access to detailed hardware asset information.
Note:
Order of deployment
The overall deployment process follows four general steps:
1.
2.
3.
Note:
This guide assumes you have already installed and set up N-central
correctly. Refer to your N-central documentation for information about
installing, setting up, verifying, and troubleshooting N-central.
- 14 -
Integration Guide:
Intel vPro processor technology and N-able Technologies N-central*
Caution:
This guide explains step 3, integration of the Intel AMT-enabled PC into N-central.
Quick Start
If you are already familiar with Intel AMT and N-central, you might want to use the
quick start appendix in this guide to begin deployment.
If you are not already familiar with these technologies, make sure you carefully read
your N-central documentation, as well as the deployment requirements and important
considerations in this guide for configuring firewalls, WMI, and other components of Ncentral.
In this section...
This section provides information about:
Solution architecture
MSPs must manage and adapt to a changing and competitive environment. With tens,
even hundreds of sites across geographic areas, reducing site visits is critical to
keeping costs down and being able to plan better for the future. Two of the obvious
solutions to reducing site visits are:
Automate more tasks.
Allow more tasks to be performed from a remote, centralized location.
When integrated into a third-party management application, such as N-central, Intel
vPro processor technology (including Intel AMT) is designed to help service providers
perform more work from the service center and significantly reduce site visits. In turn,
this will help MSPs increase efficiencies, reduce service costs, improve revenue
margins, and offer new services to customers.
- 15 -
Integration Guide:
Intel vPro processor technology and N-able Technologies N-central*
Secure remote
power-on
Persistent ID
Persistent
hardware-asset
information
- 16 -
Integration Guide:
Intel vPro processor technology and N-able Technologies N-central*
Remote management
even if PC power is off or the OS is unresponsive
When integrated into N-central, Intel AMT lets technicians:
Update security software and applications off-hours even if the PC is
powered off at the start of the update cycle. With Intel AMT, technicians can now
securely and remotely power up the PC from the service center so that N-central can
apply the update or patch.
Remotely power up PCs for monitoring or maintenance, using the secure,
remote power on/off feature
Power-reset PCs to a clean state, using the secure remote power reset feature.
Inventory hardware assets anytime and on a lower level than can be
monitored through use of Windows Management Instrumentation (WMI) alone.
Discover more PCs more accurately with access to the UUID, so that you always
know which systems are on the network and can perform more accurate asset
inventories.
Because the capabilities of Intel AMT are designed into the PC, they are available to Ncentral technicians anytime (refer to Figure 1-1). As long as the PC is connected to a
power source and plugged into the network, the capabilities of Intel AMT are available
to authorized IT technicians.
N-able N-central
N-central is a leading remote monitoring and management platform deployed globally
by MSPs servicing the SMB market. N-central is a powerful and feature-rich tool for
managed services that will help drive new efficiencies and profitability into your
managed service programs.
- 17 -
Integration Guide:
Intel vPro processor technology and N-able Technologies N-central*
When N-central is used for PCs with Intel vPro processor technology, IT administrators
gain access to powerful new hardware-based capabilities of Intel AMT. This includes
the ability to remotely discover, monitor, and manage PCs regardless of PC power
state or the state of the OS. You can now use N-central to securely and remotely
power up PCs to update security software off-hours, upgrade software applications,
and ready PCs for a user work shift all without leaving the service center. You can
also accurately identify an Intel AMT-enabled PC even if PC power is off, the OS has
been rebuilt, the hard drive has been reimaged, a hardware or software configuration
has changed, or management agents are missing.
With access to the new Intel AMT capabilities, N-central can help you significantly
improve remote device discovery, hardware asset inventory, off-hours maintenance,
and other processes and tasks. For MSPs, the combination of N-central and PCs with
Intel vPro technology makes it easier to improve labor utilization, optimize IT
processes, and improve management coverage for all PCs.
Management components
The N-central solution has a distributed architecture and three main components:
N-central server, which is the central management console that provides the web
based interface; conducts data processing, reporting, and notifications; and can
monitor devices with public IP addresses using TCP port monitoring capabilities.
Software agents, which are installed at the customer site on end-user PCs for local
monitoring. An agent collects detailed OS and other system data from a single PC
and passes the data back to the N-central server when the user device is on the
network. (Agents are particularly useful for mobile PCs.)
Probes, which are installed at the customer site on a dedicated PC or server, and
which can monitor many devices. Probes collect general information from the PC
and/or agents, and pass the data back to the N-central server. Probes generate less
network traffic than agents and can be used to provide an agentless solution.
- 18 -
Integration Guide:
Intel vPro processor technology and N-able Technologies N-central*
There are significant cost and resource benefits for MSPs managing Intel AMT-enabled
PCs via N-central. With Intel AMT, MSPs can:
Eliminate virtually all site visits traditionally required for updates and patching for PCs
that are often shut off.
Eliminate many manual hardware-asset inventories.
Reduce total cost of ownership (TCO) of technology for customers.
MSPs can now significantly reduce manual processes; increase automation for
inventory, update, and upgrade tasks; shift more work off-hours; and minimize
interruptions to their customers business. The result is a more managed, more
efficient infrastructure that helps increase productivity, reduce service costs, and
improve revenue margins.
Remote communication
This discussion is a brief overview of remote communication via the Intel Management
Engine (which includes Intel AMT) through a third-party management application, such
as N-central.
Description
Works when...
Out-of-band
communication
Communication between
Intel AMT (via the Intel
Management Engine) and Ncentral
In-band communication
Communication between
Intel AMT (via the Intel
Management Engine) and
the PCs OS
- 19 -
Integration Guide:
Intel vPro processor technology and N-able Technologies N-central*
- 20 -
Integration Guide:
Intel vPro processor technology and N-able Technologies N-central*
- 21 -
Integration Guide:
Intel vPro processor technology and N-able Technologies N-central*
This guide assumes you are using probes to monitor and manage the Intel AMTenabled PCs. For information about remote management through agents, refer to your
N-central documentation.
Source
Vendors. For a list of vendors who supply PCs with Intel vPro
processor technology, contact
http://www.intel.com/buy/vPro.htm
Intel vPro processor technology. For information about Intel vPro
processor technology used in the small- and medium-business market,
refer to the Intel Web site:
http://www.intel.com/business/vpro/
N-able N-central
- 22 -
Integration Guide:
Intel vPro processor technology and N-able Technologies N-central*
Related documentation
The next several tables describe documentation from Intel, N-able, and other sources
which may be useful during deployment, or which can give you additional details about
Intel vPro processor technology or N-able N-central.
Table 1-4. Related deployment documentation from Intel
Intel deployment
documentation
Download from
Intel Web site at:
Description
http://www3.intel.com/cd/channel/
reseller/asmo-na/eng/347046.htm
http://www.intel.com/reseller/vpro
http://softwarecommunity.intel.co
m/isn/home/manageability.aspx
http://download.intel.com/business
/vpro/pdfs/deployment_guide.pdf
- 23 -
Integration Guide:
Intel vPro processor technology and N-able Technologies N-central*
Table 1-5. Related information about Intel vPro processor technology and Intel AMT
Intel product
information
Download from
Intel Web site at:
Description
http://www.intel.com/technology/
manage/iamt/303749.pdf
http://cachewww.intel.com/cd/00/00/31/87/31
8739_318739.pdf
http://www.intel.com/business/vpr
o/pdfs/amt_security_and_complian
ce.pdf
http://softwarecommunity.intel.co
m/articles/eng/1004.htm
Technical support
http://supportmail.intel.com/scripts
-emf/welcome.aspx?id=2556,2557
- 24 -
http://msp.intel.com/
http://intel.com/reseller/vpro
Integration Guide:
Intel vPro processor technology and N-able Technologies N-central*
N-able documentation
Description
Provides:
http://www.n-able.com/login/
User guides
Message board
N-able product knowledge base
N-able University*
Applied Technology
Training
Provides:
Web-based training
N-central Web-based weekly
scheduled Q&A sessions
http://www.nable.com/university/programs/ncentral/
http://www.n-able.com/login/
http://www.n-able.com/login/
www.intel.com/cd/channel/reseller/
asmona/eng/products/desktop/processor
/processors/vpro/sales/323517.htm
- 25 -
Integration Guide:
Intel vPro processor technology and N-able Technologies N-central*
Located in
Appendix A
Deployment
requirements
Section 2
Description
Simplified list of steps to follow to integrate an Intel
AMT-enabled PC into N-central.
Hardware, software, networking, firewall, and
information requirements, and important
considerations.
Also refer to the Intel AMT configuration guide for
SMB environments, and refer to your N-central
documentation.
Sections
2, 5
Integration
Section 3
Validation
Sections
3, 5
Table 1-8.
Information
Located in
Description
Troubleshooting
Sections
2, 5
Intel AMT
architecture
Section 1
Section 4
- 26 -
Integration Guide:
Intel vPro processor technology and N-able Technologies N-central*
Section 2:
Deployment requirements
Introduction
See your N-able installation guides for information about installing and setting up Ncentral. Configuration information for Intel AMT is located in the Intel AMT
configuration guide for SMB environments.
This section covers:
Order of deployment
Deployment requirements for hardware and software
Important considerations and best practices
Note:
Note:
Order of deployment
The deployment process follows three general steps to install, configure, and integrate
the key elements (PC, N-central server, and probe) of the system in a platform or
appliance environment:
1.
2.
3.
Caution:
- 27 -
Integration Guide:
Intel vPro processor technology and N-able Technologies N-central*
Caution:
Remote management of PCs will fail if you do not set up the security,
networking and operational parameters properly on the end-user PC,
probe, and/or servers to allow remote communication between N-central
components and through firewalls and proxy servers.
Figure 2-1 shows the general deployment process. Refer to the section on solution
architecture in this guide, for a information about how communication flows in the Nable managed-service environment.
- 28 -
Integration Guide:
Intel vPro processor technology and N-able Technologies N-central*
Deployment requirements
To help prepare you for deployment, this discussion includes:
Recommended configurations for hardware and software
Networking, security, and setup requirements
Recommended configurations
There are three main hardware elements in an N-central environment, each of which
has certain requirements:
End-user PC: requirements for setting up and configuring Intel AMT and the Ncentral agent on the end-users desktop PC
Probe device: requirements for the low-end server or high-end PC at the customer
site on which the Windows probe is installed
Remote server: requirements for the remote server that hosts N-central at the
MSPs service center.
For more in-depth information about special considerations and best practices, refer to
the configuration section for the PC with Intel AMT.
- 29 -
Integration Guide:
Intel vPro processor technology and N-able Technologies N-central*
Recommendation or requirement
Hardware
Software
Information
Special
considerations
If you are using Windows Vista, you must install the N-able hotfixes for the OS. Refer to your
N-able documentation for information about the hotfixes.
- 30 -
Integration Guide:
Intel vPro processor technology and N-able Technologies N-central*
Table 2-2. Requirements for installing the probe at the customer site
Component
Recommendation or requirement
Hardware
CPU: Depends on site size. For a smaller site, use a processor that can
effectively run Microsoft Windows XP or Microsoft Windows 2003*. For a
larger site, you should consider using an Intel Core2 Duo processor
or above.
Motherboard chipset: Intel motherboard chipset
Hard drive: 20 GB hard-disk or larger
RAM: 128 MB RAM
Network card: 100 Mb or 1 Gb
CD ROM drive: recommended
OS and server
software
Information
Special
considerations
Network firewall: must allow TCP sessions on ports 80, 443, and 22.
Port 10000 is used to access the administrator console.
- 31 -
Integration Guide:
Intel vPro processor technology and N-able Technologies N-central*
Network requirements
You will need certain networking information in order to complete the configuration,
installation, and integration procedures for Intel vPro processor technology and Ncentral. This information includes the networking parameters, values for general
configuration settings, administrator passwords, and security requirements.
Communication ports
The N-central service environment requires certain communication ports be open on
the firewall router, as described in Table 2-3.
Table 2-3. Network communication requirements
Communication
Requires:
Used for
Description
Inbound
communication to
N-central
Port 443
HTTPS
Port 80
HTTP
Port 22
SSH
Port 10000
TCP sessions
- 32 -
Integration Guide:
Intel vPro processor technology and N-able Technologies N-central*
DHCP
Static IP
DHCP service
Required
DNS service
Required
Optional
Static IP environments
In static IP addressing, the PC has fixed network settings. When using static-IP
addressing in enterprise environments, you can define different IP addresses for Intel
AMT and the host (the PCs OS). However, you should not use different IP addresses
for PCs configured in SMB mode.
When using static-IP addressing for SMB mode, you should:
Use the same IP address for Intel AMT and the host (the PCs OS).
Use the same host name for Intel AMT and the PCs OS name.
Note:
In SMB mode, if you use different IP addresses for Intel AMT or the host,
or if you use different host names for either Intel AMT or the host, your
management application is likely to report two devices for the same PC.
This typically occurs when the management application uses mainly IP
addressing to discover or identify the PC.
- 33 -
Integration Guide:
Intel vPro processor technology and N-able Technologies N-central*
Security requirements
You will need certain security and configuration information in order to complete the
configuration, installation, and integration procedures for Intel vPro processor
technology and N-central. This information includes the values required for general
configuration settings, administrator passwords, and security requirements.
Passwords
There are three main administrator passwords required during deployment of PCs with
Intel vPro processor technology in the N-central service environment. You might also
require another password to access BIOS, depending on your PCs manufacturer.
Make sure you have the correct administrator username and password available for
each step of the deployment process. (Do not assume the default username or
password; these can vary, depending on your PC manufacturer.) Table 2-5 lists the
passwords used during deployment.
- 34 -
Integration Guide:
Intel vPro processor technology and N-able Technologies N-central*
Used for:
Used to:
BIOS
password
BIOS
Intel AMT
password
MEBx
N-central
password
N-central
Used by an IT administrator to log into Ncentral. This password is first set during
installation of N-central, and can be reset via
the user-management feature in N-central.
Users
management
password
- 35 -
Integration Guide:
Intel vPro processor technology and N-able Technologies N-central*
Key or command
sequence to access BIOS
Computer name
1.
2.
3.
4.
5.
TCP/IP settings
Personnel requirements
Before deploying Intel AMT devices, make sure your IT personnel have adequate
training and experience. Deployment personnel should be experienced in:
System administration
Security methodologies and technologies, including secure sockets layer (SSL)
IT management tools and applications
- 36 -
Integration Guide:
Intel vPro processor technology and N-able Technologies N-central*
Important considerations
This discussion briefly explains special considerations and best practices for:
Installing N-central
Installing probes
Integrating a PC with Intel AMT into N-central
Locating N-central from the customer site
Firewalls
Description
Install probe on
low-end server or
high-end PC
When installing the probe, make sure you specify the correct IP
address for N-central. The IP address is entered in the server field
in the nagent.conf file. You can access the nagent.conf file through
C:/Program Files/N-able Technologies/Windows Software
Probe/nagent.conf.
Activation key
required
During probe installation, you must enter the probe activation key.
You can access the activation key through the Setup > Probes >
System Communication (tab) in N-central.
Verify
communication
between probe and
N-central server
After installing the probe, make sure the probe can communicate
with the N-central server. If communication is working properly,
you should be able to see the version information for the probe
when you log into N-central. If you do not see version information,
refer to the troubleshooting section of this guide for help
diagnosing and fixing the problem.
Unique security
credentials for
different PCs
You can establish different security credentials for Intel AMTenabled PCs at the customer site, such as for an accountants PC
versus general user PCs. To use different security credentials for a
particular PC, you would create a separate probe for that PC in Ncentral. You would then download new probe software for the
probe device at the customer site, and set up that probe with the
unique security credentials for the target Intel AMT-enabled PC.
- 37 -
Integration Guide:
Intel vPro processor technology and N-able Technologies N-central*
Description
Using firewalls
Let N-central
automatically assign
Intel vPro service to
the PC
- 38 -
Integration Guide:
Intel vPro processor technology and N-able Technologies N-central*
Description
Test connectivity
You can run the Microsoft wbemtest utility to test that WMI is
configured properly on the PCs you are remotely managing, and
that the correct user permissions are set on each PC. N-central
also provides a script to help you identify synching problems
and/or resync WMI services.
Refer to N-central documentation for information about setting up
WMI services correctly. Refer to Microsoft documentation for
information about using the wbemtest utility, which included with
your Microsoft Windows OS.
- 39 -
Integration Guide:
Intel vPro processor technology and N-able Technologies N-central*
Description
Network firewall
Windows firewall
- 40 -
Integration Guide:
Intel vPro processor technology and N-able Technologies N-central*
Section 3:
Integration
Introduction
For a nonhosted solution, the overall deployment process follows three general steps:
1.
2.
3.
Caution:
Note:
Required procedures
This section explains how to integrate an Intel AMT-enabled PC with N-central. This
section includes procedures that explain how to:
Validate installation and connectivity for the probe and N-central server.
Make sure the Intel AMT respond-to-ping feature is enabled on the target PC.
Discover the PC using N-central.
Import the PC into the N-central device list.
Set up the Intel vPro service and device details for the PC.
Validate that the Intel AMT-enabled PC was integrated correctly into N-central.
- 41 -
Integration Guide:
Intel vPro processor technology and N-able Technologies N-central*
Assign the Intel vPro service to one Intel AMT-enabled PC at the customer site (as
opposed to all Intel AMT-enabled PCs at the site).
Create a custom vPro dashboard.
Overview of deployment
Table 3-1 briefly describes the deployment processes.
Table 3-1. Deploying Intel AMT-enabled PCs and N-central
Step
Process
Description
Step 1
Step 2
Step 3
Validate connectivity
between N-central
components
Step 4
Verify network
communication
- 42 -
Integration Guide:
Intel vPro processor technology and N-able Technologies N-central*
Table 3-1.
Step
Process
Description
Step 5
Step 6
Step 7
Step 8
Step 9
Verify communication
between probe and Ncentral
Step 10
Step 11
Step 12
Step 13
Step 14
Step 15
Optional: Create a
custom Intel vPro
dashboard
- 43 -
Integration Guide:
Intel vPro processor technology and N-able Technologies N-central*
- 44 -
Integration Guide:
Intel vPro processor technology and N-able Technologies N-central*
Refer to the Intel AMT configuration guide for SMB environments for step-by-step
procedures that explain how to configure Intel AMT.
N-central requires that you enable the Intel AMT respond-to-ping feature
on the target PC in order to allow out-of-band discovery.
Note:
Make sure the firewall does not prevent the ping response. Refer to your
N-able documentation for recommended settings for firewalls.
You can use the Intel AMT Web console to check the Intel AMT respond-to-ping setting
on the target PC. Note that the Web console must be used from a PC other than the
target PC. For example, you can use the Intel Web browser to access Intel AMT
settings and information from the probe device, from another user PC at the customer
site, from the remote management workstation, or from another remote PC.
- 45 -
Integration Guide:
Intel vPro processor technology and N-able Technologies N-central*
Note:
You must use the Web console from another PC to access the Intel AMT
respond-to-ping feature on the target PC.
Follow these steps to verify or update the Intel AMT respond-to-ping setting on the
target PC:
1.
2.
3.
In the URL field, enter the target PCs name or IP address, and the port number
(refer to Figure 3-2).
If the network can resolve the target PCs host name to a TCP/IP address, enter
the host name in the URL field, like this:
http://host_name:16992
For example: http://TestSystem:16992
If a static TCP/IP address is defined for the target PC, enter the PCs IP address
in the URL field, like this:
http://ip_address:16992
For example: http://192.168.1.7:16992
4.
Select the logon option. The system will then display a login dialog for the Intel
AMT Web console.
5.
When prompted, login using the Intel AMT administrator username and password.
The Intel AMT Web console is then opened. The screen should show the current
status of the target PC.
6.
In the left navigation bar, select Network Settings, as shown in Figure 3-3.
7.
8.
Click Submit.
Figure 3-2. Entry screen for the Intel AMT Web console
- 46 -
Integration Guide:
Intel vPro processor technology and N-able Technologies N-central*
Figure 3-3. Network settings screen accessed via the Intel AMT Web
console
- 47 -
Integration Guide:
Intel vPro processor technology and N-able Technologies N-central*
Description
Verify remote-management
fields in N-central server
When you first install the probe, you can test connectivity
from the N-central server to the probe by seeing if the probe
version information is displayed in N-central. Follow these
steps:
1. Select customer site.
2. Access Setup > Probes.
3. In the probe list, select the probe to check.
4. Select the System Communication tab.
If the probe version information is displayed (near the
center of the screen), connectivity is established between
the probe and the N-central server.
You can test connectivity between the probe device and the
N-central server using a Web browser. Follow these steps:
1. On the probe machine, open a Web browser.
2. Using a secure port (such as HTTPS on port 10000), point
to the N-central URL. For example, enter https://ncentral.dyndns.org/10000
If the N-central login page is displayed, network connectivity
between the probe device and N-central is verified.
- 48 -
Integration Guide:
Intel vPro processor technology and N-able Technologies N-central*
Once you have installed the general software components, make sure you validate the
network infrastructure. Table 3-3 lists ways to validate firewall and WMI
configurations. Figure 3-4 shows WMI status indicators in the dashboard for a
customer site.
Table 3-3. Validating Windows firewall and WMI configuration
Validation procedure
Description
You can run the Microsoft wbemtest utility to test that WMI
is configured properly on the PCs you are remotely
managing, and that the correct user permissions are set on
each PC. Refer to Microsoft documentation for information
about using the wbemtest utility, which included with your
Microsoft Windows OS.
- 49 -
Integration Guide:
Intel vPro processor technology and N-able Technologies N-central*
Figure 3-4. Verifying that WMI is configured correctly. This figure shows
PCs with various states of network connectivity.
Launch N-central. N-central will display the login screen (see Figure 3-5).
2.
3.
4.
If prompted, answer (yes/no) whether you are available to respond to requests for
remote desktop support.
The system should then display the NOC View. This is a list of PCs at the various sites
which are not in a normal state. Figure 3-6 shows a sample NOC View.
Once you have logged in, you are ready to set up the probe to monitor the site with
Intel AMT-enabled PCs.
- 50 -
Integration Guide:
Intel vPro processor technology and N-able Technologies N-central*
- 51 -
Integration Guide:
Intel vPro processor technology and N-able Technologies N-central*
Using the left navigation bar, access your service organization site.
2.
Access Setup > Add Customer. N-central then displays the Customers screen (see
Figure 3-7).
3.
Click on Add Customer. N-central then displays the customer information screen
(see Figure 3-8).
4.
Fill in the fields as appropriate for your customer. Make sure all required fields are
filled in. Required fields are indicated with an asterisk.
5.
When you have filled in the information you want for this customer, click Save
and Finish. N-central then displays a screen where you enter the limits for the
site (see Figure 3-9).
6.
Enter the number of accounts, devices, probes, and so on, appropriate for this
customer site.
7.
8.
If prompted, confirm that you want to save and finish, or that you do or dont
want to add user accounts at this time.
You are now ready to add user accounts (an optional step) or set Intel AMT credentials
for the probe.
- 52 -
Integration Guide:
Intel vPro processor technology and N-able Technologies N-central*
Figure 3-9.
- 53 -
Integration Guide:
Intel vPro processor technology and N-able Technologies N-central*
For the N-able probe to identify the PC as an Intel AMT-enabled PC, Intel
AMT must be enabled and the Intel AMT security, networking, and
operational parameters must be configured correctly on the PC via BIOS
and MEBx.
Note:
The security credentials set in this procedure must match the credentials
(administrator username and password) set in the Intel AMT parameters
on the PC. You set these credentials on the PC when you configure Intel
AMT via BIOS and MEBx.
Follow these steps to set up the Intel AMT security credentials in N-central for the
probe that will be used to manage the Intel AMT-enabled PCs.
1.
Select the customer site. N-central then displays the overview screen for that site,
such as the one shown in Figure 3-10.
2.
Access Setup > Probes to display the probes screen (see Figure 3-11).
3.
Open the edit-probe screen so that you can enter Intel AMT credentials:
If you are editing an existing probe (see Figure 3-12), in the column that lists
the available probes, click the name of the probe you want to edit.
If you are creating a new probe, click Add Probe.
4.
If necessary, enter the probe name, type, network routable address, and
description.
5.
- 54 -
Integration Guide:
Intel vPro processor technology and N-able Technologies N-central*
6.
Enter the Intel AMT administrator username in the User Name field. This is the
same username you used to access the Intel AMT feature in BIOS/MEBx on the
target PC during configuration of Intel AMT.
7.
Enter the Intel AMT administrator password in the Password field. This must be
the same password used to log into the Intel AMT feature in BIOS/MEBx on the
target PC during configuration of Intel AMT.
8.
Enter the administrator password again in the Confirm Password field to confirm
the credentials.
9.
N-central then updates the probe (or adds the new probe to the probe list) and
displays an updated probes screen.
Figure 3-10.
- 55 -
Integration Guide:
Intel vPro processor technology and N-able Technologies N-central*
Figure 3-11.
Figure 3-12.
- 56 -
Integration Guide:
Intel vPro processor technology and N-able Technologies N-central*
Select the customer site. N-central then displays the overview screen for that site.
2.
Access Setup > Probes. N-central then displays the probes listing for the customer
site. The list of probes should include the probe you just installed at that customer
site.
3.
Select the name of the probe for which you will verify communications. N-central
will then display a screen for editing communication parameters for the probe.
4.
You should see the current probe version number near the middle of the screen (see
Figure 3-13).
If you see the probes version information, communication is established between the
probe and the N-central server.
If you do not see the version info, the probe is not communicating with the N-central
server. In this case, refer to your N-central documentation to troubleshoot your
setup of the N-central server and the probe.
- 57 -
Integration Guide:
Intel vPro processor technology and N-able Technologies N-central*
Figure 3-13.
- 58 -
Integration Guide:
Intel vPro processor technology and N-able Technologies N-central*
Description
In the left navigation bar, select the customer site and All Devices view. N-central
then displays the list of devices currently available for that site (see Figure 3-14).
2.
Access Setup > Asset Management > Auto Discovery. N-central then displays a
screen that lists any discovery tasks that are currently available (see Figure 3-15).
3.
Click Create Auto Discovery Task. N-central then displays the screen for
creating discovery tasks and importing devices (see Figure 3-16).
4.
Enter a task name appropriate for discovering the PC. For example, enter
Discover new Intel AMT PCs.
5.
Select the probe to use for discovery. For example, select Scan Now.
6.
Because you told the probe to scan now, N-central executes the discovery task.
Note:
When N-central finishes the scan, N-central updates the status field to Completed.
You are now ready to import the list of discovered devices into the N-central
management list.
Note:
- 59 -
Integration Guide:
Intel vPro processor technology and N-able Technologies N-central*
Figure 3-14.
Figure 3-15.
- 60 -
Integration Guide:
Intel vPro processor technology and N-able Technologies N-central*
Figure 3-16.
Check the system requirements and special considerations listed in this section.
Make sure your equipment, OSs, network, and other elements are appropriate for
your environment.
2.
3.
- 61 -
Integration Guide:
Intel vPro processor technology and N-able Technologies N-central*
Once you have discovered the PC with Intel vPro processor technology, you are ready
to log into N-central and integrate the PC with N-central.
Select the customer site where you have installed the new PC.
2.
3.
4.
Click Import Discovered Assets. N-central then displays the list of newly
discovered PCs for the customer site (see Figure 3-17).
5.
In the Devices Found area, select the target PC you want to add to the device list.
6.
Click > to add the PCs name to the list of devices that will be imported.
Note:
Because you are integrating a desktop PC, do not check the Monitor Local
Services checkbox.
7.
Click Import Devices. N-central then imports the PCs and displays the list of
probes to assign to the PCs (see Figure 3-18).
8.
9.
- 62 -
Integration Guide:
Intel vPro processor technology and N-able Technologies N-central*
Figure 3-17.
Figure 3-18.
- 63 -
Integration Guide:
Intel vPro processor technology and N-able Technologies N-central*
Select the customer site and All Devices View. N-central should show the new
Intel AMT-enabled PC in the device list (see Figure 3-19).
2.
Click on the name of the Intel AMT-enabled PC. N-central will then display the
N-central features for that PC, including the Intel AMT power-control tab (see
Figure 3-20).
Figure 3-19.
- 64 -
Integration Guide:
Intel vPro processor technology and N-able Technologies N-central*
Figure 3-20.
2.
Make sure the Intel AMT parameters on the PC have been configured in SMB
mode via BIOS and MEBx. Refer to the Intel AMT configuration guide for SMB
environments for this procedure.
- 65 -
Integration Guide:
Intel vPro processor technology and N-able Technologies N-central*
3.
Verify that the networking and operational settings of Intel AMT are appropriate
for your SMB environment. You can use the Intel AMT Web console to validate
Intel AMT parameters, as described in the Intel AMT configuration guide for SMB
environments, or in the troubleshooting section of this guide.
Once you have verified that Intel AMT is configured correctly for your SMB
environment, you should verify that the PC is available to N-central, as described next.
Step B: Verify the PC is available to N-central
This step shows how to verify that the PC is accessible in the N-central management
domain:
4.
If the PC is powered on, you are ready to add the PC to the Intel AMT device list.
Step C: Assign the Intel vPro service to the PC
This procedure
5.
6.
7.
Select the target PC. N-central then displays the edit-device screen.
8.
In the monitoring options area, check the checkbox to enable Intel vPro as a
monitoring option.
Caution:
9.
If you manually assign the Intel vPro service to the PC in N-central, the
power-control feature in N-central may not work properly. Refer to the
troubleshooting section for steps to resolve this potential issue.
Click OK. N-central updates the PCs information and returns the display to the
device list.
10. Check the checkbox next to the name of the target PC.
11. Click Add Services.
12. When prompted, select the probe to be used to monitor the PC. N-central then
displays the add-services screen.
13. If necessary, click OK.
14. In the probe service settings screen, make sure the instance of Intel vPro status
service is set to 1.
15. If necessary, click OK.
N-central should add the Intel vPro service to the device. You are now ready to
rediscover the PC, as described in step D.
- 66 -
Integration Guide:
Intel vPro processor technology and N-able Technologies N-central*
- 67 -
Integration Guide:
Intel vPro processor technology and N-able Technologies N-central*
When you delete the PC from the device list, you are removing the PC
from the management domain. N-central will erase all historical data
collected for this PC when the PC is deleted from the device list. The PC
will be considered a new PC the next time it is discovered.
Caution:
Removing a device from the Intel AMT device list in N-central does not
disable Intel AMT in BIOS and MEBx. It only disables the ability of Ncentral to recognize and remotely manage the PC as an Intel AMT-enabled
PC. Security credentials, networking, and operational parameters for Intel
AMT remain enabled on the PC.
Refer to your Intel AMT configuration guide for SMB environments for
information about erasing Intel AMT security, networking, and operational
parameters so that the Intel AMT capabilities can no longer be remotely
accessed.
To remove an Intel AMT-enabled PC from the device list, follow these steps:
1.
2.
3.
4.
If prompted, confirm that you want to remove the specified PC from the
management domain.
- 68 -
Integration Guide:
Intel vPro processor technology and N-able Technologies N-central*
Whenever possible, do not manually assign the Intel vPro service to the
PC. Instead, allow N-central to automatically assign the service when the
PC is discovered. If you manually assign the Intel vPro service to the PC,
the power-control feature may not work properly.
To verify that the Intel vPro service is assigned to the Intel AMT-enabled PC, follow
these steps:
1.
2.
Select the target PC to which you want to assign the Intel vPro service. N-central
displays a screen with several tabs for functions specific to this PC.
3.
If necessary, select the Details tab. N-central then displays the device-settings
screen (see Figure 3-21).
The Intel vPro service should already be checked. N-central automatically
assigns this service to any Intel AMT-enabled PCs that are found during
discovery.
4.
Select the Services tab to display the list of services currently assigned to the PC.
The Intel vPro service should be listed (see Figure 3-22).
5.
Click on the name of the Intel vPro service. N-central then displays details for the
service (see Figure 3-23).
6.
Make sure the network availability status for Intel Management Engine is green
(available).
The status screen also shows the power status for the PC.
Once you have verified that the Intel vPro service is assigned to the PC and available,
you are ready to configure each PC with device settings, remote manager settings,
downtime settings, and other parameters, as described next.
- 69 -
Integration Guide:
Intel vPro processor technology and N-able Technologies N-central*
Figure 3-21.
- 70 -
Integration Guide:
Intel vPro processor technology and N-able Technologies N-central*
Figure 3-22.
Figure 3-23.
- 71 -
Integration Guide:
Intel vPro processor technology and N-able Technologies N-central*
You should be familiar with N-central features and the N-central procedure
for configuring PCs before following these steps.
2.
3.
If necessary, click Add Device to display the screen where you can enter device
details, as shown later, in Figure 3-24.
4.
Note:
You should add vPro or something similar to the PCs name to help you
identify this as a PC with Intel vPro processor technology.
5.
Select the class to which the PC belongs. This setting tells N-central what kinds of
monitoring options will be available for the target PC.
6.
Verify that the monitoring option called Intel vPro Enabled is checked.
Caution:
Whenever possible, do not manually assign the Intel vPro service to the
PC. Instead, allow N-central to automatically assign the service when the
PC is discovered. If you manually assign the Intel vPro service to the PC,
the power-control feature may not work properly.
7.
In the description field, enter other information that would be useful when
remotely managing the PC.
8.
Click OK. N-central then saves the device details and returns the display to the
device list.
- 72 -
Integration Guide:
Intel vPro processor technology and N-able Technologies N-central*
N-central should display a confirmation message telling you that the PC was
successfully added to the management domain.
The confirmation screen will give you the option of adding additional services to the
PC. Answer yes or no, as appropriate.
You are now ready to select the probe to use for the Intel AMT power-control feature.
2.
3.
If necessary, click Add Device to display the screen where you can enter device
details, as shown in Figure 3-24.
4.
Note:
You should add vPro or something similar to the PCs name to help you
identify this as a PC with Intel vPro processor technology.
5.
Select the class to which the PC belongs. This setting tells N-central what kinds of
monitoring options will be available for the target PC.
6.
In the Network Address field, enter the IP address or FQDN for the target PC.
For static IP networking, enter the IP address for the PC. This must be the
same IP address as the address used for both Intel AMT and the host (the
PCs OS).
For DHCP networking, enter the FQDN.
7.
Enter the remote access URI (uniform resource identifier), as described in your Ncentral documentation.
If the target PC is located at the customer site (a site other than the MSP
service center), enter the URL that can be used to access the target PC through
the central server.
If the target PC is not located at the customer site, leave this field blank.
8.
- 73 -
Integration Guide:
Intel vPro processor technology and N-able Technologies N-central*
Figure 3-24.
9.
Verify that the monitoring option called Intel vPro Enabled is checked. This service
lets you access the N-central power-control tab to remotely power-on, power-off,
or power-reset the target PC. If necessary, check this service.
Caution:
Whenever possible, do not manually assign the Intel vPro service to the
PC. Instead, allow N-central to automatically assign the service when the
PC is discovered. If you manually assign the Intel vPro service to the PC,
the power-control feature may not work properly.
Note:
- 74 -
Integration Guide:
Intel vPro processor technology and N-able Technologies N-central*
If the agent-status service fails, the central server will disconnect all other
services except for Intel vPro status and a few other services.
If you have selected an option to install an agent on the PC, you will be
prompted to continue with the install-agent process, as described in your
N-central documentation.
- 75 -
Integration Guide:
Intel vPro processor technology and N-able Technologies N-central*
Figure 3-25.
You are now ready to select the probe to use for the Intel AMT power-control feature,
as described next.
- 76 -
Integration Guide:
Intel vPro processor technology and N-able Technologies N-central*
If necessary, select the customer site and All Devices View. N-central then
displays the list of devices available for remote management at the customer site.
2.
In the device list, select the name of the PC. N-central then displays the editdevices screen.
3.
Select the power-control tab. N-central then displays the power-control features
(see Figure 3-26).
4.
Select the probe to use for the Intel AMT power-control feature.
5.
Click OK.
N-central then saves your changes and returns the display to the device list.
The Intel AMT-enabled PC is now integrated into N-central. You can now customize Ncentral for Intel AMT-enabled PCs, or verify integration, as described near the end of
this section.
Figure 3-26.
- 77 -
Integration Guide:
Intel vPro processor technology and N-able Technologies N-central*
2.
Access Setup > Dashboards, to display the list of dashboards currently available
for the site (see Figure 3-27).
3.
Click Add Dashboard, to display the dashboard-details screen (see Figure 3-28).
4.
5.
6.
7.
8.
9.
Click Finish. N-central creates the dashboard and updates the left navigation bar
to add the new dashboard to the customer site.
10. Access the name of the dashboard to verify that you have access to it.
Figure 3-27.
- 78 -
Integration Guide:
Intel vPro processor technology and N-able Technologies N-central*
Figure 3-28.
Adding a dashboard
Figure 3-29 shows a custom dashboard called Managed vPros with the Intel vPro
status listed as one of the services. Figure 3-30 shows the expanded dashboard, with
the Intel vPro service and other services listed for each PC.
- 79 -
Integration Guide:
Intel vPro processor technology and N-able Technologies N-central*
Figure 3-29.
Figure 3-30.
- 80 -
Integration Guide:
Intel vPro processor technology and N-able Technologies N-central*
Verify integration
To verify that you have successfully integrated the Intel AMT-enabled PC(s) into Ncentral, you should verify the settings listed in Table 3-5.
Table 3-5. Settings that help verify integration
Location
Select the customer site and All Devices View. N-central should display the device
list for the site.
The list should include the new Intel AMT-enabled PC (see Figure 3-31).
2.
Select the target PC to display a screen with a list of tabs for the PC.
The Intel AMT power-control tab should be available.
3.
If necessary, select the services tab to display the list of available services for
the PC.
The Intel vPro service should be included in the list of available services (see
Figure 3-32).
4.
Click on the Intel vPro service to display information about the service.
- 81 -
Integration Guide:
Intel vPro processor technology and N-able Technologies N-central*
5.
6.
Click on the Service Details tab to show the details for the Intel vPro service.
Make sure that monitoring is enabled (see Figure 3-34).
7.
Select the power-control tab. N-central should display the power-control screen
(Figure 3-35).
8.
Select the Details tab to display a screen with details about the PC.
In the monitoring options area, the Intel vPro service checkbox should be
checked (see Figure 3-36). This service should have been enabled when you
set up the PC parameters in N-central.
Caution:
Whenever possible, do not manually assign the Intel vPro service to the
PC. Instead, allow N-central to automatically assign the service when the
PC is discovered. If you manually assign the Intel vPro service to the PC,
the power-control feature may not work properly.
In the asset information area, the UUID and motherboard information for the
PC should be displayed (see Figure 3-37).
If you have verified the elements in the procedure, you have verified integration of the
PC into N-central, as well as access to the Intel AMT capabilities.
Figure 3-31.
- 82 -
Integration Guide:
Intel vPro processor technology and N-able Technologies N-central*
Figure 3-32.
Figure 3-33.
- 83 -
Integration Guide:
Intel vPro processor technology and N-able Technologies N-central*
Figure 3-34.
Figure 3-35.
- 84 -
Integration Guide:
Intel vPro processor technology and N-able Technologies N-central*
Figure 3-36.
- 85 -
Integration Guide:
Intel vPro processor technology and N-able Technologies N-central*
Figure 3-37.
- 86 -
Integration Guide:
Intel vPro processor technology and N-able Technologies N-central*
Section 4:
Using Intel AMT capabilities
Introduction
Intel AMT delivers new hardware-based capabilities for remotely monitoring and
managing PCs even if the PC is powered off, the OS is unresponsive, management
agents are missing, or hardware (such as a hard drive) has failed. As long as the PC is
connected to a power source and plugged into the network, Intel AMT is available to
authorized MSP technicians.
The hardware-base capabilities include secure remote power-on/off, secure remote
boot/redirected boot, secure console redirection, system isolation and defense, agent
presence checking, access to BIOS configuration settings, and access to detailed
hardware asset information for CPUs, memory, hard disks, CD/DVD drives, and so on.
N-central is taking advantage of the Intel AMT capabilities for remote power on/off,
access to the PCs universal unique identifier (UUID), and access to manufacturer and
model information for the motherboard. The UUID and hardware asset information is
stored in dedicated, protected Intel AMT memory that is not on the hard drive.
Some of the most common tasks for which technicians will use the Intel AMT
capabilities via N-central include:
Security updates. Remotely power up a PC to perform a security update or
critical patch.
Application upgrades. Remotely power up a PC off-hours to update or upgrade
an application.
Ready PCs for a work shift. Remotely power up PCs before a work shift so that the
systems are ready when users arrive for the day.
Discovery. Accurately discover PCs with Intel vPro processor technology anytime.
Identify the UUID of a PC. Access device details to see the UUID for the
PC anytime.
Note:
The procedures in this section assume that you have already logged
into N-central.
Note:
- 87 -
Integration Guide:
Intel vPro processor technology and N-able Technologies N-central*
Discovery
Inventory
Security
Select the customer site. N-central should display a list of devices available at the
site (see Figure 4-1).
2.
Access Setup > Asset Management Tasks > Auto Discovery Tasks. N-central then
displays a screen that lists any discovery tasks that are currently available.
3.
Select Create Asset Discovery Task. N-central then displays the screen for
creating discovery tasks and importing devices.
4.
Enter a task name appropriate for discovering the PC. For example, enter
Discover new Intel AMT PCs.
5.
- 88 -
Integration Guide:
Intel vPro processor technology and N-able Technologies N-central*
6.
Note:
When N-central finishes the scan, N-central updates the status field from
Pending to Completed. You are now ready to import the list of newly
discovered devices into the N-central device list.
7.
If necessary, access Setup > Asset Management Tasks > Auto Discovery Tasks.
8.
9.
Click Import Discovered Assets. N-central then displays the list of newly
discovered PCs for the customer site.
10. In the Devices Found area, select the target PC you want to add to the device list.
11. Click > to add the PCs name to the list of devices that will be imported.
12. Click Import Devices. N-central then imports the PCs and displays the list of
probes to assign to the PCs.
Note:
The system does not automatically show you a list of discovered devices.
You must import the list of discovered devices into N-central in order to
view the list of new PCs found at the customer site.
- 89 -
Integration Guide:
Intel vPro processor technology and N-able Technologies N-central*
2.
3.
Click on the Details tab to display detailed information about the PC.
4.
The asset-information table includes the UUID for the PC, as well as detailed
information for the motherboard, such as manufacturer and model number.
- 90 -
Integration Guide:
Intel vPro processor technology and N-able Technologies N-central*
- 91 -
Integration Guide:
Intel vPro processor technology and N-able Technologies N-central*
Security
Inventory
Diagnostics and
problem resolution
Maintenance and
monitoring
Software application
upgrade
Energy savings
- 92 -
Integration Guide:
Intel vPro processor technology and N-able Technologies N-central*
Select the target site and an appropriate dashboard for the site. Figure 4-3 shows
a dashboard for a site with one PC powered off.
2.
Click on the name of the target PC. N-central then displays the list of command
tabs available for the PC.
3.
4.
Click on the Intel vPro service. N-central then displays the status screen for the
service, which includes the power status of the PC (see Figure 4-4).
5.
Click on the Reports tab to see a report of the power status of the PC (see
Figure 4-5).
Figure 4-4 shows a sample service-status screen for a PC. Note the power-status
indicator. If the power-status indicator is red (failed), the PC is powered off. If the
power-status indicator is green (see Figure 4-4), the PC is powered up. There is also
an indicator for the Intel vPro service, which can be available even if PC power is off.
Figure 4-5 shows a report for a PC that was powered down the previous night. You can
see that power status went to zero (unavailable) in the previous 12-hour period. This
PC is no longer available for service through traditional software-based tools.
However, you can now use N-central and the remote power-on feature of Intel vPro
processor technology to remotely and securely power the Intel AMT-enabled PC up for
service. This procedure is described next.
- 93 -
Integration Guide:
Intel vPro processor technology and N-able Technologies N-central*
Figure 4-3. PC powered down, but Intel vPro service still available
- 94 -
Integration Guide:
Intel vPro processor technology and N-able Technologies N-central*
2.
Click on the name of the PC you want to accurately identify. N-central then
displays the list of command tabs available for the PC.
3.
4.
5.
Note:
When power-up is completed, N-central should display a message saying that the PC
has successfully powered up. Once the PC is fully powered up, other service indicators
in the dashboard should be green (up).
If the status of other services does not change within 10 minutes, try refreshing
the screen.
- 95 -
Integration Guide:
Intel vPro processor technology and N-able Technologies N-central*
Note:
Remote power-off and power reset commands may cause data loss. They
go directly to the system hardware and do not allow the OS to shutdown
gracefully.
To remotely and securely power off an Intel AMT-enabled PC through N-central, follow
these steps:
1.
2.
Click on the name of the PC you want to accurately identify. N-central then
displays the list of command tabs available for the PC.
3.
4.
5.
- 96 -
Integration Guide:
Intel vPro processor technology and N-able Technologies N-central*
N-central then displays a message indicating that you have selected the power-down
feature, and the system is processing your request.
When the PC is fully powered down, all services except Intel vPro will become
unavailable. The Intel vPro service, which is available out-of-band, gives you access to
the power on/off feature, UUID, and detailed hardware asset information even when
other services are not available.
Note:
Remote power-off and power reset commands may cause data loss. They
go directly to the system hardware and do not allow the OS to shutdown
gracefully.
To remotely and securely power-reset an Intel AMT-enabled PC, follow these steps:
1.
2.
Click on the name of the PC you want to accurately identify. N-central then
displays the list of command tabs available for the PC.
3.
Select the Power Control tab (see Figure 4-6, earlier in this guide).
4.
5.
Click Reboot.
N-central then displays the message indicating that you have selected the reboot
feature, and the system is processing your request. When done, the status field will
display a message indicating that the PC is now powered back up.
Note:
- 97 -
Integration Guide:
Intel vPro processor technology and N-able Technologies N-central*
Section 5:
Troubleshooting
Introduction
This section describes considerations and procedures that can help you troubleshoot
typical issues with network communication, security credentials, and other
parameters. This section includes these major discussions:
Categories of typical problems
Support and validation tools
Troubleshooting procedures
Special considerations and best practices for setup, configuration, and installation
procedures are described earlier in this guide, in the configuration, installation, and
integration sections.
Note:
The most common problems encountered during deployment are networking and
firewall problems:
Windows firewall settings are blocking communication between N-central and the
Windows probe, or between the Windows probe and the target PC.
WMI authentication settings by default do not allow remote readers (such as the
Windows probe or agent) to collect monitoring information from the target PC.
Network firewall settings are blocking communication between the Windows
probe or agent and the N-central server.
- 98 -
Integration Guide:
Intel vPro processor technology and N-able Technologies N-central*
View the system status and hardware information for the target PC
View, start/stop, and clean the Intel AMT event log.
Remotely power the PC on or off, or reset the PC.
View and manage Intel AMT network parameters.
View and manage Intel AMT user accounts.
- 99 -
Integration Guide:
Intel vPro processor technology and N-able Technologies N-central*
The Intel AMT Web console must be used from a PC other than the target PC. For
example, you can use the Intel Web console to access Intel AMT settings and
information from the PC on which the probe is installed, from another user PC at the
customer site, from the remote management workstation, or from another remote PC.
- 100 -
Integration Guide:
Intel vPro processor technology and N-able Technologies N-central*
Figure 5-1. Sample login prompt for the Intel AMT Web console
Figure 5-2. Login dialog for the Intel AMT Web console
- 101 -
Integration Guide:
Intel vPro processor technology and N-able Technologies N-central*
Figure 5-3. Network settings page accessed via the Intel AMT Web
console
Figure 5-4. Padlock icon indicates restricted access for that account
If you try to access a Web console page for which you do not have sufficient rights,
you will be prompted to log in using a different account name and password.
Once you have logged in using an account with greater rights, you can refresh the
display of padlock icons using the consoles refresh button.
- 102 -
Integration Guide:
Intel vPro processor technology and N-able Technologies N-central*
Respond-to-ping setting
Networking mode
You can remotely reset networking to DHCP (obtain IP address automatically) or
static IP addressing (use the following IP settings), as appropriate for your SMB
environment.
In DHCP networking (the obtain IP address automatically field), Intel AMT will try
to obtain an IP address from a DHCP server. If you choose DHCP mode (obtain IP
address automatically), make sure:
Host name: The name of the host (PCs OS) is the same as the computer name set in
MEBx for Intel AMT.
DNS server: Your network includes a DNS server that can resolve the PCs name.
Note:
In DHCP networking, the name for Intel AMT should be the same as the
name defined for the host (the PCs OS).
In static IP addressing (the use the following IP settings field), you must enter
additional information manually, including IP address, subnet mask, gateway address,
and preferred and alternate DNS addresses. For static IP addressing, make sure:
IP address: Set the IP address for the host (PCs OS) and the IP address for Intel
AMT to the same value.
Preferred and Alternate DNS addresses: Specify the address of the DNS server that
will resolve the computer host name.
Note:
Respond-to-ping setting
This field configures the ping status of the network interface card (NIC), and allows
Intel AMT to respond to an IP ping anytime, even if the PC is powered off.
In static IP mode, Intel AMT always responds to a ping.
In DHCP mode, Intel AMT will respond to a ping only when the OS is down.
- 103 -
Integration Guide:
Intel vPro processor technology and N-able Technologies N-central*
N-able takes advantage of the PCs ability to respond to pings. Because of this, make
sure the Intel AMT respond-to-ping feature on the PC is enabled by checking the
respond-to-ping checkbox through the Intel AMT Web console. This allows N-central to
accurately discover the PC anytime.
Authentication problems
There are several administrator passwords used during deployment, and later, to
reconfigure hardware and/or software as needed.
If you are having trouble logging into N-central, BIOS, MEBx, or Intel AMT, you are
probably using the wrong administrator password for that component of the managed
environment.
- 104 -
Integration Guide:
Intel vPro processor technology and N-able Technologies N-central*
Used for:
Used to:
BIOS
password
BIOS
Intel AMT
password
MEBx
N-central
password
N-central
Used by an IT administrator to log into Ncentral. This password is first set during
installation of N-central, and can be reset via
the user-management feature in N-central.
Users
management
password
Access to customers
N-central information
- 105 -
Integration Guide:
Intel vPro processor technology and N-able Technologies N-central*
Security credentials and networking and operational parameters used to access Intel
AMT capabilities must be enabled and appropriate for your network and SMB
environment. Table 5-2 lists ways to fix possible issues with the Intel AMT
configuration.
Whenever possible, do not manually assign the Intel vPro service to the
PC. Instead, allow N-central to automatically assign the service when the
PC is discovered. If you manually assign the Intel vPro service to the PC,
the power-control feature may not work properly.
- 106 -
Integration Guide:
Intel vPro processor technology and N-able Technologies N-central*
Possible reason
How to fix
Cant bring up
the Intel AMT
Web console
using the
machine name
or the FQDN
- 107 -
Integration Guide:
Intel vPro processor technology and N-able Technologies N-central*
Table 5-2.
Issue
Possible reason
How to fix
Or,
Intel AMT is not enabled
on the PC.
You are trying to connect
using a protocol that is not
compatible with the
selected port.
Note that Intel AMT
supports both HTTP and
HTTPS. The default
protocol is HTTP. For HTTP,
the default communication
port is 16992.
Cant access
Intel AMT from
the network.
Error messages
could include:
log on failed,
incorrect user
name or
password, or user
account is
temporary locked
Security credentials
(administrator password)
are not yet established for
the PC.
- 108 -
Integration Guide:
Intel vPro processor technology and N-able Technologies N-central*
- 109 -
Integration Guide:
Intel vPro processor technology and N-able Technologies N-central*
Possible reason
How to fix
Error: Invalid
certificates
After the OS
loads, I can't
connect to the
PC
- 110 -
Integration Guide:
Intel vPro processor technology and N-able Technologies N-central*
Possible reason
How to fix
Cant complete
installation of
the probe
Cant verify
installation of
N-central or the
probe
Networking parameters
are not correctly specified
for your security setup or
network architecture.
- 111 -
Integration Guide:
Intel vPro processor technology and N-able Technologies N-central*
Table 5-4.
Issue
Possible reason
How to fix
Cant access
probe device
Or,
Cant select a
probe
Or,
N-central is not
receiving data
from the probe
I configured
Intel AMT, but I
cant discover
the PC as an
Intel vPro PC
Cant remote
control any PC
at the target
site
This is an in-band
capability of N-central.
- 112 -
Integration Guide:
Intel vPro processor technology and N-able Technologies N-central*
2.
3.
B. Reset the default settings for N-central. Once you have updated the settings
for the N-central server, you must verify or correct the default settings for the server.
Follow these steps:
4.
5.
6.
Verify that the correct public and private IP addresses are entered in the IP
address fields.
7.
To correct the IP address for the N-central server, follow these steps:
a. Access Network Setup > Modify Network Setup, to display the Network settings
screen.
- 113 -
Integration Guide:
Intel vPro processor technology and N-able Technologies N-central*
b. Enter the correct public (external) IP address for the N-central server in the
public IP address field.
c. Enter the correct private IP address for the N-central server in the private IP
address field.
d. Make sure the host name is set to the public (external) FQDN.
e. Click OK to save your changes. N-central will automatically log you out.
It takes approximately 2 to 3 minutes for the new network settings to take
effect.
Caution:
If you dont save current settings as the default settings, the N-central
server may reset network settings to previous values when you establish
the next remote session. This may cause many network problems; for
example, you may not be able to connect to the local server from the MSP
service center, your probe(s) may not be able to connect to the server, or
you may experience other network issues.
f.
g.
h.
i.
8.
9.
- 114 -
Integration Guide:
Intel vPro processor technology and N-able Technologies N-central*
Possible reason
How to fix
Receive error
messages when
I try to reconfigure PCs to
continue to use
the Windows
firewall
Cant configure
Windows
firewall
Or,
Cant configure
Windows
Security Center
settings
If you are having issues with firewalls on Windows Vista, you should report them to
Microsoft and/or N-able.
- 115 -
Integration Guide:
Intel vPro processor technology and N-able Technologies N-central*
Possible reason
How to fix
Target site is
listed as failed
(down) for all
services
A personal firewall is
interfering with
communication between
the probe and the PC.
Network
services: failed
(includes Intel
vPro service:
failed)
Network
services:
misconfigured
and
Intel vPro
service: green
- 116 -
Integration Guide:
Intel vPro processor technology and N-able Technologies N-central*
Possible reason
How to fix
Network
services: green
but
Intel vPro
service: failed
PC power
status: failed
- 117 -
Integration Guide:
Intel vPro processor technology and N-able Technologies N-central*
Table 5-7.
Issue
Possible reason
How to fix
Intel vPro
service: green
But I cant
access the
power-control
feature or see
UUID or
motherboard
information
Intel vPro
service is not
available
- 118 -
Integration Guide:
Intel vPro processor technology and N-able Technologies N-central*
Possible reason
How to fix
Connectivity
service: failed
and,
Intel vPro
network
availability:
failed
and,
PC power
status: failed
Network cable is
disconnected.
Power cable is
disconnected from PC
and
PC power
status: green
Intel vPro
network
availability
status: failed
and
PC power
status: failed
- 119 -
Integration Guide:
Intel vPro processor technology and N-able Technologies N-central*
Table 5-8.
Issue
Possible reason
How to fix
Intel vPro
network
availability:
failed
AMT is misconfigured,
possibly because of a
CMOS error (rare).
and possibly
also,
PC power
status: failed
Intel vPro
network
availability:
failed
and,
PC power
status: failed
after power is
interrupted to
the PC. (Intel
AMT doesnt
come back up
after a power
failure.)
1.
2.
- 120 -
Integration Guide:
Intel vPro processor technology and N-able Technologies N-central*
Troubleshooting: Discovery
The tables in this discussion will help you identify and fix problems that might appear
to be problems discovering the PC, discovering the system as an Intel AMT-enabled
PC, or dealing with double-reporting.
The most common reasons you cant discover an Intel AMT-enabled PC or access Intel
AMT capabilities relate to Windows firewall settings. Be particularly careful in setting
up your firewalls and WMI.
However, you may have simply forgotten to enable and configure Intel AMT on the
target PC for your SMB environment. Remember that N-central is designed for SMB
environments. You must configure Intel AMT for SMB operation in order to access the
Intel AMT-enabled PC from N-central. You must also configure the networking and
other operational parameters of Intel AMT before you can integrate the PC into Ncentral and access the Intel AMT capabilities.
Tables 5-9 explains common reasons you might have problems with discovery or
access to Intel AMT features, and possible fixes.
Table 5-9. Troubleshooting: PC doesnt show up as an Intel AMT-enabled PC
Issue
Possible reason
How to fix
Cant discover
the PC
- 121 -
Integration Guide:
Intel vPro processor technology and N-able Technologies N-central*
Table 5-9.
Issue
Possible reason
How to fix
Cant discover
the PC out-ofband
PC doesnt show
up in the list of
available
devices
- 122 -
Integration Guide:
Intel vPro processor technology and N-able Technologies N-central*
Table 5-9.
Issue
Possible reason
How to fix
Intel AMT
power-control
feature, UUID,
and
motherboard
information
does not show
up for the PC
1.
- 123 -
Integration Guide:
Intel vPro processor technology and N-able Technologies N-central*
Possible reason
How to fix
Intel AMT is
configured, and
I integrated the
PC, but now it
doesnt show up
in discovery
http://www.microsoft.com/technet/prodte
chnol/winxppro/maintain/sp2netwk.mspx
#EIAA
- 124 -
Integration Guide:
Intel vPro processor technology and N-able Technologies N-central*
Caution:
When you delete the PC from the device list, you are removing the PC
from the management domain. N-central will erase all historical data
collected for this PC when the PC is deleted from the device list. The PC
will be considered a new PC the next time it is discovered.
Follow these steps to remove a PC from the N-central device list, and add it back in as
an Intel AMT-enabled PC:
Step A: Verify Intel AMT configuration on the PC
1.
2.
Make sure the Intel AMT parameters on the PC have been configured in SMB
mode via BIOS and MEBx. Refer to the Intel AMT configuration guide for SMB
environments for this procedure.
3.
Verify that the networking and operational settings of Intel AMT are appropriate
for your SMB environment. You can use the Intel AMT Web console to validate
Intel AMT parameters, as described in the Intel AMT configuration guide for SMB
environments, or in the troubleshooting section of this guide.
Once you have verified that Intel AMT is configured correctly for your SMB
environment, you should verify that the PC is available to N-central, as described next.
Step B: Verify the PC is available to N-central
4.
If the PC is powered on, you are ready to add the PC to the Intel AMT device list.
Step C: Delete the PC from the device list
You will now delete the PC name from the N-central device list, then rediscover it as
an Intel AMT-enabled PC.
Caution:
When you delete the PC from the device list, you are removing the PC
from the management domain. N-central will erase all historical data
collected for this PC when the PC is deleted from the device list. The PC
will be considered a new PC the next time it is discovered.
6.
7.
Check the checkbox next to the name of the PC you want deleted from the device
list (see Figure 5-5).
8.
9.
- 125 -
Integration Guide:
Intel vPro processor technology and N-able Technologies N-central*
Figure 5-5.
- 126 -
Integration Guide:
Intel vPro processor technology and N-able Technologies N-central*
16. Access Create Task > Scan > Import Discovered Assets. N-central displays the list
of PCs recently discovered for the customer site.
17. In the Devices Found area, select the target PC you want to add to the device list.
18. Click > to add the PCs name to the list of devices that will be imported.
19. Click Import Devices.
N-central then imports the PC and returns to the device list. You should see the
rediscovered PC in the device list.
Step F: Verify that the PC is recognized as an Intel AMT-enabled PC
Follow these steps to make sure the PC is now recognized as an Intel AMT-enabled PC:
20. If necessary, select the customer site.
21. Access Status > Devices.
22. Select the target PC.
N-central should display a screen with a list of tabs for the PC, including the Intel AMT
power-control tab. If you see the power-control tab, the PC has been recognized as an
Intel AMT-enabled PC.
- 127 -
Integration Guide:
Intel vPro processor technology and N-able Technologies N-central*
Appendix A:
Quick Start for Integration
Introduction
This section provides a streamlined process for deploying PCs with Intel vPro processor
technology in an N-able N-central service environment for SMB customers. For a
nonhosted solution, the overall deployment process follows three general steps, as
shown in Figure A-1.
Note:
Note:
Caution:
- 128 -
Integration Guide:
Intel vPro processor technology and N-able Technologies N-central*
- 129 -
Integration Guide:
Intel vPro processor technology and N-able Technologies N-central*
Table A-1 lists the processes required to deploy a PC with Intel vPro processor
technology. Optional procedures and other procedures that may be useful to you are
included in the integration section of this guide.
Table A-1. Deploying Intel AMT-enabled PCs and N-central
Step
Process
Step 1
Step 2
Step 3
Step 4
Step 5
Step 6
Step 7
Step 8
Import the Intel AMT-enabled PCs into the N-central management domain
Step 9
Step 10
Configure the PC with the Intel vPro service and other details
Step 11
Once the PC is integrated into N-central, you can use other N-central features to
customize the way N-central monitors the PC, displays information, categorizes alerts,
and creates reports. For more information about N-central features, refer to your Nable documentation.
- 130 -
Integration Guide:
Intel vPro processor technology and N-able Technologies N-central*
Deployment procedure
The rest of this appendix explains the deployment procedure for PCs with Intel vPro
processor technology in an N-central service environment.
Set up security, networking, and operational parameters of Intel AMT via BIOS
and MEBx. Refer to the Intel AMT configuration guide for SMB environments for
step-by-step procedures that explain how to configure Intel AMT.
Caution:
N-central requires that you enable the Intel AMT respond-to-ping feature
on the target PC in order to allow out-of-band discovery.
Note:
Make sure the firewall does not prevent the ping response. Refer to your
N-able documentation for recommended settings for firewalls.
Note:
You must use the Web console from another PC to access the Intel AMT
respond-to-ping feature on the target PC.
2.
3.
4.
In the URL field, enter the target PCs name or IP address, and the port number.
If the network can resolve the target PCs host name to a TCP/IP address, enter
the host name in the URL field, like this:
http://host_name:16992
For example: http://TestSystem:16992
If a static TCP/IP address is defined for the target PC, enter the PCs IP address
in the URL field, like this:
http://ip_address:16992
For example: http://192.168.1.7:16992
5.
- 131 -
Integration Guide:
Intel vPro processor technology and N-able Technologies N-central*
6.
When prompted, login using the Intel AMT administrator username and password.
The Intel AMT Web console is then opened.
7.
8.
9.
Click Submit.
- 132 -
Integration Guide:
Intel vPro processor technology and N-able Technologies N-central*
13. Validate that Windows firewall is configured properly: Verify the Windows firewall
settings via the control panel on the target PC.
14. Validate that WMI is configured properly: Run the Microsoft wbemtest utility to
test that WMI is configured properly on the PCs you are remotely managing, and
that the correct user permissions are set on each PC.
For the N-able probe to identify the PC as an Intel AMT-enabled PC, Intel
AMT must be enabled and the Intel AMT security, networking, and
operational parameters must be configured correctly on the PC via BIOS
and MEBx.
Note:
The security credentials set in this procedure must match the credentials
(administrator username and password) set in the Intel AMT parameters
on the PC. You set these credentials on the PC when you configure Intel
AMT via BIOS and MEBx.
- 133 -
Integration Guide:
Intel vPro processor technology and N-able Technologies N-central*
You will need the IP address for each PC in order to discover the PCs the
first time. To discover the Intel AMT-enabled PCs, follow these steps:
Note:
- 134 -
Integration Guide:
Intel vPro processor technology and N-able Technologies N-central*
Check the system requirements and special considerations listed in this section. Make
sure your equipment, OSs, network, and other elements are appropriate for your
environment.
Check the configuration or installation settings listed in the solution architecture
section and in the three deployment sections (configuring Intel AMT, installing Ncentral, and integrating the PC with N-central). Make sure you have set up
networking and security properly for the PC, servers, and environment.
Refer to the troubleshooting section of this guide.
Refer to your N-central documentation for more information about discovering PCs
and troubleshooting the process.
Because you are integrating a desktop PC, do not check the Monitor Local
Services checkbox.
40. Click Import Devices. N-central then imports the PCs and displays the list of
probes to assign to the PCs.
41. Select the probe to use to monitor the PC.
42. In the Services area, select the services to assign to the PC.
43. Click Finish. N-central then assigns the probe and returns to the device list. You
should see the discovered PC in the device list.
- 135 -
Integration Guide:
Intel vPro processor technology and N-able Technologies N-central*
Whenever possible, do not manually assign the Intel vPro service to the
PC. Instead, allow N-central to automatically assign the service when the
PC is discovered. If you manually assign the Intel vPro service to the PC,
the power-control feature may not work properly.
You should add vPro or something similar to the PCs name to help you
identify this as a PC with Intel vPro processor technology.
56. Select the class to which the PC belongs. This setting tells N-central what kinds of
monitoring options will be available for the target PC.
57. Verify that the monitoring option called Intel vPro Enabled is checked.
Caution:
Whenever possible, do not manually assign the Intel vPro service to the
PC. Instead, allow N-central to automatically assign the service when the
PC is discovered. If you manually assign the Intel vPro service to the PC,
the power-control feature may not work properly.
- 136 -
Integration Guide:
Intel vPro processor technology and N-able Technologies N-central*
58. In the description field, enter other information that would be useful when
remotely managing the PC.
59. Click OK. N-central then saves the device details and returns the display to the
device list.
Verify integration
To verify that you have successfully integrated the Intel AMT-enabled PC(s) into Ncentral, you should verify the settings listed in Table A-2.
- 137 -
Integration Guide:
Intel vPro processor technology and N-able Technologies N-central*
If you have verified the elements in the procedure, you have verified integration of the
PC into N-central, as well as access to the Intel AMT capabilities.
- 138 -
Integration Guide:
Intel vPro processor technology and N-able Technologies N-central*
Appendix B
Accessing BIOS
The commands and/or keys used to access BIOS depend on your PCs manufacturer.
Table B-1 describes typical ways to access BIOS and MEBx for common PC
manufacturers.
Refer to your PC manufacturers documentation for specific information on how to
access BIOS and MEBx for your PC.
Table B-1. Commands/keys to access BIOS
BIOS type
ASUS BIOS
F10 key
HP BIOS
F10 key
Intel BIOS
F2 key
Lenovo BIOS
- 139 -
Integration Guide:
Intel vPro processor technology and N-able Technologies N-central*
Appendix C
Acronyms and Glossary
Glossary
agent presence. Part of the Intel AMT system defense capabilities, agent presence
provides a mechanism for third-party software applications (such as virus scan or
antispyware) to register with Intel AMT and check in at regular intervals with hardwarebased timers.
alerting. Intel AMT can send alerts to the remote management console regardless of PC
power state or the state of the OS. IT administrators can subscribe or unsubscribe to
specific alerts through the event manager service.
configured state. A fully configured state, in which Intel AMT has been configured with
power policies, security credentials (in SMB mode, credentials are established via the
administrator password), and the settings that activate Intel vPro processor technology
capabilities. A PC whose Intel AMT capabilities have been configured, is ready to be
integrated into and interact with a third-party management application.
console redirection (SOL). A hardware-based Intel AMT capability. Console redirection
allows an authorized IT technician to remotely and securely control a PCs keyboard and
mouse through serial-over-LAN (SOL).
enterprise IT mode. An operational mode for large organizations that have a dedicated
IT staff. This is an advanced networking mode that supports TLS and requires a setup
application (the configuration service). Most MSP management applications are designed
to work in SMB environments. If you are configuring Intel AMT for an SMB environment,
you must change the operational mode to SMB mode in order for the MSP third-party
management application to access Intel AMT capabilities.
event log. An Intel AMT event log, stored in dedicated, tamper-resistant memory that is
not on the hard drive. The event log is accessible to authorized technicians even if the PC
is powered down, the OS becomes inoperative, management agents are missing, or
hardware (such as a hard drive) has failed.
factory-default state. A state in which security credentials have not been established for
AMT capabilities. The factory-default settings for Intel AMT are typically defined for
enterprise mode. Typically this means that Intel AMT is enabled, networking is set to
enterprise mode, TLS is enabled, and DHCP is enabled. To use Intel AMT capabilities in an
SMB environment, you must reconfigure Intel AMT from its factory-default and
enterprise-mode settings. Typically, this means setting the operational mode to SMB,
disabling TLS, and entering the DHCP or static IP addressing information appropriate for
your SMB environment.
host. The PCs operating system. For static IP addressing in enterprise mode, the host can
have a different MAC address than the manageability MAC address used for the Intel
Management Engine (which includes Intel AMT). For static IP addressing in SMB mode,
you should use the same IP address for both the host (the PCs OS) and Intel AMT.
local site. In this guide, the term local site refers to the customer site.
- 140 -
Integration Guide:
Intel vPro processor technology and N-able Technologies N-central*
MEBx. The Intel Management Engine BIOS extension. The MEBx settings that are available
to IT administrators, and the default values of those settings are vendor-dependent.
networking mode. See operational mode.
networking type. PCs with Intel AMT can be set up for two types of networking: dynamic
IP or static IP. Both types of networking are supported by enterprise mode and smallbusiness (SMB) mode.
nonvolatile memory. A hardware-based Intel AMT capability. Nonvolatile memory is
dedicated, tamper-resistant memory that is not stored on the hard drive. The information
stored in this memory is available to authorized technicians anytime, even if PC power is
off, the OS is unresponsive, or hardware (such as a hard drive) has failed. Information
stored in nonvolatile memory can include the PCs unique ID, hardware-asset information,
BIOS configuration information, and the Intel AMT event log.
operational mode. Intel AMT can be set up for two types of operational networking (also
called networking models): enterprise mode and small-business mode. Both modes
support dynamic and static IP addressing. The PC manufacturer typically specifies the
default networking type when building the Intel vPro processor technology flash image.
remote boot/redirected boot. A hardware-based Intel AMT capability that allows
authorized technicians to remotely boot a PC to a clean state, or redirect the boot device
for a problem PC to a clean image on local storage, a CD at the help desk, an image on a
remediation server, or to some other remote device. Remote boot is provided through
integrated drive electronics redirect (IDE-R).
remote power-up. A hardware-based Intel AMT capability that allows authorized
technicians to securely power up, power down, or power reset PCs from the management
console.
remote site. In this guide, the term remote site refers to the MSP service center or
centralized help desk.
setup state. Intel AMT has three states: factory-default state, setup state (initial security
credentials are loaded), and configured state (Intel AMT is enabled and configured for
remote management). Setup state is the state in which the initial, bootstrap security
credentials have been established for Intel AMT. In enterprise mode, credentials include
initial administrator password, provisioning passphrase (the PPS, or preshared key), and
provisioning identifier (PID). In SMB mode, security credentials are typically only the
administrator password. As soon as security credentials have been established Intel AMT
is set up and ready to be configured. In enterprise mode, setup and configuration are
often separate processes. In SMB mode, setup and configuration can be performed as
part of the same manual process.
small-business mode. A simplified networking mode that does not support TLS, does not
require a setup application, and does not require DHCP or DNS.
simple object access protocol (SOAP). A protocol that allows IT administrators to
communicate with PC hardware across the network.
system isolation and recovery. Part of the Intel AMT system defense capabilities,
system isolation and recovery provides hardware-based filters for inbound and outbound
network traffic, port isolation based on IT-defined policies, and the ability to rate-limit
network traffic to allow more time to investigate a threat.
- 141 -
Integration Guide:
Intel vPro processor technology and N-able Technologies N-central*
third-party data store (3PDS). A persistent space in the Intel AMT nonvolatile memory
where third-party vendors can store information, such as software version numbers, .DAT
file information, machine IDs, pointers to database information, or other data.
universal unique identifier (UUID). The UUID is the universally unique identifier for the
Intel AMT system, as defined by RFC 2459; section 4.1.2.8. The UUID is stored in the
Intel AMT persistent, dedicated memory in each PC, and is protected by various security
technologies and methodologies depending on your operational mode (enterprise or SMB),
such as HTTP digest authentication, TLS, username-password pairs, and access control
lists (ACLs).
Acronyms
3PDS
AD
AMT
API
BIOS
DHCP
DNS
FQDN
GUI
HTTP
HTTP-S
iamt
ID
Identifier
IDE-R
Integrated device electronics redirect. See glossary entry for remote boot.
IP
Internet protocol
ISV
IT
Information technology
LAN
MAC
ME
Management engine
MEBx
MEI
OEM
- 142 -
Integration Guide:
Intel vPro processor technology and N-able Technologies N-central*
OS
Operating system
PC
Personal computer
POST
Power-on self-test
PXE
SDK
SMB
Small- or medium-business
SNMP
SOAP
SOL
SSL
SX
TCP/IP
TLS
UI
User interface
UUID
WOL
WSUS
XML
- 143 -