Intel Active Management Teknolojilerine (iAMT) Leave a comment

IT professionals have many options for deploying and managing computing end points the following guide will walk you through the decision process for integrating. Intel vPro platforms into your computing environment the first thing you have to determine is are you deploying managed endpoints if your business is interested in asset control that helps you improve productivity minimize risk and reduce costs then vPro may be a great fit.

the next question is are you deploying out-of-band use cases. if your business wants to make systems more accessible for remote management then vPro platforms with Intel active management technology also known as Intel AMT. may be the right solution for you. Intel AMT provides out-of-band remote management that is independent of the operating system and independent of power state. resulting in more efficient proactive and reactive maintenance event points if you are not deploying out-of-band use cases you might still deploy vPro systems for other considerations such as performance, improved stability or additional security features.

the next question in this decision guide is do you have vPro systems in your installed base if you do not intel recommends deploying the latest 8th gen Intel Core vpro processor based systems you will find though that Intel AMT capabilities have been largely consistent across generations of the vPro platform and you should be able to activate and manage vPro systems using a consistent set of tools and technologies as described in the steps that follow.

the next consideration for activating manageability features at vPro platforms is whether you have physical access to the system’s. if you do such as in the case of initial endpoint deployment you have the option to set up systems manually. at this point you may decide whether you will only set up the systems for remote activation or complete a full manual configuration. if you do not have physical access to the systems and the systems are not set up to be activated remotely you will not be able to configure AMT. remote configuration is highly recommended for environments with a large endpoint count. Intel setup and configuration software offers two manual configuration options each resulting in a different operating mode for AMT host based configuration results in client control mode while manual configuration using a USB key results in admin control mode. the difference between the two is that admin control mode does not require user consent before a technician can remotely takeover a machine. utilizing Intel remote configuration service always results in an admin control mode setup. Intel also provides PowerShell scripts that allow an endpoint to switch from admin control mode to client control mode as neat. in addition Intel tools include a move to a CM command for switching systems from client control mode to admin control mode. this feature is commonly used with systems with no wired Ethernet port which are typically configured in client control mode at initial setup. a common practice for AMT deployments is utilization of transport layer security to set up a trusted connection between a remote management console and the endpoint being managed. this is typically required for admin control mode where again user consent is not required for remote management operations.

intel AMT fully supports a variety of Microsoft Enterprise Services. if you have an existing Microsoft Active Directory service Intel recommends you configure AMT endpoints for ad which you will also have to do if you are implementing port based authentication with 802.X. finally when manageability use cases require digital certificates as is the case for admin control mode devices should be configured for Microsoft certificate authority or your preferred CA vendor. in the end we have two scenarios on scenario a we have an AMT activated endpoint that supports admin control mode including all remote management operations and on scenario B we have an AMT activated client control mode system with user consent required for full remote control of the device. once you have AMT activated endpoints, you need a way to control them if you were using Microsoft System Center Configuration Manager the free intel manageability commander plug-in is a great solution for executing out-of-band remote management use cases. if you do not have a preferred console, intel manageability commander can also function as a standalone tool otherwise you must check for AMT features support with your current management software vendor. in the case AMT features are not supported by your current vendor Intel manageability commander remains an option as well as the mesh commander open source console which some software vendors have also integrated into their respective products.

in conclusion successful feet pro platform deployments require selecting the right Hardware, activating Intel AMT and fully integrating computing endpoints into your corporate environment. for more information on the intel vPro platform and how to use its capabilities please visit intel.com/vPro