登録

HOT TOPIC: MANAGEABILITY

Intelligent, Connected…and Remotely Managed

Steve Adams
Intel Sr. Strategic Marketing Manager

The embedded world is becoming increasingly diverse, ranging from communications routers and gateways for the Internet backbone to an almost limitless range of intelligent connected devices.

As the sophistication of intelligent connected devices expands, and these devices are more widely deployed in transportation systems, power grids, factories, retail stores and signage systems, it is clear that return on investment can improve significantly if onsite repair visits can be avoided.

That is why, as an industry, we need to make devices intelligent, connected–and remotely manageable over the network, without the downtime and cost associated with truck rolls. But when it comes to remote manageability in the embedded world, no one size fits all.

Most embedded end-users now expect the manageability solution to come from the equipment vendor. The result is that you have multiple software and console manageability solutions available today. At Intel we appreciate the need to deliver products and remote manageability technologies that integrate well with these systems. To accomplish this goal we are designing to meet industry standards for manageability, including WS-MAN (Web Services Management), Open Mobile Alliance (OMI) standards, and DASH, the DMTF standard for device management.

We are also seeing growing number of devices connecting to unlicensed (Wi-Fi and 802.15.4) and licensed spectrum (3G and 4G) networks, a trend that is further accelerating the deployment of intelligent connected embedded devices in places they have never been used before. Fortunately, when it comes to manageability, best practices from mobile communications and computing are spilling over into the embedded world.

OOB manageability

We are seeing another trend: in communications infrastructure equipment such as high end, routers, switches, gateways typical of a central office, almost 100 percent of these have a requirement for out-of-band (OOB) management. This term signifies different things to different people, but what it generally means is that the management function is not dependent on the elements of the system that it is managing.

When you look at a bladed router or switch, it has its own discrete management hardware occupying one or more slots in the chassis, and this dedicated manageability system is completely autonomous from the system under management.

In many cases, the management module has its own redundant power supply and network connection. This enables the system operator to reach out to bring the system back on line and provision updates.

Today we are seeing the emergence of incredible new categories of intelligent connected devices. These are embedded products with the processing intelligence to support new usage models, sophisticated resident applications and smart services in systems such as retail kiosks, POS terminals, ATM machines, intelligent digital signage, transportation, electric power infrastructure and factory automation systems. Like the critical infrastructure devices, these embedded end node devices are beginning to follow the trend by embracing their own form of OOB management.

Intel® vPro™ technology with Intel® AMT

These systems also benefit enormously from out-of-band manageability enabled by Intel® vPro™ technology with Intel® Active Management Technology (Intel® AMT), built into select Intel® processors and chipsets. Intel® AMT employs a hardware-based management engine for remote discovery, healing and protection of computing systems.

This management engine enables a dedicated and persistent link that enables control of connected systems, even when the operating system is compromised. Intel® vPro™ technology manageability elements include the ability of the Intel® AMT management engine to utilize the existing Intel network controller independent of O/S state.

This capability enables an OOB connection between a remote management console and the managed device, even when in a failed or powered down state. It can perform additional important functions as well, such as a firewall with filters supported in the Intel® Ethernet Controller and the Intel® chipset to prevent the propagation of worms.

With the embedded device operating normally, the Intel® vPro™ processor runs local manageability service software that interfaces with the management engine over its local interface. Executable code and data are stored in the flash memory, and the management engine runs from internal memory in the chipset or from host memory, using a dedicated region that is not visible to the host.

In addition to remote problem fixes, Intel® AMT enables network operators to perform off-hours security scans and remotely update security software. Additionally, Intel® AMT itself is secured by mechanisms including password protection and encrypted network communications.

Traditional remote management consoles communicate with devices using their standard networking capability, called an in-band link, which utilizes the device’s operating system, CPU and network drivers. When trouble occurs, the in-band approach must rely on the continued operation of the device itself, which limits the kinds of problems that can be repaired remotely. In a failed or compromised state, the Intel® AMT management engine can utilize the device’s Intel network controller, enabling a connection with a remote management console even when the in-band connection is unavailable.

Because Intel® AMT is only available with Intel® vPro™ processors, a different approach is required for Intel® Atom™ processors.

‘Soft OOB’ in Intel® Atom™ processors

Devices based on Intel® Atom™ processors have been traditionally managed from a software-only in-band approach. Today, OEMs who are designing intelligent connected devices based on Intel® Atom™ processors have increasing expectations for remote manageability, based in some cases on their experience with OOB solutions.

The solution for devices based on Intel® Atom processors involves a mid-way step, between full out-of-band management and the traditional software-only approach. This is a “soft OOB” manageability solution based on Intel® Virtualization technology (Intel® VT) that enables a management stack to run in its own virtual machine, independent of the host operating system. Intel® VT has the additional advantage of minimizing performance overhead in the embedded device associated with virtualizing the platform.

Such virtualized partitioning cannot survive a hardware failure–but it can support remote diagnosis and maintenance in the event that the primary operating system locks-up or there is other software-related issue, which is by far the leading cause of trouble reports. The soft OOB approach can enable remote discovery and rebooting of the embedded device into a diagnostic mode, as well as control over sleep states and remote shutdown for efficient power management as supported by the virtualization machine monitor. Remote wake-up from a sleep state can be achieved via the Ethernet controller using its “wake on LAN” capability.

Intel® VT provides a pathway to OOB manageability, with the additional advantage that developers implementing soft OOB in Intel® Atom processor-based devices can use the same consistent and familiar APIs and standard interfaces that they may already use with Intel® AMT-based solutions.

Intelligent connected devices also need to be managed devices. At Intel we are working with our customers to extend the robust, secure and reliable remote management capabilities we pioneered with Intel® AMT into new categories of products, while helping to ensure an optimal experience for OEMs, developers, network operators and end-users.