Intel® vPro™ Technology

Remote System Repair Using Intel® vPro™ Technology

Problem Description

Discover and Heal
As notebook and laptop platforms become more ubiquitous in the realm of enterprise computing, the chances of them being outside the physical premises of the enterprise and requiring support at some point in their life cycle are high. It is critical, therefore, to be able to manage and support these remote platforms to maintain end user productivity and reduce support costs. The manageability and support of these platforms can be divided into two distinct phases: discover and heal. [1]

The discover phase involves the process of managing the location and identity of the platform as well as managing asset-related information. Typically, this involves a corporate server actively looking for registered clients to ensure that the server tracks appropriate hardware and software assets to protect the client while it is outside the enterprise and to protect the corporate infrastructure from an infected client. Enterprise technology, such as Active Directory, is typically used to locate the client during the discover phase. The challenge for discovery occurs when the platform is outside the firewall and not in a healthy state.

The heal phase includes the process of re-actively managing the health of the system, including restoring the operational health of a platform to a well-known, operable state.

In this article, we take a closer look at one of the reactive solutions and show how a console can remediate a system that is enabled with Intel® vPro™ technology. We present two scenarios in which problems are identified, and we show how Intel vPro technology can help solve these problems.

Scenario 1: Non-Booting Client System
Information technology (IT) departments often encounter a situation in which a platform will not even boot up to the normal OS. Possible reasons for failing to boot up include hardware issues such as a memory bank being defective, incorrect arguments programmed in hardware or software, a missing OS file, corrupt boot drivers, invalid registry entries, and so on. In most of these situations, the normal process would be for the customer support person to walk the customer through the diagnostic procedure manually over the phone, without the support person being able to see any of the end-user actions. What if a remote capability existed that could view the screen remotely and exercise control over the client? This would help the support person to resolve the issue quickly, without end-user support.

Scenario 2: A Software Disk Unlock for Disk Encryption Software
In this scenario, the host OS does not boot but this time it is not due to any component failure. Rather, it is due to the fact that the user forgets the password that is required by platform authentication software and therefore the platform cannot be booted. The escrowed key, which is backed up by enterprise infrastructure, must be re-presented to the host software to resolve this issue, when other local authentication recovery schemes do not help resolve the problem.

We now look at how RSR solution can help solve these problems by using features of Intel vPro technology.

Remote Heal Usage Requirements
When clients are on the go or they are in geographically distant places, the remote healing of those platforms depends on two important characteristics:

• Robustness of the client network connections, including performance, reliability, and latency.
• Establishment of a secure connection to the platform to facilitate remediation.

Without a secure, robust connection, the advantages provided by Intel vPro technology are diminished.

Prior to 2008, Intel vPro technology provided the capability to remediate a client remotely by using IDE-R, but the client had to be inside the firewall of an enterprise network. Beginning with new desktop and notebooks with Intel vPro technology introduced in the second half of 2008, IT organizations can utilize a new feature in Intel AMT, Fast Call for Help, to resolve the issue of managing extended and home offices.

Criteria of a Successful Remote Heal Solution
In designing the RSR solution, our goal was to allow a remote console to locate a client system, inside or outside the enterprise, in a secure manner. In addition, we expected that the solution meet end-user quality levels, while providing a low total cost of ownership (TCO). The performance levels of an embedded heal solution should be comparable to those of a host OS in a similar usage situation. Specifically, any visualization and interactive behavior experienced by the customer support staff remotely should not differ substantially from the experience of operating the system directly.

Back to Top