Geekly Articles each Day
📜 ⬆️ ⬇️

About Intel vPro or how to remotely enter someone else's BIOS



Once upon a time, when I was not yet a programmer, but I was already friends with computers, technologies like RAdmin were like a miracle for me. It was possible to connect to a remote computer, just like in the coolest movie about hackers, open a notebook and write a threatening inscription there. True, I had nowhere to use it.

Then ssh came into my life: the awareness that you manage a server across the ocean at first delighted, and now it has become commonplace. Until you pick up a random halt, yeah. And then you start to open the host admin panel and try to enter the server management console in order to start it. And for some reason she is stupid today. Then you write in support and you don't mess. Not really like it. But these are my personal programmer fears.
')
Once at the old job after changing the administrator, the newcomer decided to clean up the computer park and for this he approached the computer, drove out the employee, downloaded Everest, ran the diagnostics and saved the result to a file. So, having bypassed only ~ 60 workplaces on three floors, he found out what iron was at his disposal. Inconvenient.

And here comes Intel vPro.

Intel vPro is such a thing that allows you to not be afraid of the things described above and even do much more. VPro consists of two components: hardware and software, and I’ll tell you about them under the cat.


Hardware



At the hardware level, you need a processor and a motherboard (the chipset, as a rule, begins with Q, but you need to look at the specifications), which supports vPro. The motherboard has a built-in gigabit network card and a video adapter capable of low-level operation. In practice, this means that you can connect to a computer with vPro without using, moreover, the OS network drivers, and without the OS itself! And yes, you can go into the BIOS remotely.

Both wired and wireless connections are supported. In the case of WiFi, the flight for fantasy is not very much - the operating system must be loaded and connected to the access point, but when using a wire, you can even connect to a computer that is turned off. Well, so marketers say: in fact, the computer that is turned off can be turned on and on - as usual.


Software part



The software is in the AMT abbreviation - it is Intel Active Management Technology, which serves connections and has great potential.

First, the computer must be configured to work with vPro and for this you will need physical access. After that, if it is a server, you can lose it or wall it up in a room, as in anecdotes about administrators. If the administrator is in the same local network with the patient, there is no problem, if the necessary computer is hidden behind the NAT, you will have to install the server inside for access. True and can not be otherwise - the basic requirements of network security.

The communication session is encrypted, and access to the server can be obtained through the console (serial over LAN), web-interface or VNC. The web interface has an inconspicuous working design (which is perfectly displayed on the tablets) and allows you to receive statistics about the hardware, its state and restart the computer, configure the network interface and access policies to AMT, view the event history — find out why the secretary does not boot system, not going to her computer.



When connected via the console and VNC, you can do absolutely everything: vPro provides a full-fledged KVM from a local machine to a remote one, with support for a screen resolution of up to 1920x1200 and the ability to see how the system boots from BIOS initialization to directly loading the OS. In this case, even when the system is rebooted, there is no shutdown! The only thing that to access the BIOS will not work is to simply hold Delete at system startup and you will need to select the special item “Reboot to BIOS”.



After which the BIOS is actually loaded.



It is especially nice that you can connect to a remote machine via VNC even if the network card drivers have flown there (after all, vPro runs at a lower level than the OS) and install all the drivers directly through VNC. And if within the office it is still solved, then it may not be possible to go to the data center.

There is another interesting feature called IDE-R that allows you to boot from an external source as if it were an internal hard drive. That is, you can connect via VNC, specify the image to download and boot into a known working system. It can be a very useful feature for both diagnostics and administration. For example, you can boot the client machine with a system in which the reference antivirus is set up, check the hard disk and go quietly.


About security



With vPro, Intel Anti-Theft technology works. If you have a laptop stolen, then you can contact Intel and they will block it. The Intel blog has a good overview of this technology. After blocking, the new owner of the computer will see such a picture.




Conclusion and links



Very soon, when the generation of computers is once again replaced by even the most undemanding users, and for progressive companies even earlier, administrators will have the same amount of work, but doing it will be much nicer.

Subscribe to post comments - they promise to be a lot of interesting things. Or check the topic in a couple of days - I will put all the most interesting comments in a separate list at the bottom of the post.

Wikipedia about vPro
Wikipedia about AMT
The vPro review by tom's hardware guide is a very interesting review.
One , two , three on IT Galaxy
And on the tasty setting of the 1U server with vPro from Co6aka

Pictures are taken from the review from thg and post by Co6aka .


Useful comments to post



  1. Can I ping a turned off computer?
  2. VNC appeared since AMT 6.0 and not in all processors.
  3. A comment with a useful link about setting up a configuration server (SCCM) for vPro in Russian.
  4. Very detailed comment about the difference between AMT and IPMI .
  5. What ports to forward through NAT.
  6. How VNC behaves with complex network interface configurations in the OS
  7. About two important functions to ensure the safety and privacy of the user


UPD ::

At the very end of the software part I wrote a little about IDE-R. Good feature.

Source: https://habr.com/ru/post/138377/

More articles:


All Articles