Advertisement
Promo

Desktop platforms Toolkit in association with http://ad.doubleclick.net/clk;205413468;14699245;m?http://adfarm.mediaplex.com/ad/ck/2397-58840-22058-14

Make The Case - Desktop Management

A guide to desktop management

Alan Stevens ZDNet.co.uk

Published: 26 Jun 2007

  • Email
  • Trackback
  • Clip Link
  • Print friendly
  • Post Comment
A guide to desktop management

The desktop PC may be an invaluable business tool, but it also presents huge challenges in terms of day-to-day management and support — especially when it comes to large organisations with hundreds, if not thousands, of them to cope with.

Just keeping track of who has what hardware and where can be a real headache, let alone making sure it’s all configured correctly with the right application software, the latest patches, suitable firewall, antivirus and other security tools, and so on. Factor in the human element — users — and it’s easy to understand why desktop management can account for the lion’s share of any IT budget.

Desktop management: the story so far
There are plenty of available products designed to address the issues of desktop management. Most start with some kind of inventory tool, to discover and identify desktop assets and how they’re configured. To this can then be added tools to distribute applications, patches and other software, along with utilities to ensure that licence counts are enforced and yet more to enable support staff to remotely diagnose and fix faults when they arise.

Some of these tools are now built into the Windows desktop itself, but that’s a fairly recent innovation. Most are, therefore, implemented as standalone third-party applications or, more commonly, as part of larger integrated management suites from vendors such as Computer Associates, HP, Microsoft, Novell, Symantec and others.

Software-based management solutions are far from perfect, though. For a start, one or more client agents will normally have to be installed on each and every desktop PC for them to work. Distribution of these agents can be complex and presents a logistical challenge in itself. More importantly, most only work while the client PC is turned on and running a fully functional operating system. When users turn their systems off — at the end of the day, for example — management is effectively blocked except where specialised hardware features, such as Wake-on-LAN (WOL), enable them to be remotely powered back on.

Unfortunately WOL doesn’t help that much because even when desktops are on, the operating system needs to be fully operational. There are additional security and performance issues. For example, in most cases there's no encryption to protect the traffic sent between the remote management agents and central consoles; management traffic is also carried along with everything else over standard shared Ethernet LAN/WAN links — which are, again, only available with a fully functioning OS in place.

Compatibility can be an issue too, with only very basic common standards to insure interoperability between the hardware and software being managed, and the tools designed to facilitate that management. Finally, the whole setup can be compromised by a general lack of security on the desktop itself. Indeed, no matter how well you manage your desktops, it’s still hard to prevent users — or worse still, viruses and other malware — getting through the defences and messing them all up again.

Enter vPro
Intel’s answer to these and other desktop management issues is to take the functionality currently provided by software-based management clients, add extra features, make it more secure and build it into the PC. An approach it calls vPro, although as with the Centrino mobile platform and Viiv, Intel’s digital entertainment brand, vPro is more of a marketing concept than a single discrete technology. Indeed, just as with those brands, vPro really describes a collection of technologies. Some are new and others have been around for a while, but all are designed to work together to address desktop management issues.

Announced towards the end of 2006, the various bits of hardware and software required for vPro have taken a while to develop and deliver, but are starting to appear. The latest vPro development adds wireless support, about which more later.

In the meantime one of the most important of the vPro components is AMT (Active Management Technology), which has actually been around for a number of years. It’s the second generation of AMT, which is now built into Intel’s Q965 chipsets, which forms the core of what vPro is all about.

AMT at the core
One of the main things AMT does is take over where hardware enhancements such as Wake-on-LAN leave off, by making sure a desktop PC is always available to be managed, no matter what its power or operational status. In fact, as long as the PC is connected to a power supply, AMT makes sure the desktop is always accessible to management software, even when it’s otherwise switched off or there’s no functioning operating system.

To facilitate this always-on availability, AMT adds a secure communication channel connected via another key vPro component — an integrated Intel Gigabit Ethernet adapter. Described as 'out-of-band', this new secure channel is implemented using a logically separate and independent networking stack implemented in the hardware. This, like the other parts of vPro, is always available whether or not the PC is powered up or the host OS loaded. It’s also accessible using standard TCP/IP and addressing rather than a special communications protocol as with WOL.

Using this secure channel, a PC can be remotely powered up or down and crashed PCs rebooted even when the OS has hung. Moreover, using another vPro component — IDE-Redirect — it’s possible to remotely boot a PC to a known clean state by redirecting the boot device to a clean image on local storage, a CD mounted at the help desk or an image held on another remote drive.

Error logs and inventory information can, similarly, be accessed regardless of desktop state, the AMT firmware storing inventory data in secure non-volatile memory every time the PC is powered up.

The secure AMT channel can also be used by support staff to diagnose and resolve problems remotely. Indeed, using yet another vPro component technology — Serial-over-LAN (SOL) — engineers can remotely manage the PC independent of the OS, right down to editing BIOS settings remotely over the network.

All of this can be performed over secure encrypted links with access controlled by an Access Control List (ACL), which is stored in the non-volatile memory managed by vPro. The AMT firmware itself (digitally signed and encrypted) is also stored in this memory, along with third-party code and data for use by management applications, which make up another part of the vPro story.

 

Next

Previous

1 2 3


  • Email
  • Trackback
  • Clip Link
  • Print friendlyPrint with EPSON
Make The Case - Desktop Management

Did you find this article useful?


In association with Network Liberation Movement

Talkback

Post a comment


Full Talkback thread

0 comments

Related Links

More in this Special Report

  • A guide to desktop management

    Tech Guide Desktop (and notebook) PCs present a huge headache for IT managers: looking after hardware and software inventory, configuration, security, patching and software licences, for example, can make serious inroads into the IT budget. We examine the technologies and tools that can make the job easier.

  • Blade PCs: the ultimate managed desktops

    Tech Guide If you want total control over users' desktops, putting their PCs on blades in the datacentre is one increasingly popular solution.

  • Vista in the enterprise

    Tech Guide Things move slowly in the enterprise market, so Windows Vista is currently a rare sight on the corporate desktop. But will Vista's undoubted benefits eventually unblock the upgrade path?

  • Desktop Management : Make The Case (PDF)

    Download the PDF version of this special report.

More In Desktop platforms


New Products

iPhone 3G S: a first look

iPhone 3G S: a first look

Apple's third-generation iPhone will be available on 19 June. Here are the highlights from its unveiling at the WWDC 2009 keynote.

Dell Adamo: a first look

Dell Adamo: a first look

Dell's much-anticipated Adamo, a high-end 'luxury' notebook, has finally been announced. Here's a hands-on look at a pre-production version.

Palm Pre: a first look

Palm Pre: a first look

Palm's new Pre smartphone and WebOS operating system have caused a stir at CES. Here are some first impressions of a platform that could revive the company's fortunes.

View all Previews

Video icon

Video

Microsoft Windows 7 Special Report Special Report

How Microsoft can make Windows 7 a success

How Microsoft can make Windows 7 a success

Comment Many businesses have given Vista a wide berth; Microsoft must focus on five areas to make sure Windows 7 doesn't suffer the same fate, argues TechRepublic's Jason Hiner

News Microsoft: Many Windows 7 features can be disabled

Leader Windows 7 — as good as it gets

More Special Reports

Desktop Management Benchmarking

Test Your Desktop Management Systems

How good are your company's desktop management solutions? How do they compare with those of your peers?

Take two minutes to complete our new Desktop Management and Energy Consumption benchmark, and find out what issues your business needs to focus on.


Skip Sub Navigation Links to CNET Brand Links

Help

Become part of the ZDNet community.

ALL TOOLKITS

Blogs

Newsletters