About Intel vPro or how to remotely access someone else's BIOS



    Once upon a time, when I was not yet a programmer, but I was friends with computers, technologies like RAdmin were like a miracle for me. You could connect to a remote computer, just like in the coolest movie about hackers, open a notebook and write a threatening inscription there. True, I had nowhere to use it.

    Then ssh came into my life: the realization that you are managing a server overseas was at first fascinating, but now it has become commonplace. Until you randomly hit halt, yeah. And then you start to open the hosting admin panel and try to go into the server management console to start it. And for some reason she’s stupid today. Then you write to support and you are naughty. Not really like it. But these are my personal programmer fears.

    Somehow, at the old job, after changing the administrator, the newcomer decided to put things in order in the computer park and for this he went to the computer, drove out the employee, downloaded Everest, ran the diagnostics and saved the result to a file. So, having bypassed only ~ 60 workplaces on three floors, he found out what iron is at his disposal. Inconveniently.

    And then Intel vPro enters the scene.

    Intel vPro is such a thing that allows you not to be afraid of the things described above and even do much more. VPro consists of two components: hardware and software, and I will talk about them under the cut.


    Hardware



    At the hardware level, you need a processor and motherboard (the chipset usually starts with Q, but you need to look at the specifications) that supports vPro. A gigabit network card and video adapter are built into the motherboard, which are capable of low-level operation. In practice, this means that you can connect to a computer using vPro without using, moreover, the network drivers of the OS, and without the OS itself! And yes, you can enter the BIOS remotely.

    Both wired and wireless connections are supported. In the case of WiFi, there is not very much flight for imagination - the operating system must be loaded and connected to the access point, but when using the wire, you can even connect to the computer turned off. Well, that’s what marketers say: in fact, you can turn on a turned off computer and then continue as usual.


    Software part



    The software part is abbreviated as AMT - Intel Active Management Technology, which serves connections and has great capabilities.

    First, the computer must be configured to work with vPro and this will require physical access. After that, if it is a server, you can lose it or walled up in the room, as in the jokes about administrators. If the administrator is with the patient on the same local network, there are no problems; if the necessary computer is hidden behind NAT, you will have to set the server inside for access. The truth cannot be otherwise - the basic requirements of network security.

    The communication session is encrypted, and access to the server can be obtained through the console (serial over LAN), web-interface or VNC. The web interface has an inconspicuous working design (which is displayed perfectly on tablets) and allows you to get statistics about the hardware, its state and restart the computer, configure the network interface and access policies for AMT, view the history of events - find out why the secretary is not loading system without going to her computer.



    When connecting via the console and VNC, you can do just about everything: vPro provides a full-fledged KVM from the local machine to the remote one with support for screen resolutions up to 1920x1200 and the ability to see how the system boots from initializing the BIOS to directly loading the OS. In this case, even when the system is rebooted, a shutdown does not occur! The only thing that access to the BIOS does not work is just to hold Delete at system startup and you will need to select the special item “Reboot to BIOS”.



    After which the BIOS actually loads.



    It is especially nice that you can connect to the remote machine via VNC even if the network card drivers have flown there (after all, vPro works at a lower level than the OS) and install all the drivers directly through VNC. And if within the office this is still solvable, then going to the data center may not be handy.

    There is another interesting feature called IDE-R which allows you to boot from an external source as if it were an internal hard drive. That is, you can connect via VNC, specify the image to boot and boot into a known working system. It can be a very useful function for both diagnostics and administration. For example, you can boot a client machine with a system in which a reference antivirus is configured, check the hard drive and quietly leave.


    About security



    VPro runs Intel Anti-Theft Technology. If your laptop is stolen, then you can contact Intel and they will book it. The Intel blog already has a good overview of this technology. After locking, the new owner of the computer will see such a picture.




    Conclusion and references



    Very soon, when the generation of computers will once again be replaced even by the most undemanding users, and by progressive companies even earlier, administrators will have the same amount of work, but doing it will be much more pleasant.

    Subscribe to the comments on the post - they promise to be a lot of interesting things. Or check the topic in a couple of days - I will make all the most interesting comments in a separate list at the bottom of the post.

    Wikipedia about vPro
    Wikipedia about AMT
    A vPro review from tom's hardware guide is a very interesting review.
    One , two , three on IT Galaxy
    And a delicious 1U server setup with vPro from Co6aka

    Pictures taken from a review from thg and a post by Co6aka .


    Useful post comments



    1. Is it possible to ping a turned off computer.
    2. VNC has appeared since AMT 6.0 and not on all processors.
    3. Comment with a useful link about configuring the configuration server (SCCM) for vPro in Russian.
    4. A very detailed comment about the difference between AMT and IPMI .
    5. What ports to forward through NAT.
    6. How VNC behaves with complex network interface configurations in the OS
    7. About two important functions that ensure user safety and privacy


    UPD: :

    At the very end of the program a bit written about IDE-R. Good feature.

    Also popular now: