Intel vpro Technology Virtual Seminar 2010

Similar documents
Intel vpro Technology Virtual Seminar 2010

Intel vpro Technology Virtual Seminar 2010

Intel Manageability Commander User Guide

Intel Atom Processor E3800 Product Family Development Kit Based on Intel Intelligent System Extended (ISX) Form Factor Reference Design

Intel Cache Acceleration Software for Windows* Workstation

LED Manager for Intel NUC

Configuring Intel Compute Stick STK2MV64CC/L for Intel AMT

Sample for OpenCL* and DirectX* Video Acceleration Surface Sharing

INTEL PERCEPTUAL COMPUTING SDK. How To Use the Privacy Notification Tool

Introduction to Intel Boot Loader Development Kit (Intel BLDK) Intel SSG/SSD/UEFI

Installation Guide and Release Notes

Software Evaluation Guide for WinZip* esources-performance-documents.html

The Intel SSD Pro 2500 Series Guide for Microsoft edrive* Activation

Intel IT Director 1.7 Release Notes

Intel Desktop Board DZ68DB

Evolving Small Cells. Udayan Mukherjee Senior Principal Engineer and Director (Wireless Infrastructure)

IEEE1588 Frequently Asked Questions (FAQs)

Optimizing the operations with sparse matrices on Intel architecture

Intel Desktop Board D945GCLF2

OpenCL* and Microsoft DirectX* Video Acceleration Surface Sharing

How to Create a.cibd File from Mentor Xpedition for HLDRC

Intel Parallel Studio XE 2011 for Windows* Installation Guide and Release Notes

How to Create a.cibd/.cce File from Mentor Xpedition for HLDRC

Intel Integrated Native Developer Experience 2015 Build Edition for OS X* Installation Guide and Release Notes

Lenovo ThinkCentre M90z with Intel vpro Technology. Stefan Richards Intel Corporation Business Client Platform Division

Installation Guide and Release Notes

Intel Active Management Technology Platform Details. Jon Downey Applications Engineering Manager

Intel Manycore Platform Software Stack (Intel MPSS)

Software Evaluation Guide for ImTOO* YouTube* to ipod* Converter Downloading YouTube videos to your ipod

Introduction. How it works

Drive Recovery Panel

Intel Stereo 3D SDK Developer s Guide. Alpha Release

Bitonic Sorting Intel OpenCL SDK Sample Documentation

Intel Core vpro Processors Common-Use Guide

Data Center Energy Efficiency Using Intel Intelligent Power Node Manager and Intel Data Center Manager

GUID Partition Table (GPT)

Intel Desktop Board DH61CR

Software Evaluation Guide for WinZip 15.5*

Computer Management* (IEA) Training Foils

Intel RealSense D400 Series Calibration Tools and API Release Notes

Intel Parallel Studio XE 2015 Composer Edition for Linux* Installation Guide and Release Notes

Intel Desktop Board D946GZAB

Intel Desktop Board DG41CN

Intel Setup and Configuration Service. (Lightweight)

Intel Desktop Board D945GCLF

Intel Desktop Board D975XBX2

Intel s Architecture for NFV

Installation Guide and Release Notes

Intel Desktop Board D845PT Specification Update

Intel & Lustre: LUG Micah Bhakti

Intel Desktop Board DH61SA

PARDISO - PARallel DIrect SOlver to solve SLAE on shared memory architectures

Device Firmware Update (DFU) for Windows

Intel Cache Acceleration Software - Workstation

Intel Desktop Board D915GUX Specification Update

Intel Extreme Memory Profile (Intel XMP) DDR3 Technology

Intel Core TM Processor i C Embedded Application Power Guideline Addendum

Intel Desktop Board D915GEV Specification Update

Intel Galileo Firmware Updater Tool

Intel Desktop Board DG41RQ

Intel Desktop Board D945GCCR

Software Evaluation Guide for Photodex* ProShow Gold* 3.2

Intel Desktop Board DH55TC

Intel Solid State Drive Firmware Update Tool

The Intel Processor Diagnostic Tool Release Notes

Intel Desktop Board DP67DE

Intel Desktop Board D102GGC2 Specification Update

Intel Atom Processor D2000 Series and N2000 Series Embedded Application Power Guideline Addendum January 2012

Theory and Practice of the Low-Power SATA Spec DevSleep

Intel 945(GM/GME)/915(GM/GME)/ 855(GM/GME)/852(GM/GME) Chipsets VGA Port Always Enabled Hardware Workaround

Upgrading Intel Server Board Set SE8500HW4 to Support Intel Xeon Processors 7000 Sequence

Reference Boot Loader from Intel

Intel Cloud Builder Guide: Cloud Design and Deployment on Intel Platforms

Software Evaluation Guide for CyberLink MediaEspresso *

Understanding Windows To Go

Intel Desktop Board DQ57TM

Intel Parallel Studio XE 2011 for Linux* Installation Guide and Release Notes

Intel Desktop Board DG31PR

Software Evaluation Guide for Sony Vegas Pro 8.0b* Blu-ray Disc Image Creation Burning HD video to Blu-ray Disc

Customizing an Android* OS with Intel Build Tool Suite for Android* v1.1 Process Guide

Intel Parallel Studio XE 2011 SP1 for Linux* Installation Guide and Release Notes

Intel Simple Network Management Protocol (SNMP) Subagent v8.0

Bitonic Sorting. Intel SDK for OpenCL* Applications Sample Documentation. Copyright Intel Corporation. All Rights Reserved

Intel RealSense Depth Module D400 Series Software Calibration Tool

Intel Desktop Board DP55SB

Intel Integrated Native Developer Experience 2015 Build Edition for OS X* Installation Guide and Release Notes

March Getting Started with the Intel Desktop Board DQ77MK UEFI Development Kit

Intel Setup and Configuration Service Lite

Intel Atom Processor E6xx Series Embedded Application Power Guideline Addendum January 2012

Intel Platform Controller Hub EG20T

Intel Dynamic Platform and Thermal Framework (Intel DPTF), Client Version 8.X

Intel Desktop Board D945GSEJT

Non-Volatile Memory Cache Enhancements: Turbo-Charging Client Platform Performance

Mobile Client Capability Brief for Exporting Mail in Microsoft* Office* Outlook* 2007

True Scale Fabric Switches Series

Product Change Notification

OMNI-PATH FABRIC TOPOLOGIES AND ROUTING

Solid-State Drive System Optimizations In Data Center Applications

Jim Harris Principal Software Engineer Intel Data Center Group

Intel USB 3.0 extensible Host Controller Driver

Transcription:

Intel Software Network Connecting Developers. Building Community. Intel vpro Technology Virtual Seminar 2010 Getting to know Intel Active Management Technology 6.0

Remote Encryption Management Andy Schiestl Application Engineer) March 3, 2010

Agenda Existing challenge and solution model Technical details of the solution (for a Security ISV) Use cases 3

Intel vpro technology Manageable Data Protection with Remote Encryption Management Challenges Pre-boot authentication (PBA) mechanisms require user presence at the PC Protecting data often means giving up some remote manageability Remote power on & manage Applying unattended patches that require reboots PCs left in unlocked state to remotely manage Data exposed when user not present Unnecessary power consumption Solution Intel vpro Technology extends to include a wide set of data protection options with full management capabilities, even across power cycles & reboots Protection without compromise to manageability or energy-efficient performance. Manageable data security with Intel vpro technology 4

Intel vpro technology Expanding Manageable Data Protection Options with Remote Encryption Management Drive-based Data Encryption or Drive Password Software-based Data Encryption More data protection choices with the industry-leading manageability of Intel vpro technology: Encrypting hard drives Data encryption software Hard drive passwords For current & future Intel vpro technology platforms starting in 2009 Enabled by new innovation from Intel & integration from ecosystem leaders 5

Intel vpro Technology Remote Encryption Management Goals & Value Grow value of Intel vpro Technology Addresses key market segment concern for end customers Increases flexibility in solution choice Embraces & innovates on existing market offerings Removes barrier for customers that require Intel vpro Technology and drive-level data protection Reinforces key value prop and differentiation of Intel vpro Technology platforms Security, Manageability and Energy-efficient Performance Have it all with Intel vpro Technology 6 6

Deployment Environment Two distinct audiences, ISV s that currently handle hard disk encryption (Security ISV s), and ISV s that are interested in unlocking systems for patching and fixing (Manageability ISV s) 7

Remote Encryption Management Building Blocks Distribution Legend Intel OEM ISV Client PC IT Administrator Remote Encryption Management SDK vpro HW & FW Intel Remote Console ISV ATA over LAN Bridge Application & DLL Remote Encryption Management Image AMT Stack DLL PBA*** Remote Encryption Management Utility ISV Intel *** Integration of the ATA over LAN Bridge into PBA is optional 8

Remote Encryption Management Security Solutions 1. Intel vpro Technology-based Management of FDE HDD Solutions Ex. Seagate* DriveTrust*, Fujitsu* FDE, Hitachi* FDE HDDs Requires Remote Console & ISV PBA (optional) Use Cases Remote Wake & Patch Data Protection Enablement/ Disablement 2. Intel vpro technology-based Management of FDE Software Solutions Remote User / Password Management Requires ISV PBA & Remote Console support HDD Repurposing 9

AMT Stack DLL / ATA over LAN Bridge DLL ATA over LAN Bridge Remote Encryption Management Image DRAM Remote Encryption Management Usage Example IT Administrator Client PC Distribution Legend Intel OEM ISV 1.Establish Secure Connection for Communication - TLS Remote Console 2. Initiate Serial over LAN 3. Initiate IDER 4. Send Remote Wake Command 5. Confirm SATA over LAN Bridge Listening ME Common Services FW H E C I 6. Send SATA over LAN command 7. Confirm action 8. Reboot 10

ATA over LAN Bridge Distribution Legend Intel OEM ISV Execution environment to translate SOL communication from the Remote Console into commands Can be used in multiple environments Within the ISO image provided by the Remote Console Integrated within an ISV PBA environment Remote Console Serial Over LAN ATA over LAN Bridge HDD Command ISV ISV 11

Remote Encryption Management Image (ISO) Optional usage versus integration of the ATA over LAN bridge into your PBA SW Environment which stores the ATA over LAN bridge Downloaded onto client platform by the Remote Console (via IDE-R) May be utilized in to manage FDE HDDs 12

Remote Encryption Management Use Cases 13

Remote Management Console (WS-MAN Library) Remote Security Console AMT Stack DLL / ATA over LAN Bridge DLL ATA over LAN Bridge Remote Encryption Management Image DRAM Remote Encryption Management Usage #1 Allows Remote Management of FDE HDDs via Intel ISO Distribution Legend Intel OEM ISV IT Administrator Client PC 1.Establish Secure Connection for Communication - TLS 2. Initiate Serial over LAN 3. Initiate IDER 4. Send Remote Wake Command ME Common Services FW H E C I BIOS Send List of machines to unlock 5. Confirm SATA over LAN Bridge Listening 6. Send SATA over LAN command (optional) 7. Confirm action 8. Reboot No BIOS Changes Required 14

Remote Management Console (WS-MAN Library) Remote Security Console AMT Stack DLL / ATA over LAN Bridge DLL ATA over LAN Bridge FDE PBA DRAM Remote Encryption Management Usage #2 Allows Remote Management of FDE HDDs via PBA Distribution Legend Intel OEM ISV IT Administrator Client PC 1.Establish Secure Connection for Communication - TLS 2. Initiate Serial over LAN 3. Send Remote Wake Command ME Common Services FW H E C I BIOS Send List of machines to unlock (optional) 4. Confirm SATA over LAN Bridge Listening 5. Send SATA over LAN command 6. Confirm action 7. Continue Boot No BIOS Changes Required 15

Remote Management Console (WS-MAN Library) Remote Security Console AMT Stack DLL / ATA over LAN Bridge DLL ATA over LAN Bridge FDE PBA DRAM Remote Encryption Management Usage #3 Allows Remote Management of FDE SW via PBA Distribution Legend Intel OEM ISV IT Administrator Client PC 1.Establish Secure Connection for Communication - TLS 2. Initiate Serial over LAN 3. Send Remote Wake Command ME Common Services FW H E C I BIOS Send List of machines to unlock 4. Confirm SATA over LAN Bridge Listening 5. Send SATA over LAN command (optional) 6. Confirm action 7. Continue Boot No BIOS Changes Required 16

Remote Encryption Management SDK Components Remote Encryption Management SDK (Under development) ATA-over-LAN Bridge Application ATA-over-LAN Bridge DLL Remote Encryption Management Image (ISO) Remote Encryption Management Utility (Demo Security Console) AMT Stack DLLs Remote Encryption Management SDK will be available on the Manageability site. 17

Remote Encryption Management SDK Components Remote Encryption Management Component Name ATA-over-LAN Bridge Application ATA-over-LAN Bridge DLL Remote Encryption Management Image (ISO) Remote Encryption Management Utility (Demo Security Console) AMT Stack DLLs Description An unmanaged/native application that may be hosted within the Remote Encryption Management Image. The purpose of this component is to enable management of remote encryption hard technologies via Intel AMT. A Windows.NET Framework DLL that provides the supporting interfaces and methods for the unmanaged/native ATA-over-LAN Bridge application. This component allows 3 rd party applications to leverage the ATA-over-LAN Bridge application for the purpose of remote encryption management. A Linux-based CD-ROM ISO image file that will host the unmanaged/native ATA-over-LAN Bridge application. This image will be used for remotely booting an Intel AMT system via serial over LAN (SOL) and IDE redirection (IDE-R) and would not be installed or otherwise persist beyond the intended usage of remote encryption management. A Windows.NET Framework application (command line or graphical interface) that provides the complete functionality for remote disk encryption drive management using the other components. AMT routines used to connect to the remote, establish SOL, determine client power state, etc. SDK Kit Remote Encryption Management Remote Encryption Management Remote Encryption Management Remote Encryption Management Remote Encryption Management 18

Serial-over-LAN (SOL) IDE-redirect (IDE-r) 19

SOL/IDE-R in Remote Encryption Management Your console uses IDE-R to boot the client to the Remote Encryption Management ISO Remote Encryption Management uses SOL/IDE-R for Remote Management of: Seagate* DriveTrust* Devices Opal* Devices The network connection between the ISV Console and the encrypted (locked) device is by SOL 20

IDE Redirection IDE Redirection (IDE-R) Capability of emulating an IDE CD drive or a legacy floppy or LS-120 drive over a standard network connection Enables a management machine to attach one of its local drives to a managed client over the network Managed client can use the remote device as if it were directly attached to one of its own IDE channels Based on SOL/IDE-R Protocol Reference Documentation Redirection Library Design guide in Intel AMT SDK Network Interface guide in Intel AMT SDK 21

Remote Control - IDE-Redirection BIOS <interface> IDE Class Interface OS (IDE Class Driver) Helpdesk connects to ME Separate PCI function supports standard IDE register set Boot option can be remotely set to indicate to BIOS that it should Boot from IDE-R ISV SW integration needed Intel supports both and ISVs Speed CDx7 ME (IDER/SOL) (OOB Network Stack) SOAP TLS/TCP Helpdesk PC IDER Service Image Stream 22

Serial-Over-LAN Serial-Over-LAN (SOL) Capability to send console text to a remote destination and to receive keystrokes from a remote source Emulates serial port communication over a standard network connection Implemented using a virtual serial port Works without operating system Based on SOL/IDE-R protocol 23

Remote Control - SOL BIOS (Console Redirect) <interface> Serial Port Remote Control Application OS Manageability Engine (ME) listens on TCP port Helpdesk connects to ME Separate PCI function supports standard 16550 COM port registers Boot option can be remotely set to indicate to BIOS to enable SOL Text based: BIOS configuration screens DOS console OS EMS redirection Helpdesk PC ME (IDER/SOL) (OOB Network Stack) SOAP TLS/TCP SOL Service SOL Stream 24

Remote Encryption Management SDK Flow ISV console checks the power state of the client (GetSystemPowerState) ISV console Enables IDE redirection to HLK ISO StartRedirect(floppyImage, idertmage,ider_set_onreset) ISV console Enables SOL for communication to Remote Encryption Management ISO (StartSerialRedirect) ISV console sends remote wake command to client (SendRemoteControl) HLK ISO boots up and loads ATA over LAN Bridge ATA over LAN bridge listens for SOL communication, interprets the command, writes data to the drive ISV console sends the command to reboot the client 25

Thank you for attending Intel vpro Technology Virtual Seminar 2010 Intel Active Management Technology (Intel AMT) Developer Resources Intel Software Network Manageability Community: www.software.intel.com/en-us/manageability/ ISN Manageability Forums: www.intel.com/software/manageability/forums ISN Manageability Blogs: www.intel.com/software/manageability/blogs Intel vpro Expert Center: www.communities.intel.com/community/openportit/vproexpert Intel Software Partner Program: www.intel.com/partner 26

Notices Copyright 2010, Intel Corporation. All rights reserved. Intel, Xeon and Core Inside are trademarks of Intel Corporation in the U.S. and other countries. *Other names and brands may be claimed as the property of others Intel processor numbers are not a measure of performance. Processor numbers differentiate features within each processor family, not across different processor families. Go to: http://www.intel.com/products/processor%5fnumber/ Performance tests and ratings are measured using specific computer systems and/or components and reflect the approximate performance of Intel products as measured by those tests. Any difference in system hardware or software design or configuration may affect actual performance.buyers should consult other sources of information to evaluate the performance of systems or components they are considering purchasing. For more information on performance tests and on the performance of Intel products, Go to: http://www.intel.com/performance/resources/benchmark_limitations.htm Results have been simulated and are provided for informational purposes only. Results were derived using simulations run on an architecture simulator or model. Any difference in system hardware or software design or configuration may affect actual performance. Results have been simulated and are provided for informational purposes only. Results were derived using simulations run on an architecture simulator or model. Any difference in system hardware or software design or configuration may affect actual performance. INFORMATION IN THIS DOCUMENT IS PROVIDED IN CONNECTION WITH INTEL PRODUCTS. NO LICENSE, EXPRESS OR IMPLIED, BY ESTOPPEL OR OTHERWISE, TO ANY INTELLECTUAL PROPERTY RIGHTS IS GRANTED BY THIS DOCUMENT. EXCEPT AS PROVIDED IN INTEL'S TERMS AND CONDITIONS OF SALE FOR SUCH PRODUCTS, INTEL ASSUMES NO LIABILITY WHATSOEVER AND INTEL DISCLAIMS ANY EXPRESS OR IMPLIED WARRANTY, RELATING TO SALE AND/OR USE OF INTEL PRODUCTS INCLUDING LIABILITY OR WARRANTIES RELATING TO FITNESS FOR A PARTICULAR PURPOSE, MERCHANTABILITY, OR INFRINGEMENT OF ANY PATENT, COPYRIGHT OR OTHER INTELLECTUAL PROPERTY RIGHT. UNLESS OTHERWISE AGREED IN WRITING BY INTEL, THE INTEL PRODUCTS ARE NOT DESIGNED NOR INTENDED FOR ANY APPLICATION IN WHICH THE FAILURE OF THE INTEL PRODUCT COULD CREATE A SITUATION WHERE PERSONAL INJURY OR DEATH MAY OCCUR. Intel may make changes to specifications and product descriptions at any time, without notice. Designers must not rely on the absence or characteristics of any features or instructions marked "reserved" or "undefined." Intel reserves these for future definition and shall have no responsibility whatsoever for conflicts or incompatibilities arising from future changes to them. The information here is subject to change without notice. Do not finalize a design with this information. The products described in this document may contain design defects or errors known as errata which may cause the product to deviate from published specifications. Current characterized errata are available on request. Contact your local Intel sales office or your distributor to obtain the latest specifications and before placing your product order. Copies of documents which have an order number and are referenced in this document, or other Intel literature, may be obtained by calling 1-800-548-4725, or go to: http://www.intel.com/#/en_us_01 27

2024 © technodocbox.com Privacy Policy | Terms of Service | Feedback