Intel vPro: Three Generations Of Remote Management

KVM Remote Control: Adding RealVNC Plus To The Mix

Everything we've talked about so far is pretty standard remote management fare. Most of it has been with vPro for quite a while, too. But KVM Remote Control is a more recent feature that was enabled when Intel put a graphics engine on its Clarkdale-based processors more than a year ago.

Now you can use RealVNC Viewer Plus software with the vPro platform for take complete control of a remote system, even before it loads up an operating system. RealVNC Viewer Plus gets access to a few features that are very common in the IPMI 2.0 implementations found on server boards, and in some cases this functionality is even a bit better. Through a TLS-encrypted tunnel, IT administrators can use RealVNC Viewer Plus to connect to the out-of-band (OOB) Management Engine. Simply, you get special VNC (that's virtual network computing, in case you were wondering) access to a hardware layer that sits beneath the operating system. You use it to take control of the keyboard, display, and mouse, facilitating the ability to turn the machine on and off, plus remotely mount disc images to load an operating system or install software. You don't need to run a VNC server on the host machine to make this functionality possible, either. 

Perhaps the most common reason you'd take remote control over a client machine would be to aid in troubleshooting. Without a feature like this, you'd either be called down to the user's desk (in an enterprise environment) or called across town to help diagnose, if you were getting paid for support. Organizations typically use tools like NetMeeting, VNC, and Remote Desktop Connection to keep from having to go to that trouble.

Logging onto RealVNC Viewer Plus is pretty easy. Note that TLS (transport layer security) encryption is available, in addition to a special connection mode for Intel's AMT KVM. Since that's one of the vPro platform's biggest benefits, the following screenshots are taken using that connection type.

As mentioned previously, AMT 7.0 allows KVM resolutions of up to 1920x1200.

Once connected, you'll immediately see a toolbar. The toolbar has fairly standard Connect, Save connection, and Disconnect capabilities.

Some of the more advanced features include the ability to remotely mount disc images to the attached computer. As you can see below, we're connecting to an image on a networked drive.

From the Intel AMT Windows client software, you're able to confirm that the image is mounted and a KVM session is active.

There are some major caveats to bear in mind, though. Because RealVNC Viewer Plus is being used to mount the disc image, transfer speeds can slow down substantially. When you're mounting a file from a networked location, the image has to be transferred over the network once to you, and then again to the client machine. As a side effect, if you're managing a machine attached wirelessly, the process can proceed pretty slowly. Of course, it's possible to speed the process up if you use a dedicated machine for management with commonly-used image files stored locally.

I once had a large operating system image take more than an hour to transfer using RealVNC Viewer Plus, which is substantially longer than many server-oriented tools take. I did find a solution in Intel's vPro Expert Center, loaded with resources for anyone getting started with this technology.

One example that stood out was Accelerate the Intel vPro Technology IDER Boot Process. This case study shows how to alleviate the boot performance issue caused by relatively slow RealVNC Plus load times using a custom boot image. Following this guide cut my operating system image mount times from over an hour to a few minutes.

  • cngledad
    Can I suggest an article comparing different remote access tools we can use? From the freeware TeamViewer, VNC Viewer to such things like WebEx? I think that would be a very good topic.
    Reply
  • ^^Don't forget Logmein Rescue which has vPro support.
    Reply
  • pro-gamer
    intel man please give me a job.
    Intels rock
    Reply
  • NirXY
    Glad to see you made it to publish day, was waiting for this piece.
    Looking great !
    Reply
  • One correction: DQ57TM *does* contain a v1.2 TPM, the same as found on DQ67SW and DQ67EP. It's required to be vPro compliant (necessary for Intel TXT).
    Reply
  • jhansonxi
    Nifty but I don't like the single-vendor lock-in. I can see real improvements in IT efficiency if this was combined with AoE. Would like to see SSH support, however.
    Reply
  • extremepcs
    Hopefully they have improved the activation mechanism. Kind of a PITA if you don't buy a certificate from a trusted CA. I used an internal cert and had to activate each machine by booting from a flash drive.
    Reply
  • chovav
    If my hard drive is encrypted using TrueCrypt pre-boot authentication, would I be able to fill in the password using Intels vPro?
    Reply
  • jowunger
    The voice of the guy in the video is bad. The guy talks like he is speedreading a book...
    Reply
  • cangelini
    cdw-vproOne correction: DQ57TM *does* contain a v1.2 TPM, the same as found on DQ67SW and DQ67EP. It's required to be vPro compliant (necessary for Intel TXT).
    Fixed, thanks!
    Reply