1. Manuals
  2. Brands
  3. Symantec Manuals
  4. Software
  5. ALTIRIS OUT OF BAND MANAGEMENT COMPONENT 7.0 SP3 -...
  6. Manual

Symantec ALTIRIS OUT OF BAND MANAGEMENT COMPONENT 7.0 SP3 - V1.0 Manual

Hide thumbs Also See for ALTIRIS OUT OF BAND MANAGEMENT COMPONENT 7.0 SP3 - V1.0:
Table of Contents

Advertisement

Quick Links

Download this manual
Altiris Out of Band
Management Component
from Symantec User Guide
Version 7.0 SP3 MR1

Advertisement

Table of Contents
loading
Need help?

Need help?

Do you have a question about the ALTIRIS OUT OF BAND MANAGEMENT COMPONENT 7.0 SP3 - V1.0 and is the answer not in the manual?

Questions and answers

Subscribe to Our Youtube Channel

Related Manuals for Symantec ALTIRIS OUT OF BAND MANAGEMENT COMPONENT 7.0 SP3 - V1.0

Summary of Contents for Symantec ALTIRIS OUT OF BAND MANAGEMENT COMPONENT 7.0 SP3 - V1.0

  • Page 1 Altiris Out of Band Management Component from Symantec User Guide Version 7.0 SP3 MR1...
  • Page 2 Legal Notice Copyright © 2010 Symantec Corporation. All rights reserved. Symantec, the Symantec Logo, Altiris, and any Altiris or Symantec trademarks used in the product are trademarks or registered trademarks of Symantec Corporation or its affiliates in the U.S. and other countries. Other names may be trademarks of their respective owners.

  • Page 3: Technical Support

    Global support purchased on a regional business hours or 24 hours a day, 7 days a week basis Premium service offerings that include Account Management Services For information about Symantec s support offerings, you can visit our Web site at the following URL: www.symantec.com/business/support/ All support services will be delivered in accordance with your support agreement and the then-current enterprise technical support policy.
  • Page 4 Troubleshooting that was performed before contacting Symantec Recent software configuration changes and network changes Licensing and registration If your Symantec product requires registration or a license key, access our technical support Web page at the following URL: www.symantec.com/business/support/ Customer service Customer service information is available at the following URL: www.symantec.com/business/support/...
  • Page 5 Support agreement resources If you want to contact Symantec regarding an existing support agreement, please contact the support agreement administration team for your region as follows: Asia-Pacific and Japan customercare_apac@symantec.com Europe, Middle-East, and Africa semea@symantec.com North America and Latin America...

  • Page 7: Table Of Contents

    Altiris products that can manage computers out of band ....13 What s new in Out of Band Management Component ......13 How Out of Band Management Component works ......13 About the Symantec Management Console ........14 About Intel AMT ..............14 About ASF ................15 About DASH ................
  • Page 8 Contents Trusted Root Certificates: Select a Certificate Authority dialog box ................28 Trusted Root Certificates: Import Trusted Root Certificate dialog box ................28 Auxiliary Profiles: Wireless Profiles page ......... 28 Wireless Profiles: Add Wireless Profile dialog box ......29 Configuration Profiles page ............29 Setup and configuration profile: General tab .......
  • Page 9 Contents Glossary ....................... 67 Index ........................71...
  • Page 10 Contents...

  • Page 11: Introducing Out Of Band Management Component

    Chapter Introducing Out of Band Management Component This chapter includes the following topics: About Out of Band Management Component What s new in Out of Band Management Component How Out of Band Management Component works What you can do with Out of Band Management Component Where to get more information About Out of Band Management Component Altiris Out of Band Management Component software (formerly known as Altiris...

  • Page 12: About Out-Of-Band Management

    Introducing Out of Band Management Component About Out of Band Management Component Out of Band Management Component features Figure 1-1 About out-of-band management Remote management of client computers often requires the managed computer to be turned on with an operating system running. When a computer is turned on with a running operating system, the computer is considered in-band.

  • Page 13: Altiris Products That Can Manage Computers Out Of Band

    Boot a computer from a remote disk or an image on a server and run the operating system repair or reinstall. Start a remote control session from the Symantec Management Console and access BIOS to view and change settings (Intel AMT only).

  • Page 14: About The Symantec Management Console

    You can start the console remotely by typing the following URL into the Internet Explorer's address bar: http://<Notification_Server_name>/altiris/console For more information on the console, see the Symantec Management Platform Help, which can be accessed through the console's Help menu. About Intel AMT...

  • Page 15: About Asf

    Introducing Out of Band Management Component How Out of Band Management Component works Intel AMT is a solution that is based in hardware and firmware and is connected to the system's auxiliary power plane. Despite the power state or the operating system state of the client computer, Intel AMT provides IT administrators with access to alerts, hardware inventory, power management, network filtering, and agent presence functionality.

  • Page 16: Comparison Of Intel Amt, Asf, And Dash

    Introducing Out of Band Management Component What you can do with Out of Band Management Component Comparison of Intel AMT, ASF, and DASH Out of Band Management Component supports Intel AMT, ASF, and DASH out-of-band management technologies. “About Intel AMT” on page 14.

  • Page 17: About Intel Amt Tasks

    Introducing Out of Band Management Component What you can do with Out of Band Management Component About Intel AMT tasks Out of Band Management Component lets you perform the following Intel AMT tasks: Discover Intel AMT capable computers. Set up and configure computers with Intel AMT so that they can be managed out-of-band by other Altiris solutions.

  • Page 18: About Dash Tasks

    User Guide Information about how to use this product, The Documentation Library, which is including detailed technical information and available in the Symantec Management instructions for performing common tasks. Console on the Help menu. The Product Support page, which is This information is available in PDF format.
  • Page 19 Information about how to use this product, The Documentation Library, which is including detailed technical information and available in the Symantec Management instructions for performing common tasks. Console on the Help menu. Help is available at the solution level and at Context-sensitive help is available for most the suite level.
  • Page 20 Introducing Out of Band Management Component Where to get more information...

  • Page 21: About Out Of Band Management Component

    Chapter About Out of Band Management Component pages This chapter includes the following topics: Auxiliary profiles: 802.1x Profiles page Auxiliary profiles: Management Presence Servers page Auxiliary profiles: Remote Access Policies page Trusted Root Certificates page Auxiliary Profiles: Wireless Profiles page Configuration Profiles page DNS configuration page General page...

  • Page 22: Auxiliary Profiles: 802.1X Profiles Page

    About Out of Band Management Component pages Auxiliary profiles: 802.1x Profiles page Resource Synchronization page Get ASF/DASH Configuration Inventory task Update ASF Configuration Settings task Update DASH Configuration Settings task OOB Site Service page Certificate Enrollment task Firewall Configuration task FQDN Synchronization task Install Intel Setup and Configuration Server task Install OOB Site Service agent task...
  • Page 23 About Out of Band Management Component pages Auxiliary profiles: 802.1x Profiles page Options on the Add 802.1x Profile dialog box Table 2-1 Option Description Profile name Type a name for the new 802.1x profile. Protocol Select from one of the available options. Client certificate The client authentication options require defining a source for a client certificate for authenticating an Intel AMT device to a...

  • Page 24: Select Certificate Generation Properties Dialog Box

    About Out of Band Management Component pages Auxiliary profiles: 802.1x Profiles page Select Certificate Generation Properties dialog box This dialog box lets you select the certification authority (CA) that Intel SCS uses to generate certificates. Add Certificate Generation Properties dialog box This dialog box lets you configure certificate generation properties.

  • Page 25: Select Certificate Template Dialog Box

    About Out of Band Management Component pages Auxiliary profiles: Management Presence Servers page Select Certificate Template dialog box This dialog box lets you select the certificate template that you want Intel SCS to use when generating certificates for the functionality that you want to configure. Auxiliary profiles: Management Presence Servers page Intel AMT 4.0 and later support CIRA (client-initiated remote access).

  • Page 26: Auxiliary Profiles: Remote Access Policies Page

    About Out of Band Management Component pages Auxiliary profiles: Remote Access Policies page Options on the Add Management Presence Server dialog box Table 2-3 (continued) Option Description Client certificate TLS mutual authentication is used to authenticate the Intel AMT-MPS tunnel. The Intel AMT device requires a client certificate that the MPS will authenticate and a trusted root certificate from the certification...

  • Page 27: Remote Access Policies: Create Remote Policy Dialog Box

    About Out of Band Management Component pages Auxiliary profiles: Remote Access Policies page A remote access policy contains the parameters that determine the conditions for establishing an MPS connection. It also contains the connection parameters to either one or two MPSs. Remote Access Policies: Create Remote Policy dialog box This dialog box lets you create a remote access policy to use with the CIRA (client-initiated remote access) functionality of Intel AMT.

  • Page 28: Trusted Root Certificates Page

    About Out of Band Management Component pages Trusted Root Certificates page Options on the Remote Access Policies: Create Remote Policy Table 2-4 dialog box (continued) Option Description Management Presence Servers Select the MPSs that apply to the policy (up to two). When a trigger occurs, the Intel AMT device attempts to connect to the server that is listed in the Preferred server box.

  • Page 29: Wireless Profiles: Add Wireless Profile Dialog Box

    About Out of Band Management Component pages Configuration Profiles page For more information, see the Out of Band Management Component Implementation Guide. Wireless Profiles: Add Wireless Profile dialog box This dialog box lets you configure the wireless settings that the Intel AMT devices should use in sleep (S3, S4, or S5) state when the operating system cannot be used to configure wireless protocols.
  • Page 30 Intel AMT runtime credentials. Then configure the task to use this connection profile. For more information, view topics about using connection profiles in the Symantec Management Platform Help. New MEBx password Type the new MEBx password that you want Intel SCS to set on the devices that you initialize using the Remote Configuration feature.

  • Page 31: Setup And Configuration Profile: Network Tab

    About Out of Band Management Component pages Configuration Profiles page Setup and configuration profile: Network tab On this tab, define this profile's network settings. Options on the Network tab Table 2-7 Option Description Enable ping response Check if you want the Intel AMT device to respond to a ping. Web UI Administrators can use this browser-based UI (user interface) for management and maintenance of Intel AMT devices.
  • Page 32 About Out of Band Management Component pages Configuration Profiles page Options on the Network tab (continued) Table 2-7 Option Description Enable 802.1x for AMT Check to enable manageability traffic even if the host cannot even if host is not complete 802.1x authentication to the network. authorized for 802.1x Enable EAC Check to enable Endpoint Access Control.

  • Page 33: Setup And Configuration Profile: Tls Tab

    About Out of Band Management Component pages Configuration Profiles page Setup and configuration profile: TLS tab On this tab, configure if you want the Intel AMT devices to require a certificate when authenticating with other applications. Note: You must have a properly configured infrastructure (certification authority installed, proper certificates installed) to configure Intel AMT computers with TLS or TLS Mutual Authentication.
  • Page 34 About Out of Band Management Component pages Configuration Profiles page Options on the TLS tab (continued) Table 2-8 Option Description Server Certificate Select the certification authority (CA) that you want to use to generate server certificates for the Intel AMT devices that are associated with the profile.

  • Page 35: Setup And Configuration Profile: Acl Tab

    About Out of Band Management Component pages Configuration Profiles page TLS: Edit CRL dialog box The Certificate Revocation List (CRL) is a list of entries that indicate which certificates have been revoked. The CRL contains certification authority URLs and the serial numbers of revoked certificates. CRL is an optional feature of TLS Mutual Authentication.
  • Page 36 About Out of Band Management Component pages Configuration Profiles page Directory SID to identify a user or group of users. Digest entries have a user name and password for user identification. When Microsoft Active Directory is used, user identities are imported from Active Directory; otherwise, user identities are added manually.

  • Page 37: Setup And Configuration Profile: Wireless Profiles Tab

    About Out of Band Management Component pages Configuration Profiles page Add ACL Entry: Select User dialog box Select the Active Directory user that you want to use for the functionality that you are configuring. Setup and configuration profile: Wireless Profiles tab You can use the Wireless profiles tab to create and select wireless profiles with which to configure Intel AMT-capable notebook computers.

  • Page 38: Setup And Configuration Profile: Power Policy Tab

    About Out of Band Management Component pages Configuration Profiles page Options on the Wireless profiles tab (continued) Table 2-11 Option Description Allow wireless connection Check to allow Wi-Fi connection even without a profile without profile (using the host s Wi-Fi settings). Setup and configuration profile: Power Policy tab Use these settings to determine what is the highest power state when the Intel AMT devices that are assigned to this profile will be active or will activate from...

  • Page 39: Setup And Configuration Profile: Remote Access Tab

    About Out of Band Management Component pages Configuration Profiles page If you want to allow configuration when the platform has no domain name, check Allow configuration when platform has no domain name. Domains tab: Add New Domain Entry dialog box Use this dialog box to add a domain to the list of domains from which an AMT computer can initiate configuration by Intel SCS.

  • Page 40: Dns Configuration Page

    About Out of Band Management Component pages DNS configuration page For remote access to work, you must configure the Intel AMT platform when the platform is inside the enterprise. You must configure the platform with the information needed to connect with the MPS. The Remote Access tab is used to enter the necessary parameters.
  • Page 41 About Out of Band Management Component pages General page The default settings are adequate for normal operation of Intel SCS. However, if you want to use Kerberos users or 802.1x profiles, you must integrate Intel SCS with Active Directory and check Active Directory Integration on this page. For more information, see the Out of Band Management Component Implementation Guide.
  • Page 42 About Out of Band Management Component pages General page Options on the General page (continued) Table 2-15 Option Description Use one time password Check to require a one-time password (OTP) exchange between Intel SCS and the Intel AMT device that is requesting setup and configuration.

  • Page 43: Select Active Directory Organizational Unit Dialog Box

    About Out of Band Management Component pages Maintenance page Select Active Directory Organizational Unit dialog box This page lets you select the Active Directory Organizational Unit for the functionality that you are configuring. Maintenance page This page lets you define the actions that Intel SCS performs periodically on all configured Intel AMT devices.

  • Page 44: Security Keys Page

    About Out of Band Management Component pages Security keys page Security keys page Setup and configuration of Intel AMT 2.0 (or later) devices is done using the TLS-PSK (Pre-Shared Key) protocol. The protocol requires the security keys installed both in the Intel AMT device and in the Intel SCS database. You can use the Security Keys page to manage the preshared keys and associated parameters.
  • Page 45 About Out of Band Management Component pages Security keys page Options on the Security keys page Table 2-17 Option Description Add new Click to add a new security key. The PID is the eight character identification string that is sent in the clear in the Hello message.

  • Page 46: Service Location Page

    About Out of Band Management Component pages Service location page Options on the Security keys page (continued) Table 2-17 Option Description Mark selected Click to mark a set of security keys that you have used to initialize security keys as an Intel AMT device manually.

  • Page 47: Users Page

    About Out of Band Management Component pages Users page If you move the OOB site server to another computer, you must set the service URL to the URL of the new OOB site server. Options on the Service Location page Table 2-18 Option Description...

  • Page 48: Delayed Setup And Configuration Page

    About Out of Band Management Component pages Delayed Setup and Configuration page Options on the Users page Table 2-19 Option Description Click to add a user. Type or browse to a user name. From the Role drop-down list, select a role: Enterprise Administrator - This role has access to all Intel SCS configuration and management screens, fields, and parameters.

  • Page 49: Intel Amt Systems Page

    About Out of Band Management Component pages Intel AMT systems page For more information, see the Out of Band Management Component Implementation Guide. Options on the Delayed Setup and Configuration page Table 2-20 Option Description DNS suffix (Optional) You can type the DNS suffix with which the Out of Band Task Agent configures the Intel AMT device.
  • Page 50 About Out of Band Management Component pages Intel AMT systems page Options on the Intel AMT systems page Table 2-21 Option Description Authorize systems This operation authorizes configuration for the selected devices. This operation becomes available when you check Intel AMT requires authorization before configuration on the General page.
  • Page 51 About Out of Band Management Component pages Intel AMT systems page Options on the Intel AMT systems page (continued) Table 2-21 Option Description Assign profile This operation lets you assign an FQDN and a configuration profile to the selected Intel AMT device. Unconfigured device is configured using the supplied FQDN and profile the next time the Hello message is sent.

  • Page 52: Profile Assignments Page

    About Out of Band Management Component pages Profile assignments page Options on the Intel AMT systems page (continued) Table 2-21 Option Description Unconfigure This operation disables each Intel AMT device and leaves it without any Setup and Configuration parameters. Unconfiguration is possible in the following ways: Full: Deletes all data from each Intel AMT device.

  • Page 53: Resource Synchronization Page

    About Out of Band Management Component pages Resource Synchronization page For more information, see the Out of Band Management Component Implementation Guide. On the Profile Assignments page you can monitor and modify profile assignments. Options on the Profile assignments page Table 2-22 Option Description...

  • Page 54: Assign Profile Dialog Box

    About Out of Band Management Component pages Resource Synchronization page Options on the Resource Synchronization page Table 2-23 Option Description Override existing profile Check to assign the profile that is defined on this page assignments to the Intel AMT computers that already have a configuration profile assigned.

  • Page 55: Get Asf/Dash Configuration Inventory Task

    Guide. To get ASF or DASH inventory, run this task one time or on a schedule. For information on running tasks, see the Symantec Management Platform Help. Update ASF Configuration Settings task This task lets you enable ASF and configure ASF settings remotely on client...
  • Page 56 About Out of Band Management Component pages Update ASF Configuration Settings task Note: The Out of Band Task Agent must be installed on the client computers before you run the task. The client computer must be turned on to run this task. The operating system must be running.
  • Page 57 About Out of Band Management Component pages Update ASF Configuration Settings task Options on the Update ASF Configuration Settings task page Table 2-25 (continued) Option Description Modify timers settings Check to modify the settings in this group when the task runs. Enable OS hang watchdog Check to watch for operating system hangs and type the watch interval in seconds.
  • Page 58 About Out of Band Management Component pages Update ASF Configuration Settings task Options on the Update ASF Configuration Settings task page Table 2-25 (continued) Option Description Wake on ARP or RMCP traffic Check to configure the network adapter to wake the computer upon receiving ARP or RMCP traffic while the computer is in low-powered mode.

  • Page 59: Update Dash Configuration Settings Task

    About Out of Band Management Component pages Update DASH Configuration Settings task Options on the Update ASF Configuration Settings task page Table 2-25 (continued) Option Description Modify remote control settings Check to modify the settings in this group when the task runs.

  • Page 60: Oob Site Service Page

    About Out of Band Management Component pages OOB Site Service page Options on the Update DASH Configuration Settings task page Table 2-26 (continued) Option Description HTTP Session Timeout Set the management session timeout value. Default: 30 seconds. Enable HTTP GET (HTML User Check to allow HTTP GET requests.
  • Page 61 About Out of Band Management Component pages OOB Site Service page Options on the OOB Site Service page Table 2-27 Option Description SQL settings Type the SQL server's host name and the database name with which you want Intel SCS to work. Default database name for 7.x release of Out of Band Management Component is Symantec_CMDB_IntelAMT.
  • Page 62 About Out of Band Management Component pages OOB Site Service page Options on the OOB Site Service page (continued) Table 2-27 Option Description AD Integration Check if you want the OOB site server installation to verify if the site server candidate is part of the domain and can contact Active Directory.

  • Page 63: Certificate Enrollment Task

    For more information, see the Out of Band Management Component Implementation Guide. For more information on running tasks, see the Symantec Management Platform Help. Firewall Configuration task This task lets you configure the firewall on the OOB site server computer to allow...

  • Page 64: Fqdn Synchronization Task

    About Out of Band Management Component pages FQDN Synchronization task For more information on running tasks, see the Symantec Management Platform Help. FQDN Synchronization task If the FQDN of the Intel AMT computer has changed, Intel SCS loses contact with the Intel AMT device.

  • Page 65: Intel Setup And Configuration Server Upgrade Job

    Intel Setup and Configuration Server Upgrade job We recommend that you do not modify or run this job. To roll out the OOB site server, use the Site Server page in the Symantec Management Console. For more information, see the Out of Band Management Component Implementation Guide.
  • Page 66 About Out of Band Management Component pages Send Intel AMT Hello Message task This task requires that a Windows operating system is running and the Altiris Agent is installed on the target computer. For more information, see the Out of Band Management Component Implementation Guide.
  • Page 67 IT technicians can apply these filters to computers that send suspicious network packets to seal infected computers from the rest of the network. The central database that stores all information about the Symantec Management CMDB (Configuration Platform and its managed computers.
  • Page 68 Configuration integrates Intel SCS into the Notification Server infrastructure and provides the Service) interface for Intel SCS in the Symantec Management Console. A system that provides authenticated access for users and services on a network. Kerberos A piece of information that controls the operation of a cryptography algorithm.
  • Page 69 Out-of-band management can be performed on the computers that have Intel AMT, DASH, or ASF-capable network adapters. The rights that a user or group has to access different items within the Symantec permissions Management Console. Permissions are granted to users through their security role.
  • Page 70 The proprietary protocols that are defined for Intel AMT that redirect keyboard, SOL/IDE-R (Serial-over- text, floppy disk, and CD transfers from a local host to a remote workstation. LAN/IDE-Redirection) The Web-based user interface for managing the Symantec Management Platform Symantec Management and any other installed solutions. Console The platform that provides a set of services for IT-related solutions.
  • Page 71 13 about 15 tasks 17 product comparison 16 computer in-band management 12 out-of-band management 12 Release Notes 18 context-sensitive help 18 Symantec Management Console DASH about 14 about 15 opening 14 tasks 18 documentation 18 tasks ASF 17 help...

This manual is also suitable for:

Out of band management component 7.0 sp3 mr1

Table of Contents