Out of band management in Configuration Manager 2007 SP1 provides powerful management control for computers that have the Intel vPro chip set and Intel Active Management Technology (Intel AMT) for the following firmware versions:
- Intel AMT version 3.2 with a minimum revision of 3.2.1.
- Intel AMT version 4.0 and version 5.0.
.gif) Note |
| The information in this topic applies only to Configuration Manager 2007 SP1 and later. |
Out of band management allows an administrator to connect to a computer's management controller when the computer is turned off, in sleep or hibernate modes, or otherwise unresponsive through the operating system. By way of contrast, in-band management is the classic approach used by Configuration Manager and its predecessors whereby an agent runs in the full operating system on the managed computer and the management controller accomplishes tasks by communicating with the management agent.
Out of band management supplements in-band management. While in-band management supports a wider range of operations because its environment is the full operating system, in-band management might not be functional if the operating system is not present or is not operational. In these situations, the supplementary capabilities of out of band management allow administrators to manage these computers without requiring local access to the computer.
Out of band management tasks include the following:
- Powering on one or many computers (for example, for maintenance on computers outside business hours).
- Powering off one or many computers (for example, the operating system stops responding).
- Restarting a nonfunctioning computer or booting from a locally connected device or known good boot image file.
- Re-imaging a computer by booting from a boot image file that is located on the network or by using a PXE server.
- Reconfiguring the BIOS settings on a selected computer (and bypassing the BIOS password if this is supported by the BIOS manufacturer).
- Booting to a command-based operating system to run commands, repair utilities, or diagnostic applications (for example, upgrading the firmware or running a disk repair utility).
- Configuring scheduled software update deployments and advertisements to wake up computers prior to running.
For example scenarios of how out of band management can be used, see Example Scenarios for Using Out of Band Management.
Some of the preceding tasks are performed from the Configuration Manager console, while others require running the out of band management console that is supplied with Configuration Manager 2007 SP1. Out of band management uses Windows remote management technology (WS-MAN) to connect to the management controller on a computer.
|
Note |
| Out of band management is not supported for clients that are managed over the Internet with Internet-based client management. Additionally, Configuration Manager clients that are blocked by the Configuration Manager infrastructure continue to accept out of band management communication. |
The following table outlines the new options and features that out of band management provides in Configuration Manager 2007 SP1.
| Feature or Scenario |
More Information |
|
Security-based management
|
Out of band management integrates with an internal public key infrastructure (PKI), using the following certificates:
- A provisioning certificate that is installed on the out of band service point that allows computers to be configured for out of band management.
- A Web server certificate that is installed on each computer that will be managed out of band so that communication is authenticated and is encrypted using Transport Layer Security (TLS).
Administrators must be authenticated using Kerberos before they can manage computers out of band.
Out of band management activity is recorded and auditable.
|
|
AMT provisioning
|
Enables and configures AMT-based computers for out of band management. Supported scenarios include the following:
- Automatic provisioning out of band for new computers that do not have the Configuration Manager 2007 SP1 client installed.
- Automatic provisioning in-band for computers running the Configuration Manager 2007 SP1 client.
For more information, see the following topics:
|
|
Enhanced inventory data
|
Provides hardware inventory data from the AMT chip, such as asset tag, BIOS UUID, power state, processor, memory, and drive information.
|
|
Enhanced network discovery method
|
Identifies computers with a management controller and its provisioning status.
This information can be used to build query-based collections to group computers for out of band management activities, such as provisioning and power control.
For more information, see How to Discover Computers with Management Controllers.
|
|
Power control
|
Enables power on, power off, and restart capabilities for a single computer or selected computers in a collection.
Computers can also be woken up by scheduled mandatory advertisements and software update deployments with a deadline.
For more information, see the following topics:
|
|
Out of band management console
|
A dedicated management console that is run from the Configuration Manager console or from a command prompt to initiate out of band management tasks, including IDE redirection and serial-over-LAN sessions.
|
Note |
| Capabilities might vary depending on the manufacturer of the managed computer. For example, IDE redirection and serial-over-LAN capability can be disabled by the manufacturer. |
For more information, see the following topics:
|
|
IDE redirection
|
Enables the computer to boot from a boot image file or locally connected device rather than from its disk IDE interface. This is useful for diagnosing, repairing, or imaging a hard drive.
|
|
Serial over LAN
|
Serial-over-LAN technology encapsulates the data from a virtual serial port and sends it over the existing network connection established by the out of band management console.
This allows you to run a terminal emulation session for the managed computer, in which you can run commands and character-based applications. For example, this might include reconfiguring the BIOS or, working in conjunction with IDE redirection, you can update the firmware or run diagnostic utilities.
For more information, see the following topics:
|
For more in-depth information about using out of band management in Configuration Manager 2007 SP1, see the following topics in this section:
See Also
Did you find this information useful? Please click the following link to send your suggestions and comments about the documentation to the Configuration Manager Doc Feedback alias: