Remote Management Technology Streamlines Maintenance and Security
Secure Remote Management Technologies Support Embedded Platforms
The benefits of secure remote management bring increased control of computing assets and the promise of reduced downtime, maintenance, repair and energy costs.
NORBERT HAUSER, KONTRON
Page 1 of 1
A rise in the level of network integration and ever larger bandwidth have paved the way for increasingly complex, remote IT management of embedded systems. Remotely managing and monitoring common tasks such as troubleshooting, power management and system verification is a fundamental cornerstone to reducing overall operational costs. Remote management also contributes to minimizing or eliminating technician onsite visits that in the past were needed to diagnose and repair any issues. In today’s highly networked environment, it almost goes without saying that remote management must occur within tight security channels. Therefore, embedded system designers must also deliver reliable, trusted system solutions that can be adapted to the unique implementations of each embedded system so it will operate as intended even when it is unmanned or remote.
Now, a rich selection of embedded computing platforms gives designers the advanced manageability and maintenance features they need based on integrated Intel Active Management Technology (AMT). Intel AMT is one of the technologies that is part of the Intel vPro technology suite, which is integrated into its third generation Intel Core vPro processor family, the Intel Xeon processor E3-1200 product family and associated chipsets. Along with AMT, the Intel vPro technology suite includes Intel Virtualization Technology (Intel VT) and Intel Trusted Execution Technology (Intel TXT). Together, all these technologies provide hardware support for advanced management functions, virtualization and platform security so that embedded systems are more secure, less costly to service, and enable increased software and operational flexibility.
Using the third generation Intel processor family as an example, designers have the flexibility to choose the embedded computing form factor that best suits a particular application or market requirement from a list of commercial off-the-shelf and customized solutions. These include Computer-on-Modules (COM), embedded motherboard, CompactPCI and VPX processor boards, and even a new open pluggable specification (OPS)-compliant solution for intelligent digital signage. All provide Intel AMT features. The implementation of embedded platforms with Intel vPro and AMT technologies can greatly improve system management, increase security and streamline development.
Intel vPro and AMT
Intel developed its vPro technology by combining multiple technologies and protocols to address security concerns on multiple layers of the system. Besides security, embedded form factors that integrate vPro also help system developers by saving costs and reducing size, weight and power (SWaP). Embedded computing suppliers such as Kontron will integrate the full Intel vPro platform ultimately on more than 10 third generation Intel processor-based form factors.
Specifically as it relates to implementing secure remote management, designers can select any one of these latest form factors with Intel AMT to address the three key security and reliability challenges facing embedded systems today: system integrity, secure isolation and remote systems management. Intel AMT uses advanced circuitry from the Intel chipset that provides the capability to access and control the system. The chipset circuit establishes a link that allows the system to communicate with a management console without relying on the system’s standard networking functionality. Intel AMT works by using a combination of elements that include domain authentication, session keys, persistent data storage in the Intel AMT hardware and access control lists. Security is maintained because only firmware images that are digitally signed are permitted to load and execute. This set of hardware-based features allows remote access for management, monitoring and other tasks, whether wired or wireless.
OEMs also need to take note that remote management lays the foundation for comprehensive, high-end service concepts for embedded computing devices. Thus, new market and application revenue opportunities are born, which bring the advantages of accelerated services and further service cost reductions that ultimately support long-term competitiveness.
Intel conducted research on real-world deployments and pilot programs and found that 85 percent of software-related issues can be diagnosed and repaired remotely. Handling software repairs remotely can save companies thousands of dollars—it virtually avoids the $60 to $100 per hour costs for a typical technician onsite visit, or a digital signage trouble call that can run as much as $2,000 depending on the location.
Feature-Packed Platforms that Perform
An embedded platform with Intel AMT allows users to diagnose devices remotely. This means that software issues can be repaired via the network and failed hardware components can be identified in advance before technicians arrive. These embedded platforms also provide proactive solutions such as protection for networks by automatically downloading the latest virus signatures and putting infected devices into quarantine, or identifying issues before they grow to become problems that require repairs. IT personnel can develop any number of alerts about software problems, memory and storage usage, and power supply issues.
In addition, the ability to control on/off switching, reboot or re-install software remotely enables companies to be more in control of their computing assets and reduce utility costs. Software and hardware inventories can also be conducted remotely as well as the capability to monitor the status of any embedded device within the network. All this can be achieved even if devices are powered off, not responding, or have disabled or nonworking software issues.
Security is extremely important in embedded systems. With Intel vPro technology, embedded platforms deliver transport layer security (TLS). Hardware-based filters can maintain a secure connection while isolating a compromised device to prevent malware from spreading to other devices on the network. These platforms also provide keyboard, video and mouse (KVM) remote control and enable IDE redirect remote diagnostics and repair for unattended machines.
Efficient power management is also achieved through embedded platforms with Intel AMT. Critical to enable greater system manageability, Intel AMT permits out-of-band (OOB) functionality that supports diagnosis and repair independent of major system components. With built-in manageability, these platforms allow assets to be discovered even when devices are powered off. The management server can issue a power-on command for patch and reboot deployment as needed to a computer that was powered down to save energy. After the monitoring or control task is complete, the management server can issue the power-off command to return the computer to its previous off state. This delivers multiple benefits for unmanned applications or in systems that are not always running. Companies also gain greater control to diagnose system problems regardless of an OS or hardware failure.
Additional security is delivered from the agent presence checking feature that automatically sends alerts when missing software agents are found. Other incoming threats can be detected and blocked from Intel AMT System Defense. System Defense protects against infected clients before they impact the network and alerts IT management when these software agents have been removed.
Putting Intel AMT-Based Platforms to Work
Manually tracking industrial automation assets such as factory robotics and associated support systems that are often built on different platforms is difficult and time-consuming. Keeping these systems current with the latest software, policies and licenses expounds the challenge. These modules provide a fast wireless connectivity solution via 3G/4G add-on modems and other communications devices to enable connected intelligent platforms that deliver optimized up-time, increased remote manageability capabilities and native system security (Figure 1).
Complex, high-speed factory automation applications often require software updates and monitoring that can best be carried out remotely.
Power management through OOB management capabilities allows IT personnel to isolate and recover systems remotely, while alerting and event logging help prevent and reduce downtime. For example, a remote patch can be downloaded securely after a system reboot fails, and enable the system to come back online. To keep software and virus protection up-to-date across the enterprise, third-party software can store version numbers or policy data in non-volatile memory for unmanned or off-hours retrieval or updates.
Many retailers choose not to shut down some of their digital signage systems at the close of business even though they could save energy costs. That’s because IT departments typically want to update data and software during off hours (Figure 2).
Digital signage applications can take advantage of remote management to send real-time customer data to IT as well as to update content and for general maintenance and security.
OPS-compliant digital signage solutions deliver the computing performance, upgraded manageability features and improved security, as well as an increase in uptime provided by remote management capabilities. AMT allows companies to configure remote management to power down systems and then turn them back on when IT requires access. This feature, combined with the power efficiency of Intel processors, can generate considerable cost savings and help protect the environment.
Remote management in digital signage applications also provides greater opportunities to gather market intelligence. For instance, the system could push tailored information to the customer as well as communicate information about user preferences back to the business in real time. To illustrate how this could work, a fast food kiosk equipped for credit card or cash transactions, provides a receipt and then communicates the order to the kitchen. When ready, a staffer gives the selected meal to the customer and scans the barcode on the receipt to confirm that the meal has been delivered. At the same time that the order is communicated to the kitchen, this customer data is also communicated to the corporate marketing team enabling them to have important customer data on the effectiveness of their kiosk promotions.
New Application Opportunities
Security for embedded systems has traditionally been poorly defined even though many systems are mission-critical and handle sensitive information. Today’s global environment requires that security, privacy and reliability be inherent in all embedded systems. Addressing these requirements is a wide range of third generation Intel processor-based COTS platforms that integrate Intel AMT to provide the necessary secure remote access and thwart increasing network threats. Intel has provided valuable application features in its vPro technology suite, and the variety of form factor solutions from embedded computing suppliers delivers the system integrity, secure isolation and remote systems management building blocks that enable true trusted systems. Plus, OEMs can look to these COTS products to provide a hardware verification model that accelerates development and reduces the time-to-market.
These newest embedded platforms provide designers with the latest high-performance technologies enabling them to build applications with increased processing density and I/O bandwidth within tight thermal envelopes. Also, improved size, weight and power (SWaP) can be achieved in a new generation of systems that can leverage the advanced management features of Intel AMT platforms that open new application revenue streams and competitive market solutions.