Out-of-Band Management (OOBM) Of Intel Devices With 42Gears And Intel® AMT vPro™ Technology

No matter how well-planned an organization’s technology infrastructure might be, outages are unavoidable. Many times, equipment in the field crashes, becoming inoperable, and the IT team needs to send someone to the site to recover the equipment.

More and more devices are operating in remote locations, without anyone readily available to provide in-person assistance. This means that the likelihood of serious outages and downtime will also increase as companies struggle to mobilize support for remote kiosks. Long repair times for kiosks result in revenue loss, customer dissatisfaction, and high repair costs as issues mount over time. 

As these outages are unavoidable, Chief Networking Officers (CNOs) need to adopt a solution that can enable out-of-band management (OOBM) of devices to gain control over these devices.

What is Out-of-Band Management (OOBM)?

IT teams need to be able to manage devices from anywhere, at any time, without ever needing to visit devices in-person. This is where OOBM comes in, by letting admins remotely interact with devices below the OS level, letting them manage even devices that are turned off. 

The diagrams below show how in-band management is different from out-of-band management.

This is in-band management, where the management agent is at the Apps Layer. The agent communicates with the MDM server and is above the OS level. Operating System (OS) should be running while IT admins remotely manage the device, which means, if the system is off, in-band management is not possible.

This is out-of-band management, where the OOBM Management Agent (e.g. Intel® AMT) is running at the hardware level, which is below the OS level. Here, the OOBM agent communicates with the management server (MDM server) and allows IT admins to access or troubleshoot the device even if the OS is not running.

OOBM is crucial for data centers and remote sites; if devices are off and require in-band management, someone will need to travel to the device, which is both costly and time-consuming. Therefore, out-of-band management can mitigate outages and downtime to improve uptime and remote access, while reducing repair costs and remediation efforts. However, OOBM is not required everywhere. Network admins must check which IT assets need OOB management and which equipment needs 24/7 access or visibility. 

OOBM with Intel® AMT vPro™ Technology

IT managers and managed service providers (MSPs) face challenges while managing and securing a dispersed fleet of devices and Point of Sale (PoS) machines. The situation worsens when these devices go offline during sudden outages or when the OS is not running. IT managers need to find an effective solution that can help them manage or control such devices below the operating system (OS).

Intel® Active Management Technology (AMT), built into the Intel® Core™ vPro™ processor, works below the Operating System (OS) level and allows admins to control and manage devices even if the OS is not booting. The solution helps admins improve efficiency and manageability. 

Enterprises who choose to purchase devices equipped with Intel® vPro™ Technology only need to pay slightly more than they would for non-equipped devices, and the additional cost will quickly be outweighed by the time and money saved

Once organizations have implemented this technology, they can:

• access and control devices remotely with keyboard-video-mouse (KVM) control, even if the OS isn’t running 
• power devices ON or OFF remotely to save energy
• remotely reset forgotten disk encryption passwords or PINs
• directly boot into the BIOS remotely with KVM control

Use cases of Intel® Active Management Technology (AMT)

Keyboard- Video-Mouse (KVM)

KVM control allows users to remotely access and control compatible devices via keyboard, video, and mouse, even when the devices are turned off. Remote control usually requires software on the OS level; because AMT does not require this, out-of-band management becomes possible. 

Remote Power ON or OFF and updates

Admins can remotely power compatible devices ON or OFF at any time, or schedule devices to turn ON or OFF in advance. They can also remotely schedule or immediately push on-demand critical security and update patches. This helps IT admins lower device energy consumption and reduce labor costs, while ensuring that the system is up-to-date 24/7. 

Remote recovery of system using bootable disk

In case the OS crashes, AMT allows IT teams to push and boot systems using bootable disks and work remotely using KVM to recover such systems. 

Client-initiated remote access

Using AMT, IT admins can automate event logging and responses to preboot or OS errors. This helps them ensure that systems are performing optimally, and enables admins to perform preventative maintenance before small problems turn into serious issues.

42Gears’ SureMDM and Intel® AMT

42Gears has been providing unified endpoint management (UEM) solutions for in-band device management for years. Now, we have partnered with Intel to offer out-of-band management for compatible Intel devices. With 42Gears’ UEM solution, SureMDM, IT admins can now remotely manage and control business devices even if the OS is not running or devices aren’t booting. Also, with Intel® AMT and 42Gears, admins can troubleshoot devices, in case of sudden downtime or outages, with minimum effort and costs. 

42Gears has integrated support for AMT into SureMDM (for compatible devices) to offer a cost effective, security-focused, and centralized Out-of-Band Management (OOBM) solution to customers. 42Gears’ clients can now take advantage of features like remote power/boot control, hardware information reports, event/audit logs and full Keyboard-Video-Mouse (KVM) remote control. For detailed information, please visit this link here, or view our recent webinar on the topic here.