Intel® vPro™ Technology

Remote System Repair Using Intel® vPro™ Technology

RSR Usages Deployments in SMB

Deploying RSR solutions in small to medium businesses (SMB) presents another set of unique challenges. Typically, small to medium businesses do not have the resources to deploy an elaborate infrastructure to manage their clients. To address these SMB challenges, Intel is working on extending the RSR solutions to SMB.

In 2008, new desktop platforms with Intel® vPro™ technology introduce support for Intel® Remote PC Assist Service. Intel Remote PC Assist Service provides:

1. An Intel service infrastructure, the Intel Remote PC Assist Service, for online centralized activation and connection to platforms with Intel vPro technology.
2. PC firmware, BIOS, and software extensions to support interaction with the Intel Remote PC Assist Service.
3. A Software Developers Kit (SDK) for interacting remotely with PCs that have the technology for, and have opted into, the Intel Remote PC Assist Service.

The overall Intel Remote PC Assist Service infrastructure is fully encapsulated in Internet-based data centers that can dispatch connections made between the service provider and the end-customers in the cloud. This concept is illustrated in Figure 7.

Figure 7: Intel® Remote PC Assist Technology and Intel® Remote PC Assist Service network diagram
click image for larger view

The Intel Remote PC Assist Service supports three types of assistance:

1. One-Time Assistance. Typically known as “Break/Fix Service”, one-time assistance ends when the relationship between the user and the service provider ends, after the support session.
2. Reactive Enrollment. This is also typically known as “Break/Fix Service.” The user enters into a more permanent relationship with the service provider, but the user still always initiates the request for help.
3. Proactive Enrollment. This is typically used by “Managed Services.” The user enters into a more permanent relationship with the service provider, and the user gives the service provider permission to access the PC on demand, even when the user is not present.

Figure 8: Break-Fix flow
click image for larger view

In Figure 8, we show the overall flow as well as the different elements comprising the architecture. When a remote heal usage is initiated due to an inoperable PC, the following actions are taken to get the service activated and to receive remote assistance for the heal scenario to begin:

1. The PC end user contacts a service provider over the phone.
2. The service provider requests a passcode from the Intel Remote PC Assist Service.
3. The service provider verbally guides the user into the UI screens (which include a legal/privacy opt-in step) and the user is given the passcode by the service provider (which was requested from the Intel Remote PC Assist Service). The user is requested to enter the passcode and hit the commit button to complete the connection.
4. The firmware embedded in the user’s PC connects to the Intel Remote PC Assist Service over a secure session by using an FQDN and root certificate contained in the firmware from the factory (part of the signed image) and then the PC uses the passcode to perform a one-time registration operation and then associates with the specific service provider.
5. The firmware then locates an available gateway server in the Intel Remote PC Assist Service; it then connects and waits for the service provider to complete the connection to form a remote access session.
6. The service provider’s support application connects to the same gateway server and completes the connection to form a remote access session. The user’s PC can now be remotely accessed using normal Intel vPro technology protocols as if the support application and PC are on the same LAN.

A subtle point to note is that the user initiates the conversation and therefore prevents unsolicited connections. This is because the security and privacy of the PC end user is paramount, regardless of whether it is a small business or a consumer.

This “break/fix” flow is most relevant to the main topic of this article, that is, remote heal. A number of other variations to the flow also exist, for example, a proactive service flow. In such a sequence, the user could be provided with an e-mail or a paper form of details (that is, a passcode) to enroll in the proactive service, after which point the service provider’s automatic tools would immediately be able to monitor the user’s PC. The user does not necessarily need to talk to a human technician on the phone.

The following are example activities that can be performed over this “instantly activated” Fast call for Help tunnel:

1. Boot from remote image by using IDE-R for Remote Heal usages.
2. Reboot the system and boot directly to BIOS.
3. Query asset inventory, 3PDS, Agent Presence and Circuit Breaker—all manageability features.

The Intel® Remote PC Assist Service is capable of delivering a robust environment with the following characteristics:

• Secure and private. The service does not store or use any end-customer’s or service provider’s private data.
• Round-the-clock support and monitoring.
• The ability to be load balanced across multiple data centers in multiple regions (1 to start), using Akamai* to load balance on the main FQDN known by the firmware.
• Load balancing for redundancy also within each data center, with many servers for each component (for example, Web service, database, gateways), as well as internal and external networks (multiple Internet service providers, for redundancy).

Future Direction for RSR Usages

Remote Streaming Architecture for RSR Usages
Instead of downloading images and storing them locally, the concept of streaming a minimal OS to memory and subsequently streaming all other applications on a needs basis is gaining ground. The same architecture can also be extended to Spare-tire OS cases that have IT worker streaming applications and data on a demand basis only. This provides some flexibility for IT-worker productivity as workers do not have to download the entire data set. Existing architectures would require all application and data to be downloaded locally before processing them. Emerging client-streaming architectures, when combined with Web services, provide an easy way to enable both subscription-based services as well as pay-per-usage services as described earlier. Platforms with Intel® vPro™ technology are being enabled with features that can easily adapt to such streaming environments.

Back to Top