Intel VPro & MeshCentral Version 2

Posted on | By BusySignal

Intel Active Management & VPro

My interest in Intel’s VPro technology started in 2014 while working on a project of embedded devices for IOT Edge Compute. Regardless of the project however the underlying technology in the VPro solution is astounding.

Essentially a micro server sitting on the literal physical layer of the motherboard. Holding the ability to READ the Video RAM and use the PHY of the MAC to communicate onto the wire without an operating system running creates a level of remote management that puts in front of the device without even being in the same space as the device.

Intel includes the VPro ability in the i5 CPU and above products that also include the Intel embedded Graphics Controller. The latter being incredibly crucial to get to the Video/Graphics controller and display it out.

VPro is a brand that Intel has built around the AMT (Active Management Technology) which enables you to connect, communicate, control and fully manage a device that is configured for remote control. This allows for In-Band (OS Up and Running) and Out-Of-Band (BIOS, POST, No OS Loaded at all) connections and controls.

MeshCentral

As an open source project, Intel has supported Mesh Central as a way to obtain remote control of devices running Windows and Linux enabled a central dashboard to connect and manage all devices. More can be investigated here: https://meshcentral.com/info/

Currently running a Centralized AWS instance where my entire HomeLab and laptops/desktops at home all connect so I can manage them from a single control panel.

The clients installed on the PCs heart beats back to the cloud micro instance and maintains a channel for management. Once logged into the dashboard you have access and can open RDP sessions through a browser instance.

Setup & Tutorials

The ambassadors of the product are providing massive updates and details to the Mesh Central Product. They have a full walk through and configuration process documented that is easy to follow for all platforms.  – https://meshcentral.com/info/tutorials.html

Use Case and Cost Savings

Mesh Central provides an open-source and zero licensing product to manage devices. This in itself reduces the thousands that could be spent to manage enterprise devices. The further push is that with Intel vPro and a properly configured BIOS and Management Engine – you can administrate devices both with an OS running (In-Band) and with just a BIOS up and running (Out-Band) – so if you had to remote into a device that needed you hit “F1 to continue” (although you should really have that turned off) — you could absolutely do this if the device is connected to the internet or an internal network privately controlled and hosted with Mesh Central in house.

The ability to remotely diagnose a device can save you in labor and travel costs to support a device. Remotely connecting to a device can help decipher what support tech level visits the device, what parts or items it is, it also helps with asset management knowing which devices are at the edge to be monitored.

Private Use

The Key to this open-source and coordinated device remote control software is that it can be hosted solely locally and internally, not requiring any cloud or internet connectivity. This is particular key for internal only devices. While not exactly meant for something with only a MicroController – If it is of a more recent derrivative of SBC running Linux – this gives you console and terminal access. While also if you have an environment that has security controls for it to never meet the internet – this allows you to host and manage the service internally and gives you access to your deployed controllers and devices in a single device panel.

I have Mesh Central deployed in two separate instances; 1. in the AWS Micro Tier where all desktop and laptops and even some RasPi’s allow me to manage everything remotely – this also includes some Family devices that are supported where most of the time I just need access to windows desktop to run some scripts. The Second is full instance on Windows Server internally to my Air Gapped environment where I try to isolate testing of devices and software outside of any network contact other than a laptop and USB drive to transfer files. this helps me remote manage the console level more easily than the VMWare host console.

More to come…

 

Category: General Info