Monday 3 December 2012

Additional Steps to Customise your Intel MPS Solution

Hi All,

If you need help setting up Intel's Management Presence Server (MPS) then look no further. Intel have a video blog which is located here.

I recently followed these instructions for a client and I thought I would share the additional steps I used to create a seamless solution.

The client wanted to support their employees over the internet, by remote controlling their systems, the solution I provided is geared around this outcome. 

To make the solution easy and seamless, I did not want the support team changing proxy settings and checking services. I wanted the support team to click one button to control the end users system. To do this I created a dedicated server for MPS and support services. 

It goes like this:
  • Employee calls for help
  • Support team member logs onto MPS server, clicks one button
  • That button checks to ensure all required services are running and if they are not they are started. 
  • Once all the services are running VNC Plus opens and the support team member, can type in the computer name to remote control the system.

Below are the additional steps to make this happen.
  • Modify the SCS profile to include your MPS Server 
  • Changed the Internet Explorer Proxy Settings (If you want to get to the AMT Web GUI) 
  • Allow port 12345 into your DMZ and forward it to your MPS server  
  • Add the proxy settings to VNC plus
  • Add the proxy settings to your customised application (If you want it to work with your MPS server)
  • Add the proxy setting to KVM View (If you want it to work with your MPS server)
  • Streamline the support process

1. Modify the SCS profile to include your MPS Server

1.1 Modify your SCS profile to include Home Domains, Remote Access, and WiFi Connection

1.2. Add all of you internal domains. This is so the Intel system knows when it's internal or external to your domain. Also tick the option All Intel(r) AMT functionality via VPN. 

1.3 Now you need to add a Management Presence Server and a Remote Access Policy. Click on the Add button.

1.4 Management Presence Server

  • IP Address: Your external IP address and port number. The port number is the port number you set in the second video for stunnel. The default is 12345
  • Server Authentication: The Root CA you created from the first video
  • Common Name: FQDN of your MPS server 
  • System Authentication: The username and password that will be used to authenticate.
 1.5 Remote Access Policy

  • Policy Name: Call it whatever you like.
  • Options: Fast Call for All, OS and BIOS Interface
  • Preferred Server: The MPS Server you created from section 3.1

1.6 If you don't already have WiFi support please add it. 

2. Changed the Internet Explorer Proxy Settings 

2.1 To access the Web GUI of your client you will need to point Internet Explorer to your MPS server. The port used is whatever you assigned to Apache (httpd.conf) and your MPS Server (mps.config)

3. Allow port 12345 into your DMZ and forward it to your MPS server 

3.1 You will need allow and forward the port you set in stunnel.conf to your MPS Server. In this example it is 12345.

4. Add the proxy settings to VNC plus

4.1 To remote control the system you will need to add the proxy settings to your VNC plus connection. 
  • HTTP Proxy: The port you assigned in Apache (httpd.conf) and your MPS server (mps.config)
  • SOCKS 5 Proxy: The port you assigned to SOAP to the MPS server (mps.config) and your Proxy Socks port for Apache in (httpd.conf)
  • Username and Password: Not required.
5. Add the proxy settings to your customised application

5.1 If you created your own customised application as I did here you will need to added the HTTP and SOCKS proxy settings as you did for VNC Plus. 

6. Add the proxy setting to KVM View 

6.1 To remote control the system using KVM View you will need to add the proxy settings to your KVM View connection. 
  • HTTP Proxy: The port you assigned in Apache (httpd.conf) and your MPS server (mps.config)
  • Redirection Proxy: The port you assigned to SOAP to the MPS server (mps.config) and your Proxy Socks port for Apache in (httpd.conf)
  • Auto proxy include list: The system you want to remote control

7. Streamline the support process

My idea was to make the solution as seamless as possible. If a user called for support, help desk would log onto the MPS Server, click on one icon and then would be controlling the users system.

For this to happen complete the following:
  • Install VNC Plus onto your MPS server
  • Create a new root directory called MPS_Services and copy the contents from the SDK directory AMT8.1.4198\Windows\Intel_AMT\Bin\MPS into it.
  • Copy MPSNotification.exe from AMT8.1.4198\Windows\Intel_AMT\Bin to C:\MPS_Services

  • Create a bat file called (MPS.Bat with the following command)
  • Create a bat file called (MPSNotification.bat with the following command). Change the IP address to your MPS Server and the port to what you set in NotificationList.config too.

  • Create a VBS script called StartMps.vbs and send the short cut to the desktop for all users. This is what the support team will run that will perform all the necessary check and start VNC Plus.
Set WshShell = WScript.CreateObject ("WScript.Shell")
Set colProcessList = GetObject("Winmgmts:").ExecQuery ("Select * from Win32_Process")

Dim vFoundApacheMonitor,vFoundstunnel,vFoundmps,vFoundMPSNotification 

'Check if Apache is running
Const strServiceName = "Apache2.2"
Set oShell = CreateObject("Shell.Application")

If Not oShell.IsServiceRunning(strServiceName) Then
  oShell.ServiceStart strServiceName, False
  Msgbox "Starting Apache2.2 service",, "Service Apache Starting"
End If

For Each objProcess in colProcessList
'check to see if ApacheMonitor.exe is running 
    If = "ApacheMonitor.exe" then
            vFoundApacheMonitor = True
    End if
    If = "stunnel.exe" then
            vFoundstunnel = True
    End if
    If = "MPS.exe" then
            vFoundmps= True
    End if
    If = "MPSNotification.exe" then
            vFoundMPSNotification = True
    End if
If vFoundApacheMonitor = "" Then 
    WshShell.Run """C:\Program Files\Apache Software Foundation\Apache2.2\bin\ApacheMonitor.exe"""
    msgbox "Starting Apache Monitoring",, "Apache Monitoring Starting"
end if
If vFoundstunnel = "" Then 
    WshShell.Run """C:\Program Files\stunnel\stunnel.exe"""
    msgbox "Starting stunnel",, "Stunnel Starting"
end if
If vFoundmps  = "" Then 
    WshShell.Run "C:\MPS_Services\MPS.bat"
    msgbox "Starting MPS",, "MPS Starting"
end if
If vFoundMPSNotification  = "" Then 
    WshShell.Run "C:\MPS_Services\MPSNotification.bat"
    msgbox "Starting MPS Notification",, "MPS Notification Starting"
end if

Response = Msgbox ("All services are running that are required for Call For Help. Would you like to open VNC Viewer?",4,"Services Are Started")
If Response = 6 then
   WshShell.Run """C:\Program Files\RealVNC\VNCViewerPlus\vncviewerplus.exe"""
End if

Now all they need to do is click on one file and they are controlling the users desktop.

No comments:

Post a Comment