Beruflich Dokumente
Kultur Dokumente
In our tests, we compared management in three scenarios: Using Dell Client Command Suite to remotely
manage Dell desktop devices; using only Intel AMT to remotely manage HP desktops; and directly managing
HP desktops without Command Suite or Intel AMT. In each of our tests, it was faster for an administrator to
complete management tasks through Client Command rather than completing tasks with Intel AMT alone, or
through direct, manual management. The diagram below shows our three test scenarios:
Dell Client
Admin Intel AMT Fleet
Command Suite
Manual management
Admin Fleet
Command HP (via
Take a look at Table 2 to see how much time Roger would
Task (1 system) Manual
Suite Intel AMT) spend managing 100 devices. (We estimated these results
Provisioning
48s 51s N/A based on our two-system tests.)
Intel AMT
Changing BIOS
2min 21s 3min 28s 3min 19s Managing HP devices through AMT alone would require
settings
hours of administrator time—hours that could be better
Changing
28s 57s 50s spent on other mission-critical work. For example,
security settings
changing the admin password for 100 devices would
Table 1: Time to manage one system (tested)
take just six steps with the Dell suite, but a whopping
1,701 steps when using only Intel AMT. (For a detailed
Task (100 Command HP (via breakdown of the tasks we tested, see the results
Manual admin
systems) Suite Intel AMT)
appendix on page 20.)
Provisioning
46s 1h 26min 39s N/A
Intel AMT
Changing BIOS
2min 21s 5h 29min 29s 4h 18min 1s
settings
Changing
28s 1h 33min 10s 1h 24min 49s
security settings
We found that the tools Command Suite offers can speed up and simplify device management compared
to management through just Intel AMT on an HP device. The ease of configuring Intel AMT combined with
task sequences, out-of-band management capabilities, one-to-many administration, and other features make
Command Suite an attractive management solution for fleets equipped with Intel AMT.
Processor
Number of cores 4 4
Cache 6 MB L3 6 MB L3
Memory
Amount (GB) 8 GB 8 GB
Graphics
Storage
Amount 1 TB 1 TB
Connectivity/expansion
Size (in.) 22 22
Touchscreen No No
Operating system
BIOS
Configuring AD/DNS/DHCP
1. Power on the Active Directory VM.
2. On the Active Directory server, open Windows PowerShell® as administrator.
3. Run the following command: Install-WindowsFeature RSAT-ADDS
4. When the installation is finished, close PowerShell.
5. Open Server Manager.
6. On the Welcome screen, click 2, and click Add roles and features.
7. At the initial Before you begin screen, click Next three times.
8. At the Server Roles screen, select Active Directory Domain Services.
9. On the pop-up window, click Add Features.
10. Click Next three times.
11. Verify the desired role is being installed, and click Install.
Adding DHCP
1. Open Server Manager.
2. On the Welcome screen, click 2, and click Add roles and features.
3. At the initial Before you begin screen, click Next three times.
4. At the Server Roles screen, select DHCP Server.
5. On the pop-up window, click Add Features.
6. Click Next three times.
7. Verify the desired role is being installed, and click Install.
8. Once installation has finished, close the Add roles and features wizard.
9. In Server Manager, click the flag at the top of the screen and select Complete DHCP configuration.
10. In the DHCP Post-Install configuration wizard window, click Next.
11. At the Authorization Screen, click Commit.
12. At the Summary screen, click Close.
13. In Administrative Tools, open the DHCP service.
14. Expand ad.test.local, then right click IPv4 and select New Scope
15. In the New Scope Wizard window, click Next.
16. At the scope name screen, name the scope Laptops, and click Next.
17. In the IP Address Range, enter the desired scope settings for your network.
18. Click Next four times.
19. At the Router screen, enter the gateway address to be used by the clients, and click Next.
20. Click Next three times.
21. At the Completing the New Scope Wizard screen, click Finish.
Installing required Windows features and roles for System Center Configuration Manager
1. Sign into cm.test.local using the domain\administrator account.
2. Download the Windows Assessment and Deployment Kit for Windows 10 from the following Web site: https://go.microsoft.com/fwlink/
p/?linkid=859206
3. Run adksetup.exe.
4. Select Install the Assessment and Deployment Kit to this computer, and choose an installation path. Click Next.
5. Select Deployment tools, Windows Pre-installation Environment features, and User State Migration Tool. Click Install.
6. When the install finishes, click Close.
7. Run the following commands in Windows PowerShell with administrator privileges:
Get-Module servermanager
Install-WindowsFeature Web-Windows-Auth
Install-WindowsFeature Web-ISAPI-Ext
Install-WindowsFeature Web-Metabase
Install-WindowsFeature Web-WMI
Install-WindowsFeature Web-DAV-Publishing
Install-WindowsFeature BITS
Install-WindowsFeature RDC
Install-WindowsFeature NET-Framework-Features -source \\yournetwork\yourshare\sxs
Install-WindowsFeature Web-Asp-Net
Install-WindowsFeature Web-Asp-Net45
Install-WindowsFeature NET-HTTP-Activation
Install-WindowsFeature NET-Non-HTTP-Activ
1. In the SCCM console, under AdministrationSite Configuration, click Server and Site System Roles.
2. Right-click cm.test.local, and select Add Site System Roles.
3. In the Add Site System Roles Wizard, click Next twice.
4. Select the Fallback status point, and click Next.
5. Click Summary.
6. Click Next.
1. On each target system, during boot, press Ctrl + P to enter the Intel Management Engine BIOS Extension.
2. Enter the Intel ME Password. The default is admin. We changed ours to P@ssw0rd
3. Navigate to Intel ME General SettingsRemote Setup and Configuration, TLS PKI, and select Manage Hashes.
4. Press the insert key to add a certificate hash.
5. Enter a name for the hash.
6. Enter the 40-character thumbprint recorded before.
7. Exit the MEBx menu.
Testing methodology
Before each test, ensure all target desktops are powered on and are signed out of the user account. Ensure that all systems are domain
joined and that they have the configuration manager client installed prior to running the provisioning command. Ensure all systems are
connected to a monitor.
Configuring AMT
Prior to this test, ensure all target clients have been added to the target collection.
For timing purposes, we used RDP to connect to the target system and ran a Machine Policy Retrieval & Evaluation Cycle using the
Configuration Manager Properties menu in Control Panel to trigger the install.
For the two-system test, we completed steps 1 through 13 once, but added the additional client to the collection prior to running the test.
For the two-system test, we completed steps 1 through 7 once, but selected all systems in step 5.
For the two-system test, we completed steps 1 through 16 once, but selected all systems in step 13.
For the two-system test, we completed steps 1 through 6 once, but selected all systems in step 4.
For the two-system test, we completed steps 1 through 7 once, but selected all systems in step 5.
We do not include time or steps for this task, but did complete it to verify functionality.
After starting the previous command, stop the admin time timer, and start the system time timer. Stop the system time timer and once the
command stops running and exits with code 0, indicating a successfully provisioned system.
For the two-system test, repeat steps 1-5 for the second system. Immediately start repeating the above steps on the second system and do
not start the system time timer till you complete the steps for the second system.
For all vPro tests, we use Intel Manageability KVM to complete the task.
We added these steps to the total steps for all vPro tasks. Additionally, all two-system tests repeat steps 2 through 3 for the second system.
For the two-system test, repeat steps 1 through 4 on the second system.
For the two-system test, repeat steps 1 through 4 on the second system.
For the two-system test, repeat steps 1 through 22 on the second system.
For the two-system test, repeat steps 1-15 on the second system.
For the two-system test, repeat steps 1 through 4 on the second system.
For the two-system test, repeat steps 1 through 4 on the second system.
For the two-system test, repeat steps 1 through 4 on the second system.
For the two-systems test, repeat steps 1 through 5 on the second system.
Changing the boot order 0:21 0:52 0:49 0:21 1:43 1:35
Changing the system password 0:28 0:57 0:50 0:28 1:53 1:41
Changing a BIOS setting 0:00:25 1:18:43 1:18:18 99.4% 1:01:40 1:01:15 99.3%
Changing 10 BIOS settings 0:00:95 2:45:26 2:43:51 99.0% 2:59:28 2:57:54 99.1%
Changing the boot order 0:00:21 1:25:20 1:24:59 99.5% 1:16:53 1:16:32 99.5%
Changing the system password 0:00:28 1:33:10 1:32:42 99.5% 1:24:49 1:24:20 99.4%
The tables below show the admin steps required to manage one, two, and 100 systems.
Changing the boot order 16 601 595 99.0% 400 394 98.5%
Changing the system password 7 701 694 99.0% 500 393 98.6%
Principled Principled
Facts matter.® Facts matter.®
Technologies ®
Technologies ®
In no event shall Principled Technologies, Inc. be liable for indirect, special, incidental, or consequential damages in connection with its testing, even if advised of the
possibility of such damages. In no event shall Principled Technologies, Inc.’s liability, including for direct damages, exceed the amounts paid in connection with Principled
Technologies, Inc.’s testing. Customer’s sole and exclusive remedies are as set forth herein.