Experimenting with Environment Detection Do-it-yourself Lab Exercises

What is Environment Detection?  Environment Detection was a new feature introduced in Intel® Active Management Technology 2.5 (for Intel® Centrino® Pro systems.)  Most basically, Environment Detection enables the AMT client to detect when the system is operating on a foreign network and to therefore hide its manageability interface.  Once Environment Detection is enabled, the VPN Routing option can be turned on so that the Intel AMT Client can be managed once the system is VPN’d in to the corporate network from a roaming network.  Take Environment Detection a step further by adding a System Defense Policy that will become active once the system is back on a Foreign Network (IT shops may want to block certain communications when the AMT Clients are on foreign networks._

This Do-it-yourself lab consists of 4 exercises.  The first 3 exercises demonstrate Environment Detection configurations (instructions are included.)   The 4th exercise demonstrates Environment Detection with a System Defense Policy and is left to the participant to explore (the solution will be provided as an additional download.) 

This lab was originally done in person at a training event.  In order to minimize systems we built Virtual machines for the following:  Management Console, Roaming Network Server, and Corporate Network Server.  We are including the network diagram so you can see what systems were used and how they were connected.  If questions arise, feel free to ask them in our Forum.

Assumptions:

  1. Lab participants can set up the Network Connectivity (DNS, DHCP for the two different networks.)
  2. Lab participants have already provisioned their Intel® AMT Client in either Small Business or Enterprise Modes.
  3. Lab participants are able to connect to their Intel® AMT systems and manage them via the AMT Director, aka AMT Commander.

Systems/Equipment Needed:

  1. Roaming Network Server  (Windows Server 2003, DNS, DHCP)
  2. Corporate Network Server (Windows Server 2003, DNS, DHCP)
  3. Management Console  (Windows XP, .Net Framework, AMT Commander)
  4. Intel® AMT Centrino Pro Platform (either in SMB or Enterprise Mode.) 
  5. Wireless Access Point (optional – this lab can be demonstrated on a wired network as well.)
  6. Network Connectivity
  7. Traffic Generator – for testing your filter that you create in exercise number 4.

Exercise Number 1: Moving AMT Client to a Roaming Network

This exercise will demonstrate that the AMT Client can be managed from within the Roaming network as well as from the Corporate network.

Step

Instruction/Comments

1

AMT Client will be on the Roaming network at the beginning of the lab.

2

Demonstrate pinging to and from the AMT Client (can ping the Roaming Server as well as the Corporate Server)

3

Demonstrate that the Web UI can be accessed from the Management console.

HINT:  Go to your Management Console, bring up Internet Explorer and connect to your AMT Client:  http://<your amt client ip address>:16992/

Exercise Number 1 is now completed:  Taking AMT Client to Roaming network.


Exercise Number 2: Environment Detection

This exercise will demonstrate how an AMT Client cannot respond to Management messages while on a Roaming network when Environment Detection is enabled.

Step

Instruction/Comments

1

Verify AMT Client is on the Corporate Network

2

Double click on the Intel AMT Commander.exe icon on the desktop of your Management Console system

3

Connect to your AMT Client via the AMT Commander:

Enter your AMT Client’s IP address only in the Discovery Range and hit the “Start” button. Once AMT Commander has discovered your AMT Client, right click on your AMT Client’s name and select “Add Computer”. This will add your Client under “Network” on the left panel. Now right click on your Client on the left panel and select “Connect”.

4

Select the Networking tab (on the right panel)

5

Go into Advanced Settings

6

Go into General Settings

7

Edit the Environment Detection settings:

  1. If not already enabled, Click the button next to  “Disabled” – this will toggle to “Enabled”
  2. Enter “corpamt.com” as the local Domain
  3. Click on “Add”
  4. Click “OK” and click on “Close”
  5. Now go to the Connection tab and hit “Disconnect” to disconnect the client from the AMT Commander

8

The corpamt.com DHCP server will now be disabled

9

The roaming.net DHCP server will now be enabled

10

On AMT Client:  ipconfig /renew (may have to do this twice.)

11

Verify that the AMT Client is now on the roaming.net domain

12

AMT Client (Host OS) should still be able to ping both the Roaming and Corporate Servers and vice versa.

13

Attempt to bring up the Web UI from the Management Console.

14

Verify that the Web UI cannot connect to the AMT Client.

Exercise Number 2 is now completed:  Basic Environment Detection.


Exercise Number 3: Environment Detection with VPN Routing

This exercise will demonstrate how an AMT Client can be managed while on the Roaming network while VPN’d into the corporate network.

Step

Instruction/Comments

1

Make sure AMT Client is on the Corporate Network

2

Go into AMT Commander from your Management Console

3

Connect to your AMT Client via the AMT Commander:

Enter your AMT Client’s IP address only in the Discovery Range and once AMT Commander has discovered your AMT Client, Click on the “Add’ button, then click on the “Connect” button.

4

Select the Networking tab on the right panel

5

Go into Advanced Settings

6

Go into General Settings

7

Edit the Environment Detection settings:

  • If not already Enabled: Click the button next to  “Disabled” – this will toggle to “Enabled”
  • Enter “corpamt.com” as the local Domain
  • Click on “Add”
  • Click “OK”
  • Click on “Enable” button next to Set VPN routing mode and then  click on “Close”
  • Now go into the Connection Tab and disconnect the Client from the AMT Commander

8

The corpamt.com DHCP server will now be disabled

9

The roaming.net DHCP server will now be enabled

10

On AMT Client:  ipconfig /renew (may have to do twice)

11

Verify that the AMT Client is now on the roaming.net domain

12

AMT Client (Host OS) should still be able to ping both the Roaming and Corporate Servers and vice versa.

13

Attempt to bring up the Web UI from the Management Console.

14

Verify th at the Web UI cannot connect to the AMT Client.

15

Connect AMT Client to the corporate network via the VPN connection (there is a shortcut on the desktop called “VPN Connection”)

16

Bring up the Web UI from the Management Console

17

Verify that Web UI can connect to AMT Client using the VPN IP Address.

Exercise Number 3 is now completed:  Environment Detection with VPN Routing


Exercise Number 4: Environment Detection with System Defense Policy

This exercise will demonstrate how to limit network traffic while the AMT Client is on the Roaming network.

  • In this exercise you will create a System Defense filter and Policy that will be activated when you and your AMT Client are on the Roaming network.

Step

Instruction/Comments

1

The corpamt.com DHCP server will now be enabled and roaming.net DHCP server will be disabled.

2

Create a filter using the AMT Commander. 

(HINT:  Filters are created in the Networking branch of the AMT Client’s tree structure on the left panel.)

3

Create a policy using the filter that you just created

(HINT:  Policies are created in the Networking branch of the AMT Client’s tree structure.)

(HINT:  Do NOT enable Policy here)

4

Enable Environment Detection along with the Policy that you just created.

(HINT:  Environment Detection Interface is where the Policy is enabled – we only want this policy to become active IF Environment detection is enabled AND the AMT system is in a Roaming Environment)

5

Move the AMT Client over to the Roaming Network and demonstrate your success.

6

For the purpose of testing there are traffic generators available on both the AMT Client and the Management Console.

  1. On AMT Client:  Double Click on Traffic client on the Desktop
  2. Traffic Client  (on AMT Client):  Set the IP Address to Management Console
  3. On Management Console:  Traffic Server - Add the protocol you are testing  (TCP, UDP); select and click on ADD
  4. Both are now ready to be started.

Congratulations – This Lab is Now Finished!

For more complete information about compiler optimizations, see our Optimization Notice.