advertisement
Chapter 8
Managing Jobs and Operations
This chapter describes how to use the jobs options, available from the Console, when working in database mode.
Note:
You can only use these options on systems that exist in the database and are in the Managed state.
For more information, see:
8.1
8.2
8.3
8.4
8.5
8.6
8.7
Starting, Aborting, and Deleting Jobs
Chapter 8 Managing Jobs and Operations
8.1 About Jobs and Operations
A “job” is an operation that you can run from the Console on a selected group of Intel AMT systems, defined using a filter.
The Monitoring > Jobs tab shows a summary of all existing jobs.
Figure 8-1: Example of Jobs
Note:
This table describes the options available from the Jobs tab.
Table 8-1: Jobs Tab Options
Click To do this...
Create a new job (see
Edit the job selected in the list. You can only edit a job if it is in the “Waiting” or “Scheduled” status.
Note: You can only edit some of the fields in the job.
Delete the job(s) selected in the list.You can only delete a job if it is in a status of “Scheduled”,
“Waiting”, “Completed”, or “Aborted”.
View the systems in a job (see
Viewing Job Items on page 185)
Start a manual job selected in the list (see
Starting, Aborting, and Deleting Jobs on page 187)
Abort the job selected in the list
Intel
®
SCS User Guide 179
Chapter 8 Managing Jobs and Operations
8.2 Viewing the List of Jobs
The number of systems in a job and the status of the systems is shown in the columns of the jobs list. These columns are automatically updated to show the current status of the job and the systems. You can show/hide columns by right-clicking the column header and selecting the columns that you want to show.
Table 8-2: Available Data in the Jobs List
Column Description
Name The name you defined for the job
Description
Operation
Status
All Systems
Succeeded
The optional description you defined for the job
The type of operation (see
Job Operation Types on the next page)
The status of the job (see
The total number of systems defined in the job
The number of systems on which the operation completed
Succeeded with Warnings
Failed
Waiting for Retry
In Operation
Aborted
The number of systems on which the operation completed, but with warnings
The number of systems on which the operation failed
The number of systems on which the operation could not run, and the RCS is waiting to retry the operation. The RCS includes an automatic retry mechanism for job operations:
• Retry 5 times, each after a pause of 1 minute
• Then retry 5 more times, each after a pause of 1 hour
• Then retry 5 more times, each after a pause of 24 hours
After 15 unsuccessful retry attempts, the system is added to the total number of systems in the Failed column.
The number of systems on which the job is currently running
The number of systems on which the operation was not run because the job was aborted
Intel
®
SCS User Guide 180
Chapter 8 Managing Jobs and Operations
8.3 Job Operation Types
The operation that you define in a job is run on all systems that are defined in the job. You can define only one operation per job. These are the available types of operation:
Configuration
This operation reconfigures the systems with the settings defined in the profile that you select from the dropdown list.
Note:
• If the Network Settings (IP and FQDN) were changed in the profile, this operation type will NOT make those changes in the device. This is because the RCS cannot get the necessary information from the host operating system. If you need to reconfigure a device with new network settings, use the configuration commands available from the Configurator.
• In certain conditions, this operation might fail on unconfigured systems (see Configuration via Jobs Fails because of OTP Setting).
Full Unconfiguration
This operation deletes all the Intel AMT setup and configuration settings from the systems and disables the
Intel AMT features on the systems.
Note:
This operation type also deletes any root certificate hashes that were entered manually into the Intel MEBX.
Partial Unconfiguration
This operation removes the configuration settings from the systems and disables the Intel AMT features on the systems. The systems and the RCS can still communicate since the PID, PPS, admin ACL settings, host name, domain name, and the RCS IP and port number are not deleted.
Note:
• If the OEM defined the SOL and IDE interfaces to be closed by default, then unconfiguration operations will close them and they cannot be reopened without physical access to the Intel MEBX. This is a known
Firmware limitation.
• If auditing was enabled on the Intel AMT system, you cannot run unconfiguration operations unless it is permitted by the auditor.
Intel
®
SCS User Guide 181
Chapter 8 Managing Jobs and Operations
Maintenance
This operation runs maintenance tasks on the systems:
• Synchronize the clock – Synchronizes the clock in the Intel AMT device with the clock of the computer running the RCS. This task is always performed.
• Renew the Digest Admin password – Renews the password of the Digest admin user according to the password setting defined in the profile. This task is always performed.
• Re-issue certificates – Re-issues PKI certificates that are close to the expiry date. This task is only run if you select the check box.
• Renew AD password – Changes the passwords of the ADOU objects representing the Intel AMT systems. This task is only run if you select the check box.
Note:
For some of these tasks, the RCS needs data stored in the configuration profile. By default, the RCS uses the profile that was last used to configure the system. If you select a different profile from the drop-down list, the data from the selected profile is used instead.
Automatic Maintenance
This operation runs the maintenance tasks (described in the Maintenance operation) on the systems only if they are necessary. This is possible because Intel SCS saves some configuration related data in the database record of each Intel AMT system. The database record is updated each time that a job is run on the system.
When you use the Automatic Maintenance operation:
1. The RCS uses the data in the database to make the decision which maintenance tasks are necessary for each Intel AMT system:
• Synchronize the clock – If not synchronized for more than three months
• Renew the Digest Admin password – If the last renewal of the Digest Admin password was more than six months ago
• Re-issue certificates – If there are less than 30 days before one of the certificate expiration dates
• Renew AD password – If the last renewal of the ADOU object password was more than six months ago
2. The RCS automatically does only the necessary tasks that were identified in step 1. If no tasks are necessary, nothing is done.
Get Discovery Data
This operation gets Intel AMT related data from the systems (see
Viewing Discovery Data on page 175).
Fix Host FQDN Mismatch
This operation fixes Host FQDN Mismatches (see
Detecting and Fixing Host FQDN Mismatches on page 170).
Intel
®
SCS User Guide 182
Chapter 8 Managing Jobs and Operations
8.4 Job Statuses
A job can be in one of these statuses (shown in the Status column of the list of jobs):
• Scheduled – The job was defined to start automatically at a specific date and time in the future. Jobs in this status can also be recurring jobs that will automatically run according to an interval (of days) that you define.
• Preparing Job – A manual job was created and the RCS is currently preparing the list of systems on which the job will run. When complete, the status of the job will change to “Waiting”.
• Waiting – The job has not started yet. This is the status of all new manual jobs until you start the job
(see
Starting, Aborting, and Deleting Jobs on page 187).
• In Progress – The job has started to run. The job will stay in this status until the operation has run on all systems, or the job is aborted.
• Completed – The job was run on all systems. This does not mean that the job was successful on all the systems. (The other columns in the list of jobs show the status summary.) This status is only relevant for non-recurring jobs. After a recurring job has completed, the status of the job will change to
Scheduled.
• Aborting – The job was aborted, but the operation is still running on the systems where it had already started to run before the job was aborted. After the operation has run on all systems where it is already running:
• For non-recurring jobs, the status of the job will change to Aborted.
• For recurring jobs, the status of the job will change to Scheduled.
• Aborted – The job was aborted and the operation has run on all the systems where it had already started to run before the job was aborted.
8.5 Creating a Job
You can create two types of jobs:
• Manual – This type of job only runs once, and must be started manually.
• Automatic – This type of job is automatically started by the RCS at the time and date that you specify in the job. You can define this type of job to run once, or at specified intervals (a “recurring” job).
Intel
®
SCS User Guide 183
Chapter 8 Managing Jobs and Operations
To create a job:
1. In the Console, click Monitoring.
2. Select the Jobs tab and click . The Job Definition window opens.
Figure 8-2: Job Definition Window
3. In the Job Name field, enter a name for this job.
4. (Optional) In the Description field, enter a description for this job. This field is for informational purposes only.
Intel
®
SCS User Guide 184
Chapter 8 Managing Jobs and Operations
5. In the Filter section, define on which systems this job will run:
• Use a filter from an existing View – Select this option to use a filter from an existing view. Select the view from the drop-down list.
• Define a unique filter – Select this option to define a filter that will be used in this job only. Click
Define to define the filter (see
Defining a System Filter on page 163).
6. In the Start Job section, select when the job will start:
• Manually – Select this option to define a manual job. This type of job must be started manually (see
Starting, Aborting, and Deleting Jobs on page 187).
• On this date – Select this option to define an automatic job. By default, todays date is selected. You can edit the date and time directly in the field, or open a calendar to select a different date. If you want to define a recurring job, select the Run job every check box and define the number of days for the interval. The interval can be a minimum of 7 days and a maximum of 365 days.
Note:
After a recurring job completes, the date defined in the job for the next run is automatically updated. You can also manually change the date, time, and interval of automatic jobs (but only when the status of the job is “Scheduled”).
8. Click Save and Close. The Job Definition window closes and the job is added to the list of jobs.
8.6 Viewing Job Items
The systems that match the filter defined in the job are shown in the List of Systems in Job window. These “job items” are the systems on which the job will run.
You can view this list and get data about the systems in the list.
Note:
• For manual jobs, this list only includes systems that matched the filter at the time that the job was created. If more systems are added to the network that match the filter, they will NOT be added to the job.
• For automatic jobs, the systems are added to the list just before the job starts. This means that the job will run on systems that match the filter at the time that the job starts.
• For recurring jobs, the list of systems in the job is automatically updated each time the job starts.
Intel
®
SCS User Guide 185
Chapter 8 Managing Jobs and Operations
To view the job items:
1. In the Console, click Monitoring and select the Jobs tab.
2. Right-click the job and select View Systems. The List of Systems in Job window opens.
Figure 8-3: List of Systems in Job Window
Note:
• You can show/hide systems in the list using the check boxes and the search fields columns and then clicking Search.
• If the job status is “Waiting”, you can delete systems from the list by right-clicking them and selecting
Delete Item from List. If a system is deleted, the operation will not run on that system when the job starts. After a job starts, you cannot delete a system from the job.
• You can view the operation logs of a system by selecting the system and clicking View logs. For more information about logs, see
Viewing Operation Logs on page 173.
Intel
®
SCS User Guide 186
Chapter 8 Managing Jobs and Operations
8.7 Starting, Aborting, and Deleting Jobs
Automatic jobs are started automatically by the RCS.
Manual jobs must be started from the Console.
When a job is in the “Completed” or “Scheduled” status, you can delete the job.
To start a manual job:
In the list of jobs:
• Right-click the job and select Start Job.
- Or -
• Select the job and click
To delete a job:
.
• In the list of jobs, select the job and click
About aborting a job
.
At any time after a job has started, you can abort the job. To do this, in the list of jobs:
• Right-click the job and select Abort Job.
- Or -
• Select the job and click .
When a job starts, the RCS starts the operation simultaneously on the first 50 systems defined in the job. After
30 seconds, the RCS starts the operation on another set of systems (up to the maximum of 50 systems). This cycle continues until the operation is run on all systems in the job.
Note:
If you abort a job, the status of the job is changed to “Aborting”. Operations that have already started on a system will not be aborted. When the operation has run on those systems, the status of the job is changed to
“Aborted” (or “Scheduled” if the job is a recurring job). If an operation is in the “Pending Retry” status, aborting the job will cancel the operation on those systems.
Intel
®
SCS User Guide 187
advertisement
* Your assessment is very important for improving the workof artificial intelligence, which forms the content of this project
Related manuals
advertisement
Table of contents
- 3 Table of Contents
- 8 Chapter 1 Introduction
- 9 1.1 What is Intel SCS?
- 10 1.2 What are the Discovery Options?
- 11 1.3 What is Intel AMT?
- 11 1.4 Configuration Methods and Intel AMT Versions
- 12 1.4.1 Host-based Configuration
- 12 1.4.2 SMB/Manual Configuration
- 13 1.4.3 One-Touch Configuration using PSK
- 13 1.4.4 Remote Configuration using PKI
- 13 1.4.5 Configuration of Mobile Platforms
- 14 1.4.6 Unified Configuration Process
- 16 1.5 Intel AMT and Security Considerations
- 16 1.5.1 Password Format
- 16 1.5.2 File Encryption
- 17 1.5.3 Digital Signing of Files
- 18 1.5.4 Recommendations for Secure Deployment
- 19 1.5.5 Control Modes
- 19 1.5.6 User Consent
- 20 1.5.7 Transport Layer Security Protocol
- 20 1.5.8 Security Before and During Configuration
- 21 1.5.9 Security After Configuration
- 21 1.5.10 Access to the Intel MEBX
- 22 1.6 Admin Permissions in the Intel AMT Device
- 22 1.6.1 Default Admin User (Digest)
- 23 1.6.2 User-Defined Admin User (Kerberos)
- 24 1.7 Maintenance Policies for Intel AMT
- 24 1.7.1 About Maintenance Tasks
- 25 1.7.2 Manual/Automatic Maintenance via Jobs
- 26 1.7.3 Manual/Automatic Maintenance using the CLI
- 28 1.8 Support for KVM Redirection
- 29 1.9 Support for Integration with Intel SBA
- 30 Chapter 2 Prerequisites
- 31 2.1 Getting Started Checklist
- 35 2.2 Supported Intel AMT Versions
- 36 2.3 Supported Operating Systems
- 37 2.4 Support for a Workgroup Environment
- 38 2.5 Required User Permissions
- 39 Chapter 3 Setting up the RCS
- 40 3.1 About the RCS
- 40 3.2 Selecting the Type of Installation
- 41 3.3 Using the Installer
- 41 3.4 RCS User Account Requirements
- 42 3.5 Using the Network Service Account
- 43 3.6 Installing Database Mode
- 43 3.6.1 Supported SQL Server Versions
- 43 3.6.2 Installation Permissions in SQL Server
- 44 3.6.3 RCS User Permissions in SQL Server
- 44 3.6.4 Creating the Database
- 45 3.6.5 Adding the RCS User to the Database
- 47 3.6.6 Installing the RCS and Console
- 51 3.7 Installing Non-Database Mode
- 54 3.8 User Permissions Required to Access the RCS
- 54 3.8.1 Defining DCOM Permissions
- 56 3.8.2 Defining WMI Permissions
- 57 3.9 Backing up Data
- 57 3.9.1 Location of RCS Log Files
- 58 3.10 Modifying an Existing Installation
- 58 3.10.1 Removing/Adding Components
- 61 3.10.2 Changing the Database
- 61 3.10.3 Moving the RCS to a Different Computer
- 62 3.10.4 Deleting the Database
- 63 3.11 Upgrading Intel SCS
- 63 3.11.1 Before Starting the Upgrade
- 64 3.11.2 Upgrading Non-Database Mode
- 67 3.11.3 Upgrading Database Mode
- 67 3.11.3.1 Upgrading the Database
- 68 3.11.3.2 Upgrading the RCS and Console
- 72 3.12 Silent Installation
- 76 Chapter 4 Using the Console
- 77 4.1 About the Console
- 79 4.2 Connecting to the RCS
- 80 4.3 Defining the RCS Settings
- 85 4.4 Creating Configuration Profiles
- 86 4.5 Exporting Profiles from the Console
- 88 4.6 Defining Manual Configuration (Multiple Systems)
- 90 4.7 Importing PSK Keys from a File
- 91 Chapter 5 Defining Intel AMT Profiles
- 92 5.1 About Intel AMT Profiles
- 93 5.2 Creating a Configuration Profile for Intel AMT
- 95 5.3 Defining the Profile Scope
- 96 5.4 Defining Profile Optional Settings
- 97 5.5 Defining Active Directory Integration
- 98 5.5.1 Defining Additional Security Groups
- 99 5.5.2 Defining Additional Object Attributes
- 100 5.6 Defining the Access Control List (ACL)
- 101 5.6.1 Adding a User to the ACL
- 103 5.6.2 Using Access Monitor
- 104 5.7 Defining Home Domains
- 105 5.8 Defining Remote Access
- 106 5.8.1 Defining Management Presence Servers
- 108 5.8.2 Defining Remote Access Policies
- 109 5.9 Defining Trusted Root Certificates
- 111 5.10 Defining Transport Layer Security (TLS)
- 112 5.10.1 Defining Advanced Mutual Authentication Settings
- 114 5.11 Defining Network Setups
- 116 5.11.1 Creating WiFi Setups
- 118 5.11.2 Creating 802.1x Setups
- 121 5.11.3 Defining End-Point Access Control
- 123 5.12 Defining System Settings
- 127 5.12.1 Defining IP and FQDN Settings
- 130 Chapter 6 Using the Configurator
- 131 6.1 About the Configurator
- 131 6.2 CLI Syntax
- 132 6.3 Configurator Log Files
- 132 6.4 CLI Global Options
- 133 6.5 Verifying the Status of Intel AMT
- 133 6.6 Discovering Systems
- 136 6.7 Configuring Systems (Unified Configuration)
- 137 6.8 Configuring Systems using the RCS
- 139 6.9 Adding a Configured System
- 140 6.10 Creating TLS-PSK Pairs
- 142 6.11 Configuring a System using a USB Key
- 144 6.11.1 Power Package GUIDs
- 145 6.12 Maintaining Configured Systems
- 147 6.13 Maintaining Systems using the RCS
- 149 6.14 Unconfiguring Intel AMT Systems
- 152 6.15 Moving from Client Control to Admin Control
- 154 6.16 Disabling Client Control Mode
- 154 6.17 Sending a Hello Message
- 155 6.18 Disabling the EHBC Option
- 156 6.19 Running Scripts with the Configurator/RCS
- 156 6.19.1 Scripts Run by the RCS
- 158 6.19.2 Scripts Run by the Configurator
- 159 6.19.3 Who Runs the Scripts?
- 160 6.19.4 What if a Failure Occurs?
- 160 6.19.5 Script Runtime and Timeout
- 160 6.19.6 Parameters Sent in Base64 Format
- 161 6.20 Configurator Return Codes
- 166 Chapter 7 Monitoring Systems
- 167 7.1 About Monitoring Intel AMT Systems
- 168 7.2 About Adding and Deleting Systems
- 169 7.3 Creating a View
- 170 7.3.1 Defining a System Filter
- 172 7.4 Viewing Systems
- 173 7.5 Searching for a System
- 175 7.6 Sorting the List of Systems
- 176 7.7 Changing the Managed State of Systems
- 177 7.8 Detecting and Fixing Host FQDN Mismatches
- 179 7.9 Getting the Admin Password
- 180 7.10 Viewing Operation Logs
- 182 7.11 Viewing Discovery Data
- 184 7.12 Configuration States
- 185 Chapter 8 Managing Jobs and Operations
- 186 8.1 About Jobs and Operations
- 187 8.2 Viewing the List of Jobs
- 188 8.3 Job Operation Types
- 190 8.4 Job Statuses
- 190 8.5 Creating a Job
- 192 8.6 Viewing Job Items
- 194 8.7 Starting, Aborting, and Deleting Jobs
- 195 Chapter 9 Preparing the Certification Authority
- 196 9.1 About Certification Authorities
- 196 9.2 Using Intel SCS with a Microsoft CA
- 196 9.2.1 Standalone or Enterprise CA
- 196 9.2.2 Required Permissions on the CA
- 197 9.2.3 Request Handling
- 198 9.2.4 Running the CA on Windows 2003
- 198 9.2.5 Defining Enterprise CA Templates
- 204 9.3 Using Intel SCS with the CA Plugin
- 205 9.4 Defining Common Names in the Certificate
- 207 9.5 CRL XML Format
- 208 Chapter 10 Setting up Remote Configuration
- 209 10.1 About Remote Configuration
- 210 10.2 Prerequisites for Remote Configuration
- 210 10.3 Selecting the Remote Configuration Certificate
- 211 10.4 Acquiring and Installing a Vendor Supplied Certificate
- 211 10.4.1 Installing a Vendor Certificate
- 213 10.4.2 Installing a Root Certificate and Intermediate Certificates
- 213 10.5 Creating and Installing Your Own Certificate
- 213 10.5.1 Creating a Certificate Template
- 216 10.5.2 Requesting and Installing the Certificate
- 216 10.5.3 Entering a Root Certificate Hash Manually in the Intel AMT Firmware
- 217 10.6 Remote Configuration Using Scripts
- 217 10.6.1 How the Script Option Works
- 218 10.6.2 Preparing to Use Scripts
- 218 10.6.3 Defining a Script
- 219 Chapter 11 Troubleshooting
- 220 11.1 Damaged RCS Data Files
- 220 11.2 Connecting to an RCS behind a Firewall
- 221 11.3 Exit Code 88
- 221 11.4 Exit Code 110
- 222 11.5 Remote Connection to Intel AMT Fails
- 223 11.6 Error with XML File or Missing SCSVersion Tag
- 223 11.7 Reconfiguration of Dedicated IP and FQDN Settings
- 224 11.8 Disjointed Namespaces
- 225 11.9 Disjointed Hostnames and AD Objects
- 226 11.10 Kerberos Authentication Failure
- 226 11.11 Error: “Kerberos User is not Permitted to Configure..”
- 226 11.12 Error: “The Caller is Unauthorized.”
- 227 11.13 Error when Removing AD Integration (Error in SetKerberos)
- 227 11.14 Failed Certificate Requests via Microsoft CA
- 228 11.15 Delta Profile Fails to Configure WiFi Settings
- 228 11.16 Disabling the Wireless Interface
- 229 11.17 Configuration via Jobs Fails because of OTP Setting