Acer Veriton DT with vPro FAQ page 1/9

Acer Veriton PC with Intel® vPro technology Questions & Answers

General Questions on Intel® vPro technology

Q1: Where can I find Acer PCs with Intel® vPro technology?

A1: PCs with Intel® vPro technology are available in Acer Veriton series. For a listing of available

Desktop computers which are supporting Intel® vPro technology, please visit

http://global.acer.com/products/desktop/index.htm

Q2: Why there is more cost for a Acer PC with Intel® vPro technology than a similarly

configured PC with an Intel® Pentium D processor. How can I justify that cost

difference?

A2: The premium for Intel® vPro technology can be recouped through greater security, lower

Total Cost of Ownership (TCO) and greater productivity. The Acer Veriton PC is specifically

designed for business environment which have gone thru a series of strict testing and validation.

Configured with the Intel® Core 2 Duo processor and Intel Chipset, Veriton PC provides

industry-leading performance that prepares you for Microsoft Windows Vista* and even the most

intense multitasking. What’s more, Intel® Active Management Technology (Intel® AMT) can

lower TCO through fewer deskside visits and reduction in labor-intensive manual processes.

Intel® AMT, as well as future applications that utilize Virtualization Technology, can also better

protect clients from security threats or virus outbreaks that can infect the rest of the enterprise.

(Keep in mind that VT applications may not be compatible with all operating systems)

Q3: Are the benefits of PCs with Intel® vPro technology lost if I don't have this

platform in 100% of my installed base?

A3: No. You will receive immediate benefit from the energy-efficient performance of the Intel®

Core 2 Duo Processor, and your Veriton PCs will be ready for the Windows Vista* Premium

experience. You can also begin managing PCs with Intel® vPro technology at a higher level than

PCs with earlier management technologies, likely with a simple addition to the management

console you use today. As the portion of your installed base containing Intel® vPro technology

grows, the benefits will accelerate through the potential to further reduce manual processes.

Q4: What software supports Acer Veriton with Intel® vPro technology?

A4: Acer and Intel have worked hand in hand to validate a large selection of the leading

management consoles and other software. For a listing of software vendors who are supporting

Intel® vPro technology visit http://www.intel.com/business/vpro/industry_support/isv.htm or

Acer reseller for the most updated list.

Q5: What IT Service Providers are supporting Intel® vPro technology?

Acer Veriton DT with vPro FAQ page 2/9

A5: Intel® vPro technology is supported by a large selection of the leading IT outsourcers. For a

listing of IT Service Providers who are supporting Intel® vPro technology visit

http://www.intel.com/business/vpro/industry_support/itsp.htm or Acer resellers for the most

updated list.

Q6: If I have a mix of PCs with and without the Intel® Active Management Technology

(Intel® AMT) feature of Intel® vPro technology in my environment, do I have to adopt

different procedures to perform the same tasks on each set of clients?

A6: PCs with Intel® vPro technology can generally be managed with the same processes and

software as PCs without it provided your management console supports both types of clients.

However, additional management capabilities are possible on clients with the Intel® AMT feature

of Intel vPro technology that are not commonly available on PCs without it, such as out-of-band

communication, and remote management and asset tracking regardless of power state or

operating system (OS) health.

Acer Veriton DT with vPro FAQ page 3/9

Functionality Questions about the Intel® Active Management Technology feature of

Intel vPro Technology

Q1: Does the Intel® Active Management Technology (Intel® AMT) feature of Intel

vPro technology support Wake On LAN* (WOL), Pre-boot eXecution Environment

(PXE), and Alert Standard Format* (ASF) in Veriton?

A1: Yes. Acer Veriton PC with Intel® vPro technology can be managed using legacy tools that

utilize WOL, PXE, and ASF when Intel® AMT is turned off, so existing tools that use these

protocols can be used. However, Intel® AMT provides higher levels of security & functionality.

Intel® AMT provides mutual authentication between client and console along with encrypted

communication to guard against unauthorized access to networks and PCs, along with the ability

to read hardware and software asset information even from PCs that are turned off or down.

Q2: How is Intel® Active Management Technology (Intel® AMT) feature of Intel® vPro

technology different from ASF and Wake-On-LAN?

A2: Intel® AMT provides more security and functionality than ASF or Wake-On-LAN. Unlike

legacy technologies, the Intel® System Defense feature within Intel® AMT proactively helps

prevent the spread of viruses by blocking transmissions from infected PCs. Intel® AMT also

provides authentication and encrypted communication of management traffic so the Intel® AMT

features can only be activated by authorized management consoles. Its out-of-band

management capabilities include not only the ability to reboot your PCs and send alerts, but also

allow remote control, remote BIOS updates, and access to event logs and asset information

regardless of system state or operating system presence. Alerting is policy based rather than

based on preset criteria, allowing additional flexibility in IT processes. And Intel® AMT is

designed to ensure management traffic can pass through network routers allowing remote

management of a greater portion of your installed base.

Q3: Will different versions of Active Management Technology backward compatible in

Acer Veriton?

A3: Acer’s goal is to maintain backward compatibility between generations. Some additional

setting may need and limitations may occur. Please consult with your Acer representative or

reseller for more.

Q4: In Acer Veriton, what is the difference between Intel® Active Management

Technology’s small business mode and enterprise mode?

A4: Enterprise mode supports a higher level of security than small business mode. For

organizations that do not have a Setup and Configuration Server (SCS), small business mode

offers a simplified setup process. However, Small Business Mode does not support network traffic

security (encryption and authentication) using TLS, which is supported by Enterprise Mode.

Acer Veriton DT with vPro FAQ page 4/9

Q5: What hardware and software asset information does the Active Management

Technology (AMT) feature of Intel® vPro technology track?

A5: Thru Acer Veriton, AMT automatically stores certain hardware information, and relies on

third-party software agents to track other information. AMT will automatically store hardware

information such as CPU type, memory size and type, system board make and model, BIOS

version, disk drive model and other Field Replaceable Unit information. Independent Software

Vendors (ISVs) may choose to track other information through software agents, such as installed

software and versions.

Q8: Is there any impact of AMT and its Manageability Engine on the Veriton's

performance?

A8: No noticeable to the end-user.

Acer Veriton DT with vPro FAQ page 5/9

Deployment Questions about the Acer Veriton with AMT of Intel® vPro technology

Q1: What are the major steps of setup and configuration for AMT?

A1: There are four general setup and configuration steps for deploying AMT on

PCs with Intel® vPro technology:

1. Establish the management console, including the configuration service.

2. Generate unique key pairs for each Veriton PC with Intel® AMT.

3. Enter AMT networking and security information into Veriton PC

4. Configure Intel® AMT policies.

Q2: What is a Setup and Configuration Server (SCS)?

A2: A Setup and Configuration Server hosts a third-party software service that performs the

tasks necessary to successfully setup and configure AMT as part of the deployment process for

PCs with AMT. The configuration service processes server certificates and configures AMT

operational settings to PCs over the network. The configuration service is provided by a

third-party software vendor who supports Intel® AMT in their software applications. See

Q3: Where to I obtain the software keys used for Intel® Active Management

Technology (Intel® AMT) Setup and Configuration, and what software will generate

them?

A3: Software keys used for Intel® AMT Setup and Configuration are generated by Configuration

Service (CS) applications commonly provided with Intel® AMT enabled management console

applications. Ask your ISV/Resellers what options they offer for generating software keys.

Q4: How do I install software keys on Intel® vPro technology platforms?

A4: Software keys used for Intel® AMT Setup and Configuration can be installed on PCs in two

ways:

1. They can be manually typed into the Intel® AMT BIOS extension screen.

2. They can be loaded onto a USB flash drive and then installed via the PCs' USB ports,

Q5: What new hardware and software do I need to have in my infrastructure to make

use of all the capabilities of Intel® AMT?

A5: To receive the benefits of Intel® AMT you will need to obtain Acer Veriton PCs with Intel®

vPro technology and deploy them with Intel® AMT enabled. In addition, you will need to obtain

an Intel® AMT enabled PC management console from your software supplier. (see

http://www.intel.com/business/vpro/industry_support/isv.htm for a list of ISVs supporting

Intel® vPro technology) To take advantage of authenticated and encrypted Intel® AMT

communication you will need to configure Intel® AMT for Enterprise Mode and deploy a Setup

and Configuration Server and Certificate Authority using software provided by your management

Acer Veriton DT with vPro FAQ page 6/9

console software vendor.

Q6: Can I setup and configure AMT without having to physically handle each PC I

deploy?

A6: Today's PCs with Intel® vPro technology can provide a Zero Touch Configuration (ZTC)

experience if your Veriton supplier pre-installs the software keys required by Intel® AMT. Ask

your reselller if they offer this option. If not provided as a service, a technician will need to enter

the Intel® AMT keys manually or with a USB flash drive. Today, Veriton PCs with Intel® vPro

technology also provide a firmware upgrade capability that will allow you to upgrade to a future

version of Intel® AMT that will include a ZTC capability.

Q7 If I install Veriton with Intel vPro technology but choose not to activate AMT)

capability right away, are my Veriton more vulnerable to attack than a PC without

AMT?

A7: No. When activated through the setup and configuration process, Intel® AMT provides

greater security versus management solutions today. If Intel® AMT is not activated, then it is not

available for communication in any way. In order to enable Intel® AMT, proper encryption keys

must be installed on the PC during setup, and then Intel® AMT must be configured through a

secure remote console.

Q14: If I have deployed PCs with different versions of Intel® Active Management

Technology (Intel® AMT) in my infrastructure, can they coexist?

A14: Yes. Intel maintains Application Programming Interface (API) compatibility across hardware

generations and provides the APIs to Independent Software Vendors (ISVs) who implement

Intel® AMT capability. This allows ISVs to implement support across multiple generations of

Intel® AMT if they choose.

Q15: Does having PCs with earlier versions of Intel® Active Management Technology

(Intel® AMT) in my infrastructure in any way limit the capabilities of PCs with newer

revisions of Intel® AMT?

A15: No. As long as you have a management console that supports all of the capabilities of the

latest version of Intel® AMT you will be able to take advantage of all of those capabilities on the

PCs that have the latest Intel® AMT firmware. PCs with earlier versions of Intel® AMT firmware

can continue to be managed provided your management console ISV has provided the backward

compatibility allowed by Intel's Application Programming Interface (API).

Q16: How do the deployment processes differ from one generation of Intel® Active

Management Technology (Intel® AMT) to the next?

A16: Acer plans to continue to add features to Acer PC’s hardware and firmware, which may

Acer Veriton DT with vPro FAQ page 7/9

include enhancements that ease the deployment process. For example, a future version of

firmware will allow remote setup and configuration assuming vPro technology has been deployed

with Intel® AMT turned on. Acer's goal is to maintain backward compatibility between

generations.

Q17: How can I tell which version of Intel® Active Management Technology (Intel®

AMT) is running in my PCs?

A17: The recommended method to determine the version of Intel® AMT running on a PC is to use

the third party management console. Third party management consoles that are enabled for

Intel® AMT typically allow the console operator to query the version of Intel® AMT running on

individual PCs. Check your management console or Acer reseller for details on how to query the

system to determine the Intel® AMT version.

Q18: Can I upgrade PCs with earlier versions of Intel® Active Management Technology

(Intel® AMT) to the latest version?

A18: Beginning with version 2.0, Intel® AMT firmware can be upgraded to newer versions

provided the newer version does not require a different hardware configuration than the version

being upgraded. Upgradeability is also influenced by your existing hardware configuration.

Contact your reseller or SI to find out if upgrades to Intel® AMT firmware are available for your

system

Q19: Does Intel® Active Management Technology (Intel® AMT) require or use a

Trusted Platform Module?

A19: No. Intel® AMT has no dependency on the availability or use of a Trusted Platform Module

(TPM).

Q20: Will Intel® Active Management Technology (Intel® AMT) work across all of the

sub-nets on my corporate LAN?

A20: Yes, Intel® AMT traffic is capable of spanning subnets.

Q21: Will I need an extra IP address for Intel® Active Management Technology

(Intel®

AMT)?

A21: AMT only requires it's own, separate IP address for out-of-band communication in network

configurations where static IP addresses are used. In network configurations using Dynamic Host

Configuration Protocol (DHCP) out-of-band communication with AMT is conducted through a

separate port number at the IP address shared with the capability operating system, and no

additional IP addresses are needed.

Acer Veriton DT with vPro FAQ page 8/9

Support for the Intel® Active Management Technology feature of

Intel® vPro technology

Q1: Does Microsoft* support Acer Veriton PC with Intel® AMT?

A2: Yes. An add-on that brings Intel® AMT support to Microsoft* SMS is available from Intel at

http://www.intel.com/cd/ids/developer/asmo-na/eng/281122.htm.

Q2: How do I know that my Acer PC comes with Intel® vPro Technology?

A4: If Acer Veriton PC does offer vPro technology, the PC’s specification should have listed vPro

technology as one of features in the feature list. You should also see a visible identifier vPro logo

sticker on the PC to make it easier for IT managers to identify. Moreover, to fully enjoy the

newest version of vPro technologies at the time of this release, following Acer models are

available:

1) Veriton T661

2) Veriton M661

Please check with your Acer representative for more and new models.

Acer Veriton DT with vPro FAQ page 9/9

Acer Veriton PC Security of the Intel® Active Management Technology feature of

Intel® vPro technology

Q1: What prevents malicious software to exploit Acer Veriton PC using Intel® Active

Management Technology (Intel® AMT)?

A1: Access and communications between Veriton based AMT-capable PCs and authorized

management consoles is fully encrypted. Console authentication using shared keys provided

during system setup and configuration helps prevent unauthorized consoles from accessing the

PC, and TLS encrypted communication helps prevent eavesdropping to intercept authentication

data.

Q2: What authentication mechanism is used in Acer Veriton PC with AMT to prevent an

unauthorized person from gaining access?

A2: In Enterprise Mode, Acer Veriton with AMT uses Transport Layer Security for authentication.

A unique key pair must be installed on both the Veriton PC under management and the

authorized console. Keys are installed during AMT setup and configuration to prevent an

unauthorized console from gaining access to an AMT-enabled machine, and to prevent

unauthorized Veritons from being installed on a network and being managed. The security

provided by the technology is only as good as the security implemented by the user, and

therefore relies on a secure chain of custody of keys, system IDs (UUIDs) and other management

related information.