Intel® AMT Provides Out-of-Band Remote Manageability for Digital Security SurveillanceIntel Research Shows Significant Cost Benefits in Large-Scale DSS Installations

WHITE PAPERIntel® Active Management TechnologyIntel® Digital Security & SurveillanceIntel® Manageability Reference ConsoleIntel® Core™ ProcessorsIntel® vPro™

status of vital systems 24/7, leading security vendors are incorporating health check features and management routines into their products and software.

For example, many digital video recorders (DVRs), networked video recorders (NVRs) and remote cameras include “heartbeat” detection to show that a device is operational, in addition to hard-disk drive (HDD) capacity monitoring, and picture quality evaluation tools. Central monitoring systems (CMS) have failure detection mechanisms, including passive signal reception to detect power failures and loss of video signals. User-invoked status checks can be performed to evaluate storage capacity, CPU performance, camera operation, alarms, and access control.

The latest video management software (VMS) modules enable remote monitoring of security systems and components, including checks for network status, time accuracy, HDD status, remote camera and disk configurations, in addition to integrated alarm signals to detect object motion and tampering with automatic alerts.

While they provide important benefits, these operating system (OS)-hosted solutions rely on a functional client OS and an operational communications network. When the network is the problem, or the unit fails after a power surge, or the client operating system crashes, not much can be done with conventional remote access software. These issues are all the more significant when you consider that performance and reliability problems often begin to appear after the third year in networked devices that operate 24/7 in challenging remote environments.

CHALLENGE Digital Security Surveillance (DSS) systems must be highly available 24/7. Unplanned downtime can leave an entire enterprise infrastructure exposed and vulnerable.

SOLUTIONRemote manageability can help keep DSS systems operational, while avoiding the added cost of on-site technician visits.

Intel® Active Management Technology (Intel® AMT) is a subset of Intel®vPro™ technology available in Intel® Core™ processors. It provides a robust set of out of band hardware-based remote management and maintenance capabilities. Intel AMT enables IT staff to monitor, repair, and protect networked DSS devices – even when the devices are powered off, not responding, or have software issues.

IMPACTResearch was recently conducted by Messe Frankfurt New Era and Intel, focusing on typical large-scale DSS installations. Results show that Intel AMT can generate a return on investment of up to 142 percent within the first two years of operation.

α

Reducing Maintenance Costs in DSSA survey of maintenance requirements for a typical highway surveillance installation underscores the cost benefits of remote manageability. Survey data compiled by Messe Frankfurt New Era and Intel shows that many service calls require technician to go on-site to perform relatively simple tasks, such as rebooting a system or providing minor firmware updates.

Data shows that for maintenance issues that require an on-site technician, a repeat trip is required in about 20 percent of all cases. This can be due to the right parts or tools not being on the truck, or that technicians with the wrong skill sets were called because end users could not provide an accurate description of the problem.

Remote manageability provides a cost-effective alternative that optimizes system uptime. In one example surveyed by Messe Frankfurt New Era and Intel, the cost of sending in one service crew to a remote site was approximately $400, and the cost of over-stocking unneeded spare parts and materials was up to $2,000. In this example, Messe Frankfurt New Era estimates that remote manageability could potentially cut maintenance costs by more than 70 percent.

α

Management Tools are Not All the SameThe industry has created a plethora of tools for remote management and troubleshooting of connected systems. These solutions are aimed at providing easier ways to manage large numbers of scattered devices that are growing more IT-like and processing-intensive. Motivated by the need to monitor the health and

Intel® AMT Provides Cost-Effective Out-of-Band ManageabilityIn an analysis of five large DSS installations, each with more than 1,000 cameras and based on dozens of end user interviews, Intel identified four major categories of service calls. These are shown in Figure 1. For many of the problem types we identified, Intel AMT could remotely detect and identify specific problems, and resolve many problems remotely. In the near future Intel AMT will be capable of predicting or anticipating failures based on historical data.

One case involved a power outage caused by a lightning strike. Without OOB manageability, when NVRs or workstations shut down, the DSS system would be unable to record events until a technician could arrive on-site to reboot and reconfigure the equipment. Where the physical power switch was not turned off, Intel® AMT would allow an operator to remotely reboot and reconfigure these systems, so long as they remain connected to the network. Similar remote management is possible for network routers based on Intel processors that support Intel vPro technology.

2

Source: Messe Frankfurt New Era and Intel, 2012

Figure 1: Common Problem Sources in DSS Installations

3

Source: Messe Frankfurt New Era and Intel, 2012

Source: Messe Frankfurt New Era and Intel, 2012

Figure 2: Lifecycle Service Cost Savings with Intel® AMTFigure 2 illustrates how remote detection and problem resolution can reduce costs as DSS systems age. Assuming that all equipment is based on Intel vPro technology, and that key plug-ins are continuously developed for security applications, a system integrator can achieve potential savings of as much as see up to 78.7 percent in reduced inventory and personnel costs by the fifth year of operation. Refer to the Appendix for specific calculations of potential savings.

Figure 3: Reduced Service Calls with Intel® AMTFigure 3 shows the number of service calls, with and without Intel AMT, over a five year operating period.

4

Intel® Manageability Reference ConsoleThe Intel® Manageability Reference Console (Intel® MRC) is a graphical user interface console application designed for validation, pilot programs, demonstrations and development kits. The console includes the Intel AMT Software Development Kit (SDK) plug-in that includes a high-level application programming interface (HLAPI). The HLAPI enables software developers and DSS device OEMs to rapidly develop new manageability applications that take full advantage of Intel AMT. Based on the Microsoft .NET* framework, the SDK simplifies development software components and libraries that extend Intel AMT the usage models.

The Intel MRC includes a set of software plug-ins:

• Alarm clock sets a time for the client to wake up, according to preconfigured requirements with no network access needed after the settings have been saved to the client device.

• Hardware asset management tracks changes in hardware and detects tampering. Users can remotely view and log information including device serial numbers, baseboard BIOS, processor, and memory configurations. As long as the device is shown on the BIOS, Intel MRC can retrieve detailed status reports.

• Network isolation of a client device restricts access to network resources while retaining OOB access for troubleshooting. Isolating a device can help diagnose network problems or quarantine a client suspected of being infected with malware.

• KVM remote control lets users remotely troubleshoot client devices by controlling their keyboards, visual displays and mice. The capability is at the application level, via software licensed from VNC vendor RealVNC*.

• Remote power management allows for remote power-on, shutdown and power schedule management. Actions can be pushed to multiple devices simultaneously according to a schedule executed by Intel® MRC. This capability requires an active network connection for the client and server.

• Remote diagnosis and repair enables operators to remotely reboot a client server or NVR to the operating system or BIOS, reboot with HDD sharing, or reboot from a CD-ROM or ISO image. HDD sharing is possible through OOB communication with the target device. It transfers and boots a small Linux ISO that enables HDD sharing. Intel AMT can detect hard drive failures and preempt them with failover redundancy.

One of the great benefits of Intel AMT is extensibility to cover additional use cases. Security service companies and end users will get to enjoy lower operating expenses as more plug-ins are developed to unleash the full power of the hardware-based remote manageability of Intel AMT.

Other system health checks are possible, including detection by the motherboard of voltage variations in edge devices and remote BIOS-level access to enable an always-on system core that enhances the reliability and availability of application software tools.

Intel AMT can potentially detect device-level failures or anomalies, and can enable operators to remotely pinpoint the source of problems. This is especially helpful with large DSS installations that include hundreds or even thousands of edge devices, each of which can be a possible point of failure.

As Intel’s survey results show, Intel® Core™ and Intel® Xeon® processors that provide hardware support for Intel AMT, can lead to significant cost savings for service contractors, while reducing system downtime in mission-critical DSS installations.

LEARN MORE Intel® Active Management Technology (Intel AMT) Software De-velopment Kit (SDK) Start Here Guide

http://software.intel.com/en-us/articles/intel-active-manage-ment-technology-intel-amt-software-development-kit-sdk-start-here-guide/

Intel® Active Management Technology Use Cases

http://software.intel.com/en-us/articles/intel-active-manage-ment-technology-use-cases/

Intel® Manageability Reference Console application

http://edc.intel.com/Link.aspx?id=4934

Appendix

ROI Analysis of Intel® AMT in Typical DSS Installations

Assumed Number of Cameras 1,000

Assumed Number of NVRs and Subsystem/Client Servers (1) 50

Year 1 Year 2 Year 3 Year 4 Year 5

Server Acquisition/Replacement Cost (without Intel® AMT) (2) $ 45,000 $ 45,000 $ 45,000 $ 45,000 $ 45,000

Assumed Server Upgrade/Replacement Rate 20% 20% 20% 20% 20%

Server Acquisition/Replacement Cost (with Intel® AMT) (3) $ 50,000 $ 50,000 $ 50,000 $ 50,000 $ 50,000

Increased Server Hardware Cost $ 5,000 $ 5,000 $ 5,000 $ 5,000 $ 5,000

Server Spare Parts Inventory Cost (without Intel® AMT) (4) $ 112,500 $ 112,500 $ 112,500 $ 225,000 $ 225,000

Server Spare Parts Inventory Cost (with Intel® AMT) (5) $ 109,325 $ 106,150 $ 102,975 $ 199,600 $ 193,250

Inventory Cost Saved $ 3,175 $ 6,350 $ 9,525 $ 25,400 $ 31,750

Approximate Number of Service Calls (without Intel® AMT) (6) 78.0 78.0 78.0 130.0 130.0

Server Spare Parts Inventory Cost (with Intel® AMT) (7) 65.7 53.4 41.2 48.2 27.7

Number of Service Calls Saved 12.3 24.6 36.8 81.8 102.3

Potential Manpower Cost Saved (8) $ 4,911 $ 9,822 $ 14,733 $ 32,739 $ 40,924

Total Savings $ 8,086 $ 16,172 $ 24,258 $ 58,139 $ 72,674

Return on Investment at the Server Level $ 3,086 $ 11,172 $ 19,258 $ 53,139 $ 67,674

5

α Research by Messe Frankfurt New Era and Intel, 2012. *Other names and brands may be claimed as the property of others.

Software workloads used in performance tests may have been optimized for performance on Intel microprocessors. Performance tests are measured using specific computer systems, components, software, operations and functions. Any change to any of those factors may cause the results to vary. You should consult other information and performance tests to assist you in fully evaluating your contemplated purchases, including the performance of that product when combined with other products.

Intel does not control or audit the design or implementation of third party benchmark data or Web sites referenced in this document. Intel encourages all of its customers to visit the referenced Web sites or others where similar performance benchmark data are reported and confirm whether the referenced benchmark data are accurate and reflect performance of systems available for purchase. Copyright© 2012 Intel Corporation. All rights reserved. Intel, the Intel logo, Intel Core and Intel Xeon are trademarks of Intel Corporation in the U.S. and/or other countries.

* Other names and brands may be claimed as the property of others. * Requires activation and a system with a corporate network connection, an Intel® AMT-enabled chipset, network hardware and software. For notebooks, Intel AMT may be unavailable or limited over a host OS-based VPN, when connecting wirelessly, on battery power, sleeping, hibernating or powered off. Results dependent upon hardware, setup and configuration. For more information, visit: Intel® Active Management Technology

*Intel processor numbers are not a measure of performance. Processor numbers differentiate features within each processor family, not across different processor families: Go to: Learn About Intel® Processor Numbers

Printed in USA 0612/HJ/SW/ICMC/PDF 329469-001US

Remarks:

1. 40 for normal operation, 10 as redundancy

2. Dell PowerEdge R510 MSRP/unit = $4,500

3. i5 or i7-based PowerEdge; assumed MSRP/unit = $5,000

5. Calculations based on savings from advanced prediction rate of 22.7% and per-year replacement rate of 20%, with 50% server units in

years 1 to 3; 100% in years 4 and 5

years 4 and 5

7. Calculations based on 78.7% savings and per-year replacement rate of 20%

8. Based on an assumed 8-hour service call at a cost of $400

Case Assumptions:

1. Mid to high-end application, support in close proximity, travel cost negligent

2. Scheduled maintenance calls are a must for projects of this scale, hence no related cost savings

Source: Messe Frankfurt New Era and Intel, 2012