technical white paper hp manageability integration kit · technical white paper hp manageability...

Technical white paper

HP Manageability Integration Kit Client management solution for HP BIOS, security, hardware, and software

Table of contentsThe challenges of traditional image and configuration administration................................................................. 2

HP MIK—overview and key features ............................................................................................................................ 2

The importance of Microsoft SCCM certification......................................................................................................... 5

Conclusion .......................................................................................................................................................................... 5

Appendix A—Microsoft SCCM console and HP MIK user interface ......................................................................... 6

2

Technical white paper | HP Manageability Integration Kit

The HP Manageability Integration Kit (MIK) accelerates and optimizes Windows® system image creation and enables remote management of HP BIOS, security, hardware, and software through a centralized solution. It is certified for Microsoft® System Center Configuration Manager (SCCM).1 The HP MIK saves time and costs for SCCM and IT administrators.

The challenges of traditional image and configuration administration

A great deal of IT administration time is invested in PC configuration and system image management. In fact, it is estimated that manually setting up and managing a single system image costs the typical company $398 per PC per year.2 Creating the image can be challenging given the number of aspects to building a complete and up-to-date image. And when management is done manually through a single connection to the Windows environment through remote means or similar configuration solution, it can be very time consuming.

The administrator also has the challenge of configuring all security, BIOS, hardware, and software settings for all PCs across the fleet and making sure they are constantly up-to-date. This is a task that is massively time consuming to do manually, one by one. And, due to the sheer number of settings and devices, a security risk can be created anywhere across the network due to lack of compliance from any single PC across hundreds of security settings.

Another critical security management task is to maintain the drivers that came with the original PC image by regularly updating them across the entire fleet. This driver update process has traditionally been time consuming for IT administrators, especially if they must update each PC manually. IT is also responsible for keeping BIOS settings properly configured across the fleet, but, varying BIOS naming conventions often create difficulties managing settings between different platforms.

HP MIK—overview and key features

The HP MIK is a Microsoft SCCM plugin that extends the remote management capabilities of SCCM to HP hardware, BIOS, and software. It streamlines security and BIOS administration, as well as image creation, through a modern and intuitive user interface. The HP MIK can be set up to automatically detect and remediate any configurations that are out of compliance across the network, without IT intervention. Even new devices can have security policies automatically applied as soon as they are added to the network.

With the HP MIK, administrators can now significantly reduce their time spent on image creation and driver management. HP provides drivers all in one place for easy downloading. HP MIK can also prevent hackers or malware from turning off security protections and can manage roles such as for multi-factor authentication. The HP MIK plugin normalizes all BIOS settings, so the administrator can manage universally across the fleet.

As seen in Figure 1 on the next page, remote configuration of hundreds of PCs can be streamlined by deploying the HP MIK plugin on Microsoft SCCM and adding the HP MIK Windows Management Instrumentation (WMI) providers to each individual platform. Figure 2 demonstrates how the MIK streamlines the driver download and SoftPaq deployment process.

Note: HP MIK is optimized to work with Microsoft SCCM, although it does work with other client management consoles via scripting.

3


Remote configuration via HP MIK

Before After

HP commercial PC

Microsoft SCCM server Microsoft SCCM console with MIK plugin

Microsoft SSCMAgent

SCCMProvider B

SCCMProvider C

SCCMProvider D

SCCMProvider “n”

SCCMProvider A

Sure Click Sure ViewSure Run

Sure Recover Feature “n” Client security

Figure 1. Administrators can use the Microsoft SCCM console with the HP MIK plugin to remotely configure multiple PCs across the enterprise, reducing IT costs and time while increasing security.

Figure 2. The HP MIK streamlines the process for downloading, creating, and deploying drivers and SoftPaqs by eliminating several steps required in the manual process. The result is up to 37% fewer steps, and 33% less time spent on the process.

Manually create driver pack

Go to product page

Selectproducts/OS/language

Download driver packswith one click

Get list of available SoftPaqs

Select language and OS

Find the download link

Download individual SoftPaq

Modify SoftPaq

Get nextSoftPaq

Get nextOS/lang

Get nextproduct

Get nextproduct

Create driver pack via MIK

4


The HP MIK streamlines IT administration of HP PCs in four main categories:

Capability Feature

Image creation • Set BIOS configuration—Integrated BIOS Configuration Utility (BCU) to set up BIOS settings as part of image rollout

• Create HP Client Boot Image—HP provides a quick method to create a pre-boot execution environment (PXE) boot image with required driver package

• Create deployment task sequences—Provide a sample task sequence for full image creation and deployment (template with Redundant Array of Independent Disks (RAID) example)

• Download and import HP Driver Packs—Import HP-built driver packs or create and import custom driver packs to be used for customer images

Security management

• Authentication options—Remote management of authentication options available to local PC users

• Credential management—Remote management of available credentials to users and ability to enforce use of certain credentials

• Multi-factor authentication—Remote management to require local PC users to use more than one method of identity for login

• Port control management—Remote management to control ports (e.g. USB) that are enabled for users

• Just in Time Authentication (JITA)—Remotely set requirement for users to input password to use PC ports (e.g. USB)

• Trusted Platform Module (TPM) management—Remotely upgrade or downgrade TPM firmware

• HP Sure Start policies—Remotely set Sure Start policies such as BIOS enabling/disabling of automatic recovery if issues are found

• Microsoft Device Guard—Remotely setup BIOS settings to support Device Guard

• Tamper detection—Notify end users via phone app when system is being tampered with

• HP Sure View—Allow users to prevent visual hacking by pressing the fn+F2 keys to reduce up to 95 percent of visible light on the screen

• HP Sure Run—Remotely enforce policies stored in platform hardware by the HP Endpoint Security Controller to ensure application persistence

• HP Sure Recover—Remotely recover the HP OS image with no pre-condition that recovery software is present

BIOS management

• Set and report BIOS settings (BIOS Configuration Utility with graphical UI)

• Graphical UI to remotely set and deploy 100+ BIOS settings, such as:

– Unified Extensible Firmware Interface (UEFI) vs legacy

– Boot order

– BIOS version lock

– Enable/disable virtualization support

Platform optimization

• Printer installation

• Network optimization Quality of Service (QOS)

• Peak power scheduling

• Collaboration keyboard mapping

• Audio settings management

• HP PhoneWise PIN management

• System and app network optimization

5


The importance of Microsoft SCCM certification

The HP MIK is the world’s first and only management toolkit certified for the Microsoft SCCM.1 Microsoft SCCM is a widely used management solution to remotely plan, deploy, configure, and monitor a fleet of PCs.

Why is Microsoft SCCM certification important? It provides assurance in three critical areas:

1. HP employs Microsoft’s best development practices during plugin creation and modification. 2. The HP MIK is backward compatible with the Microsoft SCCM 2012 R2 and compatible with all versions going forward.3. If Microsoft decides to deprecate undocumented APIs in their code, the HP MIK plugin will stay intact and not be affected.

Conclusion

Deploy the HP Manageability Integration Kit to begin enjoying these key benefits:

• Accelerate IT management—Reduce the number of steps needed to create, deploy, and manage images, BIOS, and system security so you can focus on your business.

• Remotely manage security—Secure BIOS settings, set authentication and credentials requirements, enable Microsoft Device Guard, and manage TPM firmware updates.

• Remotely manage software policies—Enable IT administrators to remotely manage policies supported by the software, such as HP Client Security, power management, phone, and other applications.

Learn more www8.hp.com/us/en/ads/clientmanagement/overview.html

http://www8.hp.com/us/en/ads/clientmanagement/overview.html

6


Appendix A—Microsoft SCCM console and HP MIK user interface

MIK information page

HP BIOS Configuration

7


Authentication

Intel Authenticate (TM)

8


Windows Logon Policy

HP Client Manager Advanced Options

9


HP Client Manager / HP Device Access Manager Removable Media

HP Sure Run

© Copyright 2018 HP Development Company, L.P. The information contained herein is subject to change without notice. The only warranties for HP products and services are set forth in the express warranty statements accompanying such products and services. Nothing herein should be construed as constituting an additional warranty. HP shall not be liable for technical or editorial errors or omissions contained herein.

Microsoft and Windows are either registered trademarks or trademarks of Microsoft Corporation in the United States and/or other countries.

4AA7-2767ENW, April 2018


HP Sure Recover

1 As of December 5, 2016. See https://www.microsofteca.com/CatalogDetails/Index/2246. HP Manageability Integration Kit is not preinstalled, available at http://www8.hp.com/us/en/ads/clientmanagement/overview.html.2 Gartner, 2016 IT Key Metrics Data Cost Optimization Toolkit.

Share with colleagues

Sign up for updates hp.com/go/getupdated

https://www.microsofteca.com/CatalogDetails/Index/2246

http://www8.hp.com/us/en/ads/clientmanagement/overview.html

http://www.facebook.com/sharer.php?u=http://h20195.www2.hp.com/V2/GetDocument.aspx?docname=4AA7-2767ENW

http://twitter.com/home/?status=HP+Manageability+Integration+Kit%40+http%3A%2F%2Fh20195.www2.hp.com%2FV2%2FGetDocument.aspx?docname=4AA7-2767ENW

http://www.linkedin.com/shareArticle?mini=true&ro=true&url=http%3A%2F%2Fh20195%2Ewww2%2Ehp%2Ecom%2FV2%2FGetDocument%2Easpx%3Fdocname%3D4AA7-2767ENW&title=HP+Manageability+Integration+Kit&armin=armin

http://hp.com/go/getupdated

technical white paper hp manageability integration kit · technical white paper hp manageability...

Documents