NCR Case Study
NCR Corporation is a global technology company and leader in automated teller machines, as well as self- and assisted-service solutions including point of sale. Early in the development of Intel AMT, NCR recognized the potential this technology had for its customer base so the company began to explore how it could incorporate the technology and apply it to its hardware and software products. NCR had existing remote management solutions but looked forward to enhancing their offerings by leveraging the OOB capabilities in Intel AMT to increase the number of issues that could be fixed remotely thus decreasing the number of expensive field visits. NCR thoroughly reviewed the Intel AMT feature set and decided to take a phased approach to enable its own remote management solution, called NCR Retail Systems Manager, to support Intel AMT. The objective was to start in the first release with a subset of the overall Intel AMT features most easily implemented by their end customers then build from there and add additional Intel AMT capabilities over time.
NCR saw several benefits in Intel AMT that would allow the organization to make huge strides in operational efficiency by a) reducing "truck rolls" b) increasing accuracy of problem resolution and c) improving help desk productivity. NCR was initially attracted to the power control capabilities of Intel AMT for remote control of unattended remote POS terminals as well as for the opportunity for power savings during off hours. NCR's service organization also reviewed its service call records and realized that Intel AMT could potentially make a significant impact on servicing POS terminal hard-disk drive failures. The failure analysis reports revealed that hard-disk drives were one of the top failing hardware components besides fans and certain peripherals attached to the POS like receipt printers and scanners; however, a significant percentage of returned hard disk drives were later found to be in perfect working order. While the problem appeared as a disk failure, in most cases the root cause was a corrupted file or other software problem and not a hardware problem at all. Immediately NCR realized the hard-disk drive "false" failures could easily be reduced by employing out-of-band management and running remote disk diagnostics via IDE redirection thus verifying if the drive was indeed bad prior to sending out a field engineer. The total cost of ownership (TCO) value derived from Intel AMT is compelling. A recent study by Global Retail Insights finds the cost savings from advanced manageability (improvements in service calls, power-off automation, and asset deployment/tracking) to be approximately USD 205 per POS terminal per year. Over a typical 7-year asset life, the advanced manageability benefit amounts to nearly 60 percent of the hardware acquisition cost.
Point of Sale Clients
The Intel AMT-enabled clients in this case are point–of-sale workstations as well as self service kiosks supporting a mix of Intel AMT v2.2 on Intel Q965 Express chipset platforms as well as Intel AMT v4.0 on Mobile Intel GM45 Express chipset platforms, both chipsets are part of Intel's embedded long-life roadmap. NCR's POS and kiosk products are manufactured in Asia through a contract manufacturer who pre-configures the systems' flash image according to NCR specifications. Enterprise mode was chosen as the default configuration due to the fact that most NCR customers for this line of POS and kiosk product are large retailers with centralized IT organizations.
The retail IT enterprise system architecture and infrastructure varies depending on the size of the retailer and the number of POS workstations. A small neighborhood convenience store may only have 1 POS while a large department store chain may have thousands of stores each with 30 or more POS terminals. Figure 3 represents a typical retail IT infrastructure architecture. Many large retail IT enterprises are centralized and maintain their own IT help desk. Remote management services, leveraging Intel AMT, could be provided by either the retailer's IT organization or outsourced to a third party or even a mixture of both. Intel AMT requires certain ports to be "open" to allow management traffic to go through them. The Intel AMT ports are 16992 (non-TLS), 16993 (TLS), 16994 (non-TLS redirection), 16995 (TLS redirection) and 9971. Port 9971 is the default provisioning port used to listen for "hello" packets from Intel AMT clients. These ports have been assigned to Intel by the Internet Assigned Numbers Authority (IANA) but can be used by the customer's IT organization, third party remote management service providers, or equipment manufacturers. In NCR's case, the ability to enhance their remote management solutions with Intel AMT allows the company to offer a more competitive and profitable solution, which therefore allows NCR to grow their services business. NCR estimates the addressable services market for the industries they serve to grow to USD 8.2 billion by 2011.
NCR Retail Systems Manager
The NCR Retail Systems Manager (RSM) is a software package for monitoring retail POS workstations, peripherals and applications. RSM operates independently from the POS application and provides remote access, 24/7 remote monitoring and alerting, remote diagnostics, and remote resolution through a user friendly Web-based interface.
There are three versions of RSM: Local, Site, and Enterprise Editions. RSM Local Edition (RSM LE) resides on the POS workstations themselves and provides local diagnostics capability; RSM Site Edition (RSM SE) serves as the in-store monitoring point; while RSM Enterprise Edition (RSM EE) provides same functionality as Site Edition but adds centralized management as well as third-party management capability. All three versions have been modified to support Intel AMT.
RSM LE runs locally on the terminal and is targeted for standalone, non-networked clients or for attended operations at the client. It provides the ability to configure the POS workstation and its peripherals and to run basic diagnostics. RSM LE can be used by the customer to configure and diagnose problems on an individual client or POS workstation.
Once a valid RSM license file is detected, RSM LE assumes two additional functions. The first is to be an agent that feeds information upward in the RSM architecture and allows control of the client via RSM. The second is to awaken a state processing engine that manages the terminal and peripherals through states that are predefined for customers.
RSM SE runs on a store server and provides the important role of traffic routing and store-level management. It provides the ability to manage groups of terminals or individual terminals within the store. RSM SE is accessible via a web browser both in the store and from RSM Enterprise Edition. The web browser can be running locally on the RSM SE server or remotely from any other server or workstation within the network. Therefore, remote management can be performed from a server within the store or from a remote location such as the retailer's helpdesk, store, or headquarters.
For those environments that do not have a store server, RSM LE and RSM SE have been certified to run in a workstation-server configuration on the same workstation.
RSM EE runs on an enterprise server in conjunction with a Microsoft SQL Server database. RSM EE provides an estate-wide view of the terminal and peripheral assets in terms of asset information and state-of-health. RSM EE also provides a graphical user interface for navigation in the retailer's estate of stores and terminals.
NCR's RSM product was an existing member of the company's remote management solution and preceded Intel AMT, so in order for RSM to become capable of implementing Intel AMT, it was necessary for NCR to make modifications to RSM and develop an Intel AMT plug-in for their existing remote management software. NCR accomplished this by making use of the AMT SDK. This SDK contains a Network Interface Guide, which includes all of the necessary APIs for RSM to be able to communicate with and send specific commands to the Intel Manageability Engine on the POS workstations. NCR software engineers added support for the Intel AMT APIs into the RSM product. This required minor architectural changes to RSM based on the fact it now had to perform certain tasks within the context of Intel AMT6. These tasks, for example, included the "zero touch" remote configuration functionality, where the server can provision the Intel AMT-enabled client without the need to physically touch the client in the process. Remote configuration can therefore be performed on "bare-bones" systems, before the OS and/or software management agents are installed. Remote configuration allows the retailer to purchase and install the equipment and then set up and configure the Intel AMT capability at a later date without incurring the higher costs of physically touching every machine already deployed.
Once both the client hardware and remote management console software are ready for Intel AMT and the customer has deployed the necessary equipment, the next phase is provisioning the equipment in the IT enterprise. Provisioning refers to the process by which an Intel AMT client is configured with the attributes necessary for the client to become manageable within a specific IT environment. There are two modes of Intel AMT provisioning: Small Business Mode (less complex and suitable for small volume deployments) and Enterprise Mode (more complex and suitable for large volume deployments). A typical large centralized retailer employing Intel AMT Enterprise Mode would provision for Intel AMT as follows:
- Pre-shared secrets are generated and associated to the provisioning server.
- The pre-shared secrets are distributed to the Intel Management Engine (Intel ME).
- With the Intel Management Engine in setup mode, an IP address and associated DHCP options are obtained.
- The Intel Management Engine requests resolution of "ProvisionServer" based on the specified DNS domain.
- POS Intel AMT enabled client sends "hello" packet to ProvisionServer. Domain_Name.com upon connecting to network
- Provisioning requests are received by provisioning server (handled by either RSM EE or RSM SE depending on customer configuration).
- The POS Intel AMT client and provisioning server exchange keys, establish trust, and securely transfer configuration data to the Intel AMT client