Intel® Active Management Technology: General FAQs

Submit New Article

Last Modified On :   September 9, 2008 3:15 PM PDT
Rate
 


FAQs

 

Introduction

This document is an update to the Intel SDK FAQ Wiki document. It includes answers for the most commonly asked questions from Intel® AMT software developers and users in the Manageability Software Development Forum and in many webinars conducted by Intel. This document also provides links to blogs, video tutorials, and articles where you can find more information on a particular topic. Use this document when searching for answers using the Intel® AMT features.

 

 


Intel® AMT: Emulator, RDK, SDK, DTK - what are they for?

These are all tools that can be used when experimenting with or writing applications for Intel® AMT. Here are some brief descriptions and when to use them:

RDK: Reference Design Kit - This is an AMT "solution" written in Java on Linux provided to help developers implement Intel® AMT. It is very much like the DTK, only it is based on older versions of Intel® AMT. This tool is no longer being updated or maintained. Use it only as an example to get started in a Java environment.

DTK: Developer's Tool Kit - This is also a "solution" written in C# on• Is Intel AMT aware of Virtual Machines (Example: VMware hosts)? Windows. Since the Source Code is also avai lable, it can also be used as "example code." This tool is also currently being updated and maintained. Use this to get a great idea of how Intel® AMT works and a lot of us also use it to verify if a certain feature is working.

SDK: Software Development Kit - Provides sample code and all the APIs needed for implementing Intel® AMT. Both the RDK and the DTK use the APIs provided in the SDK. Use the most recent release of the SDK to integrate Intel® AMT into your application.

EMULATOR: Please don't use this.

Is Intel AMT aware of Virtual Machine Hosts installed on a machine?

Intel AMT is neither aware of nor does it control any of the software installed on the system. This includes VMMs (VMWare, Xen etc), Operating system. Intel AMT allows the remote management consoles to connect to it and manage the system as a whole not the individual software components. Host based software components needs to be managed the same way with or without Intel AMT

What are the guidelines for INTEL® AMT ME passwords

You have to change the default ME password (admin) to a strong password the first time you login to the MEBx. Here are some guidelines for doing this:

  • Contains 7-bit ASCII characters, in the range of 32-126, excluding ':', ',' and '"' characters. String length is limited to 32 characters.
  • At least one digit character ('0', '1', .... '9')
  • At least one 7-bit ASCII non alpha-numeric character, above 0x20, (e.g. '!', '$', ';'...) Note that '_' is considered alpha-numeric.
  • Both lower-case Latin ('a', 'b',...,'z') and upper case Latin ('A', 'B', ...'Z')

 

I've set up INTEL® AMT/ME on the client Bios correctly, but I can't get either a web browser or tools from the DTK to connect to the machine; my password is always rejected. I've triple checked the new password I've set in the ME bios on the machine. What is wrong here?

The problem could be with your keyboard mapping. MEBx thinks that you are typing on a QWERTY keyboard and if you are in an OS that has a different keyboard mapping, the password will not match.

I have a Dell© Optiplex 755 system. Before I installed all the chipset drivers (INTEL® AMT HECI, INTEL® AMT SOL and Intel Chipset Software) I could remote desktop to and from this system to any other systems on the network. But after installing these drivers, I can’t remote the desktop. I have turned off the firewall. Is there something in Intel INTEL® AMT that blocks remote desktop traffic

There aren’t any settings in INTEL® AMT that could block the remote desktop traff ic. The problem could be due to the wrong Video Driver. Dell Driver CD comes with RADEON® HD 2400 PRO and RADEON HD 2400 XT, you have to make sure that you install the correct one. Device Manager does not show any issues with the wrong driver. So, go to your Event Viewer and see if you have any errors with RDPDD.dll. If so, try installing the correct driver from the CD or support.dell.com.

Are there any commercial INTEL® AMT tools available for modifying the Bios settings on an Intel INTEL® AMT system?

You could try Intel INTEL® AMT Commander included in INTEL® AMT DTK for this. Under Remote Control tab, you can start an SOL session and boot into the Bios options of your INTEL® AMT client.

You can also use IMRGUI in the Redirection sample included in the Intel INTEL® AMT SDK. There is a video tutorial on this at http://software.intel.com/en-us/videos/demo-of-intel-amt-serial-over-lan-sol-feature

Can I set up my host system with DHCP and ME with static IP? If not, what is the reason?

You can do this but it is not recommended. It could cause lot of confusion when trying to map out the IP address for each device.

Is it possible to have a null or invalid GUID on an INTEL® AMT system?

The GUIDs are initialized, stored and handled by the bios. So, it is possible that an INTEL® AMT device gets null or invalid GUID but INTEL® AMT will detect it as invalid and won't use it.

Is INTEL® AMT 3.0 DASH compliant?

INTEL® AMT 3.0 is not DASH compliant. The firmware version must be 3.2.1 (will be publicly available within a couple of months) to have the Intel® vPro™ DASH implementation. FW 3.0.1 contains WS-MAN support but no DASH.

Is there some type of software I can install on my computer or a server so I can remotely manage the Intel® vPro™ computer?

We have a detailed document in the  INTEL® AMT SDK Start Here Guide which will help you to get started. There is also a blog out there at http://softwareblogs.intel.com/2008/01/28/tips-tricks-for-setting-up-accessing-an-intel-Intel® AMT-client/ which could help you with this.

I am looking for INTEL® AMT-WSMAN samples in C/C++. They are available in the SDK in C# only. Any suggestions?

OpenWSMAN would be a good place to start for this. The other source of documentation is around Microsoft WinRM. It's a Microsoft© COM object that performs WSMAN operations and so, you should be able to use it in any language that supports COM. If you run Linux or want something small, OpenWSMAN is probably the way to go.

What Market Segment does INTEL® AMT address?

We are first targeting INTEL® AMT at the corporate environment.  Large IT shops that have lots of computers want to reduce the number of desk side visits.  But there are a lot of other markets that love INTEL® AMT.  For example, the embedded side, cash registers and ATM machines have computers at remote sites.  It's a big cost to remotely fix those.  The embedded market has actually been a really big market for us.  And at the other smaller businesses, the internet cafes, schools, or elsewhere where management of computers remotely is important, you'll find that INTEL® AMT is actually helping a lot with those markets. 

Which IP is assigned to the INTEL® AMT module.  Is it DHCP?

The address that's used is really the network interface that is on the platform.  So if it's assigned by DHCP then that's the network address that INTEL® AMT does use.

Would INTEL® AMT be standalone or integrated with other applications?  And can you please give a specific example?

INTEL® AMT is much like an agent that is located in the hardware.  And any management application can actually add INTEL® AMT support to it.  We actually encourage applications that address manageability right now to supplement their manageability solution with Intel® vPro™.  So if you're managing a lot of computers and you are managing power control or asset inventory, we're encouraging those application vendors to add Intel® vPro™ support to it.  You can use many of these applications at the same time. 

What are the limitations of INTEL® AMT?

One limitation is that you can only remote the display in text mode.  For example, in the preboot environment in MS DOS or when you go into BIOS, you can take that screen and view it remotely.  As soon as you go into graphics mode you don't see it anymore.  You don't see -- the platform switches to graphics and you don't get the display remoted over.  We are looking at addressing that in the future.

Is Intel® vPro™ available in laptops and handheld devices?

Right now Intel® vPro™ is available on the platforms that are branded Intel® vPro™.  Intel puts out many different types of devices.  And as we look to extend the manageability capabilities to the entire suite of products we have, handheld devices are being looked at closely.  But it's definitely available on laptops right now with Intel® Centrino® with vPro™ technology

Can malware detection in INTEL® AMT replace antivirus applications?

No; what you want to do is have both at the same time. The big benefit of Intel® INTEL® AMT is that it is tamperproof. And so when you put policies in INTEL® AMT to go and start doing some of the malware detection then it cannot be circumvented in any way.  The drawback is that Intel® INTEL® AMT is located underneath the OS and doesn't have all the information that an OS application would have.  So really a combination of the two is ideal. 

Is there a way to install an OS in 20 computers at the same time with Intel® INTEL® AMT?

The answer is yes. INTEL® AMT provides just the first step, which is the ability to boot a disk remotely on the computer.  So what you do is mount a CD-ROM drive onto the remote computer and then you can boot off of the remote CD-ROM drive.  The rest of it is up to the user or the administrator to really build a disk, an ISO image that performs all the operations the administrator wants to perform. 

Is there a plan B in case of a network failure like an auxiliary NIC in an emergency network?

No;  right now it's tied to the embedded controller.  So if there are situations where your primary NIC controller goes out then it probably will force a desk side visit.

There is Java SDK.  Is there a JVM in Intel® vPro™?

No.  The Java SDK is to be consumed by the Java app.  All communications to INTEL® AMT is done over SOAP or WS Man.  So the embedded controller running INTEL® AMT, the firmware, is completely OS-independent.  It sits completely underneath the OS.  The JVM is only on the application side.

Can multiple administrators through various tools connect to INTEL® AMT on one machine at the same time?

You cannot perform serial over LAN or IDE Redirect multiple.  Only one can do that at any given time.  But the SOAP protocol is a request response protocol.  And so yes it will seem like everybody is getting connected at the same time.  And it will work with everything except serial over LAN and IDE Redirect.  But really what's happening underneath is that INTEL® AMT is responding to the requests one by one.

Is INTEL® AMT disabled by default on Intel® vPro™ devices?  If not can it be disabled or have any default passwords changed by end users not part of the IT-supported network?

All Intel® vPro™ computers come with INTEL® AMT turned off by default.  When you plug them in the network for the first time, some computers will attempt to find a configuration server.  And if they don't find this configuration server they will remain off.  This is a very important security precaution.  There is no default password that will allow you to come in initially.  If a configuration server is found and authenticated correctly, you can come and set up INTEL® AMT but that requires certificates and so on. 

What if the DHCP server is not working? There is no way to connect to the machine, right?

When INTEL® AMT is configured for DHCP mode, if the DHCP server is not working, INTEL® AMT will never be able to obtain a valid IP address and you will not be able to connect to it remotely. If INTEL® AMT is configured in static IP mode, then you can connect to it using the static IP address.

How to detect computers with INTEL® AMT Technology without SCS or similar tools?

Assuming the INTEL® AMT enabled systems are provisioned, you can send a SOAP command for GetCoreVersion API that can be found in the SDK. INTEL® AMT enabled systems would provide a response with INTEL® AMT firmware version. Non INTEL® AMT systems will not respond to the SOAP request.

Is INTEL® AMT aware of a VMWARE® host? If the host has 5 VMs will it manage all 5?

INTEL® AMT is neither aware of nor does it control any of the software installed on the system. This includes VMMs (VMWare, Xen etc). INTEL® AMT allows the remote management console to connect to it and manage the system as a whole, not the individual software components. Host based software components needs to be managed the same way with or without INTEL® AMT.

How can I find INTEL® AMT MAC address of my client system?

If your INTEL® AMT device is configured to work in DHCP mode, you can be sure that its MAC address is exactly the same as the host LAN one.  Another way is to use the MEInfo tool on the INTEL® AMT local machine. MEInfo tool comes with the utilities for upgrading the firmware (contact your OEM for this). If you use this tool, just make sure you are using the right version for your firmware. MEInfo exists in both Windows™ and DOS versions.

Why can’t  I connect to the INTEL® AMT system locally through WebUI

INTEL® AMT cannot serve web pages locally. That means you are not supposed to connect to the INTEL® AMT system locally through WebUI or ping locally even if you have static IP.

Is there a utility to check if my system supports Intel® vPro™ Technology?

http://www.intel.com/technology/vpro/index.htm

Can I force my system to boot to a local CD using IDE-R?

Booting to a local CD-ROM is not supported by INTEL® AMT. You can use ASF for doing this.

I have a problem with my Intel DQ35MP motherboard and a Intel® Core™2 Quad which I purchased recently. After installation, I have updated it to the latest BIOS and it was working fine. Two days back when I started the system it gave an error message about communication to Intel ME. I have re-flashed the BIOS but problem remained same?

You should do a CMOS. For this, disconnect the power cord and LAN cable. Remove the CMOS battery for 15 seconds and insert it back in. This time when you power on, ME settings will revert to factory defaults. The default user name and password is admin/admin. Please remember to change it to a strong password before configuring the ME further.

Which chipsets support Intel® vPro™ Technology?

Q965 and Q35 are the chipsets that support INTEL® AMT. The link below points to a utility that will give the platform requirements for INTEL® AMT. http://www.intel.com/technology/vpro/index.htm

Where can I find more detailed information of INTEL® AMT related to DMTF's DASH?

DASH defines a set of profiles to which INTEL® AMT conforms to. Below is a list of features defined by DASH and INTEL® AMT's conformance to them:

 

Capability

DASH 1.1

INTEL® AMT3 (Intel® vPro™ 2007)

Boot Control

X

X

Power State Management

X

X

Hardware Inventory

X

X

Software Inventory

X

X

Hardware Alerting

X

X

Serial Over LAN

X

X

IDE Redirect

X

X

Nonvolatile Memory

X

X

Agent Presence

 

X

Remote Configuration

 

X

System Defense Filters

 

X

Keyboard/Video/Mouse Switch Support

X

 

 

Starting with the support for WS-Man, INTEL® AMT now conforms to the DASH standards. All of the WS-Man related documentation can be found in the SDK Docs folder. INTEL® AMT offers lot more than the feature set defined by DASH.