Home › Articles

This document contains information that aids developers in getting started with implementing Intel® Active Management Technology (Intel® AMT). It provides an overview of the features in various versions of Intel AMT, as well as information on minimum system requirements, how to configure an Intel AMT client, and the various developer tools that are available to help program for Intel AMT.

Intel AMT supports remote applications running on Microsoft Windows* or Linux*. Intel AMT Release 1.0 supports both Linux and Windows local applications. Intel AMT Release 2.0 and higher support only Windows-based local applications. For a complete list of system requirements, see the "User Guide" document.

The following table summarizes key features provided by various releases of Intel AMT from version 2.6. For early versions and features, see Appendix A:

Intel® AMT Release 2.6	Intel AMT Release 3.0	Intel AMT Release 4.0	Intel AMT Release 5.0
Includes all Release 2.5 features, plus: Remote Configuration (formerly known as Zero Touch Configuration) EventLogReader realm	Includes all Release 2.6 features (except wireless support and Environment Detection), plus: System Defense heuristics WS-Management Interface VLAN settings for Intel AMT network interfaces	Includes all Release 2.6 and 3.0 features, plus (except System Defense Heuristics and VLAN settings for Intel AMT network interfaces): Wireless Configuration Fast Call for Help (a.k.a. CIRA) DASH compliance Access Monitor (a.k.a. Audit Log) MS NAP* Support	Includes all Release 3.0 and 4.0 features (except wireless support) Virtualization support for Agent Presence API

 

In order to begin compiling or running samples from the SDK, it is necessary to have a separate system to use as a management console for remotely managing your Intel AMT client.

Setup and Configuration is the process that makes Intel AMT features accessible to management applications. Intel AMT devices are by default delivered in an un-configured state. Before management applications can access an Intel AMT device, the device must be populated with various configuration settings. There are a several ways to configure an AMT System:

• Manually enter the data into the MEBx (Management Engine BIOS Extension) setup module (Small Business Mode)
• Purchase configured (pre-provisioned) systems from your OEM.
• Use a USB key in conjunction with a setup and configuration server console (discussed below) for one-touch deployment. (For Enterprise Mode only)
• Use the Activator tool in conjunction with the Intel Setup and Configuration Server (Intel SCS). Review this blog for information about a lighter version of SCS that is in development and is intended to make provisioning easier for some users. This version of the SCS also uses the Activator tool during the provisioning process.

 

Intel AMT supports two provisioning models: Enterprise Mode and Small Business Mode. Small Business Mode is very simple to set up using the AMT Configuration screens from within the MEBX (BIOS Extensions.)

Enterprise Mode setup supports secure communication using Transport-Level Security (TLS), and PID/PPS keys. Provisioning in Enterprise mode is always done via some Setup and Configuration application, such as the Intel SCS, the Intel AMT Director, or by another vendor’s application that might have a provisioning server integrated in to it. Note that provisioning is not possible from a wireless interface. Part of the setup process involves adding credential data generated by Intel SCS to the BIOS of the client PC, which can be accomplished using either 'one-touch' or a 'zero-touch' configuration mode. One-touch configuration requires physical contact with the PC, whereas remote configuration does not. To read more about the various tools that can be used to provision an AMT Client see the Intel Software Network Blog Entry: Intel® SCS, SCA, DTK as Provisioning Tools

Note:Remote Configuration is supported in Intel AMT Release 2.2., 2.6, 3.0, 4.0 and AMT 5.0.

One-touch mode requires an administrator to enter credential data to the client PC, either by saving data to a USB key and then using that key to boot the PC (note that the AMT Client must still have it’s default password for the ME) or by manually keying the information into the system's BIOS screens. In zero-touch mode, the PC's BIOS is populated with an encryption key at the time of manufacture that enables the PC to establish an unattended, secure connection with the Intel SCS server in order to obtain the credential data.

The choice between these two modes provides enhanced flexibility. Remote Configuration provides convenience that may help to cut deployment costs, especially in remote-site scenarios. Because one-touch configuration does not require the use of an encryption key that is known by a third party (the PC manufacturer), it may provide a somewhat higher level of security.

Small Business Mode which does not support TLS-based communication, is used when sufficient infrastructure is not available to support Enterprise Mode setup (which is recommended). In this mode, set up is done locally and has to be done for each system manually. For more information on Small Business setup, see the "Small Business Setup and Configuration User Manual."

Note: While management of Intel AMT-capable PCs with Intel AMT Release 2.6 and 4.0 can be done over the wireless interface, wireless profiles must be initially configured over the wired interface.

Specific parameters must be set in the BIOS of the Intel AMT-capable PC prior to being managed using Intel AMT functionality. Because BIOS implementations vary by PC manufacturer, system documentation and the manufacturer web site should be consulted for specific configuration details. While one may embed the ME/AMT configurations inside the BIOS, others may display a message during boot up to enter CTRL-P to access these menus. Some may have an option inside the BIOS that hides or shows the CTRL-P during bootup. Not seeing the CTRL-P message may also be an indicator that the Firmware and associated drivers are not matching up.

For example, Intel Centrino Pro Setup and Configuration for the HP* Compaq Business Notebook PC gives detailed instructions for setting up and configuring Intel AMT in SMB mode on a HP Compaq Business Notebook. Settings and configurations will vary according to OEM.

In general, these are the steps that you need to do in the Bios for configuring Intel AMT:

1. Change the default ME password: the default password is "admin". Change that to a stronger password. The guidelines for creating a good ME password can be found in this blog.
2. Select Manageability feature as Intel AMT
3. Select the power policies: this can be done through bios, WebUI or Intel AMT SOAP interface. Visit this blog for a nice overview of various power packages.
4. 4.0 systems come with Fast Call for Help feature. Systems which implement this feature in pre-boot (Bios) need to be configured to initiate the Fast Call for Help connection.

 

1. Enable/Disable DHCP (For mobile systems, you have to use DHCP)
2. Host Name & IP Address: If you are choosing static IP, you have to have separate Host Name & IP Address for Intel ME than your host CPU. If you are choosing DHCP, you can use the same Host Name and IP Address for Intel ME as the host CPU.
3. Provisioning: Small Medium Business (SMB)/Enterprise. Guidelines for deciding on whether to use SMB or Enterprise mode can be found in the Quick Start Guide.
4. Enable SOL/IDE-R
5. Hit F10 to save the settings and reboot the system.

 

In addition to having the BIOS and ME extensions se t up correctly, there are also certain drivers and services that must be installed and running in order to activate Intel AMT once it has been properly configured. In order to verify that the AMT drivers and services are loaded correctly, look for them in the Device Manger and in the Services. Note that there should be a CD included with every Intel AMT systems that includes all of the required Firmware and Drivers. Be sure to check the OEM’s download site frequently for upgraded versions of the BIOS, Firmware and Drivers.

• Intel 82566DM Network Interface Controller
• Intel Management Engine Interface (aka HECI driver)
• Serial-Over-Lan (SOL) Driver
• IDE-Redirect Controller
• IDE-Redirect CD-ROM and Floppy during Redirection Session in Device Manager
• Intel® Active Management Technology LMS Service
• Intel® AMT System Status Service

 

Note: The version level of the drivers must match up to the version level of the Firmware and BIOS. If non-compatible versions are installed, Intel AMT will not work.

Intel 82566DM Network Interface Controller:

Intel® Management Engine Interface:

Serial-Over-Lan (SOL) Driver:

IDE-Redirect Controller

IDE-Redirect CD-ROM and Floppy during Redirection Session in Device Manager:

Intel® Active Management Technology LMS Service

Intel® AMT System Status Service

The Intel Management and Security Status (IMSS) tool can be accessed by the “blue key” icon in the Windows tray.

The General tab of the IMSS tool shows the status of vPro services available on the platform and an event history. There are tabs for additional details of each.



The Intel AMT tab of the IMSS tool shows more detailed information on the configuration of AMT and its features.



For details on how to set up an AMT client, visit these video tutorials - Setting Intel AMT Desktop client machine and How to set up Intel AMT client on a notebook PC

Intel makes a powerful set of tools available to software makers that help facilitate development of Intel AMT applications. All of these tools are available free of charge from the Intel® Manageability Developer Community using the links provided below:

The

 

The Intel AMT SDK provides sample code and a set of application programming interfaces (APIs) that let developers easily and quickly incorporate Intel AMT support into their applications. The SDK supports C++ and C# on Microsoft Windows and Linux operating systems. Both the RDK and the DTK use the APIs provided in the SDK, although the RDK uses an older version of the SDK and does not provide an up-to-date representation of Intel AMT's capabilities. Use the most recent release of the SDK to integrate Intel AMT into your application.

The SDK is delivered as a set of directories that can be copied to a location of the developer's choice on the development system. Because of interdependencies between components, the directory structure should be copied in its entirety. There are three folders at the top level: one called DOCS (which contains SDK documentation), and one each for Linux and Windows (which contain all of the sample code.) For more information regarding the directory structure and contents, see the "Intel® Active Management Technology Software Development Kit (SDK) User Guide." For a complete list of SDK documents and their descriptions, see the "Intel® Active Management Technology Overview."

In order to get started working with the SDK, the following software must be installed:

• Microsoft Platform SDK
• Microsoft Visual Studio 2005*
  
  Note: MSVS 2005* is used starting with the 3.0 SDK. Previous versions require MSVS 2003.

 

Once the software is installed, set up the project directories as listed in the User Guide. The User Guide also has important instructions on how to build the Storage samples. For getting started with building SDK samples, see the video tutorials Introduction to Intel AMT SDK and How to compile Intel AMT SDK sample code

The Intel Manageability Developer Tool Kit (DTK) provides a reference management console application and client-side agent written in C#, plus a tool to check network status of Intel AMT machines. Note that this particular tool is not to be considered a product and there is no support - consider this as a free download which can be used to "take Intel AMT for a drive." This tool is intended for developers who wish to test AMT features without having to write the code themselves.

The DTK complements the SDK with three interrelated components. The first of these, the Commander Console Tool, is a sample Intel AMT console to discover and manage business PCs. The second component, the Outpost Agent Tool, is a sample software agent that runs on an Intel AMT-enabled business PC. The third component, the Network Status Tool, can determine whether a selected network interface is up or down, which is useful for demonstrations of network policies and filters.

The DTK is written in C# for use on machines running Windows. It is actively maintained by Intel to add new features on a regular basis, as well as to support the latest capabilities of Intel AMT as they are introduced. The source code is freely available. It also provides a readily accessible means of seeing how new Intel AMT features work from the developer's perspective.

The Intel AMT Reference Design Kit (RDK) is an older version of the DTK, written in Java*; it is no longer being maintained for the latest versions of Intel AMT. Use this only for examples of code written in Java.

The Intel AMT RDK does not support many of the newer features of Intel AMT. It does, however, provide a point of departure for developers to work with Java components for Intel AMT. These Java-based building blocks allow developers to manipulate the software functionality without concern for implementation details. Like the DTK, the contents of the RDK are open-source, so parts can readily be modified.

The Intel AMT Setup and Configuration Service (SCS) automates the task of populating Intel AMT platforms with credentials and parameters that enable them to be administered remotely (Enterprise Mode.) This tool can either be used as a standalone application or it can be integrated into a larger Enterprise Application.

SCS provides a Windows service that automates the process of configuring Intel AMT-capable PCs in Enterprise mode (only) to connect them with the managed network. Specifically, it automatically and securely populates Intel AMT-managed platforms with usernames, passwords, and network parameters that enable the platforms to be administered remotely. Software makers can easily incorporate the SCS into their management software, simplifying implementation for their customers.

In addition to the Intel SCS main Windows service, which communicates with Intel AMT-enabled devices via a SOAP API, Intel SCS also provides an open-source sample console application. This simple console, which ships with full source code, is useful either as a reference application for software makers or as the basis for a more fully featured management application.

The Intel AMT Add-on for Microsoft* SMS 2003 is a plug-in utility to extend the functionality of Microsoft* SMS 2003. The plug-in enables SMS to discover and manage Intel® VPro™ processor technology based PCs remotely. Intel vPro Technology Activator Utility

The Intel® vPro Technology Activator Utility is the next generation of the Remote Configuration tool. This is a Windows executable that runs locally on an Intel AMT enabled platforms.

Note: The Intel® AMT emulator has been deprecated and should is no longer be used. This software-based simulation of Intel AMT functionality was created for the use of developers before Intel AMT-capable PCs became generally available.

The following table provides a snapshot of prior versions of Intel AMT.

Intel® AMT Release 1.0	Intel AMT Release 2.0/2.1	Intel AMT Release 2.2	Intel AMT Release 2.5
Hardware inventory Persistent ID Remote boot SOL / IDE-R Event management 3rd Party Data Store Built-in web server Flash protection Firmware update TCP/IP, SOAP/XML (EOI) HTTP Digest, TLS Static & dynamic IP Local interface: KCS	Includes all Release 1.0 features, plus: System defense Agent presence Moved into the chipset Power policies Mutual authentication Kerberos FW update product TLS-PSK Local interface: MEI Privacy icon (Release 2.1) ME Wake-on-LAN (Release 2.1)	Includes all Release 2.1 features plus: Remote Configuration	Includes all Release 2.1 features, plus: Wireless Configuration Endpoint Access Control (EAC) 802.1x Power packages Environment Detection

 

Comments (3)

Trackbacks (2)

• Intel Software Network Blogs » New video, Community Member at Large Chosen, Odds and Ends…
  November 4, 2009 9:44 PM PST
• New video, Community Member at Large Chosen, Odds and Ends…
  November 5, 2009 3:20 AM PST

Leave a comment  

Name (required)*

Email (required; will not be displayed on this page)*

Your URL (optional)


Comment*