| February 11, 2010 11:00 PM PST | |
Intel® Active Management Technology (Intel® AMT) addresses traditional weaknesses in platform-audit capabilities, substantially reducing costs for IT organizations. Advanced, out-of-band (OOB) remote-discovery techniques replace conventional means, preventing end-user interference and avoiding the necessity of IT personnel making expensive physical visits to the systems being audited.
This use-case concerns process improvements that result in dramatic cost savings during platform audits to support maintenance of hardware and software contracts, as well as regulatory compliance with legislation.
As a result, IT organizations must depend on users to report their IT assets, or IT employees must be sent to check the assets manually. No standard, persistent asset ID exists, and there is no reliable down-the-wire method to discover unused or underutilized hardware or software assets. These limitations combine to create substantial cost inefficiencies related to software licensing, IT personnel, and hardware-maintenance contracts. Wireless environments and laptops make this even more challenging since at any point in time, laptops may be connected to a corporate LAN over the wireless network or via VPN (in case of remote mode) or may not be connected to an AC power source.
The IT professional can compare the remotely obtained asset IDs against the asset management database kept in a third-party management application. This step allows validation of the stored asset data. In case of laptops, since all of them might not be within the corporate network (mobile mode) or connected to the corporate LAN via VPN (remote mode) when the inventory is taken, either some manual checking might be necessary, or the inventory might span over multiple days in order to catch all laptops connected appropriately. Depending on the Intel AMT features supported by a management console and IT policies, additional information may be accessible from the platform that assists an IT audit process. Remote platform audits assisted by Intel AMT are far more complete than traditional manual ones, without resorting to manual desk-side visits.
The workflow associated with this implementation is as follows:
Post Conditions for Platform Auditing is as follows:
The following SDK sample source code provides WS-Man Samples of the components involved for implementing a Platform Auditing use case:
This use-case concerns process improvements that result in dramatic cost savings during platform audits to support maintenance of hardware and software contracts, as well as regulatory compliance with legislation.
Conventional Platform-Auditing Limitations
Conventional tools traditionally available for asset discovery work on an in-band basis only; that is, these tools require the target system operating system to be operational, and they fail if the platform is powered off or the operating system is otherwise non-functional. Moreover, users can intentionally or inadvertently remove the software agents on which auditing tools depend.As a result, IT organizations must depend on users to report their IT assets, or IT employees must be sent to check the assets manually. No standard, persistent asset ID exists, and there is no reliable down-the-wire method to discover unused or underutilized hardware or software assets. These limitations combine to create substantial cost inefficiencies related to software licensing, IT personnel, and hardware-maintenance contracts. Wireless environments and laptops make this even more challenging since at any point in time, laptops may be connected to a corporate LAN over the wireless network or via VPN (in case of remote mode) or may not be connected to an AC power source.
Using Intel® AMT to Overcome In-Band Limitations
Using an asset-management application that supports Intel AMT, an IT professional discovers and audits all Intel AMT-based platforms remotely, down-the-wire assuming the following scenarios:- All clients are connected to the network.
- AMT clients are installed with AMT ISV agents.
- AMT clients are provisioned.
- The asset IDs are placed in the platform's Intel(r) AMT firmware prior to deployment.
- AMT clients are powered. Systems are in various states of S5, S4, S3, S1, and S0.
- Non-AMT clients are powered. Systems are in various states of S5, S4, S3, S1 and S0.
- An asset management app that supports Intel(r) AMT is configured on the network.
- Mobile mode - Laptops in S0 are AC powered or on battery and are on the corporate wireless network (not connected via VPN). Note that beginning with AMT 4.0, notebooks are now capable of OOB in Sx states (i.e. whether the system is powered on or off.)
- Remote Mode - Laptops are connected to the corporate network via VPN
The IT professional can compare the remotely obtained asset IDs against the asset management database kept in a third-party management application. This step allows validation of the stored asset data. In case of laptops, since all of them might not be within the corporate network (mobile mode) or connected to the corporate LAN via VPN (remote mode) when the inventory is taken, either some manual checking might be necessary, or the inventory might span over multiple days in order to catch all laptops connected appropriately. Depending on the Intel AMT features supported by a management console and IT policies, additional information may be accessible from the platform that assists an IT audit process. Remote platform audits assisted by Intel AMT are far more complete than traditional manual ones, without resorting to manual desk-side visits.
Key Functionality Enabled by Intel AMT that Underlies this Use Case
The following table summarizes the features and functionality utilized in this use case that are provided by Intel AMT or enabled by Intel AMT in third-party software:| Feature | Functionality |
| Out-of band (OOB) access | Accessing the Third Party Data Store when the operating system is unavailable or the platform is powered off. |
| Remote Platform Inventory | Utilizing platform audit information stored in the Third Party Data Store to discover the platform |
| Tamper-Resistant Agent | Allows for access to the inventory information with little risk of tampering by a user |
| Third-Party Data Store (3PDS) | Allows for third-party agent on the managed platform or the remote management console to use dedicated flash memory space to store specific software list (e.g., anti-virus updates) |
The Advantage of Intel AMT
Through Intel AMT platforms, an IT department can reduce or eliminate manual platform audits by means of remote, down-the-wire access to platforms, regardless of operating-system state, assuming that the platforms are either in desktop mode (AC powered (but not necessarily turned on) and connected to the corporate network via a wired connection (not over VPN)), mobile mode (within the corporate environment on wireless or battery connected (not VPN connected), or remote mode (connected via VPN - AC or DC powered and wired or wirelessly connected). This functionality, which is relevant to both planned and emergency situations, allows for faster, more accurate, and timelier platform audits. Additionally, the remote, down-the-wire discovery capabilities make regulatory compliance possible without labor-intensive rushes to meet audit deadlines. Moreover, remote access to asset information enables optimization of maintenance contracts, warranties, and configurations, as well as planned repurposing of underutilized platforms.Business Value of the Intel AMT Solution
This use case enables IT organizations to save on audit and maintenance costs:- Audit-Cost Savings: Achieve cost savings relative to a manual audit, because the platforms do not need to be physically touched.
- Software Maintenance Savings: Reduce software-maintenance contract costs by making more efficient use of those contracts.
- Hardware Maintenance Savings: Save on total hardware maintenance contracts (both platforms and hardware) by knowing which platforms require what maintenance levels (rather than covering them all with the most expensive option).
Platform Auditing Usage Case Implementation
Intel AMT downloads hardware and software asset information from the BIOS and OS into non-volatile memory during boot, which can be accessed by IT anytime, even if the PC is off.The workflow associated with this implementation is as follows:
| Step | Workflow |
| 1 | Using an asset management app that supports Intel(r) AMT, IT professional initiates a network scan that detects AMT and non-AMT clients. |
| 2 | Asset management app is able to find all AMT system regardless of system power and functionality state (Sx, Hx). |
| 3 | Asset management app is only able to find non-AMT systems that are currently in S0 with a healthy OS and agents. |
| 4 | The results of this scan are logged in a central database. |
| 5 | The asset management app pulls unique platform-identifying data Out-Of-Band (OOB) from AMT systems and adds it to the database. |
| 6 | The IT professional compares the remotely scanned asset IDs against the asset management database kept in the 3rd-party management application. This allows validation of the stored asset data. |
| Alternate Path - Scheduled Audit | |
| 1 | Using an asset management application that supports Intel® AMT, a scheduled event initiates a network scan that detects AMT clients and some non-AMT clients. Continue through above steps from 2-6. |
| 7 | The IT Professional receives a report from the asset management application reporting the scanned asset IDs that can be compared against the asset management database kept in the 3rd-party asset management application allowing validation of the stored asset data. |
Post Conditions for Platform Auditing is as follows:
- Clients are functioning normally.
- Asset management database contains updated data from all AMT-enabled systems and from non-AMT systems that are powered-on (S0), with healthy OSs.
| Relevant Software Development Flows | WSMan Interface Realm | |
| 1 | Discovery | General Info |
| 2 | Hardware Asset Inventory | Hardware Asset |
| 3 | Power Control | Power Control |
| 4 | Writing/Reading to Third-Party Data Storage | Storage |
The following SDK sample source code provides WS-Man Samples of the components involved for implementing a Platform Auditing use case:
- GeneralInfo
- RemoteControl
- AssetDisplay
- Storage (API Test)
For more complete information about compiler optimizations, see our Optimization Notice.
Comments (9) 
May 5, 2008 6:11 AM PDT
 rahul |
is this persisitent id we are talking about, actually the ip address of the computer or something else stored in AMT flash memory? |
| May 5, 2008 4:01 PM PDT
Gael |
it wouldn't be an IP address - it most likely refers to the AssetType as defined in the Network Interface Guide for whatever Asset we are talking about. |
| May 6, 2008 2:47 AM PDT
rahul |
thanx Gael for the reply. |
| May 6, 2008 3:18 AM PDT
rahul |
gael, is there any way we can retreive the asset ID from the AMT enabled systems manually without going into third party storage systems? |
| May 7, 2008 4:19 PM PDT
Intel(R) Software Network Support |
Rahul: we recommend posting this and any additional AMT questions you have to the Manageability forum at http://softwarecommunity.intel.com/isn/Community/en-US/forum.....Forum.aspx. |
| June 26, 2008 10:23 AM PDT
Intel Software Network Support |
Resource list now included. IAMT Use Cases article has list of 11 examples like this one. |
| October 27, 2008 9:05 AM PDT
Danny | Has anyone found any user guides on how to user Active Managemetn Technology. All I can find are articles that state what a great product it is. Any help would be appreciated. |
| November 6, 2008 2:00 PM PST
Michele Gartner |
Hi Danny - We really do have information on how to use vPro and Intel AMT! I list these docs out on a wiki over at the Intel vPro Expert Center. Here are some links that you may find helpful: Online Training/User Docs: http://communities.intel.com/docs/DOC-1370 Use Cases (How to put vPro into action): http://communities.intel.com/docs/DOC-1586 Let me know if that doesn't do it for you - we have quite a few docs in the works to support the functionality of Intel AMT versions 4.0 & 5.0 right now. Thanks, Michele |
Trackbacks (0)
Leave a comment 
To obtain technical support, please go to Software Support.
Louis Duran
It would be VERY nice if the all the different use case pages had a link back to the use case overview page. I can't find a simple list of all the use cases and what AMT version support those use cases.