English | 中文 | Русский | Français
2,595 Posts served
8,341 Conversations started
- Academic
- Art, Music, & Animation
- Bit Stories
- Cool Software
- Customer Support
- Events
- Financial Services Industry
- Gaming
- Intel SW Partner Program
- Intel® Atom™ Developer Program
- Intel® Software Network 2.0
- Manageability
- Media
- Mobility
- Open Source
- Parallel Programming
- Social Media & Virtual Worlds
- Software Engineering
- Threading Building Blocks
- Virtualization
- Visual Computing
- What If Software
- XML Software
- Association for Computing Machinery TechNews (ACM)
- Go Parallel! (Dr. Dobbs)
- HPCwire (Tabor Communications, Inc.)
- insideHPC (John West)
- Joe Duffy's Weblog (Microsoft)
- Microsoft Parallel Programming Development Center (Microsoft Germany)
- MultiCoreInfo.com
- scalability.org (Scalable Informatics)
- Software Dev Blog (Intel Germany)
- Soft Talk Blog (Intel United Kingdom)
- The Moth (Microsoft)
Intel® AMT Remote Access: An Overview
By Gael Holmes (Intel) (91 posts) on March 19, 2008 at 1:37 pm
This is my third post on Intel AMT Local/Remote access. My first post provided an overview of how they differ and then my last post covered just the Local Access. This post focuses on just the Remote Access. Like the blog on Local Access, most of the information in this blog comes directly from the Overview.pdf located in the Intel AMT SDK.
Intel AMT has two types of interfaces: remote interfaces (Intel AMT Release 2.5 supports a wireless, along with a wired, remote interface) and a local interface. Remote interfaces send and receive traffic via a LAN network connection. The Intel AMT firmware functionality can be configured only via a remote interface so that a local user or application is prevented from changing critical settings. For example, try to open the Intel AMT Client's Web UI from a browser window on the local AMT Client - were you successful?
Note: HECI/LMS do not come into play during Remote Access.
There are three methods that a remote application uses to communicate with Intel AMT:
Simple Object Access Protocol (SOAP) Messages
SOAP is a lightweight network protocol for information exchange in a decentralized, distributed environment. It is an XML-based protocol consisting of three parts:
- An envelope that defines a framework for describing what is in a message and how to process it
- A set of encoding rules for expressing instances of application-defined data types
- A convention for representing remote procedure calls and responses
The Intel AMT Programmatic Interface is a SOAP-based API exposed by the Intel AMT firmware to communicate with ISV Management Console software running on remote hosts. The API is described in Web Service Description Language (WSDL). There is a WSDL file for each firmware service, also called an interface.
Proprietary Redirection Protocol
Using Intel AMT functions, an ISV application can configure the platform to send console text to a remote destination and to receive keystrokes from a remote source. This is referred to as the Serial over LAN capability. The platform can also be configured to read from or write to a remote floppy disk or CD by redirecting the platform IDE interface. Both of these features use a proprietary protocol. The Redirection Library, included in the SDK, implements this protocol. Note that you must enable the SOL/IDER functionality in the AMT system's BIOs and AMT Configuration in order for this protocol to work.
WS-Management
"Web services for management" is an emerging DMTF standard for uses an object oriented approach to managing devices across a network. The standard is based on the Common Information Model (CIM) as extended by Intel to support all Intel AMT features. Release 3.0 supports full management using CIM objects. Note that WS-Management is another layer over SOAP. See the SDK WS-Management documentation for details. Note that future generations of Intel AMT will be phasing out the SOAP interface. If you are just starting with Intel AMT now, you should try to develop your software with as much WS-Man capability as possible.
The table below shows us all of the APIs that can be accessed from a Remote Manageability Console. To learn more about the AMT Services and Realms, you can reference the Network Interface Guide in the AMT SDK.
Intel AMT Services:
| Service | Realm | Function |
Local |
Remote |
Release |
| Security Administration Interface | PTAdministrationRealm | Manages security control data, such as Access Control Lists, Kerberos parameters, Transport Layer Security, Configuration parameters, power saving options and power packages. |
|
√ |
1.0 + |
| Network Administration Interface | PTAdministrationRealm | Configures local network options. These are usually configured with a DHCP server, but can be configured directly using this interface. |
|
√ |
1.0 + |
| Hardware Asset Interface | HardwareAssetRealm | Used to retrieve information about the hardware inventory of the platform. |
|
√ |
1.0 + |
| Remote Control Interface | RemoteControlRealm | Enables powering a platform up or down remotely. Used in conjunction with the Redirection capability to boot remotely. |
|
√ |
1.0 + |
| Storage Interface | StorageRealm | Used to configure, write to and read from non-volatile user storage. The actual commands are in the Storage Library. |
√ |
√ |
1.0 + |
| Event Management Interface | EventManagerRealm | Allows configuring hardware and software events to generate alerts and to send them to a remote console and/or log them locally. |
|
√ |
1.0 + |
| EventLogReader | Allows definition of a user with privileges only to read the Intel AMT system log. | √ |
√ |
2.6 | |
| Storage Administration Interface | StorageAdminRealm | Used to configure the global parameters that govern the allocation and use of nonvolatile storage. |
|
√ |
1.0 + |
| Redirection Interface | RedirectionRealm | Enables and disables the redirection capability and retrieves the redirection log. The redirection interface itself is a separate proprietary interface that does not depend on HTTP/SOAP. See the Redirection Library Design Guide. |
|
√ |
1.0+ |
| Remote Agent Presence Interface | AgentPresenceRemote Realm | Used to register Local Agent applications and to specify the behavior of Intel AMT when an application is running or stops running unexpectedly. |
|
√ |
2.0+ |
| Circuit Breaker Interface | CircuitBreakerRealm | Used to define filters, counters, and policies to monitor incoming and outgoing network traffic and to block traffic when a suspicious condition is detected (The System Defense feature). |
|
√ |
2.0+ |
| NetworkTime Interface | NetworkTimeRealm | Used to set the clock in the Intel AMT device and synchronize it to network time. |
|
√ |
2.0+ |
| GeneralInfo Interface | GeneralInfoRealm | Returns general setting and status information. With this interface, it is possible to give a user permission to read parameters related to other interfaces without giving permission to change the parameters. |
√ |
√ |
2.0+ |
| FirmwareUpdate Interface | FirmwareUpdateRealm | Used only by OEMs via Intel-supplied tools to update the Intel AMT firmware. These functions are not for general ISV use. |
√ |
√ |
2.0+ |
| Wireless Configuration Interface | Admin | Manages wireless interface settings. |
|
√ |
2.5+ |
| Endpoint Access Control Admin Interface | EndpointAccessControl Admin | Configures and enables the NAC posture |
|
√ |
2.5+ |
You can see that there are a lot more APIs that can be used over the Remote Interface (the Local Access list is available in my post referenced above.) So if you are trying to run an API locally and it isn't working, you might want to check out my two blogs here to see if the API is accessible on the Local Interface. (or check the Network Interface Guide)
