Part 5: Detailed information to the user with the User Notification Service

By Shmuel Gershon (Intel) (21 posts) on February 25, 2009 at 3:19 pm

Hello all.

There's a lot of good action going on at the Manageability Community. So many interesting issues, that instead of writing posts I've been reading  them. :)

In the last three posts on this series, we saw the notification area icon of Intel® AMT versions up to 3.x in details (overview, setup, advanced config). I've been told that it's the most comprehensive guide for the atchk popup (or atchksrv or Privacy Icon...), and that's very cool. I want to continue this level of detail on Intel LMS and HECI too; please let know what you think.

In a future post we'll review the Intel® Management and Security Status, that is the newfangled Intel® AMT version 4.x and 5.x of the atchk popup. It was a secret until now :).

In this article, we'll focus on a different software service provided (at the discretion of OEMs and IT shops) with Intel® AMT systems: the User Notification Service, or UNS.

 

The purpose of this service is very interesting. We mentioned in the past that privacy principles compel us to be as transparent as possible with the users and make it possible for them to know the manageability status of his system. The User Notification Service (UNS) informs not about the static status of Intel® Intel® AMT (for this we have the Intel® AMT System Status), but about manageability operations taking place on the computer - in real time!

For example:
Let's say an IT manager has set a System Defense policy to protect the computer, setting it so in case of a virus or worm attack this policy filters specific network protocols. The user will still be able to use his computer normally, but the network performance may be reduced during this attack (better than having computers infected all around, right?).
How can the user (or a support person) notice this when they diagnose the network problem? Easy peasy, there will be an appropriate note in the operating system's event viewer! :)

The User Notification Service listens to special events happening on the system as a direct result  of Intel® AMT execution and logs them in the Event Viewer of Microsoft Windows.

The events logged are the ones that might be otherwise considered irruptive:

Category

Event Viewer Message

What it really means

System Defense

Security policy invoked. Some or all network traffic (TX) was stopped.

Transmission of specific types of network packets have been stopped according to IT policies (all other network protocols perform normally)

System Defense

Security policy invoked. Some or all network traffic (RX) was stopped.

As above, but for network Reception.

System Defense

Security policy invoked. TX Network connectivity was reduced.

Transmission of specific types of network packets have been "reduced" by allowing only some of the packets (a determined percentage), according to IT policies (all other network protocols perform normally).

System Defense

Security policy invoked. RX Network connectivity was reduced.

As above, but for network Reception.

Remote Diagnostics

A remote Serial Over LAN session was established.

An IT Administrator has started an SOL session on this system, which confers him rights on the I/O of the SOL port.

Remote Diagnostics

Remote Serial Over LAN session finished. User control was restored.

The aforementioned SOL session was closed. The end user is the only one controlling the system.

Remote Diagnostics

A remote IDE-Redirection session was established.

An IT Administrator has started an SOL session on this system, which confers him rights on the I/O of the SOL port.

Remote Diagnostics

Remote IDE-Redirection session finished. User control was restored.

The aforementioned IDE-R session was closed. The end user is the only one controlling the system.

 

There are also informational events, if yours is a mobile systems with wireless:

Category

Event Viewer Message

WLAN

WLAN Profile insufficient for management session over WLAN interface.

WLAN

Management session was established over WLAN interface.

WLAN

Security parameters insufficient for management session over WLAN interface.

WLAN

Management session over WLAN interface has finished.

 

We'll explain the UNS configuration and how it works under the hood in the next post, detailing the advantages and drawbacks of the method.
See you then!

Articles in the Intel® AMT software series:

  1. The software bundled with Intel AMT
  2. The notification area icon - understanding the pop-up
  3. Configuring the notification area icon & app
  4. More configurations (disabling) of the Intel AMT icon
  5. Detailed information to the user with the User Notification Service
  6. How the UNS works
  7. UNS Error Messages and how to fix them
  8. Newfangled Intel Management and Security Status
  9. Intel Management and Security Status (IMSS), advanced configurations
Categories: Manageability, Software Engineering

Comments (0)

Trackbacks (26)


Leave a comment  

To obtain technical support, please go to Software Support.
Name (required)*

Email (required; will not be displayed on this page)*

Your URL (optional)


Comment*