Note: As of the AMT SDK released 3/03/10, the Remote Encryption Management SDK content is now part of the AMT SDK. Look in the SDK Resources -> Remote Encryption Management section for the documentation, and the \Windows\ Remote_Encryption_Management folder in the SDK for the remainder of the content.
Thank you for your interest in the Remote Encryption Management Software Development Kit (SDK). This SDK provides the tools to allow FDE or software based encrypted hard drives to be unlocked remotely out of band using vPro. This allows computers with vPro and encrypted hard drives to be managed out-of-band. This feature leverages on top of the existing vPro Serial-over-LAN and IDE-Redirect functionality, and is currently supported on AMT 4 (Montevina) and AMT 5 (McCreary) systems on full vPro systems.
Most of the functionality within this SDK is intended to be used with an existing solution that maintains the credentials for encrypted hard drives (this will be referred to as the Security Application), but also provides examples on how a Security Application could make this functionality available to another application (this is referred to as the Manageability Application) through an interface.
The Remote Encryption Management SDK gives source code (as well as a working sample executable) that can be used to add the ability to remotely unlock a vPro system in a powered off state to an existing hard drive encryption solution. It also provides a Linux based ISO image that is loaded on the vPro system and contains the functionality used to unlock the system remotely. This ISO is not required; the functionality it contains can be integrated into an existing encryption solution’s Pre-Boot Environment. This SDK is intended to be used with the Intel® AMT SDK, which contains more detailed documentation on provisioning the vPro systems and the SOL and IDE-R functionality that the Remote Encryption Management SDK makes use of.
The SDK runs in a Microsoft® Windows .NET 2.0 environment and builds on top of WinRM in the default WS-Man mode, and requires Visual Studio 2008. In legacy mode (also known as EOI), WinRM is not required, and for a deployed solution WinRM would not necessarily be required (the AMT SDK provides examples using the OpenWSMan library). The ISO image that is transferred to the vPro system is built using Linux, and the source code for this image is included in the SDK.
The Remote Encryption Management SDK uses the following components:
Main Application: Graphical Interface which acts as primary interface to end user. Communicates with Remote Encryption Management Library to execute the Remote Encryption Management use cases such as unlock and provide status feedback.
Remote Encryption Management Library: Library that provides the functions to execute the Remote Encryption Management use cases. Communicates with the Intel® Active Management Technology (Intel® AMT) Library to execute all functionality related specifically to Intel® AMT functionality. Communicates with the ATA-Over-LAN Bridge Library to generate and process WS-MAN formatted string used to communicate with the ATA-Over-LAN Bridge application. Writes messages to the SOL communication channel and reads messages from SOL communication channel.
Intel® AMT Library: Library with functions to perform Intel® AMT functionality using either WS-MAN or EOI (legacy interface) protocols. This library includes functionality such as verifying connection to Intel® AMT client system, remote power management, and redirection for SOL/IDER.
ATA-Over-LAN Bridge Library: Library which is used to generate WS-MAN formatted messages to be sent to the ATA-Over-LAN Bridge application and process response messages received from ATA-Over-LAN Bridge application. This library is strongly tied to ATA-Over-LAN Bridge Application; but does not communicate directly with ATA-Over-LAN Bridge Application.
SOL Communication Channel: Communication channel which is used to send messages between the Remote Encryption Management Library and the Intel® vPro client system running the Remote Encryption Management Bridge ISO. SOL session functionality is implemented using the Intel® AMT Library.
Remote Encryption Management Bridge Image: ISO image which is pushed to Intel® vPro client system and booted to in IDER session. ISO image contains ATA-Over-LAN Bridge application which will automatically start after ISO is booted. For PBA solutions this component is not needed.
ATA-Over-LAN Bridge Application: Application that runs on Intel® AMT client system. Applications reads WS-MAN formatted messages sent over SOL communication channel, performs action specified in WS-MAN formatted message, and writes response WS-MAN formatted messages out to SOL communication channel. This application is strongly tied with ATA-Over-LAN Bridge Library, but does not communicate directly with the ATA-Over-LAN Bridge Library. For PBA solutions this component is integrated into the PBA.
Manageability Application/Manageability Interface: The Manageability Interface is a WS-MAN service which provides an example interface for an external application (such as the manageability application in this diagram) to interface to the security application providing Remote Encryption Management support.
More details on these components can be found in the documentation available within the Remote Encryption Management SDK.
Please direct any questions about Remote Encryption Management to the Manageability Forums at: /en-us/forums/manageability-software-development/