 |
KVM and Intel AMT
Starting with Release 6.0, Intel AMT adds remote KVM to the existing redirection features Serial Over LAN (SOL) and Redirected IDE (IDE-R). A Remote Console can open a session with an Intel AMT platform and control the platform using a mouse and keyboard and display at the console what is displayed on the local monitor. The KVM capability is enabled in the same way that SOL/IDE-R is enabled – with network administration commands. KVM first must be enabled in the Intel® Management Engine BIOS Extension (MEBx) and the listener enabled (as with SOL/IDE-R) before it can be enabled remotely.
KVM is based on the RealVNC Limited* Remote Frame Buffer (RFB) protocol. In fact, off-the-shelf viewers based on the RFB protocol work in conjunction with Intel AMT without modification.
The KVM feature supports gaming and signage platforms that have high-resolution graphics. Following are the screen resolutions with 16 bits of color depth for each Intel AMT release
• 1600x1200 for Intel AMT 6.0 excluding maintenance release 2
• 1920x 1080 for Intel AMT 6.0 maintenance release 2 and Intel AMT 6.1
• 1920x1200 for Intel AMT 7 and Intel ME8
The Intel AMT implementation includes an option in the MEBx for “user opt-in”: When a remote console initiates a KVM session, the local PC user must agree to allow remote KVM before the session can start.
|
In the context of KVM, the IT remote console has a KVM client operated by an IT operator. The platform containing Intel AMT contains a KVM server operated by a PC user. |
Note:Intel AMT KVM Features
This section describes the KVM features supported by different Intel AMT Releases.
From Intel AMT Release 6.0
These KVM features are supported from Intel AMT Release 6.0 and higher:
• KVM can be enabled or disabled remotely, unless KVM is disabled via the MEBx.
• Intel AMT can accept a KVM connection on the IANA-defined VNC port (5900) or on the Intel AMT redirection ports (16994/5). The connection on the 5900 port requires only the RFB password for authentication, while the redirection ports add the usual Intel AMT authentication mechanisms.
• The KVM server supports RFB versions 3.8 or before and version 4.0. RFB version 4.0 offers some performance, usability and extensibility enhancements.
• Intel AMT emulates a standard USB keyboard and mouse. Note that the local keyboard and mouse at the platform supporting Intel AMT are still active during a KVM session.
• The Intel AMT Access Monitor feature can record the following events in the Access Monitor Audit Log:
Auditable KVM Events |
A KVM session started or ended |
KVM was enabled or disabled |
VNC password authentication failed three times in a row |
KVM Opt-in was enabled or disabled |
KVM password was changed |
KVM operator consent succeeded |
KVM operator consent failed three times in a row |
• If there is no connection activity for a configurable pre-defined period (defined as no keyboard or mouse activity), the server at the PC will drop the connection.
• There can be only one RFB session per server (i.e. per Intel AMT-enabled PC) at a time.
• If there are three consecutive failed login attempts, the Intel AMT will delay subsequent attempts and log the occurrence.
From Intel AMT Release 7.0
Intel AMT Release 7.0 includes support for additional KVM features when using version 4.0 of the RFB protocol. Support for these features is built into the Virtual Network Computing (VNC) Server component embedded in the Intel AMT device:
• Scancode Extension – The VNC Server accepts key events sent in a USB key code format.
• Relative Pointer Motion – The VNC Server can accept both x and y co-ordinates as relative motion values.
From Intel AMT Release 8.0
• Starting with Intel AMT 8.0, the KVM Library can request information from the host operating system driver and then rotate the display without operator intervention.
• Starting with Intel AMT 8.0, Intel AMT supports platforms with up to three displays.
Copyright © 2006-2012, Intel Corporation. All rights reserved. |