Get Decimation State

Use the following format as the text in the RFB CutText:

Set Decimation State

Use the following format as the text in the RFB CutText:

Controlling KVM ZLIB During a KVM Session

Get Current ZLIB State

Use the following format as the text in the RFB CutText:

ClientCutText: KVM Viewer -> AMT-KVM: Get Current ZLIB State Request

ServerCutText: AMT-KVM -> KVM Viewer: Get Current ZLIB State Response:

Set Zlib State

Use the following format as the text in the RFB CutText:

Intel AMT KVM Data Channel

The KVM Data Channel solution allows combining out-of-band Intel AMT KVM with in-band KVM, using a single KVM viewer. This provides the advantages of both types of KVM: out-of-band Intel AMT KVM enables seeing BIOS menus and working remotely with the managed system when it does not boot or has network issues; in-band KVM provides features available only with an OS agent operating on the managed system. The Intel AMT KVM Data Channel solution allows the KVM viewer to seamlessly switch between out-of-band Intel AMT KVM and in-band KVM.

Out-of-band KVM alone:

Out-of-band KVM with the data channel solution:

Solution Overview

The data channel allows the KVM viewer application running on the remote management console to send and receive data from a software KVM server running on the OS of the managed computer.

The data channel works as follows:

KVM viewer to software KVM server data channel path:

1. The KVM viewer sends data to Intel AMT KVM by using RFB’s ClientCutText message – see the message format in Data Channel Message Format: From KVM Viewer to AMT.

2. Intel AMT KVM appends the remote Intel AMT username and its realms to the data that the software KVM server will receive, separated by colons. This allows the software KVM server to identify the user and its realms and to allow or not allow features in the in-band KVM accordingly.

•   The data that the software KVM server receives has the following format:
amtusername:12345:ABC
where
12345 represents the realm bit map.

3.  The Local Management Service (LMS) running on the OS publishes a COM (Component Object Model) event when data is waiting in Intel AMT KVM for the software KVM server (interface is IUNSAlert, method is RiseAlert, message category 7, message ID 76).

4. The software KVM server to which this event is subscribed receives the event and calls the IPS_KVMRedirectionSettingData.DataChannelRead WS-MAN command to retrieve the data from KVM.

•   Note: The software KVM server must use the Intel AMT OS local administrator’s username ($$OSAdmin) and password to invoke this WS-MAN command. This is required to keep the data channel secure.

•   For more details see the IPS_KVMRedirectionSettingData.DataChannelRead WS-MAN Method.

Software KVM server to KVM viewer data channel path

1. The software KVM server calls the IPS_KVMRedirectionSettingData.DataChannelWrite WS-MAN command to pass data to Intel AMT KVM.

•   Note: The software KVM server must use the Intel AMT OS local administrator’s username ($$OSAdmin) and password to invoke this WS-MAN command. This is required to keep the data channel secure.

•   Note: For more details see section IPS_KVMRedirectionSettingData.DataChannelWrite WSMAN Method.

2. Intel AMT KVM transmits the data to the KVM viewer by using RFB’s ServerCutText message – see the message format in Data Channel Message Format: From AMT to KVM Viewer.

Note: The data channel is relevant only if an out-of-band KVM session is active (this means, for example, that if user consent is required to open the out-of-band KVM session, it needs to be provided before the data channel is available) and the platform is in the S0 power state.

Activating the Data Channel

When the KVM viewer opens a KVM session, the data channel is by default not active. The KVM viewer can activate the data channel in the current KVM session by sending encoding type 0x444 in the list of supported encodings that it sends to Intel AMT KVM in the RFB message SetEncodings. This encoding type is an Intel specific value that indicates to KVM that it should activate the data channel.

Data Channel Keep-Alive

KVM has an idle timer that can be configured via the IPS_KVMRedirectionSettingData.PUT.SessionTimeout WS-MAN command. When the value of SessionTimeout is not 0, KVM uses it to terminate the Intel AMT KVM session if the time specified by SessionTimeout has passed with no activity.

When the KVM viewer works with the software KVM server, Intel AMT KVM does not generate or report any operations (i.e, there are no requests for next frame buffer update or reports on keyboard presses and mouse movements). To keep the Intel AMT KVM session open and to reset the idle timer when needed, the KVM viewer can send Data Channel Keep Alive messages to Intel AMT KVM - this is a data channel message with zero size data. Intel AMT KVM does not forward this message to the software KVM server.

Switching Between In-Band and Out-Of-Band KVM

When the KVM viewer detects that the software KVM server is not responding, or is notified by the software KVM server to switch to out-of-band KVM, the viewer can use the RFB protocol to ask Intel AMT KVM for the next frame buffer updates, push keyboard presses and mouse movements etc., thereby switching to out-of-band KVM.

When the software KVM server is again active, the KVM viewer can stop using the RFB protocol for out-of-band KVM and can continue interacting with the in-band KVM.

Note: The interaction between the KVM viewer and the software KVM server does not need to be solely via the data channel; the two can also interact directly. The advantage of using the data channel is that it is available also when the operating system on the managed system does not have a network connection.

User Privacy

When opening an Intel AMT KVM session, the KVM displays the blinking privacy icon to indicate to the user that an Intel AMT redirection session is active. In addition, a colored screen border indicates to the user which screen is being captured.

In-band KVM can capture from multiple screens simultaneously and/or from non-Intel graphics. For the user’s privacy, it is suggested that the in-band KVM application should indicate to the user that it is running and the displays it is capturing.

Data Channel Message Format: From KVM Viewer to Intel AMT

Use the following format as the text in the RFB CutText:

ClientCutText: KVM Viewer -> AMT-KVM: Data Channel Message from the KVM viewer to AMT-KVM or to the software KVM server:

(*) Length 2 = Length-16

Data Channel Message Format: From Intel AMT to KVM Viewer

Use the following format as the text in the RFB CutText:

ServerCutText: AMT-KVM -> KVM Viewer: Data Channel Message from the software KVM server to the KVM viewer:

Number of Bytes	Type	Description
1	U8	0: padding
14	U8[14]	“KvmDataChannel”: hard-coded string
1	U8	Ack: •     1: Intel AMT sets to 1 after receiving a message from the KVM viewer and the software KVM server has read it. This allows the KVM viewer to know that the message was read by the software KVM server •     0: Otherwise
Length2 (*)	U8[Length2]	Data from the software KVM server

(*) Length 2 = Length-16

Copyright © 2006-2022, Intel Corporation. All rights reserved.