With the introduction of wireless-only platforms starting with Intel Active Management Technology (Intel® AMT) 10, it is even more important for an ISV to integrate support for wireless management of Intel® AMT devices.
The wireless feature of Intel AMT is just like any wireless connection; it is not an automatic initial connection process. However, there are several major differences between wired and wireless Intel AMT communication, including the following:
This article will address the Intel AMT wireless configuration and describe how to handle the various aspects that are important for a clean integration.
The connection parameters for an Intel AMT wireless device closely resemble those required for the Host OS connection. The firmware requires information including SSID, the authentication method, encryption type, and passphrase at a minimum. In more advanced connections, 802.1x profile information is also required.
All these settings are wrapped into a Profile which is considered as either an Admin or User Profile and saved within the Intel AMT firmware. The Admin or IT profiles are added to the firmware using Intel AMT APIs; see a list of configuration methods below. User profiles cannot be added to the Intel® Management Engine BIOS Extension (Intel® MEBX) via an Intel AMT API, they are created using the Intel AMT WebUI, or with profile syncing using the Intel® PROSet wireless drivers.
The Intel AMT firmware holds a maximum of 16 total profiles, of which a maximum of 8 can be user profiles and 8 admin profiles. With the ninth user profile, the oldest user profile is overwritten.
The basic configuration of wireless for Intel AMT is covered in the article: Intel® vPro™ Setup and Configuration Integration, but here is additional information specific to the wireless setup.
Wireless profiles can be placed in the Intel AMT firmware in several ways. However, any system that is wireless only (no RJ45 connector) cannot be provisioned by a USB key.
Intel AMT supports several authentications and encryption types for wireless connections.
Table 1 shows the possible security settings for Intel AMT wireless profiles.
Table 1. Security settings for Intel® Active Management Technology wireless profiles
|Wi-Fi* Protected Access (WPA)
Pre-Shared Key (PSK)
|WPA IEEE 802.1X||X||X|
|WPA2 IEEE 802.1X||X||X|
In a typical Intel AMT remote power management command, the Intel AMT system gets immediately rebooted. With a wireless KVM, the session will get dropped as the WLAN because the control of the wireless interface does not get passed to the firmware. This lack of passing the control from the OS to the firmware can take up to two minutes for the Intel AMT wireless connection to be re-established.
To prevent this connectivity loss, the preferred method is to programmatically perform the change of link control prior to making the power control request.
During changes to link control and power transition, wireless connectivity will temporarily be down during these state changes. If that duration lasts too long, the sessions created using the redirection library will be terminated. This termination is due to exceeding the HB setting within the redirection library (see Table 2).
Table 2. TCP default and suggested changes.
|Time Out||Default Values||Suggested Value|
|Hb (client heartbeat interval)||5 seconds||7.5 seconds|
|RX (client receive)||2 x Hb||3 x Hb|
Currently, the default session time-out setting works most of the time. However, we now recommend changing the Hb interval and the client receives the new interval by adding parameters during calls to the redirection library. These time-out values affect both the IDER TCP and SOL TCP sessions. For additional information, see: IMR_IDEROpenTCPSession or IMR_SOLOpenTCPSessionEx.
Another aspect is the wireless power policy of the firmware. This policy governs power control in different sleep states. The allowable values are Disable, EnableS0, and EnableS0AndSxAC. These settings are usually set during configuration. However, identifying if an Intel AMT client will be able to maintain connectivity after a reboot or power down will improve technician expectations of client behavior.
Intel AMT wireless functionality may be called a feature, but this feature should be a cornerstone for any integration of Intel AMT functionality into a console application. Without this integration many devices will not be manageable due at the introduction of Intel AMT version 10).
A successfully basic integration is composed of several factors: Intel AMT wireless configuration, connection verification for wired or wireless, and wireless Link control operations.
Joe Oster has been working with Intel® vPro™ technology and Intel AMT technology since 2006. When not working, spending time working on his family’s farm and flying drones.
Intel's compilers may or may not optimize to the same degree for non-Intel microprocessors for optimizations that are not unique to Intel microprocessors. These optimizations include SSE2, SSE3, and SSSE3 instruction sets and other optimizations. Intel does not guarantee the availability, functionality, or effectiveness of any optimization on microprocessors not manufactured by Intel. Microprocessor-dependent optimizations in this product are intended for use with Intel microprocessors. Certain optimizations not specific to Intel microarchitecture are reserved for Intel microprocessors. Please refer to the applicable product User and Reference Guides for more information regarding the specific instruction sets covered by this notice.
Notice revision #20110804