The wireless networking capabilities were extended in the 6.0 release of Intel® AMT to include the following:
- Automatic synchronization of wireless profiles from the host operating system
- Support for remote access over wireless
- Control over host connectivity during Intel® AMT redirection.
For more details please refer to the documentation in the new Intel® AMT SDK including the CIM Elements. There is also some history on profiles, configuring and enabling.
Sync or Swim
Intel® AMT 6.0 can be configured to synchronize wireless profiles between the Host Connection Manager and the Manageability Engine (ME). This feature can be enabled or disabled during configuration. When enabled, the currently connected profile is automatically pushed to the ME for use out of band.
There are two types of profiles defined by Intel® PROSet for use with AMT, Admin and User, and both can be synchronized. Admin profiles (a.k.a. IT profiles) are those defined and set by IT administrators and typically used inside an enterprise network environment. User profiles are those created by the system’s end user typically for connecting to a network outside the corporate enterprise (e.g. home network). Up to sixteen Admin and eight User profiles can be synchronized.
The Intel® PROSet API service and the Intel ® AMT Local Manageability Service (LMS) are required for the synchronization to work.
Help with No Wire
Starting with Intel® AMT 6.0 the Remote Access usages can now be done over wireless. So mobile clients that are connected to a wireless network outside the corporate environment can now perform operations like Fast Call for Help to get connected back to their IT help desk when they have issues that need assistance. This includes support for the new KVM Remote Control feature that allows help desk personnel to diagnose and repair blue screens and other tough issues.
Down but Not Out
When the host operating system is up it controls the wireless connection which provides the channel for calls to AMT. This poses a problem for AMT operations that perform a reset (i.e. Serial-Over-LAN, IDE-Redirection, KVM Remote Control) because once the host OS is down the AMT connection is lost. Prior to Intel® AMT 6.0 the ME took control of the connection before a redirection session to avoid possible disconnect if there was a reset. Now there is the option to let the host operating system maintain the connection with a redirection session to support usages that will not perform a reset like use of KVM Remote Control to see the current host operating system environment.
Let Me Connect
Intel® AMT supports a variety of authentication and encryption types for its wireless connections. But there are several constraints to keep in mind. Only Infrastructure network types are supported by Intel® AMT, not Ad-hoc/peer-to-peer. User profiles can be configured with WEP or no encryption and cannot be added to the ME via the AMT API. Admin profiles must be TKIP or CCMP with WPA or higher security and can be added to the ME via the AMT API. And as mentioned previously, 802.1x profiles are not automatically synchronized.
Here is a table that shows the possible security settings for AMT wireless profiles.
|WPA IEEE 802.1x||X||X|
|WPA2 IEEE 802.1x||X||X|
Wired Equivalency Privacy (WEP)
Temporal Key Integrity Protocol (TKIP)
Counter Mode with Cipher Block Chaining Message Authentication Code Protocol (CCMP) a.k.a. Advanced Encryption Standard (AES)
Wi-Fi Protected Access (WPA)
Wi-Fi Protected Access Version 2 (WPA2) a.k.a. Robust secure Network (RSN)
Pre-Shared Key (PSK)