3PDS access

3PDS access


We are trying to use the 3PDS area to pass information between agents

on a local client and agents on a remote server. In order to not have

to deal with group permissions, etc, I felt a short cut would be to

have both the local and remote agents register with the 3PDS using

a common set of credentials (i.e. the same vendor name, application

name, enterprise name and UUID). That way, any blocks allocated by

one of the agents would be accessible by any other agent.

If the remote machine performs the first registration with this common

vendor name, UUID, etc, then any other remote machine (I have tried two

machines so far) can also register with these common credentials. The local

machine however is not able to register with the same common credentials.

Conversely, if the local machine does the initial registration, then no

remote machines are able to register with the common credentials.

Am I correct in assuming that when an application is first registered with the

3PDS, AMT also records if the registration was from a local or remote source?

If so, does it then only allow either local or remote (depending on

who got in first) to register with the same credentials?



3 posts / 0 new
Last post
For more complete information about compiler optimizations, see our Optimization Notice.

Hi Tim,

I think you are correct, you should not use the same UUID for both local and remote. Use everything else the same but use a different UUID and you will need to set permissions on the block so that it is visible and read/write is allowed for same enterprise, vendors & application name.

Generally I recommand playing arround with Intel AMT Commander and Intel AMT Outpost before using 3PDS, because it's not as easy as people initially think it is. You can using Intel AMT Outpost to register as an "Enterprise/Vendor/App/UUID" and see all the blocks. Intel AMT Commander will automaticaly log into 3PDS using every "Enterprise/Vendors/App" that exists on the computer, but will always use a UUID of all zeros. This is way, for the most part, Commander can see all the blocks... it pretends to be each application.

Hope this helps,
Ylian (Intel AMT Blog)

G'day Ylian,

Thanks for your response.

Actually, you can use the same UUID if you use different, say, application names. As long as the four values are not the same, then things work. I just found it interesting that AMT differentiates between local and remote connections and stores the connection source with the initial 3PDS application registration. However, all registrations within their separate and respective local/remote domains are treated equally.

To be honest, I have never had much success with getting AMT Outpost to work. I ended up creating a permission group with read/write access to all vendors of the same name using my now rewritten version of the Intel AMT storage library.

For testing, I had already been enumerating all storage blocks by registering with a null UUID as AMT Commander appears to be doing. This allows you to enumerate all the blocks, however, you are not able to read their contents if they have not had a permission group created allowing such read access. You can view the block if you register with the same UUID, etc as the application that first allocated the block, as long as you register from the same remote/local domain (i.e., my initial observation).



Leave a Comment

Please sign in to add a comment. Not a member? Join today