Wireless Configuration Concepts

The connection parameters for an Intel® Active Management Technology (Intel® AMT) wireless device closely resemble those required for the host OS to make a wireless connection. The firmware also requires connection information: SSID, authentication method, encryption type, and passphrase, at a minimum. In more advanced wireless connections, 802.1x profile information can be configured.

All these settings are wrapped into a profile, which is considered either an Admin or User profile, and saved within the Intel AMT firmware. The Admin or IT profiles are added to the firmware using Intel AMT APIs; see a list of configurations (see Table 1). User profiles cannot be added to the Intel® Management Engine BIOS Extension via an Intel AMT API; they are created using the Intel AMT WebUI or with profile syncing using the Intel® PROSet wireless software.

The Intel AMT firmware holds a maximum of 16 total profiles, of which a maximum of 8 can be user profiles. With the ninth user profile, the oldest user profile is overwritten. The combination of Admin and User profiles are a maximum of 16 profiles.

Connection Types – Authentication and Encryption

Intel AMT supports several authentication and encryption types for wireless connections.

  • User profiles can be configured with Wired Equivalent Privacy (WEP) or no encryption.
  • Admin profiles must be TKIP or CCMP with Wi-Fi Protected Access (WPA) or higher security.
  • 802.1x profiles are not automatically synchronized by the Intel PROSet wireless software

Table 1 shows the possible security settings for Intel AMT wireless profiles.

 

None

WEP

TKIP

CCMP

Open System

X

X

   

Shared Key

X

X

   

Wi-Fi* Protected Access (WPA)
Pre-Shared Key (PSK)

   

X

X

WPA IEEE 802.1X

   

X

X

WPA2 PSK

   

X

X

WPA 2 IEEE 802.1X

   

X

X

Table 1: Security settings for Intel® Active Management Technology wireless profiles.

Settings to Ensure Connectivity during Remote Connection

Link Control and Preference

In a typical Intel AMT remote reboot command, the Intel AMT system immediately reboots if a graceful shutdown is not specified. If there is a wireless KVM session in place, the session will get dropped, because the wireless link connection does not get passed to the firmware. Since the OS driver didn’t pass the control of WLAN from the OS to the firmware, it can take up to two minutes for the Intel AMT wireless connection to be reestablished.

To prevent connectivity loss in this situation, the preferred method is to programmatically change the link control prior to making the power control request.

For additional Information see: KVM and Link Control and the more general Link Preference and Control article.

TCP Time-Outs

During changes to link control and power transition, wireless connectivity will temporarily be down during these state changes. If that duration lasts too long, the sessions created using the redirection library will be terminated. This termination is due to exceeding the HB setting within the redirection library (see Table 2).

Time Out

Default Value

Suggested Value

Hb (client heartbeat interval)

5 seconds

7.5 seconds

RX (client receive)

2 x Hb

3 x Hb

Table 2: TCP default and suggested changes.

Currently the default session time-out setting works most of the time. However we now recommend changing the heartbeat and the client-receive intervals by adding parameters during calls to the redirection library. These time-out values need to affect both the IDER TCP and SOL TCP sessions. For additional Information, see the following;  IMR_IDEROpenTCPSession or IMR_SOLOpenTCPSessionEx.

Wireless Link Policy

Another aspect is the wireless power policy of the firmware. This policy governs power control in different sleep states. The allowable values are Disable, EnableS0, and EnableS0AndSxAC. These settings are usually set during configuration. However identifying whether an Intel AMT client will be able to maintain connectivity after a reboot or power down will improve technician expectation of client behavior.

To query the Wi-Fi link policy, use the HLAPI.Wireless.WiFiLinkPolicy enumeration.

To set the Wi-Fi link policy, use the HLAPI.Wireless. IWireless.SetWiFiLinkPolicy method of the Intel AMT HLAPI.

Summary

Intel AMT wireless functionality may be called a feature, but this feature should be a cornerstone for any integration of Intel AMT functionality into a console application. Without this integration many devices will not be manageable due to the introduction of Intel AMT version 10).

A successful basic integration is composed of several factors: Intel AMT wireless configuration, connection verification for wired or wireless, and wireless link control operations.

Resource Lists

 

*No product or component can be absolutely secure.

Optimization Notice: 

standard

For more complete information about compiler optimizations, see our Optimization Notice.