Manageability Developer Tool Kit: Technical Overview

by Ylian Saint-Hilaire

The Manageability Developer Tool Kit (DTK) is a free set of tools for designers, developers and testers that are building and testing Intel AMT applications.


Overview

As interest in Intel Active management Technology (AMT) is growing, so does the need to quickly train more people on the benefits of Intel AMT, and the need for improved tools for development and testing. Intel AMT provides a great new way to manage computers and lower the total cost of management and support. Software built with Intel AMT support in mind can help network administrators manage there network in ways never possible before. For an overview of the features and capabilities of Intel AMT, see the Intel Active Management Technology Overview.

To help developers build applications that make use of Intel AMT, Intel provides a Software Development Kit (SDK) with source code and basic building blocks. In addition, Intel is now offering the Manageability Developer Tool Kit (DTK). The DTK provides tools that help with the training and development process. The DTK is designed to compliment the Intel AMT SDK by adding solid and easy to use reference and test tools.

Initially, the DTK contains a set of three tools: A sample management console, a sample agent and a single network status tool. The tools are built from the ground up for the developer community and are provided free of charge.

  • Manageability Commander Tool. This tools acts as a sample Intel AMT console allowing developers to look at the current state of the machine and change it’s state as needed. This tool was built with developers in mind, and so it displays lots of information that would not otherwise be displayed to a normal network administrator. This tool attempts to cover all of the features available from Intel AMT, also making it an excellent demonstration tool.
  • Manageability Outpost Tool. This is a sample Intel AMT agent. It must run on an Intel AMT enabled platform and is used to log into the local interfaces available from Intel AMT. This tool, much like the sample console, is targeted at developers.
  • Manageability Network Status Tool. This last tool has no relation to Intel AMT at all. It simply pings a selected network address and indicates to the user is the network is up or down via a pop-up on the system tray. This tool is especially useful for Intel AMT demonstrations of network policies & filters and should generally run on machines that support Intel AMT.




Figure 1. The console tool communicates with Intel AMT and the agent tool thru web services and serial-over-LAN.

This white paper will run thru the features of the sample console and agent tools and provide the reader with a basic understanding of what they are capable of and how they can be used to facilitate the development and testing of new Intel AMT applications. Users of the DTK are also encouraged to watch the available tutorial videos wh ich also cover most of the features available in the DTK.


Requirements and limitations

The sample console and agent tools are generally designed and tested to run on Intel AMT 2.0 or above, but can run on an Intel AMT 1.0 machine with some limitations. The tools also require Microsoft Windows running the Microsoft .NET 2.0 framework. The user must have correctly provisioned the Intel AMT machines before using the DTK, and all necessary platform drivers must be installed. Since the DTK is only intended for development and testing, all stored passwords are kept in clear text in the computer’s registry. Currently, the DTK assumes that the user always provides the username and password of the Intel AMT administrator account.


Starting up the Manageability Outpost Tool

The sample agent tool is made to run on machines with Intel AMT 2.0 or above. Once running, the user should enter the username and password to log into AMT and hit “Connect”. Once connected, the current state of Intel AMT will be displayed. The “IDE Redirect Log” tab can be used to see the last few IDE redirection sessions that have taken place with this machine, the “Watchdog agent” tab can be used to perform heartbeats on Intel AMT watchdogs. The most interesting tab in the tool is probably the “Serial Agent” tab. The user must select the correct Intel AMT Serial-over-LAN COM port (Generally COM4) and hit enable. Once enabled, any Intel AMT console that connects to Intel AMT and makes use of the Serial-over-LAN feature will be presented with a command prompt. This will be useful once we start using the sample management console. Note that access permissions can also be set in this tab.



Figure 2 and 3. The agent tool’s “general” and “serial agent” tabs.


Using the Manageability Commander Tool

The sample management console is the largest of the DTK tools. Once running, the user must start by adding connection information for known Intel AMT machines, or discover them using the discovery panel. To discover Intel AMT machines on a network, simply select the “Network” root node on the tree view, input the start and end IP address for the network scan and hit “start”. A progress bar will show the scan’s progress and any discovered machines will be shown immediately. Select a discovered machine, click “Add computer” and a dialog box will prompt for the username and password. This process can be repeated to input the credentials of many machines on the network. Once entered, the console will not immediately connect to the machine; rather, the user must select a machine and click “connect”. If successful, the tree view under this machine will be populated with lots of information.



Figure 4 and 5. Network discovery and connection screens.

Once connected, lots of information the platform is available for browsing. The “Hardware Assets” sub-tree shows all of the hardware asset inf ormation about this computer. The “networking” sub-tree is used to control network filters, policies and watchdog agents. The “Storage” sub tree is used to allocate, read and write data from the 3rd party NVRAM storage available thru Intel AMT. Lastly, the “event log” sub-tree is used to scan thru the Intel AMT event log, add event filters and subscribe to asynchronous events (PET events) based on these event filters. Since the user interface is quite simple, most users will have no problem browsing thru these features on their own.

When making use of “network alerts”, users can go into the “event log” sub-tree, create a new event filter and subscribe for events. The console tool is always listening for incoming network alerts, even if it’s not connected to the machine that sent the alert. In the “File” menu, users can select the “Alert Viewer…” menu option to open the alert viewer dialog. In this dialog, all of the network alerts received by the console are displayed, and if an alert is selected, a complete decoding of the alert is also displayed. This should help developers understand how to handle network alerts in their own applications.

Another useful feature is the remote control and terminal dialog. To enter the terminal, the user must first select the root tree node for that machine, showing the machine’s connection panel. Click on the “Remote Control” tab, make sure that Serial-over-LAN, IDE Redirect and the Redirection port are all enabled (a button besides each option allows these to be toggled). Once turned on, click “Take control” to enter the terminal.



Figure 6. Terminal screen used for remote control, serial-over-LAN and IDE redirect.

The first use of the terminal screen is to communicate with the Intel AMT machine thru Serial-over-LAN. If the Intel AMT Outpost agent tool is running and enabled on the Intel AMT machine, the user can hit enter on the terminal to get the serial agent’s command prompt. Users can also hit the reverse apostrophe “`” (Located to the left of the “1” key and on top of the “tab” key on most US keyboards) to cause the serial agent to reset to the introduction screen. To get a list of commands offered by the agent, type “help”. To execute a program on the Intel AMT machine, type “exec <program>”; for instance, typing “exec notepad” will start Notepad on the Intel AMT machine. Note that this works even if all of the network drivers on the Intel AMT machine are disabled in the host operating system; this is because Serial-over-LAN uses the TCP/IP stack of Intel AMT, and not the one in the host operating system.

Within the terminal, the “Remote Control” menu can be used to turn on or reset the Intel AMT machine in different ways. For example: A user can reboot an Intel AMT machine into the BIOS screen to make changes to the BIOS settings. The user can also opt to send any remote control command that the Intel AMT platform supports by entering the “Custom Command…” dialog box. A user could opt to enter the BIOS screen and lock the local keyboard using such a cus tom command.

Also within the terminal is the “IDE Redirect” menu that makes it possible to mount a virtual floppy and CDROM image onto the Intel AMT machine and possibly boot using one of these virtual disks if needed. Both floppy and CDROM images must be mounted, not just one or the other. Using the “IDE Redirect” menu, the user can select which drive, or drive image is the IDE redirect target, select when IDE redirect should start, and active it. Once active, a live status of IDE Redirect is displayed at the bottom of the terminal window.

Lastly, within the terminal, there is a menu called “Serial Agent” which contains features only functional when the Intel Outpost agent tool is correctly running on the Intel AMT machine. The “Process Monitor…” menu option allows the user to see processes running on the Intel AMT machine, and the “TCP Redirect…” menu option allows users to map TCP ports from the management machine to local ports on the Intel AMT machine. This can be interesting when trying to contact services on the Intel AMT machine while the operating system’s network drivers are disabled or non-functional.


Key Uses for Each Tool Provided in the DTK

In general, users and developers should start using the DTK to learn more about Intel AMT. For example: It can be difficult to understand how NVRAM is managed and how data blocks are allocated to applications. Using the DTK, users can experiment with various ways of allocating storage space and storing data into allocated space. Another good example is how Intel AMT watchdog agents function and how they can be used to track operating system applications. Using the DTK tools, users can experiment with watchdog agents and make sure their own applications work correctly, by confirming that their watchdog policies are set correctly or that watchdog heartbeats are being performed correctly.

Another area where the DTK tools are valuable is with network alerts (PET events). Developers wishing to build support for network alerts should get familiar with them first using the DTK.

The following table gives a high-level summary of the features and uses that are provided with the Intel AMT Developer Tool Kit:

Tool Manageability Commander Tool Manageability Outpost Tool
Key Uses
  • Perform discovery of Intel AMT Machines on a network.
  • Allows a user to quickly browse the state of Intel AMT: hardware assets, network filters, network policies, watchdog agents, event logs and more.
  • Perform Intel AMT remote control thru the use of the terminal window. Including: remote commands, serial-over-LAN and IDE redirect.
  • When the Intel AMT Outpost Agent Tool is running, can demonstrate additional features such as process monitoring and TCP redirect over SOL.
  • Log into Intel AMT local services and display the current status of Intel AMT along with redirection log.
  • Perform Intel AMT watchdog agent heartbeats.
  • Offers a “Serial Agent” allowing consoles to perform operations even when the operating system’s network stack is disabled.

 

It is also important for developers to test their own Intel AMT enabled applications for correct co-existence with Intel AMT enabled applications written by other developers. The DTK can be used by developers and quality assurance engineers to change the state of Intel AMT while testing their applications. For example: by adding various network filters, network policies, watchdog agents and NVRAM storage. The DTK could also be used to test how a developer’s application performs when resources have been exhausted. For example: The maximum number of network filters has already been reached.


Conclusion

The Manageability Developer Tool Kit provides developers with easy to use tools that can be used to quickly learn and demonstrate the features provided by Intel AMT, but also help developers with building and testing their own Intel AMT applications. Developers can test their Intel AMT agent and console against the DTK tools and use the DTK to change the state of Intel AMT and test their applications against these various states. The Intel AMT Developer Tool Kit enables the developer community to quickly built higher quality Intel AMT applications.


Resources

 


Additional Resources

The following materials provide further information on the Intel AMT and the other topics discussed in this paper:

 

Developers creating products that take advantage of Intel AMT are entitled to technical support from Intel.
The Manageability Software Development Forum exists for the purpose of providing support for architect/developer questions. We would like to build a developer community around manageability to help foster growth and promote development efforts. Questions will be answered by both peers and Intel representatives that monitor this forum.

 


Para obtener información más completa sobre las optimizaciones del compilador, consulte nuestro Aviso de optimización.