Intel® Active Management Technology (AMT) in the Small Business

 

By Ylian Saint-Hilaire

Overview

Intel® Active Management Technology (Intel® AMT) is not just for big enterprises. Small business owners with only a few PCs can benefit greatly from Intel AMT, a key feature of the Intel® vPro™ technology. Power savings, improved remote management, and inventory control are just a few of the benefits. Intel AMT adds hardware to business PCs to manage them remotely, regardless of operating system (OS) state.

The basics

As long as the PC is plugged into a power plug and to the network, you can manage it. That’s basically the promise of AMT. Once a PC is plugged in, the small management engine in the PC’s motherboard wakes-up and starts listening to the network for management commands. If the PC is brand new, the network administrator will have to configure the management engine with security information required to make sure only authorized people can use the on-board management engine.

Intel provides software vendors with all the necessary documentation and software samples to make sure that vendors can build management software that works with Intel AMT. Generally, small business owners will shop around for software that best suits their needs, or see if the management software they are already using can be upgraded to support Intel AMT. Intel also makes sample software available to demonstrate Intel ATM features and capabilities.

Power efficient business

With global warming and the increasing price of electricity, running a power efficient fleet of PCs does not only make business sense, it’s also the right thing to do environmentally.

Because Intel AMT can be used to manage a PC even if it’s in a sleep or “soft-off” state, the first benefit a business owner could take advantage of is power savings. Management software can know for certain that a specific PC is on the network and what power state that PC is in, so business owners can quickly get a picture of the power state of all PCs on the network and find ways to decrease power usage, using improved power management policies.

Business owners can track the presence of PCs without waking them up, but that's not all. Intel AMT also allows software to read and write in the PC’s spare flash memory space. This is where the PC’s BIOS is stored and unused space can now be access through the network, even if the PC is sleeping or in “soft-off”. There are many uses for this. Agent software running on the managed PC could store the list of installed software, backup situation, user login logs, and more in this spare flash memory. Management software can now read all of this data on each PC when needed. It can also be used to give instructions to the software agent, such as when to wake up and install a given patch.

Some readers may ask the question: Doesn’t the management engine on an Intel AMT PC consume power? In fact, yes, it does. But with Intel AMT version 2 .1 and beyond, the management engine itself can be put to sleep and will only wake up when management software attempts to connect to it.

Intel AMT management engine is a gigabit network card which can automatically drop to a lower speed when the PC is asleep. A PC that would use full gigabit speed when awake will switch to a much slower speed (10 mb/sec) when sleeping. This can result in power savings at both the PC and the network switch.

Powerful remote management

Intel AMT is already a great feature for power savings, but it really shines when it’s used as a remote management entity. One of the fundamental problems with remote PC management is that most management solutions are software running within the OS it’s trying to manage. This is a problem because, for example, a management agent that is trying to change drivers or firewall settings on a PC may, at the same time, cut its connection with the management software. In extreme cases, when the OS itself is unstable, the PC can no longer be remotely managed. Intel AMT solves this by being a separate entity that runs completely separately of any software or OS running on the PC.

With Intel AMT, network administrators are given a new set of tools that work all the time. These tools are: hardware inventory, event log and alerts, remote control, PC defense, agent watchdog, serial-over-LAN, and IDE Redirect. The combination of these tools provides for interesting possibilities for powerful remote management of small business PCs. Generally, small business owners don’t need to know the details of each of these because management software will integrate these in an easy to use management console. Most of the time, it’s simply a question of securely connecting to the PC and all of these are made available. Without going into details, here are the basic tools:

Hardware inventory. Allows management software to enumerate the hardware components within a PC: processor, memory, storage, expansion cards and more. This is useful to keep track of hardware assets within a business.

Event log and alerts. Management software can read a log of recent hardware events that occurred including failures, reboots, case intrusion, and more. Management software can also subscribe to be notified as soon as an event occurs.

Remote control. Allows a network administrator to turn on, turn off, and reboot a PC remotely. This can also be used to set boot options, such as the boot drive and more.

System defense. This feature allows an operator to monitor (using hardware counters) network traffic going to and from the managed PC and, if needed, throttle or drop unwanted packets on transmit, receive, or both.

Agent watchdog. Allows Intel AMT to monitor the presence of software running in the OS and advise the administrator if software is no longer running. This feature can also be used to activate System Defense network policies when conditions are met.

Serial-over-LAN. Generally used to allow administrators to access the BIOS screen of a PC remotely, it can also be used to access a PC agent or control basic OS operation.

IDE Redirect. Probably one of the most powerful features of Intel AMT, IDE Redirect allows an administrator to remotely “mount” a virtual CDROM drive and cause the PC to boot from it. This can be used to fix OS problems or restore a PC to a clean state. It all depends on what software the administrator chooses to boot.

Using these tools, in combination with existing management agents, can be a powerful combination indeed. For business with many remote offices, Intel AMT allows network administrators to monitor and, if needed, fix many of the most serious PC problems without having to go onsite.

Outsourcing network administration

Intel AMT provides new opportunities in the area of outsourced IT.

Small businesses that rely on an external company to provide IT services will benefit from Intel AMT, possibly without even knowing anything about the inner workings of it.

Remote IT shops get more control of PCs and can now solve problems that would have been impossible to solve remotely before. One example of an effective use of Intel AMT is to run manageability presence software inside a small business that uses a combination of software agents and Intel AMT to monitor PCs and report back any problems and securely allow authorized network administrators to go through the firewall and fix problems.

Conclusion

Small business owners have more tools now to keep PCs running better and with greater power efficiency than ever. Intel Active Management Technology (AMT) can help businesses lower the cost of keeping PCs running and create new opportunities for outsourced IT shops to manage and fix PCs, regardless of their state.

About the Author

A senior architect at Intel, Ylian Saint-Hilaire part of the Intel Digital Home group and is currently working on network manageability using Intel® Active Management Technology (AMT) as architect and lead for the Intel AMT Developer Tool Kit. Recognized as an innovator and public speaker, he was awarded two Intel Achievement Awards for outstanding work enabling the digital home. On this own time, Ylian is a pilot and enjoys flying around the Portland area and traveling to foreign countries.
Reportez-vous à notre Notice d'optimisation pour plus d'informations sur les choix et l'optimisation des performances dans les produits logiciels Intel.