Intel® Active Management Technology FAQ

by Thomas W. Burger

Overview

Intel® Active Management Technology is a set of platform architectural enhancements, including the hardware and firmware infrastructure that provides persistent, nonvolatile memory to store hardware & software.

What is Intel® Active Management Technology? Intel® Active Management Technology (Intel® AMT) is a set of platform architectural enhancements. It is the hardware and firmware infrastructure that provides persistent, nonvolatile memory to store hardware & software information and a unique machine ID. This memory can be remotely accessed even when the machine is turned off, the OS is ‘locked’ or the machine is broken.

Third-party IT-management tools work through the uniform network-connected application programming interface (API) provided by Intel® AMT. These tools manage networked assets more effectively by eliminating much of the need to physically locate and administer computer assets.

Is Intel Active Management Technology a product?

No, it is an industry standard. Intel AMT is a business and technology initiative to deliver consistent management capabilities, protocols and interfaces across all Intel® platforms.

Intel is working closely with other industry leaders to advance the platform-manageability ecosystem to support common management capabilities and product interoperability across platforms. Intel participates in a wide variety of industry-standards and specifications groups to ensure standards and support for this effort.

What does Intel Active Management Technology work with?

Intel AMT works with other Intel® platform technologies including Intel® Virtualization Technology and LaGrande security technology, and the Extensible Firmware Interface (EFI) for pre-boot operations.

Intel Virtualization Technology enables an IT technician to partition a portion of a PC for maintenance and software upgrade operations that are transparent to the user. When combined with Intel AMT, these operations can be performed on a system that is turned off or has defective hard disk.

LaGrande and Intel AMT complement each other to provide a secure environment. LaGrande improves platform security, while Intel AMT ensures a tamper-resistant management environment that runs alongside other complementary system capabilities.

EFI and Intel AMT together provide IT support access to systems before they boot up, and a rich execution environment for pre-boot management and security operations.

What operating systems are supported?

Intel AMT extensions are designed to make system management independent of the operating system. All operating systems are supported because Intel AMT is a platform, not a software agent.

Why is Intel Active Management Technology needed?

A major barrier to greater IT efficiency is the lack of a common infrastructure for networked platform management. Intel is developing cross-platform manageability capabilities on all Intel® processor-based platforms.

The Intel® Cross-Platform Manageability Program (Intel® CPMP) extends to all platforms the Digi tal Office "Embedded IT" vision for delivering management and security features across enterprise platforms.

The first realization of Intel CPMP is Intel AMT.

Why was Intel Active Management Technology developed?

Extensive Intel surveys of numerous IT shops-including the Intel IT organization-laid the groundwork for defining Intel AMT. Three of the top IT needs revealed by these surveys are:

  1. Better asset management
  2. Reduced downtime
  3. Minimized desk-side visits

 


How does Intel Active Management Technology work?

The only requirement is that the Intel AMT equipped machine be plugged into the network and a power supply. The machine does not have to be switched on or in a fully operational state.

Out of Band, or OOB, operation allows remote management of platforms to perform system management using remote consoles (such as a Web browser) to communicate with the machines over the network.

The OOB method does not need local software agents running on the target machine making operations independent of the operating systems involved or the state of the machine.

Is Intel Active Management Technology safe?

To ensure that only authorized users have access to critical features, and to protect against network attacks and technology misuse, Intel AMT employs robust access control and privacy mechanisms.

Intel AMT, being a hardware and firmware based solution utilizing persistent non-volatile storage, is resistant to tampering or accidental data loss.

What are the benefits of Intel Active Management Technology?

Intel AMT removes a major barrier to greater IT efficiency – the lack of a platform independent network control and communication standard.

Now, corporate IT departments can have Intel AMT platform architectural enhancements, resulting in supporting the remote discover, heal and protect process.

Benefits include potentially large savings in asset management and client computer support as well as additional savings in annual maintenance contracts from more accurate asset management reporting.

What can Intel Active Management Technology do?

Discover: Intel Active Management Technology stores a unique identification and machine state information that can be accessed even while PCs are powered off.

Heal: Intel Active Management Technology provides out-of-band management capabilities to allow IT to remotely heal systems after OS failures. Automatic alerting & event logging help IT departments to detect problems quickly reducing downtime.

Protect: Intel Active Management Technology protects networks by making it easier to keep software and virus protection consistent and up-to-date across the enterprise. Third party software can store version numbers or policy data in non-volatile memory for off-hours retrieval or updates.

What are the practical applications of Intel Active Management Technology?

  • Remotely Discover Computing Assets in Any State
  • Remotely Heal Computing Assets
  • Remotely Protect Computing Assets
  • Manage clients regardless of the system state
  • Retrieve significant diagnostic and inventory information, regardless of the system state
  • Remotely control, remote (pre)diagnosis, and remote problem resolution that increases the efficiency of technical staff.

 


Asset Inventory Management and Improved ERM

Intel Active Management Technology allows greater visibility of networked systems, improving accounting and planning for software licensing, maintenance contract administration, taxation, resourcing, and other operational functions.

Platform Independent Inventory of Hardware and Software

Intel AMT enables quick enterprise system inventories with its ability to query information related to platforms, hardware and software that are in use on various systems independent of those platforms. The Intel AMT architecture also makes the operating state of inventoried machines irrelevant: they can be up and running, or the OS can be inoperable, yet this data can still be retrieved.

Remote hardware and software tracking eliminates time-consuming manual inventory tracking and human error, reducing asset accounting costs and increasing tracking accuracy.

Tamper resistant agents prevent users from removing critical inventory, or altering the system by removing remote-control or disabling virus-protection agents. This ensures that security standards are always up to date.

Polling – Reporting - Accuracy

An Intel Active Management Technology-based ISV application running on the IT console polls Intel AMT platforms on the network and these platforms report their inventory. A complete and accurate asset inventory is always possible because the asset information is tamper resistant, cannot be removed either intentionally or inadvertently and survives OS rebuilds.

This allows more efficient control and use of network platforms and reduces the number of unidentifiable platforms on the network/intranet.


Remote Troubleshooting

Intel AMT can report on basic problems and faults. This ability saves time and cost for service technicians who would otherwise have to inspect machines in person and diagnose problems themselves. Only swapping out a faulty component requires actual human intervention. Intel AMT can also be used to provide early warning of pending failures.

Using Intel AMT, a remote access application can remotely discover, heal and protect networked computing assets, no matter what the system state is. Even with a crashed hard drive or a defective operating system, IT technicians can still access the platform for remote asset, inventory, and software management, or remote diagnose and recover the afflicted system.

Broken Equipment Can Be Fixed Remotely

Information for system updates or documenting repairs can be lost when a hard drive fails or was replaced.

Intel AMT allows network management utilities to be designed that will be able to identify the machine, not only while a hard drive is inoperable but a lso after the drive is replaced, and then automatically restore the appropriate image. This includes the device personality, system settings, group policies, security settings, and previously delivered updates and applications.

Intel AMT solves the issue of remote management of systems that are physically isolated from IT support staff without sacrificing the number of operations that can be performed.

Remote Setup and Repair

Intel AMT lets system administrators remotely set up new computers, download software updates, perform asset inventories and find and fix many problems even when target systems are turned off, the operating system has locked up or the hard drive has failed. This allows enterprises to save time and cost of technical support of computers without employing a costly proprietary management system.

When the OS become inoperable, in the traditional IT environment, the end user calls the IT department to report the problem. An IT technician is then sent to assess and fix the problem, hopefully in a single desk-side visit or two.

On platforms using Intel AMT, the OS crash can be quickly and efficiently resolved-possibly even averted-without any desk-side visits.

Remote booting

A console operator can take control of the crashed platform by remotely booting it to an IT diagnostic platform. The Intel AMT console operator uses existing management software to assess and fix the inoperable OS.

This could include reinstallation of the IT-approved OS and patches from the IT management platform, eliminating the requirement of a desk-side visit.


Security and Software Management

Intel AMT can handle patch management, installing new drivers, updates, current status and the ability to proactively determine and establish end-point (version and configuration) compliancy of the computer.

Intel AMT makes it far easier for enterprises to establish proactive security, and deal more effectively with worms and viruses.

This is because Intel AMT enables planning for future threats and helps to keep firewalls and anti-virus solutions completely up-to-date.

Proactive alerting

The proactive alerting feature of this new technology uses OOB communication. OOB does not need to be handled by the OS. As a result, an inoperable OS does not stop an alert from being sent to the IT management system. Proactive alerting automatically senses platform health and reports deficiencies, such as an inoperable OS, to the IT management console.

The IT management console receives the OS proactive alert, and the console operator knows what has happened to which platform, precluding the need for a technician desk-side visit.


When is Intel Active Management Technology available?

Intel Active Management Technology will be first available on the forthcoming "Lyndon" desktop platform in 2005 and "Bensley" server platform in 2006.

Beginning in 2006, Intel AMT will use Web Services Management (WSM). WSM is a Web services protocol specification that helps address the cost and complexity of IT management by providing a common way for networked systems to access and exchange management information.

The functionality supported by WSM makes it a valuable foundation for the next generation of management applications. WSM is designed to take advantage of the security, reliability and transactional features of WS-*, the Web services architecture.

Who supports Intel Active Management Technology?

Software developing to support Intel AMT continues to grow with management and security products planned by many major software developers.

These include: Altiris Inc, BMC Software, Check Point Software Technologies, Computer Associates, LANDesk Software, Novell, Symantec, StarSoftComm and Trend.


ISV Software Support

Symantec LiveUpdate* Administrator for Intel AMT 1.0 will offer administrators the ability to proactively determine and establish end-point compliancy using Intel AMT to access and monitor distributed systems regardless of the state of their operating systems.

Computer Associates Unicenter* takes advantage of Intel AMT to provide customers with the ability to discover, heal and protect IT devices even when they have an inoperable operating system, are powered down or may be otherwise disabled.

Technical staff can now perform tasks that were previously impossible. In response to outages, hardware could be reconfigured and the BIOS of hundreds or thousands of machines distributed across multiple locations could be upgraded and their OS rebooted off-hours by a single technician without disrupting users' workdays.

LANDesk Software has integrated LANDesk* management solutions with Intel AMT will enable greater security, troubleshooting and system management for Intel® processor-based desktops and laptops, regardless of whether the machine is turned on or even has an operating system installed.

Altiris IT lifecycle management solutions* announced plans to support Intel AMT to provide hardware-based discovery, control and asset management despite the health of the computing device.

Intel has provided BMC Software with interfaces to Intel AMT as well as use of a tamper-resistant storage space on the Intel AMT platform.

By utilizing these capabilities, BMC Software will provide enhanced asset and software management capabilities that will enable administrators to remotely track, repair, and deploy critical patch and software updates to systems even if they are powered off or suffering from a system failure.

Check Point Integrity* using Intel AMT-enabled systems now gives IT managers enhanced capabilities to immediately protect machines even when systems are powered down.

Novell ZENworks* provides the ability to store information and image identification on the device hard drive, allowing administrators to centrally manage when a machine should be re-imaged.

Intel AMT enhances ZENworks by storing that information on the processor, allowing image management with network devices even when the hard drive is replaced.

Intel AMT enhanced the StarSoftComm product StarNet *. StarNet’s abilities include:

  • Remotely verification new PC inventories
  • Round the clock IT assets monitoring, including PC chassis tempering alert
  • Off-hour, non-intrusive PC maintenance regardless of PC power on/off state
  • Diagnostic & recovery with clean boot from remote PC even under OS malfunction

 


Additional Resources

 


Pour de plus amples informations sur les optimisations de compilation, consultez notre Avertissement concernant les optimisations.