When we want to access all iAMT features, we must connect ME and send commands from another computer via a network cable. Although some iAMT features can be accessed from HOST OS directly, some very useful features like: System Defense, Agent Presence, IDER, Storage/Network/Security Administration are not able to. Suppose below scenario: when you have a computer that supports iAMT at home, and your computer connects to Internet via an ADSL router or Wireless AP Router, is it possible for you to access all your computer’s iAMT features and utilize them to increase your computer security?
Maybe you think the answer is no, but after you go through my experience, you will know it is possible. The main procedure is described as below: Configure iAMT and host OS with IPs in different subnet, and set its gateway to router LAN IP; Then add a new entry in route table of router; When applications in host OS wants to connect with iAMT IP, it sends network pack to its default gateway (the router), then router routes those network traffic to iAMT ME; The result returned from iAMT ME will be sent to router first, then be routed to host OS. In fact, network traffic between host OS and router, and between iAMT ME and router are transferred through same network cable. And with the router, network traffic that can not be transferred from host OS to iAMT ME directly is able to be exchanged between host OS and iAMT ME. Below diagram shows network configuration.
In the above diagram scenario, the iAMT client host OS is configured with IP 192.168.2.10 and its default gateway is set to 192.168.1.1, which is the LAN IP of the router. Because the gateway IP and the host OS IP aren’t within the same subnet, so we need set static IP here. As we know, when host IP is set statically, iAMT IP must set statically too. Here we set the iAMT IP to 192.168.1.10, and its default gateway is also se to LAN IP of router, 192.168.1.1.
By default, router can forward network traffic from host OS to iAMT ME, because the default route entries in its route table has told it how to. But for network traffic from iAMT ME to host OS via router, the router will route it to its default gateway, not to host OS. In order to make router can forward network traffic from iAMT ME to host OS, we need add below entry into route table of router.
Gateway: 0.0.0.0 (192.168.1.1 if router runs Windows)
If the LAN interface of router supports multi static IPs, you just need set another IP (188.8.131.52) for that interface, and the above manual added route entry will be added automatically. And the host OS gateway can be set to 192.168.2.1.
Now, application runs on host OS can access all iAMT features below OS. You can test it by opening an IE window, input the URL: http://192.168.1.10:16992, and press Enter button, then you’ll see the iAMT WEBUI logon window which I think you have been familiar with for long time.
In my testing environment, I have tested by using a LinkSys wireless AP and a PC running Windows 2003 Server as the router, both of them work well.