Stand-Alone Proxy Application

This application uses the KVM proxy library to establish a connection to Intel AMT and set up the KVM redirection flow. Any existing viewer that uses a supported version of the RFB protocol can establish a connection via the standalone application.

note-icon Note:

The following procedure also applies to the Linux sample.

When a user activates the application by running the executable, the following pop-up appears:

Set the port that the proxy should listen to for KVM requests. If the connection with Intel AMT platforms uses TLS, click the Certificates button and add the path to a root certificate that will validate the Intel AMT server certificate. If Mutual authentication is also required, add the path to a client certificate and, if necessary, a certificate password. See Secure Session Support. Click on Start. The proxy application now waits for connection requests.

If the user selects Choose Automatic Available Port, the pop-up changes, as shown below.

The KVM library returns a randomly selected port and displays it in the newly opened field. Provide certificates as required and click on Start.

If the Intel AMT device is configured for TLS, do the following:

Click Certificates, the Certificate Settings window opens.

The TLS certificates can be loaded from either files or from the Microsoft® Certificates store.

Load certificates from files:

a.   Choose Load certificates from files.

b.   Enter a path to the trusted root certificate that corresponds to the Intel AMT server certificate.

c.    If the Intel AMT device is configured for mutual authentication, enter the path to a remote client certificate and.  If the certificate is password-protected, supply the certificate password. See Secure Session Support.

d.   Click OK. The TLS Settings window closes.

Load certificates from store:

a.   Choose Load certificates from store.

b.   Install the trusted root certificates that corresponds to the Intel AMT server certificate in the Certificates Store ->”Trusted Root Certification Authorities” store.

c.    If the Intel AMT device is configured for mutual authentication, install the remote client certificate in the Certificates Store -> “Personal” store and checked the “Use Mutual Authentication” check box.

d.   If you the KVM library to choose itself the appropriate client certificate from the Personal store, click OK and the TLS Settings window closes.

e.   If you want to choose yourself the appropriate client certificates, enter the Subject: CN property of the desired client certificate and then the KVM library will choose the first appropriate certificate matches this Subject: CN.

f.    Click OK.  The Certificate Settings window closes.

 

Open a viewer. The VNC viewer shown here is a typical example, but it could be a third-party viewer that implements the RFB protocol.

Enter the proxy application address and the port selected above. The assumption is that it runs on the same platform as the viewer, so enter, for example 127.0.0.1:<port number>, where the port number is either the user-selected port or the randomly selected port. The proxy application will display the following panel separate from the viewer:

Enter the parameters required to define the Intel AMT connection:

   The Intel AMT host FQDN or IP address (an FQDN is required for TLS connections)

   From the Authentication Type section, select one of the following:

   Windows Authentication – Intel AMT will authenticate using Kerberos/Active Directory, based on the current user’s permissions.

   Digest Authentication – Intel AMT will authenticate using a user defined in the Access Control List of the Intel AMT device (enter the credentials of the user).

   If the Intel AMT device is configured for TLS, select Use secure connection TLS.

   If the connection will be via an intermediate vPro enabled gateway (Management Presence Server, or MPS), select Connect via CIRA and provide the proxy parameters.

The application now establishes a connection with Intel AMT.

Copyright © 2006-2013, Intel Corporation. All rights reserved.