Intel AMT Features > Agent Presence > Detailed Description

Detailed Description

ISVs produce a large number of products that run within the OS context and offer management services to Enterprise IT departments. Among the products being offered are asset tracking, application monitoring, system performance monitoring and provisioning, intrusion detection systems and local firewalls. These products are installed using an agent/console model where the agent executes on the local client and communicates with a management console application that runs on a machine located elsewhere in the network. Unfortunately it is not difficult for the local user to compromise the agent, either by killing the process or stopping the service.

The Agent Presence feature enables management console applications to configure Intel AMT devices to monitor for the presence of these agents running on the Intel AMT system platform.

The Agent Presence feature is implemented in the following way:

   Each agent is identified by a GUID (DeviceID) that is shared between the agent and the management console application.

   The management console creates an Agent Watchdog for the agent (using the DeviceID) in the Intel AMT device, including timers and instructions of what actions to perform in response to changes in the state of the agent.

   During initialization on the platform, the agent registers with the Intel AMT device specifying its DeviceID. Once registered, the agent periodically sends heartbeat signals to the Intel AMT device indicating it is still active.

   Upon registration, Intel AMT resets the associated agent watchdog timers. If the Intel AMT device does not receive a heartbeat signal from the agent, or the state of the agent changes, the defined Agent Watchdog actions are performed.

   A reboot action initiated by a watchdog can be identified using WebUI/PET or WS-Event:

   If you are using WebUI/PET, a reboot caused by an OS watchdog will trigger an Event Sensor Type 20 followed by an Event Sensor Type 23 (with Sensor Device set to 59); a reboot caused by an agent presence watchdog will trigger an Event Sensor Type 12 followed by an Event Sensor Type 23 (with Sensor Device set to 5B).

   If you are using WS-Event, a reboot caused by an OS watchdog will trigger a PLAT0322 event followed by a PLAT0370 event; a reboot caused by an agent presence watchdog will trigger an iAMT0005 event followed by a PLAT0370 event.

 

See Also:

   Agent States

   Agent Watchdog Timers and Actions

   Limitations on the Number of Actions and Agents

   System Defense in Agent Presence

   Examples of Using Agent Presence with System Defense

Copyright © 2006-2022, Intel Corporation. All rights reserved.