SDK Resources > System Health Validation (NAP) > Intel AMT and System Health Validation

Intel AMT and System Health Validation

When configured to do so, an Intel AMT device sends a message on request that contains information on its own configuration. The device can send the message either to the host or via a network interface.

The LMS, from Release 9.0, or the UNS, prior to Release 9.0, running on the host requests status from the Intel AMT device periodically so that it is available to the NAP agent on request. This is known as passive mode.

When the host processor on the platform is in an Sx sleep state, or the host operating system is not functional or fails 802.1x authentication, the Intel AMT device on the platform can respond to a request for health information directly, depending on its own network connectivity. This is known as active mode.

802.1x-authenticated connections from NAP clients to NAP servers use PEAP-TLV (Protected Extensible Authentication Protocol). Intel AMT responds to NAP access authentication requests with a NAP SoH.

Alternatively, a Cisco* Admission Control Server (ACS) can send the request in a hybrid installation that uses both Cisco’s NAC and Microsoft’s NAP. The ACS uses EAP-FAST in its 802.1x connections. The ACS serves as the intermediary that forwards SoH’s to an NPS running SHVs.

note-icon Note:

Beginning in Intel AMT Release 9.0 NAC is no longer supported.

Intel AMT also supports EAP over UDP (EAPoUDP). Certain Cisco devices send an 802.1x request encapsulated in a UDP packet addressed to port 21862. When Intel AMT is in active mode, it listens on this port and responds to these requests with a UDP packet. The Cisco device must be specially configured to generate such requests. Intel AMT configuration for EAPoUDP is the same as configuring for standard 802.1x and EAC.

See the white paper at the following link for a discussion of NAC-NAP interoperability:

Copyright © 2006-2022, Intel Corporation. All rights reserved.