SDK Resources > KVM Application Developers Guide > Managing the KVM Feature

Managing the KVM Feature

Three CIM objects are used to manage KVM:

   CIM_RedirectionService

   CIM_KVMRedirectionSAP

   IPS_KVMRedirectionSettingData

The CIM_RedirectionService provides general information about the KVM service.

CIM_KVMRedirectionSAP is used to determine if KVM is enabled or disabled on both the local and remote interfaces.

The CIM_KVMRedirectionSAP.RequestStateChange method is used to enable or disable KVM.

The properties of the IPS_KVMRedirectionSettingData object determine the KVM behavior of the server. IPS_KVMRedirectionSettingData.Put sets the configuration parameters. IPS_KVMRedirectionSettingData.Get returns the current settings.

The method IPS_KVMRedirectionSettingData.TerminateSession terminates a KVM session. Only a local application can invoke this method.

The user changing the KVM settings on an Intel AMT platform must have ADMIN_SECURITY_SOLIDER_REALM permissions, except for the OptInPolicy and OptInPolicyTimeout fields, which can be changed only by an operator with ADMIN_SECURITY_ADMINISTRATION_REALM permissions. The following table lists the KVM settings defined in IPS_KVMRedirectionSettingData:

Setting

Description

EnabledByMEBx

KVM is enabled in the MEBx – true or false.

Is5900PortEnabled

Port 5900 supports standard RealVNC viewers without Intel AMT authentication; 16994 is the Intel AMT redirection TCP/IP port that authenticates users against the Intel AMT ACL; and 16995 is the Intel AMT redirection port that also supports TLS.

If this value is true, then the 5900 port is open.

This value can be set to true only if there is a defined RFBPassword.

OptInPolicy

If true, the user must provide a one-time password to the console operator.

OptInPolicyTimeout

Time in seconds that the KVM server will wait for opt-in to complete. The recommended value is 5 minutes (300 seconds).

SessionTimeout

Number of seconds of inactivity that will force a session to close. A value of zero indicates that there is no timeout.

The maximum timeout value is 255 minutes.

RFBPassword

Password used for native RFB authentication. This value is not returned when using the Get method. A password is required if port 5900 is enabled. It must be a strong password – exactly eight characters long, containing a capital letter, a lower case letter, a digit, and at least one 7-bit ASCII non alpha-numeric character above 32, (e.g. '!', '$', ';'). Note that “_” is considered alphanumeric. The password cannot contain the characters '"', ',', and ':'.

DefaultScreen

Default screen to display. The value is 0 or 1, identifying at the level of the graphics interface which of two monitors will be the video source. If only one screen is active, that screen will be displayed independent of this parameter. Note that this parameter is not tied to Default Screen/Extended Screen definitions controlled by an operating system running on the host processor, as either of these options can be screen 0 or 1.

Starting with Release 8.0, Intel AMT supports up to three screens, so the value can be 0, 1, or 2.

 

 Note:

If there is an active redirection session (SOL, Storage Redirection, or KVM), then a power cycle reset or a power off command will be rejected as invalid. See Intel AMT Power State Transitions

   If the Intel AMT platform is currently displaying the MEBx, it is not possible to open a KVM session.

   If there is an active KVM session, restarting the platform will not display the <CTRL>P prompt and it is not possible to enter the MEBx.

   Turning off a monitor during a KVM session may disconnect the KVM session.

 

See Also:

   Description of KVM Use Cases

Copyright © 2006-2022, Intel Corporation. All rights reserved.