Remote Access Policies

A Remote Access policy defines what can trigger a remote connection, which MPS is contacted, and how long the TLS tunnel is maintained. Policy parameters include:

   Type of Trigger:

   User Initiated Trigger — Also known as “Fast Call for Help”. A user can initiate an MPS connection in three different ways: from a host application; via an MEBx request (Ctrl+Alt+F1) or via the BIOS. When there is a defined “user-initiated” trigger, and initiation using an application is enabled, a local agent can initiate a remote access session by sending a command via the Intel ME interface (see User Initiation Host Interface Commands).

   Alert Trigger — Also known as “Remote Alerts”. Whenever an event occurs that sends an alert to a network address, the Intel AMT device initiates an MPS connection, if there is no connection currently active.

   Periodic Trigger — Also known as “Remote Scheduled Maintenance”. The Intel AMT device connects to an MPS periodically. The policy includes a time interval that determines when a new connection should be attempted.

   Trigger Type Priorities – When multiple policies have been defined and a tunnel is already active with an MPS and another trigger occurs, then, if the new trigger is of higher priority and requires a connection to a different MPS, then the current connection will be dropped and the device will connect to the other MPS. A user initiated trigger has the highest priority, while a periodic trigger has the lowest priority.

   Tunnel Lifetime — Defines how long the TLS tunnel should stay open, in seconds. Note that if there is a current MPS connection and a second, lower priority trigger occurs, and that trigger has a longer lifetime value than the initial, higher priority trigger, Intel AMT will maintain the higher priority connection but will use the longer, lower priority lifetime.

   Which MPS to connect to — When the trigger occurs Intel AMT attempts to connect to the MPS designated in the policy. A policy can point to two MPS definitions. Intel AMT attempts to connect to the first MPS. If the attempt fails after a maximum of 30 seconds, it tries to connect to the second MPS. The sequence is repeated four more times, with at least 30, 60 and 90 seconds, respectively, between subsequent retries. Another trigger is required for an additional connection attempt.

See Also:

   Add a Remote Access Policy

   Remove a Remote Access Policy

   User Initiation Host Interface Commands

 

Copyright © 2006-2022, Intel Corporation. All rights reserved.