This document contains definitions and brief explanations of terms associated to Intel® AMT Technology. References are provided for detailed information for most of the terms. This will be useful for users who are new to Intel® AMT Technology and also for existing users to understand the latest in this technology. This document will be updated with the launch of new AMT platforms.
(Third-party Data Storage)
A dedicated area within Flash that enables applications using Intel® AMT to store information as needed in non-volatile memory.
For more information, see
The 802.1X standard is designed to enhance the security of wireless local area networks (WLANs) that follow the IEEE 802.11 standard. 802.1X provides an authentication framework for wireless LANs, allowing a user to be authenticated by a central authority.
For more information, see http://en.wikipedia.org/wiki/802.1x
(Access Control List)
The Intel AMT ACL manages access to API commands. An ACL entry identifies a user ID and a list of authorized API command realms (a grouping of related API commands).
For more information, see Intel® Active Management Technology Overview
An application that runs on a client PC with OS running. The application software has built-in local calls to Agent Presence commands.
Alerting technologies provide advance warning and system failure indication from managed clients to remote management consoles. Once a system alert provides its warning or error report, the next step in remote system manageability is to allow corrective action to be taken - these actions include the ability to remotely reset or po wer-on or -off the client system.
(Intel® AMT Port Forwarding)
Intel® AMT port forwarding (APF) protocol provides TCP and UDP connection multiplexing over a single reliable transport session, typically a TLS session or a reliable HW bus interface [HECI]. This mechanism is useful to enable client/server communication, whereby the 2 peers are located on different intranets. The protocol assumes that any aspects of confidentiality and server authentication are handled by the underlying protocol.
(Application Programming Interface)
A language and message format used by an application program to communicate with the operating system or some other control program such as a database management system (DBMS) or communications protocol.
See also "SOAP"
(Alert Standard Format)
The Alert Standard Format (ASF) specification provides alerting functionality in remote system manageability even when the client is in an OS-absent state. After a change to the system’s hardware configuration, e.g. adding or removing a card, at least one good boot to the system’s OS-present environment is required for the ASF subsystem to properly operate. The protocol for sending alerts from a managed client to a management console is the Platform Event Trap [PET].
For more information, see http://www.dmtf.org/standards/asf/
See “PET” below
The Audit Log is an Intel® AMT 4.0/5.0 feature that enables Auditors to audit actions initiated by the administrators and other users on the system.
Authentication is any process by which you verify that someone is who they claim they are. This usually involves a username and a password, but can include any other method of demonstrating identity, such as a smart card, retina scan, voice recognition, or fingerprints.
For more information, see http://en.wikipedia.org/wiki/Authentication
A certificate authority (CA) is an au thority in a network that issues and manages security credentials and public keys for message encryption. CA acts like a trusted third party. CAs are issued by institutions, governments, commercial agents etc.
For more information, see http://en.wikipedia.org/wiki/Certificate_authority
(Desktop and Mobile Architecture for System Hardware)
The DMTF’s Desktop and mobile Architecture for System Hardware (DASH) Initiative is a suite of specifications that takes full advantage of the DMTF’s Web Services for Management (WS-Management) specification – delivering standards-based Web services management for desktop and mobile client systems.
For more information, see http://www.dmtf.org/standards/mgmt/dash/
(Developer Tool Kit)
See "Intel® AMT DTK"
The Enterprise provisioning is used in large enterprises where there are many systems to manage and where security is a big concern. An Intel AMT platform in Enterprise Mode is capable of using secure communications via Transport Layer Security (TLS) communication protocols. In Enterprise environments, the setup and configuration must be done over the network interface.
Environment Detection is a function of Intel AMT that must be enabled and then defined by the IT administrator to allow certain manageability capabilities depending on the user's location and the power situation of the mobile platform. This is available in Intel AMT 2.5 (Centrino Pro) platforms.
Intel AMT comes from the factory in Factory Mode. In this mode, Intel AMT is not configured and not available for use by management applications. When an operator enters information via the Intel AMT BIOS extension manually or with the aid of a USB storage device, Intel AMT makes the transition into setup mode
See “Setup Mode”
Fast Call for Help
Fast Call for Help is an Intel® AMT 4.0/5.0 feature that allows an AMT client to initiate secure, Out Of Band (OOB) communication to the Management Console. By configuring the Intel AMT platform to be able to initiate a connection to an intermediate server running in the enterprise DMZ, the platform can be managed remotely when it is connected to the Internet anywhere in the world.
Firmware is a computer program that is embedded in a hardware device, for example a microcontroller. It can also be provided on flash ROMs or as a binary image file that can be uploaded onto existing hardware by a user.
(Firmware Signing Key)
A public/private pair generated and stored confidentially by Intel. Intel AMT ROM includes a SHA-1 Hash of the public key, and each production firmware image is digitally signed by Intel with the private FWSK. The public FWSK and the digital signature are appended to the firmware image manifest. At runtime, a secure boot sequence verifies the public FWSK on Flash, and if successful, the system continues to boot from Flash code.
For more information, see
(Globally Unique Identifier)
A Globally Unique Identifier or GUID is a special type of identifier used in software applications in order to provide a reference number which is unique in any context. The term GUID usually refers to Microsoft's implementation of the Universally Unique Identifier (UUID) standard.
See also “UUID”
(Host Embedded Controller Interface)
Host Embedded Controller Interface (HECI) driver is a software interface that is used to communicate to the AMT subsystem (Management Engine) to access AMT capabilities. Communication between the local host operating system (OS) and the ME is accomplished by means of the HECI driver. HECI is bi-directional, as either the host OS or Intel AMT firmware can initiate transactions.
Host or Host CPU
The processor that is running the operating system. This is separate from the Intel AMT device.
See "So L/IDER"
Intel® AMT DTK
(Intel® Active Management Technology Developer Tool Kit)
Intel® AMT Developer Tool Kit (DTK) is a set of tools to help designers, developers and testers understand the benefits of Intel AMT and assist in the development and testing of Intel AMT applications.
For more information, see Intel AMT DTK
Intel AMT flash
Allows BIOS to store/update hardware list in dedicated flash memory; technicians remotely access this list to identify what hardware make/model to bring to the platform
Intel® AMT MEI
(Intel® Active Management Technology Management Engine Interface)
The Intel AMT MEI handles communication between the host OS and the Intel AMT ME. The Intel AMT MEI is bi-directional, and either the host or Intel AMT firmware can initiate transactions. In addition, transactions can be completed asynchronously by the Intel AMT ME and then synchronized later.
(Intel® Active Management Technology)
Intel AMT is a set of hardware-resident capabilities that enable management software to remotely discover, heal, and protect computing assets in any operational state, including when machines are powered down or the operating system has failed.
For more information, visit Manageability Developer Community
Intel® AMT LMS
(Intel Active Management Technology Local Manageability Service)
The Intel® AMT LMS executes within supported OS’ running on Intel AMT-enabled platforms. The Intel AMT LMS listens for communications to/from the local Intel AMT ME. The Intel AMT LMS works in conjunction with the MEI.
For more information, see Intel® Active Management Technology Overview
Intel® AMT RDK
(Intel® Active Management Technology Reference Design Kit)
The RDK includes a utility application for exploring Intel AMT features, a set of building blocks for implementing ready-made code to support Intel AMT, and full source code for those building blocks.
For more information, see Intel AMT RDK
Intel AMT Setup and configuration
Setup and Configuration is the process that populates an Intel AMT-managed platform with the usernames, passwords, and network parameters that enable the platform to be administered remotely.
Intel® AMT SCA
(Intel® Active Management Technology Setup and Configuration Application)
The Setup and Configuration Application (SCA) is a computer program used to deliver operational settings to the Intel AMT devices over the network. The SCA completes the setup and configuration process by supplying the Intel AMT device with customized parameters.
Intel® AMT SCS
(Intel® Active Management Technology Setup and Configuration Service)
The Intel® AMT SCS provides a Windows* service, SOAP API, and sample configuration console that allows software vendors to add the capability to their products to add Intel AMT devices to an enterprise.
For more information, see Intel AMT SCS
Intel® AMT SDK
(Intel® Active Management Technology Software Development Kit)
The Intel® AMT SDK provides application-programming interface documentation, libraries, and sample code useful for application programmers in integrating support for Intel AMT-enabled platforms into their manageability application(s).
For more information, see Intel AMT SDK
Intel® AMT ME
(Intel® Active Management Technology Management Engine)
The Intel AMT ME resides in firmware within the micro-controller in computer systems containing specific Intel motherboard chipsets. The function of the Intel AMT ME is to expose manageability capabilities to manageability application software. It operates independently of the CPU state providing functionality even if the computer system is powered down.
(Intel® Trusted Execution Technology)
Intel® Trusted Execution Technology is a set of hardware extensions to some of Intel's microprocessors and respective chipsets to prevent against some types of software-based attacks. TXT provides for measurement and verification of any software and assists in the ability to create measured virtual guest partitions.
(Intel® Virtualization Technology)
Intel® Virtualization technology consists of technology components that support virtualization of platforms based on Intel processors, thereby enabling the running of multiple operating systems and applications in independent partitions. Each partition behaves like a virtual machine (VM) and provides isolation and protection across partitions.
For more information, visit Intel Virtualization Technology
(Intelligent Platform Management Interface)
The Intelligent Platform Management Interface (IPMI) specification defines a set of common interfaces to computer hardware and firmware which system administrators can use to monitor system health and manage the system. IPMI operates independently of the operating system (OS) and allows administrators to manage a system remotely even in the absence of the OS or the system management software, or even if the monitored system is not powered on.
For more information, see http://en.wikipedia.org/wiki/Intelligent_Platform_Management_Interface
Centralized software that communicates with Intel AMT. It is used to manage multiple PCs.
(Management Presence Server)
A Management Presence Server (MPS) enables enterprise management consoles located behind the enterprise firewall to connect to Intel AMT platforms located outside the enterprise. The MPS mediates between the Intel AMT platform and Intel AMT management console, using a tunneling protocol to secure the communications with the Intel AMT platform. The MPS appears as a proxy server to management consoles.
(Network Access Control)
Network Access Control (NAC) is a computer networking concept and set of protocols used to explain how to secure the network nodes prior to the nodes accessing the network. NAC controls access to a network with policies, including pre-admission endpoint security policy checks and post-admission controls over where users and devices can go on a network and what they can do.
For more information, see http://en.wikipedia.org/wiki/Network_Access_Control
Non-Volatile Memory - A memory that will not have its content erased even if there is no power applied to it. Intel AMT uses a FLASH device for NVM.
One-Touch Configuration automates the process of setting up and configuring business PCs for use with Intel AMT. In this configuration, the PID/PPS keys generated by the configuration server can be exported to the Intel AMT device via a USB thumb drive. It is the most secure option provided by Intel to set up systems to be managed via Intel AMT. This enables IT organizations to save on deployment costs also.
For more information, see One Touch Configuration Use Case
OOB communication refers to the ability of Intel AMT to access manageability information from remote systems independently of those systems' power state and viability of the operating system. Platform is diagnosed and/or repaired in a crashed state via OOB access to Intel AMT, SoL/IDE-R, and third-party diagnostics
Intel AMT enters Operational Mode once its configuration settings have been supplied and committed. At this point Intel AMT is ready to interact with management applications.
(Platform Event Trap)
A platform event is defined as an event that is originated directly from platform firmware (BIOS) or platform hardware (ASIC, chip set, or microcontroller) independently of the state of the operating system or system management hardware. The Platform Event Trap (PET) format is used for sending a platform event. PET events are generated by systems with Alert Standard Format (ASF) or an IPMI baseboard management controller. The PET events provide advance warning of possible system failures.
For more information, see http://en.wikipedia.org/wiki/Intelligent_Platform_Management_Interface
See also “ASF” and “IPMI”
(Provisioning ID/Provisioning Passphrase)
The Provisioning ID (PID) and the Provisioning Pre-Shared Key (PPS) settings are required for establishing secure communication during the Setup and Configuration of Intel AMT Release 2.0/2.1 platforms. PID/PPS pair is generated by Setup and Configuration Server for each AMT system during Enterprise Provisioning. PID is 8 characters and PPS is 32 characters.
(Public Key Infrastructure)
Public Key Infrastructure (PKI) is an arrangement that binds public keys with respective user identities by means of a certificate authority (CA). The user identity must be unique for each CA. The binding is established through the registration and issuance process, which may be carried out by software at a CA, or under human supervision.
For more information, see http://en.wikipedia.org/wiki/Public_key_infrastructure
See also “CA”
The process of enabling an Intel AMT device is called provisioning. There are two modes of provisioning – Small Business mode and Enterprise mode
See “SMB” and “Enterprise Mode”
A Pre-Shared Key (PSK) is a shared secret which was previously shared between the two parties using some secure channel before it needs to be used. The characteristics of this secret or key are determined by the system which uses it.
For more information, see http://en.wikipedia.org/wiki/Pre-shared_key
(Preboot eXecution Environment)
The Preboot eXecution Environment (PXE) is an environment to boot computers using a network interface independently of available data storage devices or instal led operating systems. PXE remote boot is done in BIOS and initiated by the client whereas IDE Redirect (IDE-R) is an Intel AMT technology initiated by the management console and is more secure than PXE.
For more information, see http://en.wikipedia.org/wiki/Preboot_Execution_Environment
See also “IDE-R”
Remote Configuration (previously known as Zero touch configuration) refers to the capability to enable Intel® Active Management Technology in clients by setting up and configuring the systems using a remote secure mechanism. Remote configuration minimizes the cost to deploy Intel AMT by removing the requirement of sending IT personnel to initiate Intel AMT setup on each client
For more information, see Remote Configuration for Intel® AMT
(Remote Configuration Tool)
The Remote Configuration Tool (RCT) is a client-based tool that captures platform information and sends it directly to the SCS.
(Reference Design Kit)
See "Intel® AMT RDK"
Remote field-replaceable unit (FRU) inventory
FRU inventory list in firmware is used to identify the platform's FRU makes and models
Remote Management Application
An application running on a Management Console that sends commands and configurations to an Intel AMT device via the OOB interface.
See also “OOB”
Remote troubleshooting and recovery
Third-party management application's capabilities are used remotely, down-the-wire to remotely diagnose the crashed platform
(Setup and Configuration Service)
See "Intel® AMT SCS"
(Software Development Kit)
See "Intel® AMT SDK"
When an Intel AMT device enters Setup Mode, it waits for delivery of its configuration settings from an SCS. After it enters setup mode, the Intel AMT device periodically sends messages to the SCS. When the SCS receives messages from the Intel AMT device, it responds by delivering the configuration settings and placing the device in Operational Mode.
See “SCS” and “Operational Mode”
(Small Business Mode)
The Small Business mode is designed to allow smaller businesses to access the features of an enabled Intel AMT device without depending on a third-party or Independent Software Vendor (ISV)-supplied management console (MC) application. This mode uses no network infrastructure services. All that is required to configure and deploy an Intel AMT platform in this mode is BIOS support for Intel AMT in the form of the BIOS Extensions Intel AMT configuration screen.
(Simple Object Access Protocol)
A message-based protocol based on XML for accessing services on the Web. SOAP employs XML syntax to send text commands across the Internet using HTTP. Intel AMT exposes and SOAP-based API to communicate with manageability software applications. The SDK provides Web Service Description Language (WSDL) required to develop software applications to communicate with the Intel AMT ME.
See also "API", Intel AMT" and "WSDL"
For more information, see http://en.wikipedia.org/wiki/SOAP
SoL and IDER are proprietary protocols defined for Intel AMT. These feature are implemented via a proprietary library and APIs.
Using the library and APIs, a management application can send console text to and from a manageability application running on a remote (different from the Intel AMT system) system. This is referred to as the SoL (Serial over LAN) capability.
Also using the library and APIs, a manageability application can redirect the Intel AMT ME to read from or write to a remote floppy disk or CD not on the Intel AMT system. This is referred to as the IDER (IDE Redirection) capability.
Spoofing is a term used for a host trying to falsify its identity by sending IP packets with a source IP address different from its assigned IP address.
For more information, see http://en.wikipedia.org/wiki/Spoofing_attack
System Defense Heuristics
System Defense Heuristics is a mechanism for measuring, analyzing and reacting to network traffic to detect and impede the proliferation of worms. This uses protocol/port specific statistics and programmable specific events and alerts based up on thresholds.
Allows for access to the platform and its inventory information, with little risk of agent tampering by a user
(Transport Layer Security)
A protocol that uses public-key data encryption to secure communications and digital certificates to authenticate the user as well as the network. Network security in Intel® AMT platforms is accomplished by means of TLS.
(Trusted Execution Technology)
See Intel® TXT
(Unique User ID)
A numeric value that is used by Intel AMT to identify devices. A UUID is used to associate each specific device with its profile and hostname.
Virtual appliances are self-contained operating environments dedicated to a particular function, such as manageability or security. Under control of IT administrators, the virtual appliance, which includes dedicated application code, a thin, embedded OS, and select drivers, runs outside the user OS so it is invisible to users and more secure from tampering.
(Virtual Local Area Network)
Virtual Local Area Network (VLAN) is a logical local area network that extends beyond a single traditional LAN to a group of LAN segments, given specific configurations. VLAN is a logical entity and its creation and configuration is done completely in software.
For more information, see http://en.wikipedia.org/wiki/VLAN
A Virtual Machine (VM) is a software implementation of a machine (computer) that executes programs like a real machine.
For more information, see http://en.wikipedia.org/wiki/Virtual_machine
See “Intel VT”
(Wake on LAN)
Wake on LAN (WoL) is an computer networking standard that allows a computer to be turned on or woken up remotely by a network message. WoL support is implemented in the motherboard of the computer.
For more information, see http://en.wikipedia.org/wiki/Wake-on-LAN
(Windows Remote Management)
The Windows Remote Management (WinRM) is the Microsoft implementation of WS-Management Protocol, a SOAP-based, firewall-friendly protocol that allows hardware and operating systems, from different vendors, to interoperate.
For more information, see http://msdn.microsoft.com/en-us/library/aa384426(VS.85).aspx
See also "SOAP", “WS-MAN”
(Web Services Description Language)
An XML-formatted language used to define the capabilities of a Web service, including how to connect with it. WSDL allows consistent use of the Web services available through Intel AMT.
See also "SOAP"
For more information, see http://en.wikipedia.org/wiki/Web_Services_Description_Language
(Web Services for Management)
WS-Management is a specification of a SOAP-based protocol for the managemen t of servers, devices, applications and more. The specification is based on DMTF open standards and Internet standards for Web Services
For more information, see http://www.dmtf.org/standards/wsman/