More technology distinctions - Intel AMT vs. ASF, part 3

Hi :)
(Please refer to the "part 1" and "part 2" posts of this series, in order to learn the evolution line of manageability solutions and the differences of Intel AMT).

In this post, we'll continue comparing ASF and Intel AMT features, following the principles presented in the previous two posts.

Part Three: Technology Differences (cont.)

  1. Alert Subscription: PET and logs

    • Intel AMT uses the well know PET format to send event alerts, just as ASF does.

    • But Intel AMT takes the event alerts one step further: While in ASF you have to decide on one unique destination point for all the events, in Intel AMT you can subscribe up to 16 different destinations -- and define which kind of event alerts should be sent to each subscriber. In this way different entities with different roles can be assigned different events. A person/computer can be in charge of dealing with network problems, while another one receives also security alerts. That's being in control! :)

    • Another important addition to the event manager in Intel AMT is the built-in log of alerts. IT Managers can define the type of alerts that should be stored inside the Intel AMT system itself, and can access this at any time from anywhere.

  2. Security: RSP vs. TLS and Kerberos

    • Some people say you can not have too high a security standard.

    • ASF had no security protocol before its revision 2.0. RSP brought security authentication to the ASF standard by using HMAC-SHA1 encryption and a pre-shared key between the managed client and the console.

    • I'll not enter in technical details of how TLS and Kerberos work and how they are more reliable than simple pre-shared keys security, there is plenty of material on that. As much as HMAC is a good encryption method... it is clear that TLS or Kerberos are more advanced security methods than two pre-shared keys.

    • An aspect in which TLS or Kerberos are practical than a special password is that it is integrates with the existing security scene of the corporation -- if the organization uses TLS or Kerberos to secure its network, Intel AMT will fit together.

    • And more, not only Intel AMT can use the same certificates and same servers, but you can merge the password administration of it in the other methods you use to manage other paswords. You can program Intel AMT's login and password easily, what you cannot do so easily in ASF (where you are also forced to a 20 letters long (or 40 hexa. chars, depending on implementation) password). Having to manage additional passwords (at times, different ones for each client) is a hassle you don't have on Intel AMT.

      • Update (20/09): Please don't understand from this section that TLS and Kerberos serve the same purpose -- they are solutions to different aspects of security (TLS is used for encription, kerberos for authentication.) They are together here because both capabilities not present at ASF.

  3. Standards

    • The ASF standard was published by the DMTF years ago. An open standard such as this brings many immediate advantages, such as the ability to anyone to build matching applications beforehand. Also, these applications will fit any other ASF implementation, vendor independent.

    • Intel AMT started by creating its own set of functions and features. As there was no progress in the manageability solutions available, there was no standard to follow, so Intel literally 'leaped ahead' ;) and pushed the manageability technology further than what the market was accustomed too.

    • Nowadays, the manageability community sees how far we can go with the new features, and standards are being defined and tested. Intel AMT now follows well known manageability communication standards as WS-Man and DASH, so we can say that Intel AMT 'catched up' in this point were it was lacking.

    • Ajay commented on the standard advantages and disadvantages in this post in our blog.

I hope you enjoyed the dissection of these two important technologies. And the list is not over yet, there's another post on its way!
Stay around...

Posts in the series:
- ASF and Intel AMT - Spot the differences (part 1)
- ASF vs. Intel AMT part 2 - Technology differences
- More technology distinctions - Intel AMT vs. ASF, part 3
- Between Intel AMT and ASF, part 4
- Feature Advantages - Intel AMT and ASF part 5

PS> It would be great to know whether some of you already had/have any experience with ASF manageability, and how do you compare it with Intel AMT. In this way, we'll be able to better focus our conversation.