Intel Active Management Technology - Using Intel AMT

Using Intel AMT

Almost all AMT features are available even if PC power is off, the OS is crashed, the software agent is missing, or hardware (such as a hard drive or memory) has failed. The console-redirection feature (SOL), agent presence checking, and network traffic filters are available after the PC is powered up.

Intel AMT supports these management tasks:

• Remotely power up, power down, power cycle, and power reset the computer.
• Remote boot the PC by remotely redirecting the PC’s boot process, causing it to boot from a different image, such as a network share, bootable CD-ROM or DVD, remediation drive, or other boot device. This feature supports remote booting a PC that has a corrupted or missing OS.
• Remotely redirect the system’s I/O via console redirection through serial over LAN (SOL). This feature supports remote troubleshooting, remote repair, software upgrades, and similar processes.
• Access and change BIOS settings remotely. This feature is available even if PC power is off, the OS is down, or hardware has failed. This feature is designed to allow remote updates and corrections of configuration settings. This feature supports full BIOS updates, not just changes to specific settings.
• Detect suspicious network traffic. In laptop and desktop PCs, this feature allows a sys-admin to define the events that might indicate an inbound or outbound threat in a network packet header. In desktop PCs, this feature also supports detection of known and/or unknown threats (including slow- and fast-moving computer worms) in network traffic via time-based, heuristics-based filters. Network traffic is checked before it reaches the OS, so it is also checked before the OS and software applications load, and after they shut down (a traditionally vulnerable period for PCs).
• Block or rate-limit network traffic to and from systems suspected of being infected or compromised by computer viruses, computer worms, or other threats. This feature uses Intel AMT hardware-based isolation circuitry that can be triggered manually (remotely, by the sys-admin) or automatically, based on IT policy (a specific event).
• Manage hardware packet filters in the on-board network adapter.
• Automatically send OOB communication to the IT console when a critical software agent misses its assigned check in with the programmable, policy-based hardware-based timer. A "miss" indicates a potential problem. This feature can be combined with OOB alerting so that the IT console is notified only when a potential problem occurs (helps keep the network from being flooded by unnecessary "positive" event notifications).
• Receive Platform Event Trap (PET) events out-of-band from the AMT subsystem (for example, events indicating that the OS is hung or crashed, or that a password attack has been attempted). You can alert on an event (such as falling out of compliance, in combination with agent presence checking) or on a threshold (such as reaching a particular fan speed).
• Access a persistent event log, stored in protected memory. The event log is available OOB, even if the OS is down or the hardware has already failed.
• Discover an AMT system independently of the PC's power state or OS state. Discovery (preboot access to the UUID) is available if the system is powered down, its OS is compromised or down, hardware (such as a hard drive or memory) has failed, or management agents are missing.
• Perform a software inventory or access information about software on the PC. This feature allows a third-party software vendor to store software asset or version information for local applications in the Intel AMT protected memory. (This is the protected third party data store, which is different from the protected AMT memory for hardware component information and other system information). The third-party data store can be accessed OOB by the sys-admin. For example, an antivirus program could store version information in the protected memory that is available for third-party data. A computer script could use this feature to identify PCs that need to be updated.
• Perform a hardware inventory by uploading the remote PC's hardware asset list (platform, baseboard management controller, BIOS, processor, memory, disks, portable batteries, field replaceable units, and other information). Hardware asset information is updated every time the system runs through power-on self-test (POST).