Intel Active Management Technology
From Wikipedia, the free encyclopedia
Intel Active Management Technology (AMT) is a hardware-based technology that facilitates remote out-of-band management of computers by use of a small secondary processor located on the motherboard.
This OOB controller has embedded firmware that runs on the Manageability Engine (ME), a separate small ARC architecture processor built into the North Bridge (or NIC for AMT 1.0) of the motherboard. The AMT firmware is stored in the same SPI flash memory component used to store the BIOS and is generally updated along with the BIOS. FWH (Firmware Hub) or LPC firmware storage is not supported for AMT.
Currently, Intel AMT is available in vPro desktops and Centrino Pro laptops.
Contents |
[edit] Capabilities
[edit] Webserver
Intel AMT systems include a built-in web server located on port 16992 (or port 16993 if HTTPS is used). The web server displays a management web page that can be accessed from a remote system (not from the AMT system itself). A remote user can browse to the web page to perform a subset of the full AMT list of operations: view information about the AMT system and perform power control functions on it (for example, power it up or down). The web server can be accessed even if the system is powered down or has crashed. The web server is generally disabled by corporate IT.
[edit] Other features
- Power up, power down, power cycle, and reset the computer.
- Redirect the remote computer's boot process, causing it to boot from a network boot image. This allows booting a computer that has a corrupted (or missing) operating system.
- Redirect the system's I/O during the boot process, allowing the administrator to view and intervene in the boot process.
- Access and change BIOS settings remotely.
- Verify that essential software is running on the remote system (for example, anti-virus agents).
- Rebuild a corrupted hard drive either over the network or from a local image.
- Obtain the remote computer's hardware asset list (platform, baseboard, BIOS, processor, memory, disks, portable batteries, field replaceable units).
- Detect suspicious traffic with virus- and worm-like behavior received by or transmitted by the remote system.
- Block network traffic to and from systems suspected of infection by viruses or worms.
- Manage hardware packet filters & counters in the on-board network adapter.
- Receive PET events from the AMT subsystem (for example, events indicating that the operating system is hung, or that a password attack has been attempted).
[edit] Setup and Privacy
Intel AMT computers are usually sold with AMT disabled. First time setup can be performed in one of several ways: remote configuration, using a USB key containing a proprietary configuration file, or manually entering data in the MEBx (the Manageability Engine BIOS extension). Intel provides a 'Privacy Icon' application that notifies the system's user if AMT is enabled. Once enabled, AMT cannot be disabled unless the AMT administrator password is known or a jumper on the motherboard is used to reset AMT.
[edit] Versions
Intel AMT comes in different versions. Each version of Intel AMT can be updated in software to the next minor version.
- Intel AMT 1.0 – Intel platforms based on the Intel 82573E (Tekoa; usually 945, ICH7) Gigabit Ethernet Controller, e.g., the Intel D975XBX2 motherboard. This version provides basic NVRAM, Hardware Asset, Event log and other basic features. It does not provide Intel System Defense network filters.
- Intel AMT 2.0 – Intel vPro desktop platforms based on the Intel Q963/Q965 (Broadwater-Q, ICH8) chipsets, e.g., the Intel DQ965GF motherboard.
- Intel AMT 2.1 – Intel AMT 2.0 + AMT Power Savings (ME Wake on LAN) and bug fixes (supported on same platforms as Intel AMT 2.0).
- Intel AMT 2.2 – Intel AMT 2.1 + Remote Configuration and bug fixes (supported on same platforms as Intel AMT 2.1 and Intel AMT 2.0).
- Intel AMT 2.5 – Intel Centrino Pro mobile platforms based on the GM965/PM965 (Santa Rosa: Crestline, ICH8M) chipsets, e.g., the HP Compaq 6910p laptop.
- Intel AMT 2.6 – Intel AMT 2.5 + Remote Configuration and bug fixes (supported on same platforms as Intel AMT 2.5).
- Intel AMT 3.0 - Intel vPro desktop platforms based on the Intel Q33/Q35 (Weybridge: Bearlake-Q, ICH9) chipsets, e.g., the Intel DQ35MP motherboard.
- Intel AMT 4.0 – Future Intel Centrino Pro mobile platforms based on the GM45/PM45 (Montevina: Cantiga, ICH9M) chipsets.
- Intel AMT 5.0 - Future Intel vPro desktop platforms based on the Intel Q43/Q45 (Boulder Creek/Corwin Springs/McCreary: Eaglelake-Q, ICH10) chipsets.
- Intel AMT 6.0 – Future Intel Centrino Pro mobile platforms based on the Calpella chipsets.
[edit] Management Engine Firmware Modules
- Active Management Technology (AMT)
- Alert Standard Format (ASF)
- Quiet System Technology (QST), formerly Advanced Fan Speed Control (AFSC)
- Trusted Platform Module (TPM)
- Danbury Technology (DT); this is an encrypted AHCI controller
[edit] See also
- Host Embedded Controller Interface (HECI)
- Alert Standard Format (ASF)
- Distributed Management Task Force (DMTF)
- Intelligent Platform Management Interface (IPMI)
- Baseboard management controller (BMC)
- Trusted Platform Module (TPM)
- Northbridge (computing) (NB)
- Southbridge (computing) (SB)
- I/O Controller Hub (ICH)
- Out-of-band management
- Lights out management
- HP Integrated Lights-Out (HP/Compaq specific)
