Menu
Is free
check in
the main  /  BY / What is Intel Management Engine Interface? Intel Management Engine Components What is what is Intel Management Engine.

What is Intel Management Engine Interface? Intel Management Engine Components What is what is Intel Management Engine.

Many users after installing Windows 10 are faced with the need to install the current driver for Intel Managemet Engine Components. What is it, and is it really necessary to computer? The answer to this question implies the study of a huge amount of information. Including technical documentation. Therefore, in this article, everything is explained by a simple language accessible to each user. First, it is necessary to disassemble the history of this component, and then talk about its purpose.

HISTORY OF CREATING INTEL ME COMPONENTS

Manufacturer of processors under the brand Intel began to introduce this component into products back in 2008. Then this technology seemed innovative. At about the same time, AMD launched an analogue called AMD Secure Technology. In the blue brand everything went great. Although no imputed documentation on this technology was granted.

So continued until 2017. And just this year, one Hacker revealed a serious vulnerability in Intel Management Engine Components. What is this vulnerability? It can be said that some bad uncle with a special code could force this component to open access to the processor. As a result, it was possible to manage the CPU remotely.

It was a notorious Spectre Meltdown error. At one time she made a lot of noise. The General Director of Intel with a footprint even sold the company's stake in the company, which led all investment companies in a coupe with stock exchanges. But everything went around, although the reputation of Intel turned out to be applied.

Intel Me Vulnerability Consequences

Naturally, the scandal was unheard. "Intel" had to justify for a long time, lick the wounds and apologize. But the main thing is that this lack forced the blue to provide the alleged documentation about Intel Management Engine Components. What kind of technology is this, it became clear. It also became clear why it turned out to hack the protection system.

After the epic failure "Intel", the guys from AMD began to test their system, because it was based on Intel Management Engine Components. What kind of vulnerability is - they did not have the concepts, but even in the chips from AMD over time, exactly the same vulnerability was discovered. But they managed to promptly attend and avoid the scandal. This allowed the Red Brand to take the leading position in the processor market. The main thing - now it can be understood that it represents this component.

What is Intel Me Components?

So, Intel Managemet Engine Components. What it is? In fact, it is a small microchip, which is introduced into the processor and regulates its operation. The drivers themselves are needed in order to ensure the adequate operation of this component. Previously, this microcircuit was introduced into motherboards. But since that time, as most computers switched to a single-point system, the chip began to be introduced into the central processors themselves. According to Intel, this state of affairs should have increased computer security.

By the way, about safety: Intel has had every reason to think that it is capable of protecting a computer from various attacks. The fact is that IT controls the work of the central processor in various modes, even when the computer is completely turned off. And it is this technology that is responsible for remote control of the processor. The idea is good, but the problem is that the component itself turned out to be leaning.

What is Intel Me?

Intel (R) Management Engine Components is responsible for the correct operation of the central processor. Moreover, it means not only the computer included. This technology allows you to control the processor and if the computer or laptop is completely turned off. Also, the component manages the operation of the processor in sleep mode or in the hibernation state. In general, this component is necessary, it is not going anywhere.

Also on intel database ME implemented other features. So, for example, using this technology is possible to remotely manage the computer, which is very useful for system administrators. Intel AT technology ("anti-theft" module is also based on Intel (R) Management Engine Components. Tip: Better to install the necessary drivers and in no case touch the settings, otherwise the entire computer may fail.

Is it possible to disable Intel Me?

Now it is worth considering in more detail with Intel (R) Management Engine Components. How to disable this feature? It is absolutely not needed by the usual user. It is worth noting that it is impossible to complete the complete shutdown. Some hackers have developed a method for blocking individual elements, but it will not be any sense. And if you do this yourself, then nothing good will come. PC will simply refuse to start, because Intel ME controls the operation of the central processor.

But what about Intel Management Engine Components drivers? Is it possible to disable some options programmatically? Can. Simple removal of the driver along with related software. But in this case, it may fall (and rather substantially) the overall performance of the processor. Also very likely inadequate work "stone" in sleep mode. Do not forget about hibernation. In general, the corresponding drivers can be deleted, but it is not recommended to do this.

Conclusion

So, in this article reviewed Intel Management Engine Components. That this is a very important subsystem of the central processor, it is already clear. Without it, the normal functioning of the chip is impossible. However, some "crazy handles" are actively looking for ways to disable this technology. In no case should do this, since the consequences of this action can be unpredictable. In the worst case, the user will lose its expensive car. In the best - the security system simply will not give "cut out" this component. In any case, do not need it. It is better to install all the necessary drivers, put the current software And do not touch this option under any kind. All the same, the normal operation of the processor and all components of the system does not interfere.

With most likely, many who at least once installed the operating windows system And then I downloaded the drivers from the official site, I noticed that there is some kind of drivers. About what it is for which he is responsible and whether it is necessary to install it you will learn from this article.

Intel Management Engine Interface in the list of drivers on the site manufacturer ASUS laptops

What is responsible for the Intel Management Engine Interface driver?

First of all, let's figure it out with the purpose of this driver. or abbreviated Intel Me. It is a separate subsystem that is responsible for the operation of some system functions, among which the speed of rotation speed of system fans, depending on their temperature, ensuring the operation of energy saving modes, transitions to sleep mode and much more.

If the fans of your laptop or computer rotate with one constantly high frequency, then this may be the consequence of the failure of the subsystem INTEL MANAGENE ENGINE INTERFACEeither incorrect work Her drivers.

This driver is very important and mandatory to the installation, as well as. If this is not done, the icon with an exclamation mark will be displayed in the device manager, indicating that the subsystem will be displayed. Intel Me. Does not function properly.

Not established driver Intel Management Engine Interface.

If a iNTEL MANAGENE ENGINE INTERFACE Do not install, then the computer or laptop will work, but with some OS functions there may be problems.

To avoid this, install the driver. iNTEL MANAGENE ENGINE INTERFACE From the official website of the manufacturer of your laptop or motherboard.


Best way to thank the author of the article - make a repost to myself on the page

Introduction.

This Document Contains Information on How to Get Started With Intel® Active Management Technology (Intel® AMT). IT Provides An Overview of the Features, AS Well As Information on Minimum System Requirements, Configuration of An Intel AMT CLIENT, And The Developer Tools Available to Help Create Applications for Intel AMT.

Intel AMT Supports Remote Applications Running ON Microsoft Windows * OR Linux *. Intel AMT Release 2.0 and Higher Supports Only Windows-Based Local Applications. For a Complete List of System Requirements See The Intel AMT IMPLEMENTATION AND REFERENCE GUIDE.

Getting Started.

IN ORDER TO MANAGE AN INTEL AMT CLIENT OR RUN THE SAMPLES SYSTEM TO REMETLY MANAGE SYSTEM TO REMOTELY MANAGE YOUR INTEL AMT DEVICE. REFER TO THE INTEL AMT IMPLEMENTATION AND REFERENCE GUIDE LOCATED IN THE DOCS FOLDER OF THE INTEL AMT SDK FOR MORE DETAILS.

What Is Intel® Active Management Technology?

Intel AMT IS PART OF THE INTEL® VPRO ™ Technology Offering. Platforms Equipped with Intel AMT CAN BE MANAGED REMOTELY, REGARDLESS OF ITS POWER STATE OR IF IT HAS A FUNCTIONING OS C NOT.

The Intel® Converterged Security and ManageAbility Engine (Intel® CSME) Powers The Intel AMT System. AS A Component of the Intel® VPRO ™ Platform, Intel AMT USES A Number of Elements In The Intel VPRO Platform Architecture. Figure 1 SHOWS THE RELATIONSHIP BETWEEN These Elements.

Figure 1. Intel® Active Management Technology 11 ARCHITECTURE

Pay Attention To the Network Connection Associated with the Intel® Management Engine (Intel® Me). The Nic Changes According to Which Intel AMT Release You are using.

  • The Intel CsMe Firmware Contains The Intel AMT Functionality.
  • Flash Memory Stores The Firmware Image.
  • Enable The Intel AMT Capability By Using Intel CSME AS IMPLEMENTED by an OEM Platform Provider. A Remote Application Performs The Enterprise Setup and Configuration.
  • ON POWER-UP, THE FIRMWARE IS COPIED INTO THE DOUBLE DATA RATE (DDR) RAM.
  • The Firmware Executes on the Intel® Processor with Intel Me And Uses A Small Portion of the DDR RAM (Slot 0) for Storage During Execution. Ram Slot 0 Must Be Populated and Powered On for the Firmware to Run.

Intel AMT Stores The Following Information in Flash (Intel Me Data):

  • OEM-CONFIGURABLE PARAMETERS:
    • SETUP AND CONFIGURATION PARAMETERS SUCH AS PASSWORDS, NETWORK CONFIGURATION, CERTIFICATES, AND ACCESS CONTROL LISTS (ACLS)
    • Other Configuration Information, Such As Lists of Alerts and Intel AMT System Defense Policies
    • The Hardware Configuration Captured by The Bios At Startup
  • Details for the 2016 Platforms with Intel VPRO Technology (Release 11.x) Are:
    • 14NM Process.
    • Platform (Mobile and Desktop): 6th Generation Intel® Core ™ Processor
    • CPU: Skylake.
    • PCH: SUNRISE POINT

What is new with the Intel® Active Management Technology SDK Release 11.0 What IS NEW WHNOLOGY SDK REELASE 11.0

  • Intel CSME IS The New Architecture for Intel AMT 11. Prior to Intel AMT 11 Intel Csme Was Called Intel® Management Engine Bios Extension (Intel® Mebx).
  • Mofs and XSL Files: The Mofs and XSL Files in The \\ Docs \\ WS-Management Directory and The Class Reference In The Documentation Are At Version 11.0.0.1139.
  • New WS-Eventing and Pet Table Argument Fields: Additional Arguments Added to the Cila Alerts Provide A Reason Code for the Device Which Generates The Alert.
  • Updated OpenSSL * VERSion: The OpenSSL Version IS AT V1.0. The Redirection Library Has Also Been Updated.
  • Updated Xerces Version: Both Windows and Linux Have V3.1.2 of the Xerces Library.
  • HTTPS Support for WS Events: Secure Subscription to WS Events is Enabled.
  • Remote Secure Erase Through Intel AMT Boot Options: The Intel AMT Reboot Options Has An Option to Securely Erase The Primary Data Storage Device.
  • DLL Signing With Strong Name: The Following DLLs Are Now Signed with A Strong Name: Cimframework.dll, CimFrameworkUnTyped.dll, dotnetwsmanclient.dll, ivemanclient.dll, and intel.wsman.scripting.dll
  • Automatic Platform Reboot Triggered by Heci and Agent Presence Watchdogs: An Option to Automatically TRIGGER A REBOOT WATCHDOG REPORTS THAT ITS AGENT HAS ENTERED AN EXPIRED STATE.
  • Replacement of the IDE-R Storage Redirection Protocol: Storage Redirection Works Over The USB-R Protocol Rather Than The Ide-R Protocol.
  • Updated Sha: The Sha1 Certificates Are Deprecated, with a series of Implemented SHA256 Certificates.

Configuring An Intel® Active Management Technology Client

Preparing Your Intel® Active Management Technology Client For Use

Figure 2 SHOWS THE MODES, OR STAGES, THAT AN INTEL AMT DEVICE PASSES THROUGH BEFORE IT BECOMES OPERATIONAL.


Figure 2. Configuration Flow

Before Configuring An Intel AMT Device From The Setup and Configuration Application (SCA), It Must Be Prepared with Initial Setup Information and Placed Into Setup Mode. The Initial Information Will Be Different Depending On The Available Options in The Intel AMT Release, And The Settings Performed by The Platform OEM. Table 1 Summarizes The Methods to Perform Setup and Configuration on the Different Releases of Intel AMT.

Table 1. SETUP METHODS ACCORDING TO INTEL® ACTIVE MANAGENE TECHNOLOGY VERSion

Setup Method.Applicable to Intel® Active Management Technology (Intel® AMT) ReleasesFor more information
Legacy.1.0; Releases 2.x and 3.x in Legacy ModeSETUP AND CONFIGURATION IN LEGACY MODE
SMB.2.x, 3.x, 4.x, 5.xSETUP AND CONFIGURATION IN SMB MODE
PSK.2.0 Through Intel AMT 10, Deprecated in Intel AMT 11Setup and Configuration using PSK
PKI.2.2, 2.6, 3.0 and LaterSETUP AND CONFIGURATION USING PKI (Remote Configuration)
Manual6.0 and Later.Manual Setup and Configuration (From Release 6.0)
CCM, ACM.7.0 and Later.

Intel® SETUP AND CONFIGURATION Software (Intel® SCS) 11 Can Provision Systems Back to Intel AMT 2.x. For More Information About Intel SCS AND PROVISIONING METHODS AS THERTAIN TO THE THE VARIOUS INTEL AMT REELESES, VISIT DOWNLOAD THE LATEST VERSION OF INTEL® SETUP AND CONFIGURATION SERVICE (Intel® SCS)

Manual Configuration Tips.

There Are No Feature Limitations WHEN CONFIGURING A Platform Manually Since The 6.0 Release, But There Are Some System Behaviors to Be Notic:

  • API METHODS WILL NOT RETURN A PT_STATUS_INVALID_MODE STATUS BECAUSE THERE IS ONLY ONE MODE.
  • TLS Is Disabled by Default and Must Be Enabled During Configuration. This Will Always Be The Case with Manual Configuration As You Cannot Set Tls Parameters Locally.
  • The Local Platform Clock Will Be Used Until The Network Time Is Remotenet Set. An Automatic Configuration Will Not Be Successful Unwess The Network Time Was Set (And This Can Only Be Done After Configuring TLS or Kerberos *). Enabling TLS OR Kerberos After The Configuration Will Not Work If The Network Time Was Not Set.
  • The System Enables Web UI by Default.
  • The System Enables Sol and Ide-R by Default.
  • The System Disables Redirection Listener by Default Starting in Intel AMT 10.
  • If KVM IS Enabled Locally Via Intel Csme, IT Still Will Not Be Enabled Until An Administrator Activates IT Remotenetrator.

Starting with Intel AMT 10, Some Devices Are Shipped Without A Physical Lan Adapter. These Devices Cannot Be Configured using the Current USB Key Solutions Provided by Intel SCS 11.

Manual Setup.

During Power Up, The Intel AMT Platform Displays The Bios Startup Screen, Then It Processes The Mebx. During This Process, Access to the Intel Mebx CAN BE MADE; However The Method is Bios Vendor-Dependent. Some Methods Are:

  • MOST BIOS VENDORS Add Entry Into Intel Csme Via The One-Time boot Menu.. SELECT THE APPROPRIATE KEY (CTRL + P IS TYPICAL) AND FOLLOW THE PROMPTS.
  • Some Oem Platforms Prompt You To Press After POST. When You Press , Control Passes to the Intel Mebx (Intel CSME) Main Menu.
  • Some OEMS INTEGRATE THE INTEL CSME Configuration Inside The Bios (Uncommon).
  • Some Options Have An Option in The Bios to Show / Hide The PROMPT, SO If The Prompt Is Not Available in The One-Time Boot Menu Check The Bios to Activate the Ctrl + p.

Client Control Mode and Admin Control Mode

Attup Completion, Intel AMT 7.0 and Later Devices Go Into One Of Two Control Modes:

  • Client Control Mode.. Intel AMT Enters This Mode After Performing A Basic Host-Based Setup (See Host-based (Local). IT Limits Some of Intel AMT FUNCTIONALITY, REFLECTING THE LOWER LEVEL OF TRUST REQUIRD TO COMPLETE A HOST-BASED SETUP.
  • Admin Control Mode.. After Performing Remote Configuration, USB Configuration, OR A Manual Setup Via Intel Csme, Intel AMT Enters Admin Control Mode.

There Is Also a Configuration Method That Performs An Upgrade Client To Admin Procedure. This Procedure Presumes The Intel AMT Device IS in Client Control Mode, But Moves The Intel AMT Device To Admin Control Mode.

In Admin Control Mode There Are No Limitations to Intel AMT FUNCTIONALITY. This reflects The Higher Level of Trest Associated With These Setup Methods.

Client Control Mode Limitations

WHEN A SIMPLE HOST-BASED CONFIGURATION COMPLETES, THE PLATFORM ENTERS CLIENT CONTROL MODE AND IMPOSES THE FOLLOWING LIMITATIONS:

  • The System Defense Feature Is Not Available.
  • REDIPECTION (IDE-R AND KVM) Actions and Changes in Boot Options (Including boot to Sol) Requires Advanced Consent. This Still Allows Remote IT Support to Resolve End-User Problems using Intel AMT.
  • With a Defined Auditor, The Auditor's Permission Is Not Required to Perform Un-Provisioning.
  • A Number of Functions Are Blocked to Prevent An Untrusted User From Taking Control of the Platform.

Manually Configuring An Intel Active Management Technology 11.0 Client

The Intel AMT Platform Displays The Bios Startup Screen During Power Up, Then Proceses The Bios Extensions. Entry INTO THE INTEL AMT BIOS EXTENSION IS BIOS VENDOR-DEPENDENT.

If You Are Using An Intel AMT Reference Platform (SDS OR SDP), The Display Screen Prompts You To Press . The Control Passes to the Intel Csme Main Menu.

In The Case of It Being A OEM System It is Still Easy to Use The One-Time Boot Menu, Althought Entry Into Intel Csme Is Usally An Included Option As Part of the One-Time Boot Menu. The EXACT KEY Sequence Varies by Oem, Bios and Model.

Manual Configuration for Intel® AMT 11.0 Clients Wi-Fi * -Only Connection

Many Systems No Longer Have a Wired Lan Connector. You can Configure and Activate The Intel Me, Then Via Webui or Some Alternate Method to Push The Wireless Settings.

  1. Change the Default Password to the New Value (Required to Proceed). THE NEW VALUE MUST BE A STRONG PASSWORD. IT SHOULD CONTAIN AT Least One Uppercase Letter, One LowerCase Letter, One Digit, And One Special Character, and Be at Least Eight Characters.
    1. ENTER INTEL CSME DURING STARTUP.
    2. ENTER THE DEFAULT PASSWORD OF "ADMIN".
    3. ENTER AND CONFIRM NEW PASSWORD.
  2. SELECT NETWORK SETUP.
  3. SELECT INTEL® ME NETWORK NAME SETTINGS.
    1. ENTER HOST NAME.
    2. ENTER DOMAIN NAME.
  4. Select User Consent.
  5. Exit Intel CSME.
  6. Configure Wireless Via Proset Wireless Driver Synching, Webui, Or An Alternative Method.

Manual Configuration for Intel AMT 11.0 Clients WITH LAN Connection

ENTER THE INTEL CSME DEFAULT PASSWORD ("Admin").

Change the Default Password (Required to Proceed). THE NEW VALUE MUST BE A STRONG PASSWORD. IT SHOULD CONTAIN AT Least One Uppercase Letter, One LowerCase Letter, One Digit, And One Special Character, and Be at Least Eight Characters. A Management Console Application Can Change The Intel AMT Password Without Modifying The Intel Csme Password.

  1. Select Intel AMT Configuration.
  2. Select / Verify ManageAbility Feature Selection is Enabled.
  3. SELECT ACTIVATE NETWORK ACCESS.
  4. Select "Y" to Confirm Activating The Interface.
  5. SELECT NETWORK SETUP.
  6. Select Intel Me Network Name Settings.
    1. ENTER HOST NAME.
    2. ENTER DOMAIN NAME.
  7. Select User Consent.
    1. By Default, This Is Set For Kvm Only; CAN BE CHANGED TO NONE OR ALL.
  8. Exit Intel CSME.

ACCESSING INTEL® ACTIVE MANAGEMENT TECHNOLOGY VIA THE WEBUI INTERFACE

An Administrator With User Rights CAN Remotenet Connect to the Intel AMT Device Via The Web UI by Entering The Device. Depending on Whether TLS HAS BEEN ACTIVATED, THE URL WILL CHANGE:

  • Non-TLS - http: // :16992
  • TLS - https: // :16993

You can Also Use a Local Connection using The Host's Browser for a Non TLS Connection. Use Either Either Localhost or 127.0.0.1 AS The IP Address. Example: http://127.0.0.1:16992.

Intel Active Management Technology Support Requirements

In addition to Having The Bios and Intel Csme Configured Correctly, The Wireless Nic Needs to Be Intel AMT COMPLIANT. Specific Drivers and Services Must Be Present and Running in Order to Use The Intel AMT to Manage The Host OS.

To Verify That The Intel AMT Drivers And Services Are Loaded Correctly, Look for Them in The Device Manager and Services in The Host OS. Frequently Check The Oem's Download Site for Upgraded Versions of the Bios, Firmware, And Drivers.

Here Are The Drivers And Services That Should Appear in the Host OS:

  • Intel® Ethernet Network Connection I218-LM #
  • Intel® Dual Band Wireless-AC 8260 OR SIMILAR #
  • Intel® Management Engine Interface (Intel® MEI) Driver
  • Serial-Over-Lan (SOL) Driver
  • Intel® Management and Security Status (Intel® MSS) Application Local Management Service **
  • Intel® AMT Management and Security Status Application **
  • HID Mouse and Keyboard Drivers ***

* Network Controller and Wireless Interface Versions Will Vary Depending On The Generation of the Intel VPRO Platform.

** Part of the Complete Intel Mei (Chipset) Driver Package

*** HID Drivers Are Needed WHEN Connecting Via Intel AMT KVM. These Default Drivers Are Not Normally An Isse; However, We Have Seen IsSues on Stripped-Down Custom OS Installs. If a Connection Is Made to A Device Without The Hid Drivers, The OS Tries to Auto-Download The Drivers. Once The Install IS Done, Reconnect The KVM Connection.

Note: The Version Level of the Drivers Must Match The Version Level Of The Firmware and BIOS. If Non-Compatible Versions Are Installed, Intel AMT Will Not Work With The Features That Require Those Interfaces.

Physical Device - Wireless Ethernet Connection

By Default, Any Wireless Intel VPro Platform Will Have An Intel AMT Enabled Wireless Card Installed, Such As An Intel Dual Band Wireless-AC 8260. Any Wireless Card Other ONE from Intel Will Not Have Wireless Intel AMT CAPABILITIES. If You Have A Card Other Thank Dual Band Wireless-AC 8260 You Can Use Ark.intel.com to Verify Whether The Wireless Card Is Intel AMT COMPLIANT.

Windows OS Required Software

Device Drivers Are Not Necessary for Remote Management; HOWEVER, THEY ARE ESSENTIAL FOR LOCAL COMMUNICATION TO THE FIRMWARE. Functions Like Discovery Or Configuration Via The OS Will Require The Intel Mei Driver, Sol Driver, LMS Service and Intel® MSS (Intel® MSS).

Device Drivers - Intel® Management Engine Interface

Intel Mei IS Required to Communicate to the Firmware. The Windows Automatic Update Installs The Intel Mei Driver by Default. The Intel Mei Driver Shld Stay in Version Step with the Intel Mebx Version.

The Intel Mei Driver Is In The Device Manager Under "System Devices" AS "Intel® Management Engine Interface."

Device Drivers - Serial-Over-Lan Driver

The Sol Driver Used During Redirection Operation Where A Remote CD Drive Is Mounted During A IDE Redirection Operation.

The Sol Driver Is In The Device Manager Under "Ports" AS "Intel® Active Management Technology - Sol (COM3)."


Figure 3. SERIAL-OVER-LAN DRIVER.

Service - Intel Active Management Technology LMS SERVICE

The Local ManageAbility Service (LMS) Runs Locally in An Intel AMT Device and Enables Local Management Applications to Send Requests and Receive Responses. The LMS RESPONDS TO THE THE REQUESTS DIRECTED AT THE INTEL AMT LOCAL HOST AND ROUTES THEM TO THE INTEL® ME VIA THE INTEL® MEI DRIVER. This Service Installer Is Packaged With The Intel Mei Drivers on the OEM Websites.

Please Note That When Installing The Windows OS, The Windows Automatic Update Service Installs The Intel Mei Driver ONLY. Imss and the LMS Service Are Not Installed. The LMS Service Communicates from An OS Application to the Intel Mei Driver. If The LMS Service Is Not Installed, Go To the OEM Website and Download The Intel Mei Driver, Which Is Usually Under the Chipset Driver Category.


Figure 4. Intel® Management Engine Interface DRIVER.

The LMS IS A Windows Service. Installed On The Host Platform That Has Intel AMT Release 9.0 or Greater. PRIOR TO THIS, THE LMS WAS KNOWN AS THE USER NOTIFICATION SERVICE (UNS) Starting from Intel AMT Release 2.5 to 8.1.

The LMS ReceiveS a set of alerts from the Intel AMT Device. LMS Logs The Alert in the Windows Application Event Log. To View The Alerts, Right-Click My Computer, and then select Manage\u003e System Tools\u003e Event Viewer\u003e Application.

Tool - Intel® Management and Security Status Tool

The Intel MSS Tool Can Be Accessed by The Blue-Key Icon In The Windows Tray.


Figure 5. SYS Tray Intel® Management and Security Status icon.

General Tab.

The General Tab Of The Intel MSS Tool Shows The Status of Intel VPro Features Available On The Platform and An Event History. Each Tab Has Additional Details.


Figure 6. Intel® Management and Security Status General Tab.

Intel AMT Tab.

This Interface Allows The Local User to Terminate KVM and Media Redirection Operations, Perform a Fast Call for Help, and See the System Defense State.


Figure 7. Intel® Management and Security Status Intel AMT Tab

Advanced Tab.

The Advanced Tab of The Intel MSS Tool Shows More Detailed Information on the Configuration of Intel AMT and Its Features. The Screenshot In Figure 8 Verifies That Intel AMT HAS Been Configured on This System.


Figure 8. Intel® Management and Security Status Advanced Tab

Intel Active Management Technology Software Development Kit (SDK)

AS Illustrated by The Screenshot In Figure 9 of the Intel® AMT IMPLEMENTATION AND REFERENCE GUIDE, YOU CAN GET MORE INFORMATION ON SMSPLE CODE by Reading the use of the Intel® AMT SDK Section. The Documentation IS Available On The Intel® Software Network Here: Intel® AMT SDK (Latest Release)

Third-Party Data StorageX.X.X.DeprecatedDeprecated BUILT-IN WEB SERVERX.X.X.X.X. Web Application Hosting. X.X. Flash Protection.X.X.X.X.X. Firmware Update.X.X.X.X.X. HTTP Digest / TLSX.X.X.X.X. Static and Dynamic IPX.X.X.X.X. System Defense.X.X.X.X.X. Agent PresenceX.X.X.X.X. Power Policies.X.X.X.X.X. Feature.AMT 8.AMT 9.AMT 10.AMT 11.AMT 12. Mutual authentication.X.X.X.X.X. Kerberos *X.X.X.X.X. TLS-PSK.X.X.X.DeprecatedDeprecated Privacy iconX.X.X.X.X. Intel® Management Engine Wake-On-LanX.X.X.X.X. Remote Configuration.X.X.X.X.X. Wireless Configuration.X.X.X.X.X. Endpoint Access Control (EAC) 802.1X.X.X.X.X. Power Packages.X.X.X.X.X. Environment DetectionX.X.X.X.X. Event Log Reader RealmX.X.X.X.X. System Defense HeuristicsX.X.X.X.X. WS-MAN InterfaceX.X.X.X.X. Network Interfaces.X.X.X.X.X. TLS 1.0.X.X.X.X. TLS 1.1. X.X.X.X. TLS 1.2. X. Feature.AMT 8.AMT 9.AMT 10.AMT 11.AMT 12. Fast Call for Help (CIRA)X.X.X.X.X. Access MonitorX.X.X.X.X. Microsoft NAP * SupportX.X.X.X.X. Virtualization Support for Agent PresenceX.X.X.X.X. PC Alarm Clock.X.X.X.X.X. KVM Remote ControlX.X.X.X.X. Wireless Profile SynchronizationX.X.X.X.X. Support for Internet Protocol Version 6X.X.X.X.X. Host-based ProvisioningX.X.X.X.X. Graceful Shutdown.X.X.X.X.X. WS-MANAGEMENT APIX.X.X.X.X. SOAP Commands.X.DeprecatedDeprecatedDeprecatedDeprecated Instantgo Support X.X. Remote Secure Erase. X.X.

INTEL MANAGEMENT ENGINE (ME)

Intel Management ENGINE (Intel ME) allows you to access the "hardware" directly, bypassing the superstructure in the form of the operating system. This function does not depend on the OS state and provides control of the remote computer using the independent TCP / IP auxiliary channel, including if the computer is turned off (remotely enable / disable a computer).

Interaction with remote PCs is performed at the Hardware level, so the administrator receives some features that previously demanded a physical presence next to the user's computer.

Initially, the Intel Management ENGINE settings are turned on after activating this function in the BIOS. Immediately after turning on Intel ME, you get access to multiple BIOS functions.

For the first time after starting the ME interface in the BIOS, you will need to create an administrator password.

As you can see on the given screenshot, Intel Active Management (AMT) mode is enabled in the "Intel Management Engine Configuration" section.

In fact, you need to simply turn on the "On in S0, ME Wake in S3, S4-5" mode. This will allow the use of remote access functions at any time if the computer is connected to the power supply. If the host is in S3-S5 mode and the system is connected to the network alternating currentThe remote access system will "fall asleep" after a certain time, but turns on again upon receipt of the network message.

Using this feature, the IT department can allow a remote PC to switch to sleep mode, but again turn on, for example, when employees leave home and the ability to establish multiple system updates. In this BIOS window, you can configure several different parameters related to the low-level realization of AMT remote access.

Intel allows you to save certificates for providing remote access and a computer can be authenticated before accessing network resources.

Intel Active Management TECHNOLOGY (AMT)

AMT is one of the most curious components of the VPRO platform. In previous versions of VPRO 1.0, the AMT engine interacted with the processor integrated into the motherboard, thereby depended on the "host" (processor state). Separating function remote control (That is, they are moved to the motherboard / network controller), Intel has made a big step forward: many possibilities have become available even if the computer is turned off or before loading the OS.

If you are familiar with the technologies like IPMI 2.0, the AMT concept may seem familiar to the principles of work. Key ATM functions include:

  • Remote switching on, shutdown either a separate turning on-shutdown cycle;
  • Mounting the image image to load the operating system on a remote PC;
  • Remote access to information about the hardware resources of the PC;
  • Remote Console Redirection with Serial Over LAN (SOL);
  • Output Out-of-Band (OOB) messages for the administrator;
  • Providing a secure TLS channel between the administrator and the client system controlled by VPRO.

Taken together, these features are created in order to give system administrators the control level that is below and operates independently of the operating system (although Intel offers a software superstructure that allows you to integrate the possibilities of AMT into the operating system like Windows 7).

Intel added KVM Remote Control to the AMT 6.0 standard, in order to provide the administrator with full access to the keyboard, video card and mouse on the client machine. You can intercept the control of the correctly configured system and make it diagnostics even if it does not have an installed OS. Although AMT Standard 6.0 provides work on a very limited choice of KVM permissions, AMT version 6.1 (on the DQ57TM system board) has an extended permission set, which allows you to work in more comfortable conditions.

It is worth noting that many KVM-OVER-IP solutions implemented on the basis of IPMI 2.0 in some server motherboards, usually suggest work at an even lower resolution - 800x600. It does not create problems when working with remote servers (many of which are still controlled by command line), But to serve client cars at such a resolution is not at all comfortable. The current version of AMT 7.0, which is implemented in the last generation of the VPRO platform, allows you to work at a resolution to 1920x1200.

The only feature that we could not test (which is very sad, despite the fact that Intel pays a lot of attention to it) - Anti-Theft (AT) technology. Intel could send a team that would block a computer with VPRO if it was stolen. Of course, this is more relevant for users of laptops, not desktop PCs.

In the AMT 7.0 version, Intel provided the ability to use 3G cellular networks to send a remote kill command, which significantly increases the chances of maintaining the confidentiality of data on the PC in case of theft. If the computer suddenly returns to you, you can return it to life in the same way.



CONTENT