Intel Active Management Technology SDK - "out-of-band" solution for system administrators
The days when system administrators had to run from one computer to another are over. At least in those companies whose management has gone to the implementation of technologies that allow "technicians" to quickly solve the issue on any of the hundreds of thousands of computers in the organization. These technologies include Intel's Active Management Software solution.
Intel AMT – a set of hardware tools that allow system administrators to search, restore and protect the company's computing resources, regardless of whether they are enabled or not, as well as regardless of the state of operating systems. And most importantly, regardless of the distance of the system administrator from the problem computer.
In Intel, such remote access to any point in the system is called "out-of-band access" (out-of-band, OOB) and emphasizes that the communication channel is independent of the OS and is always available.
To make an out-of-band connection to a problem computer possible, Intel platforms integrate additional firmware that lives in non-volatile flash memory, and a separate Intel ME ARC processor that uses a small part of DDR memory in one of the slots for loading and executing it, as well as a mechanism for tracking sensors (fan speed, temperature, and unauthorized access).
The software provided by Intel Active Management Technology allows system administrators to extend the system's capabilities with self-developed programs that communicate with the built-in Active Management Technology tools and use them to solve specific enterprise tasks. You can also create the necessary console applications and, if necessary, quickly modify them.
Main advantages of the technology
Fault detection. Intel ® Active Management (Intel ® AMT) technology stores information about hardware and software in non-volatile flash memory, so IT professionals have access to information even when the PC is turned off. Thanks to Intel ® AMT technology, remote consoles are independent of local SOFTWARE, which helps avoid accidental data loss.
Troubleshooting and system recovery. Intel AMT technology provides independent management and allows IT specialists to remotely restore the system in the event of a malfunction. The notification and event logging system helps IT specialists quickly detect the causes of failures and reduces system downtime. In practice, restoring the system or any part of it looks like this:
The support service receives a system failure message either as a result of the platform generating an event, or directly from the end user. A support employee establishes an out-of-band connection to the failed system. During this session, it can check the hardware configuration of the system and read the system event log to locate the source of the fault.
In addition, a support employee may decide to set up a SOL and IDE-R session to load a diagnostic OS, run an update program, or other SOFTWARE from an alternative operating environment. If the problem is not related to a physical hardware failure, you can use these tools to quickly restore systems remotely.
In 2006, AMT technology was supplemented with another tool for recovery and protection. This is a Circuit Breaker technology designed to protect against network intrusion. It actually provides a remote server, such as a management console or an antivirus console, with the ability to reliably configure a set of hardware traffic filters at the platform level that cannot be "deceived" by any SOFTWARE. This feature is very useful for preventing worms or viruses from attacking your corporate network.
System protection. Intel AMT technology helps protect your company's local network. The built-in network controller, its BIOS, and traffic filter settings allow you to respond to out-of-band administrative requests (OOB), and support encryption and access protection. If, for some reason, the computer is still infected with a virus or has outdated security features, you can block or restrict its network access until it is treated or updated with Active Management Technology to prevent further spread of the infection.
Empowerment and the creation of applications
To more effectively administer an Intel AMT-based system and simplify the process of developing third-party applications, Intel provides an effective set of tools – the Active Management Technology Software Development Kit (AMT SDK). It is distributed as part of the software developer support program and is intended for use under a Non-disclosure agreement with Intel.
The Software Development Kit contains complete documentation for Intel Active Management subsystems, a description of the software interface (API) and libraries that allow you to fully use the capabilities inherent in AMT.
Intel AMT Storage Library is a static library that allows local or remote access to non-volatile memory on any computer that supports Intel AMT. The Intel AMT Redirection Library component allows you to redirect commands over a local network using the Serial over LAN (SOL) function, as well as boot any system remotely using the IDE Redirection (IDE-R) function. The Error ID Conversion Library is responsible for converting Intel AMT error messages to a regular lowercase format.
One of the components of the SDK – Intel AMT Host Emulator is a software emulator that allows you to simulate Intel AMT support on any hardware. The AMT SDK comes in two "versions" at once-for Windows and for Linux (the Linux version does not provide a Host Emulator).
All SDK components are located in separate directories and can be copied to any location on the system's hard disk. When "installing", you must keep the folder structure the same as in the distribution, since the SDK components are interdependent.
For the Software Development Kit to work properly, you need to install the Microsoft Platform SDK and Microsoft Visual Studio 2003 (which will be used to compile the selected components of the package).
the Software Development Kit is regularly updated. The latest version of the package includes many improvements that increase the efficiency of the platform and increase the speed of system administrators. An interesting feature of the new edition – "Wake on ME" - attracted the attention of market participants. According to the developers, the new feature of the SOFTWARE will help to minimize the power consumption of the platform as a whole.
The Reference Design Kit is included so that users can quickly and comfortably create console applications for Active Management Technologies. Developers can use it to create their own console solutions for Active Management Technologies. And having the full source code will allow you to create full-featured applications and easily change them if necessary.
Another component of the specialized software of Active Management Technologies - Setup and Configuration Service (SCS) - automates the initial configuration of platforms and configuration of their parameters, which allows you to further administer them remotely. SCS communicates with AMT-enabled devices via the SOAP API, and uses a SQL Server database to store configurations, stored procedures, and logs related to system actions.
Conclusions
We are convinced that Intel Active Management Technology is a technology that can save time and money for the company, make life easier for system administrators and improve the efficiency of all employees of the company as a whole. The main advantages of the technology are working under both Windows and Linux OS, the presence of the Intel Host Emulator software and the ability to develop solutions for remote computer administration via an out-of-band connection, regardless of the installed operating system.
How profitable are these opportunities? According to the results of research by Intel, the annual savings of the company that uses it can be up to 24 million dollars.
So that users of the Intel AMT SDK and other products don't feel alone, an entire community has been created on the Intel website. Its main goal is to provide system administrators with direct communication with Intel developers and engineers.
Valeriy Semenov
09/01.2007
