Post on 26-Mar-2015
Intel® vPro™ Processor Technology
Intel® AMT Keyboard, Video & Mouse Remote Control
<Presenter’s Name>
Application Engineer
Software and Services Group
<month>, 2009
2Intel Confidential 2
Legal Disclaimer
Information in this document is provided in connection with Intel products. No license, express or implied, by personnel or otherwise, to any intellectual property rights is granted by this document. Except as provided in Intel's Terms and Conditions of Sale for such products, Intel assumes no liability whatsoever, and Intel disclaims any express or implied warranty, relating to sale and/or use of Intel products including liability or warranties relating to fitness for a particular purpose, merchantability, or infringement of any patent, copyright or other intellectual property right. Intel products are not intended for use in medical, life saving, or life sustaining applications.Intel may make changes to specifications and product descriptions at any time, without notice.
Designers must not rely on the absence or characteristics of any features or instructions marked "reserved" or "undefined." Intel reserves these for future definition and shall have no responsibility whatsoever for conflicts or incompatibilities arising from future changes to them.
Products referenced herein may be incomplete or contain errors known as errata which may cause the products to deviate from published specifications. Current characterized errata are available upon request.
Intel® Active Management Technology requires the computer have an Intel® AMT-enabled Intel chipset, network hardware and software, connection with a power source, and a network connection.
Intel® Virtualization Technology requires a computer system with an enabled Intel® processor, BIOS, virtual machine monitor (VMM) and for some uses, certain platform software enabled for it. Functionality, performance or other benefits will vary depending on hardware and software configurations. Intel Virtualization Technology-enabled BIOS and VMM applications are currently in development.
Copyright (c) Intel Corporation 2007-2009* Other names and brands may be claimed as the property of others.
3Intel Confidential 3
Expanding Redirection Capabilities
4Intel Confidential 4
Example Use-Cases
Console _ X
Computer State Comp A UnhealthyComp B OS unresponsiveComp C RebootingComp D OS Healthy
Select a machine to manage
Comp A Screen
Dsfsd.sys failed at mem location 0x1234hfhsMemory dump:3409afed 3409afed 3409afed 3409afed 3409afed 3409afed
Console
5Intel Confidential 5
Advantages of KVM Remote Control
6Intel Confidential 6
Terminology
Term Definition
KVM Server The KVM service running on the managed client.A KVM Server runs in the Intel® vPro™ management engine.
KVM Client The ISV console connecting to the KVM Server.
sprite A graphic overlay that is drawn directly to the monitor by the integrated hardware. Similar to volume / channel indication on television.
Intel® vPro™ System Remote Console
KVM Session RequestPasscode: 123456
Sprite Graphic
KVM Server
KVM Client
7Intel Confidential 7
Example Deployment FlowPrior to KVM Remote Control use, several steps with some notable options are required. This occurs in conjunction with Intel® vPro™ Setup & Configuration.
8Intel Confidential 8
Example KVM Remote Control Session
* Other names and brands may be claimed as the property of others.
Intel® vPro™ System Remote Console
Passcode
KVM
Passcode
SessionTerminated
9Intel Confidential 9
Example User Consent FlowBy default, the user must consent to each KVM Remote Control session. This may be disabled by:
•OEM
•During USB initiated setup
•User opts out through MEBx
•Optionally enabled / disabled remotely if allowed in MEBx
10Intel Confidential 10
Wireless ConnectivityManagement traffic passes through the host wireless driver when operational. (“Pipe” mode)
The management engine (ME) manages wireless connectivity when the host driver is absent. (“Operational” mode)
Intel® AMT implements “link sensitive” behavior during some use-cases to avoid connectivity interruptions.
Starting with Intel® AMT 6.0, you can control the link preference to fit your use-case through AMT_EthernetPortSettings.SetLinkPreference
11Intel Confidential 11
Simple Connection Option
12Intel Confidential 12
TLS
Enhanced Intel® AMT Connection
* Other names and brands may be claimed as the property of others.
13Intel Confidential 13
Protocols
* Other names and brands may be claimed as the property of others.
14Intel Confidential 14
Protocol & Viewer Options
Protocol Options Viewer Compatibility
* Other names and brands may be claimed as the property of others.† Compatibility depends on 3rd party implementation.
15Intel Confidential 15
SDK Components
* Other names and brands may be claimed as the property of others.
16Intel Confidential 16
Configuration (partial list)
17Intel Confidential 17
Architecture Considerations
ConsoleConsole
Console GUI
VNC Library
Intel® AMT Redirection
Proxy TLS
Integrated(SDK Sample)
ConsoleConsole
Console GUI
VNC Library
Central ServerCentral Server
Intel® AMT Redirection
Proxy
TLS
Distributed(Example #1)
Central ServerCentral Server
ConsoleConsole
Console GUI
VNC Library
Intel® AMT Redirection
Proxy
TLS
Distributed(Example #2)
18Intel Confidential 18
Discrete Graphics Considerations
KVM Requires Active, Integrated GraphicsKVM Requires Active, Integrated Graphics
19Intel Confidential 19
Summary
* Other names and brands may be claimed as the property of others.
20Intel Confidential 20
21Intel Confidential 21
BACKUP
22Intel Confidential 22
APF
TLS
Remote KVM Protocols
RFB
VNC* LibraryIntel®
Redirection Proxy
Intel® Remote
Connectivity Gateway
Intel® vPro™
Platform
* Other names and brands may be claimed as the property of others.
23Intel Confidential 23
Access Monitor – KVM Related Events
•KVM session start
•KVM session end
•KVM enable
•KVM disable
•RFB password failed X times
•KVM user consent options changed
•RFB password changed
24Intel Confidential 24
Intel® Management and Security Status (IMSS) Enhancements•Display the enabled/disabled status of the KVM feature
•Indicate if there is an active KVM session
•Notify the user that a KVM session is starting
•Provide an option to stop the KVM session
•Select language for sprite messages
25Intel Confidential 25
User Consent Switches• Remote user consent control
through API
• IPS_KVMRedirectionSettingData -> OptInPolicy
•Must be allowed by firmware setting
• OEM sets the default
• OEM settings may be overridden by MEBx
OEM Setting: Allow Remote User Consent
Control
MEBx Setting: Allow Remote User Consent
Control
AMT Admin: User Consent
SettingUser Consent
KVM Session
No
Yes
Not Required
Required
Yes
No
DefaultSettings
26Intel Confidential 26
KVM BIOS/FW Settings Matrix
KVM Enabled (Y/N)
User Consent (On/Off)
Remote Config of User
Consent (On/Off)
Manual Touch for IT
(Yes/No)
Yes On On No
Yes Off On No
Yes On Off Yes
Yes Off Off Yes
No On or Off On or Off Yes
RecommendedOEM Settings
Good for IT, no touch
Bad for IT, requires touch