An introduction to Intel’s Active Management Technology (AMT)

As one usually does not have easy (read: spontaneous, fast) access to servers stored away in some ISP’s data center, evaluating remote access/remote management solutions seems like a good idea. Since vendor-specific solutions such as iDRAC, iLO etc. were no option as I wouldn’t buy a “real” server, IPMI and iAMT came as the only available options. IPMI is a quite well-established vendor-independent server standard and pretty common on server boards eg. from Supermicro and Tyan. However, for reasons beyond this article I did not want to buy such a board and instead opted for abusing a client technology, Intel’s Active Management Technology (AMT).

AMT sails as one of the technologies under Intel’s “vPro” marketing label. vPro also stands for selected combinations of desktop/mobile chipsets and processors, incorporating certain features including AMT but also eg. the AES-NI instructions, allowing for hardware-accelerated crypto operations. In the desktop market, the currently cheapest way to build yourself a AMT-ready system is to get a mainboard with Intel’s Q67 chipset (I opted for an Asus P8Q67-M DO) and the Core i5-2400 processor. All Core i3 processors and the smaller i5 models and even some i7 models lack all or some significant features such as Remote KVM — This Intel document tells you which CPU to pick.

AMT features include:

  • remote control over the system’s power state and access to a virtual reset button
  • remote access to inventory and asset information
  • remote access to a BIOS-level event log (memory initialization etc.), even if the BIOS itself doesn’t offer it
  • console redirection via a virtual serial port (SOL)
  • remote boot eg. of installation media (IDE-R)
  • different access levels
  • new since AMT 6.0: VNC-based remote KVM
  • TLS encryption

AMT does even more, but those are probably the most important features.

As I outlined above, AMT is available only for certain combinations of chipset and CPU. This is because AMT has been completely implemented in hardware. It operates independently from any installed operating system and that’s what sets it off from common software-based remote access solutions such as Windows’ built-in Remote Desktop, ordinary VNC etc. So you can really go ahead and perform remote diagnosis and reinstallation of broken machines without physical presence. On the downside, of course, you can only do this if it’s a Intel-based system with the right board/CPU combination. So if you’re in a mixed environment you would probably stick to hardware-based KVM-over-IP solutions, especially seeing that AMD can not yet make it even due to their reliance on DTMF’s DASH standard which does not cover Remote KVM yet.

Leave a comment