How Do You Manage?
Answers for Intel® vPro™ Developers
Intel® vPro™ technology puts powerful manageability in your hands,
but there are intricacies involved. To get the full value of the opportunities,
you’ll need some guidance now and then. Fortunately, there’s help available
from Intel® Developer Zone,
including answers to your questions from Gael
Holmes Hofemeier, an Intel®
Black Belt developer.
Gael has been an application engineer with Intel since 2000,
and her specific focus for the past several years has been on platform enabling
for Intel vPro technologies, with a focus on Intel® Active Management
Technology (Intel® AMT). As she engages directly with developers, IT professionals,
and others through the Intel communities and forums, certain questions are on a
lot of people’s minds. The top five are described below; if you don’t see what
you’re looking for, you can always post to the Intel
vPro technology forum.
Top Question 1: Why can’t I get KVM to work?
The keyboard-video-mouse (KVM) feature of Intel AMT provides
full remote control of client systems from the management console. Like other
features of Intel AMT, the KVM functionality is enabled at the hardware level,
so it’s available regardless of client system state. In other words, with Intel
AMT KVM, you can remote-control a PC even if it is powered-down, has a damaged OS,
or even hasn’t been imaged yet.
While configuring this capability is relatively straightforward,
there are a number of things you must take into account. Assuming the system
supports KVM, for example, Intel AMT must be enabled, the right port
assignments must be configured, authentication must be set up properly, and so
on. For details about getting KVM up and running, have a look at the following entries
in Gael’s blog:
Question 2: Can I access the Intel® AMT Web UI from the local Intel AMT
client?
Managing Intel vPro technology client PCs is through the
browser-based Web UI is a convenient option. It allows a simple, intuitive way
to view information such as logs and system details, as well as to perform
functions such as rebooting PCs and configuring network connectivity, power
options, and Intel AMT account details.
Early versions of Intel AMT only allowed remote connection
to the Web UI, but beginning with Intel AMT 6.1, users with Administrator
rights can connect to the Web UI locally. The following blog entry covers this
topic in more detail, including specific procedures for various Intel AMT
configurations and links to videos that will be helpful as you get up to speed
on this topic:
Question 3: What it the relationship between Intel AMT and the Intel®
Manageability Engine?
To get full use out of the documentation, discussions, and
articles related to manageability of business PCs based on Intel vPro
technology, it is important first to understand the vocabulary. Intel vPro
technology is an umbrella term for Intel’s flagship business PC platform
architecture, which includes manageability based on Intel AMT. The entire
manageability technology is included in Intel AMT, part of which is also the
server-side technology used to manage individual business PCs.
The Intel® Manageability Engine (Intel® ME) is the set of
hardware features including processing mechanisms and non-volatile memory,
operating below the OS level, that underlie Intel AMT. Its functionality is
exposed using a set of BIOS extensions, and it communicates with the rest of
the network over a logically isolated interface that operates over the same
physical interface as regular LAN traffic. The following blog entries discuss
the Intel ME and some related components in more detail:
Question 4: What does it mean if I’m getting a communication error
regarding the MEI driver (or HECI driver)?
Software running on the local client communicates with the
Intel ME by means of the Intel Manageability Engine Interface (MEI) driver,
also known as the Host Embedded Controller Interface (HECI) driver. That
communication is needed for both Intel AMT and Intel® Anti-Theft Technology
(Intel® AT Technology), and if it is unsuccessful for some reason, the system
will generate a communication error.
If you run into a communication error related to Intel AMT
or Intel AT, the first step in correcting the issue is to verify that the Intel
ME and Intel AMT and/or Intel AT Technology are enabled in BIOS. Beyond that, a
number of tools are available to help identify the root cause of the error and
correct it. For a description of procedures and tools to help you troubleshoot
this type of error, as well as where to get a valid driver for various systems
if you need to, have a look at the following blog entry:
Question 5: How can I recover a forgotten password for the Intel AMT
Manageability Engine?
Working with business PCs based on Intel vPro technology
involves two passwords: one for Intel AMT and one for the Intel ME. The former
is used with a management console or the Web UI, and it can be changed using
APIs that are described in the Intel®
AMT Network Interface Guide. The latter is used when you enter CTRL-P and
access the Intel ME, and it can only be changed by logging directly into the
Intel ME or through a provisioning server.
If either or both of those passwords is forgotten, the
resolution is to restore the passwords to factory defaults, rather than
actually recovering the password(s). The procedure for doing so depends on the
specific system, and it may be as simple as removing the battery for 15
seconds, or it may be more complicated. The following blog entries describe
Intel AMT and Intel ME passwords in more detail, including how to reset them to
their factory defaults and requirements for the strong passwords required by
Intel AMT and Intel ME:
Join the Intel® Black Belt Developers
and other Intel® vPro™ Technology Experts in
the Intel® Developer Zone
