Home > Intel Communities > Open Port IT Community > Intel® vPro™ Expert Center > Blog > Tags > commander
Up to Blog Posts in Intel® vPro™ Expert Center
1 2 Previous Next

Intel vPro Expert Center Blog

22 Posts tagged with the commander tag
Ylian Saint-Hilaire
0

Just released version v0.40 of the Intel AMT DTK, with the addition of 802.1x and Endpoint Access Control (EAC) as I wrote about in my previous blog. This is probably not going to be a big impact on many people since this feature is exclusive to large enterprises, but it's very useful for testing Intel AMT in environments where the network has access control. As I noted previously, I don't have equipment to test 802.1x and EAC, so, I will rely on the community to give me feedback.

 

Another interesting feature in v0.40 is the additon of Intel AMT Guardport as a Microsoft Windows tray icon application and Windows Service. Guardpost is of course the C/C++ version of Intel AMT Outpost, perfect to deployments with smaller system footprint but also for adding to a WinPE based recovery OS.

 

 

Intel AMT DTK v0.40 Audio Blog (.mp3)

 

 

 

 

Ylian (Intel AMT Blog)

 

 

0 Comments Permalink Tags: intel, amt, dtk, commander, outpost, guardport, 802.1x, eac
Ylian Saint-Hilaire
0

 

In my never ending quest to try to have full coverage of all Intel AMT features in the Intel AMT DTK, I got motivated by two colleges to add 802.1x and Endpoint Access Control (EAC) support to Intel AMT Commander. I am not an expert on these two technologies, but they basically allow the network switch to authenticate a client and decide if it's going to let it connect on the network. This feature is normally supported in the operating system to get access to a corporate network, but when a network makes use of 802.1x to authenticate clients and the OS is down, Intel AMT can't access the network unless it authenticates.

 

 

Starting with Intel AMT 2.5 and then 3.0, Intel AMT support 802.1x and EAC and so, can authenticate itself to the network while the OS is down. In large enterprises where security is very important, this is an absolute must have. You never know if someone plugs-in an un-authorized computer on a network drop in some conference room.

 

 

I don't have 802.1x or EAC equipment in my lab, but I have attempted to add support for it in the upcoming version of Commander simply by using the SDK's documentation. Luckily, if I can set the state of Intel AMT correctly and also read it back, there is a good chance I am on the right track. If you are trying to use these features now with a SOAP tool, it's a real pain, so, having a nicer and friendlier UI is very important. I started coding this last week and realized quickly, I also needed to support the new certificate storage interfaces available in AMT 2.5 and above, so I added support for that too.

 

 

In any case, all of this is coming up in version v0.40 of the Intel AMT DTK that I should be releasing very soon. Since I have no such network, I am counting on community members to try these new features out and give me feedback on things I should change or improve.

 

 

Ylian (Intel AMT Blog)

 

 

0 Comments Permalink Tags: intel, amt, dtk, commander, 802.1x, eac, access, control
Ylian Saint-Hilaire
0

 

With release v0.39 of the Intel AMT Developer Tool Kit (DTK), I started work on adding WS-MAN to Intel AMT Commander. My plan is to have the IAmtRemoteStack.dll be dual mode and support both the older and newer interface at the same time. Ideally, if Intel AMT Commander can use WS-MAN to communicate with Intel AMT, it would not have to use SOAP call at all in the future. Right now, I use only the older interface, or a combination of both. Currently, only the inventory asset and event log are read using WS-MAN.

 

 

Probably the most important feature I needed to get started with WS-MAN was a standard WS-MAN browser to help me understand how everything works. I built one into Intel AMT Commander by including all the WSMAN generated classes from the Intel AMT SDK and performing .NET reflection to display all the data on the UI. I must report that so far, WSMAN is slower than SOAP and I have seen some issued with the interface. I am especially annoyed when SOAP and WSMAN report different data.

 

 

If you plan on downloading the Intel AMT DTK source code and compiling it on Windows XP, or simply using Intel AMT Commander with WSMAN on Windows XP, you will notice that you are missing a COM object for WinRM. You need to download it here from Microsoft. If WinRM is not present on your system, Commander will detect that and simply not use WSMAN.

 

 

On Microsoft Vista or with Microsoft Windows XP with WinRM installed, you still need to setup WinRM correctly to get things to work. I put some instructions in the DTK's readme.txt file. It's the same instructions that are provided with the Intel AMT SDK.

 

 

I have to say that dual porting the stack to use both SOAP and WSMAN is going to be a lot of work. I may do some of it and wait for demand to increase before I complete the work. I have many more features on my plate.

 

 

Speaking of new features, there is a contest going on to collect feedback on the Intel AMT SDK and Intel AMT DTK, nice prices to be had!

 

 

Ylian (Intel AMT Blog)

 

 

0 Comments Permalink Tags: amt, dtk, wsman, commander, soap, winrm
Ylian Saint-Hilaire
0

We just released the Intel AMT Developer Tool Kit (DTK) v0.39 on the public web site with source code a few minutes ago. In this release we have many more bug fixes but also, initial work on WS-MAN support in Intel AMT Commander. In relation for WS-MAN, the most interesting new feature is a WS-MAN browser that takes all of the WSMAN objects in the Intel AMT SDK and turns them into objects that can be enumerated and viewed from any Intel AMT 3.0 computer.

 

Intel AMT Switchbox and Intel AMT interceptor where both improved in this release, we also updated the full source code. Two new features features are partially implemented in v0.39: Certificate Store support and 802.1x (both are AMT 2.5 and AMT 3.0 features). Still much work to be done in these areas, but its a good start.

 

For people trying to perform IDE-R and SOL over the Internet, I added a new "Advanced Properties" form that allows a user to change the timeouts of the redirection library. I don't know what the correct values are, hopefully someone can help me figure them out. Right now, they are all set in the UI to 10000, but most people will continue to use the default settings which are built into the redirection library.

 

 

Intel AMT DTK v0.39 Audio Blog (.mp3)

 

 

Enjoy!

Ylian (Intel AMT Blog)

 

 

0 Comments Permalink Tags: intel, amt, dtk, commander, outpost, director, developer, tool, kit
Ylian Saint-Hilaire
5

 

This is my second video demonstration of Intel AMT Commander at IDF. This time, I show off Intel System Defence, Agent Presence and the benefits of using Serial-over-LAN to communicate with a OS agent while the network driver is turned off.

 

Ylian (Intel AMT Blog)

5 Comments Permalink Tags: intel, amt, commander, management, outpost, video, demonstration
Ylian Saint-Hilaire
0

We just released the Intel AMT Developer Tool Kit (DTK) v0.37 . Here are the highlights of the changes in v0.37:

  • Intel AMT Monitor in Japanese. Improved Japanese internalization and now, Intel AMT Monitor is also in Japanese. Thanks to 3 Intel employees Intel Japan, the Intel AMT DTK and Intel vPro products are much more successful in Japan. For people who did not know, English, Japanese and Simplified Chinese are all included in the standard Intel AMT DTK package.

  • Improved Commander support for Switchbox. Intel AMT Commander can be used to connect to Intel AMT Switchbox in TLS mode, and now, Commander will show connection warnings if the certificate is invalid and can also be used to issue a new certificate to Intel AMT Switchbox. This makes using Intel AMT Switchbox with full TLS security easier than ever.

  • Intel AMT Commander Network Feature. Now includes NIC info, environment discovery & VPN routing. Intel AMT Commander can how display all of the network configuration settings of the ME, set ME's Sx state ping response, set the VPN routing flag (AMT 2.5 only) and now fully supports setting the environment detection parameters (AMT 2.5 and 3.0 only). Now Intel AMT Commander can be used to fully experiment with these new platform features.

  • First attempt at running Commander on Linux and MacOS. This new version for DTK includes a new folder called "MonoEdition" and source code includes a new "Debug-Mono" compiler target in an attempt to run Intel AMT Commander on the MONO framework. MONO is an open source project attempting to build a compatible Microsoft .NET framework on Linux. So far, only a very limited version of Commander can run on MONO 1.2.4 within Microsoft Windows, and no luck running on Linux yet. It's likely that with the release for MONO 2.0 later this year, Commander will run pretty well.

 

In addition to these, we made many more changes and bug fixes. For example: The terminal will now show if a laptop is connected on AC or is using battery. As usual, we encourage people to test and submit bugs & feedback on Intel AMT Commander, Director, Outpost, Monitor & Switchbox.

 

 

 

Audio blog: Ylian's audio blog on the Intel AMT DTK v0.37 (.mp3)

 

 

Updated screens:

 

 

 

 

Ylian (Intel AMT Blog)

0 Comments Permalink Tags: amt, dtk, commander, outpost, director, monitor, switchbox, developer, tool, kit
Ylian Saint-Hilaire
4

We released the Intel AMT DTK v0.36 on the public web site and in this blog, I want to focus on a new trick I am using in Intel AMT Commander and Intel AMT Outpost.

 

For a long time, many people have asked me to create an easy way to send a clean "sleep", "shutdown", "reset", "logoff" command to the Intel AMT computer. We can already do this using serial-over-LAN but I wanted to find a way to communicate this message using HECI and I did. I call it "Reverse-Watchdog".

 

Instead of using the watchdog feature normally, the agent (Intel AMT Outpost) does a heartbeat on an agent that does not exist. Once the console (Intel AMT Commander) creates it, the agent registration will work and the agent will get the "agent timeout" value (an unsigned short). The agent will pass this value up the stack as a "notification message ID" from the console, and the agent will take action based on that number. Also, the fact that the agent registers will cause the agent to switch to "running" state and this will cause the console to get a confirmation of reception. The console then removes the watchdog. Intel AMT Outpost is instrumented to ignore the notification if the agent already exists in startup, so leaving an agent in AMT will not cause the notification to be used. This is a neat trick if you want to communicate to lots of agents on many computers without using SOL or in-band network traffic.

 

Ylian (Intel AMT Blog)

4 Comments Permalink Tags: intel, amt, dtk, commander, outpost, switchbox, tools
1 2 Previous Next

Popular Blog Posts