Intel vPro Expert Center Blog

6 Posts tagged with the director tag
Click to view Ylian Saint-Hilaire's profile
0


Years before I started working on Intel AMT, designers where creating a list of usages that would be enabled by Intel AMT. The list included, I presume, usages around 3PDS, remote reboot to BIOS, disk redirection, etc. Many of the Intel AMT usages that are promoted on the Intel web site. When I started work on the DTK, a personal challenge had always been to find new ways of using existing features to do different and sometimes unexpected things. Create new usages for Intel AMT that it was never originally designed to do. I now present my top 5 abuses of existing features.

TCP-over-Serial-over-LAN. The Intel AMT serial port I am told, was originally designed as an easy way to remotely take control of the BIOS and recovery OS remotely. Designers needed a way for BIOS to be able to send test display data to a remote console. A virtual serial port was a great solution. It so happens that in the original design, this serial port was always enabled and usable, even when the normal OS was running. This allows a serial agent to talk to a console while bypassing the OS’s network stack. This is interesting on its own and I started work on a serial agent of my own. Things took a weird twist when I started sending binary data and sending files over this serial port, making it very valuable. It’s only a few weeks later that I realized I could also send TCP traffic over this serial link, making it possible to contact TCP services on the Intel AMT computer even if the network stack was disabled. A few days later, I showcased the first demonstration of VNC-over-SOL, and turning this abuse of the serial port into an instant hit. To this day, VNC-over-SOL is still, one of the most impressive demonstrations of Intel AMT.

Reverse Watchdog. When Intel sales people demonstrate Intel AMT to customers, they often get asked if you can shutdown gracefully an Intel AMT computer using Intel AMT. The simple answer was no, Intel AMT will perform a brutal shutdown or reset upon request. To perform operations like a clean shutdown or reset, sleep or hibernation requires the involvement of the OS. You could tell a serial agent like Intel AMT Outpost to perform the shutdown, but that required opening the serial connection and could be a problem if you had to shutdown many computers. I needed a way to pass a small amount of information to a running Intel AMT agent on the PC, do it using SOAP/WSMAN only and if possible get confirmation of reception. We could store the command into 3PDS and have the agent read it periodically, but 3PDS required setup and that little amount of data would have required allocation of a 4K flash page. The solution came when looking at the agent presence feature. When a console creates a new agent, the agent can now register this agent locally. The agent also get the timeout of the agent in seconds (from 1 to 65535), this would be the key. By constantly trying to register a known GUID, Intel AMT Outpost could see if the agent existed or not. If suddenly the registration works, the timeout value would indicate that type of shutdown operation to perform. Better yet, the simple fact that registration occurred changes the state of the agent to “Running”, confirming to the console that the message was indeed received. Today the Intel AMT Terminal has “Agent Commands” in the remote control that allows a user to perform soft operations when the agent is running, even if the OS network stack is not working.

Mouse over serial. A few months back I started work on a smaller version of Intel AMT Outpost called Intel AMT Guardpost. The idea was that if a serial agent was going to be useful, it was going to need to run on a recovery OS, run in the background with no dependencies and with as little footprint as possible (Is it not annoying to have all there background processes running?). The C/C++ version of Intel AMT Outpost was on its way. One feature I always wanted to work on was a remote Windows command prompt; it took over a week to finally pull this off. I could now remotely shell to DOS and perform basic command line operations. I could also enter the command like editor with the “Edit” command at which point, the temptation to support the mouse-over-serial-over-LAN was a must have. Using the binary serial protocol, I added the support to the terminal in a few hours. To this day, it’s still a fun and amazing demonstration of outstanding remote manageability.

IDE-R within the OS. A few days after first enabling IDE-R within Intel AMT Commander, I stumbled upon something I had not noticed before. If an administrator where to start IDE redirection and the OS was to re-scan its plug & play devices, the additional floppy and CDROM drive would show up in Microsoft Windows. This was immediately interesting since transferring files over the serial port was limited to 115kb/sec a very slow speed in today’s world. With IDE-R, you can copy files at around CDROM 4x speed on a local network. All I needed was a way for Intel AMT Outpost to cause the OS to rescan its plug & play devices. A few hours later the “HWRESCAN” command was built and for the first time, an administrator could mount a CDROM remotely and install a patch as high speed without ever using the OS’s network stack. This feature also turned out to be an excellent compliment to VNC-over-SOL.

Fast data path using IDE-R. This is not an idea I never built into the DTK, but I wanted to add it to this list since it would also be an interesting was to use existing features in new ways. The serial-over-LAN feature turned out to be extremely valuable, but it is also slow. Serial ports are very inefficient. One way someone could speed things up is to use IDE-R as a fast by-pass to the OS. An administrator would mount a virtual floppy disk drive containing a single file. This file, would not really exist, it would contain different data each time it was read, making it possible to send data to an OS agent thru Intel AMT at much higher speeds. Also, since the floppy is a read/write device, the agent could write into the virtual file data that it wants to send to the console. It would be quite a bit of work to pull this off, but it certainly seems possible. Someone would just have to know the internal format of an .img file.

That’s my top 5. I realize this is probably a rather advanced blog article, but this is proof that you can have a lot of fun to any technologies.


Ylian (Intel AMT Blog)

0 Comments 8 References Permalink Tags: intel, amt, dtk, commander, outpost, director, guardport, serial, ider, sol
Click to view Ylian Saint-Hilaire's profile
0

It's time for another release of the Intel AMT DTK v0.48x. The "X" stands for external since for the last two months I have been working on upcoming Intel platforms features and so, not releasing public updates as often as I use to. In this release there are so many changes, I can't really go thru them all.

I think users will see the Intel AMT Commander UI has been improved a lot, and some work has been done to improve responsiveness. The look of the UI is also improved, especialy heuristic and agent presence features. WSMAN support is moving along, I recently found and added a way to automaticaly detect that an Intel AMT computer is in WSMAN only mode and connect to it correctly. WSMAN support is still weak, but improving.

For people looking at the Intel AMT DTK source code, many more changes. Intel AMT Commander's main form was starting to be way to big and so now all the right hand side panels and proken up into seperate files. The terminal was also broken up, a new VT100 user control is now avaialble to process serial-over-LAN on-screen display. This is very useful for developers that want to build their own VT100 terminal that looks different from Intel AMT Commander.

Certificate and TLS handling was improved thruout. First, many of the tools will now work better with mutual-authentication, this is especialy true for IAmtTerm.exe that did not do so well with mutual-auth before. Intel AMT Director's certificate handling is improved, you can now drag & drop a certificate on Director's certificate manager to import, added more certificate formats and Director can now issue certificates with many common names, just like Intel SCS does. Commander will also handle these certificates better than before.

All in all, this is a major new update to the Intel AMT DTK. I encorage people to keep sending bug reports, and thank everyone who already did.

Download: Intel AMT DTK v0.48x Audio Blog (.mp3)

Ylian

0 Comments 0 References Permalink Tags: amt, commander, director, outpost, guardpost, dtk
Click to view Ylian Saint-Hilaire's profile
0


I am happy to announce that we just put online a new Intel AMT Developer Tool Kit (DTK) tutorial video pack. It's just a large 146 megabytes ZIP file with 11 tutorial videos recorded using a desktop capture application and two live Intel AMT demonstrations using Intel AMT Commander. This is great news for people who had problems streaming the videos before or who simply wanted to get all the videos in highest possible quality. The tutorial video pack is available on the Intel AMT DTK web page, at the bottom of the page.

Many people ask how I record the tutorial videos. I simply use Microsoft's Windows Media Encoder 9 tool, it's available for free on the Microsoft web site. The best audio quality, I got myself a USB headset with built-in microphone. I just never had good luck with normal microphones that plug into sound cards, and this USB headsetalways works perfectly. I don't usually rehearse much before recording these videos and sometimes I record them late at night. As a result you get a pretty honest look at how I use the Intel AMT DTK myself.

The tutorial video pack includes early videos from the Intel AMT DTK v0.11 days, and much newer videos recorded using a yet unreleased version of the Intel AMT DTK. If you are really lucky and happen to own an Intel AMT 3.0 computer, you will be especially interested in the new heuristic tutorial video and will noticed that Intel AMT Commander's UI has been updated. I will get the latest version online within the next week, it's really cool and much improved.


Ylian (Intel AMT Blog)

0 Comments 4 References Permalink Tags: intel, amt, dtk, commander, director, outpost, tutorial, videos, pack
Click to view Ylian Saint-Hilaire's profile
0


It's time for a new release of the Intel AMT Developer Tool Kit. Version v0.45 was released Saturday morning with a bunch more bug fixes and improvements. People ask me what the formal road map for the DTK is and I answer that there is none, its customer driven and I constantly improve many features. Of course, I have my ideas where I am going with this, but I am always looking for suggestions.

Let's look at a few new features in this release:

Intel AMT Commander can now auto-detect and connect to LMS. In the past, only Intel AMT Outpost could connect to the local Intel AMT interface. In this new release, Intel AMT Commander will automatically detect and connect to LMS. So you can direct Commander to connect to "localhost" enter the username and password and it will work. Currently, you can't do much, on AMT 2.5 and higher systems, Intel AMT Commander will display the Intel AMT event log.

Intel AMT Commander re-branding. It's now easier than ever to add branding to Commander, just create a "branding" folder under Intel AMT Commander's executable and put a set of bitmaps in the directory. The default bitmaps will be replaced the next time Commander is run. You can find all the details in the readme.txt file of the DTK. By the way, it's perfectly fine to re-brand and ship Commander or any of the Intel AMT DTK tools. For example: To include with Intel AMT motherboards, etc.

Improves Intel AMT Stack. The Intel AMT stack built in C# on which Intel AMT Commander and the other tools are built on is improving all the time. In this version, I took special care to clean up the "AmtSystem" class. It's the root class for all of the Intel AMT functionality. For a quick sample on how to use the stack, look at the "IAmtCmd" project in the DTK source code.Intel AMT Developer Tool Kit

Intel AMT Developer Tool Kit v0.45 Audio Blog (.mp3)

Ylian (Intel AMT Blog)

0 Comments Permalink Tags: dtk, amt, commander, director, outpost, guardport, branding, stack, lms
Click to view Ylian Saint-Hilaire's profile
0

We just released the Intel AMT Developer Tool Kit (DTK) v0.39 on the public web site with source code a few minutes ago. In this release we have many more bug fixes but also, initial work on WS-MAN support in Intel AMT Commander. In relation for WS-MAN, the most interesting new feature is a WS-MAN browser that takes all of the WSMAN objects in the Intel AMT SDK and turns them into objects that can be enumerated and viewed from any Intel AMT 3.0 computer.

Intel AMT Switchbox and Intel AMT interceptor where both improved in this release, we also updated the full source code. Two new features features are partially implemented in v0.39: Certificate Store support and 802.1x (both are AMT 2.5 and AMT 3.0 features). Still much work to be done in these areas, but its a good start.

For people trying to perform IDE-R and SOL over the Internet, I added a new "Advanced Properties" form that allows a user to change the timeouts of the redirection library. I don't know what the correct values are, hopefully someone can help me figure them out. Right now, they are all set in the UI to 10000, but most people will continue to use the default settings which are built into the redirection library.

Intel AMT DTK v0.39 Audio Blog (.mp3)

Enjoy!
Ylian (Intel AMT Blog)

0 Comments Permalink Tags: intel, amt, dtk, commander, outpost, director, developer, tool, kit
Click to view Ylian Saint-Hilaire's profile
0

We just released the Intel AMT Developer Tool Kit (DTK) v0.37 . Here are the highlights of the changes in v0.37:

  • Intel AMT Monitor in Japanese. Improved Japanese internalization and now, Intel AMT Monitor is also in Japanese. Thanks to 3 Intel employees Intel Japan, the Intel AMT DTK and Intel vPro products are much more successful in Japan. For people who did not know, English, Japanese and Simplified Chinese are all included in the standard Intel AMT DTK package.
  • Improved Commander support for Switchbox. Intel AMT Commander can be used to connect to Intel AMT Switchbox in TLS mode, and now, Commander will show connection warnings if the certificate is invalid and can also be used to issue a new certificate to Intel AMT Switchbox. This makes using Intel AMT Switchbox with full TLS security easier than ever.
  • Intel AMT Commander Network Feature. Now includes NIC info, environment discovery & VPN routing. Intel AMT Commander can how display all of the network configuration settings of the ME, set ME's Sx state ping response, set the VPN routing flag (AMT 2.5 only) and now fully supports setting the environment detection parameters (AMT 2.5 and 3.0 only). Now Intel AMT Commander can be used to fully experiment with these new platform features.
  • First attempt at running Commander on Linux and MacOS. This new version for DTK includes a new folder called "MonoEdition" and source code includes a new "Debug-Mono" compiler target in an attempt to run Intel AMT Commander on the MONO framework. MONO is an open source project attempting to build a compatible Microsoft .NET framework on Linux. So far, only a very limited version of Commander can run on MONO 1.2.4 within Microsoft Windows, and no luck running on Linux yet. It's likely that with the release for MONO 2.0 later this year, Commander will run pretty well.

In addition to these, we made many more changes and bug fixes. For example: The terminal will now show if a laptop is connected on AC or is using battery. As usual, we encourage people to test and submit bugs & feedback on Intel AMT Commander, Director, Outpost, Monitor & Switchbox.


Audio blog:

Updated screens:

http://softwareblogs.intel.com/wordpress/wp-content/uploads/2007/08/screenshot33.jpg http://softwareblogs.intel.com/wordpress/wp-content/uploads/2007/08/screenshot32.jpg

Ylian (Intel AMT Blog)

0 Comments Permalink Tags: amt, dtk, commander, outpost, director, monitor, switchbox, developer, tool, kit