Intel vPro Expert Center Blog

6 Posts tagged with the ylian tag
Click to view josh.hilliker's profile
2

Ylian created this based on his class at IDF (Intel Developers Forum). this video is 23 minutes and well worth the time. If you are getting started, looking for a refresher or just want to hear one of the brightest folks talk about AMT, this is your video..


Enjoy..

2 Comments Permalink Tags: josh_hilliker, vpro_expert_center, amt, vpro, ylian
Click to view Ylian Saint-Hilaire's profile
0


Hi everyone. A few days ago, I did a demonstration of Intel AMT at an Intel event. This is a standard demonstration of Intel AMT with reboot, remote BIOS edit and the unique TCP-over-SOL to perform a VNC session on a computer that has the operating system network stack disabled.

This video is also available in high quality within the YouTube site. You have to go into YouTube and click ont the high quality link. I am pretty impressed how must better the quality is when viewing it in high quality.

The VNC-over-SOL demonstration is probably my number one demonstration for WOW'ing an audience with Intel AMT. I sometimes also do demonstration on agent presence that is also unique to the DTK.

Ylian

0 Comments Permalink Tags: intel, amt, dtk, vpro_tools, video, demonstration, ylian
Click to view Ylian Saint-Hilaire's profile
0

I often get questions about the Intel AMT serial port. Ever since the DTK started to make heavy use of it, serial-over-LAN has gotten a lot of attention. First, how do you change the COM port number of the Intel AMT serial port? The COM number (COM3: for example) is assigned by the operating system, so you don’t see that is any AMT/BIOS/MEBx option. You have to go into Microsoft Windows Device Manager, go to the properties of the “Intel(R) Active Management Technology – SOL” port. Then go into the “Port Settings” tab and press the advanced button. There, you can change the COM port.

Also, it’s often useful for application to be able to automatically detect the AMT serial port. In Intel AMT Outpost, I scan the device drivers looking for the “Intel(R) Active Management Technology – SOL” device and read the COM port number that follows in that string. Sofar, it seems to work great, even in non-English countries, something I am always worried about.

The Intel AMT serial port is much like any other serial port, but it has a PCI device identifier that is not normally known to Microsoft Windows and so, Windows does not know what to do with this device. On Intel’s web site, there is an SOL driver available. The serial driver itself is just a small .INF that tells Microsoft Windows to load and use the standard serial driver. In fact, one can manually force the standard Windows serial driver to be used for this device. You need to go in the device manager and pick a driver from the list, select Microsoft as the manufacturer and you will see it. Even if it’s possible, I don’t recommend it because the DTK code will no longer recognize that COM port as being the AMT port, it’s going to work but will have the wrong name for auto-detection.

Lastly, if someone needed to know if a computer is AMT enabled without having to load any drivers, one way to do it would be to detect the presence of the Intel AMT serial port. It is always present even when AMT is un-provisioned, and it can’t be turned off, unless AMT is disabled entirely in MEBx. This can be a good way to figure out if you need to start considering a computer for AMT setup.

Ylian
(Intel AMT Blog)

0 Comments Permalink Tags: intel, amt, dtk, ylian, serial, sol
Click to view Ylian Saint-Hilaire's profile
0

As many of you may know, there are two ways of contacting Intel AMT: The remote network interface and the local LMS/HECI interface. These interfaces are very different; the remote interface that is available thru the wired and sometimes wireless Ethernet and is rich with features while the local Intel AMT interface is very limited. Intel AMT was designed this way from the start for security. Intel AMT acting as an IT agent on desktops and laptops could not be allowed to be meddled with by the local user or local applications that could try to use or deactivate Intel AMT. That at least was the original design intent.

Times have changed it seems and many users of Intel AMT don’t see local users and applications as being always hostile. There are many reasons why it would be very interesting to access all of the features of Intel AMT locally. For example

  • If the user changes the name of the computer is the OS, it would be nice to have a local agent sync up the Intel AMT network with the OS name automatically. This way, when the computer goes to sleep next, Intel AMT will report the correct new name.
  • Circuit breaker policies could be used as a local firewall implemented in hardware. Set it once and the gigabit network chip does all the filtering and counters at gigabit speeds.
  • On a mobile platform, wireless profiles could also be synched up automatically. The user adds a new wireless profile with a WPA key and this profile is automatically added to Intel AMT.
  • Enterprise provisioning of Intel AMT could be done entirely locally using local software removing the need for complicated centralized servers.

Instead of seeing the local user as hostile, the local application now cooperate to setup Intel AMT so that if something goes wrong, it’s ready to be used to recover the computer. All this and more would be possible if Intel AMT allows the local applications full access to all the remote interface features.

A local application can’t simply connect to TCP port 16992 or 16993 and access all of the Intel AMT features since the traffic has to flow thru the gigabit network interface. Connecting to 127.0.0.1 will not work, that will access the more limited local interface.

A solution is to use a reflection application like Intel DTK Network Reflector found in the Intel AMT DTK. This tool runs on a central always on server and simply reflects back all TCP connections back to the source on ports 16992 to 16995. Using this tool an Intel AMT console or even a web browser can connect to "http://reflector:16992" and log into its own Intel AMT remote services. However, there are issues with this solution: You need this reflector tool running and know where on the network it is running. Also, a rogue application could log into the remote interface and put an annoying circuit breaker policy to drop all packets, etc.

In the future, Intel AMT itself could be modified to allow all services on the local interface removing the need for the reflector. There are security considerations of course, but feedback from users of Intel AMT on this idea would be appreciated.

Ylian (Intel AMT Blog)
http://communities.intel.com/openport/servlet/JiveServlet/downloadImage/1391/Reflector.jpg

0 Comments Permalink Tags: ylian, intel, amt, dtk, reflector, local, remote, developer_tool_kit
Click to view Ylian Saint-Hilaire's profile
0

Last week Intel sent me to Israel for an Intel only gathering of engineers, architects and specialists that work on Intel AMT. I was honored to attend and also to be a speaker taking about the progress made with the DTK. First of all, I want to thank all of the people in Intel Israel for making this trip a great success. I also got to hear about many DTK success stories and it all of the hard work worth it. I was especially surprised with the DTK’s success in Asia, but also all over the world. I am still not sure if it’s the tutorial videos, the translations or what.

In addition to the meetings, we had a great time visiting the old city of Jerusalem, the Dead Sea and later on my own the city of Elat and Petra in Jordan. I got some of the most wonderful pictures and uploaded some on Google servers here:

http://picasaweb.google.com/ysainthilaire/Israel200802


These pictures cover the 10 days of my trip, starting with the old city then me playing in the mud and floating in the Dead Sea and finishing with my visit to Jordan. Jordan was probably this highlight of this trip, there is something just odd about traveling in this vast desert and realizing that I was in the country that had a common border with Iraq. For most of us in the US, it seems so distant. The city of Petra in Jordon has unique sand stone carvings in the walls. Some people will also notice that the Indiana Jones movie was filmed at this location. Petra was named one of the new 7 wonders of the world and as a result got a surge in tourism. It’s a wonderful place, hot and laid back.


Most people travel by air from Jerusalem to Elat and Jordan, but I opted to take the bus. It’s a 4 and a half hour trip thru amazing scenery. It’s also inexpensive, about 12 to 15$ and much more convenient than by airplane. I will say that except for the bus, everything was very expensive in US dollars. It’s a shame the dollar is so weak, I don’t except to make many of these trips.


Last week was the holocaust memorial day in Israel and I happened to visit the Wailing Wall with some of my Intel co-workers just as 1000’s of people where attending a ceremony that was being broadcast live on TV. One of my pictures shows all the people at the wall.


The Dead Sea was really amazing, it’s so saturated with salt that you simply float. This sea is the lowest point on Earth I am told, it’s 1,378 feet below sea level. Your ears pop on the way there as the air pressure increases. As pressure increases so does the temperature which will often be 10 degrees hotter than Jerusalem. The Dead Sea is well known for the Dead Sea salts used as skin treatment. It also gave me a great excuse to play in the mud! You let it dry and wash it off to wonderful skin… but it’s also just loads of fun.


To sum it up, this 10 day trip was simply amazing. In addition to meeting many people who use the DTK, I also got to see and experience some unique places I will never forget.


Ylian (Intel AMT Blog)

0 Comments Permalink Tags: ylian, travel, intel, amt, dtk, commander, israel, jordon
Click to view Ylian Saint-Hilaire's profile
0

I just posted a new YouTube video on my own Intel AMT 3.0 computer that runs under my television. It runs Microsoft Media Center, has 4 cores, 4 tuners, 4 hard drives, 3 Gigs of RAM, 2 DVD's... Certainly the most powerful computer I have ever owned. Most importantly, it has Intel AMT 3.0 using an Intel DQ35JO motherboard. This is very useful for me to work on Intel AMT Commander on my spare time and also to remotely manage my computer from anywhere in the world.

If you guys have your own computer project that runs Intel AMT, please let me know. Better yet, if you have pictures it would be great to share with the community.

Ylian (Intel AMT Blog)

0 Comments Permalink Tags: intel, amt, dtk, ylian, home