Skip navigation


With release v0.39 of the Intel AMT Developer Tool Kit (DTK), I started work on adding WS-MAN to Intel AMT Commander. My plan is to have the IAmtRemoteStack.dll be dual mode and support both the older and newer interface at the same time. Ideally, if Intel AMT Commander can use WS-MAN to communicate with Intel AMT, it would not have to use SOAP call at all in the future. Right now, I use only the older interface, or a combination of both. Currently, only the inventory asset and event log are read using WS-MAN.



Probably the most important feature I needed to get started with WS-MAN was a standard WS-MAN browser to help me understand how everything works. I built one into Intel AMT Commander by including all the WSMAN generated classes from the Intel AMT SDK and performing .NET reflection to display all the data on the UI. I must report that so far, WSMAN is slower than SOAP and I have seen some issued with the interface. I am especially annoyed when SOAP and WSMAN report different data.



If you plan on downloading the Intel AMT DTK source code and compiling it on Windows XP, or simply using Intel AMT Commander with WSMAN on Windows XP, you will notice that you are missing a COM object for WinRM. You need to download it here from Microsoft. If WinRM is not present on your system, Commander will detect that and simply not use WSMAN.



On Microsoft Vista or with Microsoft Windows XP with WinRM installed, you still need to setup WinRM correctly to get things to work. I put some instructions in the DTK's readme.txt file. It's the same instructions that are provided with the Intel AMT SDK.



I have to say that dual porting the stack to use both SOAP and WSMAN is going to be a lot of work. I may do some of it and wait for demand to increase before I complete the work. I have many more features on my plate.



Speaking of new features, there is a contest going on to collect feedback on the Intel AMT SDK and Intel AMT DTK, nice prices to be had!



Ylian (Intel AMT Blog)



Intel got Christopher Guest (Spinal Tap) to direct music videos about Intel


and Intel

Centrino Pro

processor technology. Check them out, see what you think.

We just released the Intel AMT Developer Tool Kit (DTK) v0.39 on the public web site with source code a few minutes ago. In this release we have many more bug fixes but also, initial work on WS-MAN support in Intel AMT Commander. In relation for WS-MAN, the most interesting new feature is a WS-MAN browser that takes all of the WSMAN objects in the Intel AMT SDK and turns them into objects that can be enumerated and viewed from any Intel AMT 3.0 computer.


Intel AMT Switchbox and Intel AMT interceptor where both improved in this release, we also updated the full source code. Two new features features are partially implemented in v0.39: Certificate Store support and 802.1x (both are AMT 2.5 and AMT 3.0 features). Still much work to be done in these areas, but its a good start.


For people trying to perform IDE-R and SOL over the Internet, I added a new "Advanced Properties" form that allows a user to change the timeouts of the redirection library. I don't know what the correct values are, hopefully someone can help me figure them out. Right now, they are all set in the UI to 10000, but most people will continue to use the default settings which are built into the redirection library.



Intel AMT DTK v0.39 Audio Blog (.mp3)




Ylian (Intel AMT Blog)




Hello World

Posted by DavidGrawrock Sep 25, 2007


Hi the vPro team has asked me to blog here regarding the Trusted Platform Module (TPM) and general security issues. For some strange reason I said yes. I have never blogged before, though i do read some blogs regularly, so hopefully I get this right



To give a little bit of my bona fides, I have been the chair of the TPM workgroup for many years and have been the editor of the TPM spec since the begining of the TCG. For extra credit I am also the security architect of Intel Trusted Execution Technology (TXT). Those two jobs may be part of why it seems like I have no real life outside of Intel. But then I really do as this is my 27th year as a soccer coach, this year it is a U14 girls team, Go Shark Bait (ooh ha ha).



Anyway after that little digression some information on the TPM. A vPro platform requires the inclusion of a Version 1.2 TPM. The features of a TPM include storage of measurements, reporting the measurements, protection of information, and basic cryptographic services. I have classes that take hours to give and my first blog post will not cover all of the features and uses of the TPM.



What I will focus on today is that the TPM is an integral part of the platform. Adding a TPM to the platform requires laying out the real estate for the device, adding busses to the device, changing the BIOS to initialize and configure the device, and then OS and applications that take advantage of the TPM. Without all of these changes the TPM does not provide benefits to the platform or the users of the platform. One change that is very important to the platform is the ability to accept and store measurements. The platform is designed to perform a measurement for two critical processes. The first is the boot of the platform. The measurement of the boot process is known as the "static root of trust for measurement" or S-RTM. The other process is the TXT launch and measurement known as the "dynamic root of trust for measurement" or D-RTM. For those just learning about the TPM measurement in this context means take a cryptographic hash of the target (BIOS or VMM). The hash in use is SHA-1.



The result of either RTM is the knowledge, stored in the TPM as a measurement value, of the status of which BIOS just booted the platform or which VMM is executing. Knowledge of the status of the platform then enables both local processes and remote processes to make trust decisions regarding the platform.



Well most likely this is too long for a first post. Please be kind to a first time blogger and let me know what details you would like to dive into.







This is my second video demonstration of Intel AMT Commander at IDF. This time, I show off Intel System Defence, Agent Presence and the benefits of using Serial-over-LAN to communicate with a OS agent while the network driver is turned off.


Ylian (Intel AMT Blog)

If your in Dresden on October 9-11th, I would recommend to check out this workshop.. From the attendees, you can see Microsoft, Altiris, & LANDesk will be there.  Plus from the Intel side you have Mike Seawright, he's one of our key activation folks that has been out deploying AMT. 


Here's the abstract:  This is an in-depth workshop on how to implement Intel Active Management (AMT).


This workshop is especially designed for IT engineers, system architects, pre-sales or post-sales support staff, who are involved in improving business processes or implementing new technologies, either in-house or at customer locations.



or you can email Frank Rommel @

Checkout the latest embedded or linked YouTube videos on vPro Expert.  If you go out on YouTube - check the "vproexpert" and "IntelNick" users.  Good short videos.


ProExpert Embedded early examples-  and


Direct links on YouTube to these accounts - and


More training and demo based videos are coming.  Have an idea or request?  Reply to this blog or to the existing discussion at


A short demonstration of Intel AMT Commander working to fix an Intel Centrino Pro laptop with Active Management Technology (AMT). I borrowed the computers from the Pro Chalenge at IDF to tape this and it turned out pretty well. Probably one of the fasted demonstrations ever! Intel AMT Commander is part of the Intel AMT DTK and avaialble freely on


Ylian (Intel AMT Blog)


vPro Challenge at IDF

Posted by josh.hilliker Sep 18, 2007

Before the opening bell on the IDF showroom floor, Matt Wallington explains what the vPro challenge is all about.   The question is who's the proest of pro's & ready to take on the challenge.. 



Jerome Esteban  (Senior Application Engineer) and Ylian Saint-Hilaire  (Senior Architect) are going to be talking about how to take advantage of Intel AMT to build manageability applications with built-in manageability and security. Intel AMT is a component of Intel vPro Processor Technology and Intel Centrino Processor Technology.



The goal of the NetSeminar is to discuss the Intel AMT use cases and what is new with Intel AMT 3.0. Additionally, we will cover the different developer resources such as the Intel AMT Software Developer Kit (SDK), and Intel AMT Developer Tool Kit (DTK), Set up and Configuration Service (SCS) that enables developers to easily take advantage of Intel AMT. This public event is open to anyone, sign up here



Date: Tuesday, September 25, 2007

Time: 9 am PT /12noon ET

Duration: 60 Minutes



I would love to know if you have any specific questions/topics you would like us to cover in this or future NetSeminars.



And, leave a comment if you plan to attend this event. thanks.



IDF - PRO Classes



If your headed to IDF, here are the specific PRO classes & speakers






Session ID Title Speakers


  • SCIC001 Security Technologies - Chalk Talk Doughty/Smith/Grawrock

  • SCIS001 Security Kickoff: Providing World-Class Security 
         and Data Protection for the PC Platform Rob Crooke

  • SCIS002 The Intel Safer Computing Initiative and Trusted 
         Computing Grawrock/Brickell

  • SCIS003 Making Security Practical in the Enterprise with 
         Client Technologies Grobman/Smith

  • SCIS004 The Front Door of Trusted Computing: Controlling 
         the Software Stack with Intel® TXT Grawrock

  • SCIS005 Delivering Security Requires More Than Features David Doughty

  • SCIS006 Research on Platform Security Technologies David Durham


Session ID Title Speakers


  • BDOL001 Intel® Active Management Technology Lab Ylian Saint-Hilaire

  • BDOP001 Panel: "Software as a Service" (SaaS) Chuck Brown

  • BDOS001 Directions on the Business Desktop and Mobile PC Marek/Tucker

  • BDOS002 Intel® vProTM Processor Technology Value Proposition
         to Managed Service Providers Supporting SMBs Kevin Havre

  • BDOS003 "Software as a Service" (SaaS)/Streaming Compute 
         Initiative Technical Session Khosravi/Fraser

  • BDOS004 Intel® Active Management Technology Hedrick/Maresky

  • BDOS005 Intel® Virtualization Technology on Next-Generation 
         Client Platforms Klotz/Bailey

  • BDOS006 Pro Platform Interoperability and Integration - 
         Are You Pro Ready? Chan/Hilliker

  • BDOS008 Small Business: Jump-start your eCommerce 
         Development with Overviews from eBay, PayPal 
         and Skype* Kumar Kandaswamy


If your headed to IDF let me know.. if you can't make it, we're going to get whatever we can on PRO material & post here.

If you are interested in developing management applications that take advantage of Intel AMT then we have all the development tools & kits for you at the manageability developer community .


These are some tools that can be used when experimenting with or writing applications for Intel AMT. Here are some brief descriptions and when to use them:



Intel AMT SDK: Software Development Kit  - Contains all the APIs needed for implementing Intel AMT  along with documentation and sample codes. Interfaces included in the SDK are WSDL files for most features, Libraries for Storage and Redirection, and MOF files for WS-Man. Both the DTK and the RDK use the APIs provided in the SDK. Use the most recent release of the SDK to integrate Intel  AMT into your application.



DTK: Developer's Tool Kit - This is also a "solution" written in C# on Windows. Since the Source Code is also available, it can also be used as "example code." This tool is also currently being updated and maintained. Use this to get a great idea of how Intel  AMT works and a lot of us also use it to verify if a certain feature is working.



RDK: Reference Design Kit - This is an AMT "solution" written in Java on Linux provided to help developers implement Intel AMT. It is very much like the DTK, only it is based on older versions of Intel AMT. This tool will be updated in the coming weeks to support SDK 3.0 features. Use it only as an example to get started in a Java environment.



Setup and Configuration Service (SCS)  -  Intel AMT Setup and Configuration Service (Intel SCS or SCS) provides developers with tools to set up and configure Intel AMT devices. SCS  allows for most aspects of setup and configuration to be completed through a remote management console.



Whether you are at the beginning of a development project or looking for technique to design and build a particular capability for your application, development tools, documentation and how-to support can help take your software to the next level. Need more help? Refer to the FAQs or get expert advice from the Developer Discussion Forum



Don't forget to give us your feedback on the Intel AMT development tools in the "[Voice of the Community|] " contest and in the process you may also win some prizes . As always we love to hear from you.




Extending the value of Altiris Client Management Suite via Intel vPro Technology will be a focus at the upcoming Altiris ManageFusion event in Orlando.  The dates are Oct 9-11.  Registration and event information is available at



For details on the technical sessions, please refer to the following article -






In the short history of the Intel AMT Developer Tool Kit (DTK), this is probably the single release with the most changes and improvements in it. One look at the change log and you notice that there are lots of improvements in many areas of the DTK. In this blog, I want to touch on a few of the major new features.


Intel AMT Guardport, a C/C++ version of the Intel AMT Outpost serial agent. Many have noticed that Intel AMT Outpost is a quite powerful Intel AMT agent. The main problem with Outpost is that it is rather fat software and makes use of .NET.  It's not practical if you are going to run it on 1000's of computers or most importantly, add it to a recovery OS image. Intel AMT Guardpost is a light weight port of the most important feature of Outpost, the serial agent. Guardpost is a statically linked .exe file (no other .DLL's required) that finds the SOL COM port automatically and binds to it. It offers a command prompt and the same binary-over-SOL support that Outpost supports. In this version, Guardpost is still very limited but supports remote process monitoring and the most impressive of the Outpost features: TCP-over-SOL.




Intel AMT Interceptor, a trace and debug tool that connects to Intel AMT Switchbox. This new tool takes advantage of a new debug port in Switchbox to show in real-time all of the traffic going thru Switchbox. It shows in real time HTTP, SOL and IDE-R traffic flowing thru and for each data chunk, its source and destination. It even works with TLS since a console with authenticate with Switchbox and Switchbox will perform its own TLS connection to Intel AMT. At a minimum, this new tool is very educational for people curious to see in-depth, what Intel AMT network traffic looks like.




Intel AMT DTK Internationalization effort.  A lot of effort is going into internalization of the Intel AMT DTK. This started months ago with Simplified Chinese and Japanese support. In order to make it easier to internationalize the DTK (or any .NET application) we started work on a Resource Translator tools. It's only part of the source code package and it's just an early tool right now. I have used it to start translation into French of the Intel AMT Terminal. Some will also notice that some of the Terminal is translated into Hebrew to test to right-to-left support and NetStatus is translated to Russian.



Lots more improvements are coming up for the DTK. Mostly, I have to code all the time and I sometimes have to put aside answering mails for a while. I will try to answer more mails next week.



Audio File: Ylian's audio blog on the Intel AMT DTK v0.38 (.mp3)












I thought I'd provide a short introduction to the vPro Expert Training Program. I'll have more details to share as we get into the 4th Quarter of this year. As this program is still in development, some of the information below is subject to change, fair warning :D.


What is the vPro Expert Training Program?

The vPro Expert Training Program is a series of public, technical training courses currently in development. These courses will be offered to the general public starting in the 4th quarter of 2007. Specific dates/times/logistics are not available at present.


What material will be covered?

Various courses are being developed, with different target audiences.


Course Title


Target Audience

Duration (est.)

Expected Delivery

vPro Operations

Technical overview of features and functionality with hands-on lab exercises

Operations, Support personnel

6-8 Hours


vPro Activation - Level 1

Activating/Deploying vPro in SMB mode

Small businesses, Managed Service Providers (MSP), System Integrators (SI)

~1 day


vPro Activation - Level II

Activating/Deploying vPro in Enterprise mode without encryption (TLS)

IT Outsourcers (ITO), MSP, SI, Enterprise Customers

~1-2 days


vPro Activation - Level III

Activating/Deploying vPro in Enterprise mode with encryption (TLS) (Builds on Level II information)

ITO, MSP, SI, Enterprise Customers

~1 day



A pilot of the vPro Operations class is scheduled to take place before the end of this month. Assuming everything goes according to plan we'll be able to start offering that class sometime after October. I'll continue to provide updates as information becomes available. Stay tuned.





For people wanting to learn more about Intel Technologies, the Intel Developer Forum (IDF)  is a great place to meet engineers and have an in-depth look at many of the cool new technologies Intel is working on. Intel AMT is one of these and I will be presenting two identical hands-on labs that are two hours long each at the upcoming San Francisco IDF .


Using Intel® Active Management Technology (Intel® AMT) to its fullest -

Saving time, Money and Power

Session ID: BDOL001

Date: 9/18/07, Start Time: 10:00 AM

Date: 9/18/07, Start Time: 2:00 PM


In these labs, we will have a room full of computers and participants get to try Intel AMT on their own. The plan is to start by covering the Intel AMT hardware, Intel AMT firmware and how it works, then, launch into the Intel AMT DTK tools  (Intel AMT Commander, Outpost, Director, Monitor, Switchbox) and have a great time. I will answer all technical questions, and will also be available afterwards to help any developers with their own questions or projects.


I will start with slides that are much like the one are already public, but most of the lab will be hands on demonstrations and won't involve any slides at all. In the end, you may end up so jazzed about Intel AMT, you may end-up getting one as a home computer like I did. Since the lab is two hours long, we will have the time for more interaction and fun. I hope many of you will come and join in. Next month, I also plan on attending the Taiwan IDF  with the same hands-on lab.













Ylian (Intel AMT Blog)



Filter Blog

By date: By tag: