In my never ending quest to try to have full coverage of all Intel AMT features in the Intel AMT DTK, I got motivated by two colleges to add 802.1x and Endpoint Access Control (EAC) support to Intel AMT Commander. I am not an expert on these two technologies, but they basically allow the network switch to authenticate a client and decide if it's going to let it connect on the network. This feature is normally supported in the operating system to get access to a corporate network, but when a network makes use of 802.1x to authenticate clients and the OS is down, Intel AMT can't access the network unless it authenticates.



Starting with Intel AMT 2.5 and then 3.0, Intel AMT support 802.1x and EAC and so, can authenticate itself to the network while the OS is down. In large enterprises where security is very important, this is an absolute must have. You never know if someone plugs-in an un-authorized computer on a network drop in some conference room.



I don't have 802.1x or EAC equipment in my lab, but I have attempted to add support for it in the upcoming version of Commander simply by using the SDK's documentation. Luckily, if I can set the state of Intel AMT correctly and also read it back, there is a good chance I am on the right track. If you are trying to use these features now with a SOAP tool, it's a real pain, so, having a nicer and friendlier UI is very important. I started coding this last week and realized quickly, I also needed to support the new certificate storage interfaces available in AMT 2.5 and above, so I added support for that too.



In any case, all of this is coming up in version v0.40 of the Intel AMT DTK  that I should be releasing very soon. Since I have no such network, I am counting on community members to try these new features out and give me feedback on things I should change or improve.



Ylian (Intel AMT Blog)