Skip navigation

Yesterday night I was in the zone and worked practically all night, actually I went home at 2am. People who know how wonderful being "in the zone" is will understand. In any case, I recorded two new tutorial videos and added them to the big tutorial video pack that is available on the Intel AMT DTK page. So, the video pack went from 11 to 13 tutorial videos and from 146 to over 160 megabytes... but it's worth it!


Advanced 3PDS usages video: This is a video I wanted to record for a long time. Ever since the improved 3PDS support in the DTK, I wanted to show off what new cool things can be done with 3PDS. In this video, show how both Intel AMT Commander and Intel AMT Outpost can access 3PDS. The remote vs local access of 3PDS is a little different and takes some getting use to. I show how I can drag & drop a picture into 3PDS and view it on the other side. Both tools have a way to view 3PDS data in HEX, UTF8, picture or web page. Just right click on the data and select the way you want to view it. If your going to demo 3PDS, pictures are the way to go. I also show how I can store WMI data into 3PDS and retrieve it remotely.


Resource Translator video:  The Intel AMT DTK includes it's own tool for translating the DTK to other languages. English, Simplified Chinese, Japanese, Korean and some French are already available and I am always looking for people to help translate to new languages or correct existing strings. In talking to Ajay, if you help with DTK translation, we will certainly send some type of gift... or I would personally get a gift from the Intel store to anyone who helps out. Just load the dictionary in the tool, select a language, filter on a tool to translate, work, save often and send the dictionary file to me.


That's it. I asked Ajay who runs this community to add the two new videos for streaming so they should show up on the Intel AMT DTK web page in a few days. Right now, you need to download the big video package to get them.


Ylian (Intel AMT Blog)

Three new issues were posted in the Known Issues, Best Practices, and Workarounds this week:
  • No inventory data available

  • Wireless management does not work when the operating system is running

  • F10 does not exit BIOS on HP clients


If you've wondered how to configure your Microsoft DNS and DHCP servers to work properly with Intel(R) vPro)TM) client setup (aka provisioning), we created a short video to show what needs to be done. It provides step by step guidance on the configuration changes. We will be doing a series of small videos like this to provide a "visual" training manual to help you with your vPro setup. Watch for additional videos in the coming weeks.

If you are going to be using USB keys in your vPro implementation, check out the Known Issues, Best Practices, and Workarounds wiki first. You'll find USB key configuration guidelines, as well as a matrix of tested keys for desktop and mobile platforms.

It's time for another release of the Intel AMT DTK v0.48x. The "X" stands for external since for the last two months I have been working on upcoming Intel platforms features and so, not releasing public updates as often as I use to. In this release there are so many changes, I can't really go thru them all.


I think users will see the Intel AMT Commander UI has been improved a lot, and some work has been done to improve responsiveness. The look of the UI is also improved, especialy heuristic and agent presence features. WSMAN support is moving along, I recently found and added a way to automaticaly detect that an Intel AMT computer is in WSMAN only mode and connect to it correctly. WSMAN support is still weak, but improving.


For people looking at the Intel AMT DTK source code, many more changes. Intel AMT Commander's main form was starting to be way to big and so now all the right hand side panels and proken up into seperate files. The terminal was also broken up, a new VT100 user control is now avaialble to process serial-over-LAN on-screen display. This is very useful for developers that want to build their own VT100 terminal that looks different from Intel AMT Commander.


Certificate and TLS handling was improved thruout. First, many of the tools will now work better with mutual-authentication, this is especialy true for IAmtTerm.exe that did not do so well with mutual-auth before. Intel AMT Director's certificate handling is improved, you can now drag & drop a certificate on Director's certificate manager to import, added more certificate formats and Director can now issue certificates with many common names, just like Intel SCS does. Commander will also handle these certificates better than before.


All in all, this is a major new update to the Intel AMT DTK. I encorage people to keep sending bug reports, and thank everyone who already did.


Download: Intel AMT DTK v0.48x Audio Blog (.mp3)



Last month's post of the open source packet decoder is just the first of a strong list of tools planned by the team that brings you the Technology Test Utility. The iCSO software engineering team is charted with making utilities and applications available to the public that accelerate and simplify the adoption and activation of Intel vPro technology.


We will be maintaining these tools and look forward to your feedback, suggestions, and participation in making these tools the best they can be for you and the marketplace. Our commitment is to post new versions of each tool at least every other month and of course post earlier if issues are found that render the tool less than useful.


The next tool we will be posting is a Pre-Installation Utility intended to speed the first user experience and automate as much as possible the initial setup of the Intel® AMT(tm) Setup and Configuration (aka SCS) environment in enterprise mode. Coupled with post setup wizards it will enable users to provision devices with minimal effort and time.



We look forward to hearing your feedback on our efforts.



Intel's iCSO Software Engineering Team



New entries now available on the wiki - check'em out at Known Issues, Best Practices, and Workarounds.


  • Running virtual machines and DHCP can cause Intel® AMT to be inaccessible

  • Wildcard certificates are currently not supported for remote configuration

  • Dell 755 returns a duplicate UUID during activation

  • GoDaddy requires High-Assurance SSL certificates

  • Using static IP addresses and SMB mode

  • Error displays when provisioning HP 6910p



Catherine Spencewrote an IT@Intel blog on a recent lab experiment on the impact of various emerging compute models on both the server and network. You can find the blog at:




Several Intel IT folks (and others!) have expressed concern over the back-end implications of hosting a streamed computing solution. How many clients can be supported by a server? How will streaming affect the network? Well, we had the same questions so we constructed a lab experiment to find out.


Streaming was more efficient than we expected. We demonstrated that server utilization remained low and network utilization improved over time. We successfully executed a variety of applications including audio and video. We also encountered a few challenges.


Want to know more? Read our full report: Streaming and Virtual Hosted Desktop Study





I just got back from teaching a class on Emerging Compute Models at the Intel sales conference.  A few things really struck me in the messages from the Intel executives, and the reactions and questions from the Intel sales force.  None of them really shocked me, but rather re-affirmed some opinions I already held.



1.  With only one or two exceptions, every sales rep has accounts that are actively evaluating or deploying some kind of alternate compute model to better manage and secure their clients.  I met two that had not encountered it yet, and they covered the Emerging Markets accounts.



2.  This sales conference was "university style", where the attendees were free to pick and choose among over 100 sessions on different topics.  The sessions we taught were packed - standing room only - indicating that interest in these new compute models is very high.  If the sales reps are interested, that means their customers are.



3.  I'd estimate that more than 90% of those that selected our session were either from Western Europe or North America.  Attendance from Japan, Asia-Pacific and China, the bulk of our sales force, was really low.  If you judged from the people in the room, Emerging Compute Models are mostly a mature market, advanced IT trend right now.



4.  Just about every executive from Intel CEO Paul Otellini on down talked about changes in the compute model, and Intel products to address the needs of every model - Intel Xeon processor-based servers, PC clients with Intel vPro technology and low-cost components for thin client terminals.  I'd say Intel is treating this like an opportunity rather than a threat, and is setting up for success regardless of the model that fits the customers' needs.



From these indicators, my conclusion is that we are in the middle of a permanent change in the application delivery landscape, at least in the mature markets.  The technology has caught up with need for better management, lower cost and stronger security, and I expect you'll hear a lot more from Intel about products tuned to these delivery models.

Will it PRO?  (Series #1)  A series of experiments of interesting use cases for vPro.


One of the recent quests for me was to dig deeper into the UMD’s & how they could play an active role in the Management of vPro Technologies.  Well after a month of testing & utilizing in a Small build out, here are my results.  The premise of a UMD managing a client is somewhat out of the standard scope for a UMD, which has traditionally resonated around multi usage for an End user & being context / content rich usage.  Therefore as you start to apply manageability/security across a UMD & then apply Management tools on top of the core platform you see a new platform opportunity.  


Let me start by defining the scope of the testing environment:   2 clients, 1 Centrino w/ vPro Technology & 1 vPro desktop (AMT 2.0), utilizing Intel System Defense Utility due to rapid startup & I have utilized since initial launch.  I will seek additional ISV consoles & attempt the same test in the near future (to be determined).  The UMD device is a ASUS R2H Ultra-Mobile PC.



I started by making sure all machines were powered (NOT ON), just plugged in, I loaded up the UMD w/ ISDU & then ran the scan to see if I could see the machines.   After the normal wait, I was presented back with my machines & rather than me type up the rest of the process I’ll show you via this video.



As I discovered the ISDU tool was not conducive as much as I expected it would on the UMD platform, as the scrolling within the application caused me delays in seeing all options & being able to select specific machines.   I was pleased by the response rate & the fact that I could be on the go w/ a light weight UMD vs. carrying my notebook with me.   


The big question was could this platform be a key part of a IT strategy for managing clients?   I think it’s too early to answer that question…..  however it was a lot easier to make quick fixes on machines while I was on the GO vs. packing my laptop.   Would I spend all of my time on the UMD to do client manageability, not at this time, missing the fully functional keyboard to input complex filters limited my ability to compute fast (specifically typing speed & navigation). 


If you have a UMD story to share please let me know as I would like to know your input on usage w/ vPro & UMD.   


Next Series – maybe WiMax? 


Josh H

I recently received feedback on how to find key links, tools, and the BKM Wiki.  I thought it would be good to create a Tools & Solutions call out box that was easy to find with links that are relevant to the community.  I collected up a few relevant links & created the call out box on the left column of the community site. 


If you have input on other links I should add to this box please let me know and I will add ASAP.  Thank you for your input.


Josh H


I am happy to announce that we just put online a new Intel AMT Developer Tool Kit (DTK) tutorial video pack. It's just a large 146 megabytes ZIP file with 11 tutorial videos recorded using a desktop capture application and two live Intel AMT demonstrations using Intel AMT Commander. This is great news for people who had problems streaming the videos before or who simply wanted to get all the videos in highest possible quality. The tutorial video pack is available on the Intel AMT DTK web page, at the bottom of the page.



Many people ask how I record the tutorial videos. I simply use Microsoft's Windows Media Encoder 9 tool, it's available for free on the Microsoft web site. The best audio quality, I got myself a USB headset with built-in microphone. I just never had good luck with normal microphones that plug into sound cards, and this USB headsetalways works perfectly. I don't usually rehearse much before recording these videos and sometimes I record them late at night. As a result you get a pretty honest look at how I use the Intel AMT DTK myself.



The tutorial video pack includes early videos from the Intel AMT DTK v0.11 days, and much newer videos recorded using a yet unreleased version of the Intel AMT DTK. If you are really lucky and happen to own an Intel AMT 3.0 computer, you will be especially interested in the new heuristic tutorial video and will noticed that Intel AMT Commander's UI has been updated. I will get the latest version online within the next week, it's really cool and much improved.




Ylian (Intel AMT Blog)



A number of requests through 2007 on the Intel vPro provisioning process.


The document posted ( provides a summary of the process.  Take a look.


The big question after successfully provisioning a vPro/Symantec-Altiris environment comes in the simple form of "Now what"?  The article series: Utilizing Intel® vPro AMT Technology with Task Server covers a lot of the functionality directly (LINK:  This article series takes it a few steps further, with real-world examples and use cases for taking advantage of Intel® vPro technology through Symantec/Altiris Notification Server.




There are two components for directly interfacing the AMT vPro technology.  The first is Real-Time System Manager, the second Task Server.  Both components utilize much of the same functionality, however RTSM provides a one to one interface, while Task Server allows a one to many task or job to execute against a group of vPro systems.



To understand how all the components work together, this Introduction walks through the basics of the components that will be used throughout the use cases.  The list of solutions, or applications, that utilize Intel vPro technology is listed here along with a description:


  • Real-Time Console Infrastructure - This component is generally invisible when working directly with vPro AMT Systems.  The Configuration of how to connect to systems and what credentials will be used can be found in the configuration pages for this product.  It supports both the Real-Time tab and the Task Server vPro AMT tasks available.

  • Real-Time System Manager - The Real-Time tab functionality that directly interfaces with vPro AMT on a system per system basis provides a live tool for directly invoking vPro AMT functions as part of troubleshooting or maintaining a system directly.  This is useful for troubleshooting problems with a specific system.

  • Out of Band Management - Out of Band Management will only lightly be covered in this article series.  For the most part this solution is part of the setup and configuration of Intel vPro AMT systems so that vPro AMT functionality can be used.  There are some maintenance and profile items that can be used as part of ongoing use of vPro AMT.

  • Task Server - Task Server is the engine used for a one to many task or job where specific vPro AMT functions, along with functions from a myriad of other Solutions, can be executed or scheduled to execute against a collection or list of systems.  This is the integration framework that allows AMT to become part of a much larger Altiris functionality portfolio.


See the following diagram for a representation of how the two main functional engines work:





This series will focus on these two pieces (RTSM and Task Server) since they are the delivery mechanism for the vPro AMT functionality.  Other Symantec Solutions can and will be used through the use cases.


Real-Time Console Infrastructure


Consider this the core underlining infrastructure for the Symantec use of Intel vPro AMT.  All solutions that make use of this component will install it if it is not already installed.  The primary products are Out of Band Management and Real-Time System Manager.  Other Notification Server Partner solutions, such as HPCM and Dell Openview, will need RTCI installed in order to make use of the vPro AMT functions.  The console pages available for this solution center around the configuration of the vPro AMT functions.



The configuration page for RTCI is found in the Altiris Console.  In the Altiris Console 6.5, browse under View > Solutions > Real Time Console Infrastructure.  Under the Configuration folder, the following nodes are available:


  1. Configuration - Includes settings for vPro AMT Connections, such as Transport Level Security, Redirection Security, and other settings such as the connection timeout value.  It also includes a page to configure where SNMP vPro AMT alerts are sent, and allows a default configuration for the System Defense filter (default is to ‘Allow all network traffic').

  2. Edit Network Filters - This page is only available if the ENF utility has been installed (see article for more information).  If you do not have this node, install it so that you can configure what is allowed through the System Defense filter.

  3. Manage Credentials Profiles - This node is vital for setting up connection profiles when using RTSM.  It includes credentials for WMI and vPro AMT.  Users who do not have rights to vPro AMT will need to use a profile that has a user configured with rights.  This also includes the Run-Time profiles which is used by both Task Server and RTSM to use known good credentials when functioning against specific vPro AMT systems.

  4. Manage Views - Views are

  5. Purge Policy - This page is used to configure how often and how much residual data RTCI purges.  For large environments this will help keep the database size down to improve performance.


The Reports, Resources, and Tasks section contain the typical items for Altiris Solutions.  Tasks include all the vPro tasks available through Task Server.  See the subsequent Task Server section for more details.



The Tools folder is also found under the Real-Time System Manager section (it ties into the same data so the duplication is only visual).  For vPro AMT, the two applicable nodes are:


  1. Activity Log - This logs all functions executed while in a Real-Time session.  This is useful to look at what operations have been run, one which computers, by whom, and utilizing what technology (WMI versus vPro AMT).

  2. Manage - This node allows an IP address to be entered in directly for a launch of the Real-Time tab.  This is especially useful for systems that are not in the Altiris database.  This also allows a host-name to be entered, but keep in mind that if there is a DNS issue this may fail.



Real-Time System Manager


To simplify things, we'll simply define this product as ‘The Real-Time tab within Resource Manager'.  There are Partner Solutions for HP, Dell, and others that will add items to the left-hand tree, but the Real-Time System Manager node provides all functionality including all vPro AMT functionality available.  See the following screenshot for details:





NOTE: Only the vPro AMT functions are shown above as my Symantec Client Firewall is enabled!  Since vPro AMT is a trusted technology my Symantec firewall does not block vPro AMT traffic.



The console is a direct connection to the machine listed under ‘Managing Resource'.  As such this is a one to one implementation and is useful when troubleshooting a specific vPro AMT system.  In the Use Cases where the use defines the target as one machine, often RTSM will be utilized.


Out of Band Management


Since Out of Band is primarily a Provisioning Solution, only a few of its functions will be used in the use-cases provided in this article series.  The functions that apply are:


  • Maintenance - For security purposes, OOBM can be setup to run maintenance tasks against managed vPro AMT systems.  The vPro AMT administrator password for a particular machine can be randomly changed.  A re-provision, which reassigns the profile assign to it, will help keep vPro AMT systems up to date with profile settings and password information.

  • Profiles - In the profile setup while configuring an vPro AMT system users can be defined for having certain vPro AMT rights.  This allows administrators to limit what type of worker can execute what vPro AMT functions.

Task Server


Task Server is a sequencing engine, and RTCI provides vPro AMT targeted tasks that can be employed singly or jobs that can run a large variety of tasks or actions against a target collection of machines.  In the preface to this article a link provided access to a series focusing on how vPro tasks can be utilized into Task Server, with articles covering additional Altiris/Symantec Solutions for further integration.  Before walking through the Use Cases, it will help a great deal to understand how we're integrating the functionality and how Task Server functions in general.



The vPro AMT tasks themselves are provided by RTCI, including the engine that connects and executes functions against a vPro capable system.  Task Server handles all the rest, including integrating other Solution functionality within Jobs.



Most automated processes to be executed against one or more vPro AMT systems will fall under Task Server.  Task Server Jobs can be scheduled, or executed on demand.  Notification Server Collections or individually picked vPro AMT systems can be targeted per Task or Job, allowing a large number of systems to execute at a time (Note: for large environments multiple Task Servers are recommended).




Before any of the Use Cases can be tested, all target AMT systems must be provisioned in one of the provisioning modes: Small Business (Low security), Enterprise Mode, Enterprise Mode with TLS.  Once provisioned, Symantec, via RTSM and Task Server, can then work directly with the machines via vPro AMT.



I hope to cover common scenarios in this article series that can be of use to many environments.  Most of the testing will be against a limited lab environment so results may vary and additional configuration may be required, all depending on the complexity and configuration of the environment.  Since the hardware and software worlds introduce many levels of complexity and configuration, additional steps may be required to create workable jobs and functions.  Having said that, hopefully these provide enough information to move forward.



Hi all,   just wishing everybody a happy new year.   I wanted to highlight that the Rock Your World contest is still going on & you still have an opportunity to submit your video's to win a laptop.   Check out the link in the announcement section for the details.


Now onto the next topic.  I recently set out on a quest to test a UMD device as the central mgmt device to manage a few vPro machines.  I have some interesting results that I will be blogging about early next week.    If you have a specific question on UMD's & vPro, please let me know & I'll be sure to include in my next blog.

First off, happy new year to everyone. It's this time of year to reflect on 2007 and it certainly was a great year for the Intel AMT Developer Tool Kit (DTK)  and all of Intel vPro Technology and Intel AMT. For one, the DTK has new been public on the Intel web site for about a year now and certainly getting better and better with every version.


In the last few weeks, we have received early prototypes of new upcoming Intel platforms and been working on them. I know many Intel partners read my blog and if you have access to early prototypes, make sure to ask your Intel representative for the latest version of the DTK designed to work with them.



I also worked quite a bit on improving the user interface for many aspects of the DTK. I generally think the UI improvements is absolutely impossible to finish, there is always more to do. For example, I am starting to add support for drag & drop where it makes sense, improving the UI at other places, etc.



For 2008, we will continue to improve the quality of the DTK tools, add a pile more features and keep trying to make things easier to use. I also expect to support more WSMAN, and I would like to get more time to work on Intel AMT Monitor since I think that's the next fun Intel AMT vPro tool in the works.



Ok, I will try to get a new public version of the DTK  released soon.




(Intel AMT Blog)



Filter Blog

By date: By tag: