When thinking about Intel AMT, most customers and partners look to the common usage models: remote power control, boot redirection, or real-time hardware asset information.




From a feature\functionality perspective - Did you know that inside the Intel AMT firmware is a small NVRAM storage space which can be used by defined applications and interfaces?   Did you know that Intel AMT could monitor for processes or agents running in the operating system, with the option to attempt restarting or sending the administrator an alert?   Did you know that Intel AMT can provide alerts to certain hardware events?   Did you know that the common uses of remote power control or redirection can be done outside a single management console?   What if an IT environment wanted to allow uses to only power-on their systems such that a mobile user connect via VPN and has a tool\interface to power-on their desk system?




From a day-to-day use case perspective – Did you know that communications to Intel AMT can be done outside a single management console?





There are a host of ideas and materials online to provide a rich development, experiment, and enablement environment.  Certain features within the Intel AMT platform may not be utilized by a major solution, or the target users of the solution (such as helpdesk) do not have access to the major management solution used in the environment.   Many customers and partners are taking advantage of command line tools, reference tools, or coding\scripting their own solutions due to specific needs.




The golden rule to remember is that once Intel AMT is configured, it is a service awaiting an authenticated and authorized request.   Thus the trick is knowing what authentication is allowed, combining with tools needed, and having ideas how you would like to utilize the technology.




Authentication is handled by MD5 Digest or Microsoft Active Directory Kerberos integration.   This depends on how the platform was originally configured.   Authentication can also include TLS or Mutual TLS to encrypt the traffic and also provide additional environmental security.   If the Intel AMT firmware only requires MD5 Digest authentication, then the system can be configured in any environment yet via the network interface only in the target domain as defined at configuration.   If using Kerberos, TLS, or Mutual TLS – the configuration and usage of Intel AMT must occur in the same environment due to the dependencies of the Microsoft Active Directory, root certificate, or issued certificate for the respective technologies.




As a few examples and insights on the possibilities for talking to Intel AMT, developing custom tools, and more – see the following:







There are online developer forums to interact with other developers - http://software.intel.com/en-us/forums/manageability-software-development/




And lastly – if you have a great idea or request, Use the Intel Idea Zone for vPro technology