2 Replies Latest reply on Jul 2, 2013 9:47 AM by Alan Alderson

    Where can I find the "AMT Embedded Tools Suite"?

    Alex_W

      After an hour or so of digging I cannot find anywhere on Intel's site to access more information or downloads for the Intel AMT Embedded tools Suite.  I initially discovered the existence of the tool here:

       

      http://communities.intel.com/docs/DOC-3808

       

      There appears to have been some updates to it referenced here:

       

      http://communities.intel.com/community/vproexpert/blog/2010/04/11/announcement-intel-amt-embedded-tools-suite-product-updates

       

      And lastly the link given by the second article is broken:

       

      http://edc.intel.com/Link.aspx?id=2350

       

      I am most interested in the Intel AMT Firmware Integration Wizard to package default settings into AMT firmwares for various Desktop Board products including the DQ57TM.  More specifically, I want to add our domain's CA as a trusted root certificate in the default settings so that remote configuration and provisioning can be completed.  Looking to bring 2000 computers into out of band management in Microsoft System Center Configuration Manager 2012 over the summer, and I'd like to do so with our existing PKI infrastructure rather than scratching it for a GoDaddy, Verisign, whatever verified CA certificate.  Attempts to accomplish this via the SCS Tools Suite were futile, because while I was able to add our domain's CA certificate as a trusted root this also caused the machine to be provisioned... Which is undesirable because at that point the system cannot be automatically provisioned by Configuration Manager due to the fact that it has been provisioned by another tool.

       

      All of that aside, will the AMT Embedded Tools Suite allow me to perform such a task? Or am I wishing for something that's simply not possible?

        • 1. Re: Where can I find the "AMT Embedded Tools Suite"?
          Alan Alderson

          Alex,

          The AMT Embedded Tools Suite will not work for what you’re trying to do. In order to use your own root certificate hash you will need to manually insert it into the firmware of every AMT computer.

           

          Also, something to keep in mind, while SCCM 2012 is able to configure current versions of AMT (up to AMT 8). SCCM will not be able to configure AMT versions beyond that. This is because SCCM uses SOAP to communicate with AMT. And as of AMT 9, AMT will no longer support SOAP, only WS-Management. So, you will need to configure future versions of AMT with SCS.

          • 2. Re: Where can I find the "AMT Embedded Tools Suite"?
            Alex_W

            Alan,

            Thanks for your answer.  Though I'm less than thrilled that AMT is designed this way, I understand the potential for large security risks if it is too easy to install additional trusted root CAs into the mbex firmware. 

             

            I am intrigued by your addendum about future versions of AMT.  Will AMT be approaching a stable API in the future, or is using SCS the only way to ensure version agnostic management of clients in a more rapidly evolving development model?  Are there news publications or white papers regarding road maps for future versions of AMT?  I would be interested in such material so that I may become more educated about AMT before our widespread deployment of it.  I would like to structure our deployment in such a way that management of AMT clients will not become yet another headache in our hectic environment.

             

            If I could pester you about a couple of other questions / issues here I would appreciate your help, or I can post a new question(s) if you feel it's more appropriate.

             

            1) We have desktop boards that span from the inception of AMT up to 6.2 for sure, and there are probably a handful of newer ones around somewhere.  What's the best strategy for incorporating as many clients as possible into a management solution such as SCS?  If version <= X is not worth supporting in a modern environment, what is version X?

             

            2) I seem to have hosed the mbex firmware on my workstation (brilliant right?), by unintentionally flashing an update to the firmware while some settings were already in place.  Now changes to some settings don't stick, or in the case of entering CA hashes, the values appear to be offset by 2 bytes.  I've reset the ME firmware to defaults many times (by moving the bios jumper to config mode), and this has no effect.  My supposed solution was to first reset ME firmware to defaults and reflash it with the current version, but the express bios update utility skips the ME firmware update regardless of the force flag.  I am not overly concerned about it but if there's an easy fix I'd like to take care of it.

            • 3. Re: Where can I find the "AMT Embedded Tools Suite"?
              Alan Alderson

              Alex,

               

              WS-MAN was first introduced in AMT 3, it wasn’t until AMT 6 that SOAP was deprecated in favor of WS-MAN. Now in AMT 9, SOAP has been completely phased out. SCCM uses SOAP, and as such will not be able to configure future generations of AMT. SCCM will be able to manage these new AMT systems, but only after you configure them with SCS.

               

              Here’s our SCS integration guide for SCCM:

              https://downloadcenter.intel.com/Detail_Desc.aspx?agr=Y&DwnldID=21696

               

              While there are no AMT roadmaps available, there are other sources of information.

               

              AMT SDK: http://software.intel.com/sites/manageability/AMT_Implementation_and_Reference_Guide/DOCS/Implementation%20and%20Reference%20Guide/default.htm?turl=WordDocuments%2Fdeprecatedanddeletedfeatures.htm

               

              IT Project Planning Guide:

              https://downloadcenter.intel.com/Detail_Desc.aspx?agr=Y&DwnldID=21058

               

              Intel vPro Technology Implementation:

              https://www-ssl.intel.com/content/www/us/en/remote-support/implementation-of-intel-vpro-technology.html

               

               

              Now for your other two questions…

              1. Intel SCS is not a management solution, its sole purpose is the configuration and maintenance of vPro computers. While SCS is capable of configuring AMT version 2.x and 3.x, these versions have not been fully validated, full support starts with AMT 4.
              2. Some manufactures offer ME firmware updates separate from their BIOS. Depending on the manufacturer you might be able to download and update separately with that.