0 Replies Latest reply on May 26, 2014 1:24 PM by Jonas Camillus Jeppesen

    Ports and protocols necessary for Intel AMT (webinterface + KVM/VNC)

    Jonas Camillus Jeppesen

      Hi everyone

       

      I would like to know (or get confirmed) the ports and protocols (TCP / UDP) necessary to get "Intel AMT" working. I am relatively new to the whole AMT and vPro thing, so when I say "Intel AMT":  I mean that I can access a web control panel that lets me power on/off the pc in question, reboot it etc. and that I can get access to its display via VNC at all "power stages" (e.g. black when powered off, POST messages when it is booting, and Windows desktop when it is fully booted into Windows).

       

      I am asking about this because I would like to access Intel AMT behind a firewall.

       

      # Web server

      As far as I understand the "web interface" (for rebooting etc.) is served from a webserver built into the the Intel chipset/cpu/chip on the motherboard, and that this web server is listening on port 16992 for http (no TLS) and 16993 for https (TLS enabled). Since it is HTTP(S) it is via TCP.

       

      So for the webserver to function incomming TCP trafic (to the computer being "Intel AMT managed") on port 16992 or 16993 must be allowed. But what about outgoing. It use ephemeral ports just like any other server/client setup, i.e. the client (a webbrowser in this case) tells the intel amt web server on which port it would like the answer (the web page) back. So this port must also be open or established/related connections allowed.

       

      Have I missed anything here?

       

      # KVM

      I do not know if kvm is always a part of VNC or if one can speak of VNC with/without kvm. What I mean by vnc is the display output and capture of mouse/keyboard input while I hoover the mouse over the vnc client window. Real VNC could be such a client.

       

      As default Intel AMT runs VNC on port 5900, right? Is that the port the VNC server listens on? If so I would need port 5900 (TCP or UDP) open for incomming requests. What about outgoing VNC port? Is it just an ephemeral port like any other server/client setup? If so I would need to predict/specify this port in the vnc client, or allow established/related connections.

       

      Have I missed anything here?

       


      Thank you for input!