I have an PC based on an DQ87PG motherboard (Intel AMT 9.x) and i5-4570 CPU and I would like to use the out-of-band VNC/KVM features, and the web control panel to restart and power on/off. I have already succeeded in using both by trail-and-error clicking through the Manageability Developer Tool Kit (MDTK), but I lack some basic understanding which I hope to gain by asking some questions:
# KVM and VNC?
KVM is keyboard-video-mouse, and VNC is Virtual Network Computing. How are the two linked? VNC already includes all the KVM concepts it seems. Using VNC you can view displays, and keyboard+mouse inputs are transmitted as well. So why not just call it "out-of-band-VNC", or Intel AMT VNC, why have KVM there at all?
# Alternatives to RealVNC?
Can the out-of-band KVM/VNC features be used with other VNC clients without limitations? I see guides around on the internet for using TightVNC, but they always include setting an "Allow / use port 5900"-setting. Is RealVNC special in any regards - is their product specially made for Intel AMT, or is Intel AMT specially made for RealVNC?
Does configuring TLS help protect the "AMT / KVM setup" from unauthorized use? My scenario is that the machine is placed a remote location on an untrusted network. People might try to access the AMT features. As far as I understand there is always the 8 char password (upper/lower case letters, numbers and special chars) protecting all features (KVM/VNC, using MDTK Director/Commander Tool to reconfigure, maybe even entering the ME part of the BIOS). What additional security does TLS provide here? Using the Manageability Director Tool I can create some certificates, set a security profile with "Intel AMT security" set to "TLS security" instead of "Password security only", and then specify some of the home-made certificates. It provides network encryption, of course, but what does that mean practically? Will it make it harder to abuse the AMT features for an attacker, or will it just keep an attacker from seeing my computer screen?
# Setup of AMT
Is using the Manageability Developer Tool Kit (MDTK) the way to go when configuring a single machine once in a while (before placing it at some remote location where you would like the option to recover from a crashed OS without driving there)? There is something else, called Intel SCS (Setup and Configuration Software). Will that do all the same things, and is it easier to use?
Thank you for your input!