Intel vPro: Three Generations Of Remote Management

Intel Management Engine (ME)

The Intel Management Engine (Intel ME) refers to the hardware features that operate at the baseboard level, below the operating system. By enabling interaction with low-level hardware, Intel gives administrators the ability to perform tasks that previously required someone to be physically present at the desktop.

The initial setup of Intel's Management Engine starts by activating it in a compatible PC’s BIOS. Once you enable Intel's ME, you gain access to several BIOS functions.

You're required to configure an initial administrative password the first time you enter the ME BIOS interface.

As you can see in the screen shot above, Intel's Active Management Technology (AMT) is turned on through the management engine.

Generally, you want to enable the option "ON in S0, ME Wake in S3, S4-5". This translates to the management engine and AMT being on when the host is powered up. When the host is in S3 to S5 and the platform is connected to AC power, the management engine shuts down after a defined period of time, but wakes back up when it receives a network message. By using this feature, an IT department can allow desktops to sleep, saving power, and then wake up once everyone goes home and the admin can push out updates using cheaper energy.

Within these same BIOS screens, you can perform several different low-level AMT-related configuration tasks.

Intel lets you save certificates for a given environment to the management engine so that a PC can authenticate prior to being granted network access.

  • cngledad
    Can I suggest an article comparing different remote access tools we can use? From the freeware TeamViewer, VNC Viewer to such things like WebEx? I think that would be a very good topic.
  • ^^Don't forget Logmein Rescue which has vPro support.
  • pro-gamer
    intel man please give me a job.
    Intels rock
  • NirXY
    Glad to see you made it to publish day, was waiting for this piece.
    Looking great !
  • One correction: DQ57TM *does* contain a v1.2 TPM, the same as found on DQ67SW and DQ67EP. It's required to be vPro compliant (necessary for Intel TXT).
  • jhansonxi
    Nifty but I don't like the single-vendor lock-in. I can see real improvements in IT efficiency if this was combined with AoE. Would like to see SSH support, however.
  • extremepcs
    Hopefully they have improved the activation mechanism. Kind of a PITA if you don't buy a certificate from a trusted CA. I used an internal cert and had to activate each machine by booting from a flash drive.
  • chovav
    If my hard drive is encrypted using TrueCrypt pre-boot authentication, would I be able to fill in the password using Intels vPro?
  • jowunger
    The voice of the guy in the video is bad. The guy talks like he is speedreading a book...
  • cangelini
    cdw-vproOne correction: DQ57TM *does* contain a v1.2 TPM, the same as found on DQ67SW and DQ67EP. It's required to be vPro compliant (necessary for Intel TXT).
    Fixed, thanks!