Intel Active Management Technology (AMT)
Active Management Technology is one of the most interesting pieces of Intel's vPro platform. In post-vPro 1.0 versions, the AMT engine operated from a motherboard-based processor that did its job somewhat independent of the host. By separating the management functionality, Intel made available many of the administration tasks, even when the machine was powered down and prior to the operating system booting up. If you're already familiar with technologies like IPMI 2.0 for servers, the AMT concept should sound pretty familiar.
Key AMT features include the ability to:
- remotely turn on, off, or power cycle the machine
- remotely mount an image to load on the machine
- remotely access hardware asset information
- provide serial-over-LAN (SoL) console redirection
- provide out-of-band alerts to administrators
- provide a secure TLS tunnel between the administrator and the vPro PC
Combined, these features are designed to give the IT administrator a management layer that sits below and functions independent of the operating system (although Intel does offer tools to integrate AMT into operating systems like Windows 7).
Intel added KVM Remote Control in AMT 6.0 to give IT administrators complete access to the keyboard, video, and mouse of a target client. You're able to take control of a properly configured workstation, from distance, and diagnose it without even needing an operating system installed. Although AMT 6.0 launched with fairly limited KVM resolutions, AMT 6.1 (exposed on the DQ57TM) added accommodations for more detailed resolution settings, making management easier. It bears note that on many IPMI 2.0-based KVM-over-IP solutions found on server motherboards, you're often limited to something like 800x600, constraining the view of a client machine. That's not really a problem for servers (many of which operate headlessly anyway). In a desktop environment, though, it's far less convenient. Currently, AMT 7.0 supports resolutions of up to 1920x1200.
One feature we weren't able to test (which is unfortunate, given the amount of attention Intel devotes to it) was Anti-Theft (AT) technology. Intel has had the ability to send a vPro-enabled PC a "poison pill" to brick it, should someone steal the machine. Really, this is most useful for mobile systems, and less so on the desktop.
In AMT 7.0, Intel makes it possible to use a 3G cellular signal to send that remote kill command, greatly improving your chances of deactivating a stolen computer before it gives up any sensitive information. Administrators can use similar technology to reactivate the computer once it is recovered.