Intel vPro: Three Generations Of Remote Management

Intel Active Management Technology (AMT)

Active Management Technology is one of the most interesting pieces of Intel's vPro platform. In post-vPro 1.0 versions, the AMT engine operated from a motherboard-based processor that did its job somewhat independent of the host. By separating the management functionality, Intel made available many of the administration tasks, even when the machine was powered down and prior to the operating system booting up. If you're already familiar with technologies like IPMI 2.0 for servers, the AMT concept should sound pretty familiar.

Key AMT features include the ability to:

  • remotely turn on, off, or power cycle the machine
  • remotely mount an image to load on the machine
  • remotely access hardware asset information
  • provide serial-over-LAN (SoL) console redirection
  • provide out-of-band alerts to administrators
  • provide a secure TLS tunnel between the administrator and the vPro PC

Combined, these features are designed to give the IT administrator a management layer that sits below and functions independent of the operating system (although Intel does offer tools to integrate AMT into operating systems like Windows 7).

Intel added KVM Remote Control in AMT 6.0 to give IT administrators complete access to the keyboard, video, and mouse of a target client. You're able to take control of a properly configured workstation, from distance, and diagnose it without even needing an operating system installed. Although AMT 6.0 launched with fairly limited KVM resolutions, AMT 6.1 (exposed on the DQ57TM) added accommodations for more detailed resolution settings, making management easier. It bears note that on many IPMI 2.0-based KVM-over-IP solutions found on server motherboards, you're often limited to something like 800x600, constraining the view of a client machine. That's not really a problem for servers (many of which operate headlessly anyway). In a desktop environment, though, it's far less convenient. Currently, AMT 7.0 supports resolutions of up to 1920x1200.

One feature we weren't able to test (which is unfortunate, given the amount of attention Intel devotes to it) was Anti-Theft (AT) technology. Intel has had the ability to send a vPro-enabled PC a "poison pill" to brick it, should someone steal the machine. Really, this is most useful for mobile systems, and less so on the desktop.

In AMT 7.0, Intel makes it possible to use a 3G cellular signal to send that remote kill command, greatly improving your chances of deactivating a stolen computer before it gives up any sensitive information. Administrators can use similar technology to reactivate the computer once it is recovered.

  • cngledad
    Can I suggest an article comparing different remote access tools we can use? From the freeware TeamViewer, VNC Viewer to such things like WebEx? I think that would be a very good topic.
  • ^^Don't forget Logmein Rescue which has vPro support.
  • pro-gamer
    intel man please give me a job.
    Intels rock
  • NirXY
    Glad to see you made it to publish day, was waiting for this piece.
    Looking great !
  • One correction: DQ57TM *does* contain a v1.2 TPM, the same as found on DQ67SW and DQ67EP. It's required to be vPro compliant (necessary for Intel TXT).
  • jhansonxi
    Nifty but I don't like the single-vendor lock-in. I can see real improvements in IT efficiency if this was combined with AoE. Would like to see SSH support, however.
  • extremepcs
    Hopefully they have improved the activation mechanism. Kind of a PITA if you don't buy a certificate from a trusted CA. I used an internal cert and had to activate each machine by booting from a flash drive.
  • chovav
    If my hard drive is encrypted using TrueCrypt pre-boot authentication, would I be able to fill in the password using Intels vPro?
  • jowunger
    The voice of the guy in the video is bad. The guy talks like he is speedreading a book...
  • cangelini
    cdw-vproOne correction: DQ57TM *does* contain a v1.2 TPM, the same as found on DQ67SW and DQ67EP. It's required to be vPro compliant (necessary for Intel TXT).
    Fixed, thanks!