AMT Improves Security As Well As Remote Support
Because AMT is built in as hardware it can still make a connection when the PC is switched off and no OS is running - or if the PC is quarantined for security. Click the image to see a larger version.
Intel's Centrino Pro and vPro business systems from Intel now include Active Management Technology (AMT), a hardware subsystem that lets an IT department check or change the system configuration over the network, even if the PC isn't running. This speeds up fixing systems that have been compromised by malware, but AMT also has some specific security features to protect PCs and quarantine them if they're compromised by a virus.
AMT uses a small processor built into the network card or the northbridge of the processor chipset, called the Manageability Engine; the firmware for this is stored in the same flash memory as the BIOS. It uses a dedicated area of system memory to run the firmware. AMT is disabled by default, so you'll need to turn it on for each PC; an icon in the taskbar lets you know if it's running. When it's on, a Web server running in the Manageability Engine lets you see the status of the AMT system from a browser on another PC on the same network, as well as letting you turn the AMT PC on or off. It doesn't matter if the PC has crashed, because the Manageability Engine runs in S3 standby mode.
Active Management Technology uses the hardware network filters and out of band communications to detect problems and apply policy; you control the policy from the management console on another PC. Click the image to see a larger version.
With management software designed to work with AMT - like Symantec's Altiris products, Lenovo's Rescue and Recovery, HP OpenView and Microsoft System Management Center - you can reboot a PC, redirect it to boot from a network image to fix problems with the local OS, change BIOS settings, restart or update anti-virus software, install Windows updates, rebuild the hard drive, and delete suspicious applications. You can also get alerts for problems, and check what hardware and software is installed.
There are 32 inbound and outbound hardware filters in the network controller to monitor network traffic, and automatically quarantine PCs to block network traffic if a system is behaving as if it's spreading a virus. This functions even if the operating system isn't fully operational, so a virus can't protect itself by hanging Windows. Intel calls this a "circuit breaker", but like other AMT features, it needs management software that's written to use it. Symantec is developing a virtual security system that uses AMT to run its own embedded OS and security apps outside of Windows, where malicious software can't affect it.
The vPro platform is a combination of extra hardware features in the chipset, in the flash alongside the BIOS, in the network controller plus software to control these directly. Click the image to see a larger version.