Goldbolt: Created page with "Intel Active Management Technology is hardware and firmware for remote out-of-band management of select business computers, running on the Intel Management Engine, a separate..."

2020-11-23T21:22:10Z

Created page with "Intel Active Management Technology is hardware and firmware for remote out-of-band management of select business computers, running on the Intel Management Engine, a separate..."

New page

Intel Active Management Technology is hardware and firmware for remote out-of-band management of select business computers, running on the Intel Management Engine, a separate microprocessor not exposed to the user, in order to monitor, maintain, update, upgrade, and repair them. Out-of-band (OOB) or hardware-based management is different from software-based (or in-band) management and software management agents.

Intel AMT includes hardware-based remote management, security, power management, and remote configuration features that enable independent remote access to AMT-enabled PCs. Intel AMT is security and management technology that is built into PCs with Intel vPro technology.

Hardware-based AMT features on desktop PCs include:

* Encrypted, remote communication channel for network traffic between the IT console and Intel AMT.
* Ability for a wired PC (physically connected to the network) outside the company's firewall on an open LAN to establish a secure communication tunnel (via AMT) back to the IT console. Examples of an open LAN include a wired laptop at home or at an SMB site that does not have a proxy server.
* Remote power up / power down / power cycle through encrypted WOL.
* Remote boot, via integrated device electronics redirect (IDE-R)
* Console redirection, via serial over LAN (SOL)
* Keyboard, video, mouse (KVM) over network.
* Hardware-based filters for monitoring packet headers in inbound and outbound network traffic for known threats (based on programmable timers), and for monitoring known / unknown threats based on time-based heuristics. Laptops and desktop PCs have filters to monitor packet headers. Desktop PCs have packet-header filters and time-based filters.
* Isolation circuitry (previously and unofficially called "circuit breaker" by Intel) to port-block, rate-limit, or fully isolate a PC that might be compromised or infected.
* Agent presence checking, via hardware-based, policy-based programmable timers. A "miss" generates an event; and this can also generate an alert.
* OOB alerting.
* Persistent event log, stored in protected memory (not on the hard drive).
* Access (preboot) the PC's universal unique identifier (UUID).
* Access (preboot) hardware asset information, such as a component's manufacturer and model, which is updated every time the system goes through power-on self-test (POST).
* Access (preboot) to third-party data store (TPDS), a protected memory area that software vendors can use, in which to version information, .DAT files, and other information.
* Remote configuration options, including certificate-based zero-touch remote configuration, USB key configuration (light-touch), and manual configuration.
* Protected Audio/Video Pathway for playback protection of DRM-protected media.

Active Management Technology (AMT) - Revision history

Goldbolt: Created page with "Intel Active Management Technology is hardware and firmware for remote out-of-band management of select business computers, running on the Intel Management Engine, a separate..."