This document contains information that aids developers in getting started with implementing Intel® Active Management Technology (Intel® AMT). It provides an overview of the features in various versions of Intel AMT, as well as information on minimum system requirements, how to configure an Intel AMT client, and the various developer tools that are available to help program for Intel AMT. It also introduces the samples that are provided for use with Intel AMT and how to use them.

Intel AMT supports remote applications running on Windows* or Linux*. Intel AMT Release 1.0 supports both Linux and Windows local applications. Intel AMT Release 2.0 and higher support only Windows-based local applications. For a complete list of system requirements, see the "User Guide" document.

Note: Releases 2.5 and 3.0 are concurrent releases, with Release 2.5 supporting Wireless capabilities on Mobile Platforms and Release 3.0 supporting wired PCs.

The following table summarizes key features provided by various releases of Intel AMT:

Intel® AMT Release 1.0 Features	Intel AMT Release 2.0/2.1 Features	Intel AMT Release 2.2	Intel AMT Release 2.5 Features	Intel AMT Release 3.0 Features
Hardware inventory Persistent ID Remote boot SOL / IDE-R Event management 3rd Party Data Store Built-in web server Flash protection Firmware update TCP/IP, SOAP/XML (EOI) HTTP Digest, TLS Static & dynamic IP Local interface: KCS	Includes all Release 1.0 features, plus: System defense Agent presence Moved into the chipset Power policies Mutual authentication Kerberos FW update product TLS-PSK Local interface: MEI Privacy icon (Release 2.1) ME Wake-on-LAN (Release 2.1)	Includes all Release 2.1 features plus: AMT 2.2:  Remote configuration	Includes all Release 2.1 features, plus: Wireless Configuration Endpoint Access Control (EAC) 802.1x Power packages Environment Detection	Includes all release 2.5 features (except wireless support), plus: System Defense heuristics WS-Management Interface VLAN settings for Intel AMT network interfaces Remote Configuration

In order to begin compiling or running samples from the SDK, it is necessary to have a separate system to use as a management console for remotely managing your Intel AMT client.

Setup and Configuration is the process that makes Intel AMT features accessible to management applications. Intel AMT devices are by default delivered in an un-configured state. Before management applications can access an Intel AMT device, the device must be populated with various configuration settings. There are a several ways to configure an AMT System:

• Purchase configured (pre-provisioned) systems from your OEM.
• Use a USB key in conjunction with a setup and configuration server console (discussed below) for one-touch deployment.  (For Enterprise Mode only)
• Manually enter the data into the MEBx (Management Engine BIOS Extension) setup module (Small Business Mode)
• Use the new Remote Configuration Method in conjunction with the various updated Provisioning tool.  (Check your version of the tools to make sure your’s are capable of this feature.)

Intel AMT supports two provisioning models: Enterprise Mode and Small Business Mode. Small Business Mode is very simple to set up from within the AMT Configuration screens from within the MEBX (BIOS Extensions.)

Enterprise Mode setup supports secure communication using Transport-Level Security (TLS), and PID/PPS keys.  Provisioning in Enterprise mode is always done via some Setup and Configuration application, such as the Intel SCS, the Intel AMT Commander, or by another vendor’s application that might have a provisioning server integrated in to it.  Note that provisioning is not possible from a wireless interface. Part of the setup process involves adding credential data generated by Intel SCS to the BIOS of the client PC, which can be accomplished using either 'one-touch' or a 'zero-touch' configuration mode. One-touch configuration requires physical contact with the PC, whereas remote configuration does not.  To read more about the various tools that can be used to provision an AMT Client see the Intel Software Network Blog Entry: Intel® SCS, SCA, DTK as Provisioning Tools

Note: Remote Configuration is supported in Intel AMT Release 2.2. and AMT 3.0.

One-touch mode requires an administrator to enter credential data to the client PC, either by saving data to a USB key and then using that key to boot the PC (note that the AMT Client must still have it’s default password for the ME) or by manually keying the information into the system's BIOS screens. In zero-touch mode, the PC's BIOS is populated with an encryption key at the time of manufacture that enables the PC to establish an unattended, secure connection with the Intel SCS server in order to obtain the credential data.

The choice between these two modes provides enhanced flexibility. Remote Configuration provides convenience that may help to cut deployment costs, especially in remote-site scenarios. Because one-touch configuration does not require the use of an encryption key that is known by a third party (the PC manufacturer), it may provide a somewhat higher level of security.

Small Business Mode which does not support TLS-based communication, is used when sufficient infrastructure is not available to support Enterprise Mode setup (which is recommended). In this mode, setup is carried out using browser access to a web server within the Intel AMT device. For more information on Small Business setup, see the "Small Business Setup and Configuration User Manual."

Note: While management of Intel AMT capable PCs under Intel AMT Release 2.5 can be done over the wireless interface, initial setup and configuration must be completed over the wired interface.

Specific parameters must be set in the BIOS of the Intel AMT capable PC prior to being managed using Intel AMT functionality. Because BIOS implementations vary by PC manufacturer, system documentation and the manufacturer web site should be consulted for specific configuration details. Particular attention should be paid to verify correctness of Serial-over-LAN (SOL) and IDE-Redirection (IDE-R) settings. As part of this phase of the setup process, system administrators should also update the firmware on the AMT Client to the latest version.  Also, in the ME Configuration windows, when choosing Manageability Features, be sure to enable the Intel® AMT option. Please check with your system manufacturer’s documentation on various BIOS configuration steps necessary for using Intel AMT functionality.

The Intel Management Engine BIOS Extension screen can be used to enable either Intel AMT or ASF2.0, not both. Entering the MEBx (BIOS Extensions) may vary upon various OEM’s implementations.  While one may embed the ME/AMT configurations inside the BIOS, others may display a message during bootup to enter CTRL-P to access these menus.  Some may have an option inside the BIOS that hides or shows the CTRL-P during bootup.  Not seeing the CTRL-P message may also be an indicator that the Firmware and associated drivers are not matching up.

1. Enter the MEBx default password (“admin”)
2. Change the default password to a new value. Note: The Intel Management Engine password must be a strong password.
3. Select Intel ME configuration
4. A warning message will be displayed saying that a reset will occur after configuration is complete. Enter “Y”
5. Select Intel ME State Control and set the state to “Enabled”
6. Select Intel ME firmware local update qualifier and set the state to “Always Open”
7. Select Intel ME features control and then select Manageability feature selection
8. Select Intel AMT and return to previous menu
9. Select Intel ME power control and set the following states:
   1. Intel ME state upon initial power on = ON
   2. Intel ME ON in Host Sleep States = ALWAYS
   3. LAN Power Well = WOL_EN pin
   4. Intel ME Visual LED indicator = ON
10. Return to previous menu (twice)
11. Exit
12. After the initial boot screen, enter <Ctrl-P> to enter the Intel Management Engine Setup (now the Intel AMT settings will appear.)

Execute the following instructions after the instructions under Intel ME Configuration have been executed.  Note that menu options may vary depending on the OEM’s implementation of the BIOS.  Host name and domain name should be the same as what was configured in the OS (or what will be configured in the OS.)  Also a new requirement starting with AMT2.5 is that using static IP is no longer allowed.

1. Select Intel AMT Configuration
2. Select Host Name and enter the same name as for the OS Host name
3. Select TCP/IP: Disable Network Interface > N
4. [DHCP Enabled] Disable DHCP: > N
5. Domain name> Example: amt.intel.com
6. Select VLAN: [VLAN Disabled] Enable VLAN: > (Do nothing with this option)
7. Select SOL/IDE-R: A warning message will be displayed saying that a reset will occur after configuration is complete. Enter “Y”
8. Username & Password: Enabled
9. Serial Over LAN: Enabled
10. IDE Redirection: Enabled
11. Remote Firmware Update: Enabled
12. Return to previous menu, exit and save
13. Upon rebooting, there should be a message that says Intel AMT has been configured.

In addition to having the BIOS and ME extensions set up correctly, there are also certain drivers and services that must be installed and running in order to activate Intel AMT once it has been properly configured.  In order to verify that the AMT drivers and services are loaded correctly, look for them in the Device Manger and in the Services.  Note that there should be a CD included with every Intel AMT systems that includes all of the required Firmware and Drivers.  Be sure to check the OEM’s download site frequently for upgraded versions of the BIOS, Firmware and Drivers. 

• Intel 82566DM Network Interface Controller
• Intel Management Engine Interface  (aka HECI driver)
• Serial-Over-Lan (SOL) Driver             
• IDE-Redirect Controller
• IDE-Redirect CD-ROM and Floppy during Redirection  Session in Device Manager
• Intel® Active Management Technology LMS Service
• Intel® AMT System Status Service

Note: The version level of the drivers must match up to the version level of the Firmware and BIOS.  If non-compatible versions are installed, Intel AMT will not work.

Intel 82566DM Network Interface Controller:

 

Intel® Management Engine Interface:

Serial-Over-Lan (SOL) Driver:

             

IDE-Redirect Controller

IDE-Redirect CD-ROM and Floppy during Redirection  Session in Device Manager:

Intel® Active Management Technology LMS Service

Intel® AMT System Status Service

The following Status Box will appear when the Intel® AMT System Status service is running and Intel AMT Configured correctly.

 

Intel makes a powerful set of tools available to software makers that help facilitate the integration of Intel AMT into network-manageability applications. All of these tools are available free of charge from the Intel® Manageability Developer Community using the links provided below:

• Intel AMT Software Development Kit (SDK) provides the low-level programming capabilities to enable developers to build manageability applications that take full advantage of Intel AMT.  Inside the SDK is the full set of documentation and sample code and APIs needed for implementing Intel AMT.
• Intel AMT Developer Toolkit (DTK) provides a sample management console application and client-side agent written in C#, plus a tool to check network status of Intel AMT machines.  Note that this particular tool is not to be considered a product and there is no support – consider this as a free download which can be used to “take Intel AMT for a drive.”  This tool is intended for developers who wish to test AMT features without having to write the code themselves.
• Intel AMT Reference Design Kit (RDK) is an older version of the DTK, written in Java*; it is no longer being maintained for the latest versions of Intel AMT.  Use this only for examples of code written in Java.
• Intel AMT Setup and Configuration Service (SCS) automates the task of populating Intel AMT platforms with credentials and parameters that enable them to be administered remotely (Enterprise Mode.)  This tool can either be used as a standalone application or it can be integrated into a larger Enterprise Application. 

The Intel AMT SDK provides sample code and a set of application programming interfaces (APIs) that let developers easily and quickly incorporate Intel AMT support into their applications. The SDK supports a wide variety of programming languages on both Microsoft Windows and Linux operating systems. Both the RDK and the DTK use the APIs provided in the SDK, although the RDK uses an older version of the SDK and does not provide an up-to-date representation of Intel AMT's capabilities. Use the most recent release of the SDK to integrate Intel AMT into your application.

The SDK is delivered as a set of directories that can be copied to a location of the developer's choice on the development system. Because of interdependencies between components, the directory structure should be copied in its entirety. There are three folders at the top level: one called Docs (which contains SDK documentation), and one each for Linux and Windows (which contain all of the sample code.) For more information regarding the directory structure and contents, see the "Intel® Active Management Technology Software Development Kit (SDK) User Guide." For a complete list of SDK documents and their descriptions, see the "Intel® Active Management Technology Overview."

In order to get started working with the SDK, the following software must be installed:

• Microsoft Platform SDK (http://msdn.microsoft.com/platformsdk*)
• Microsoft Visual Studio 2005*
  
  Note: MSVS 2005* is used starting with the 3.0 SDK.  Previous versions require MSVS 2003.

Once the above software is installed, set up the project directories as listed in the User Guide. The User Guide also has important instructions on how to build the Storage samples.

The Intel AMT DTK complements the SDK with three interrelated components. The first of these, the Commander Console Tool, is a sample Intel AMT console to discover and manage business PCs. The second component, the Outpost Agent Tool, is a sample software agent that runs on an Intel AMT enabled business PC. The third component, the Network Status Tool, can determine whether a selected network interface is up or down, which is useful for demonstrations of network policies and filters.

The DTK is written in C# for use on machines running Windows. It is actively maintained by Intel to add new features on a regular basis, as well as to support the latest capabilities of Intel AMT as they are introduced. The source code is freely available, providing a head start for developers to incorporate Intel AMT functionality into their applications. It also provides a readily accessible means of seeing how new Intel AMT features work from the developer's perspective.

The Intel AMT RDK is similar to the DTK, except that it is written in Java on Linux. Intel no longer actively maintains the RDK, so it does not support many of the newer features of Intel AMT. It does, however, provide a point of departure for developers to work with Java components for Intel AMT. These Java-based building blocks allow developers to manipulate the software functionality without concern for implementation details. Like the DTK, the contents of the RDK are open source, so parts can readily be modified.

The Intel AMT Setup and Configuration Service (SCS) provides a Windows service that automates the process of configuring Intel AMT capable PCs in Enterprise mode (only) to connect them with the managed network. Specifically, it automatically and securely populates Intel AMT managed platforms with the usernames, passwords, and network parameters that enable the platforms to be administered remotely. Software makers can easily incorporate this service into their management software, simplifying implementation for their customers.

In addition to the Intel SCS main Windows service, which communicates with Intel AMT enabled devices via a SOAP API, Intel SCS also provides an open source sample console application. This simple console, which ships with full source code, is useful either as a reference application for software makers or as the basis for a more fully featured management application.

Starting with the Intel AMT SDK 3.0, the SCS will be included inside the “ThirdParty” Folder.

Note: The Intel® AMT emulator has been deprecated and should no longer be used. This software-based simulation of Intel AMT functionality was created for the use of developers before Intel AMT capable PCs became generally available. It will not be included in future revisions of the SDK.

In order to help guide software developers in writing their own Intel AMT applications, the SDK contains the following code samples:

Sample Name	Description
AgentPresence	Agent Presence Sample and Sample Agent
AgentPresenceAPI	Agent Presence API Sample
AssetDisplay	Asset Display Sample
System Defense	System Defense Sample (Also known as Circuit Breaker)
Configuration	Sample Configuration Server
Discovery	Discovery Sample
EventManager	Event Manager Sample
gSoapGeneratedCode	Contains mapping and header files and soapC.cpp, providing a unified namespace for all the WSDLs and used by all the sample programs.
GeneralInfo	General Information Sample
HostInfoSample	Sample use of the host information interface
Java_RemoteControl	Example of remote control using Java
NAC_PVS	Sample that interprets a NAC posture
NameResolveSample	Name Resolve Sample
NetworkAdministration	Network Administration Sample
Redirection	Redirection Sample
RedirectionConfig	Enables the Redirection Service
RemoteControl	Remote Control Sample (Includes x64 support)
Security Administration	Security Administration Sample
StorageAdmin	Storage Administration Sample
StorageSamples	Sample use of the ISV Storage API
WirelessConfiguration	Wireless Configuration Sample
Intel AMT WS-Management SDK	Software Development Kit used for implementing WS-MAN (includes samples for AgentPresense, AssetDisplay, NetworkAdministration, RemoteControl, SecurityAdmin, Storage, StorageAdministration and System defense.

Also be sure to read the readme files in each folder before attempting to build the solutions. The samples have dependencies with the WSDL functions, which are located in ThirdParty Folder located in the SDK, and therefore the "makewsdl.bat" file must be run prior to building the sample code (in each Sample's folder.)

The bin folder contains pre-built executables for all the samples. In order to run them, bring up a command line and type in the name, without any arguments. Doing this will bring up a help screen that lists all the options that can be used when running that particular sample.

New to Intel® AMT?  Please look through the Overview.pdf and the UserGuide.pdf in the Docs folder of the AMT SDK before going further.  The User Guide.pdf also covers which samples are provided for Linux and how to set up MSVS 2005 in order to successfully build the sample code.