Intel® vPro™ Processor Technology

Intel® AMT Keyboard, Video & Mouse Remote Control

<Presenter’s Name>

Application Engineer

Software and Services Group

<month>, 2009

2Intel Confidential 2

Legal Disclaimer

Information in this document is provided in connection with Intel products. No license, express or implied, by personnel or otherwise, to any intellectual property rights is granted by this document. Except as provided in Intel's Terms and Conditions of Sale for such products, Intel assumes no liability whatsoever, and Intel disclaims any express or implied warranty, relating to sale and/or use of Intel products including liability or warranties relating to fitness for a particular purpose, merchantability, or infringement of any patent, copyright or other intellectual property right. Intel products are not intended for use in medical, life saving, or life sustaining applications.Intel may make changes to specifications and product descriptions at any time, without notice.

Designers must not rely on the absence or characteristics of any features or instructions marked "reserved" or "undefined." Intel reserves these for future definition and shall have no responsibility whatsoever for conflicts or incompatibilities arising from future changes to them.

Products referenced herein may be incomplete or contain errors known as errata which may cause the products to deviate from published specifications. Current characterized errata are available upon request.

Intel® Active Management Technology requires the computer have an Intel® AMT-enabled Intel chipset, network hardware and software, connection with a power source, and a network connection.

Intel® Virtualization Technology requires a computer system with an enabled Intel® processor, BIOS, virtual machine monitor (VMM) and for some uses, certain platform software enabled for it. Functionality, performance or other benefits will vary depending on hardware and software configurations. Intel Virtualization Technology-enabled BIOS and VMM applications are currently in development.

Copyright (c) Intel Corporation 2007-2009* Other names and brands may be claimed as the property of others.

3Intel Confidential 3

Expanding Redirection Capabilities

4Intel Confidential 4

Example Use-Cases

Console _ X

Computer State Comp A UnhealthyComp B OS unresponsiveComp C RebootingComp D OS Healthy

Select a machine to manage

Comp A Screen

Dsfsd.sys failed at mem location 0x1234hfhsMemory dump:3409afed 3409afed 3409afed 3409afed 3409afed 3409afed

Console

5Intel Confidential 5

Advantages of KVM Remote Control

6Intel Confidential 6

Terminology

Term Definition

KVM Server The KVM service running on the managed client.A KVM Server runs in the Intel® vPro™ management engine.

KVM Client The ISV console connecting to the KVM Server.

sprite A graphic overlay that is drawn directly to the monitor by the integrated hardware. Similar to volume / channel indication on television.

Intel® vPro™ System Remote Console

KVM Session RequestPasscode: 123456

Sprite Graphic

KVM Server

KVM Client

7Intel Confidential 7

Example Deployment FlowPrior to KVM Remote Control use, several steps with some notable options are required. This occurs in conjunction with Intel® vPro™ Setup & Configuration.

8Intel Confidential 8

Example KVM Remote Control Session

* Other names and brands may be claimed as the property of others.

Intel® vPro™ System Remote Console

Passcode

KVM

Passcode

SessionTerminated

9Intel Confidential 9

Example User Consent FlowBy default, the user must consent to each KVM Remote Control session. This may be disabled by:

•OEM

•During USB initiated setup

•User opts out through MEBx

•Optionally enabled / disabled remotely if allowed in MEBx

10Intel Confidential 10

Wireless ConnectivityManagement traffic passes through the host wireless driver when operational. (“Pipe” mode)

The management engine (ME) manages wireless connectivity when the host driver is absent. (“Operational” mode)

Intel® AMT implements “link sensitive” behavior during some use-cases to avoid connectivity interruptions.

Starting with Intel® AMT 6.0, you can control the link preference to fit your use-case through AMT_EthernetPortSettings.SetLinkPreference

11Intel Confidential 11

Simple Connection Option

12Intel Confidential 12

TLS

Enhanced Intel® AMT Connection

* Other names and brands may be claimed as the property of others.

13Intel Confidential 13

Protocols

* Other names and brands may be claimed as the property of others.

14Intel Confidential 14

Protocol & Viewer Options

Protocol Options Viewer Compatibility

* Other names and brands may be claimed as the property of others.† Compatibility depends on 3rd party implementation.

15Intel Confidential 15

SDK Components

* Other names and brands may be claimed as the property of others.

16Intel Confidential 16

Configuration (partial list)

17Intel Confidential 17

Architecture Considerations

ConsoleConsole

Console GUI

VNC Library

Intel® AMT Redirection

Proxy TLS

Integrated(SDK Sample)

ConsoleConsole

Console GUI

VNC Library

Central ServerCentral Server

Intel® AMT Redirection

Proxy

TLS

Distributed(Example #1)

Central ServerCentral Server

ConsoleConsole

Console GUI

VNC Library

Intel® AMT Redirection

Proxy

TLS

Distributed(Example #2)

18Intel Confidential 18

Discrete Graphics Considerations

KVM Requires Active, Integrated GraphicsKVM Requires Active, Integrated Graphics

19Intel Confidential 19

Summary

* Other names and brands may be claimed as the property of others.

20Intel Confidential 20

21Intel Confidential 21

BACKUP

22Intel Confidential 22

APF

TLS

Remote KVM Protocols

RFB

VNC* LibraryIntel®

Redirection Proxy

Intel® Remote

Connectivity Gateway

Intel® vPro™

Platform

* Other names and brands may be claimed as the property of others.

23Intel Confidential 23

Access Monitor – KVM Related Events

•KVM session start                

•KVM session end     

•KVM enable 

•KVM disable

•RFB password failed X times 

•KVM user consent options changed  

•RFB password changed

24Intel Confidential 24

Intel® Management and Security Status (IMSS) Enhancements•Display the enabled/disabled status of the KVM feature

•Indicate if there is an active KVM session

•Notify the user that a KVM session is starting

•Provide an option to stop the KVM session

•Select language for sprite messages

25Intel Confidential 25

User Consent Switches• Remote user consent control

through API

• IPS_KVMRedirectionSettingData -> OptInPolicy

•Must be allowed by firmware setting

• OEM sets the default

• OEM settings may be overridden by MEBx

OEM Setting: Allow Remote User Consent

Control

MEBx Setting: Allow Remote User Consent

Control

AMT Admin: User Consent

SettingUser Consent

KVM Session

No

Yes

Not Required

Required

Yes

No

DefaultSettings

26Intel Confidential 26

KVM BIOS/FW Settings Matrix

KVM Enabled (Y/N)

User Consent (On/Off)

Remote Config of User

Consent (On/Off)

Manual Touch for IT

(Yes/No)

Yes On On No

Yes Off On No

Yes On Off Yes

Yes Off Off Yes

No On or Off On or Off Yes

RecommendedOEM Settings

Good for IT, no touch

Bad for IT, requires touch