We are trying to use the 3PDS area to pass information between agents
on a local client and agents on a remote server. In order to not have
to deal with group permissions, etc, I felt a short cut would be to
have both the local and remote agents register with the 3PDS using
a common set of credentials (i.e. the same vendor name, application
name, enterprise name and UUID). That way, any blocks allocated by
one of the agents would be accessible by any other agent.
If the remote machine performs the first registration with this common
vendor name, UUID, etc, then any other remote machine (I have tried two
machines so far) can also register with these common credentials. The local
machine however is not able to register with the same common credentials.
Conversely, if the local machine does the initial registration, then no
remote machines are able to register with the common credentials.
Am I correct in assuming that when an application is first registered with the
3PDS, AMT also records if the registration was from a local or remote source?
If so, does it then only allow either local or remote (depending on
who got in first) to register with the same credentials?
I think you are correct, you should not use the same UUID for both local and remote. Use everything else the same but use a different UUID and you will need to set permissions on the block so that it is visible and read/write is allowed for same enterprise, vendors & application name.
Generally I recommand playing arround with Intel AMT Commander and Intel AMT Outpost before using 3PDS, because it's not as easy as people initially think it is. You can using Intel AMT Outpost to register as an "Enterprise/Vendor/App/UUID" and see all the blocks. Intel AMT Commander will automaticaly log into 3PDS using every "Enterprise/Vendors/App" that exists on the computer, but will always use a UUID of all zeros. This is way, for the most part, Commander can see all the blocks... it pretends to be each application.
Hope this helps,
Ylian (Intel AMT Blog)
Thanks for your response.
Actually, you can use the same UUID if you use different, say, application names. As long as the four values are not the same, then things work. I just found it interesting that AMT differentiates between local and remote connections and stores the connection source with the initial 3PDS application registration. However, all registrations within their separate and respective local/remote domains are treated equally.
To be honest, I have never had much success with getting AMT Outpost to work. I ended up creating a permission group with read/write access to all vendors of the same name using my now rewritten version of the Intel AMT storage library.
For testing, I had already been enumerating all storage blocks by registering with a null UUID as AMT Commander appears to be doing. This allows you to enumerate all the blocks, however, you are not able to read their contents if they have not had a permission group created allowing such read access. You can view the block if you register with the same UUID, etc as the application that first allocated the block, as long as you register from the same remote/local domain (i.e., my initial observation).