I have problems to enable the generation of SoH messages in AMT machine. Details are described as following:
Follow "Intel AMT System Health Validator Sample" document in AMT SDK 18.104.22.168 to see how AMT can interact with MS NAP
We visited the official AMT download page, (http://software.intel.com/en-us/articles/intel-active-management-technology-downloads), and read the documents of Software Development kit (SDK), Manageability Developer Tool Kit (DTK), and Setup and Configuration Service (SCS). After gathering these information, we tried to build the client part on a Intel Centrino vPro machine. The machine runs on Vista, and we enabled Intel AMT from its BIOS settings.
*** How to enable our AMT machine to generate SoH messages by what tools?
In the section 5 of the document, "Intel Active Management Technology System Health Validator Sample" from SDK, the instruction is not clear enough for us to enable SoH generation in a Intel AMT machine. Our understanding is that, EndpointAccessControlAdminService is a web service related to the generation of SoH messages, and can be accessed via the WS-Management interface, but we don't know how to access the web service or the interface. Are there any tools which can be used to enable the SoH generation? or Is there any document that explains the generation of SoH messages in Intel AMT further?
NAP is not a simple technology so I assume that you are already very familiar with NAP operation independent of AMT. If this is not the case, please let me know. You mention that "...EndpointAccessControlAdminService is a web service related to the generation of SoH messages" but this is not correct. The EndpointAccessControlAdminService is the service used to configure EAC on AMT. This service is called by the tool you are using for provisioning. A SoH will be generated by AMT in active mode when a request is recieved by the enforement point in the network. This should be the same enforcement point that challenges your existing NAP agent.
If you are not currently supporting NAP in the host, may I ask what your goal is when using AMT in a NAP environment? Perhaps there is a more suitable solution to accomplish what you need. Allowing AMT on a network is far less risky than allowing Windows on your network. If the concern is securing the traffic to and from AMT, I'd suggest a simpler solution like TLS.