I hope, I am asking in the correct place: My question is regarding Intel AMT v9 technology. I have only one PC which is app 300 KM far from me. To have as good control over it as possible, I have decided to control it using Intel AMT. My configuration uses Intel AMT 9.
I can access the PC without problems through Intel AMT KVM through un-encrypted connection. However, I want to be able to access the PC securely. Here are my questions:
As I use software firewall on the remote PC, I can not use a VPN channel through a router or a firewall, which would protect the Intel AMT communication. I would really take advantage of encrypted Intel AMT technology.
Thank you very much for your responses.
You can use the "Director" which is part of the Manageability Developer Toolkit for proviaioning a single AMT Client that requires TLS. You can also use Power shell to install the certificates. (Links below)
The provisioning server only needs to be running if you are in the process of configuring your system so you don't need to have it running after that.
But if your system is far away, it sounds like you need to configure a "Manageability Presence Server" as described in the Implementation and Reference guide (link below)
Here is some information on configuring the KVM:
And the Start Here guide also talks about TLS and KVM:
Thank you for your help. I have a question that I think is related to the original post. I have a home computer that I would like to use Intel AMT KVM on. I have seen a few guides on setting it up and have no problem using port forwarding in my home router for 16992-95...and 15900 i suppose for VNC. I saw that you were talking about an MPS. This seems like an appropriate solution if you're behind and enterprise firewall. What if I'm just using this on a home computer and opening those ports to the Internet to manage my home computer remotely? Is that a major security issue? I'm trying to figure out the best and preferably safest way to connect to my computer remotely with the two options I'm considering being vPro or using Microsoft's RDP or some combination there of to be able to power on remotely and then access the OS fluidly.
Hey Helo f,
MPS is not the right solution for what you are trying to accomplish, as it is used for user initiated calls for help.
The only ports you need worry about are 16992-16995 and possibly 5900 (if you set up the RDB password).
In your instance, I would suggest taking a look at meshcentral.com (free) as it should be able to provide what you are looking for in regards to vPro KVM.