Hello. I've overviewed the RDK and API documentation and, if I'm not wrong, I can't specify the port for managing a PC, only the IP address. This means that, if I have several PCs behind a router with NAT sharing the IP address, I could only manage 1 PC, the one that has mapped the connections to ports 16992 ... 16995, isn't it?
You are correct, if, your IAMT management console does not allow you to change the default port numbers. This said, there are a few work arounds: Probably the best would be to get yourself a VPN router (I would recommand a Linksys WRT54GS with the DD-WRT firmware and use PPTP to VPN into your network. I use this at home and it's great). This solution is also way more secure if you run your computers in "Small Buisness Mode", since it will add encryption.
A different a also very good solution is to SSH into a computer on your network and use SSH tunneling to the computer you want to manage. This is also very secure, you can only manage one at a time, but it's easy to change the mapping.
Hello. I have some doubts about the workaround for accesing several PCs behind a VPN router with NAT without modifyng the administration console to support address with port.
To use VPN, I must configure the ADSL router to establish a permanent VPN connection to a VPN server in the console network, isn't it?
Then, will each PCs in the local LAN have a different address that could be used from the console, or will they still share the same address, in this case the address of the end of the VPN?
Will VPN allow incoming connections, unlike NAT?
If I develop a console that manages address with port, I'd could start from the RDK and it would be possible, I think, since most of it uses web services. But there are problems:
- redirection is based on a Intel propietary library and should replace it
- Perhaps information contained in alerts and events generated by AMT don't allow differenciate the PC that generates them
- Intel AMT RDK supports only SBM, isn't it?
When you have a VPN setup, you can address all of the machines on the private network just like if you where connected to the private network. So, it will certainly work. Youshould look at OpenVPN for example, it will do the job, but I have never used it myself. With a VPN, your remote computer will get an IP address from the private network and can fully interact with machines on the private network.
1. Ha yes, I just looked at the Intel libraries and you are correct, the port is fixed.
2. Alerts include the platform GUID and so, you should be ok.
3. That's correct.
In general, I would look into setting up a VPN. Even if you where to change the port numbers, it's not as elegent a solution as using a VPN.