Intel® Business Client Software Development
Support for Intel® vPro™ software development and technologies associated with Intel vPro platforms.

Some questions regarding the AMT firware

adrianfreemantle
Beginner
1,204 Views

Hi everyone,

I have some questions that i cant seem to find any answers too, hopefully someone can assist me.

  1. What happens in the event of a AMT client with two onboard network adapters. Will both support AMT? What could be affected by such an implimentation.
  2. Would an end user to able to run a network sniffing tool to intercept packets destined for the localAMT firmware or are the packets routed directly to to the firmware in such a way that a sniffer in promiscuous mode wont be able to detect them?
  3. What happens if a local application tries to bind to port 16992 or 16993?
  4. Is there any good documentation that explains the virtualisation technology? I am refering specifically to the Vpro technology that will allow applications to execute outside of the operating systems context.

Thank you for any answers you are able to provide.

0 Kudos
5 Replies
Gael_H_Intel
Moderator
1,204 Views

1. What happens in the event of a AMT client with two onboard network adapters. Will both support AMT? What could be affected by such an implimentation.

This breaks vPro. The vPro logo allows only ONE onboard adapter.

2. Would an end user to able to run a network sniffing tool to intercept packets destined for the localAMT firmware or are the packets routed directly to to the firmware in such a way that a sniffer in promiscuous mode wont be able to detect them?

The network is of course the preexisting corporate network and we cannot prevent sniffing. This is the reason we recommend using TLS which encrypts network traffic, and enforce at least the use of HTTP Digest which hashes the AMT password.

What happens if a local application tries to bind to port 16992 or 16993?

Not recommended J we have registered these ports at IANA and nobody else i s allowed to use them.

On your Question number 4 - our Virtual Applianceis still in development so I am not aware of anything publicly available at the moment.

I hope this helps.

0 Kudos
Gael_H_Intel
Moderator
1,204 Views

You might want to take a look at this white paper that is on our download.intel.com site in regards to your Question number 4: http://download.intel.com/business/vpro/pdfs/vpro_wp.pdf

See page 12+

0 Kudos
fred_wilma
Beginner
1,204 Views
MADgtholmes:

1. What happens in the event of a AMT client with two onboard network adapters. Will both support AMT? What could be affected by such an implimentation.

This breaks vPro. The vPro logo allows only ONE onboard adapter.



This is wrong.
AMT2.0 or AMT2.1based platforms (aka Broadwater) may have many adapters (PCI or onboard), but only one (Intel 82566 Gigabit) will support AMT.
In addition, AMT2.5 based platforms (aka Santa Rosa) have two onboard adapters (wired and wireless) that support manageability.

0 Kudos
adrianfreemantle
Beginner
1,204 Views

Thank you for the answers,

With regards to the answer on multiple adapters, i want to make sure i understand this correctly. There can be multiple adapters but only one onboard and the wireless adapter will support AMT?

How does this affect the System Defence (Circuit Breaker) interface? The way i understand this itmeans that this particular interface looses much of its usefullness as we can isolate one of the physical adapters and the wireless adapter, but the rest will be imune to these isolation policies.

0 Kudos
fred_wilma
Beginner
1,204 Views

Lets say you have 965 chipset based board, that means you have AMT 2.1 support. Then you plugged three more PCI NICs into the motherboard and one into the USB port. So now you have 5 network adapters in your system, but only one of them supports manageability. This means that SD will control only traffic that comes through this particular NIC.

0 Kudos
Reply