Community
cancel
Showing results for 
Search instead for 
Did you mean: 
mugwump
Beginner
54 Views

Why use an MPS?

I'm reading through the Remote Access Overview and don't really understand the point of using an MPS. Why not just have your management console handle the tunneling with the AMT device directly? Why the extra level of indirection?

There is a passage that says "The MPS uses the Intel AMT port forwarding protocol (APF) built into the Intel AMT platform to differentiate between different management console sessions." Does this mean that a management console is only able to deal with one AMT device at a time? That sounds like a huge limitation.

Edit:

I guess the MPS is needed to send out EventNotificationRequest() messages... and I guess it can send these to itself? And then you somehow query for an AMT_UserInitiatedConnectionService to use the connection?
0 Kudos
3 Replies
Gael_H_Intel
Moderator
54 Views

Quoting - mugwump
I'm reading through the Remote Access Overview and don't really understand the point of using an MPS. Why not just have your management console handle the tunneling with the AMT device directly? Why the extra level of indirection?

There is a passage that says "The MPS uses the Intel AMT port forwarding protocol (APF) built into the Intel AMT platform to differentiate between different management console sessions." Does this mean that a management console is only able to deal with one AMT device at a time? That sounds like a huge limitation.

Edit:

I guess the MPS is needed to send out EventNotificationRequest() messages... and I guess it can send these to itself? And then you somehow query for an AMT_UserInitiatedConnectionService to use the connection?

Hi,
You would need to have an MPS in the event that your management console resides in a corporate network, behind a firewall (for example) AND you want to be able to use the Out of Band Capabilities of Intel AMT. The MPS would sit inside the DMZ so that it can access both the AMT system outside the corporate network as well as the management console that is inside the Corporate network.

If the system that you want to manage is outside the corporate firewall and you want to be able to manage it without having Out of Band capabilities, you can simply enable Environment Detection along with the VPN routing option and the Management Console will be able to manage the AMT system.
mugwump
Beginner
54 Views


Hi,
You would need to have an MPS in the event that your management console resides in a corporate network, behind a firewall (for example) AND you want to be able to use the Out of Band Capabilities of Intel AMT. The MPS would sit inside the DMZ so that it can access both the AMT system outside the corporate network as well as the management console that is inside the Corporate network.

If the system that you want to manage is outside the corporate firewall and you want to be able to manage it without having Out of Band capabilities, you can simply enable Environment Detection along with the VPN routing option and the Management Console will be able to manage the AMT system.

Ok, thanks
Andrew_S_Intel2
Employee
54 Views

Quoting - mugwump

I'm reading through the Remote Access Overview and don't really understand the point of using an MPS. Why not just have your management console handle the tunneling with the AMT device directly? Why the extra level of indirection?

There is a passage that says "The MPS uses the Intel AMT port forwarding protocol (APF) built into the Intel AMT platform to differentiate between different management console sessions." Does this mean that a management console is only able to deal with one AMT device at a time? That sounds like a huge limitation.

Edit:

I guess the MPS is needed to send out EventNotificationRequest() messages... and I guess it can send these to itself? And then you somehow query for an AMT_UserInitiatedConnectionService to use the connection?

The primary reason architecturally for seperating out the MPS is that for most deployments, an IT shop wouldn't want to put their management server within the DMZ (especially if they're also using it to manage systems within the corporate environment).

And no, the management console isn't limited to dealing with one AMT device at a time, regardless of whether Remote Access is being used. If remote access is being used, it's possible to deal with multiple AMT devices, even through multiple MPS's if need be. What's being refered to about distinguishing between different managment console session is what allows a given AMT system to handle requests from multiple management consoles simultaneously if need be. With the exception of SOL and IDE-R functionality, the nature of that functionality dictates one active connection on the AMT system side.

The event notification request messages would be sent from the MPSto the Management Console/Server, to allow the Console/Server to know an AMT system was available without needing to poll the MPS server. Once an AMT system is connected to the MPS, the Management console talks to the MPS just like it's the AMT system, and the MPS handles forwarding the traffic.
Reply