Intel® Business Client Software Development
Support for Intel® vPro™ software development and technologies associated with Intel vPro platforms.
1381 Discussions

Why use an MPS?

mugwump
Beginner
‎07-17-2009 10:31 AM
457 Views
I'm reading through the Remote Access Overview and don't really understand the point of using an MPS. Why not just have your management console handle the tunneling with the AMT device directly? Why the extra level of indirection?

There is a passage that says "The MPS uses the Intel AMT port forwarding protocol (APF) built into the Intel AMT platform to differentiate between different management console sessions." Does this mean that a management console is only able to deal with one AMT device at a time? That sounds like a huge limitation.

Edit:

I guess the MPS is needed to send out EventNotificationRequest() messages... and I guess it can send these to itself? And then you somehow query for an AMT_UserInitiatedConnectionService to use the connection?
0 Kudos

Link Copied

3 Replies
Gael_H_Intel
Moderator
‎07-17-2009 11:10 AM
457 Views
Quoting - mugwump
I'm reading through the Remote Access Overview and don't really understand the point of using an MPS. Why not just have your management console handle the tunneling with the AMT device directly? Why the extra level of indirection?

There is a passage that says "The MPS uses the Intel AMT port forwarding protocol (APF) built into the Intel AMT platform to differentiate between different management console sessions." Does this mean that a management console is only able to deal with one AMT device at a time? That sounds like a huge limitation.

Edit:

I guess the MPS is needed to send out EventNotificationRequest() messages... and I guess it can send these to itself? And then you somehow query for an AMT_UserInitiatedConnectionService to use the connection?

Hi,
You would need to have an MPS in the event that your management console resides in a corporate network, behind a firewall (for example) AND you want to be able to use the Out of Band Capabilities of Intel AMT. The MPS would sit inside the DMZ so that it can access both the AMT system outside the corporate network as well as the management console that is inside the Corporate network.

If the system that you want to manage is outside the corporate firewall and you want to be able to manage it without having Out of Band capabilities, you can simply enable Environment Detection along with the VPN routing option and the Management Console will be able to manage the AMT system.
0 Kudos
Copy link
mugwump
Beginner
‎07-17-2009 01:15 PM
457 Views

Hi,
You would need to have an MPS in the event that your management console resides in a corporate network, behind a firewall (for example) AND you want to be able to use the Out of Band Capabilities of Intel AMT. The MPS would sit inside the DMZ so that it can access both the AMT system outside the corporate network as well as the management console that is inside the Corporate network.

If the system that you want to manage is outside the corporate firewall and you want to be able to manage it without having Out of Band capabilities, you can simply enable Environment Detection along with the VPN routing option and the Management Console will be able to manage the AMT system.

Ok, thanks
0 Kudos
Copy link
Andrew_S_Intel2
Employee
‎07-20-2009 04:09 PM
457 Views
Quoting - mugwump

I'm reading through the Remote Access Overview and don't really understand the point of using an MPS. Why not just have your management console handle the tunneling with the AMT device directly? Why the extra level of indirection?

There is a passage that says "The MPS uses the Intel AMT port forwarding protocol (APF) built into the Intel AMT platform to differentiate between different management console sessions." Does this mean that a management console is only able to deal with one AMT device at a time? That sounds like a huge limitation.

Edit:

I guess the MPS is needed to send out EventNotificationRequest() messages... and I guess it can send these to itself? And then you somehow query for an AMT_UserInitiatedConnectionService to use the connection?

The primary reason architecturally for seperating out the MPS is that for most deployments, an IT shop wouldn't want to put their management server within the DMZ (especially if they're also using it to manage systems within the corporate environment).

And no, the management console isn't limited to dealing with one AMT device at a time, regardless of whether Remote Access is being used. If remote access is being used, it's possible to deal with multiple AMT devices, even through multiple MPS's if need be. What's being refered to about distinguishing between different managment console session is what allows a given AMT system to handle requests from multiple management consoles simultaneously if need be. With the exception of SOL and IDE-R functionality, the nature of that functionality dictates one active connection on the AMT system side.

The event notification request messages would be sent from the MPSto the Management Console/Server, to allow the Console/Server to know an AMT system was available without needing to poll the MPS server. Once an AMT system is connected to the MPS, the Management console talks to the MPS just like it's the AMT system, and the MPS handles forwarding the traffic.
0 Kudos
Copy link
Reply

Community support is provided during standard business hours (Monday to Friday 7AM - 5PM PST). Other contact methods are available here.

Intel does not verify all solutions, including but not limited to any file transfers that may appear in this community. Accordingly, Intel disclaims all express and implied warranties, including without limitation, the implied warranties of merchantability, fitness for a particular purpose, and non-infringement, as well as any warranty arising from course of performance, course of dealing, or usage in trade.

For more complete information about compiler optimizations, see our Optimization Notice.