Presentation is loading. Please wait.

Presentation is loading. Please wait.

Intel® AMT Keyboard, Video & Mouse Remote Control

Similar presentations


Presentation on theme: "Intel® AMT Keyboard, Video & Mouse Remote Control"— Presentation transcript:

1 Intel® AMT Keyboard, Video & Mouse Remote Control
<Presenter’s Name> Application Engineer Software and Services Group <month>, 2009

2 Legal Disclaimer Information in this document is provided in connection with Intel products. No license, express or implied, by personnel or otherwise, to any intellectual property rights is granted by this document. Except as provided in Intel's Terms and Conditions of Sale for such products, Intel assumes no liability whatsoever, and Intel disclaims any express or implied warranty, relating to sale and/or use of Intel products including liability or warranties relating to fitness for a particular purpose, merchantability, or infringement of any patent, copyright or other intellectual property right. Intel products are not intended for use in medical, life saving, or life sustaining applications. Intel may make changes to specifications and product descriptions at any time, without notice. Designers must not rely on the absence or characteristics of any features or instructions marked "reserved" or "undefined." Intel reserves these for future definition and shall have no responsibility whatsoever for conflicts or incompatibilities arising from future changes to them. Products referenced herein may be incomplete or contain errors known as errata which may cause the products to deviate from published specifications. Current characterized errata are available upon request. Intel® Active Management Technology requires the computer have an Intel® AMT-enabled Intel chipset, network hardware and software, connection with a power source, and a network connection. Intel® Virtualization Technology requires a computer system with an enabled Intel® processor, BIOS, virtual machine monitor (VMM) and for some uses, certain platform software enabled for it. Functionality, performance or other benefits will vary depending on hardware and software configurations. Intel Virtualization Technology-enabled BIOS and VMM applications are currently in development. Copyright (c) Intel Corporation * Other names and brands may be claimed as the property of others.

3 Expanding Redirection Capabilities
Current Support (Intel® AMT Release 5.x and earlier) IDE Redirection Serial Redirection Intel® AMT Release 6 IDE & Serial Redirection Keyboard, Video & Mouse (KVM) Remote Control

4 Select a machine to manage
Example Use-Cases OS Blue-screen OS Unresponsive Boot Process Corrupt Network Driver Console _ X Computer State Comp A Unhealthy Comp B OS unresponsive Comp C Rebooting Comp D OS Healthy Comp A Screen Dsfsd.sys failed at mem location 0x1234hfhs Memory dump: 3409afed 3409afed Select a machine to manage Console

5 Advantages of KVM Remote Control
Works in many situations OS malfunctions (hung, degraded response) BIOS level OS boot OS installation OS repair (safe mode, system restore) Virtual environments Corrupt network driver or Filtered network traffic Robust, hardware based solution Reduced hardware cost (compared to 3rd party hardware solutions)

6 Terminology Term Definition KVM Server
The KVM service running on the managed client. A KVM Server runs in the Intel® vPro™ management engine. KVM Client The ISV console connecting to the KVM Server. sprite A graphic overlay that is drawn directly to the monitor by the integrated hardware. Similar to volume / channel indication on television. Sprite Graphic KVM Client KVM Session Request Passcode: KVM Server Intel® vPro™ System Remote Console

7 Example Deployment Flow
System Received & Installed Physically deployed Intel® vPro™ Drivers / Services Installed Optional MEBx Settings (manual) KVM Disable User Consent Disable (enable remote switch) Intel® vPro™ Setup Configuration (remote) Set RFB Password Enable / disable user consent (requires MEBx setting) Enable / disable port 5900 Enable redirection listener Optional User Settings Consent Opt-Out (MEBx) Session Notifications (IMSS) Prior to KVM Remote Control use, several steps with some notable options are required. This occurs in conjunction with Intel® vPro™ Setup & Configuration.

8 Example KVM Remote Control Session
Console Initiates Session Intel® AMT Authentication Optional TLS Session Established VNC* Authentication User Consent Code Validation Session Established Session User Notification IMSS Icon Sprite Session Terminated Console terminates or… User terminates (IMSS or Physical Disconnect) KVM Passcode Connect Session Terminated Passcode Intel® vPro™ System Remote Console * Other names and brands may be claimed as the property of others.

9 Example User Consent Flow
User calls help-desk Help-desk connects to Intel® AMT ME Generates consent code Consent code displayed locally in sprite User reads consent code to help-desk Help-desk enters consent code KVM Remote Control session begins By default, the user must consent to each KVM Remote Control session. This may be disabled by: OEM During USB initiated setup User opts out through MEBx Optionally enabled / disabled remotely if allowed in MEBx

10 Wireless Connectivity
Host Wireless Driver Managing All Traffic Intel® AMT Session Established KVM Remote Control Session Begins ME Transitions to “Operational” State: Controls Wireless Connection ME Maintains Control of Wireless Connection During KVM Remote Control Session and Power Control KVM Remote Control Session Ends ME Transitions to “Pipe” State: Host Manages Wireless Connection (if available) Management traffic passes through the host wireless driver when operational. (“Pipe” mode) The management engine (ME) manages wireless connectivity when the host driver is absent. (“Operational” mode) Intel® AMT implements “link sensitive” behavior during some use-cases to avoid connectivity interruptions. Starting with Intel® AMT 6.0, you can control the link preference to fit your use-case through AMT_EthernetPortSettings.SetLinkPreference

11 Simple Connection Option
Console GUI Standard VNC or… ISV Console Intel® vPro™ Platform RFB port 5900

12 Enhanced Intel® AMT Connection
Console GUI ISV Console or… Integrated VNC* Viewer Viewer Library RFB API SDK Proxy Library Digest Authentication or… Kerberos TLS Intel® vPro™ Platform Intel® AMT ports 16994/16995 TLS * Other names and brands may be claimed as the property of others.

13 Protocols RealVNC* Remote Frame Buffer (RFB) Protocol (RFB 3.8) Supporting versions 3.8 and 4.x Uses port 5900 (default) Adds RFB password for port 5900 (VNC Authentication) KVM Remote Control Protocol Implemented as proxy Uses ports 16994/16995 Listens on port 5900 (default) Extends RFB capabilities Digest & Kerberos authentication TLS Encryption * Other names and brands may be claimed as the property of others.

14 Protocol & Viewer Options
Protocol Options Viewer Compatibility Remote Frame Buffer 3.8 Open source Remote Frame Buffer 4.x Improved performance No GPL code Enhanced error reporting Licensed separately by RealVNC* KVM Server 3rd Party Real VNC* Intel® vPro™ Viewer RealVNC 3.8 X RealVNC 4.x (Intel® SDK) RealVNC 4.x * Other names and brands may be claimed as the property of others. † Compatibility depends on 3rd party implementation.

15 SDK Components RealVNC* Viewer Library Customized for use with Intel® vPro™ Technology Binary only RFB 4.x C interface Integrated viewer Licensed separately by RealVNC KVM Proxy Library / Sample Source provided Listens for viewer Proxies RFB through Intel® AMT Redirection Protocol SOCKS proxy Viewer Sample Demonstrates custom viewer and proxy use Documentation The RealVNC viewer library is licensed by Intel from RealVNC and provided to ISV’s under the same conditions of the rest of the SDK. The viewer is provided as a binary only and cannot be modified. The integrated viewer in the library may be invoked if the ISV doesn’t want to write an viewer integrated in their console. The Viewer sample shows how to write a RFB viewer that may interact with the Intel KVM proxy. * Other names and brands may be claimed as the property of others.

16 Configuration (partial list)
MEBx (local configuration screens) Disable / enable KVM Remote Control (just like legacy redirection features) Disable / enable user consent requirements Intel® AMT (network interface) Disable / enable KVM Remote Control (if enabled in MEBx) Set RFB password Enable / disable port 5900 for legacy VNC connections Ports 16994/16995 available for Intel® AMT redirection connections Disable / enable user consent (if allowed by MEBx) User consent timeouts and session timeouts Intel® Management & Security Status Select sprite language Notification options Hot-key disconnect

17 Architecture Considerations
Integrated (SDK Sample) Console Console GUI VNC Library Central Server Intel® AMT Redirection Proxy TLS Distributed (Example #1) RFB Central Server Console Console GUI VNC Library Intel® AMT Redirection Proxy TLS Distributed (Example #2) Console Console GUI VNC Library Intel® AMT Redirection Proxy TLS

18 Discrete Graphics Considerations
KVM Session Supported Integrated Graphics Enabled / Selected Switchable Graphics: Boot Process Switchable Graphics: Integrated Selected by OS KVM Session Closed No Integrated Graphics / Discrete Only Integrated Graphics Disabled Switchable Graphics: Discrete Selected by OS KVM Requires Active, Integrated Graphics

19 Summary Keyboard, Video & Mouse (KVM) Remote Control Added in AT6 For New Use-Cases Basic Protocol is RealVNC* Remote Frame Buffer (RFB) 3.8 or 4.x Intel® KVM Remote Control Proxy Gives Greater Security * Other names and brands may be claimed as the property of others.

20

21 Backup

22 Remote KVM Protocols APF TLS RFB VNC* Library Intel® Redirection Proxy
Intel® Remote Connectivity Gateway Intel® vPro™ Platform APF TLS RFB * Other names and brands may be claimed as the property of others.

23 Access Monitor – KVM Related Events
KVM session start                 KVM session end      KVM enable  KVM disable RFB password failed X times  KVM user consent options changed   RFB password changed

24 Intel® Management and Security Status (IMSS) Enhancements
Display the enabled/disabled status of the KVM feature Indicate if there is an active KVM session Notify the user that a KVM session is starting Provide an option to stop the KVM session Select language for sprite messages

25 User Consent Switches Remote user consent control through API
OEM Setting: Allow Remote User Consent Control No Default Settings Remote user consent control through API IPS_KVMRedirectionSettingData -> OptInPolicy Must be allowed by firmware setting OEM sets the default OEM settings may be overridden by MEBx Yes MEBx Setting: Allow Remote User Consent Control No Yes AMT Admin: User Consent Setting User Consent Required Not Required KVM Session

26 KVM BIOS/FW Settings Matrix
KVM Enabled (Y/N) User Consent (On/Off) Remote Config of User Consent (On/Off) Manual Touch for IT (Yes/No) Yes On No Off On or Off Recommended OEM Settings Good for IT, no touch Bad for IT, requires touch


Download ppt "Intel® AMT Keyboard, Video & Mouse Remote Control"

Similar presentations


Ads by Google