KVM and Intel AMT

file:///C:/Users/KPD777/Desktop/Intel_AMT_8_SDK_Gold4197/Intel...

SDK Resources > KVM Application Developers Guide > KVM and Intel AMT
Collapse All

1 of 3

5/25/2012 8:41 PM

KVM and Intel AMT

file:///C:/Users/KPD777/Desktop/Intel_AMT_8_SDK_Gold4197/Intel...

KVM and Intel AMT

Starting with Release 6.0, Intel AMT adds remote KVM to the existing redirection features Serial Over LAN (SOL) and Redirected IDE (IDE-R). A Remote Console can open a session with an Intel AMT platform and control the platform using a mouse and keyboard and display at the console what is displayed on the local monitor. The KVM capability is enabled in the same way that SOL/IDE-R is enabled with network administration commands. KVM first must be enabled in the Intel Management Engine BIOS Extension (MEBx) and the listener enabled (as with SOL/IDE-R) before it can be enabled remotely. KVM is based on the RealVNC Limited* Remote Frame Buffer (RFB) protocol. In fact, off-the-shelf viewers based on the RFB protocol work in conjunction with Intel AMT without modification. The KVM feature supports gaming and signage platforms that have high-resolution graphics. Following are the screen resolutions with 16 bits of color depth for each Intel AMT release 1600x1200 for Intel AMT 6.0 excluding maintenance release 2 1920x 1080 for Intel AMT 6.0 maintenance release 2 and Intel AMT 6.1 1920x1200 for Intel AMT 7 and Intel ME8 The Intel AMT implementation includes an option in the MEBx for user opt-in: When a remote console initiates a KVM session, the local PC user must agree to allow remote KVM before the session can start. Note: In the context of KVM, the IT remote console has a KVM client operated by an IT operator. The platform containing Intel AMT contains a KVM server operated by a PC user.

Intel AMT KVM Features

This section describes the KVM features supported by different Intel AMT Releases.

From Intel AMT Release 6.0

These KVM features are supported from Intel AMT Release 6.0 and higher: KVM can be enabled or disabled remotely, unless KVM is disabled via the MEBx. Intel AMT can accept a KVM connection on the IANA-defined VNC port (5900) or on the Intel AMT redirection ports (16994/5). The connection on the 5900 port requires only the RFB password for authentication, while the redirection ports add the usual Intel AMT authentication mechanisms. The KVM server supports RFB versions 3.8 or before and version 4.0. RFB version 4.0 offers some performance, usability and extensibility enhancements. Intel AMT emulates a standard USB keyboard and mouse. Note that the local keyboard and mouse at the platform supporting Intel AMT are still active during a KVM session. When PC user opt-in is enabled, the firmware generates a sprite (a pop-up graphic displayed to the PC user directly, even if the graphics driver is disabled) with a one-time password (OTP) that the KVM client must send to complete establishment of a session. The PC user has to tell the IT operator what the password is, say, by telephone or text message. Note that any sprites displayed to the local operator are not echoed to the KVM client. The Intel AMT Access Monitor feature can record the following events in the Access Monitor Audit Log:

2 of 3

5/25/2012 8:41 PM

KVM and Intel AMT

file:///C:/Users/KPD777/Desktop/Intel_AMT_8_SDK_Gold4197/Intel...

Auditable KVM Events A KVM session started or ended KVM was enabled or disabled VNC password authentication failed three times in a row KVM Opt-in was enabled or disabled KVM password was changed KVM operator consent succeeded KVM operator consent failed three times in a row If there is no connection activity for a configurable pre-defined period (defined as no keyboard or mouse activity), the server at the PC will drop the connection. There can be only one RFB session per server (i.e. per Intel AMT-enabled PC) at a time. If there are three consecutive failed login attempts, the Intel AMT will delay subsequent attempts and log the occurrence.

From Intel AMT Release 7.0

Intel AMT Release 7.0 includes support for additional KVM features when using version 4.0 of the RFB protocol. Support for these features is built into the Virtual Network Computing (VNC) Server component embedded in the Intel AMT device: Scancode Extension The VNC Server accepts key events sent in a USB key code format. Relative Pointer Motion The VNC Server can accept both x and y co-ordinates as relative motion values.

From Intel AMT Release 8.0

Starting with Intel AMT 8.0, the KVM Library can request information from the host operating system driver and then rotate the display without operator intervention. Starting with Intel AMT 8.0, Intel AMT supports platforms with up to three displays.

Copyright 2006-2012, Intel Corporation. All rights reserved.

3 of 3

5/25/2012 8:41 PM

file:///C:/Users/KPD777/Desktop/Intel_AMT_8_SDK_Gold4197/Intel...

About Intel AMT Intel AMT High Level API Using the Intel AMT SDK SDK Resources KVM Application Developers Guide Redirection Library C++ CIM Framework API C# CIM Framework API Overview Enabling the Development Environment Strongly Typed and Untyped Strong Typing Example "Not Typed" Example C# CimFramework Classes CimBase CimObject Other Classes Exceptions Representative Exceptions Intel vPro Scripting Library WS-Management Clients Supporting C# and C++ Development Intel ME WMI Provider Intel vPro Gateway (MPS) Posture Validation (NAC) System Health Validation (NAP) Remote Encryption Management User Consent Tool Intel AMT Features Setup and Configuration of Intel AMT WS-Management Glossary of Terms Legal Information Intel AMT SDK License Third Party Software Licenses

1 of 1

5/25/2012 8:46 PM

Intel(R) AMT SDK Implementation and Reference Guide

file:///C:/Users/KPD777/Desktop/Intel_AMT_8_SDK_Gold4197/Intel...

SDK Resources > C# CIM Framework API > C# CimFramework Classes > CimBase
About Intel AMT Intel AMT High Level API Using the Intel AMT SDK SDK Resources The CimBase class is an abstract class inherited by all generated classes. Its KVM Application Developers Guide functions invoke methods in the CimObject class. Basic WS-Management functions Redirection Library (Create, Get, Put, Enumerate, and Delete) are ultimately performed by the C++ CIM Framework API WS-Management transport layer, as wrapped by the DotNetWsmanClient class. C# CIM Framework API Overview Enabling the Development Environment Strongly Typed and Untyped Strong Typing Example Function Description "Not Typed" Example bool C# CimFramework Classes Check if the object contains the field with the ContainsField(string CimBase given name. name) CimObject Other Classes void RemoveField(string Delete a field with the given name if the field Exceptions name) exists. If the field does not exist, do nothing. Representative Exceptions Intel vPro Scripting Library Check if a given CIM Field is designated as a WS-Management Clients Supporting C# and bool IsKey(string name) key field. Intel ME WMI Provider Intel vPro Gateway (MPS) bool IsRequired(string Check if a given CIM Field is designated as a Posture Validation (NAC) name) required field. System Health Validation (NAP) Remote Encryption Management Create an object in an Intel AMT device via a CimReference Create() User Consent Tool WS-Management Create. Intel AMT Features Setup and Configuration of Intel AMT string Serialize() Serialize a CIM instance To XML. WS-Management void Deserialize(string Glossary of Terms Deserialize a CIM instance from XML. xml) Legal Information Intel AMT SDK License void Get(CimReference Get an instance of a known CIM Class, using a Third Party Software Licenses

CimBase

Public Member Functions

reference)

CIM reference via a WS-Management Get.

void Get(CimBase.CimKeys keys)

Get an instance of a known CIM Class using the values of the key field or fields via a WS-Management Get. Get an instance of a known CIM Class via a WS-Management Get. Send an object to an Intel AMT device via a WS-Management Put. Delete an object in an Intel AMT device via a WS-Management Delete (delete the calling object).

void Get()

void Put()

void Delete()

Static Public Member Functions

1 of 1 5/25/2012 8:46 PM

Intel(R) AMT SDK Implementation and Reference Guide

file:///C:/Users/KPD777/Desktop/Intel_AMT_8_SDK_Gold4197/Intel...

SDK Resources > C# CIM Framework API > C# CimFramework Classes > CimObject
About Intel AMT Intel AMT High Level API Using the Intel AMT SDK SDK Resources The CimObject class builds the CIM object that will be sent to the Intel AMT KVM Application Developers Guide device embedded in a WS-Management structure. It also extracts elements from Redirection Library the object. CimObject deals with field names in string format and does not validate C++ CIM Framework API that the fields exist in the object. An application that works with CimObject directly C# CIM Framework API is using the untyped mechanism. CimBase translates its requests into invocations Overview of CimObject. Enabling the Development Environment Strongly Typed and Untyped Strong Typing Example "Not Typed" Example C# CimFramework Classes Function Description CimBase CimObject CimObject(string className, string Constructor for the Other Classes nameSpace, IWSManClient client) CimObject class. Exceptions Representative Exceptions CimObject(string className, string Constructor for the Intel vPro Scripting Library nameSpace) CimObject class. WS-Management Clients Supporting C# and Intel ME WMI Provider CimObject (CimObject other) Copy constructor. Intel vPro Gateway (MPS) void AddField(string name, string value) Posture Validation (NAC) Add a new CIM object System Health Validation (NAP) field. Remote Encryption Management void AddField(KeyValuePair< string, string Add a new CIM object User Consent Tool > item) Intel AMT Features field. Setup and Configuration of Intel AMT void AddField(KeyValuePair< string, Add a new CIM object WS-Management string[]> item) field. Glossary of Terms Legal Information void SetField(string name, string value) Set a CIM object field Intel AMT SDK License with a value. Third Party Software Licenses

CimObject

Public Member Functions

override void SetOrAddField(string name, string value) void Copy(CimObject other) void Get() void Get(CimObject.CimKeys keys) void Get(CimReference epr) void Delete(CimObject.CimKeys keys)

Set or add a CIM object field value. Copy Constructor. Get a CIM object. Get a CIM Object. Get a CIM Object. Delete a CIM object from the Intel AMT device. Update a CIM object in the Intel AMT device. Create a CIM object in the Intel AMT
5/25/2012 8:46 PM

void Put(CimObject.CimKeys keys)

CimReference Create()

1 of 1

Intel(R) AMT SDK Implementation and Reference Guide

file:///C:/Users/KPD777/Desktop/Intel_AMT_8_SDK_Gold4197/Intel...

SDK Resources > C# CIM Framework API > C# CimFramework Classes > Other Classes
About Intel AMT Intel AMT High Level API Using the Intel AMT SDK SDK Resources KVM Application Developers Guide CimObjectData is an abstract class that stores all the fields in the object Redirection Library alphabetically. C++ CIM Framework API C# CIM Framework API Overview Enabling the Development Environment Strongly Typed and Untyped CimData contains an internal representation of the full CIM object. Strong Typing Example "Not Typed" Example C# CimFramework Classes CimBase This class is an interface that defines the CIM data methods. CimObject Other Classes Exceptions Representative Exceptions This class parses date-time values. Intel vPro Scripting Library WS-Management Clients Supporting C# and Intel ME WMI Provider Intel vPro Gateway (MPS) This class determines whether a field has a Key or Required attribute. Posture Validation (NAC) System Health Validation (NAP) Remote Encryption Management User Consent Tool This class performs typetostring and stringtotype conversions. Intel AMT Features Setup and Configuration of Intel AMT Copyright 2006-2012, Intel Corporation. All rights reserved. WS-Management Glossary of Terms Legal Information Intel AMT SDK License Third Party Software Licenses

Other Classes

CimObjectData

CimData

ICimData

CimDateTime

CimFieldAttribute CimTypesUtils

1 of 1

5/25/2012 8:46 PM

Intel(R) AMT SDK Implementation and Reference Guide

file:///C:/Users/KPD777/Desktop/Intel_AMT_8_SDK_Gold4197/Intel...

SDK Resources > C# CIM Framework API > Exceptions

About Intel AMT Intel AMT High Level API Using the Intel AMT SDK SDK Resources The C# CimFramework detects a number of errors. This is especially important KVM Application Developers Guide when the framework is used for untyped applications as there are more Redirection Library C++ CIM Framework API possibilities for runtime errors. The framework has three exception classes. C# CIM Framework API Overview Enabling the Development Environment Strongly Typed and Untyped For C# implementations, this class inherits from Exception. If this exception occurs, Strong Typing Example it is due to a logical error in the framework usage. "Not Typed" Example C# CimFramework Classes Exceptions Representative Exceptions This class inherits from CimException. This exception is thrown when there is an Intel vPro Scripting Library attempt to WS-Management Clients Supporting C# and access a non-existent property in an object. Intel ME WMI Provider Intel vPro Gateway (MPS) Posture Validation (NAC) For C# implementations, this class inherits from WebException. This exception System Health Validation (NAP) Remote Encryption Management represents a WS-Management error, and contains the WS-Management fault information. User Consent Tool Intel AMT Features Setup and Configuration of Intel AMT These exceptions, along with others that are defined in the C# standard library, WS-Management are thrown whenever an error occurs. Glossary of Terms Legal Information Intel AMT SDK License Copyright 2006-2012, Intel Corporation. All rights reserved. Third Party Software Licenses

Exceptions

CimException

CimPropertyException

WSManException

1 of 1

5/25/2012 8:46 PM

Intel(R) AMT SDK Implementation and Reference Guide

file:///C:/Users/KPD777/Desktop/Intel_AMT_8_SDK_Gold4197/Intel...

SDK Resources > C# CIM Framework API > Representative Exceptions

About Intel AMT Intel AMT High Level API Using the Intel AMT SDK SDK Resources The following table describes the exceptions that can occur. KVM Application Developers Guide Redirection Library Exception Thrown Description Details C++ CIM Framework API C# CIM Framework API When attempting to add a field to Overview a CIM object, either when using Enabling the Development Environment Attempting to Strongly Typed and Untyped the untyped interface, or when add a NULL value Strong Typing Example adding an optional field to a field to a CIM "Not Typed" Example strongly typed object, the C# CimFramework Classes object framework throws an exception if Exceptions the value of the field is NULL. Representative Exceptions Intel vPro Scripting Library Attempting to set When attempting to set the value WS-Management Clients Supporting C# and the value of a of a field in a CIM object the Intel ME WMI Provider Intel vPro Gateway (MPS) field in a CIM framework throws an exception if Posture Validation (NAC) object to NULL the value is NULL. System Health Validation (NAP) When attempting an Enumerate or Remote Encryption Management Delete network call, if the provider User Consent Tool Attempting a Intel AMT Features parameter is NULL, the framework network call Setup and Configuration of Intel AMT throws an exception. This can without a valid WS-Management occur using strong typing, or using provider Glossary of Terms the untyped interface with static Legal Information parameter calls (such as Enumerate or static Intel AMT SDK License Third Party Software Licenses Delete).

Representative Exceptions

ArgumentNullException Attempting a network call without valid selectors

When attempting a network call such as Get, Put, Enumerate, Delete, or Invoke, when calling the version of the method that requires selectors, if the selectors parameter is NULL, the framework throws an exception. This can occur using either strong typing or the untyped interface. When attempting a Get or Delete network call, when calling the version of the method that requires an EPR, if the EPR parameter is NULL, the framework throws an exception. This can occur using either strong typing or the untyped interface. When attempting to call Invoke

Attempting a network call without a valid EPR

Attempting an

1 of 1

5/25/2012 8:46 PM

Use Cases

file:///C:/Users/KPD777/Desktop/Intel_AMT_8_SDK_Gold4197/Intel...

Intel AMT Features > Access Monitor > Use Cases

1 of 2

5/25/2012 8:48 PM

Use Cases

file:///C:/Users/KPD777/Desktop/Intel_AMT_8_SDK_Gold4197/Intel...

Use Cases
The following table describes the main use cases of the Access Monitor feature. Starting in Release 8.0, if there is no user with Audit Log Realm privileges, any user with Administration Realm privileges can perform any of these use cases. Use Case Supported Intel AMT Releases 4.0 and later 4.0 and later 4.0 and later 4.0 and later 5.1 and later 4.0 and later 4.0 and later 4.0 and later 4.0 and later 4.0 and later Required Security Realms (ADMIN_SECURITY_...) AUDIT_LOG_REALM AUDIT_LOG_REALM
AUDIT_LOG_REALM AUDIT_LOG_REALM AUDIT_LOG_REALM AUDIT_LOG_REALM AUDIT_LOG_REALM AUDIT_LOG_REALM AUDIT_LOG_REALM AUDIT_LOG_REALM

Set the Signing Key Material Enable and Disable Auditing Enable and Disable Auditing of Events View the Audit Policy Details Set the Audit Storage Policy Lock and Unlock the Audit Log Get the Audit Log State Export the Audit Log Signature Read the Audit Log Clear the Audit Log

See Also:
Table mapping classes and methods to realms

Copyright 2006-2012, Intel Corporation. All rights reserved.

2 of 2

5/25/2012 8:48 PM