Back Intel Active Management Technology German Intel Active Management Technology French IAMT Italian Tecnologia de Gerenciamento Ativo Portuguese Active Management Technology Russian Active Management Technology Ukrainian 英特尔主动管理技术 Chinese

Intel Active Management Technology

A part of the Intel AMT web management interface, accessible even when the computer is sleeping

Intel Active Management Technology (AMT) is hardware and firmware for remote out-of-band management of select business computers,[1][2] running on the Intel Management Engine, a microprocessor subsystem not exposed to the user, intended for monitoring, maintenance, updating, and repairing systems.[1] Out-of-band (OOB) or hardware-based management is different from software-based (or in-band) management and software management agents.[1]

Hardware-based management works at a different level from software applications and uses a communication channel (through the TCP/IP stack) that is different from software-based communication (which is through the software stack in the operating system). Hardware-based management does not depend on the presence of an OS or a locally installed management agent. Hardware-based management has been available on Intel/AMD-based computers in the past, but it has largely been limited to auto-configuration using DHCP or BOOTP for dynamic IP address allocation and diskless workstations, as well as wake-on-LAN (WOL) for remotely powering on systems.[3] AMT is not intended to be used by itself; it is intended to be used alongside a software management application.[1] It gives a management application (and thus, the system administrator who uses it) access to the PC down the wire, to remotely do tasks that are difficult or sometimes impossible when working on a PC that does not have remote functionalities built into it.[1][4][5]

AMT is designed into a service processor located on the motherboard and uses TLS-secured communication and strong encryption to provide additional security.[6] AMT is built into PCs with Intel vPro technology and is based on the Intel Management Engine (ME).[6] AMT has moved towards increasing support for DMTF Desktop and mobile Architecture for System Hardware (DASH) standards and AMT Release 5.1 and later releases are an implementation of DASH version 1.0/1.1 standards for out-of-band management.[7] AMT provides similar functionality to IPMI, although AMT is designed for client computing systems as compared with the typically server-based IPMI.

Currently, AMT is available in desktops, servers, ultrabooks, tablets, and laptops with Intel Core vPro processor family, including Intel Core i5, Core i7, Core i9, and Intel Xeon E3-1000, Xeon E, Xeon W-1000 product family.[1][8][9] AMT also requires an Intel networking card and the corporate version of the Intel Management Engine binary.[10]

Intel confirmed a Remote Elevation of Privilege bug (CVE-2017-5689, SA-00075) in its Management Technology on May 1, 2017.[11] Every Intel platform with either Intel Standard Manageability, Active Management Technology, or Small Business Technology, from Nehalem in 2008 to Kaby Lake in 2017 has a remotely exploitable security hole in the ME.[12][13] Some manufacturers, like Purism[14] and System76[15] are already selling hardware with Intel Management Engine disabled to prevent the remote exploit. Additional major security flaws in the ME affecting a very large number of computers incorporating Management Engine, Trusted Execution Engine, and Server Platform Services firmware, from Skylake in 2015 to Coffee Lake in 2017, were confirmed by Intel on November 20, 2017 (SA-00086).

  1. ^ a b c d e f "Intel Centrino 2 with vPro Technology and Intel Core2 Processor with vPro Technology" (PDF). Intel. 2008. Archived from the original (PDF) on December 6, 2008. Retrieved August 7, 2008.
  2. ^ "Intel vPro Chipset Lures MSPs, System Builders". ChannelWeb. Retrieved August 1, 2007.
  3. ^ "A new dawn for remote management? A first glimpse at Intel's vPro platform". ars technica. February 6, 2007. Retrieved November 7, 2007.
  4. ^ "Remote Pc Management with Intel's vPro". Tom's Hardware Guide. April 26, 2007. Retrieved November 21, 2007.
  5. ^ "Revisiting vPro for Corporate Purchases". Gartner. Archived from the original on July 23, 2008. Retrieved August 7, 2008.
  6. ^ a b "Architecture Guide: Intel Active Management Technology". Intel. June 26, 2008. Archived from the original on October 19, 2008. Retrieved August 12, 2008.
  7. ^ "Archived copy". Archived from the original on April 14, 2012. Retrieved April 30, 2012.{{cite web}}: CS1 maint: archived copy as title (link)
  8. ^ "Intel Centrino 2 with vPro Technology" (PDF). Intel. Archived from the original (PDF) on March 15, 2008. Retrieved July 15, 2008.
  9. ^ "Intel MSP". Msp.intel.com. Retrieved May 25, 2016.
  10. ^ Cite error: The named reference AMT_requirements was invoked but never defined (see the help page).
  11. ^ "Intel® Product Security Center". Security-center.intel.com. Retrieved May 7, 2017.
  12. ^ Charlie Demerjian (May 1, 2017). "Remote security exploit in all 2008+ Intel platforms". SemiAccurate. Retrieved September 6, 2024.
  13. ^ "Red alert! Intel patches remote execution hole that's been hidden in chips since 2010". Theregister.co.uk. Retrieved May 7, 2017.
  14. ^ HardOCP: Purism Is Offering Laptops with Intel's Management Engine Disabled
  15. ^ System76 to disable Intel Management Engine on its notebooks
From Wikipedia, the free encyclopedia · View on Wikipedia

Developed by Nelliwinne