Active Management Technology

Its main uses are to

• remotely startup (like wake-on-lan) and shutdown a typically desktop machine,
• gather some inventory data, like serial numbers of installed disks
• get a serial console useful for recovery that can work even if the host os network is misconfigured or crashed.
• Get a graphical remote framebuffer for graphical administration of the console

Its useful wherever possible that vlan is setup so other network requirements like internet access come in tagged, leaving only amt/pxe access detagged.

Especially, if a machine supports amt itself and is needed to administer other amt hosts, the other hosts could come in tagged.

Prepare amt

The system rom is generally needed to initially set the AMT password, and machine specific instructions for recovery if that password is not known. Some systems requre a mainboard jumper move to do that, but follow manufacturer instruction to avoid system damage. At this time AMT is set to get an DP address via DHCP, or statically The dhcp address can be fixed by mac address and ususally good to do that.

once amt is established, it puts a user interface at http://:16992, this is limited and wsl needs to be used to set some options.

Amt makes a virtual serial port available to the system, usually want to use it for recorvery console purposes.

Control amt

First, set some options. I need a working ip address of the amt, which DHCP or SLAAC assigned it or was set statically. The dhcp address can be fixed by mac address and ususally good to do that.

On remote system get the debian package wsl to configure it and amtterm to use the serial console.

1. echo WSNOSSL=true > ~/.wsl-config
2. echo USEWGET=true >> ~/.wsl-config
3. export WSENDPOINT='192.0.2.254:16992'
4. export WSPASS='admin'
5. export WSUSER='admin'

cd /tmp or somewhere like that recommended because wsl makes lots of request/response xml files that are usually not interesting after having finished.

Check connectivity, system state:

1. wsl id check

Some things that can be accessed, a bigger list available at intel, see the class reference.

The class had to be prefixed with an URI unless it is the CIM_ variation for which it was optional.

• wsl enum http://schemas.dmtf.org/wbem/wscim/1/cim-schema/2/CIM_Chassis
• wsl enum http://intel.com/wbem/wscim/1/amt-schema/1/AMT_AssetTable
• wsl enum http://intel.com/wbem/wscim/1/ips-schema/1/IPS_IPv6PortSettings

IPv6 address defaulted to random, prefer static ones, lets change it:

1. wsl set http://intel.com/wbem/wscim/1/ips-schema/1/IPS_IPv6PortSettings InterfaceIDType=1

Some issue in wsl...?

1. Namespace prefix c on SelectorSet is not defined

It needed xmlns:c in request-3.xml defining so add it to the <s:Envelope/> element...

1. <s:Envelope xmlns:c="http://schemas.dmtf.org/wbem/wsman/1/wsman.xsd"/>

Then resubmit with the wget command in the log.txt, it worked and the ipv6 address is now fixed.

If the baseboard has mac AC:DE:48:23:45:67 the system picks linklocal addresses like fe80::AEDE:48FF:FE23:4567 and the amt uses the linklocal address fe80::ACDE:4880:8623:4567

Lets enable remote framebuffer

1. wsl put http://intel.com/wbem/wscim/1/ips-schema/1/IPS_KVMRedirectionSettingData RFBPassword=${RFB_PASSWORD} Is5900PortEnabled=true OptInPolicy=false SessionTimeout=0
2. wsl invoke http://schemas.dmtf.org/wbem/wscim/1/cim-schema/2/CIM_KVMRedirectionSAP RequestStateChange RequestedState=2
3. wsl get http://intel.com/wbem/wscim/1/ips-schema/1/IPS_KVMRedirectionSettingData

Used vinagre to connect to the RFB port

• Revalidate
• Validate CSS
• Rest of site