IT Project Planning Guide for

Intel® Active Management

Technology Deployment

Version 1.0
April 2012
Notices and Disclaimers
Copyright © 2012 Intel Corporation. All rights reserved.
Intel, the Intel logo, Intel® vPro™ are trademarks of Intel Corporation in the U.S. and/or other countries.
*Other names and brands may be claimed as the property of others.
INFORMATION IN THIS DOCUMENT IS PROVIDED IN CONNECTION WITH INTEL PRODUCTS. NO LICENSE,
EXPRESS OR IMPLIED, BY ESTOPPEL OR OTHERWISE, TO ANY INTELLECTUAL PROPERTY RIGHTS IS
GRANTED BY THIS DOCUMENT. EXCEPT AS PROVIDED IN INTEL'S TERMS AND CONDITIONS OF SALE FOR
SUCH PRODUCTS, INTEL ASSUMES NO LIABILITY WHATSOEVER AND INTEL DISCLAIMS ANY EXPRESS OR
IMPLIED WARRANTY, RELATING TO SALE AND/OR USE OF INTEL PRODUCTS INCLUDING LIABILITY OR
WARRANTIES RELATING TO FITNESS FOR A PARTICULAR PURPOSE, MERCHANTABILITY, OR INFRINGEMENT
OF ANY PATENT, COPYRIGHT OR OTHER INTELLECTUAL PROPERTY RIGHT.
A "Mission Critical Application" is any application in which failure of the Intel Product could result, directly or
indirectly, in personal injury or death. SHOULD YOU PURCHASE OR USE INTEL'S PRODUCTS FOR ANY SUCH
MISSION CRITICAL APPLICATION, YOU SHALL INDEMNIFY AND HOLD INTEL AND ITS SUBSIDIARIES,
SUBCONTRACTORS AND AFFILIATES, AND THE DIRECTORS, OFFICERS, AND EMPLOYEES OF EACH,
HARMLESS AGAINST ALL CLAIMS COSTS, DAMAGES, AND EXPENSES AND REASONABLE ATTORNEYS' FEES
ARISING OUT OF, DIRECTLY OR INDIRECTLY, ANY CLAIM OF PRODUCT LIABILITY, PERSONAL INJURY, OR
DEATH ARISING IN ANY WAY OUT OF SUCH MISSION CRITICAL APPLICATION, WHETHER OR NOT INTEL OR
ITS SUBCONTRACTOR WAS NEGLIGENT IN THE DESIGN, MANUFACTURE, OR WARNING OF THE INTEL
PRODUCT OR ANY OF ITS PARTS.
Intel may make changes to specifications and product descriptions at any time, without notice. Designers
must not rely on the absence or characteristics of any features or instructions marked "reserved" or
"undefined". Intel reserves these for future definition and shall have no responsibility whatsoever for
conflicts or incompatibilities arising from future changes to them. The information here is subject to change
without notice. Do not finalize a design with this information.

The products described in this document may contain design defects or errors known as errata which may
cause the product to deviate from published specifications. Current characterized errata are available on
request.

Contact your local Intel sales office or your distributor to obtain the latest specifications and before placing
your product order.

Copies of documents which have an order number and are referenced in this document, or other Intel
literature, may be obtained by calling 1-800-548-4725, or go to:
http://www.intel.com/design/literature.htm
Intel® vPro™ Technology
Intel® vPro™ Technology is sophisticated and requires setup and activation. Availability of features and
results will depend upon the setup and configuration of your hardware, software and IT environment. To
learn more visit: http://www.intel.com/technology/vpro.
Intel® Active Management Technology (Intel® AMT)
Requires activation and a system with a corporate network connection, an Intel® AMT-enabled chipset,
network hardware and software. For notebooks, Intel AMT may be unavailable or limited over a host OS-
based VPN, when connecting wirelessly, on battery power, sleeping, hibernating or powered off. Results
dependent upon hardware, setup and configuration. For more information, visit
http://www.intel.com/technology/platform-technology/intel-amt.
KVM
KVM Remote Control (Keyboard, Video, Mouse) is only available with Inte® Core™ i5 vPro and Core™ i7
vPro processors with Intel® Active Management technology activated and configured and with integrated
graphics active. Discrete graphics are not supported.

ii
Contents
1 Introduction ..................................................................................1
1.1 Why Create an IT Plan? .................................................................................... 1
1.2 Resources ....................................................................................................... 1

2 IT Project Plan Outline ..................................................................3

3 Task Descriptions ..........................................................................5
3.1 Analysis or Exploration (Phase 1)....................................................................... 5
3.1.1 Evaluate Intel® AMT Features and Capabilities ..................................... 5
3.1.2 Evaluate Intel® AMT Use Cases.......................................................... 5
3.1.3 Evaluate Intel® AMT-compatible Management Software ........................ 6
3.1.3.1 Review Intel® Core™ vPro™ Technology Software Catalog ............ 6
3.1.3.2 Review Specific Third-Party Software Packages ............................. 7
3.1.4 Evaluate Intel® AMT Tools and Solutions............................................. 7
3.1.4.1 Download and Evaluate Intel® Setup and Configuration Service ..... 8
3.1.4.2 Download and Evaluate Intel® Solution Reference Designs ............ 8
3.1.4.3 Download and Evaluate Intel® vPro™ Technology Module for
Microsoft* Windows* PowerShell* ...................................................... 9
3.1.4.4 Download and Evaluate Other Intel® Tools .................................. 9
3.1.5 Perform Return on Investment (ROI) Analysis ...................................... 9
3.2 Design or Planning Phase................................................................................ 10
3.2.1 Collect an Inventory of Intel® AMT Capable Systems .......................... 10
3.2.2 Collect Existing Network Infrastructure Information ............................ 10
3.2.3 Select Intel® AMT Use Cases ........................................................... 11
3.2.4 Select Management Software ........................................................... 11
3.2.5 Establish Intel® AMT Test Lab .......................................................... 11
3.2.5.1 Create a Lab Environment ........................................................ 12
3.2.5.2 Run a Proof of Concept Test in a Lab Environment ...................... 12
3.3 Deployment Phase ......................................................................................... 12
3.3.1 Modify the Network Infrastructure .................................................... 12
3.3.1.1 Set DHCP Option 15 ................................................................ 13
3.3.1.2 Open TCP Ports in Firewall........................................................ 13
3.3.1.3 Create User Accounts and Groups ............................................. 14
3.3.1.4 Modify Microsoft* Active Directory ............................................. 14
3.3.2 Update BIOS, Firmware, and Drivers on Intel® AMT Computers ........... 14
3.3.2.1 Update System BIOS ............................................................... 15
3.3.2.2 Update Intel® Management Engine Firmware ............................. 15
3.3.2.3 Update Intel® Management Engine Driver Package ..................... 16
3.3.3 Pilot the Deployment ....................................................................... 17
3.3.3.1 Configure the Management Software ......................................... 17
3.3.3.2 Install Intel® SCS in the Production Environment ....................... 17
3.3.3.3 Install and Configure Third Party Management Software .............. 18
3.3.3.4 Setup and Configure the Intel® AMT Clients ............................... 20
3.3.4 Setup and Configure Intel® AMT in the Entire Enterprise ..................... 22
3.3.4.1 Select Intel® AMT setup and configuration method ..................... 22
3.3.4.2 Create or Update Intel® AMT Profile Settings ............................. 22
3.3.4.3 Setup and Configure Intel® AMT Clients .................................... 22
3.3.5 Deploy Intel® AMT Use Cases to IT Help Desk ................................... 23
3.3.5.1 Add Intel® AMT Use Case to IT Help Desk ................................. 23
3.3.5.2 Perform Acceptance Testing to Verify Intel® AMT Use Cases ........ 23
3.4 Post Deployment Stabilization Phase ................................................................ 24

iii
 3.4.1 Troubleshoot and Resolve Post Deployment Issues ............................. 24
3.4.2 Plan for Maintenance Tasks .............................................................. 24

4 What’s Next? ...............................................................................25

5 Work Aids for Planning and Analysis ...........................................26
5.1 Checklist of Intel® AMT Features and Capabilities.............................................. 26
5.2 Checklist of Intel® AMT Use Cases .................................................................. 27
5.3 Checklist of Management Software Supporting Intel® AMT ................................. 27
5.4 Checklist of Intel® Use Case Reference Designs and Intel® Solution Reference
Designs for Intel® AMT .................................................................................. 28
5.5 Checklist of Cmdlets in Intel® vPro™ Technology Module for Microsoft* Windows*
PowerShell* .................................................................................................. 29

6 Resources ....................................................................................30
7 Glossary of Terms........................................................................31

iv
1 Introduction
This planning guide will help IT project managers create a project schedule for the
deployment of Intel® Active Management Technology (Intel® AMT). Intel AMT is a
technology included in every Intel® vPro™ Technology Brand certified PC. Intel AMT
is used by IT departments to remotely manage and repair PCs.
A successful IT deployment of Intel AMT in an enterprise-scale organization will require
some thoughtful planning. This guide will help IT project managers organize a project
plan. Small and medium businesses can also modify the template to fit their needs.
This guide will help you identify what needs to be done (the tasks) and provides some
recommendations based on the experiences of Intel field engineers. It will not tell you
how to do the tasks or how long each task will take—that depends on your unique
situation.
Each task is described in enough detail for you to assign the task to a project team
member. The Project Team Resources are listed in several generic job titles. You can
adapt the template to fit your available resources.
Not all tasks are listed in the proposed template. We omitted the tasks that are
common to almost every IT plan such as “Assemble the project team”, “Review plan
with stakeholders”, “Integrate with IT Help Desk”, and “Readiness checkpoint
milestone”. You will need to add the tasks that your IT organization requires.
The following table shows the outline of the IT project plan. The sections following the
table describe each task.

1.1 Why Create an IT Plan?

A measured, methodical planning approach will reduce the time it takes to deploy Intel
AMT, reduce the cost, and will generally result in a smoother deployment. Your plan
should encompass all aspects of the deployment, not just the setup and configuration
of the Intel AMT clients. We recommend that you consider the following elements:
• Hardware deployment of Intel AMT capable clients and servers
• Supporting infrastructure
• IT process updates, including the PC refresh process
• A feedback loop from your customers

1.2 Resources
In general, most Intel AMT deployment projects will need three types of resources:
• IT Project Manager
• IT Architect or Planner
• IT Technician
The number of each resource depends on the scope of your project.
Some organizations might also need some specialists:
• Microsoft Active Directory Specialist
• User Account Specialist
• Network Security and Certificates Specialist
• Network infrastructure (DNS, DHCP, 802.1X, Wireless 802.11) Specialist
1
 • Help Desk Software Specialist
• Process Documentation Writer

2
2 IT Project Plan Outline
This section shows the general task outline for deploying Intel AMT in an enterprise
environment. The plan starts with an analysis of the capabilities of Intel AMT and then
progresses to the point where all the PCs are configured for the Intel AMT features
targeted by the plan. Intel AMT is flexible—you can enable a basic set of features
during the initial deployment and later go back and turn on additional features.

WBS Task Name Notes

1 ANALYSIS OR EXPLORATION PHASE
1.1 Evaluate Intel® AMT Features and Capabilities Recommended
1.2 Evaluate Intel® AMT Use Cases Recommended
Evaluate Intel® AMT-compatible Management
1.3 Recommended
Software
Review Intel® Core™ vPro™ Technology
1.3.1 Recommended
Software Catalog
1.3.2 Review specific third-party software packages Optional
1.4 Evaluate Intel® AMT Tools and Solutions Recommended
1.4.1 Download and evaluate Intel® SCS Recommended
Download and evaluate Intel® Solution
1.4.2 Optional
Reference Designs
Download and evaluate Intel® vPro™
1.4.3 Technology Module for Microsoft* Windows* Optional
PowerShell*
1.4.4 Download and evaluate other Intel® tools Optional
1.5 Perform Return on Investment (ROI) Analysis Optional
2 DESIGN OR PLANNING PHASE
2.1 Collect inventory of Intel® AMT capable systems Important
2.2 Collect Existing Network Infrastructure information Recommended
2.3 Select Intel® AMT Use Cases Recommended
2.4 Select Management Software Important
2.5 Establish Intel® AMT Test Lab
2.5.1 Create a lab environment Recommended
Run a Proof of Concept Test in a lab
2.5.2 Recommended
environment
3 DEPLOYMENT PHASE
3.1 Modify the Network Infrastructure Important
3.1.1 DHCP Option 15 Important
3.1.2 Open ports in Firewall Important
3.1.3 Create User Accounts and Groups Important
3.1.4 Modify Microsoft* Active Directory Important
Update BIOS, firmware, and drivers on Intel®
3.2 Recommended
AMT computers
3.2.1 Update System BIOS Recommended
3.2.2 Update Intel® ME Firmware Important

3
WBS Task Name Notes
Update Intel® ME Driver Package (MEI, LNS,
3.2.3 Recommended
SOL drivers)
3.3 Run a Pilot Deployment Recommended
3.3.1 Configure the Management Software Recommended
Install Intel® SCS in Production
3.3.1.1 Recommended
Environment
Verify correct versions of Windows and
3.3.1.1.1 Recommended
.NET Framework
3.3.1.1.2 Install SCS components Recommended
Install and configure third party
3.3.1.2 Recommended
management software
Install updates or OOB
3.3.1.2.1 extensions to existing Important
management software
Install RealVNC viewer for
3.3.1.2.2 Optional
KVM Remote Control
Install Intel® vPro Enabled
3.3.1.2.3 Optional
Gateway for Fast Call for Help
Purchase and install
3.3.1.3 Certificates for Setup and Optional
Configuration with TLS
Setup and Configure the Intel® AMT
3.3.2 Recommended
clients for the pilot
Select Intel® AMT setup and
3.3.2.1 Recommended
configuration method
3.3.2.2 Create Intel® AMT Profile Settings Recommended
3.3.2.3 Setup and configure systems Recommended
Incremental Deployment of Intel® AMT to the
3.4 Important
entire enterprise
Select final Intel® AMT setup and configuration
3.4.1 Important
method
3.4.2 Modify or Create Intel® AMT Profile Settings Important
Setup and Configure the remaining Intel® AMT
3.4.3 Important
clients
Incremental Deployment of Intel® AMT Use
3.5 Recommended
Cases to IT Help Desk
3.5.1 Add first Intel® AMT Use Case to IT Help Desk Recommended
Repeat: Add next Intel® AMT Use Case to IT
3.5.2 Recommended
Help Desk
POST DEPLOYMENT OR STABALIZATION
4
PHASE
4.1 Troubleshoot and resolve post deployment issues Recommended
4.2 Plan for Maintenance Tasks Recommended

4
3 Task Descriptions

3.1 Analysis or Exploration (Phase 1)

Intel® vPro™ Technology PCs, Workstations, and Servers include Intel® Active
Management Technology (Intel® AMT). Intel AMT provides remote manageability and
security features to the other Intel vPro Technology features such as Intel Anit-Theft
Technology and Intel Virtualization Technology. The first phase of the deployment of
Intel AMT in an enterprise IT environment is an analysis of your IT requirements and
an exploration of how Intel AMT can solve your IT problems.

3.1.1 Evaluate Intel® AMT Features and Capabilities

WBS 1.1
Notes: Recommended
Task Description: Evaluate Intel® AMT Features and Capabilities
Resource Name: IT Architect
For More Information: http://www.intel.com/vpro
Recommendations: Create a matrix showing the “pain points” for your IT Help
desk and the Intel AMT features and capabilities.
Evaluate Intel AMT to see how it can solve your problems
or add new capabilities.
Notes:
Refer to: 5.1 Checklist of Intel® AMT Features and Capabilities

3.1.2 Evaluate Intel® AMT Use Cases

WBS 1.2
Notes: Recommended
Task Description: Evaluate Intel® AMT use cases to determine which ones
best fit the needs of your IT department and users
Resource Name: IT Architect
For More Information: http://www.intel.com/vPro
Recommendations: Choose a few key use cases that have the highest ROI for
your IT department. Focus the deployment on these key
use cases. Do not attempt to roll-out all the uses cases at
one time across a large enterprise.
Notes:
Refer to: 5.2 Checklist of Intel® AMT Use Cases

5
3.1.3 Evaluate Intel® AMT-compatible Management Software
WBS 1.3
Notes: Recommended
Task Description: Evaluate Intel® AMT-compatible Management Software
Resource Name: IT Architect
For More Information: See: Intel® Core™ vPro™ Processor Family Software
Catalog (link)
Recommendations: Select the use case first, then the management software
solution. Examine the use cases supported by your
existing management software first.
Notes:
1. Multiple management software solutions may be used together.
2. Only management software is shown in the catalog. Intel Setup and Configuration
Service and other Intel tools are not listed. The Intel tools are most often used in
a lab environment to demonstrate the capabilities of Intel AMT or to debug a lab
setup. The Intel SCS software is used to initially setup and configure the Intel AMT
clients and then to perform updates and maintenance.
3. Tools such as Microsoft* PowerShell scripts and Real VNC* Viewer Plus may be
used with various management consoles to implement various use cases.

3.1.3.1 Review Intel® Core™ vPro™ Technology Software Catalog

WBS 1.3.1
Notes: Recommended
Task Description: Review Intel® Core™ vPro™ Technology Software Catalog
Resource Name: IT Architect
For More Information: See: Intel® Core™ vPro™ Processor Family Software
Catalog (link)
Recommendations: Start with the software packages that are already
deployed in your organization and see which Intel AMT
features the packages support.
Notes:
(None)

6
3.1.3.2 Review Specific Third-Party Software Packages
WBS 1.3.2
Notes: Optional
Task Description: Choose one or more specific third-party software
packages to evaluate. The packages should support the
Intel AMT use cases that you are interested in. Review
the packages in depth.
Resource Name: IT Architect
For More Information: Refer to the third-party software documentation.
Recommendations: Consider combinations of more than one package (for
example, Intel SCS with McAfee ePO).
Notes:
1. You may already be using a management software package that supports Intel
AMT. Some software packages require optional modules to support OOB
management.
2. If you are also going to use Intel SCS, include “Integration with Intel SCS” as
one of your evaluation criteria.
3. Some third party management solutions have integrated setup and
configuration solutions (HP and Symantec), or have integrated Intel SCS
(Microsoft ConfigMgr, LANDesk, McAfee). You do not need to download Intel
SCS separately for these products.
4. Automated integration tools may be available from Intel vPro Expert Center to
help with Intel SCS with Microsoft ConfigMgr 2007.

3.1.4 Evaluate Intel® AMT Tools and Solutions

WBS 1.4
Notes: Recommended
Task Description: Evaluate Intel® AMT Tools and Solutions
Resource Name: IT Architect
For More Information: Intel vPro Expert Center
Recommendations: Take advantage of the prepackaged solutions created by
the experts in Intel AMT.
Notes:
1. The Intel vPro Technology Resource Kit (available in Q2) includes all the Intel
AMT tools typically needed by IT professionals. The kit downloader is available
at download.intel.com.
2. Additional tools are available for management software developers at
software.intel.com.

7
3.1.4.1 Download and Evaluate Intel® Setup and Configuration Service
WBS 1.4.1
Notes: Recommended
Task Description: Download and Evaluate Intel® Setup and Configuration
Service
Resource Name: IT Architect
For More Information: Intel SCS Help and Documentation
Recommendations: Intel recommends using Intel SCS for setup and
configuration of Intel AMT systems.
Download Intel SCS here: link.
Notes:
1. Intel Setup and Configuration Service is now a supported Intel software
product. See the Intel SCS support page for information on your support
options (link).
2. Intel SCS is only used to setup and configure Intel AMT systems—it is not a
management console. You must use management software (e.g. a
management console or Microsoft* PowerShell module) to take full advantage
of the Intel AMT features in a large enterprise IT environment.

3.1.4.2 Download and Evaluate Intel® Solution Reference Designs

WBS 1.4.2
Notes: Optional
Task Description: Download and Evaluate Intel® Solution Reference Designs
Resource Name: IT Solutions Architect
For More Information: Intel vPro Expert Center
Recommendations: Incorporate Intel solution reference designs into your IT
Help desk if they are a good fit for your application.
Download the Intel Solution Reference Designs here: link.
Notes:
1. The use case or solution reference designs created by Intel provide IT professionals
with detailed step-by-step instructions for solving real problems in their
environments by leveraging Intel vPro technology.
2. Many of the use case reference designs include videos that demonstrate how they
work. The code samples are included in the download packages and are all royalty
free.

8
3.1.4.3 Download and Evaluate Intel® vPro™ Technology Module for Microsoft*
Windows* PowerShell*
WBS 1.4.3
Notes: Optional
Task Description: Download and Evaluate Intel® vPro™ Technology Module
for Microsoft* Windows* PowerShell*
Resource Name: IT Architect, IT Technician
For More Information: Microsoft* PowerShell* documentation; Intel® vPro™
Technology Module for Microsoft* Windows* PowerShell*
documentation
Recommendations:
Download the Intel® vPro™ Technology Module for Microsoft* Windows*
PowerShell*here: link.
Notes:
(None)

3.1.4.4 Download and Evaluate Other Intel® Tools

WBS 1.4.4
Notes: Optional
Task Description: Download and Evaluate Other Intel® Tools
Resource Name: IT Technician
For More Information: See: Intel vPro Technology Resource Kit
Recommendations:
Notes:
1. See also the tools for manageability software developers. These might be useful
for custom solutions.

3.1.5 Perform Return on Investment (ROI) Analysis

WBS 1.5
Notes: Optional
Task Description: Perform Return on Investment (ROI) Analysis
Resource Name: Project Management; IT Help Desk Architect
For More Information: ROI tools and case studies on the Intel vPro Expert Center
Recommendations: Collect baseline information before the deployment to
measure how Intel AMT has helped your organization
reduce costs and increase responsiveness.
Notes:
1. Identify the highest priority use cases for your organization and then perform an
ROI analysis based on that scenario.
2. The Intel vPro Expert Center has about three dozen ROI case studies plus tools you
can use to perform the ROI analysis.

9
3.2 Design or Planning Phase
After you have evaluated Intel AMT and the available tools to remotely manage PCs,
you are now ready to start planning the deployment.

3.2.1 Collect an Inventory of Intel® AMT Capable Systems

WBS 2.1
Notes: Important
Task Description: Collect an Inventory of Intel® AMT Capable Systems
Resource Name: IT Technician
For More Information: See the System Discovery Tools available in the current
Intel SCS documentation
Finding Intel AMT Capable Machines in Your Environment
(Intel vPro Expert Center Use Case Reference Design)
Recommendations: Use Intel SCS 8 (with the database option) and the
System Discovery tool to collect the information into the
Intel SCS database.
Notes:
1. The inventory will be used to determine which Intel AMT features are supported on
the PCs in your enterprise. For example, KVM Remote Control only works on PCs
with Intel AMT 6.0 or later and integrated graphics.
2. The System Discovery tool in Intel SCS can be used to collect key data about your
Intel AMT systems.

3.2.2 Collect Existing Network Infrastructure Information

WBS 2.2
Notes: Recommended
Task Description: Collect Existing Network Infrastructure Information
Resource Name: Project Management; IT Help Desk Architect
For More Information: See Also: refer to the installation and planning
documentation for your management software
Recommendations:
Notes:
1. You will need answers to the following questions later in the design phase:
a. Do you require TLS security for remote setup and configuration of Intel
AMT?
b. Do you require TLS for management traffic between the management
console and the remote client?
c. Are you using Acitve Directory?
d. Are you using 802.1x?
e. Do your DCHP servers use Option 15?
f. What domains and subdomains to you plan to use?
g. Do you have 802.11 wireless networking?

10
3.2.3 Select Intel® AMT Use Cases
WBS 2.3
Notes: Recommended
Task Description: Select the Intel® AMT Use Cases that have the highest
ROI for your IT department
Resource Name: Project Management, IT Help Desk Specialist
For More Information: intel.com/vpro
Recommendations: Chose a limited number of use cases for your initial
deployment, then incrementally add new use cases in
future deployments. Involve your IT Operations and Help
Desk teams at the beginning of the use case selection
process.
Notes:
1. Simple, reliable use cases provide the best results in terms of ROI and technology
adoption.

3.2.4 Select Management Software

WBS 2.4
Notes: Important
Task Description: Select the management software you want to use with
your Intel AMT PCs
Resource Name: Project Management, IT Architect, IT Help Desk
Specialists
For More Information: Refer to the software vendor documentation.
Recommendations: This is a major task—take time to consider all the other
features of the management software that you will be
using and how it fits into your infrastructure.
Notes:
1. This task may involve other considerations besides the compatibility and support
for Intel AMT features.
2. Two or more management software packages may, in some cases, be used
simultaneously with Intel AMT clients.

3.2.5 Establish Intel® AMT Test Lab

WBS 2.5
Notes: Recommended
Task Description: Create a lab environment for testing Intel AMT clients with
your management software
Resource Name: Project Management; IT Help Desk Architect
For More Information:
Recommendations: Do not test the setup and configuration process in a
production environment.

11
 Notes:
1. Some changes (e.g. Microsoft* Active Directory OU changes) should be tested in a
lab environment before going into your production environment.
2. In a lab environment you can easily pull the CMOS battery to reset the Intel ME to
the factory state and clear the provisioning settings.

3.2.5.1 Create a Lab Environment

WBS 2.5.1
Notes: Recommended
Task Description: Create a Lab Environment
Resource Name: Project Management; IT Help Desk Architect
For More Information:
Recommendations:
Notes:
(None)

3.2.5.2 Run a Proof of Concept Test in a Lab Environment

WBS 2.5.2
Notes: Recommended
Task Description: Run a Proof of Concept Test in a Lab Environment
Resource Name: Project Management; IT Help Desk Architect
For More Information:
Recommendations:
Notes:
(None)

3.3 Deployment Phase

In this phase, you will start to setup and configure the Intel AMT systems in your
production environment.

3.3.1 Modify the Network Infrastructure

WBS 3.1
Notes: Important
Task Description: Modify the Network Infrastructure
Resource Name: Project Management; IT Help Desk Architect
For More Information: Refer to the software management console documentation
and the Intel SCS documentation
Recommendations: Preparing the network infrastructure is important for a
smooth deployment of Intel AMT.
Notes:
(None)

12
3.3.1.1 Set DHCP Option 15
WBS 3.1.1
Notes: Important
Task Description: Set DHCP Option 15
Resource Name: Project Management; IT Help Desk Architect
For More Information: Refer to the Windows* Server documentation for setting
DHCP options
Recommendations:
Notes:
1. This DHCP option is required for the remote management of the clients.

3.3.1.2 Open TCP Ports in Firewall

WBS 3.2.1
Notes: Important
Task Description: Open TCP ports in you network firewalls and routers
Resource Name: IT Technician
For More Information: Refer to the documentation for your management
software.
Recommendations:
Notes:
1. Open one or more of the following TCP ports:
Port Purpose
80 Standard HTTP Port (Intel AMT Web UI)
443 Standard HTTPS Port (Intel AMT Web UI in SSL mode)
5900 KVM Remote Control (non-TLS mode)
9971 Default port used by Intel SCS Console (configurable)
16992 WS-MAN commands in non-TLS mode*
16994 SOL/IDE-Redirection in non-TLS mode*
16993 WS-MAN commands in TLS-PSK or TLS-PKI mode**
16995 SOL/IDE-Redirection and KVM Remote Control in TLS-PSK or TLS-PKI
mode**
*16992 and 16994 are used during non-TLS mode and not used at all with TLS
**16993 and 16995 are used during TLS and not used at all with non-TLS

13
3.3.1.3 Create User Accounts and Groups
WBS 3.1.3
Notes: Important
Task Description: Create User Accounts and Groups
Resource Name: IT Technician
For More Information:
Recommendations:
Notes:
1. Intel AMT supports both Digest and Kerberos users.
2. The setup and configuration profile is used to define the access permissions (called
Realms) and credentials (digest user accounts).
3. The Auditor user account should be defined if you are using the Audit Log feature.
4. The management software components might also need updated accounts (for
Intel vPro Technology enabled gateway for Fast Call for Help, Intel SCS database,
making changes to Active Directory or requesting access to the Certificate
Authority).

3.3.1.4 Modify Microsoft* Active Directory

WBS 3.1.4
Notes: Important
Task Description: Modify Microsoft* Active Directory
Resource Name: IT Technician
For More Information: Refer to the documentation provided with your
management software.
Recommendations: Follow the directions in the management software
documentation. Be careful when extending the schema
because you cannot undo the changes.
Notes:
(None)

3.3.2 Update BIOS, Firmware, and Drivers on Intel® AMT Computers

WBS 3.2
Notes: Recommended
Task Description: Update BIOS, Firmware, and Drivers on Intel® AMT
Computers
Resource Name: IT Technician
For More Information: Refer to the support website for the PC manufacturer for
the latest BIOS, firmware, and drivers.
Recommendations: Update to the latest versions of the BIOS, Intel ME
firmware, and Intel drivers for your PCs

14
 Notes:
1. Use the inventory data that you collected to plan the BIOS, firmware, and driver
updates. Sort the data by make of model of PC, then visit the support website for
each OEM to determine the latest version of the BIOS, firmware and drivers.
2. Some OEMs release the BIOS, firmware, and drivers as one package while others
release them individually. Check with the OEM for the PC.

3.3.2.1 Update System BIOS

WBS 3.2.1
Notes: Recommended
Task Description: Update System BIOS to the latest version
Resource Name: IT Technician
For More Information: Refer to your OEM’s support website for information on
the latest BIOS releases
Recommendations: Update the PCs with Intel AMT to the latest available
System BIOS.
Notes:
1. The OEM for your PCs must provide a System BIOS that supports Intel AMT. Use
the BIOS update tool provided by your OEM.
2. The System BIOS will include the Intel ME BIOS Extensions (MEBX) screens that
allow administrators to locally setup and configure certain Intel AMT features. Not
all the Intel AMT settings are configurable from the MEBX.
3. Different OEMs may release different versions of Intel AMT and may, as a
consequence, release different BIOS updates to support the Intel AMT releases.
4. If the inventory scan returns a Universally Unique ID (UUID) of all zeros for an
Intel AMT client, you must upgrade the BIOS to resolve this issue. Check your
OEM’s support website if your PCs has this issue. Each Intel AMT client must have
a unique UUID in order to be remotely manageable.

3.3.2.2 Update Intel® Management Engine Firmware

WBS 3.2.2
Notes: Important
Task Description: Update Intel® Management Engine Firmware
Resource Name: IT Technician
For More Information: Refer to your OEM’s support website for information on
the latest Intel ME firmware releases
Recommendations: Update to the latest Intel ME firmware.
Use the Inventory of Intel AMT systems to plan the
upgrades.
Notes:
1. Some non-Intel AMT enabled systems have Intel ME firmware. You do not need to
upgrade these systems as part of this plan (non-Intel AMT capable systems cannot
be remotely managed).
2. The OEM for your PC is responsible for releasing the Intel ME firmware. Use your
inventory of Intel AMT systems to determine the make, model, and firmware

15
 version of each Intel AMT capable PC. Then check the OEM support website to
determine the latest available firmware release.
3. The OEM may choose to disable certain features found in other PCs with the same
version of Intel AMT firmware. Upgrading to the same major and minor numbers
of the firmware version on different PCs will not guarantee that both PCs will have
exactly the same support for Intel AMT features. Intel recommends that you test
the specific Intel AMT features you are interested in using on a representative
sample of the actual PCs in your IT environment.
4. The Intel ME firmware version numbers are tied to each generation of hardware.
You cannot upgrade between the major versions shown in the list (for example,
from 3.x to 4.x). All major releases of Intel AMT are shown below along with the
type of PC platform:
a. Intel AMT 2.0, 2.1, 2.2 Desktop
b. Intel AMT 2.5, 2.6 Mobile
c. Intel AMT 3.x Desktop
d. Intel AMT 4.x Mobile
e. Intel AMT 5.x Desktop
f. Intel AMT 6.x Mobile, Desktop, Server/Workstation
g. Intel AMT 7.x Mobile, Desktop, Server/Workstation
5. Some older firmware versions may include features that are no longer supported
by Intel. For example the Intel Remote PC Assist Technology (RPAT) service is no
longer available but you may see an option for it in the MEBX.

3.3.2.3 Update Intel® Management Engine Driver Package

WBS 3.2.3
Notes: Recommended
Task Description: Update Intel® Management Engine Driver Package
Resource Name: IT Technician
For More Information: Refer to your OEM’s support website for information on
the latest Intel ME firmware releases
Recommendations: Update to the latest drivers for your PCs.
Notes:
1. Update Intel Management Interface (Intel MEI) driver, the Local Notification
Service (LNS) driver, and the Serial-Over-LAN (SOL) driver. All the drivers are
typically provided in a single package by the OEM.
2. The Intel MEI drivers was formerly called the HECI driver. You might see this term
on support sites for older generations of Intel AMT platforms.

16
3.3.3 Pilot the Deployment
WBS 3.3
Notes: Recommended
Task Description: Pilot the deployment of Intel AMT with a limited number of
Intel AMT clients
Resource Name: Project Management; IT Technician
For More Information:
Recommendations: Start with a small number of non-critical clients in the
production environment
Notes:
1. A pilot project provides a “safe zone” for learning how to use and support a new
technology, and helps ensure that the technology fully integrates with the
computing infrastructure. When planning pilot projects, expand the team to
include infrastructure owners.
2. Do not pilot the deployment on clients that are critical to the enterprise (factory
floor PCs or mission critical servers, for just two examples). While the setup and
configuration of Intel AMT clients generally will be invisible to users, it is possible
with a error in the configuration of network filters, for example, to shut down the
network interface and take the wired LAN interface of the PC off the network.

3.3.3.1 Configure the Management Software

WBS 3.3.1
Notes: Recommended
Task Description: Configure the Management Software to support out-of-
band communication through the Intel ME on the clients
Resource Name: IT Technician
For More Information: Refer to the documentation for the management software.
Recommendations:
Notes:
(None)

3.3.3.2 Install Intel® SCS in the Production Environment

WBS 3.3.1.1
Notes: Recommended
Task Description: Install Intel® SCS in the Production Environment
Resource Name: IT Technician
For More Information: Intel SCS documentation
Recommendations: Install the latest version of Intel SCS except when your
management software has an integrated solution.
Notes:
1. Intel SCS is the preferred setup and configuration software solution for Intel AMT
clients. However, some management software solutions currently have older

17
 versions of Intel SCS or a proprietary solution integrated into the management
software. Consult your management software documentation for details.

3.3.3.2.1 Verify Correct Versions of Windows* and .NET Framework

WBS 3.3.1.1.1
Notes: Recommended
Task Description: Verify Correct Versions of Windows* and .NET Framework
Resource Name: IT Technician
For More Information: Intel SCS documentation
Recommendations:
Notes:
1. Check the Intel SCS documentation for the latest list of supported operating
systems and Microsoft* .NET Framework versions.

3.3.3.2.2 Install Intel® SCS Components

WBS 3.3.1.1.2
Notes: Recommended
Task Description: Install Intel® SCS Components
Resource Name: IT Technician
For More Information: Intel SCS documentation
Recommendations: Install the latest version of Intel SCS except when your
management software has an integrated solution.
Notes:
1. Check the Intel vPro Expert Center for automated integration tools or
documentation on integrating Intel SCS with Microsoft* ConfigMgr 2007 and other
third party management software.

3.3.3.3 Install and Configure Third Party Management Software

WBS 3.3.1.2
Notes: Recommended
Task Description: Install and Configure Third Party Management Software
Resource Name: IT Technician
For More Information:
Recommendations:
Notes:
(None)

18
3.3.3.3.1 Install Updates or OOB Extensions to Existing Management
Software
WBS 3.3.1.2.1
Notes: Important
Task Description: Install Updates or OOB Extensions to Existing
Management Software
Resource Name: IT Technician
For More Information:
Recommendations:
Notes:
(None)

3.3.3.3.2 Install RealVNC* Viewer (or Similar) for KVM Remote Control
WBS 3.3.1.2.2
Notes: Optional
Task Description: Install RealVNC* Viewer or similar viewer for KVM Remote
Control
Resource Name: IT Technician
For More Information: Real VNC documentation
Recommendations: Install Real VNC Viewer Plus (or similar) viewer on your
management console to support KVM Remote Control.
Notes:
1. Intel AMT 6.0 and later PCs, when combined with Intel Core vPro Processors with
integrated graphics, provide the KVM remote control capability using the wired LAN
connection. No other hardware is required.
2. The Real VNC Viewer Plus supports KVM Remote Control, power control, and IDER.
3. Real VNC Viewer can be configured to use TLS security.
4. Refer to the Intel SCS documentation for information on the KVM Remote Control
profile settings.

3.3.3.3.3 Install Intel® vPro™ Enabled Gateway Software for Fast Call for
Help
WBS 3.3.1.2.3
Notes: Optional
Task Description: (Required only for Fast Call for Help) Install Intel® vPro™
Enabled Gateway for Fast Call for Help
Resource Name: IT Technician
For More Information: Refer to the third party documentation
Recommendations:
Notes:
1. Some management consoles have the Intel vPro enabled gateway integrated into
their solutions. Check with your management console documentation for details.

19
3.3.3.3.4 Purchase and Install Certificates for Setup and Configuration with
TLS
WBS 3.3.1.3
Notes: Optional
Task Description: Purchase and install certificates for setup and
configuration with TLS
Resource Name: IT technician
For More Information: Intel vPro Expert Center
Recommendations: Select the certificate vendor that has a built-in hash in the
Intel AMT firmware for the versions of Intel AMT that you
want to use the certificate with. A list of supported
vendors by Intel AMT version is posted on the Intel vPro
Expert Center.
Investigate the various certificate options before
purchasing the certificate.
Notes:
1. This task is only required for remote setup and configuration using TLS-PKI using
third-party certificate authorities.
2. Subtasks:
a. Choose certificate vendor
b. Create certificate signing request (CSR)
c. Submit the CSR with the certificate vendor
d. Install the certificate on the provisioning server
3. The certificate parameters must be set to identify the certificate as a setup and
configuration certificate. Check with the certificate vendor for specific instructions.
4. Intel AMT clients have several certificate hashes included in the firmware. Check
the certificate documentation on the Intel vPro Expert Center for details.

3.3.3.4 Setup and Configure the Intel® AMT Clients

WBS 3.3.2
Notes: Recommended
Task Description: Setup and Configure the Intel® AMT clients in the pilot
deployment
Resource Name: IT Technician
For More Information: Intel SCS documentation
Recommendations:
Notes:
(None)

20
3.3.3.4.1 Select Intel® AMT Setup and Configuration Method
WBS 3.3.2.1
Notes: Recommended
Task Description: Select Intel® AMT Setup and Configuration Method
Resource Name: IT Technician
For More Information: Intel SCS documentation
Recommendations: Use Host Based Configuration whenever possible.
Notes:
1. For a large enterprise, you have two methods to choose from: remote
configuration or host-based configuration.
2. Remote configuration will allow you the most flexibility for configuration and
security settings, such as being able to disable user consent requirements. Host-
based configuration has fewer steps and requirements, but requires user consent
for KVM remote control and boot redirection.

3.3.3.4.2 Create Intel® AMT Profile Settings

WBS 3.3.2.2
Notes: Recommended
Task Description: Create Intel® AMT Profile Settings
Resource Name: Project Management; IT Help Desk Architect
For More Information: Intel SCS documentation
Recommendations:
Notes:
(None)

3.3.3.4.3 Setup and Configure Systems

WBS 3.3.2.3
Notes: Recommended
Task Description: Setup and Configure Systems
Resource Name: IT Technician
For More Information: Intel SCS documentation
Recommendations: Ensure that you understand the impact of the various
configuration options have. Consult the Intel SCS
documentation for specific details.
Notes:
(None)

21
3.3.4 Setup and Configure Intel® AMT in the Entire Enterprise
WBS 3.4
Notes: Important
Task Description: Setup and Configure Intel® AMT in the Entire Enterprise
Resource Name: IT Technician
For More Information:
Recommendations: Use an incremental deployment approach.
Notes:
1. It is important to start small and ramp up you numbers when provisioning Intel
vPro clients. If you run into a configuration problem you want to be able to
address it with a manageable number of clients.

3.3.4.1 Select Intel® AMT setup and configuration method

WBS 3.4.1
Notes: Important
Task Description: Select Intel® AMT setup and configuration method
Resource Name: Project Management; IT Help Desk Architect
For More Information:
Recommendations:
Notes:
(None)

3.3.4.2 Create or Update Intel® AMT Profile Settings

WBS 3.4.2
Notes: Important
Task Description: Create or Update Intel® AMT Profile Settings
Resource Name: IT Technician
For More Information:
Recommendations:
Notes:
(None)

3.3.4.3 Setup and Configure Intel® AMT Clients

WBS 3.4.3
Notes: Important
Task Description: Setup and Configure Intel® AMT Clients
Resource Name: IT Technician
For More Information:
Recommendations:

22
 Notes:
1. Using an incremental approach to deployment will ensure that the Intel SCS
Remote Configuration Service (RCS) or other provisioning server is not overloaded
with too many requests. The throughput capacity of the RCS is stated in the Intel
SCS documentation.
2. You do not need to shut down, reboot, or otherwise interrupt the user when you
setup and configure Intel AMT systems remotely. You might, however, need to ask
the user for permission if you use Host Based provisioning in Client Control mode.
Local configuration using a USB key will require a deskside visit from the IT
Technician and a reboot.

3.3.5 Deploy Intel® AMT Use Cases to IT Help Desk

WBS 3.5
Notes: Recommended
Task Description: Deploy Intel® AMT Use Cases to IT Help Desk
Resource Name: IT Technician
For More Information:
Recommendations: Use an incremental approach.
Notes:
(None)

3.3.5.1 Add Intel® AMT Use Case to IT Help Desk

WBS 3.5.1
Notes: Recommended
Task Description: Add Intel® AMT Use Case to IT Help Desk
Resource Name: IT Architect
For More Information:
Recommendations:
Notes:
(None)

3.3.5.2 Perform Acceptance Testing to Verify Intel® AMT Use Cases

WBS 3.5.2
Notes: Recommended
Task Description: Perform Acceptance Testing to Verify Intel® AMT Use
Cases
Resource Name: IT Technician
For More Information:
Recommendations:
Notes:
(None)

23
3.4 Post Deployment Stabilization Phase
The final phase of the project is typically a stabilization phase. The purpose of this
phase is to ensure that your Intel AMT capable PCs are setup and configured properly
and that your IT help desk can use the selected Intel AMT use cases.

3.4.1 Troubleshoot and Resolve Post Deployment Issues

WBS 4.1
Notes: Recommended
Task Description: Troubleshoot and Resolve Post Deployment Issues
Resource Name: Project Management; IT Help Desk Architect
For More Information: Intel vPro Expert Center
Recommendations:
Notes:
(None)

3.4.2 Plan for Maintenance Tasks

WBS 4.2
Notes: Recommended
Task Description: Plan for post-deployment maintenance tasks.
Resource Name: IT Technician
For More Information: Intel vPro Expert Center and the Intel SCS documentation
Recommendations:
Notes:
1. Change user passwords periodically.
2. Renew TLS Setup and Configuration certificates before they expire to allow you to
setup and configure new PCs, or modify existing PCs using TLS.
3. Check for updates to the BIOS, firmware and drivers.

24
4 What’s Next?
After you have deployed Intel AMT PCs, what’s next? You might need to plan on doing
one or more of the following tasks that involve the Intel AMT setup and configuration
settings:
• Add new PCs
• Decommission older PCs
• Upgrade older PCs with new hard drives
• Update the BIOS, firmware, and drivers
• Renew TLS Setup and Configuration certificates (if TLS is used)
• Update user accounts
• Add a “delta” profile to add or remove Intel AMT settings
• Change Intel ME passwords
• Review the audit log (if used)
• Change the network filtering settings (if used)
• Merge in new PCs from another domain or from an acquisition
• Move PCs into a new corporation

25
5 Work Aids for Planning and Analysis
The following checklists will help you organize and plan the analysis and deployment
tasks.

5.1 Checklist of Intel® AMT Features and Capabilities

Intel AMT Features:
 The Intel AMT firmware runs on a separate processor (the Intel®
Management Engine) that is independent of the main processor and operating
system
 The network solution provides network communications on the wired network
between the Intel® Management Engine (Intel® ME) and the remote
management console that bypasses the operating system
 Supports secure TLS communications between the Intel® ME and the remote
management console
 Supports remote setup and configuration with secure TLS communications to
the remote configuration server
 Supports wireless 802.11 networking
 Supports 802.1x End Point Access Control
 Supports Kerberos or Digest authentication for network access to the Intel®
ME with each user account limited to selected realms
 Supports remote management of PCs over VPNs and outside of your
corporate firewall
 One-click call for help from client PCs (inside or outside your network)
 Built-in “alarm clock” that is independent of the operating system
 Redirection of the serial console output for remote access to the System BIOS
over low bandwidth networks or for clients without KVM Remote Control
 Users consent control for remote access
 Remote Alert enables desktops and notebooks outside the firewall to be
protected and repaired just as if they were inside the firewall.
 Remote Scheduled Maintenance enables off-hours patch updates for desktops
and notebooks outside the firewall. Previously, scheduled updates were
difficult to impossible for systems outside the firewall or for systems managed
by Service Providers (SPs) or Managed Service Providers (MSPs).
 Fast Call for Help enables users to quickly connect to the management
console whether inside or outside the firewall (after configured and setup) to
get help fast through normal Intel® vPro™ technology remote management
capabilities. Most OEMs are implementing a Hot Key combination to trigger
the call back home and then an "opt-in" (IT configurable privacy measure)
acceptance to establish the connection.
 Remotely accessible log files
 Special “auditor” role to control erasing log files
 SNMP alerts from the Intel ME
Intel® AMT Capabilities:
 Remote power control (with or without using Transport Layer Security or TLS)
 KVM Remote Control

26
  Limiting malware outbreaks by automatically shutting down the network
interface
 Remote hardware and software inventory
 Remote booting using IDE redirection
 Scripting of IT help desk solutions using Microsoft* PowerShell

5.2 Checklist of Intel® AMT Use Cases

 Hardware-based KVM remote control
 Serial Over LAN remote control
 Remote boot redirection
 Fast Call for Help
 Remote power control
 Remote encryption management
 Remote scheduled maintenance
 Management over Wi-Fi
 Hardware and software inventory
 Audit logs
 License management
 Network filters
 End point access control
 Software agent presence

5.3 Checklist of Management Software Supporting Intel® AMT

 IBM Tivoli Endpoint Manager
 BMC BladeLogic Client Automation
 Big Fix Unified Management Platform
 Brainware Columbus
 CA IT Client Manager
 Checkpoint Intel® vPro™ Enabled Gateway
 Dell Remote Monitoring
 Dell ProManage
 Fractalia Manager
 GeneralSoft SmartConfig
 HP Software Client Automation
 Kaseya IT Automation Framework
 LANDesk Management Suite
 Level Platforms Managed Workplace
 McAfee ePO
 Microsoft System Center Configuration Manager
 Microsoft System Center Service Manager
 N-Able N-central
 Novell
 Real VNC Viewer Plus
 Secuware SOS Secure Operating System
 Softex
 SoftLumos CIPMS
 SpiceWorks IT Desktop
 StarSoftComm CooCare Enterprise

27
  Symantec Altiris Client Management Suite
 VRV Enterprise Desktop Planning
 Wave
**Note: Refer to the Intel® Core™ vPro™ Processor Family Software Catalog for the
latest list. Some software may only be available in certain geographical regions.

5.4 Checklist of Intel® Use Case Reference Designs and Intel®

Solution Reference Designs for Intel® AMT
McAfee Fix
 Fix for McAfee .DAT File
Microsoft Products
 Host Based Configuration
 Automatic Remote Firmware Update
 Automatic Remote Windows 7 Migration
 Automatic Overnight Patching with Config Mgr
 Extra Configuration for Intel AMT
 Windows PowerShell Module for Intel vPro Technology
 Use VNC Viewer Plus with ConfigMgr
Symantec Altiris
 Automatic Overnight Patching with Altiris
LANDesk
 Automatic Overnight Patching with LANDesk
Help Desk
 Green Power Management
 Instant Back to Work
 Easy Reimage
 Remote Drive Mounting
 Remote Drive Erase
 Enhanced Remote Repair with Microsoft* Windows* PE
 Enhanced Remote Repair with WinRE
 Use MSDaRT with Intel® vPro™ Technology
 EZ Help Desk Console Extender
 EZ Help Desk Permissions Manager
 Out-of -Box Configuration for KVM Remote Control
 Enhanced Remote Repair with Drive Sharing
 Enhanced Remote Repair - Virus Scan
 Enhanced Remote Repair - Kernel Dump Analysis
 Enhanced Remote Repair - Registry Edits
 Enhanced Remote Repair - Outlook Web Access
 Faster Booting over IDER
 Trigger a Recovery OS Remotely
 Remote ISO Launcher (RIL)
 Help Desk Console for Non-TLS Environments
 Update BIOS on Type 1 Hypervisor
 Reimage OS with SOL/IDER and WinPE
 Find Intel AMT Capable Machines

28
  Outlook Web Access with Imaging
 Use FCFH to ID a Help Desk Caller's PC.
Small Business
 Local Setup and Configuration Using a USB Flash Drive
Android* Apps
 Intel vPro Power Control App
**Note: refer to the Intel vPro Expert Center for the latest list (link).

5.5 Checklist of Cmdlets in Intel® vPro™ Technology Module for

Microsoft* Windows* PowerShell*
For version 3.2:
 Invoke-AMTPowerManagement
 Invoke-AMTForceBoot
 Invoke-AMTSOL
 Set-AMTAlarmClock
 Get-AMTAlarmClock
 Set-AMTSystemDefense
 Clear-AMTSystemDefense
 Set-AMT3PDS
 Get-AMT3PDS
 Clear-AMT3PDS
 Invoke-AMGUI
 Get-AMTIDER
 Start-AMTIDER
 Stop-AMTIDER
 Get-AMTAccessMonitor
 Get-AMTEventLog
 Get-AMTFirmwareVersion
 Get-AMTHardwareAsset
 Get-AMTPowerState

29
6 Resources
Intel® vPro™ Expert Center (link)
Intel® vPro™ Developer Community (link)
2nd Generation Intel® Core™ vPro™ Processors (www.intel.com/vpro)
Intel® Core™ vPro™ Processor Family Software Catalog (link)

30
7 Glossary of Terms

802.1x See: End Point Access Control (EAC)

DASH DASH (Desktop and Mobile Architecture for System Hardware) is a

Desktop Management Task Force (DMTF) standard. DASH 1.0 and
1.1 are supported by Intel AMT.

DHCP Dynamic Host Configuration Protocol

DNS Domain Name Service

End Point Access Endpoint Access Control (Cisco SDN* and Microsoft NAP*) EAC networks
Control (EAC) can (with 802.1x) verify that the PC who's attempting to access the
network has the authority to do so and can also (with Cisco Self Defending
Network* or Microsoft NAP*) verify the "posture" of the PC. The PC's
posture includes information about the virus software it's running, the
operating service packs installed, etc. If a PC can't authenticate itself or
cannot assert its posture to the network, it is not allowed onto the
network.

Intel® vPro™ technology is not unique in providing support for Cisco SDN
and Microsoft NAP. However, with Intel vPro technology you can exchange
authentication and posture information on both Cisco SDN and Microsoft
NAP networks even if the OS will not boot, allowing EAC even when the OS
or a software agent is not present. This enables more secure management
and maintenance of PCs even when the OS is frozen or the machine will
not boot.

HECI driver Intel Host Embedded Controller Interface (HECI) driver is now called the
Intel Management Engine Interface (Intel MEI) driver.

IDER IDE Redirection will redirect the remote PC to use a virtual IDE device.
This allows IT to boot the system to images anywhere on the network.

Intel LMS Intel Local Management Service

KVM Remote Control Keyboard, Video, and Mouse redirection over the network. Hardware
based remote control allowing IT to manage the remote computer
regardless of its OS or power state. This allows remote control of the PC
with full video support on Intel AMT PCs with this feature enabled.

OOB Out-of-band means that the Intel ME can communicate to the

management console over the wired network even if the power is off or
the operating system has crashed.

PKI Private Key Infrastructure. Refers to TLS security provided by a Certificate

Authority in the chain of trust.

PSK Pre-shared Key. Refers to TLS security provided by a key pair generated
by the remote configuration service for the purpose of remotely
configuring the Intel AMT client. Part of the key pair must be installed on
the Intel AMT client.

RCS Intel® SCS Remote Configuration Service

Setup and Setup and Configuration is the process by which Intel® vPro™ technology
Configuration features are made available to management applications.

SOL Serial-Over-LAN exposes a virtual Serial port to IT, allowing I/O

31
 communication to the remote computer (send and receive text and remote
control capabilities).

TLS Transport Layer Security protocol

User Consent In Intel AMT, the end user must consent to KVM Remote Control, SOL, and
IDER (Intel AMT version 6 and later). They must also consent to setup
and configuration (in client control mode, Intel AMT 6.2 and later).

WS-MAN Web Services Manageability Protocol. This is a Desktop Management Task

Force (DMTF). WS-MAN is the Web Services-based communications
protocol which supports DASH. DASH represents a set of profiles
(feature interfaces and usages) based on Common Information
Model (CIM) schema. (See also: DASH)

32