|
|
|
Network Inventory Expert - Intel AMT Power feature |
The Power feature enables
applications to perform power operations on the remote PCs.
The Power feature can retrieve the
current power state of the host platform and change the power state of the
platform via commands to the Intel AMT device.
When performing such an operation,
do not request any other operation without allowing Intel AMT to fully complete
the power operation.
This can take up to 20 seconds,
depending on the OEM platform
Power functions:
Power function |
Description |
Pre-9.0 |
9.0 |
Powerup |
Power up the system. |
|
|
PowerDown |
Shut down the system. |
|
|
Reset |
Cause a reset of the system. This includes resetting Intel AMT. |
|
|
PowerCycle |
Shut down the system and then reboot. |
|
|
Sleep |
Put the system to sleep. |
|
|
Hibernate |
Hibernate the system. |
|
|
GracefulShutDown |
Gracefuly shut down the system. |
|
|
GracefulReset |
Cause a graceful reset of the system. This includes resetting Intel AMT. |
|
|
CurrentPowerState |
Retrive the current power of the machine. |
|
|
Note: |
If there is an active redirection session (SOL, IDE-R or KVM), then a PowerCycle or a PowerDown command will be rejected as invalid.
|
|
|
|
Accessing Intel AMT via the WebUI Interface |
An administrator with user rights can remotely connect to the Intel AMT device by entering the IP address and one of the following port numbers into the address bar of the web browser:
- 16992 – Use if TLS is NOT defined (use http)
- 16993 – Use if TLS is defined (use https)
Note: |
From Intel AMT Release 6.0 you can allow both secure (16993) and non secure (16992) connections simultaneously (in previous versions only one of the ports could be open).
Starting with Intel AMT Release 6.1 you can connect to Intel AMT locally using the WebUI interface.
|
For example: http://134.134.176.1:16992
The Intel AMT device can also be addressed using the device’s fully qualified domain name (FQDN). If using TLS, Intel recommends to use the Intel AMT FQDN rather than the IP.
For example: https://amt_fqdn:16993
Using the FQDN requires either that the DHCP server is configured to register the FQDN to a DNS server or the hosts file on the remote computer maps the FQDN to an IP address.
The following web browsers were validated and can be used remotely to connect to any configured Intel AMT system.
- Microsoft* Internet Explorer 6.0 SP1 or later
- Netscape* 7.2 or later for Windows* and Linux*
- Mozilla* Firefox 1.0 or newer for Windows and Linux
- Mozilla* 1.7 or later for Windows and Linux
Other browsers may be used; however, they may not be supported by Intel AMT-enabled systems. The web browser will establish a TCP connection to the Intel AMT platform and access the top-level Intel AMT Configuration web page. To view this information, you will be prompted to authenticate by logging in with a user that was defined in the Intel AMT ACL:
- If the Intel AMT device is in SMB Mode, you should use the default “admin” with the MEBx password (which is also the current network password).
- If the Intel AMT device is in Enterprise Mode, you should use a user that was defined during the provisioning process, or the default admin with the current network password (which may vary from the MEBx password).
- In case Kerberos is used, and the browser supports Kerberos authentication, you should authenticate with a domain user that has access rights to the Intel AMT. (In Internet Explorer, support for Kerberos is defined in: Tools > Internet Options > Advanced. In the "Security" section, select Enable Integrated Windows Authentication.)
Restoring Intel AMT to Factory Mode
Intel AMT should be returned to Factory Mode whenever its capabilities need to be reconfigured on a platform. The Intel AMT device is returned to Factory Mode from the Intel (R) AMT Configuration menu of the MEBx using the following options.
Full Unprovision
Selecting the Full Unprovision option performs the following actions:
- Non-Volatile Memory (NVM) is cleared.
- Event log is cleared.
- All Access Control Lists (ACL) are cleared, the administrator username is set to the default (“admin”), and the Intel AMT password is set to the password that was used in the Intel AMT MEBx. (The MEBx password is not restored to the default).
- Hardware asset information is erased. (In Releases 4.2 and 5.0 and later releases, the hardware asset information from the last power on is retained.)
- The Intel AMT network device is reset and the Intel AMT device is put back into Factory Mode.
- All Intel AMT configuration data is erased (certificates, CIRA, wireless profiles, wired 802.1x profiles, etc.). From Release 8.0, all OEM secure settings are maintained, including custom hashes (+ inactive default hashes in Releases 6.x and 7.x), DNS suffix and configured server FQDN.
Note: |
You are able to change the Provision Model from Small Business (legacy feature from pre 6.0 releases; not to be confused with SBT) to Enterprise or vice versa only when the Intel AMT device is in Factory Mode. (Not applicable to release 6.0 and later.)
Beginning in Release 8.0, the Auditor must erase the Auditor profile via the ACL entry to allow unprovisioning.
|
Partial Unprovision
Selecting the Partial Unprovision option performs all of the Full Unprovision actions, with the following exceptions:
- The Admin ACL, containing the administrator username and password, is not restored to the default.
- The hostname is not erased.
- The provisioning server IP and port are not erased.
- The domain name is not erased.
- All data needed for the next setup and configuration attempt is retained (OTP, PKI DNS Suffix, SCA FQDN, Customized hashes [+ inactive default hashes in Releases 6.x and 7.x], and PID-PPS pair).
- Beginning in Release 6.2, if there is an OEM-configured secure DSN suffix, it is reverted to and any post-provisioning DSN settings are erased.
|