Intel® Active Management Technology (Intel® AMT) addresses traditional weaknesses in platform-audit capabilities, substantially reducing costs for IT organizations. Advanced, out-of-band (OOB) remote-discovery techniques replace conventional means, preventing end-user interference and avoiding the necessity of IT personnel making expensive physical visits to the systems being audited.

This use case concerns process improvements that result in dramatic cost savings during platform audits to support maintenance of hardware and software contracts, as well as regulatory compliance with legislation.

Conventional tools traditionally available for asset discovery work on an in-band basis only; that is, these tools require the target system operating system to be operational, and they fail if the platform is powered off or the operating system is otherwise non-functional. Moreover, users can intentionally or inadvertently remove the software agents on which auditing tools depend.

As a result, IT organizations must depend on users to report their IT assets, or IT employees must be sent to check the assets manually. No standard, persistent asset ID exists, and there is no reliable down-the-wire method to discover unused or underutilized hardware or software assets. These limitations combine to create substantial cost inefficiencies related to software licensing, IT personnel, and hardware maintenance contracts. Wireless environments and laptops make this even more challenging since at any point in time, laptops may be connected to a corporate LAN over the wireless network or via VPN (in case of remote mode) or may not be connected to an AC power source.

Using an asset management application that supports Intel AMT, an IT professional discovers and audits all Intel AMT-based platforms remotely, down-the-wire, assuming the following scenarios:

• Desktop Mode – Platforms are AC powered and connected to the corporate LAN via a wired LAN connection (not over VPN)
• Mobile mode – Laptops in S0 are AC powered or on battery and are on the corporate wireless network (not connected via VPN)
• Remote Mode – Laptops in S0/H0 are connected to the corporate network via VPN

Intel AMT makes that possible via OOB remote access to a platform's persistent, tamper-resistant asset ID, which end-users are typically unable to access or modify.

The IT professional can compare the remotely obtained asset IDs against the asset management database kept in a third-party management application. This step allows validation of the stored asset data. In case of laptops, since all of them might not be within the corporate network (mobile mode) or connected to the corporate LAN via VPN (remote mode) when the inventory is taken, either some manual checking might be necessary, or the inventory might span over multiple days in order to catch all laptops connected appropriately.  Depending on the Intel AMT features supported by a management console and IT policies, additional inf ormation may be accessible from the platform that assists an IT audit process. Remote platform audits assisted by Intel AMT are far more complete than traditional manual ones, without resorting to manual desk-side visits.

The following table summarizes the features and functionality utilized in this use case that are provided by Intel AMT or enabled by Intel AMT in third-party software:

Through Intel AMT platforms, an IT department can reduce or eliminate manual platform audits by means of remote, down-the-wire access to platforms, regardless of operating system state assuming that the platforms are either in desktop mode (AC powered (but not necessarily turned on) and connected to the corporate network via a wired connection (not over VPN)), mobile mode (within the corporate environment on wireless or battery connected (not VPN connected), or remote mode (connected via VPN - AC or DC powered and wired or wirelessly connected). This functionality, which is relevant to both planned and emergency situations, allows for faster, more accurate, and more timely platform audits. Additionally, the remote, down-the-wire discovery capabilities make regulatory compliance possible without labor-intensive rushes to meet audit deadlines. Moreover, remote access to asset information enables optimization of maintenance contracts, warranties, and configurations, as well as planned repurposing of underutilized platforms.

This use case enables IT organizations to save on audit and maintenance costs:

• Audit-Cost Savings: Achieve cost savings relative to a manual audit, because the platforms do not need to be physically touched.
• Software Maintenance Savings: Reduce software-maintenance contract costs by making more efficient use of those contracts.
• Hardware Maintenance Savings: Save on total hardware maintenance contracts (both platforms and hardware) by knowing which platforms require what maintenance levels (rather than covering them all with the most expensive option).  

Intel AMT downloads hardware and software asset information from the BIOS and OS into non-volatile memory during boot, which can be accessed by IT anytime, even if the PC is off.

The workflow associated with this implementation is as follows:

The following tables provide an overview of Platform Auditing APIs:

GeneralInfo APIs:

The GeneralInfo APIs provides general (read only) information for various (local or network access) management applications.

HardwareAsset APIs:

The HardwareAsset APIs perform operations that return hardware asset data.

Remote Control APIs:

The Remote Control APIs managing the power and booting state of the Intel AMT managed system.

ISV Storage APIs:

The ISV storage APIs are used by ISVs to access the Intel AMT non-volatile storage feature

The following SDK sample source code provide examples of Platform Auditing:

• GeneralInfo
• AssetDisplay

The following SDK Documents provide further information:

• Network Design Guide
• Storage Design Guide

§ The following assumptions underlie the analysis in this use case:

1. Some platforms will be discovered in-band, without using the OOB feature of Intel AMT.
2. Platform audits without Intel AMT are costly, manually intensive, time consuming, and error prone.
3. Asset IDs are placed in the platforms' Intel AMT firmware prior to deployment.
4. All research data was gathered from global, US-based IT organizations.
5. Platforms being audited using Intel AMT are connected to a power so urce (electrical outlet, battery, etc.), but the platform does not have to be powered on.
6. Platforms are connected to an AC power source (Desktop mode) or platforms are in S0 (Mobile mode) or S0/H0 (Remote mode) and are either AC or DC powered
7. Platforms are physically connected through a working wired Ethernet connection to the corporate LAN and not over VPN (Desktop mode) or they are connected to the corporate wireless network not via VPN (Mobile mode) or they are connected via VPN either wired or wirelessly (Remote mode) for OOB access.
8. Not all laptops can be discovered and inventoried at one time given that some will not be in desktop, mobile, or remote mode.