Manageability
Intel® Active Management Technology (Intel® AMT) improves the accuracy and efficiency of software inventories, helping to enable regulatory compliance and save on licensing costs. This improvement avoids inaccuracies in software inventory information that can impede regulatory compliance, lead to incorrect payments for software licenses and maintenance contracts, and fail to uncover over-utilized or under-utilized software licenses.
Intel AMT overcomes limitations of traditionally managed IT client platforms that can hinder software inventory processes. First, it improves the tamper-resistance of client management agents upon which software management consoles may rely. Secondly, Intel AMT has a major advantage over conventional client management applications, since it is available down-the-wire regardless of operating system state, even when the client is powered off (as long as AC power and a LAN connection are present). Increased resistance to tampering by users helps to ensure the accuracy of software inventories. Together, these capabilities avoid labor-intensive manual inventories that would otherwise be required to gain sufficient accuracy to comply with government regulations and to manage licenses and maintenance and service contracts.
This use-case illustrates how Intel AMT can improve the robustness of software-inventory activities to optimize utilization and to ensure accurate license and maintenance payments.
Conventional tools for software inventory work on an in-band basis only; that is, these tools require the target system to be operational, and they fail if the platform is powered off or if the operating system is otherwise non-functional. Moreover, users can intentionally or inadvertently remove the software agents on which the tools depend. In addition, 15-20% of IT managed platforms are not visible down-the-wire.
As a result, IT organizations must traditionally depend on users to report their installed software packages, or IT employees must be sent to the platform to conduct an inventory manually.
No common persistent software asset ID exists, and there is no automated system to compare such an ID with software inventory information in third-party asset management databases.
Using a third-party software inventory management application that supports Intel AMT, an IT professional discovers platforms remotely down-the-wire, regardless of operating system or power state. Intel® AMT makes that possible via out-of-band (OOB) remote access to the platform's persistent, tamper-resistant asset IDs:
The following table summarizes the features and functionality utilized in this use case that are provided by Intel AMT or enabled by Intel AMT in third-party software:
|
Feature |
Functionality |
|
Out-of band (OOB) access |
Accessing the persistent asset ID and software inventory information when the operating system is unavailable or the platform is off |
|
Remote software inventory |
Utilizing the firmware-resident information that lists or points to software inventory information for the platform |
|
Third-Party Data Store (3PDS) |
Allows for third-party agent on the managed platform or the remote management console to use dedicated flash memory space to store specific software list (e.g., anti-virus updates) |
|
Tamper-Resistant Agent |
Allows for access to the inventory information with little risk of tampering by a user |
Using Intel AMT platforms, an IT department can reduce or eliminate manual software inventory, making audits faster, more accurate, and more timely. Intel(R) AMT makes this possible through remote, down-the-wire access to the platform's tamper-resistant, persistent asset ID, firmware resident software list, and/or keys to the third-party asset management database.
This set of capabilities improves inventory accuracy, regardless of the platform's operating system health or power state. More accurate software inventory information enables better version control, repurposing underutilized software, and optimizes maintenance contracts, licensing, and configuration management. In addition, it facilitates regulatory compliance.
IT organizations can realize substantial cost savings on software maintenance contract cost by implementing solutions based on Intel AMT. Those savings are created by increasing the efficiency with which the contracts are applied.
The implementation of the software inventory management usage case follows these steps:
The workflow associated with this implementation is as follows:
|
Step |
Action |
API Call |
|
1 |
Is this an Intel® AMT-enabled device? |
GetCoreVersion() ISVS_GetAPIVersionEx() |
|
2 |
If so, perform software inventory management |
See table below for appropriate APIs to call. |
The following tables provides an overview of Software Inventory Management APIs:
GeneralInfo APIs:
The GeneralInfo APIs provides general (read only) information for various (local or network access) management applications.
|
Method |
Description & Compatibility |
|
GetCoreVersion() |
Reads the firmware version information from the Intel AMT Supported in Intel AMT Release 1.0 and later |
|
GetCodeVersions() |
Reads the BIOS and firmware information from the Intel AMT Supported by Intel AMT Release 2.0 and later |
|
GetProvisioningMode() |
Gets the current provisioning mode (Enterprise or Small Business) from the Intel AMT device Supported in Intel AMT Release 1.0 and later |
|
GetProvisioningState() |
Gets the current provisioning (configuration) state from Intel AMT Supported by Intel AMT Release 2.0 and later |
|
GetVlanParameters() |
Gets the VLAN mode and ID used by the Intel AMT device Supported by Intel AMT Release 1.0 and later |
|
GetHostName() |
Gets the host name currently used by the Intel AMT device Supported by Intel AMT Release 1.0 and later |
|
GetConfigServerInfo() |
Gets Configuration Server Information from Intel AMT Supported by Intel AMT Release 2.0 and later |
|
GetAdminAclEntryStatus() |
Reads Admin ACL entry status from Intel AMT Supported by Intel AMT Release 2.0 and later |
|
GetAdminNetAclEntryStatus() |
Reads remote Network Admin ACL entry status from Intel AMT Supported by Intel AMT Release 2.0 and later |
|
GetPasswordModel() |
Gets the BIOS password mode of work from Intel AMT Supported by Intel AMT Release 2.0 and later |
|
GetEnabledInterfaces() |
Gets enabled interfaces information of Intel AMT device Supported by Intel AMT Release 2.0 and later |
|
GetNetworkState() |
Reads Network State information from Intel AMT Supported by Intel AMT Release 2.0 and later |
|
GetSecurityParameters() |
Reads local interface security parameters Supported by Intel AMT Release 2.0 and later |
|
GetIderSessionLog() |
Reads the IDER session log Supported by Intel AMT Release 2.0 and later |
Remote Control APIs:
The Remote Control APIs managing the power and booting state of the Intel AMT managed system.
|
Method |
Description & Compatibility |
|
GetRemoteControlCapabilities() |
Gets the remote control capabilities supported by the Intel AMT device Supported in Intel AMT Release 1.0 and later |
|
RemoteControl() |
Remotely controls the boot and power state of the Intel AMT-managed PC Supported by Intel AMT Release 1.0 and later |
|
GetSystemPowerState() |
Returns the power state of the Intel AMT-managed PC system Supported by Intel AMT Release 1.0 and later |
ISV Storage APIs:
The ISV storage APIs are used by ISVs to access the Intel AMT non-volatile storage feature
|
Method |
Description & Compatibility |
|
ISVS_GetAPIVersion() |
Gets the ISVS API version supported by the Intel AMT device (deprecated since AMT 2.0) |
|
ISVS_GetAPIVersionEx() |
Gets the ISVS API version supported by the Intel AMT device. Extended version of ISVS_GetAPIVersion. |
The following SDK sample source code provides examples of Software Inventory Management:
The following SDK Documents provide further information:
§ The following assumptions underlie the analysis in this use case:
RESOURCES:
