• 01/05/2021
  • Public Content

Integrating KVM feature into a Management Console

Intel AMT KVM is one of the most requested features that can be integrated into a management console.
As is typical of any Intel AMT Feature, the device must have the Intel AMT firmware configured to utilize the feature.
Here are the main steps to create a KVM connection:
  1. Verify the AMT KVM device settings
  2. Authenticate
  3. Make the AMT KVM connection

AMT KVM Device Settings

While the KVM remote control feature can be configured as a part of the Intel AMT configuration process, several of the feature parameters can also be configured at a later time.
It is a best practice to run a script or application to check and update the KVM status prior to making a KVM connection to the client. The settings required for Intel KVM to work are:
  1. The KVM redirection settings
  2. The Intel® Management Engine BIOS Extension (Intel® MEBx) settings
  3. The KVM redirection listener

Making the Connection

Making an Intel AMT KVM connection involves a management system utilizing an application to communicate over a wired or wireless network directly to the client's Intel AMT firmware management ports. The ports utilized will determine the type of VNC viewer that must be used.
There are two general types of applications that can be used by the management system: a web application run from a web browser or a VNC viewer.
  • The HTTPS option, as utilized by the open source project Mesh Commander, has a web server to make the connection to the client and displays the results within a web page.
  • The VNC viewer option comes in many flavors; however they all make connection on ports 5900, 16992–16995. See the article on the KVM feature for more details on the ports.
If you use a Management Console, please consider applying additional TLS when launching a viewer. For additional information on integrating a KVM application into a Console, see the Intel KVM Application Developers Guide

Network Considerations

The network connection for remotely accessing the Intel AMT device will be handled differently depending on whether the connection is within the local corporate network or going across open Internet connections (remote).
  • Local connection. Because Intel AMT only communicates on the local wired or wireless networks, any properly configured device on the local network with a KVM viewer application can make a direct connection.
  • Remote connection. Because Intel AMT only communicates on the local wired or wireless networks, access from outside the network requires the use of an Intel AMT KVM Proxy.

Additional Resources and Source Code Locations within the Intel AMT SDK 

  • Intel AMT SDK example Integrated Viewer Application and source code location: \Windows\Intel_AMT\Samples\KVM\KVMCustomTransportSample
  • Example source code: \Windows\Intel_AMT\Src\KVM\KVMProxy\
  • Example source code: \Linux\Intel_AMT\Src\KVM\KVMProxy\
  • Example source code for proxy connection library: kvmlib.dll
Other Resources
*No product or component can be absolutely secure.

Product and Performance Information


Performance varies by use, configuration and other factors. Learn more at www.Intel.com/PerformanceIndex.