The connection parameters for an Intel® Active Management Technology (Intel® AMT) wireless device closely resemble those required for the host OS to make a wireless connection. The firmware also requires connection information: SSID, authentication method, encryption type, and passphrase, at a minimum. In more advanced wireless connections, 802.1x profile information can be configured.
All these settings are wrapped into a profile, which is considered either an Admin or User profile, and saved within the Intel AMT firmware. The Admin or IT profiles are added to the firmware using Intel AMT APIs; see a list of configurations (see Table 1). User profiles cannot be added to the Intel® Management Engine BIOS Extension via an Intel AMT API; they are created using the Intel AMT WebUI or with profile syncing using the Intel® PROSet wireless software.
The Intel AMT firmware holds a maximum of 16 total profiles, of which a maximum of 8 can be user profiles. With the ninth user profile, the oldest user profile is overwritten. The combination of Admin and User profiles are a maximum of 16 profiles.
Connection Types – Authentication and Encryption
Intel AMT supports several authentication and encryption types for wireless connections.
User profiles can be configured with Wired Equivalent Privacy (WEP) or no encryption.
Admin profiles must be TKIP or CCMP with Wi-Fi Protected Access (WPA) or higher security.
802.1x profiles are not automatically synchronized by the Intel PROSet wireless software
Table 1 shows the possible security settings for Intel AMT wireless profiles.
Wi-Fi* Protected Access (WPA)
Pre-Shared Key (PSK)
Security settings for Intel® Active Management Technology wireless profiles.
Settings to Ensure Connectivity during Remote Connection
Link Control and Preference
In a typical Intel AMT remote reboot command, the Intel AMT system immediately reboots if a graceful shutdown is not specified. If there is a wireless KVM session in place, the session will get dropped, because the wireless link connection does not get passed to the firmware. Since the OS driver didn’t pass the control of WLAN from the OS to the firmware, it can take up to two minutes for the Intel AMT wireless connection to be reestablished.
To prevent connectivity loss in this situation, the preferred method is to programmatically change the link control prior to making the power control request.
During changes to link control and power transition, wireless connectivity will temporarily be down during these state changes. If that duration lasts too long, the sessions created using the redirection library will be terminated. This termination is due to exceeding the HB setting within the redirection library (see Table 2).
Hb (client heartbeat interval)
TCP default and suggested changes.
Currently the default session time-out setting works most of the time. However we now recommend changing the heartbeat and the client-receive intervals by adding parameters during calls to the redirection library. These time-out values need to affect both the IDER TCP and SOL TCP sessions. For additional Information, see the following; IMR_IDEROpenTCPSession
Wireless Link Policy
Another aspect is the wireless power policy of the firmware. This policy governs power control in different sleep states. The allowable values are Disable, EnableS0, and EnableS0AndSxAC. These settings are usually set during configuration. However identifying whether an Intel AMT client will be able to maintain connectivity after a reboot or power down will improve technician expectation of client behavior.
Intel AMT wireless functionality may be called a feature, but this feature should be a cornerstone for any integration of Intel AMT functionality into a console application. Without this integration many devices will not be manageable due to the introduction of Intel AMT version 10).
A successful basic integration is composed of several factors: Intel AMT wireless configuration, connection verification for wired or wireless, and wireless link control operations.
*No product or component can be absolutely secure.