Intel主动管理技术

Intel Amt是Intel vPro 技术的一个组件，致力于简化个人电脑和笔记本的管理。它将管理功能内建到单独的硬件之中，具有如下特色：

• Non-volatile memory where system information can be secured and stored
• A communication channel that runs separately from the OS, so communication is available even when the device is powered off or the OS is unavailable
• Configurable hardware-based network filters that can be set to quarantine, rate-limit traffic, or send an alert when security threats are recognized

Intel Amt提供的功能：

• Discover: The Intel AMT device notifies a management server on the network that it is up and ready to be managed. Intel AMT also provides functions that let remote software (such as LANDesk products) query for basic inventory information.
• Heal: Intel AMT features include Serial-over-LAN (SOL) and IDE-Redirection (IDE-R).  SOL lets you remote control the boot process of an Intel AMT device and can let you change BIOS settings or run diagnostic programs.  IDE-R configures the remote Intel AMT device to boot to a remote media device such as a floppy, CD, or a network-based boot image, allowing you to run a diagnostic program from the management console.  Also, management applications can register to receive hardware and system events as they are generated on the Intel AMT device.
• Protect: New Intel AMT protection features are System Defense and Agent Presence.  
  • The System Defense feature enables the LANDesk® management console (MC) to configure the Intel AMT device to monitor network packets transmitted to/from the host operating system. The MC configures Intel AMT with policies which, when applied, inspect packets and can take actions such as dropping or limiting the rate of the packets from being transmitted/received and sending an alert to the MC.
  • The Agent Presence feature enables the MC to configure the Intel AMT device to monitor for state changes of a local agent process running on an Intel vPro-based PC. Automatic actions can be taken for specific state changes such as unexpected shutdown or non-startup of a local agent. The available actions are sending an alert to the MC and automatic application of a System Defense policy.