2012年12月22日 星期六

Intel Management Engine Interface - IMEI


IMEI is one component of Intel's VPRO remote access technology.

From what I can understand of the technical literature it is to allow remote access over a LAN for IT admin / repair purposes even when the system is powered down.



The Intel Management Engine (Intel ME) refers to the hardware features that operate at the baseboard level, below the operating system. By enabling interaction with low-level hardware, Intel gives administrators the ability to perform tasks that previously required someone to be physically present at the desktop.
The initial setup of Intel's Management Engine starts by activating it in a compatible PC’s BIOS. Once you enable Intel's ME, you gain access to several BIOS functions.
You're required to configure an initial administrative password the first time you enter the ME BIOS interface.
As you can see in the screen shot above, Intel's Active Management Technology (AMT) is turned on through the management engine.
Generally, you want to enable the option "ON in S0, ME Wake in S3, S4-5". This translates to the management engine and AMT being on when the host is powered up. When the host is in S3 to S5 and the platform is connected to AC power, the management engine shuts down after a defined period of time, but wakes back up when it receives a network message. By using this feature, an IT department can allow desktops to sleep, saving power, and then wake up once everyone goes home and the admin can push out updates using cheaper energy.
Within these same BIOS screens, you can perform several different low-level AMT-related configuration tasks.
Intel lets you save certificates for a given environment to the management engine so that a PC can authenticate prior to being granted network access.

WOL vs ME
Classic WOL has inherent weaknesses for DOS attacks - ME WOL requries authenticated users to wake the system and can even include CA's and Cerberus encryption coverage. The cool thing is you can shut a system down remotely and have ME WOL avaialbe to wake the system up any time and any where, securely - we have a number of success stories about Me WOL and how much power is being saved, check it out
資料來源: http://www.tomshardware.com/reviews/vpro-amt-management-kvm,3003-6.html
http://communities.intel.com/thread/3165

沒有留言:

張貼留言