Local iAMT management with vro

When we develop a console that supports Intel's active management technology, we can access the Web Service interface provided by the Management Engine (ME) in two ways, the other is direct access from the local machine. However, there are many restrictions on local access. Most iAMT functional interfaces are unavailable to local applications, such as CircuitBreak, AgentPresence, and SecurityAdministration. So without two machines, how can we operate on all the features of iAMT on the host operating system of the iAMT machine?

After some simple experiments, we only need a common router to do it. For example, a common ADSL access device, a wireless router, or a gateway built on Linux can be used. The general principle is as follows: configure the IP addresses of different network segments for iAMT and Host OS to direct the gateway to the vro, and then set the required route on the vro; when an application on the Host OS accesses the iAMT IP address, the network packet is first sent to the default gateway, that is, the router. Then, the router routes the network packet to the iAMT according to its route table, the returned results of iAMT are also sent to the router first, and then the router routes the network package back to the Host OS. As shown in.

 

In, we set the IP address of the host operating system of an Intel Core 2 vPro machine (with built-in iAMT function) to 192.168.2.10, And the gateway points to 192.168.1.1. Because the gateway and host address are not in the same network segment, you can only manually configure static IP addresses. Set the IP address of the underlying iAMT to 192.168.1.10, And the gateway points to 192.168.1.1.

The router and gateway are used here (the common routers we use are used in this way). The IP address configured for the LAN port is 192.168.1.1. In order for the router to send the packets returned by iAMT back to the Host OS, we need to add one in the route table:
Destination: 192.168.2.0
Netmask: 255.255.255.0
Gateway: 0.0.0.0 (for a Windows router, 192.168.1.1 is used here)

In addition, if the router supports configuring multiple IP addresses for the LAN interface, you only need to configure another IP Address: 192.168.2.1 for the LAN port of the router, and the above route can be automatically added to the route table. At this time, the gateway of the Host OS can be set to 192.168.2.1.
In this way, we can access the iAMT function on the Host OS by directly accessing the IP address of the underlying iAMT. For example, open http: // 192.168.1.10: 16992 through IE and you will be able to see the iAMT WEBUI logon interface that we are familiar.

I tested the above methods on a LinkSys wireless router and a Windows 2003 Server Gateway. If you are interested, please share your discussion with us.