In this series of articles we will look at setting up Open AMT Cloud Toolkit for remote management of Intel AMT-compatible computers.

Intel AMT

Intel AMT (Active Management Technology) is a feature available on Corporate platforms from Intel, handled by the Intel ME (Management Engine) embedded inside the PCH.
While Intel ME is present on all modern Intel platforms, Intel AMT is only available on business-class computers as it requires a compatible platform.
The platform support depends on the CPU, the PCH (chipset), the network adapter (Ethernet or WiFI), the Intel ME firmware and the BIOS (or UEFI).
Basically, if the platform is not advertised as supporting Intel vPRO or Intel AMT, it probably does not support it. Even then, some machines can have Intel AMT disabled from factory (e.g. Dell's code 3 DISABLE), more on this later. Note that while Intel AMT can be disabled, Intel ME can generally not be fully disabled as it is part of the initialization process of the platform.

Open AMT Cloud Toolkit

Open AMT Cloud Toolkit is a management toolkit for Intel AMT devices.
It consists of several server applications handling the enrollment and management of devices, as well as a web frontend and a client application for enrollment.

Several other toolkits exist such as MeshCentral or Intel EMA. Both MeshCentral and Open AMT Cloud Toolkit are open-source and can be installed on a Linux server, but Intel recently stopped officially supporting MeshCentral to focus efforts on Open AMT Cloud Toolkit. The other solutions are proprietary, sometimes commercial.
Therefore, we chose Open AMT Cloud Toolkit.

Note that Intel AMT itself and Intel ME are unfortunately not open-source.

Features

With this setup, you will be able to:

• Show machine power status
• List machine basic characteristics (model, serial number, CPU, RAM and BIOS version)
• Power on, power off and reboot machines remotely as long as they are connected to a power source and to the network
• Control the keyboard and mouse and view the display remotely (KVM)
• Open a remote serial console

Intel AMT itself supports some other features (such as IDE rediction), but they are not available in Open AMT Cloud Toolkit yet.

Requirements

Client

The machines you want to manage must have Intel AMT and it must not be permanently disabled. We will describe a method to enable it back if it is present but permanently disabled, however it is quite involved, may cause permanent damage and will void the warranty.

In order to use the KVM feature, the main GPU should be the integrated Intel GPU.

The machine must be connected to the network through Ethernet on its integrated Intel LAN network adapter. While there is some support for 802.1x, I did not personally try it. There is also some support for Wi-Fi but this will not be presented here. Both DHCP and static IP setups are supported, but DHCP is recommended for simplicity.

Even though Open AMT Cloud Toolkit can handle older AMT versions to some extent, the method presented here will only work with AMT versions 11 build 3000 and newer.

Root access to the operating system is required.
Physical access to the machine including access to UEFI Setup and a reboot will be required if AMT is not enabled and to enable ACM (Admin Control Mode) which is required for KVM without user consent.

Server

A Linux machine, either physical or virtual, with a minimum of 2 GiB of RAM and 10 GiB of disk space is required. Root access for Docker is required. Clients must be able to connect to TCP 4433 port.

The server does not need to support Intel AMT. They generally do not and instead have another technology for out-of-band management such as Dell iDRAC or HPE iLO, which we don't need anyway.

Installation

In the next article we will describe the installation and initial configuration steps.