I think this may warrant promotion to a fast track.
In particular, the interface that the LMS exports to the rest of the
system (perhaps just acting as an HTTP proxy) warrants some basic review.
The questions I'd like to see answered in a fasttrack are:
1) does LMS export any interface over the network? (If its a web
proxy....)
2) what is the administrative interface to manage the LMS service?
(SMF? properties for managing what port it binds to, etc?)
3) how does this fit within secure-by-default? Does the service
listen only to IN_ADDR_ANY, or does it open up a port accessible to the
entire network?
Thanks.
-- Garrett
David Chieu wrote:
> I'm sending this on behalf of Mark Logan and Vincent Wang. They are working
> on Solaris integration of Intel's Active Management Technology (AMT), which
> is a hardware-based system management technology - proprietary to Intel. The
> Solaris work consists of a user-land proxy and a kernel device driver. See
> Sun Open Source Review #6613 & 6583 (review status approved). We believe this
> work is a self-review candidate for the following reasons, as architecture +
> interface are defined by Intel, a priori, to work with other OSes.
>
> - The user-land proxy is called Local Manageability Service (LMS) that
> communicates with web standard SOAP/HTTP messages. This proxy acts as a pass
> through. The LMS interface is defined by Intel's AMT SDK. See
> http://softwarecommunity.intel.com/articles/eng/1023.htm.
> - The kernel device driver is called Host Embedded Controller Interface
> (HECI) which talks to Intel's Management Engine (ME), a separate small
> ARC-architecture processor built into the North Bridge of the PC motherboard.
> Intel's ME hardware defines the interface. See http://openamt.org
>
> If anyone disagrees, please speak up. We'll promote this case to a FastTrack.
>
> Project proposed PSARC case
>
> Template Version: @(#)sac_nextcase 1.64 07/13/07 SMI
> This information is Copyright 2007 Sun Microsystems
> 1. Introduction
> 1.1. Project/Component Working Name:
> Intel AMT
> 1.2. Name of Document Author/Supplier:
> Author: David Chieu
> 1.3 Date of This Document:
> 16 October, 2007
> 4. Technical Description
>
> 4.1 Introduction
>
> The project delivers a Solaris device driver for Intel Active Management
> Technology(1), AMT-enabled
> hardware, and a user-level daemon to access and route system management
> information from the device driver.
>
> 4.2 Background and scope
>
> Intel Active Management Technology(AMT) is a silicon-resident management
> mechanism for remote discovery, healing, and protection of computing systems.
> Intel announced AMT in 2005 to gain system management support for Intel's
> vPro processor family(2). AMT is a powerful new tool for remote and
> out-of-band management of Intel PCs. Many major third party software
> management vendors such as Cisco, CA, Microsoft, Dell, and HP have already
> integrated support for AMT. However, we like to note that AMT is
> Intel-centric and is not available on any AMD or SPARC-based machines.
>
> 4.3 Proposal
>
> This proposal addresses only two specific AMT components to put forth the
> basic building blocks for developing
> support of Intel AMT. The two components are:
>
> 1) Solaris HECI device driver - Host Embedded Controller Interface to
> communicate with Intel AMT chips
>
> 2) Solaris LMS user daemon - Local Manageability Service daemon to route
> messages from HECI driver and host operating system services
>
>
> This project implements:
>
> -------------------
> | LMS daemon | a Solaris user-mode daemon (/usr/lib/lms)
> -------------------
> ||
> ------------------------------------
> ||
> -------------------
> | HECI driver | a Solaris kernel-mode driver (/kernel/drv/heci)
> -------------------
>
> 4.4 Use Cases
>
> System management applications communicate to AMT via high-level SOAP/HTTP
> protocol. The intended uses are
> watchdog, software licensing, user notification service, group computer
> shutdown, network administration, etc.
>
> 4.5 Interfaces
>
> interface | stability | description
> ----------------+---------------------------------------------------------
> heci driver(7D) | Volatile | Intel AMT SDK
> lms(1M) | Volatile | see intel_amt_sdk3.0.zip
> ----------------+--------------------------------------------------------
>
> Binding: patch/micro
>
> 4.6 References:
>
> 1. http://www.intel.com/technology/platform-technology/intel-amt/index.htm
>
> 2. http://www.intel.com/business/vpro/
>
> 6. Resources and Schedule
> 6.4. Steering Committee requested information
> 6.4.1. Consolidation C-team Name:
> ON
> 6.5. ARC review type: self-review
> 6.6. ARC Exposure: open
>
> 6. Resources and Schedule
> 6.4. Steering Committee requested information
> 6.4.1. Consolidation C-team Name:
> onnv
> 6.5. ARC review type: Automatic
> 6.6. ARC Exposure: open
>
>
