Hi Garrett, I see that you know about AMT!
Garrett D'Amore wrote: > I think this may warrant promotion to a fast track. > > In particular, the interface that the LMS exports to the rest of the > system (perhaps just acting as an HTTP proxy) warrants some basic review. > > The questions I'd like to see answered in a fasttrack are: > > 1) does LMS export any interface over the network? (If its a web > proxy....) LMS is a web proxy, but only for clients running on the same machine. It only accepts connections from the local machine. > > 2) what is the administrative interface to manage the LMS service? > (SMF? properties for managing what port it binds to, etc?) I used SMF. But the port it binds to is fixed and defined by Intel. > > 3) how does this fit within secure-by-default? Does the service > listen only to IN_ADDR_ANY, or does it open up a port accessible to > the entire network? I don't think it affects secure-by-default because it will only accept connections from the local machine. Mark > > Thanks. > > -- Garrett > > David Chieu wrote: >> I'm sending this on behalf of Mark Logan and Vincent Wang. They are >> working on Solaris integration of Intel's Active Management >> Technology (AMT), which is a hardware-based system management >> technology - proprietary to Intel. The Solaris work consists of a >> user-land proxy and a kernel device driver. See Sun Open Source >> Review #6613 & 6583 (review status approved). We believe this work is >> a self-review candidate for the following reasons, as architecture + >> interface are defined by Intel, a priori, to work with other OSes. >> >> - The user-land proxy is called Local Manageability Service (LMS) >> that communicates with web standard SOAP/HTTP messages. This proxy >> acts as a pass through. The LMS interface is defined by Intel's AMT >> SDK. See http://softwarecommunity.intel.com/articles/eng/1023.htm. >> - The kernel device driver is called Host Embedded Controller >> Interface (HECI) which talks to Intel's Management Engine (ME), a >> separate small ARC-architecture processor built into the North Bridge >> of the PC motherboard. Intel's ME hardware defines the interface. See >> http://openamt.org >> >> If anyone disagrees, please speak up. We'll promote this case to a >> FastTrack. >> >> Project proposed PSARC case >> >> Template Version: @(#)sac_nextcase 1.64 07/13/07 SMI >> This information is Copyright 2007 Sun Microsystems >> 1. Introduction >> 1.1. Project/Component Working Name: >> Intel AMT >> 1.2. Name of Document Author/Supplier: >> Author: David Chieu >> 1.3 Date of This Document: >> 16 October, 2007 >> 4. Technical Description >> >> 4.1 Introduction >> >> The project delivers a Solaris device driver for Intel Active >> Management Technology(1), AMT-enabled >> hardware, and a user-level daemon to access and route system >> management information from the device driver. >> >> 4.2 Background and scope >> >> Intel Active Management Technology(AMT) is a silicon-resident >> management mechanism for remote discovery, healing, and protection of >> computing systems. Intel announced AMT in 2005 to gain system >> management support for Intel's vPro processor family(2). AMT is a >> powerful new tool for remote and out-of-band management of Intel PCs. >> Many major third party software management vendors such as Cisco, CA, >> Microsoft, Dell, and HP have already integrated support for AMT. >> However, we like to note that AMT is Intel-centric and is not >> available on any AMD or SPARC-based machines. >> >> 4.3 Proposal >> >> This proposal addresses only two specific AMT components to put forth >> the basic building blocks for developing >> support of Intel AMT. The two components are: >> >> 1) Solaris HECI device driver - Host Embedded Controller Interface to >> communicate with Intel AMT chips >> >> 2) Solaris LMS user daemon - Local Manageability Service daemon to >> route messages from HECI driver and host operating system services >> >> >> This project implements: >> >> ------------------- >> | LMS daemon | a Solaris user-mode daemon (/usr/lib/lms) >> ------------------- >> || >> ------------------------------------ >> || >> ------------------- >> | HECI driver | a Solaris kernel-mode driver (/kernel/drv/heci) >> ------------------- >> >> 4.4 Use Cases >> >> System management applications communicate to AMT via high-level >> SOAP/HTTP protocol. The intended uses are >> watchdog, software licensing, user notification service, group >> computer shutdown, network administration, etc. >> >> 4.5 Interfaces >> >> interface | stability | description >> ----------------+--------------------------------------------------------- >> >> heci driver(7D) | Volatile | Intel AMT SDK >> lms(1M) | Volatile | see intel_amt_sdk3.0.zip >> ----------------+-------------------------------------------------------- >> >> >> Binding: patch/micro >> >> 4.6 References: >> >> 1. >> http://www.intel.com/technology/platform-technology/intel-amt/index.htm >> >> 2. http://www.intel.com/business/vpro/ >> >> 6. Resources and Schedule >> 6.4. Steering Committee requested information >> 6.4.1. Consolidation C-team Name: >> ON >> 6.5. ARC review type: self-review >> 6.6. ARC Exposure: open >> >> 6. Resources and Schedule >> 6.4. Steering Committee requested information >> 6.4.1. Consolidation C-team Name: >> onnv >> 6.5. ARC review type: Automatic >> 6.6. ARC Exposure: open >> >> >
