- \n
- activate kvm giving me remote access to the computer’s console using vnc over network<\/li>\n
- activate IDE redirection [manageability commander tool>remote control>take control]<\/li>\n
- disable user’s consent needed to interact with the computer [it’s a server, it’ll not have kbd\/display]<\/li>\n
- configure network settings. it’s a pitty that tagged vlans are not supported [ at least not from ctrl+p bios. it seems that the manageability commander tool mes editor in the networking>advanced settings allows configuration of vlans ]<\/li>\n
- activate network access [there’s separate option for that in the main menu]<\/li>\n<\/ul>\n
note that ctrl+p menu cannot be accessed via kvm\/vnc over the network. one has to enter and manipulate it from the keyboard and monitor directly attached to the server.<\/p>\n
the next step is to download AMT tools for windows – i’ve used intel’s Manageability Developer Tool Kit 7<\/a> and open manageability<\/a>. then run Manageability Commander Tool ME<\/i>, add known computer – provide the IP of the AMT set in the earlier step, select connect, then in the remote control tab, remote desktop, remote desktop settings select as follows:<\/p>\n
![\"amt-remoteDesktop\"](\"https:\/\/kudzia.eu\/b\/wp-content\/uploads\/2014\/04\/amt-remoteDesktop.png\")
<\/p>\nnote that the password has to have exactly 8 chars, at least 1 capital letter, at least 1 small letter, at least 1 special character and 1 at least digit. once that’s done you can use tightvnc viewer [ version 1.3 will work, 2.7 – does not work.. go figure; also one of the readers suggested that the compression level should be set to “Tight” in the vincviewer settings ]. power control is possible via the web UI of amt – http:\/\/10.1.2.3:16992\/logon.htm<\/p>\n
all in all – not very straightforward but better than nothing; this server with amt costs a little bit more than just a DRAC card for more expensive PowerEdge servers. <\/p>\n
it seems that AMT cannot handle higher resolution text consoles. i had to modify \/etc\/default\/grub and put there: GRUB_CMDLINE_LINUX_DEFAULT=”quiet nomodeset”<\/i> to be able to connect via vnc to the debian jessie’s console at any time.<\/p>\n
network card<\/h3>\n
T20 comes with Intel’s I217-LM lan card; debian wheezy – with 3.4 kernel – does not have support for that card. i’ve installed 3.13 kernel from backports<\/a> and then the card became available from linux. AMT worked fine also with 3.4 kernels – it’s independent from the OS.<\/p>\n
the rest<\/h3>\n
yet another note: after upgrading to 3.14 kernel VNC via AMT stopped working for working linux. i could see the bios screen and grub but not the login prompt. it has something to do with the frame buffer display mode used for the console. workaround: in \/etc\/default\/grub add: GRUB_CMDLINE_LINUX=”nofb nomodeset vga=normal”<\/i> and run update-grub2<\/i> + reboot. console will be in low resolution text mode.<\/p>\n
the server came with 1TB ST1000DM003-1CH162 disk that has quite aggressive power saving – the drive spins down after few minutes of inactivity. i have plenty of cron jobs started every few minutes so in regular use the drive will not be parked, but just from few hours of work with the setup i got few hundreds of starts\/stops:<\/p>\n
\r\n#smartctl -d sat -a \/dev\/sdb|grep Load\r\n193 Load_Cycle_Count 0x0032 100 100 000 Old_age Always - 303\r\n<\/pre>\n
helpful resources:<\/p>\n
- \n
- http:\/\/blogs.bu.edu\/mhirsch\/2013\/07\/intel-amt-vpro-full-remote-kvm-control-without-proprietary-realvnc-viewer-plus\/<\/li>\n
- not exactly related – but it seems that some<\/a> of<\/a> Intel’s<\/a> NUCs also have AMT<\/li>\n
- extensive list of linux-specific links related to T20<\/a><\/li>\n<\/ul>\n
2015-09 update<\/b><\/p>\n
i’ve discovered that [ at least for the bios version A06 ] in T20 AMT activated have a nasty side effect – all TCP traffic coming to the on-board NIC on port 5900 is silently dropped. it does not reach Linux’s kernel. i suspect that there’s some bug in the management firmware handling VNC connections for the virtual KVM. so – in case of a router that i use – i had to move all of the production traffic to the add-on network card.<\/p>\n
2017-05 update<\/b><\/p>\n
dell t20 with amt enabled is most likely vulnerable to INTEL-SA-00075 as discussed here<\/a>, here<\/a>. it’s better to have it completely disabled. and update bios … once \/ if dell releases it.<\/p>\n","protected":false},"excerpt":{"rendered":"
i’ve bought 2x Dell PowerEdge t20 – they’ll serve as HA pair of routers\/vpn endpoints\/file servers for a new office. it was the first time i played with intel amt. it’s not bad but neither perfect.<\/p>\n","protected":false},"author":1,"featured_media":0,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[17],"tags":[],"class_list":["post-2180","post","type-post","status-publish","format-standard","hentry","category-tech"],"_links":{"self":[{"href":"https:\/\/kudzia.eu\/b\/wp-json\/wp\/v2\/posts\/2180","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/kudzia.eu\/b\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/kudzia.eu\/b\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/kudzia.eu\/b\/wp-json\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/kudzia.eu\/b\/wp-json\/wp\/v2\/comments?post=2180"}],"version-history":[{"count":25,"href":"https:\/\/kudzia.eu\/b\/wp-json\/wp\/v2\/posts\/2180\/revisions"}],"predecessor-version":[{"id":2733,"href":"https:\/\/kudzia.eu\/b\/wp-json\/wp\/v2\/posts\/2180\/revisions\/2733"}],"wp:attachment":[{"href":"https:\/\/kudzia.eu\/b\/wp-json\/wp\/v2\/media?parent=2180"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/kudzia.eu\/b\/wp-json\/wp\/v2\/categories?post=2180"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/kudzia.eu\/b\/wp-json\/wp\/v2\/tags?post=2180"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}
- extensive list of linux-specific links related to T20<\/a><\/li>\n<\/ul>\n