Intel AMT / vPro full remote KVM control without proprietary RealVNC Viewer Plus

Here is how to have full remote KVM control of your PC without the proprietary RealVNC Viewer Plus software.

Note: if you already have PCs in the field without these changes, you can change the settings remotely–but as always, exercise great care, as a wrong checkbox hit can necessitate a field trip to the PC to correct–in my case, it might be thousands of miles and a dog sled ride away!!

  1. Download the free, open-source Intel Open Manageability Toolkit http://opentools.homeip.net/open-manageability to your local (home office) PC and install it on your home office PC
  2. Open the “Manageability Commander Tool” and click File > Add > Add Intel AMT computer and type the IP address and vPro username (typically “admin”) and password (you will have had to have set this up previously)
  3. Click the little plus sign by Network and click on your AMT PC’s name–then in the Connection tab, click Connect. This will take about 5-10 seconds to connect–if UNsuccessful, the button will fall back to saying Connect. If successful, the button will change to say Disconnect.
  4. Go to the Remote Control tab and wait about 10 seconds for the “remote desktop” items to change from “unknown” to the actual state. If Remote Desktop Settings is “Disabled”, click the little box to its right to open a new window. Change the settings to look as follows–note, for Strong Password, it must be exactly 8 characters, including at least one number, one symbol, and one capital letter. (actually that’s a pretty weak password, but it’s Intel’s choice..)
  5. Click OK and then go back to the Connection tab and click Disconnect. Don’t mess around with any of the other settings unless you know exactly what you’re doing and are willing to drive out to the remote PC to fix it if you mess something up!  Close the Manageability Commander program.
  6. Now you should be able to connect using a standard VNC program. You’ll notice I used “localhost” since I SSH into the remote PC first–DO NOT expose this VNC port 5900 to the internet or you are likely to get hacked!

If you use a Windows PC to connect, note that you can use Cygwin at one or both ends to create an SSH server and/or client necessary for secure port forwarding. Please use SSH public key authentication as it is vast orders of magnitude more secure than keyboard passwords.

Intel AMT / vPro KVM: Port forwarding necessary

NOTE: when setting up your remote PC, consider enabling standard VNC (if you’re behind a hardware firewall) that will remove the need for proprietary RealVNC Viewer Plus–all you will need is one of the many free open VNC programs to have full remote control. See:

http://blogs.bu.edu/mhirsch/?p=622

For those installations behind a firewall, here are the ports you need to forward (say, via SSH) to use Intel AMT KVM:
5900
16992 (HTTP remote web UI)
16994 (KVM traffic)
Tested with Intel AMT version 8

If you use TLS, you may need to forward additional ports, such as
16993 (HTTPS remote web UI)

In any case, before making a major system decision, do your homework.

Reference:

http://software.intel.com/sites/manageability/AMT_Implementation_and_Reference_Guide/DOCS/Implementation%20and%20Reference%20Guide/default.htm?turl=WordDocuments%2Fmanageabilityports.htm

http://software.intel.com/sites/manageability/AMT_Implementation_and_Reference_Guide/WordDocuments/manageabilityports.htm