Intel AMT provides out-of-band management within qualified hardware platforms and using Symantec ITMS. Since Intel AMT and the host operating system (OS) share the same physical NIC, one service is active and the other is passive. If the OS is present and healthy - it will get priority. If not - Intel AMT will move from a passive to active ownership of the NIC.
Both Intel AMT and the host OS will share the same IP address in a DHCP environment... and in newer generations of Intel AMT, the same can be true in a static IP environment.
Both Intel AMT and the host OS are able to respond to ICMP ping requests. Noted below is the configuration profile settings for Intel AMT.
This raises a common question - "How do I know which service is responding?"
By looking at the TTL (time to live) of the ICMP ping response along with latency in milliseconds, there is a distinct difference between the two.
In the following screenshot, the target client is shutting down. When the host OS NIC driver shutdown there is a momentary interruption in the ping response. This is when the transition of active NIC ownership is happening. Notice the difference in the TTL and MS values after the interruption.
The TTL if the host operating system is 128 with a ping response in <1 millisecond
The TTL of Intel AMT is 225 with a high ping response latency
The next screenshot shows the same system during boot-up. The inverse of the above scenario occurs, and once again there's a momentary interruption in the ICMP ping responses as the active NIC ownership transitions from Intel AMT to the host OS
Customers that use a client based firewall may notice situations where the ICMP ping response fails when the host OS is healthy. This is expected since the host OS is the active owner of the physical NIC and the client based firewall is preventing the ICMP ping response. It is important to note that management traffic between Symantec ITMS and the target client is not interrupted. Intel AMT is passively looking at the traffic and will respond to packets directed to TCP ports 16992-16995.
With a client firewall enabled, if the system reboots or an even happens when Intel AMT takes active ownership of the NIC - the ICMP ping responses will occur if Intel AMT has been configured accordingly.
One exception to the above information is if a Domain variable is included in Intel AMT configuration. This basically dictates whether Intel AMT network interface is open if outside that domain as defined by DHCP option 15. More commonly called "Environment Detection" - if enabled, all traffic must go through the operating system NIC driver and Intel AMT specific traffic (ports 16992-16995) will be intercepted by Intel AMT LMS (Local Management Service) and redirected locally into the firmware via a secure channel.
The latency associated with the transition may be more noticeable in a 802.11 wireless situation. In the examples above, the wired interface transition occurred very quickly. In a wireless situation, the transition may be up to 2 minutes. (my guess is this longer transition time is due to the occasionally connected\disconnect nature of 802.11 communications)
The more interesting question - in my view - "what is the power state of the remote client?" This is noted in the resource manager as obtained in real-time from the target client... even if the remote system is off, asleep, or on
The opinions expressed on this site are mine alone and do not necessarily reflect the opinions or strategies of Intel Corporation or its worldwide subsidiaries