NightWatchman Enterprise 7.3

The 1E Agent service installed on every machine attempts to communicate with Intel® AMT Board Management Controller via the Management Engine (ME) interface driver or Host Embedded Controller Interface (HECI) driver. The state set by the 1E Agent is sent to Configuration Manager as an extension to hardware inventory. A hardware inventory WMI class, called SMS_G_SYSTEM_WAKEUP_1E_IAMT, is created in Configuration Manager that contains a list of all machine resources known to Configuration Manager that are Intel® AMT machines with 1E Agent installed.

WakeUp only requires a single machine in a remote subnet to wake up targeted machines on the subnet. If the existing agent finder in WakeUp fails to find any currently awake machines in the subnet, it dispatches a request to the WakeUp Intel® AMT Service to find a suitable agent in the subnet and wake it using an Intel® AMT SOAP message and the pre-configured authentication mechanism. WakeUp subsequently uses the 1E Agent on that machine to wake up other targeted machines on the subnet using magic packet technology.

The WakeUp Intel® AMT component needs to be installed on all Configuration Manager Primary Site Servers where WakeUp is installed. It uses system inventory information to send out SOAP messages on requests from the WakeUp service in time for any advertisement schedules.

The WakeUp Intel® AMT service is responsible for communicating with the WakeUp service and sending SOAP messages to Intel® AMT machines via the preconfigured authentication mechanism.

When running with Configuration Manager this service should be installed in each Configuration Manager Site server in the hierarchy that has WakeUp installed – providing the site has Intel® AMT Configuration Manager clients and those clients have been provisioned.

When running solely with NightWatchman Management Center, this service only needs to be installed on the WakeUp Server set as the NightWatchman Management Center wake up provider.

If Intel® AMT is configured in enterprise mode using Active Directory for authentication with Kerberos, the service will run using an account that is a member of the Intel® AMT Collections Managers group. The WakeUp Intel® AMT service will attempt to use WinHTTP to impersonate the account and connect to the targeted machine.

If Intel® AMT is configured in small business mode; the WakeUp Intel® AMT service will use a username and password for digest authentication. Once installed, WakeUp will detect the WakeUp Intel® AMT service and dispatch requests when agents are not found on a targeted subnet.

The WakeUp Intel® AMT component provides an alternative to the Last Man Standing mechanism. The alternative still relies on the 1E Agent being installed on every machine. The 1E Agent is responsible for discovering the Intel® AMT Board Management Controller and building up a database of Intel® AMT machines in Configuration Manager or NightWatchman Management Center. Once discovered, the WakeUp Intel® AMT Service will wake up the machine. The 1E Agent on the machine will receive instructions from WakeUp Server to send out magic packets to any systems that need waking.

Computers that have Intel® AMT hardware and are configured to support remote wake ups circumvent the WakeUp requirement that there is at least one 1E Agent on the subnet running to handle wake up signals from WakeUp Server. This is because WakeUp is able to use the Intel® AMT capabilities to wake the machine remotely without using magic packet broadcasts, which are liable to be disabled in secure networks.

To use Intel® AMT for a subnet where such hardware exists instead of Last Man Standing, you need to enable the Intel® AMT option during WakeUp Server installation and, except for the 1E Agent on the Intel® AMT computer, install all the other 1E Agents on the subnet with LASTMANENABLED=0.

A hardware inventory WMI class is created by extending the Configuration Manager Hardware Inventory MOF compiled. Hardware inventory information sent by every Configuration Manager client will contain extended data identifying whether the machine resource is an Intel® AMT machine.

This information is used to enhance the existing hardware inventory information in Configuration Manager providing the WakeUp Intel® AMT service with a means of identifying Intel® AMT machines for a specific subnet.

When running solely with the NightWatchman Management Center, the 1E Agent sends information about the computers running Intel® AMT to be stored in the NightWatchman Management Center database.

The WakeUp Intel® AMT service runs as LOCAL SYSTEM and uses a username and password specified at install time to connect to Intel® AMT machines. The administrator can modify this username and password from the command-line.

The following parameters are supported by the command-line:

In order to set the authentication to the default Intel® AMT username and password:

C:\Program Files\1E\WakeUp\Server>WakeUpAMT.exe –username=admin –password=admin

The WakeUp Intel® AMT service runs as a domain account that is a member of the Intel® AMT Collections Manager Active Directory group.The administrator can configure the service to run in this mode by manually configuring the service via the Service Control Manager MMC snap-in and forcing Kerberos authentication mode from the command line:

After modifying the properties of the service, run:

C:\Program Files\1E\WakeUp\Server>WakeUpAMT.exe –useKereberos=1