Extensive High-End Remote Manageability Capabilities Included
A rise in the level of network integration and growing bandwidth are paving the way for increasingly complex, remote IT services that make it easy for embedded users to monitor the status of their embedded devices and take some action such as turn on/off, reboot or re-install of software without leaving the comfort of the central office. Parallel to this infrastructural development, Intel® Active Management Technology (AMT) has now become available as part of the product offerings from Intel. This standard’s base capability is being offered now by Kontron in its embedded motherboards with long-term availability. In doing so, the foundations for comprehensive, high-end service concepts for embedded computer devices are being laid. OEMs should take a detailed look into these remote service capabilities which accelerate services and reduce service costs, and in turn support long-term competitiveness.
In the high-end server world, it is already a matter of course: Remote management is a massive help in terms of saving costs on installation, administration, service and maintenance. With standardized platform interfaces, like IPMI (Intelligent Platform Management Interface) for example, In and Out of Band (OoB) remote management via the network is possible from a central location - no matter where the systems are located, or how many systems are administrated, whether they are easy or difficult to reach. Operators save a great amount of costs, when they minimize downtimes and are no longer obliged to have an army of service technicians on stand-by for on-site service and can centralize their service, thus optimizing existing capacities.
Embedded applications need more
What does the situation, however, look like in the world of embedded computing? Up to now – apart from the application of high-availability platforms with IPMI support – usually, at the most, software-based remote condition monitoring and management solutions have been employed. The availability of these and the range of functions are limited though: as far as the client is concerned, a running operating system and an active software agent are compulsory. But what happens when a system crashes or doesn’t boot? What if relevant software patches cannot be imported during running operation? What if even the worst case scenario occurs and malware gets around anti-virus programs and spreads into the network as recently happened at an energy provider in Australia? If Out of Band capable remote management solutions are not available, then the answer can only be time- and cost-consuming on-site services. Imagine a scenario with hundreds or even thousands of distributed systems enabled for remote management, then it is easy to imagine the Total Cost of Ownership reduction and how much faster errors can be eliminated and production downtimes reduced. So it is remote access which can be carried out without an installed or running operating system – or even with the computer switched off - that pushes services ahead and consequently promotes the efficiency of embedded applications. The (long-term) availability of Intel® Active Management Technology (AMT) makes this comprehensive coverage possible.
Now, Kontron Motherboards with Intel® AMT – everything on board
The latest embedded motherboards – like those from Kontron - support Intel® AMT, an integral part of current embedded Intel® processors and chip sets, such as Mobile Intel® GM45 Express or the Intel® Q45 Express chip set. For management communication, embedded motherboards can use the existing network connection, eliminating the need for additional cabling. With this, Kontron’s standard embedded motherboards with Intel® AMT offer a standardized platform which enables the efficient and centralized installation, administration and maintenance of remote applications based on system inventory, Out of Band management and security management. And for the first time this comes with long-term availability.
What’s possible with Intel® AMT?
Especially in distributed applications, for example automated check-in terminals at airports, remote retrievable system inventory and access logs are a great help if any installation or maintenance has to be carried out. Each time the system is booted, all relevant details about the current hardware configuration are stored on flash memory that can be accessed remotely. With additional software agents, the software configuration can also be stored. Furthermore, an access log is stored so that administrators can carry out a remote error analysis and identify solution possibilities faster. Even if this means that BIOS parameters have to be changed, firmware updates have to be installed and energy saving modes to be adjusted or set – no longer is an on-site visit necessary. These actions can be carried out via Serial over LAN (SoL) from a remote server. Even remote BIOS updates are possible. Also, by executing a scan over the network all AMT capable systems can be found and addressed, whether they are switched on or off. This can, for example, prove a great advantage for initial installations: motherboards can be mounted and then individually initialized into the application via remote and automatic access.
Remote Boot
For industrial applications where downtimes directly result in production losses, the application has to be up and running again as fast as possible. For example, if a hard disk failure occurs valuable time can be wasted waiting for this component to be replaced. Via AMT however the IDE redirection function can be used: the client system is booted with a remote image over the network and the application is up and running again within the shortest amount of time. The hard disk replacement can take place at a later date. If data has been damaged, it is possible to upload a new image or import system patches via Ethernet, so that an on-site visit is superfluous. Of course, Kontron boards with Intel® AMT are by default equipped with the functionality to provide a hardware-based, remote boot (Wake-on-LAN) and client shut down.
Built-in Security
Providing such powerful functions means, however, that security has to be on the highest level so that the network structure or application is not compromised in any way. To support these individual software security features, Intel® AMT offers by default a hardware-based encryption for safe communication, a clear identification of server and client and protection of the whole infrastructure. Remote communication can thus be secured via the Transport Layer Security (TLS) protocol with 1536 bit RSA encryption.
A hardware-based agent-present check further reduces the risk, so that the client cannot be infiltrated by malware. If this should nevertheless occur, implemented security algorithms make sure that the infected client is cut off from the network, in order not to endanger other systems. Still however, the client in question can be administrated via AMT and be remotely “decontaminated”. Motherboards with Intel® AMT boast security features which even make them of interest for security-critical applications, for example, in the gaming, medical and military markets.
Wide range of software and services
If embedded motherboards support Intel® AMT in hardware and firmware, then OEMs can realize their specific remote management solution on the basis of this technology. Intel® AMT is already applied in the office area and there is already a wide range of services and software. Software manufacturers like, for example, Checkpoint Software, Cisco, LAN Desk Software, Microsoft and Symantec support Intel® AMT and offer complete software solutions. Additionally, Intel® Software Development Kits and reference applications are available free of charge as downloads. Both in-house developments and completed applications can therefore be realized with a high level of efficiency. And as AMT based solutions can be used on all applications, OEMs profit from the high reusability. This additionally reduces development costs and time.
What to watch out for
With all the new possibilities that remote management offers, there is one thing that cannot be carried out remotely: the exchange of components with electrical or mechanical faults. With this in mind, a good remote management system is of little use, if heterogeneous components and ones which are prone to failure are used. Only if the hardware which is used fulfils the highest requirement in terms of robustness, quality and long-term availability, can service assignments and costs be effectively reduced. In comparison to conventional office boards embedded motherboards can be employed in applications with environmental temperatures of up to 60°C. Also Kontron embedded motherboards additionally - thanks to strict test and quality methods - reduce the probability of failure and thus the necessity for service to the OEM system. With multi-layer circuit boards designed for high performance, Kontron ensures highest signal integrity, lower emissions, improved signal quality and supports the decoupling of the power buses, which reflects in the high electromagnetic compatibility, an excellent board quality and performance of their embedded motherboards. Recently one of Kontron’s motherboards received the distinguished board design award, Technology Leadership Award from Mentor Graphics. The Technology Leadership Award was first launched in 1988 and is the oldest and one of the most renowned competitions in the EDA industry (Electronic Design Automation). It commends engineers and CAD designers who realize challenges when designing complex printed board systems. Along with the robustness and quality – and in turn the higher availability of the applications which is attained - OEMs and operators especially profit from the long-term availability of up to 7 years which the boards offer in identical configuration. Re-designs due to end of life components play no role here, and this makes the development of embedded applications more sustainable and enables a homogenous hardware structure. At the same time, Kontron has for the first time provided long-term availability of hardware-based remote management and this gives investments additional security.
Currently, for applications requiring remote management functionality, Kontron offers the KTGM45 and KTQ45, two long-term available, embedded motherboard series. The Mini-ITX, Flex-ATX and ATX series, Kontron KTGM45, supports Intel® AMT 4.0. It offers with the Mobile 82GM45 Graphics and Memory Controller Hub and the Intel® I/O Controller Hub (Intel® ICH9M-E) a low chip set TPD (total power dissipation of 14.5 watt) and DDR3 RAM for energy-efficient, embedded designs. The Kontron KTGM45 motherboards support all Intel® processors using the PGA 478 socket up to the embedded 45 nm Intel® Core™2 Duo mobile processor T9400 and the Intel® Core™2 Quad mobile Processor Q9100. These boards also possess a new quality feature in the form of polymer capacitors: in comparison to boards with conventional electrolyte capacitors polymer capacitor based boards achieve a longer lifecycle and even at highest temperatures show little to no wear.
The embedded ATX and Flex-ATX motherboard family, Kontron KTQ45, is based on Intel® processors for the LGA775 socket. The 45 nm Intel® Core™2 Quad processor Q9400 with 2.66 GHz, 6 MB L2 Cache and a front-side bus of up to 1333 MHz marks the top edge of the Intel® embedded roadmap. But of course also conventional processors up to the Intel® Core™ 2 Quad Q9650 can be implemented. With the Intel® 82Q45 Graphics and Memory Controller Hub and the Intel® I/O Controller Hub 10 (Intel® ICH10DO) they offer 7 year long-term availability for embedded systems. Thanks to Intel® AMT 5.0 and the integrated Intel® Trusted Platform Module (TPM 1.2) they support the latest remote management technology. The data protection engine which is also integrated offers fast and secure hardware encryption of all transmitted data, without compromising the system’s performance.