Intel Active Management Technology (AMT) is available on many Intel-based computers and enables remote administration of a computer. The coolest feature is serial over LAN which enables a remote console via network connection. Serial over LAN (SOL) is similar in concept to a serial console used in a data center such as these.
A serial console is an out-of-band connection to a server, which is a secondary connection that is available even if the primary connection(s) of the server fail. For example, a server might experience some type of bootup failure and therefore its primary network interface may not come up. If the server is sitting in a remote data center somewhere, having the out-of-band console connection can be a lifesaver.
The technology that enables this, in this case Intel’s AMT, is almost like an independent meta operating system that is always there if needed. In addition to providing a serial console over a network connection it also provides other remote administration functions.
Intel AMT is cool because you do not need any extra hardware to get a remote console. It is built into the system and the setup is accessed as a sidechain option ROM from the boot setup menu (F12 on the Dell workstations I’ve used). You do not even need to have an extra network card. Once configured it will run on a separate IP address via the primary NIC.
To set this up under Debian (or any OS for that matter) one first has to go into the sidechain option ROM at boot for Intel AMT and make sure it is enabled. There are options there to enable serial over LAN (frequently referred to as just SOL), as well as to configure the IP address that it will run over. This is a separate IP address than that used by the operating system installed on the computer. I usually prefer to use one address, such as 192.168.0.50 for the primary NIC address of the OS, and then 192.168.0.51 for the AMT connection. If the hostname for the main OS is for example System1 then I would use the hostname System1AMT for the AMT connection. This is to avoid any ambiguity when managing networking and you see both interfaces showing up.
Updated info for Debian 8 “Jessie” using systemd
With the most recent release of Debian v.8 codename “Jessie”, the configuration has changed slightly. Jessie does not have an /etc/inittab file but actually setting up the SOL serial console is even easier.
If there is a physical serial port built into the computer I prefer to disable in the BIOS settings since it is not necessary. This may also reduce any confusion from having multiple serial consoles to deal with.
From a terminal on the system first verify that there exists an SOL device on the system:
lspci -nn |egrep '(MEI|KT|IDER)'
On my newer system I actually do not see any IDER device, but there are the MEI and KT devices. (The IDE redirect feature is still available even though the IDER device is not present.)
To create the symlink for systemd for the SOL device:
cd /etc/systemd/system/getty.target.wants
ln -s /lib/systemd/system/serial-getty@.service serial-getty@ttyS0.service
Reload systemd and start the tty:
systemctl daemon-reload
systemctl start serial-getty@ttyS0.service
Legacy setup prior to systemd
For the old SysV init system prior to Debian Jessie all that is required is add the following to the end of /etc/inittab
# Enable Intel Serial-Over-LAN (SOL) tty
T0:2345:respawn:/sbin/getty -L ttyS0 115200 vt100-nav
The device ttyS0 was already in /etc/securetty so there was no need to add it.
Managing Systems Running AMT and Accessing the SOL Console
The second component to get this all to work is the Open Source Manageability Toolkit, a Windows app that provides the Manageability Commander Tool which is what is used to connect to and administer a remote system. The only required option to check when installing the Open MDTK it is the first option which installs the actual Manageability Commander Tool.
When running the Manageability Commander Tool one can have it scan a range of IP addresses to discover available AMT-enabled computers or select “Add Intel AMT Computer” under the File menu. Once a computer is added, one connects to it and there will be a variety of administrative options available, depending upon the version of AMT and what features are enabled.
After successfully connecting to a computer one can go to the Remote Control tab. Make sure Serial-over-LAN is set to Enabled and then click Take Control and have fun.
One small annoyance is that when the serial console opens it may just show a blank screen. It may be necessary to press the enter key to get the login prompt appear.
Accessing the SOL console via a web browser
Another way to access the SOL console instead of using the Manageability Commander Tool is to simply direct a web browser to the following address:
http://ip_address:16992
for example http://192.168.0.50:16992
Conclusion
This may seem like overkill for a basic server in a home or office, but if you run a Debian server with no keyboard, mouse, nor monitor attached (i.e. headless) then having this feature is extremely useful in the event of some problem like a boot failure. AMT can make management a lot easier and provide an important backup line of remote administration options.
References:
Intel AMT Implementation and Reference Guide
System console on Wikipedia
0pointer.net systemd for Administrators, Part XVI Gettys on Serial Consoles (and Elsewhere)
wiki.debian.org AMT
manpages.ubuntu.com: amt-howto – Intel AMT with linux mini howto
software.intel.com: Working with Intel AMT and Linux
Leave a Reply
You must be logged in to post a comment.