Using Intel vPro AMT ME as a poor man's iLO for KVM
Jan 21, 2019
Jan 21, 2019
Recently I've been trying and failing to get Nutanix Community Edition (CE) to cluster-up, with one ESXi-nested virtualised AHV/CVM and another physical AHV/CVM, running on an old HP Elite 8200 Small Form Factor Desktop PC. If you've played around with Nutanix, you'll know there's a lot of tinkering with the Host (Acropolis Hypervisor, AHV) Node to install the Controller Virtual Machine (CVM), and a bit of rebootery required; if you've been following this blog long, you'll realise that I'm not favoured with the Technology Gods - and my mileage often varies into many more reboots than the average bear.
When you're working with a frankenmachine (ProTip - Buy a 13-pin male Mini-SATA to 22-pin female SATA Converter to use the proprietary MicroSATA/Power Cable going into the CD Drive for an SSD), which you've put in your upstairs LAN Room, then the frequent trips up and down, and lugging a keyboard, video and mouse can get, well, annoying. Unless, that is, you've got Intel vPro, Active Management Technology (AMT) or Management Engine (ME) onboard your lovely business-class Laptop or PC - and then you can use Intel's AMT VNC Server.
Most of the first part of this is the same as the How-to Geek article on How to Remotely Control Your PC with some added time-saving, hair-tearing-out tips to follow later.
As with all good things in life (with PC hardware), the fun stuff happens in the BIOS. As per the links above, this is fairly simple:
Now we've setup most of it, what can we do?
Now you've done all that BIOS work, here comes the first payoff - a lovely Web User Interface you can access via http://<AMT-IP-ADDRESS>:16992, as per example below (my AMT IP is 10.0.0.12):
The kind of information you get to see here includes:
Then there's the juicy ones that you literally don't want (or have) to leave your chair for any more:
If you've read this far, you're probably thinking you've been short-changed here; I promised you a KVM and I've delivered you a fancy Web GUI. So here's the fun part; you'll need one of the following to actually enable the VNC-based KVM functionality to work:
Regardless of which you chose, here's a big tip - the "RFB Password" has to be exactly 8 characters, and include at least one each of the following:
That tip right there saved you two hours of Googling "Error 400" and "XML invalid", and - my personal favourite - "KVM no respond" errors.
You can also do this from within MeshCommander, you click on the following sections, and then you'll get a prompt to chose the KVM "Enabled - all ports" and "RFB Password" (Intel-speak for "VNC Login Password")
Once done, you can now use a standard VNC Client* to connect via <AMT-IP-ADDRESS>:5900 the same you would with any other standard VNC Server:
On Windows, only RealVNC seemed to work. On Mac OS X, only VNC Viewer seemed to work. On Linux (Debian), only Remmina seemed to work.
You'll then be prompted for the VNC Password (this is the pesky 8-character RFB Password):
And finally given a lovely KVM VNC session into your vPro-enabled PC or Laptop:
Et voila - the poor man's iDRAC/iLO/CIMC/<BMC acronym of choice here> is complete!
Note, if you have a Windows PC and don't want to enable the VNC (TCP/5900) part, then both MeshCommander and Intel Manageability Commander have a built-in, non-VNC KVM Client, which seems to speak some magical SOL/IDER "backdoor" protocol into the AMT chip, so they always work, regardless of you turning on/off the "Legacy ports" settings.