| TL;DR: Build yourself a desktop with a non-vPro CPU and a non-Intel NIC. Check [0] for a list of such CPUs. The usual recommendation is to either get a pre-2009 AMD machine (which is what my present desktop is) or get a Sparc machine. My boss won't buy me a desktop with an UltraSparc CPU, so I won't bother with that. AMD has substantially less documentation than Intel, AFAICT, so Intel products deserve investigation for their relative starkness. An albeit outdate list of systems to avoid, see [1]. I will assume that you are trying to build a desktop from off-the-shelf parts. For sure, get a CPU without vPro, since that downgrades the type of AMT/IME feature set to Standard Manageability: "Please note that NON -vPro™ Intel® desktop procesors will make Intel® ME FW to switch its features set from full Intel® Active Management Technology to Intel® Standard Manageability that do not suport Intel® AMT KVM Redirection feature (it is disabled internally in the Intel® ME FW)." [2] When the CPU doesn't support AMT, then Standard Manageability is what is running in the background. This says 2 things: (1) non-vPro desktop CPUs downgrade AMT to Standard Manageability and (2) IME is active regardless of the CPU's feature set. What is Intel Standard Manageability?
"Q8: What is Intel® Standard Manageability and can it run on a non-Intel® vPro™ technology-based CPU?
A8: Some basic management capabilities are available on non-Intel® vPro™ technology-eligible Intel® Core™2 processors as well as Intel® Pentium® dual-core and Intel® Celeron® processor-based CPUs. Intel® Standard Manageability is available only on desktop systems right now (not notebook), and only includes basic capabilities such as hardware and software inventory and remote diagnostics." [3] I can't tell if Standard Manageability is a lite version of AMT. Intel's documentation on it [4] isn't a whole lot of help. Intel mentions that Atom and i3 platforms generally do not support AMT. [5] At the bottom of this [6] page lists those Intel chipsets with IME. I'd consider that to be a list of chipsets to avoid, but those cover almost all modern chipsets, AFAIK. For sure, don't use any Intel NICs:
"Adding another NIC will not nullify Intel® vPro™ technology verification, but Intel® Active Management Technology communicates only through the onboard network interface of Intel vPro technology, and it is strongly recommended that an additional wired NIC is not added to the platform as this might cause some of the features of Intel AMT to not operate as expected." [7] [0] = http://ark.intel.com/search/advanced?s=t&VProTechnology=fals... [1] = https://communities.intel.com/docs/DOC-2033 [2] = https://communities.intel.com/thread/65350 [3] = https://software.intel.com/en-us/articles/intel-vpro-technol... [4] = https://software.intel.com/en-us/blogs/2009/03/27/what-is-st... [5] = http://www.intel.com/content/dam/www/public/us/en/include/re... [6] = https://www.kernel.org/doc/Documentation/misc-devices/mei/me... [7] = https://software.intel.com/en-us/articles/intel-vpro-technol... |