Documentation

  • 4.0
  • 10/25/2021
  • Public Content

Add and Connect to an Edge Node with Power Cycle

Intel® Active Management Technology (Intel® AMT) is a feature of the Intel vPro® platform. It provides remote hardware-based capabilities for asset management that enables out-of-band management from the operating system. Each Intel® AMT device has a Global Unique Identifier (GUID) assigned to it by default. This GUID will be used as the reference to each device record. Typically, device GUIDs are required to perform power actions and other device-specific manageability features.

Prerequisites

Intel vPro® platform with Intel® AMT firmware having:
  • Build greater than 3000
  • Version 9.0.31 and higher
You can check for Intel® AMT enabled and supported devices by following these steps:
  1. Download the
    meshcmd
    executable with the command:
    curl https://alt.meshcentral.com/meshagents?meshcmd=6 >meshcmd
  2. Execute the
    meshcmd
    file with the command:
    chmod +x ./meshcmd
  3. Check whether the system has Intel® AMT support or not with the below highlighted
    amtinfo
    from
    meshcmd
    . Under ManagementEngine of amtinfo, the first 3 decimals
    11.8.71
    represents the version and the next value
    3630
    represents the build number.
    sudo ./meshcmd smbios

BIOS Prerequisites

You must perform the following steps on your BIOS before onboarding an edge node with the power cycle option.
  1. Domain suffix and un-provisioning:
    1. Restart or power on the device.
    2. While the device is booting up, press
      Ctrl+P
      to reach the Intel® Management Engine BIOS Extension (Intel® MEBX) login screen.
      • Select '
        Intel AMT configuration
        '
      • Select '
        Unconfigure Network access
        '
      • Select '
        Full unprovision
        ', and then press '
        y
        ' to continue.
      • Select '
        Remote Setup and Configuration
        '
      • Select '
        TLS PKI
        '
      • Select '
        PKI DNS Suffix
        '
      • Provide a DNS suffix name as "
        vprodemo.com
        " and press
        enter
        .
    3. Press
      Esc
      three times to reach the main menu.
    4. Select '
      MEBX Exit
      ', and then press '
      y
      ' to confirm the exit.
      If it is the first time entering MEBX and the device has not been provisioned previously, the default password is
      admin
      . It will prompt you to create a new password.
  2. Power policy:
    1. Select '
      MEBX Exit
      ', and then press '
      y
      ' to confirm the exit
    2. Go to the
      Intel® MEBX
      main menu.
    3. Login with the MEBx password.
      • Select
        Intel® AMT Configuration
        .
      • Select '
        Power Control
        ' under
        Intel® Management Engine (Intel® ME) Platform Configuration
        , then press
        Enter
        .
      • Intel® ME Platform Configuration
        screen changes to
        Intel® ME Power Control
        screen. Select the option as "
        Mobile: On in So, MEWake in S3, S4-5 -Power Package 2
        ".
    4. Save the changes and exit.

Step 1: Go to Deploy > Connect to an Edge Node

  1. Click on
    Deploy
    in the top menu and select
    Connect to an Edge Node
    .
  2. In the
    Connect to an Edge Node
    screen, click on
    Add Edge Node
    .
  3. Select the option "
    Enable remote power cycle
    " and provide the AMT specific inputs.
    • AMT Password:
      It is used internally by AMT firmware for remote access.
    • AMT MEBX Password:
      It is the password to get into the ME BIOS Extensions menu.
    • AMT Domain Suffix:
      "vprodemo.com" (This is the default suffix should be provided as input.)
    • AMT Domain Password:
      "P@ssw0rd" (This is the default domain cert password should be given as input.)
  4. Click on the
    Next
    button. You will see a set of instructions to connect an edge node in the note section, and commands for deploying an edge agent, which must be executed on the device that needs to be connected.
  5. The RPC agent will be deployed as part of the deployment process on edge node. On the teminal of the target device at the end of connecting command execution, we can observe that the target device will be provisioned successfully with the deployment of the RPC agent as mentioned in the screenshot below.
  6. After successful connecting, you can see that the edge node was added under the
    Connection Complete
    tab and the status is
    Connected
    .
  7. You can view Intel® AMT specific details under the
    Remote power cycle
    card of the deployed edge node by clicking on the respective Edge Node Name.
    1. If the edge node does not have Intel® AMT capability or does not meet the prerequisites, the RPC agent cannot be installed while connecting and exits the installation. Check the troubleshooting steps for RPC agent installation failure.
    2. After successful installation of the RPC agent, if AMT Power On/Off actions are not enabled under Edge Node actions, reboot the edge node. Once the system has rebooted, then you can see the actions.
  8. Manage the edge node by clicking on
    Power On / Power Off / Restart
    from the
    Edge Node Actions
    drop-down list in the top right corner of the
    Edge Node Details
    page.
  9. Once the Power Off action is triggered, the target device will go to the power off state and the endpoint state will be disconnected. Power on the edge node again by clicking on
    Power On
    under
    Edge Node Actions
    .
  10. Similarly, you can perform a
    Restart
    operation on that edge node by clicking on the
    Restart
    button under
    Edge Node Actions
    .

Troubleshooting Intel® Active Management Technology (Intel® AMT) Issues

The Edge Software Configurator package was previously named
edge_software_manager
. Some screenshots, commands, and file paths in this guide still use
esm
or
edge_software_manager
at this time.
  1. CIRA connection closed between AMT device and MPS server
    If this issue is observed, check the logs of MPS server using the command below and find out whether the CIRA connection is closed or not.
    sudo docker logs esm_mps_1
    If this happens, try restarting the MPS server using the command:
    sudo docker restart esm_mps_1
  2. Intel® AMT Connecting to MPS Server
    After a successful configuration, the Intel® AMT device will occasionally fail to connect to the MPS. There are two ways to prompt Intel® AMT to attempt to re-connect to MPS:
    1. Unplug and re-plug the network cable.
    2. Reboot the Intel® AMT device.
  3. Intel® AMT device fails to re-connect to MPS after MPS is not available for an extended period
    If the MPS goes down for more than 2 days, Intel® AMT devices will no longer attempt to connect to MPS. If this happens, there are two ways to prompt Intel® AMT to attempt to re-connect to MPS.
    1. Unplug and re-plug the network cable.
    2. Reboot the Intel® AMT device.
  4. RPC agent Installation/Failure
    • Device is already in provision state.
    • Intel® AMT Firmware: version with 9.0.31 and higher and build greater than 3000 (mentioned as prerequisite).
    • Not an Intel vPro® device. (No support for AMT feature.)
    • Device activation/provisioning failed. Check the logs of RPS container on build node to identify the issue.
      sudo docker logs -f esm_rps_1
    • Error: If "Timed out due to inactivity" issue is faced, manually re-run the rpc agent command using the commands:
      cd /opt/rpc/build/ sudo ./rpc -u wss://<esm-server-ip>:8080 -c "-t activate --profile <onboard-endpoint-name>".

Product and Performance Information

1

Performance varies by use, configuration and other factors. Learn more at www.Intel.com/PerformanceIndex.