Add and Connect to an Edge Node with Power Cycle
Intel® Active Management Technology (Intel® AMT) is a feature of the Intel vPro® platform. It provides remote hardware-based capabilities for asset management that enables out-of-band management from the operating system. Each Intel® AMT device has a Global Unique Identifier (GUID) assigned to it by default. This GUID will be used as the reference to each device record. Typically, device GUIDs are required to perform power actions and other device-specific manageability features.
Hardware Prerequisites
Intel vPro® platform with Intel® AMT firmware having:
- Version 9.0.31 and higher
- Intel® AMT communicates with certain type of Intel ethernet and Wifi chipsets that support sideband communication. For Intel ethernet, typically the ethernet chip is labelled with suffix “LM”, for example: i219-LM, i225-LM. Other ethernet such as i210 or ethernet from other vendors are not supported. (For example: Ethernet eno1 => i219LM.)
You can check for Intel® AMT enabled and supported devices by following these steps:
- Download themeshcmdexecutable with the command:curl https://alt.meshcentral.com/meshagents?meshcmd=6 >meshcmd
- Execute themeshcmdfile with the command:chmod +x ./meshcmd
- Check whether the system has Intel® AMT support or not with the below highlightedamtinfofrommeshcmd. Under ManagementEngine of amtinfo, the first 3 decimals11.8.71represents the version and the next value3630represents the build number.sudo ./meshcmd smbios
BIOS Prerequisites
You must perform the following steps on your BIOS before onboarding an edge node with the power cycle option.
- Domain suffix and un-provisioning:
- Restart or power on the device.
- While the device is booting up, pressCtrl+Pto reach the Intel® Management Engine BIOS Extension (Intel® MEBX) login screen.
- Select 'Intel AMT configuration'
- Select 'Unconfigure Network access'
- Select 'Full unprovision', and then press 'y' to continue.
- Select 'Remote Setup and Configuration'
- Select 'TLS PKI'
- Select 'PKI DNS Suffix'
- Provide a DNS suffix name as "vprodemo.com" and pressenter.
- PressEscthree times to reach the main menu.
- Select 'MEBX Exit', and then press 'y' to confirm the exit.If it is the first time entering MEBX and the device has not been provisioned previously, the default password isadmin. It will prompt you to create a new password.
- Power policy:
- Select 'MEBX Exit', and then press 'y' to confirm the exit
- Go to theIntel® MEBXmain menu.
- Login with the MEBx password.
- SelectIntel® AMT Configuration.
- Select 'Power Control' underIntel® Management Engine (Intel® ME) Platform Configuration, then pressEnter.
- Intel® ME Platform Configurationscreen changes toIntel® ME Power Controlscreen. Select the option as "Mobile: On in So, MEWake in S3, S4-5 -Power Package 2".
- Save the changes and exit.
Step 1: Go to Deploy > Connect to an Edge Node
- Click onDeployin the top menu and selectConnect to an Edge Node.
- In theConnect to an Edge Nodescreen under theConnection Pendingtab, click onAdd Edge Node.
- You can select theEnableorDisableoptions for the IDV feature andEnablefor the Remote Power Cycle Configurations, and provide the AMT specific inputs.The IDV feature should be enabled on the Host machine before it can be enabled here on the BareMetal.
- AMT Password:It is used internally by AMT firmware for remote access.
- AMT MEBX Password:It is the password to get into the ME BIOS Extensions menu.
- AMT Domain Suffix:"vprodemo.com" (This is the default suffix and should be provided as input.)
- AMT Domain Password:"P@ssw0rd" (This is the default domain cert password and should be provided as input.)
- Click on theNextbutton. You will see a set of instructions to connect an edge node in the note section, and commands for deploying an edge agent, which must be executed on the device that needs to be connected.
- The RPC agent will be deployed as part of the deployment process on edge node. On the terminal of the target device at the end of connecting command execution, we can observe that the target device will be provisioned successfully with the deployment of the RPC agent as mentioned in the screenshot below.
- After successful connecting, you can see that the edge node was added under theConnection Completetab and the status isConnected.
- You can view Intel® AMT specific details under theRemote power cyclecard of the deployed edge node by clicking on the respective Edge Node Name.1. If the edge node does not have Intel® AMT capability or does not meet the prerequisites, the RPC agent cannot be installed while connecting and exits the installation. Check the troubleshooting steps for RPC agent installation failure.2. After successful installation of the RPC agent, if AMT Power On/Off actions are not enabled under Edge Node actions, reboot the edge node. Once the system has rebooted, then you can see the actions.
- Manage the edge node by clicking onPower On / Power Off / Restartfrom theEdge Node Actionsdrop-down list in the top right corner of theEdge Node Detailspage.
- Once the Power Off action is triggered, the target device will go to the power off state and the endpoint state will be disconnected. Power on the edge node again by clicking onPower OnunderEdge Node Actions.
- Similarly, you can perform aRestartoperation on that edge node by clicking on theRestartbutton underEdge Node Actions.
Troubleshooting Intel® Active Management Technology (Intel® AMT) Issues
The Edge Software Configurator package was previously named
edge_software_manager
. Some screenshots, commands, and file paths in this guide still use
esm
or
edge_software_manager
at this time.
- CIRA connection closed between AMT device and MPS serverIf this issue is observed, check the logs of MPS server using the command below and find out whether the CIRA connection is closed or not.sudo docker logs esm_mps_1If this happens, try restarting the MPS server using the command:sudo docker restart esm_mps_1
- Intel® AMT Connecting to MPS ServerAfter a successful configuration, the Intel® AMT device will occasionally fail to connect to the MPS. There are two ways to prompt Intel® AMT to attempt to re-connect to MPS:
- Unplug and re-plug the network cable.
- Reboot the Intel® AMT device.
- Intel® AMT device fails to re-connect to MPS after MPS is not available for an extended periodIf the MPS goes down for more than 2 days, Intel® AMT devices will no longer attempt to connect to MPS. If this happens, there are two ways to prompt Intel® AMT to attempt to re-connect to MPS.
- Unplug and re-plug the network cable.
- Reboot the Intel® AMT device.
- RPC agent Installation/Failure
- Device is already in provision state.
- Intel® AMT Firmware: version with 9.0.31 and higher and build greater than 3000 (mentioned as prerequisite).
- Not an Intel vPro® device. (No support for AMT feature.)
- Device activation/provisioning failed. Check the logs of RPS container on build node to identify the issue.sudo docker logs -f esm_rps_1
- Error: If "Timed out due to inactivity" issue is faced, manually re-run the rpc agent command using the commands:cd /opt/rpc/build/ sudo ./rpc -u wss://<esm-server-ip>:8080 -c "-t activate --profile <onboard-endpoint-name>".