Edge Software Configurator

Documentation

  • 5.0
  • 04/26/2022
  • Public Content
Contents

Add and Connect to an Edge Node with Power Cycle

Intel® Active Management Technology (Intel® AMT) is a feature of the Intel vPro® platform. It provides remote hardware-based capabilities for asset management that enables out-of-band management from the operating system. Each Intel® AMT device has a Global Unique Identifier (GUID) assigned to it by default. This GUID will be used as the reference to each device record. Typically, device GUIDs are required to perform power actions and other device-specific manageability features.

Hardware Prerequisites

Intel vPro® platform with Intel® AMT firmware having:
  • Version 9.0.31 and higher
  • Intel® AMT communicates with certain type of Intel ethernet and Wifi chipsets that support sideband communication. For Intel ethernet, typically the ethernet chip is labelled with suffix “LM”, for example: i219-LM, i225-LM. Other ethernet such as i210 or ethernet from other vendors are not supported. (For example: Ethernet eno1 => i219LM.)
You can check for Intel® AMT enabled and supported devices by following these steps:
  1. Download the
    meshcmd
     executable with the command: 
    curl https://alt.meshcentral.com/meshagents?meshcmd=6 >meshcmd
  2. Execute the
    meshcmd
     file with the command: 
    chmod +x ./meshcmd
  3. Check whether the system has Intel® AMT support or not with the below highlighted
    amtinfo
     from
    meshcmd
    . Under ManagementEngine of amtinfo, the first 3 decimals
    11.8.71
     represents the version and the next value
    3630
     represents the build number. 
    sudo ./meshcmd smbios

BIOS Prerequisites

You must perform the following steps on your BIOS before onboarding an edge node with the power cycle option.
  1. Domain suffix and un-provisioning:
    1. Restart or power on the device.
    2. While the device is booting up, press
      Ctrl+P
       to reach the Intel® Management Engine BIOS Extension (Intel® MEBX) login screen.
      • Select '
        Intel AMT configuration
        '
      • Select '
        Unconfigure Network access
        '
      • Select '
        Full unprovision
        ', and then press '
        y
        ' to continue.
      • Select '
        Remote Setup and Configuration
        '
      • Select '
        TLS PKI
        '
      • Select '
        PKI DNS Suffix
        '
      • Provide a DNS suffix name as "
        vprodemo.com
        " and press
        enter
        .
    3. Press
      Esc
       three times to reach the main menu.
    4. Select '
      MEBX Exit
      ', and then press '
      y
      ' to confirm the exit.
      If it is the first time entering MEBX and the device has not been provisioned previously, the default password is
      admin
      . It will prompt you to create a new password.
  2. Power policy:
    1. Select '
      MEBX Exit
      ', and then press '
      y
      ' to confirm the exit
    2. Go to the
      Intel® MEBX
       main menu.
    3. Login with the MEBx password.
      • Select
        Intel® AMT Configuration
        .
      • Select '
        Power Control
        ' under
        Intel® Management Engine (Intel® ME) Platform Configuration
        , then press
        Enter
        .
      • Intel® ME Platform Configuration
         screen changes to
        Intel® ME Power Control
         screen. Select the option as "
        Mobile: On in So, MEWake in S3, S4-5 -Power Package 2
        ".
    4. Save the changes and exit.

Step 1: Go to Deploy > Connect to an Edge Node

  1. Click on
    Deploy
     in the top menu and select
    Connect to an Edge Node
    .
  2. In the
    Connect to an Edge Node
     screen under the
    Connection Pending
     tab, click on
    Add Edge Node
    .
  3. You can select the
    Enable
     or
    Disable
     options for the IDV feature and
    Enable
     for the Remote Power Cycle Configurations, and provide the AMT specific inputs.
    The IDV feature should be enabled on the Host machine before it can be enabled here on the BareMetal.
    • AMT Password:
       It is used internally by AMT firmware for remote access.
    • AMT MEBX Password:
       It is the password to get into the ME BIOS Extensions menu.
    • AMT Domain Suffix:
       "vprodemo.com" (This is the default suffix and should be provided as input.)
    • AMT Domain Password:
       "P@ssw0rd" (This is the default domain cert password and should be provided as input.)
  4. Click on the
    Next
     button. You will see a set of instructions to connect an edge node in the note section, and commands for deploying an edge agent, which must be executed on the device that needs to be connected.
  5. The RPC agent will be deployed as part of the deployment process on edge node. On the terminal of the target device at the end of connecting command execution, we can observe that the target device will be provisioned successfully with the deployment of the RPC agent as mentioned in the screenshot below.
  6. After successful connecting, you can see that the edge node was added under the
    Connection Complete
     tab and the status is
    Connected
    .
  7. You can view Intel® AMT specific details under the
    Remote power cycle
     card of the deployed edge node by clicking on the respective Edge Node Name.
    1. If the edge node does not have Intel® AMT capability or does not meet the prerequisites, the RPC agent cannot be installed while connecting and exits the installation. Check the troubleshooting steps for RPC agent installation failure.
    2. After successful installation of the RPC agent, if AMT Power On/Off actions are not enabled under Edge Node actions, reboot the edge node. Once the system has rebooted, then you can see the actions.
  8. Manage the edge node by clicking on
    Power On / Power Off / Restart
     from the
    Edge Node Actions
     drop-down list in the top right corner of the
    Edge Node Details
     page.
  9. Once the Power Off action is triggered, the target device will go to the power off state and the endpoint state will be disconnected. Power on the edge node again by clicking on
    Power On
     under
    Edge Node Actions
    .
  10. Similarly, you can perform a
    Restart
     operation on that edge node by clicking on the
    Restart
     button under
    Edge Node Actions
    .

Troubleshooting Intel® Active Management Technology (Intel® AMT) Issues

The Edge Software Configurator package was previously named
edge_software_manager
. Some screenshots, commands, and file paths in this guide still use
esm
 or
edge_software_manager
 at this time.
  1. CIRA connection closed between AMT device and MPS server
    If this issue is observed, check the logs of MPS server using the command below and find out whether the CIRA connection is closed or not. 
    sudo docker logs esm_mps_1
    If this happens, try restarting the MPS server using the command: 
    sudo docker restart esm_mps_1
  2. Intel® AMT Connecting to MPS Server
    After a successful configuration, the Intel® AMT device will occasionally fail to connect to the MPS. There are two ways to prompt Intel® AMT to attempt to re-connect to MPS:
    1. Unplug and re-plug the network cable.
    2. Reboot the Intel® AMT device.
  3. Intel® AMT device fails to re-connect to MPS after MPS is not available for an extended period
    If the MPS goes down for more than 2 days, Intel® AMT devices will no longer attempt to connect to MPS. If this happens, there are two ways to prompt Intel® AMT to attempt to re-connect to MPS.
    1. Unplug and re-plug the network cable.
    2. Reboot the Intel® AMT device.
  4. RPC agent Installation/Failure
    • Device is already in provision state.
    • Intel® AMT Firmware: version with 9.0.31 and higher and build greater than 3000 (mentioned as prerequisite).
    • Not an Intel vPro® device. (No support for AMT feature.)
    • Device activation/provisioning failed. Check the logs of RPS container on build node to identify the issue. 
      sudo docker logs -f esm_rps_1
    • Error: If "Timed out due to inactivity" issue is faced, manually re-run the rpc agent command using the commands: 
      cd /opt/rpc/build/
sudo ./rpc -u wss://<esm-server-ip>:8080 -c "-t activate --profile   <onboard-endpoint-name>".

Product and Performance Information

1

Performance varies by use, configuration and other factors. Learn more at www.Intel.com/PerformanceIndex.