How to Manage iAMT Device through Open AMT and Integrate into DeviceOn

Before you access your AMT devices through DeviceOn server, you should connect your AMT devices to OpenAMT server and complete the relative configuration about OpenAMT. This document tries to teach you how to configrue it. There are two topics we will cover through this document. The first part will show you how to get the GUID of your AMT devices. Another part will show you how to configure it in the portal of DeviceOn server.

Enviroment Checking

Before working the SOP, you must meet the following prerequisites:

Hardware

  • A development system
  • At least one Intel vPro® Platform

Development System Software

Get the GUID of AMT devices

In the session, you will learn how to connect your AMT devices to you own OpenAMT server.

  • Login to Web UI of OpenAMT
    • Open any modern web browser and navigate to the following link.
      https://<Development-IP-Address>
    • Log in to the web portal with the login credentials set for the environment variables MPS_WEB_ADMIN_USER and MPS_WEB_ADMIN_PASSWORD in the .env file.
    • If anything goes well, the home page is shown below picture.


    • Select the CIRA Configs tab from the left-hand menu.
    • In the top-right corner, click Add New.


    • Specify a Config Name of your choice.
    • Select IPv4.
    • For MPS Address, provide your development system's IP Address.
    • Cert Common Name (CN=) should auto-populate. If not, provide your development system's IP Address.
    • Leave Port as the default, 4433.
    • Leave the Username as admin or choose your own.
    • Click Save.


  • Create a Profile with CCM
    • Select the Profiles tab from the menu on the left.
    • Under the Profiles tab, click New in the top-right corner to create a profile.


    • Specify a Profile Name of your choice.
    • Under Activation Mode, select Client Control Mode from the dropdown menu.
    • Enable desired redirection features for the profile under AMT Features - Enable/Disable features.
    • Provide or generate a strong AMT Password. AMT will verify this password when receiving a command from a MPS server. This password is also required for device deactivation.
    • The MEBX Password field is disabled. The password for Intel® Manageability Engine BIOS Extensions (Intel® MEBX) cannot be set when activating in CCM due to the lower level of trust when compared to ACM.
    • Leave DHCP as the default for Network Configuration.
    • Optionally, add Tags to help in organizing and querying devices as your list of managed devices grow.
    • Select CIRA(Cloud) for Connection Configuration.
    • Select the name of the CIRA Configuration you created previously from the drop-down menu.
    • Click Save.


  • Build the RPC
    • Only clone the rpc-go repository:
      git clone https://github.com/open-amt-cloud-toolkit/rpc-go --branch v2.5.0
    • Change to the rpc-go directory of the rpc-go repository.
    • Open a Powershell/Command Prompt as Administrator (Windows):
      go build -o rpc.exe ./cmd/main.go
    • Confirm a successful build:
      .\rpc version


  • Unconfigure ME and reset the password of ME
    • Restart your AMT device and enter BIOS.
    • Find AMT Configuration and click Enter.


    • Enable the item named Unconfigure ME.


    • Save the changes and reset the password of ME.



  • Run RPC to Activate and Connect the AMT Device
    • Check the Control Mode if it is pre-provisioning state:
      .\rpc amtinfo


    • Select the Devices tab from the menu on the left.
    • Under the Devices tab, click New in the top-right corner to create a Device.


    • Under Choose Profile, choose the profile you created from the dropdown menu.


    • Copy and run the following cmd:
      .\rpc.exe activate -profile CCM -u wss://myopenamt.southeastasia.cloudapp.azure.com/activate -n


    • If anything goes well, your AMT device should appear under the Devices tab. You can get the GUID from the page.


Enable OpenAMT and configure the GUID for each device

  • Login to Web UI of DeviceOn Server
  • Select the Settings→System tab from the menu on the left.
  • Under the Settings→System tab, select System Settings and choose Open AMT from the dropdown menu in the bottom-right panel.


  • Enable the feature of OpenAMT and specify the url, username and password of OpenAMT server.
  • Click Save.


  • Select the Device→List tab from the menu on the left.
  • Select the Device→List tab, click Edit Device from icon named MORE in the device which you want to map AMT deivce.


  • Specify the GUID of your AMT device.


  • Click Confirm.
  • If anything goes well, the icon of iAMT should enable. Click it, you can get the status and control the AMT device.





Select a repo