Open AMT Cloud Toolkit — Part 3: Create CCM profile
In order to enroll a client, we first need to create an AMT profile.
The easiest is to create a CCM (Client Control Mode) profile. However, this kind of profile has one limitation: user consent is always required for KVM or remote serial.
User consent means that the user (in front of the client machine) must provide a code that shows up on the computer display to the operator (the person trying to initiate a remote session) to allow the connection.
An ACM (Admin Control Mode) profile, on the other, can be configured so that user consent is not required. This possibility will be explored in a future article as it is significantly more complex to set up.
Create a CIRA configuration
Before creating an AMT profile, the CIRA configuration must be defined. The CIRA configuration allows the client to stay in touch with the server. The CIRA configuration will be the same with CCM and ACM.
Log in to the web UI, click on the CIRA Configs
tab then click the Add New +
button.
Choose a name for the configuration.
Select FQDN and type in the FQDN to join the server from the client. This should match the MPS_COMMON_NAME
set previously. Note that the FQDN will be used as the Common Name in the certificate to connect to the server, so if there is a mismatch, the connection will not be established. If MPS_COMMON_NAME
was erroneous, the certificate must be removed from the vault and the MPS service restarted.
Keep the default 4433 port, which is what was allowed in the firewall previously.
Keep the default admin
username.
Save the configuration.
Create a CCM profile
In the web UI, select the Profiles
tab and click the + Add New
button.
Choose a name for the profile.
Select Client Control Mode
as the Activation Mode
.
Keep all AMT Features
enabled (IDE Redirect
, KVM
, SOL
).
Uncheck the Generate Random AMT Password For Each Device
option. Although less secure, it is much easier to manage a single password for all devices.
Set an AMT Password
and save it somewhere safe. It will be required to unenroll the device if need be.
Select your preferred network configuration, DHCP
or STATIC
(static IP). DHCP is highly recommended for simplicity's sake. If static IP is chosen, you can keep the IP Synchronization Enabled
option enabled and install the LMS agent on the client (covered in a future article) to automatically set the IP in AMT.
Select CIRA
as Connection Configuration
and choose your previously created CIRA Configuration
.
You can add tags as needed.
Finally, save the profile.
Enroll a client
In the next article, we will explain how to install Intel LMS (Local Manageability Service) as well as the rpc-go
tool on the client to connect to the server and configure Intel AMT with the profile we just created.