Open AMT Cloud Toolkit — Part 3: Create CCM profile

In order to enroll a client, we first need to create an AMT profile.

The easiest is to create a CCM (Client Control Mode) profile. However, this kind of profile has one limitation: user consent is always required for KVM or remote serial.

User consent means that the user (in front of the client machine) must provide a code that shows up on the computer display to the operator (the person trying to initiate a remote session) to allow the connection.

An ACM (Admin Control Mode) profile, on the other, can be configured so that user consent is not required. This possibility will be explored in a future article as it is significantly more complex to set up.

Create a CIRA configuration

Before creating an AMT profile, the CIRA configuration must be defined. The CIRA configuration allows the client to stay in touch with the server. The CIRA configuration will be the same with CCM and ACM.

Log in to the web UI, click on the CIRA Configs tab then click the Add New + button.

Choose a name for the configuration.

Select FQDN and type in the FQDN to join the server from the client. This should match the MPS_COMMON_NAME set previously. Note that the FQDN will be used as the Common Name in the certificate to connect to the server, so if there is a mismatch, the connection will not be established. If MPS_COMMON_NAME was erroneous, the certificate must be removed from the vault and the MPS service restarted.

Keep the default 4433 port, which is what was allowed in the firewall previously.

Keep the default admin username.

Save the configuration.

Create a CCM profile

In the web UI, select the Profiles tab and click the + Add New button.

Choose a name for the profile.

Select Client Control Mode as the Activation Mode.

Keep all AMT Features enabled (IDE Redirect, KVM, SOL).

Uncheck the Generate Random AMT Password For Each Device option. Although less secure, it is much easier to manage a single password for all devices.

Set an AMT Password and save it somewhere safe. It will be required to unenroll the device if need be.

Select your preferred network configuration, DHCP or STATIC (static IP). DHCP is highly recommended for simplicity's sake. If static IP is chosen, you can keep the IP Synchronization Enabled option enabled and install the LMS agent on the client (covered in a future article) to automatically set the IP in AMT.

Select CIRA as Connection Configuration and choose your previously created CIRA Configuration.

You can add tags as needed.

Finally, save the profile.

Enroll a client

In the next article, we will explain how to install Intel LMS (Local Manageability Service) as well as the rpc-go tool on the client to connect to the server and configure Intel AMT with the profile we just created.

Subscribe to piernov

Don’t miss out on the latest issues. Sign up now to get access to the library of members-only issues.