| February 11, 2010 11:00 PM PST | |
In this use case example, an IT manager receives shipment of several PCs that the business wants to configure to use Intel® AMT. These PCs are all shipped with Intel AMT turned off (the manageability mode set to "None"). Intel AMT must be configured prior to deployment to users' desks so that the management console can securely identify and communicate with an Intel AMT enabled PC.
In addition, the following functionality is performed by third-party management applications:
The above steps assume the IT professional is either using the Intel® SCS, a third-party equivalent or has written their own Setup and Configuration Application. Should the developer wish to write their own Setup and Configuration Application, the following tables describe the relevant WSMan Realms that can be found in the Intel® AMT Software Development Kit.
The following SDK resources provides WS-Man examples of the components involved for implementing Setup and Configuration One-Touch Configuration use case:
The following Intel® SCS Documents provide further information on how to use this application to configure and Intel® AMT client.
Using Intel® AMT One-Touch Configuration to Enable Provisioning of Business PCs
One-Touch Configuration of Intel AMT-enabled business PCs encompasses a number of setup scenarios:- Automated setup using a USB key storage device (for both dynamic IP and static IP environments): An IT administrator requests provisioning passphrase (PPS) and provisioning ID (PID) pairs for all systems requiring setup from the configuration server. The configuration server stores the PID/PPS pairs and an administrator password and other configuration data on the USB storage device. The IT administrator inserts the USB storage device into the PC and powers the PC on. As the PC loads, the BIOS and MEBx (Management Engine BIOS Extension) reads the administrator password, PID/PPS pair and other required information from the USB storage device.
- Manual setup for dynamic IP networks: The IT administrator requests PID/PPS pairs for all systems requiring setup from the configuration server (this is usually done via the Setup and Configuration Server that will be listening for "Hello" Packets once the PID/PPS Pair is entered. The administrator powers on the PC to be set up, and during the boot, he or she presses the appropriate key to display the MEBx configuration screen. The IT administrator logs into the MEBx using the factory default administrator username and password and changes the username and password when prompted. The IT administrator ensures that the MEBx manageability mode is set to Intel AMT, enables the SOL/IDE-R interfaces if desired, verifies that the power policies are set for sleep state operation as desired, enters the PID/PPS pair, and exits the MEBx screen. The BIOS will then continue to load. Note that if the SOL/IDE-R interfaces are not enabled in this step, they cannot be enabled programmatically via WSMan calls..
- Manual setup for static IP networks: This sequence is the same as for dynamic IP networks until the step where the PID/PPS pair is entered. At that point, the IT administrator assigns a name to the PC's operating system for identification purposes and selects the TCP/IP option. The IT administrator then disables DHCP and then sets TCP/IP and DNS settings appropriately for the static IP network. The IT administrator then enters the PID/PPS pair, exits the MEBx, and allows the system to complete booting. .
- Final automated configuration for all setup methods: The PC is connected to power, and the Intel AMT device automatically initiates the configuration process over the network by locating the configuration server and establishing secure communications via the PID/PPS pair. The configuration server loads the settings and data required for the environment and reboots the PC.
Key Functionality Enabled by Intel AMT that Underlies this Use Case
The following table summarizes the features and functionality utilized in this use case that are provided by Intel AMT or enabled by Intel AMT in third-party software:| Feature | Functionality |
| Intel provides the Intel® AMT silicon, firmware image, LMS driver, Intel MEI driver, and the Intel® Setup and Configuration Service (SCS), if a third party does not provide a corresponding service. | These components form the basis for Intel AMT One-Touch Configuration support. |
In addition, the following functionality is performed by third-party management applications:
- Third parties provide the configuration server services (if not provided by Intel).
- Third-party software must be capable of configuring an Intel AMT-enabled PC.
The Advantage of Intel AMT One-Touch Configuration
One-Touch Configuration automates the process of setting up and configuring business PCs for use with Intel AMT. It is the most secure option provided by Intel to set up systems to be managed via Intel AMT.Business Value of the Intel AMT Solution
This use case enables IT organizations to save on deployment costs and to enhance security, relative to other Intel AMT setup and configuration options:- One-Touch Configuration automates the provisioning of business PCs.
- This modality provides superior security, relative to Remote (Zero-Touch) configuration.
One-Touch Configuration Usage Case Implementation
Description: Intel® AMT Setup and Configuration - One Touch Configuration. Implementation of this Use Case depends on the following preconditions:- Intel® AMT silicon must be present on the PC.
- Intel® AMT FW image must be loaded on the PC.
- LMS driver must be loaded on the PC.
- Intel® MEI driver must be loaded on the PC.
- Intel® Setup and Configuration Server must be running on the network (if third party does not provide).
- Intel AMT Setup and Configuration Console is running on the network.
| Step | Workflow |
| 1 | IT admin requests PPS and PID pairs for all PCs requiring setup from the configuration server. |
| 2 | Setup and Configuration Console provides PPS and PID pairs. |
| 3 | IT professional powers on the PC to be configured and during boot presses the appropriate key to display the MEBx configuration screen. |
| 4 | IT professional logs into the MEBx using the factory default admin username and password and changes the username / password when prompted. |
| 5 | IT professional ensures that the MEBx manageability mode is set to Intel(r) AMT, turns on SOL/IDE-R if desired, and verifies that the power policies are set for sleep state operation as desired. |
| 6 | IT professional enters the PPS/ PID pair and saves the setting changes. |
| 7 | IT professional exits the MEBx screen. |
| 8 | IT professional configures the remainder of the BIOS. |
| 9 | IT professional saves BIOS settings and exits BIOS setup. |
| 10 | System is then deployed into the user environment. |
| 11 | System is plugged into network and power. |
| 12 | System is discoverable via Management Console. |
| 13 | System can now be managed by Management Console. |
| Alternate Path 1 - USB: | |
| 2 | Setup and Config Console stores PID/PPS pairs and an administrator password and other configuration data on a USB storage device. |
| 3 | IT professional plugs the USB storage device into the system and powers the system on. |
| 4 | As the PC loads, the BIOS and MEBx reads the administrator password, PPS, PID, and other required information from the USB storage device. Continue in the Basic Course of Events from step 10. |
| Alternate Path 2 - Static IP: | |
| 6 | IT professional assigns a name to the PC operating system for identification purposes and selects the TCP/IP option. |
| 6a | DHCP is then disabled by the IT admin and then TCP/IP and DNS settings must be set appropriately for the static IP network. |
| 6b | DHCP is then disabled by the IT admin and then TCP/IP and DNS settings must be set appropriately for the static IP network. |
The above steps assume the IT professional is either using the Intel® SCS, a third-party equivalent or has written their own Setup and Configuration Application. Should the developer wish to write their own Setup and Configuration Application, the following tables describe the relevant WSMan Realms that can be found in the Intel® AMT Software Development Kit.
| WSMan Interface Realm |
| Setup and Configuration (Provisioning) |
| Network Administration |
| General Info |
| Security Administration |
The following SDK resources provides WS-Man examples of the components involved for implementing Setup and Configuration One-Touch Configuration use case:
- USBFile (Sample Code in Configuration Folder)
- PSKGenerator (Sample Code in Configuration Folder)
- CertChainBuilder (Sample Code in Configuraton Folder)
- GeneralInfo (Sample Code - WS Management Samples)
- SecurityAdmin (Sample Code - WS Management Samples)
- NetworkAdministration (Sample Code - WS Management Samples)
The following Intel® SCS Documents provide further information on how to use this application to configure and Intel® AMT client.
- Intel SCS 6.0: Intel(R)_SCS6.0_Installation_and_User_Guide
- Intel SCS 6.0: Intel(R)_SCS6.0_Release_Notes
- Intel SCS 6.0: Intel(R)_vPro_Technology_Activator_Guide.pdf
- Intel SCS 6.0 Lite: Intel(R)_SCS6.0_Lightweight_Installation_and_User_Guide
- Intel SCS 5.2: Intel(R)_SCS5.2_Installation_Guide
- Intel SCS 5.2: Intel(R)_SCS5.2_Console_Guide
- Intel SCS 5.2: Intel(R)_SCS5.2_Troubleshooting_Guide
- Intel SCS 5.2: Internationalization of SCS Messages
For more complete information about compiler optimizations, see our Optimization Notice.
Comments (0) 
Trackbacks (0)
Leave a comment 
To obtain technical support, please go to Software Support.