A few basic questions on Zero Touch Configuration

A few basic questions on Zero Touch Configuration

Hi,

I am trying to set up an SCS test set up where all the necessary components like Database, CA. etc will be installed in one system. The main intention od setting up SCS is to automate Zero Touch Provisioning in enterprize mode. I have a few questions regarding this.

1. Would the Zero Touch Provisioning work if the systems are not in domain controller? SCS and AMT device however will be under same workgroup and could ping each other.
2. Is Active Diretctory manadatory in this case?
3. If I provision one AMT device with Manual process is it possible to unprovision the device and make it ready for Zero Touch Configuration again? I know that it could be unprovisioned but what I am wandering is if ZTC will work after that?
4. Is Activator tool mandatory in case of ZTC?

For your information I shall work with AMT version 3.X onwards.

I was following SCS installation and configuration guide to set up the environment. But had these confusion in rather basic stuffs. Thanks in advance.

9 posts / 0 new
Last post
For more complete information about compiler optimizations, see our Optimization Notice.
Andrew Schiestl (Intel)'s picture

Quoting - sayantan_majumdar
Hi,

I am trying to set up an SCS test set up where all the necessary components like Database, CA. etc will be installed in one system. The main intention od setting up SCS is to automate Zero Touch Provisioning in enterprize mode. I have a few questions regarding this.

1. Would the Zero Touch Provisioning work if the systems are not in domain controller? SCS and AMT device however will be under same workgroup and could ping each other.
2. Is Active Diretctory manadatory in this case?
3. If I provision one AMT device with Manual process is it possible to unprovision the device and make it ready for Zero Touch Configuration again? I know that it could be unprovisioned but what I am wandering is if ZTC will work after that?
4. Is Activator tool mandatory in case of ZTC?

For your information I shall work with AMT version 3.X onwards.

I was following SCS installation and configuration guide to set up the environment. But had these confusion in rather basic stuffs. Thanks in advance.

1. Hmm, not sure about this, typically ZTC is only used in larger environments that are in a domain instead of a workgroup. Let me look into this more.

2. Active Directory is an optional component that's not needed for zero touch configuration.

3. You can use the MEBx command to unprovision the system, and zero touch configuration will work after that. However, after you set the MEBx password during Manual provisioning, that same MEBx password will still be in the system,and you'll need to set that appropriately in the configuration server you're using.

4. The activator is not strictly speaking mandatory, but in many cases it will be necessary. When a newer AMT system (this includes any AMT 4 or 5 system, and 2.6 or 3.2 systems) is powered on and connected to a network, it will send out hello packets that can be picked up by a configuration server. If this packet is received by a configuration server, it will begin configuring AMT. However, AMT systems will send these packets out for a limited time. The Activator makes AMT send out these packets again, which is why I said it would be necessary in many cases. Once AMT stops sending these hello packets, the activator is needed to make the AMT system start sending hello packets again.

Andy

Quoting - Andrew Schiestl (Intel)

1. Hmm, not sure about this, typically ZTC is only used in larger environments that are in a domain instead of a workgroup. Let me look into this more.

2. Active Directory is an optional component that's not needed for zero touch configuration.

3. You can use the MEBx command to unprovision the system, and zero touch configuration will work after that. However, after you set the MEBx password during Manual provisioning, that same MEBx password will still be in the system,and you'll need to set that appropriately in the configuration server you're using.

4. The activator is not strictly speaking mandatory, but in many cases it will be necessary. When a newer AMT system (this includes any AMT 4 or 5 system, and 2.6 or 3.2 systems) is powered on and connected to a network, it will send out hello packets that can be picked up by a configuration server. If this packet is received by a configuration server, it will begin configuring AMT. However, AMT systems will send these packets out for a limited time. The Activator makes AMT send out these packets again, which is why I said it would be necessary in many cases. Once AMT stops sending these hello packets, the activator is needed to make the AMT system start sending hello packets again.

Andy

Hi Andy,

Thanks for your responses. Could you please confirm if Activator needs a domain? The information I got is activator might run in workgroup but the SCS should be in Domain in that case. Am I correct?

Lance Atencio (Intel)'s picture

Hello,
SCS (full & Lightweight) does not require a domain nor does the Activator.

Quoting - Lance Atencio (Intel)

Hello,
SCS (full & Lightweight) does not require a domain nor does the Activator.

I was actually trying to it with SCS FUll version first. But the user guide for the activator says that either the AMT device should be in AD or the SCS server should be in AD if the AMT device platform is in Workgroup. :(

Lance Atencio (Intel)'s picture

Quoting - sayantan_majumdar

I was actually trying to it with SCS FUll version first. But the user guide for the activator says that either the AMT device should be in AD or the SCS server should be in AD if the AMT device platform is in Workgroup. :(

Hmmm, I haven't tried all the combinations.
What is the setup that would benefit you and your customres the most?

Quoting - Lance Atencio (Intel)

Hmmm, I haven't tried all the combinations.
What is the setup that would benefit you and your customres the most?

The set up should be enterprize mode. And I have to enable AMT via Zero Touch Configuration. I dont have access to those remote systems.In that case is it possible to make it work without Activator and AD.

Lance Atencio (Intel)'s picture

Quoting - sayantan_majumdar

The set up should be enterprize mode. And I have to enable AMT via Zero Touch Configuration. I dont have access to those remote systems.In that case is it possible to make it work without Activator and AD.

You will need Activator. Don't think you'll need AD.
Can you use Activator on those remote systems?

Quoting - Lance Atencio (Intel)

You will need Activator. Don't think you'll need AD.
Can you use Activator on those remote systems?

Yes I can use activator in those remote systems.

Login to leave a comment.