Guest Blogger/Author: Ajith Illendula, Intel
This blog is focused on the different steps needed to configure an Intel(r) vPro(tm) Enabled Gateway, also known as a Management Presence Server ( MPS). Ajith has divided the process into small steps and has created (silent) videos for each of these steps. Prior to watching the videos, the following list provides you with all the necessary steps to get started. The videos have been placed on YouTube and are included below.
You will need to acquire and download the following tools and configure your system accordingly:
- An Intel AMT Enabled Client is required - Remote access or Fast Call For Help is supported on clients running AMT 4.0 and above.
- A server or VM running Windows Server 2003 or Windows Server 2008
- DHCP, DNS in the environment (you can use a simple router or VM with these services installed)
- Intel AMT SDK - This is where you will find the MPS binaries.
- Manageability Developer Tool Kit (DTK) - You can download it from here.
- XCA - Certificate generation Utility
- Stunnel - Tool for TLS encryption
- Apache 2.2.8 - Proxy server to be used by management consoles.
Once you have all the above downloaded and configured, install the following on the system where you want to run the MPS - DTK, XCA, Apache, and Stunnel. Provision the Intel AMT system using any tool of your choice and in any mode that you like.
The following videos will show you the next steps on how to configure all these tools and how to make an Inel vPro Enabled Gateway.
Fast Call For Help: Video 1. Certificate Management - First step to implement Fast Call for Help is to create the necessary certificates that are needed for the Management Presence Server (MPS) and also the Intel AMT client and in the format that works. This video will demonstrate the certificates needed for the MPS to establish a TLS server authentication encrypted tunnel with the Intel AMT client.
Fast Call For Help: Video 2. Stunnel Configuration - Now that certificates are created (See Video 1 – Certificate Management), next step is to configure the stunnel tool which handles the TLS connections between MPS and AMT clients. This video will walk you through the process of how to configure stunnel and the different ports that are used.
Fast Call For Help: Video 3. Apache Configuration - This video demonstrates how to modify the Apache 2.2.8 httpd proxy server using the custom modules from the Intel AMT SDK. Also, the video will highlight the necessary changes needed for the configuration settings of the proxy server and the various ports used.
Fast Call For Help: Video 4. Management Presence Server (MPS) configuration - This video demonstrates the configuration of the Management Presence Server (MPS) module and how to tie the ports used in all the other tools such as stunnel and apache to make the Intel vPro Enabled Gateway.
Fast Call For Help: Video 5. Intel AMT Configuration - This video demonstrates the configuration changes needed on the Intel AMT client to support the fast call for help usages. You will learn how to add new Management Presence Servers (MPS) servers in the Intel AMT client, creating remote access policies and finally the environment detection settings that enables the remote access usage.
Fast Call For Help: Video 6. Fast Call for Help Management - This video will demonstrate what happens when an Intel AMT client connects to the Management Presence Server (MPS), collect the device events when they are connected & disconnected and how to manage the device once connected.
You can read more about the Fast Call for Help feature in the Intel SDK Implementation and Reference Guide. Hopefully between the SDK documentation and these videos you will be able to configure your vPro Enabled Gateway so that you can implement the Fast Call for Help Usage. Let us know if you have any problems with this.