Intel® vPro™ Technology

  Section 7 of 11  

Configuring Intel® Active Management Technology

Bare-Metal Configuration

The scenarios demonstrated in the previous section were called delayed configuration scenarios, and the assumption is that the Intel® Active Management Technology (Intel® AMT) configuration process takes place once the host OS is already deployed. Recall that Phase 1 for the two configuration methods required a software agent to enable the network interface of the Intel AMT system and provide discovery information back to the configuration server.

Bare-metal configuration is another configuration capability of Intel AMT that allows configuration prior to OS installation. In fact one key usage of bare-metal configuration is to push down an OS installation or image to the platform by using Intel AMT remote boot operations. Naturally, this step can only take place after Intel AMT has been configured.

Both PSK and Asymmetric Key methods can be utilized for bare-metal configuration. Intel provided system manufacturers the capability to designate in manufacturing a “bare-metal timer”, typically limited to 24 hours, in which Intel AMT enables its network interface. This allows a configuration server to configure a device without the need for the software agent trigger, required in Phase I of the delayed configuration model. Bare-metal configuration is enabled from the initial boot of the system and for the accumulated system up-time duration, specified by the bare-metal timer. After this duration, Intel AMT disables its network interface. To configure Intel AMT from this point onward, the delayed configuration method must be used. Following is a sequence diagram depicting Phase 1 for bare-metal configuration. In order to use bare-metal configuration, an alias for the configuration server address is registered on the relevant DNS servers in the enterprise. The reason for this will become clear when we describe the protocol details.

Figure 5: Bare-Metal configuration—Phase 1
Source: Intel Corporation, 2008
click image for larger view

Figure 5 illustrates Phase 1 of bare-metal configuration. During the bare-metal time window, Intel AMT tries to acquire a DHCP IP address, detect the DNS server address, and use that address to query for the designated configuration server. Intel AMT uses a concatenation of a predefined host name, “provisionserver” and the DNS suffix it has learned. If, for example, the DNS suffix returned by the DHCP server is foo.com, Intel AMT tries to resolve both “provisionserver” and provisionserver.foo.com entries. If it succeeds, Intel AMT sends a notification to the configuration server, depicted in Figure 5 as a “Hello” message. The Hello message is TCP-based and provides the configuration server with the platform’s Universally Unique Identifier (UUID) [17] and additional information that can assist in completing the configuration process. Note that the message does not carry any authentication information. As long as the bare-metal time window has not elapsed, the configuration server can complete the configuration process (by using either the PSK or the Asymmetric Key method). Note that if the Asymmetric Key method is used, then the configuration server has no way to validate the authenticity of its peer.

  Section 7 of 11  

Back to Top