Quantcast
Channel: Intel Developer Zone Articles
Viewing all articles
Browse latest Browse all 3384

Using ACUWizard for Self-discovery of Configuration Paths

$
0
0

What is the ACUWizard Tool

The ACUWizard is a recognized tool that is used to enable and configure an Intel® Active Management Technology (Intel® AMT) capable device. The tool is included as part of the Intel® Setup and Configuration Software (Intel® SCS) download. While the tool comes with documentation, it may not be clear to IT professionals when specific options should be used or what benefits or drawbacks are associated with those options.

There are three main reasons to use the ACUWizard:

  • You need to configure an Intel AMT device that does not have a Management Console that supports a configuration of any type.
  • The console does not support remote configuration into Admin Control Mode meaning that you will need to implement the USB configuration option.
  • You need to perform self-discovery of the configuration process.

The next sections describe the following:

  • OS-based configuration versus USB key-based configuration
  • Steps for using ACU Wizard to configure an Intel AMT Client via the OS-based method
  • Steps for using ACU Wizard to configure an Intel AMT Client via the USB key-based method

Configuration Methods Using the ACUWizard: OS-based method versus USB key-based method

Configuration can be performed from within the OS or via a USB key. For the OS-Based Configuration Microsoft Windows* 7 or higher and the LMS service is required and will provision the system into Client Control mode (CCM).

  • Single system configuration. This method is easy to do and can range from a simple configuration to more advanced configurations. This is easy to replicate but time consuming if you need to configure many Intel AMT Clients.
  • Multiple system configuration. This method is scriptable via the command line and is a popular option in environments containing many Intel AMT Clients.

The USB key-based configuration method is designed to use a USB key to push the configuration profile into the Intel® MEBX during a reboot. It is potentially much quicker than an OS-based configuration and has the added capability of configuring the device into Admin Control Mode (ACM). The USB configuration is not supported on Intel AMT 10+ LAN-less devices.

The USB configuration requires a setup.bin file. There are two tools for creating setup.bin. The first tool uses the acuwizard.exe, and the second tool uses acuconfig.exe. ACUConfig is a command-line tool and is somewhat cumbersome, so I won't be going into detail about it in this article.

  • Single use system configuration key. A key is generated specifically for a client and can be used only once. This type of profile is necessary only if the OS has a static IP, but DHCP enabled can be supported as well.
  • Multi-use system configuration key. A single configuration file is created to configure multiple devices. But the systems will have the same password, and the key assumes the device is DHCP-enabled. If a static OS client is configured in this manner, the system will in effect have two IP addresses.

A quick note on passwords: There are three basic passwords used with configurable Intel AMT devices:

  • MEBx password. This is your physical access password into the Intel® Management Engine BIOS Extension (Intel® MEBX). By default the USB configuration will set this to be the same as the Intel AMT password. The password rule for this is max 32 characters and complex. The default password is admin.
  • Intel AMT password. This is the remote management password and is set using all versions of the configuration discussed in this blog. The password rule for this is max 32 characters and complex.
  • RFB5900. This is not required, however it is important to note if the plan is to use a standard VNC viewer to make a local connection with Intel AMT KVM, the RFB password must be set. The password rule is exactly eight characters and complex.

Steps for using the ACU Wizard to configure an Intel® Active Management Technology client via the OS-based method

Single-System Configuration

Perform an OS-based configuration by launching ACUWizard as Admin. Once it’s launched follow these steps:

  1. Create the profile by opening the ACUWizard, and then selecting Configure/Unconfigure this System.
    Configuration Methods
    Figure 1.Configuration Methods
     
  2. Select Configure via Windows.
  3. Select Next.
  4. In the Intel® AMT Configuration Utility – select Configure via Windows and do the following:
    • In Current Password, type a password. This is the password for the Intel® MEBX, if the password has not been changed, the default password is admin.
    • Fill in New Password and Confirm Password.
      Example of Configure via Windows
      Figure 2.Example of Configure via Windows
       
    • Select Override Default Settings, and then click Network Settings.
      • If OS is set as DHCP enabled, verify the settings. Typical settings are:
        • Use the Following as FQDN – Select Host Name.
        • Select the Shared FQDN option.
        • Select Get IP from DHCP Server.
        • Update the DNS directly or via DHCP option 81.
        • Select OK.
      • If the OS IP is static, select the Change the IP section radio button and then select Use the same IP as the host.
      • Select Next.
        Example of Network Settings
        Figure 3.Example of Network Settings
  5. The software saves the profile for potential future use. Enter and confirm the Encryption Password.
  6. Select Configure.
  7. Configuring your System Dialog box launches. Wait until it closes, which can take a few minutes.
  8. Screen should now show Configuration Complete, select finish.

Multiple System Configuration

Configuring Intel AMT devices using this method requires the use of two tools: ACUWizard.exe and ACUConfig.exe. The first step is to create a profile with the ACUWizard and then push the profile to the client with the ACUConfig tool. The following is an example of a basic profile; advanced profiles are beyond the scope of this blog. See Figures 1-3 for examples of what options are available in the ACUWizard’s GUI.

Note:This is a scriptable solution.

  1. Create the profile by opening the ACUWizard, and then selecting Create Settings to configure Multiple Systems (See Figure 1.)
  2. In the AMT Configuration Utility: Profile Designer window, select the green plus sign New.
    Example of Green Pus sign
    Figure 4.Example of Green Plus sign
     
  3. In the Configuration Profile Wizard, select Next.
  4. In the Configuration Profile Wizard Optional Settings window, select Next.
  5. In the Configuration Profile Wizard System Settings window:
    • Enter the RFB password if it is being used.
    • Enter the password in the Use the following password for all systems data field:
    • Select the Set button for Edit and FQDN.
    • There will be no changes, but note the changes required if a device has a static OS IP address.
    • Select Cancel.
    • Select Next.
      Example of Available Feature Settings
      Figure 5.Example of Available Feature Settings
  6. In the Configuration Profile Wizard - "Finished" window:
    • Enter the Profile Name you want to use.
    • Encrypt the xml file by adding and confirming the password.
    • Select Finish.
      Profile Naming and Encryption Example
      Figure 6.Profile Naming and Encryption Example
  7. In the Intel AMT Configuration Utility: Profile Designer window:
    • a. Take note of the Profile Path shown on your screen. It should be something like <userName>\documents\SCS_Profile.
    • b. Close ACU Wizard.

At this point, steps 1 through 7 above are a one-time process per each custom profile needed. The following steps are to be repeated on each client.

  1. Copy the previously created profile and paste it in the configurator folder of the Intel SCS download.
  2. Copy the configurator folder to a location accessible to the Intel AMT Client (Local, Network share, USB thumb drive, and so on).
  3. Open a command prompt as admin, and run the following string: acuconfig.exe configamt <profile.xml>
  4. You should exit with code 0 for a successful configuration.

Steps for using ACUWizard to configure an Intel AMT Client via the USB Configuration

Creating a USB Key for configuration is a three-step process: Create a configuration profile, format a USB Key (Fat32), and save the profile to the USB key as setup.bin.

The profile can be created in two ways: as a single use key or a multiple use key.

Single-Use Key

This method creates a single use key that can't be reused without creating a new setup.bin file. You can keep the Intel AMT IP address the same as the OS IP address if it is statically configured. This key should only be created on the device that the finished USB key is going to configure. Figure 4 provides an example of what options are available for the Single-Use Key method.

To create the USB file setup.bin:

  1. Create the profile by opening the ACUWizard, and then selecting Configure/ Unconfigure this System. (See Figure 1.)
  2. In the Intel AMT Configuration Utility - Configuration Options window:
    • Select Configure via USB Key.
    • Select Next.
  3. In the Intel AMT Configuration Utility - Configure via USB Key window:
    • Fill in Current Password. This is the password for the Intel® MEBX. The default password is "admin" if the password has not been changed,
    • Fill in New Password and Confirm Password.
  4. Select Display advanced settings
    • IS OS IP address is DHCP enabled,, verify that the checkbox for DHCP Enabled is checked.
    • If OS IP address is static, uncheck the DHCP Enabled checkbox and provide the Network address information.
  5. Select Next.
    Example of USB Key Configuration GUI
    Figure 7.Example of USB Key Configuration GUI
     
  6. In the Intel AMT Configuration Utility – Then Create Configuration USB Key window:
    • Specify the appropriate USB Drive in the selection window.
    • Select OK.
    • In the Formatting USB Drive window:
      • Select Yes to format the drive. In the Configuration USB Key Created Successfully dialog box, click OK.
  7. The USB key is now successfully configured

Multi-Use Key

This method creates a single multi-use key that can be reused without creating a new setup.bin file. This method allows for quick configuration over multiple devices. However, the configuration file is made specifically for DHCP-enabled or Static IP-assigned operating systems. Using the wrong key causes a mismatch between the OS (static) and Intel AMT (DHCP-enabled) IP addresses. This is not necessarily wrong, but it requires tracking multiple IPs for the same physical device, causing more management requirements. Figure 9, below provides an example of what the GUI looks like for performing the Multi-Use Key method.

To create the USB file - setup.bin:

  1. Open the ACU Wizard and then select the Create Settings to configure Multiple Systems. See (See Figure 1.)
  2. In Intel AMT Configuration Utility: Profile Designer window:
    • Select the Tools button in the upper-right corner.
      Example of tools button
      Figure 8.Example of tools button
       
    • Select Prepare a USB for Manual Configuration.
  3. In the Settings for Manual Configuration of Multiple Systems window:
    • Select Mobile Systems or Desktop Systems.
      Note:Choosing the wrong device setting will trigger an error about applying power policy. The configuration will be successful; however, the firmware defaults to “Intel® AMT Always On in (s0-s5)” and DHCP-enabled.
    • Select Intel AMT Version level 6+ or 7+.
    • Enter passwords:
      • Old MEBx Password: If the password has not been changed, the default password will be admin.
      • New Password and confirm: The password must be complex and up to 32 characters.
    • Specify the system Power State – select Always On (s0-s5)
    • User Consent Required - Leave unchecked
      Note:With Intel AMT 11, a change was made that defaults User Consent to be KVM only. You can modify this post-configuration via the WS-Management command or through an existing tool such as Mesh Commander.
    • Specify the appropriate USB drive in the selection window.
    • Select OK.
      Example of USB Key Configurable Options
      Figure 9.Example of USB Key Configurable Options
  4. In the Formatting USB Drive window:
    • Select Yes to format the drive. In the Configuration USB Key Created Successfully dialog box, select OK to finish the configuration.
  5. The USB key is now successfully configured.

How to use the Configuration USB Key

Now that the key has been created, we need to use it to configure the Intel AMT device. Just insert the USB Key into the Intel AMT device and reboot the system. During reboot, the device will detect the setup.bin file and a message should display asking whether you want to configure the device. Select” Y” for yes and a few seconds later, hit enter at the success screen.

A few things to note in regards to the USB key; don’t use drives over 32 gig, formatted for FAT32, USB configuration is occasionally disabled in the BIOS thus requiring activation and if a USB key fails to work try a different model or brand.

Additional Resources

Summary

There are a lot of options and reasons for using the ACUWizard tool and it will all depend on your specific environmental requirements. The ACUWizard tool is designed to exercise the full range of features regardless of which method is used. There is not one “correct” way to do configuration as all options are valid, but determining the method that will work in your environment is the essential element.

About the Author

Joe Oster has been active at Intel around Intel® vPro™ Technology and Intel AMT since 2006. He is passionate about technology and is an advocate for the Managed Service Provider and Small/Medium business channels. When not working, he enjoys being a Dad and spends time working on his family farm or flying Drones and RC Aircraft.


Viewing all articles
Browse latest Browse all 3384

Trending Articles