MeshCentral - Intel AMT Configuration and CIRA

Introduction

This tutorial provides a comprehensive guide on configuring Intel Active Management Technology (Intel AMT) and Client Initiated Remote Access (CIRA) using MeshCentral. Intel AMT allows for remote management of devices even when the operating system is not operational, making it a valuable tool for IT professionals. In this guide, we will walk through the necessary steps to set up Intel AMT and CIRA effectively.

Step 1: Understand Intel AMT and CIRA

• Intel AMT is built into the firmware of Intel vPro computers, allowing remote management of devices.
• CIRA is the protocol that facilitates remote access over the internet.
• Ensure that your devices are connected to the official built-in wireless interface or the provided Ethernet port for AMT to function.

Step 2: Configure MeshCentral for Intel AMT

1. Access your MeshCentral server interface.
2. Identify the devices with Intel AMT capabilities.
3. Check the properties of each device to see the AMT version and configuration status.
4. If credentials are needed, enter them to allow MeshCentral to manage the device.

Step 3: Set Up Intel AMT Policies

1. Navigate to the device groups in MeshCentral.
2. Locate the Intel AMT line to set up your AMT policy.
3. Choose from the following options:
   • No Policy: No changes will be made.
   • Deactivate: Disable Intel AMT on all remote machines.
   • CCM Client Control Mode and ACM Modes: Set specific activation modes for AMT.
   • Full Automatic: Allow MeshCentral to manage AMT settings automatically.
4. For connecting to the server, select the option to activate CIRA:
   • Choose to connect to the server for CIRA activation.
5. Save the policy changes.

Step 4: Monitor CIRA Activation

• After configuring the policy, wait 30 seconds to a minute for the devices to connect to MeshCentral.
• Verify the connection status by checking if "CIRA" appears next to the device names.

Step 5: Utilize Mesh Command Tool

1. Download the Mesh Command Tool from the MeshCentral website.
2. Open a command shell as an administrator.
3. Run the command:

   mesh command amt info
   

   • This command displays the current connection state of the AMT device.
   • Check for connectivity details and whether CIRA is active.

Step 6: Accessing Intel AMT Features

• Use MeshCentral to access AMT features such as:
  • Remote desktop connections through AMT.
  • Serial over LAN capabilities.
• Note that certain limitations exist, such as clipboard sharing and file transfers being unavailable in AMT mode.

Step 7: Use Mesh Commander for Local Management

1. Launch Mesh Commander to view AMT settings locally.
2. Connect to the AMT device using the randomized password provided by MeshCentral.
3. Review the settings for:
   • Server connection details.
   • Periodic connection attempts (default is every 10 seconds).
   • Security settings, including TLS certificate information.

Step 8: Troubleshooting and Configuration Management

• If issues arise with CIRA, use the following commands in the Mesh Command Tool:
  • amt events: View the configuration events and changes made by the server.
  • amt config: Force the MeshCentral server to reconfigure AMT settings.

Conclusion

By following these steps, you can effectively configure Intel AMT and CIRA for remote management using MeshCentral. This setup allows you to manage devices even when they are powered off or their operating systems are non-functional. For further exploration, delve into the Mesh Command Tool and Mesh Commander to optimize your remote management capabilities.