Merge branch 'main' into sunil-parida-patch-4

Author: sunil-parida

docs/index.rst

@@ -116,6 +116,22 @@ you can find details about the high-level design and submit patches of your own.
         APIs offer Create, Read, Update, and Delete capabilities.
 
 
+Modular Workflows
+-----------------
+Device management workflows from EMF that showcase Intel Architecture capabilities,
+designed to be evaluated independently and seamlessly integrated into partner
+device-management solutions to extend their functionality.
+
+.. grid:: 3
+
+    .. grid-item-card:: Modular Workflows
+        :link: modular_workflows/index
+        :link-type: doc
+        :link-alt: clickable cards
+
+        Explore modular device management workflows that extend partner solutions with Intel Architecture capabilities.
+
+
 .. toctree::
    :hidden:
 
@@ -125,5 +141,6 @@ you can find details about the high-level design and submit patches of your own.
    developer_guide/index
    api/index
    system_requirements/index
+   modular_workflows/index
 
 

docs/modular_workflows/index.rst

@@ -0,0 +1,20 @@
+Modular Workflows
+=================
+
+Device management workflows from EMF that showcase Intel Architecture
+capabilities, designed to be evaluated independently and seamlessly integrated
+into partner device-management solutions to extend their functionality.
+
+.. grid:: 3
+
+    .. grid-item-card:: Modular vPro Workflow
+        :link: vpro-amt-ism/index
+        :link-type: doc
+        :link-alt: clickable cards
+
+        End-to-end activation and device management using Intel® vPro AMT and ISM.
+
+.. toctree::
+   :hidden:
+
+   vpro-amt-ism/index

docs/modular_workflows/vpro-amt-ism/architecture.rst

@@ -0,0 +1,71 @@
+Modular vPro Workflow Architecture
+==================================
+
+Architecture Diagram
+--------------------
+
+The modular vPro workflow makes use of components from the Edge Infrastructure
+Manager to provide an out-of-band (OOB) management pipeline for edge devices.
+The high level architecture of the workflow is shown in the following diagram:
+
+.. figure:: images/modular-vpro-architecture.png
+   :alt: High-Level Architecture of the modular vPro workflow
+
+Key Components
+--------------
+
+To enable the vPro device management for edge devices, the modular workflow
+uses the following Edge Infrastructure Manager services on the orchestrator:
+
+`Inventory <https://github.com/open-edge-platform/infra-core/tree/main/inventory>`_ is the state store
+in Edge Infrastructure Manager. The modular vPro workflow uses the inventory service to store the
+status of edge devices, including the current state of the device as well as the desired state.
+
+`API <https://github.com/open-edge-platform/infra-core/tree/main/apiv2>`_ provides a northbound REST based
+API that users and services can use to access Open Edge Platform services.
+
+`Orchestrator Command Line Interface (CLI) <https://github.com/open-edge-platform/orch-cli>`_ is a utility
+which provides a command line interface that allows users to interact and manage the Orchestrator services
+using the REST API.
+
+`Host Manager <https://github.com/open-edge-platform/infra-managers/tree/main/host>`_ is a service used to
+manager an edge node's hardware information. For the modular vPro workflow, this includes the status of the
+edge node device and the agents running there. The manager stores this information to inventory along with
+other information to identify the edge node.
+
+`Device Management Manager <https://github.com/open-edge-platform/infra-external/tree/main/dm-manager>`_ is a service
+that provides integration between the Intel® vPro™ Active Management Technology (AMT) and Intel® Standard Manageability (ISM)
+on the edge node and the services provided by the Device Management Toolkit outlined below. This includes enabling
+remote management of edge node devices, allowing for remote power management and system configuration.
+
+On the edge node device, the workflow requires the following agents:
+
+`Device Discovery Agent <https://github.com/open-edge-platform/edge-node-agents/tree/main/device-discovery-agent>`_ is an
+agent deployed on the edge node that is responsible for discovering and registering that edge node with the Edge Infrastructure
+Manager during onboarding. This includes collecting system information from the edge node and handling authentication with
+the orchestrator. The agent can be run in either an interactive or non-interactive mode.
+
+`Node Agent <https://github.com/open-edge-platform/edge-node-agents/tree/main/node-agent>`_ is an agent deployed on the edge node
+that is responsible for creating and refreshing any authentication tokens for agents running on the edge node. It also
+monitors the status of the edge node and the agents running on the node which it frequently reports to the Host Manager
+service in the Edge Infrastructure Manager.
+
+`Platform Manageability Agent <https://github.com/open-edge-platform/edge-node-agents/tree/main/platform-manageability-agent>`_ manages
+platform level manageability features on the edge node. It integrates the Remote Provisioning Client service from the Device
+Management Toolkit and Intel® vPro™ to enable OOB device management capabilities on the edge node.
+
+The vPro modular workflow also uses the following components from the `Device Management Toolkit (DMT) <https://device-management-toolkit.github.io/docs/2.31/Reference/architectureOverview/>`_
+on the orchestrator and edge node:
+
+`Management Presence Server (MPS) <https://device-management-toolkit.github.io/docs/2.31/Reference/MPS/configuration/>`_ allows
+edge nodes which have support for Intel® AMT to connect securely to remote manageability services.
+
+`Remote Provisioning Server (RPS) <https://device-management-toolkit.github.io/docs/2.31/Reference/RPS/configuration/>`_ is
+used to remotely connected to the Remote Provisioning Client service on an edge node device which supports Intel® AMT. It
+provides the required configuration profiles and settings needed to enable Intel® AMT for remote manageability of
+the device by MPS.
+
+`Remote Prvosioning Client (RPC) <https://device-management-toolkit.github.io/docs/2.31/Reference/RPC/overview/>`_ is a
+lightweight application written in Go that is installed on the edge node device and interacts directly with
+Intel® AMT. It communicates with the RPS service and activates and manages Intel® AMT based on the
+configuration profiles and settings sent by RPS.

docs/modular_workflows/vpro-amt-ism/data_flow.rst

@@ -0,0 +1,99 @@
+Data Flow
+=========
+
+There are two primary flows of data in the modular vPro workflow:
+
+1. **Top-down Requests**: These are driven by the user and are passed through
+   the API or command line interface (CLI) through to the edge node.
+2. **Bottom-up Discovery**: These are driven from the edge node and are passed
+   to the orchestrator services and are used to report changes on the edge node
+   on a periodic basis.
+
+The following diagram outlines how information flows in the modular vPro workflow
+between the agents and services at different stages:
+
+.. note::
+
+   AMT/vPro has two modes for configuring edge node devices and activating them,
+   Client Control Mode (CCM) and Admin Control Mode (ACM). The flow below outlines
+   how the modular vPro workflow activates an edge node device when using ACM.
+   For activating device in CCM, there is no need to include the creation of the
+   Domain Profile. For more details on activating edge node devices with CCM profiles
+   please see the `CCM documentation <https://device-management-toolkit.github.io/docs/2.31/GetStarted/Cloud/createProfileCCM/>`_
+   in the Device Management Toolkit (DMT) documentation and for ACM activation, please
+   see the `ACM documentation <https://device-management-toolkit.github.io/docs/2.31/GetStarted/Cloud/createProfileACM/>`_.
+
+.. mermaid::
+
+   sequenceDiagram
+   %%{wrap}%%
+   autonumber
+
+   participant us as User
+   participant cli as CLI
+   box LightCyan Orchestrator
+   participant api as API
+   participant inv as Inventory
+   participant dm as Device Management Manager
+   participant rps as Remote Provisioning Server (RPS)
+   end
+   box LightGreen Edge Node
+   participant pma as Platform Manageability Agent (PMA)
+   participant rpc as Remote Provisioning Client (RPC)
+   end
+
+   alt subscribe and listen for edge node creation events
+       dm->>dm: Edge Node creation event received
+       dm->>rps: Create CIRA configuration
+       dm->>rps: Create CCM profile
+       dm->>rps: Create ACM profile
+   end
+   note over pma: User updates edge node BIOS with DNS Suffix and MEBx Password
+   us->>cli: Register the edge node
+   node over cli: If no mode is specified by the user, CCM will be collected by default
+   cli->>api: Register host with node serial number/hardware UUID as well as activation mode
+   api->>inv: Create host and persist the host details in the inventory database
+   inv->>api: Return response from host creation in inventory database
+   api->>cli: Return response from host registration
+   cli->>us: Return response from host registration
+   node over pma: Periodically calls API to get activation request
+   us->>cli: Activate AMT request for edge node
+   cli->>api: Activate AMT request for edge node
+   api->>inv: Set the Desired State for AMT for edge node to PROVISIONED
+   inv->>api: Return response from activate AMT
+   api->>cli: Return response from activate AMT
+   cli->>us: Return response from activate AMT
+   pma->>dm: Get AMT Activation Request
+   dm->>inv: Query host to retrieve Activate AMT request from user
+   inv->>dm: Return repsonse from activate AMT with desired state
+   dm->>pma: Return response with profile name and details for AMT activation
+   pma->>rpc: Trigger activation command using rpc binary and received profile
+   rpc->>pma: Return activation command result
+   pma->>dm: Report AMT activation status
+   note over us: After device activation is completed, user can invoke AMT out of band operations
+
+Top-down Requests
+-----------------
+
+1. **Stage 1: Input**: User submits device onboarding/power on/power off requests via
+   the CLI to the device management manager API.
+
+2. **Stage 2: Processing and storage**: Data from user requests are sent to the inventory
+   service and is processed and stored. An event is generated for the request and
+   the modular vPro services are notified about the request.
+
+3. **Stage 3: Service notifcation and consumption**: Services, during reconile stages, will
+   detect the event created in the inventory service and act on the request as required.
+
+Bottom-up Discovery
+-------------------
+
+1. **Stage 1: Input**: Edge Node Agents push HW data from node up to manager services, which
+   process and sends them to the inventory service.
+
+2. **Stage 2: Processing and storage**: The inventory service processes the information from
+   the agents, stores it and generates new events for the modular vPro services.
+
+3. **Stage 3: Reconciliation**: The manager services (Host Manager, Device Management Manager, etc.)
+   detect the events from the inventory service and perform reconciliation between the event
+   data and the current data.

docs/modular_workflows/vpro-amt-ism/images/Vpro-BIOS-settings.png

@@ -0,0 +1,14 @@
+Modular vPro Workflow Deployment
+================================
+
+This workflow demonstrates an end-to-end activation and device-management
+process using Intel® vPro™ Active Management Technology (AMT) and
+Intel® Standard Manageability (ISM). It deploys modular components on both the
+control plane and the edge node to deliver out-of-band management capabilities.
+
+.. toctree::
+   :hidden:
+
+   architecture
+   data_flow
+   modular-vpro-amt-ism-deployment