SIMATIC IPC Remote Manager - Service, Support
Contents
1. IPC maintenance t IPC 3 2 L ipca user t IPC 5 password IPC 6 http or https i Att or hitos if ual Changing settings in the BIOS Management PC KVM Viewer IE ir OS unresponsive Repair Mode SIMATIC IPC Remote Manager Compact User Manual 07 2014 A5E03356938 03 Table of contents MEO DUCU ON sseciv vcs ins Seeeesuvbvsnnslonanectunceeapsuuoneess vvawaslanenectuncesanscouneess ivanasuanuneetuuseeannedubuesaseuvawadecounecmnitss 1 COTILLION cc eae cess tw nce hu vce cee wc wade vee ve tg ene wa eae ED renee ne 1 1 ES E A ian hide t ea aaa i eee ohn eae need eae 1 2 SQOMW e EA EE ee ed aa cee ieee cos E A E A A E P ER 2 Co nfig ng THE SYSLOM 55 6s nisncsuascssssscsesseseeuveausheannnecuvuseasnezanact dxunucashanduwneniusrseavsecaseerainseuaussdunsedeenexassve 2 1 Configuring the BIOS and Management Engine BIOS Extension MEBx 2 1 1 Enabling Intel AMT basic configuration 0 0 0 eceeeeeeeeeeeeeeeeeeeeeeeeeeeesaeeeeeseaeeeeeseneaeeeseeeaeeeeeenaeees 2 1 2 Resetting the Intel AMT to the default settings and disabling AMT 0 ceseceeeeseereeeeeeeeeeees 2 1 3 Disabling Intel AMT access to the BIOS 0 0 0 ec eeceeeeeeeeeeeeeeeeeeeeeseaeeeeeseneeeeeseneaeeeseneaeeeseenaeees 2 1 4 Configuring the IP address Manually cccceceeeeeeeeeeeneeeeeeeaeeeeeeaeeeeeeaaeeeseeaeeeseeaeeeeeeeeeeeeaas 2 1 5 Configuring the host NAMEC ceeeeee c2. Navigate to the Network node in the navigation window Click Add Known Computer The Add Intel AMT Computer dialog opens Enter the FQDN and the access information for the desired SIMATIC IPC with Intel AMT The desired SIMATIC IPC with Intel AMT is added to the navigation Creating a root certificate 1 2 5 Select Configuration Server gt Certificate Manager in the navigation Click Create Root Certificate The Certificate Generator dialog opens Under common name enter the desired name of the root certificates Use your company name for the Organization name and the corresponding country for the Country code Click Generate A security prompt appears You are informed that the root certificate just generated has been added to the certificate store Confirm the procedure with Yes Creating a security profile 1 Select Configuration Server gt Security Profiles in the navigation 2 Click Add Security Profile 3 In the next dialog enter a profile name and confirm with OK 4 Select the newly created profile in the navigation 5 6 7 8 9 1 Click on the button behind Intel AMT Features Select the desired functionalities in the following dialog and confirm with OK Click on the button behind Intel AMT Features In the next dialog select Use TLS Security and confirm with OK Click on the button behind Intel AMT Certificate 0 I
3. Technical support and supplementary documentation 4 4 1 Troubleshooting problems with KVM connections If you cannot establish a KVM connection refer to the troubleshooting checklist in the Troubleshooting connection section of the VNC Viewer Plus User Guide http www realvnc com products viewerplus 1 2 docs VNC_Viewer_Plus_User_Guide 4 2 References and other manuals You can find additional information about troubleshooting configuration and use of Intel AMT in the following manuals e IPC Operating Instructions e VNC Viewer Plus User Guide http www realvnc com products viewerplus 1 1 docs VNC_Viewer_Plus_User_Guide pdf Intel AMT page Manageability and Securit http software intel com en us manageability 4 3 Additional notes Teaming The on board Ethernet controller 82577LM 82579LM WGI217LM 1217LM does not support simultaneous operation of Intel AMT and teaming To be able to use Intel AMT and teaming simultaneously you need to plug in an additional Ethernet module with an Intel controller for example with an 82574L or another Intel Gigabit Ethernet controller Maximum resolution The MEBx used supports a maximum resolution of 1920x1080 Admin passwords You must assign the admin user a password when making the basic settings as detailed in Enabling AMT Basic configuration Page 7 You can then use this password to log on as admin user to the MEBx Web interface
4. You can skip this point if you have a new IPC in the factory state Proceed as follows to reset the Intel AMT to the default values 1 Press F2 in the boot sequence to open the BIOS 2 Select the Active Management Technology Support command in the Advanced menu for an IPC547D IPC547E select AMT Configuration SIMATIC IPC Remote Manager Compact User Manual 07 2014 A5E03356938 03 Configuring the system 2 1 3 See also 2 1 Configuring the BIOS and Management Engine BIOS Extension MEBx 3 Set Un Configure ME or Un Configure AMT ME to Enabled 4 Exit the BIOS with F10 Save and Exit You can exit the IPC547D 547E with F4 The following prompt will appear after an automatic restart Found unconfigure of Intel R ME Continue with unconfiguration Y N 5 Confirm this prompt with Y to discard all settings in the Management Engine ME 6 For IPC627C 827C 677C 647C 847C 427D 477D Field PG M4 you now need to set the Un Configure ME menu command in the BIOS back to Disabled Disabling Intel AMT access to the BIOS You can prevent Intel AMT from accessing the BIOS in the following situations e When you are no longer using Intel AMT e When you want to ensure that Intel AMT is not used without authorization If you disable access Intel AMT in the BIOS note the following e The IPC can still be control from the outside the BIOS via AMT e To fully disable Intel AMT proceed as de
5. 07 2014 A5E03356938 03 7 Configuring the system 2 1 Configuring the BIOS and Management Engine BIOS Extension MEBx 2 1 2 Procedure Settings in the MEBx 1 Use the arrow keys to select MEBx and confirm with the lt Enter gt key 2 Select MEBx Login 3 Enter the default password admin Change the password The new password must comprise At least eight characters An upper case letter A lower case letter A number A special character amp The underscore _ and space characters are valid in the string but do not increase the complexity of the password Note If the password is no longer available you must reset the Intel AMT to the default settings see Resetting the Intel AMT to the default settings and disabling AMT Page 8 Backup the password to protect it against loss 4 Switch to the Intel R AMT Configuration submenu and enable Manageability Feature Selection 5 Switch to the Intel R ME General Settings submenu and enable access via the network with Activate Network Access 6 Confirm the dialogs that appear with Y Drivers are automatically installed once as required in the subsequent restart Resetting the Intel AMT to the default settings and disabling AMT If Intel AMT has already been configured it is advisable to reset Intel AMT to the default settings One effect of resetting to the default settings is that Intel AMT is disabled
6. A5E03356938 03 Operating Intel AMT 3 3 SIMATIC IPC DiagMonitor integration 3 2 2 With the Web interface You can also use a Web interface to operate Intel AMT in addition to the KVM connection Procedure 1 Enter the following URL in the WEB browser https Fully qualified domain name 16993 The following website is displayed Intel Active Management Technology Windows Internet Explorer E 7 7 o x e9 OTE a Elei Yr Favoriten we E Web Slice Gallery vg Web Slice Gallery v ever hlagene Sites v Intel Active Management Technology AN G E ah v Seitey Sicherheity Etrasy y Intel Active Management Technology i fte Log On Log on to Intel Active Management Technology on this computer tog On Fertig Internet Gesch tzter Modus Inaktiv f vy 100 When an encrypted connection opened it is indicated in the WEB browser by a padlock icon next to the URL Clicking on the padlock icon display and analyze the certificate currently used for TLS encryption 3 3 SIMATIC IPC DiagMonitor integration If the SIMATIC IPC DiagMonitor software version 4 3 or later is installed on a SIMATIC IPC with SIMATIC IPC Remote Manager the following applies e The VNC Viewer Plus of the SIMATIC IPC Remote Manager is integrated in SIMATIC IPC DiagMonitor e You can find the VNC Viewer Plus in the Options menu and in the shortcut menu SIMATIC IPC Remote Manager Compact User Manual 07 2014 A5E03356938 03 21
7. SIMATIC IPC Remote Manager the RealVNC Viewer Plus is used for this purpose ME Management engine Firmware and hardware implemented by AMT MEBx Management Engine BIOS Extension User interface for basic configuration of AMT SCS Setup and Configuration Software Intel software for AMT configuration SOL Serial over LAN Text based remote control TLS Transport Layer Security Network protocol for encrypted transmission Successor to SSL 24 SIMATIC IPC Remote Manager Compact User Manual 07 2014 A5E03356938 03
8. Setup gt TCP IP Settings gt Wired LAN IPV4 Configuration 7 Make the following settings in this submenu 10 DHCP Mode Disabled IPV4 Address desired IP address Subnet Mask Address desired subnet mask Optional settings Default Gateway Address address of the default gateway Preferred DNS Address primary DNS server Alternate DNS Address secondary DNS server SIMATIC IPC Remote Manager Compact User Manual 07 2014 A5E03356938 03 Configuring the system 2 1 Configuring the BIOS and Management Engine BIOS Extension MEBx 2 1 5 Configuring the host name The host name and domain of Intel AMT can be managed separately from the installed operat ing system The host name must first be specified in order for Intel AMT to be accessible via a host name even when the installed operating system is not running Procedure Proceed as follows to specify the host name and domain of Intel AMT 1 Reboot the IPC The following message appears briefly on the display at the end of the self test Pre ss ESC for boot options Press lt ESC gt to open the BIOS selection menu Alternatively you can open the MEBX with the key combination lt Ctrl P gt 2 3 Use the arrow keys to select MEBx and confirm with the lt Enter gt key 4 5 Switch to the Intel R AMT Configuration submenu For IPCxxxC devices only Switch to the Intel R ME General Settings submenu 6
9. 47C V15 01 05 SIMATIC IPC627D All SIMATIC IPC827D All SIMATIC IPC677D All SIMATIC IPC647D All SIMATIC IPC847D All SIMATIC IPC427D All SIMATIC IPC477D All SIMATIC IPC547D All SIMATIC IPC547E All Field PG M4 All 1 2 Software At least the BIOS version specified in Table 1 1 must be installed to enable the use of Intel AMT on the listed devices SIMATIC IPC Remote Manager on the management PC supports the following Windows operating systems e Windows XP SP3 32 bit e Windows Vista SP2 e Windows 7 Ultimate Windows 7 Ultimate SP1 32 bit 64 bit e Windows Embedded Standard 7 e Windows Server 2003 R2 e Windows Server 2008 32 bit e Windows Server 2008 R2 64 bit SIMATIC IPC Remote Manager Compact User Manual 07 2014 A5E03356938 03 Conditions 1 2 Software Industrial Security Siemens offers products and solutions with Industrial Security functions that support the safe operation of equipment solutions machines devices and or networks They are important components in a comprehensive Industrial Security concept As a result the products and solutions from Siemens are constantly evolving Siemens recommends obtaining regular information regarding product updates For safe operation of Siemens products and solutions appropriate protective measures e g cell protection concept must be taken and each component must be integrated in a comprehensive Industrial Security concept which corresponds with the current
10. AMT KVM 3 Click Connect 4 In the next dialog log on to the user account with the access information that is stored in the Management Engine see point 8 in the section Enabling AMT Basic Configuration Page 7 The required KVM connection to the SIMATIC IPC with Intel AMT is established You can operate VNC Viewer Plus using the toolbar at the top of the window You can use this toolbar to execute various AMT commands such as Remote Power Management and IDE Redirection SIMATIC IPC Remote Manager Compact User Manual 07 2014 A5E03356938 03 17 Operating Intel AMT 3 1 Non encrypted connections The figure below shows the toolbar of the VNC Viewer Plus SHS KE 16881901042 When a non encrypted connection is opened it is indicated in the VNC Viewer Plus toolbar by a crossed out padlock icon and corresponding tool tip The following figure shows a non encrypted KVM connection Session timeout The Management Engine will close the KVM connection after a certain time if it is not used session timeout This reaction can be adjusted as follows using the VNC Viewer Plus as of version 1 2 Basic Options Configure the most common VNC Viewer Plus options Click the Advanced button for more options Basic Advanced Options REAL This page provides advanced configuration options It Display is recommended for experienced users only 3 Scale to window size Full screen mode Display Inputs Connection P
11. C IPC with Intel AMT However it only displays a black screen Remedy Connect a monitor to the SIMATIC IPC with Intel AMT or disable the Intel graphics driver using the device manager or set the Forced CRT switch to Enabled if available in BIOS Setup under Advanced gt Video Configuration 4 4 Service amp Support Additional support is available at Technical Support http www siemens de automation csi_en_WW SIMATIC IPC Remote Manager Compact User Manual 07 2014 A5E03356938 03 23 Abbreviations Abbreviation AMT Term Active Management Technology Meaning Remote maintenance technology DDNS Dynamic DNS Mechanism for assigning a static FQDN to an Internet connection with a dynamic IP address DHCP Dynamic Host Configuration Protocol Protocol for automatic configuration of IP networks DNS Domain Name System Service for determining the IP address of an FQDN MDTK Manageability Developer Tool Kit Developer tools used for example to test and configure AMT GUI Graphical User Interface Graphical user interface FQDN Fully qualified domain name Full name of a domain IDER IDE Redirection Remote emulation of an ISO file as drive IE Internet Explorer IPC Industrial PCs Particularly rugged computer for use in the industrial environment KVM Keyboard Video Mouse KVM Viewer Keyboard Video Mouse Viewer In the
12. Sel 7 Ma SIMATIC IPC Remote Manager ect Network Setup gt Intel R ME Network Name Settings ke the following settings in this submenu Host Name desired host name Domain Name desired domain Shared Dedicated FQDN Shared when host name and domain match those of the operating system Dedicated when AMT are to be given a different host name or domain Dynamic DNS Update Disabled Compact User Manual 07 2014 A5E03356938 03 11 Configuring the system 2 2 Installing the SIMATIC IPC Remote Manager 2 2 Installing the SIMATIC IPC Remote Manager Procedure 1 Start installation of the SIMATIC IPC Remote Manager via Setup exe 15 SIMATIC IPC Remote Manager Ins ar Welcome to the InstallShield Wizard for SIMATIC IPC Remote Manager The InstallShield R Wizard will install SIMATIC IPC Remote Manager on your computer To continue click Next WARNING This program is protected by copyright law and international treaties 2 Now follow the instructions in the installation wizard Once you have successfully completed this installation you can open the VNC Viewer Plus of the SIMATIC IPC Remote Manager as follows e Start gt Programs gt Siemens Automation gt Remote Manager gt VNC Viewer Plus You can find details about operating the VNC Viewer Plus in the section AMT operation Page 17 2 3 Configuring a modem router Port forwarding 12 When the SIMATIC IPC with Intel AMT conne
13. Si E M E N S Introduction Conditions Configuring the system SIMATIC Operating Intel AMT Technical support and SIMATIC IPC Remote Manager supplementary documentation Compact User Manual Abbreviations 07 2014 A5E03356938 03 Legal information Warning notice system This manual contains notices you have to observe in order to ensure your personal safety as well as to prevent damage to property The notices referring to your personal safety are highlighted in the manual by a safety alert symbol notices referring only to property damage have no safety alert symbol These notices shown below are graded according to the degree of danger Apane indicates that death or severe personal injury will result if proper precautions are not taken A WARNING indicates that death or severe personal injury may result if proper precautions are not taken CAUTION indicates that minor personal injury can result if proper precautions are not taken NOTICE indicates that property damage can result if proper precautions are not taken If more than one degree of danger is present the warning notice representing the highest degree of danger will be used A notice warning of injury to persons with a safety alert symbol may also include a warning relating to property damage Qualified Personnel The product system described in this documentation may be operated only by perso
14. and VNC Viewer Plus The admin user can assign two separate passwords in the MEBX and in the Web interface e One password for logging on to the MEBX e One password for the Web interface and the VNC Viewer Plus SIMATIC IPC Remote Manager 22 Compact User Manual 07 2014 A5E03356938 03 Technical support and supplementary documentation 4 4 Service amp Support The MEBx password can be changed at MEBx gt Intel R ME General Settings gt Change ME Password The password for the Web interface can be changed in the WEB Interface under User Accounts gt Change Administrator Account If different passwords have been set make sure you use the right one when logging on to the MEBx Web Interface and VNC Viewer Plus Intel AMT KVM Intel AMT KVM is only possible with the graphic adapter integrated in the basic module ISO images for IDE R The VNC Viewer Plus of the SIMATIC IPC Remote Manager up to and including version 1 1 supports ISO files up to 2GB in size Versions 1 2 and later also support ISO files of more than 2 GB Nero Burning ROM or Ultra ISO for example can be used to create ISO files KVM headless operation Behavior You want to access a SIMATIC IPC with Intel AMT with the following configuration from a management PC e Windows XP Professional SP3 is installed e Intel graphic driver is installed e No VGA monitor is connected The VNC Viewer Plus should now display the screen content of the SIMATI
15. cts to the Internet via a DSL modem you need to configure port forwarding in the DSL modem for the TCP ports 16992 to 16995 on the SIMATIC IPC with Intel AMT if the SIMATIC IPC with Intel AMT is going to be controlled remotely via the Internet e Port 16992 for HTTP e Port 16993 for HTTPS e Port 16994 for redirection TCP e Port 16995 for redirection TLS TCP ports 16992 and 16994 are only suitable for unencrypted connections First configure Transport Layer Security TLS to avoid a security risk Use a secure password SIMATIC IPC Remote Manager Compact User Manual 07 2014 A5E03356938 03 Configuring the system Dynamic DNS 2 4 2 4 1 2 4 Configuring Transport Layer Security TLS DSL providers usually assign dynamic IP addresses to their subscribers You can use Dynamic DNS DDNS to obtain a static address for the SIMATIC IPC with Intel AMT This always allows you to access the SIMATIC IPC with Intel AMT regardless of the dynamic IP address by means of a fixed Fully qualified domain name FQDN e g PC1 TESTDomain test Details for DDNS setup depend on the DSL modem and DDNS provider Basically you have to complete two steps in order to obtain a static FQDN by means of DDNS 1 Set up an account with a DDNS provider 2 On the DSL modem enable DDNS and enter the access and configuration data of your DDNS provider Configuring Transport Layer Security TLS Intel AMT offers the possibility to encry
16. e rr admin w eecececees Waiting for http 192 168 qa Remember my credentials 2 Click the Log On button 3 In the next dialog log on to the access information that is stored in the Management Engine Once you are logged on the Web interface provides detailed system information on the SIMATIC IPC with Intel AMT access to the event log of Intel AMT and the option for switching the SIMATIC IPC with Intel AMT on and off SIMATIC IPC Remote Manager Compact User Manual 07 2014 A5E03356938 03 19 Operating Intel AMT 3 2 Encrypted connections 3 2 Encrypted connections 3 2 1 With the VNC Viewer Plus of the SIMATIC IPC Remote Manager Procedure Proceed as follows 1 Start the VNC Viewer Plus of the SIMATIC IPC Remote Manager The New Connection dialog appears a VNC Viewer Plus New Connection 3 VNC Viewer Plus for Windows S hi Www MEC for re i for ee ht r more information on Address of the l AMT IPC In the New Connection dialog enter the following data Address of the SIMATIC IPC with Intel AMT preferably FQDN or host name Encryption TLS Connection Mode Intel AMT KVM When an encrypted connection is opened it is indicated in the VNC Viewer Plus toolbar by a padlock icon and corresponding tool tip The following figure shows an encrypted KVM connection connection is encrypted 20 SIMATIC IPC Remote Manager Compact User Manual 07 2014
17. eaaes 4 Technical support and supplementary documentation cssssssssssssssssssssssssssssssssseeeseeseeesseaseeeneeees 4 1 Troubleshooting problems with KVM connections 0 ccceeeeeceeeeeneeeeeeeneeeceenaeeeseeaeeeseenaeeeeeeaaes 4 2 References and other manuals 2 c cccccceeeeeeceeeeeeeneeseeeeneeeeeuaneeeeenaneeeeeeaneeseeaeseseeeenaeedeneneeeed 4 3 AAC GIIOMEl MOCO oasa aa AE a apices vince AEA EE said ET E seaueeteneted 4 4 Service amp Support oon eee ce ce eeccee cece ee eeee ce aeee cece ee eeeecaaeeeeeeeeesaaaaaeeeeeeeeesegeaeaeeeeeeeedseeacaeeeeeeeeneessenaeess A ADDIOVIAUONS occ sccssss s5eaccrsenevassv dnunechuncvassvesanneessuaceasdxssuanesuuskcassiconncesvessadsneseunedennicesbviceansesvexseovessvonsees SIMATIC IPC Remote Manager 4 Compact User Manual 07 2014 A5E03356938 03 Conditions 1 1 1 Hardware Intel AMT can be used only on SIMATIC IPCs with Core i5 Core i7 and Xeon processors Other processors such as Celeron Core i3 or Core 2 are not supported Intel AMT can only be used via the Ethernet interface 82577LM 82579LM WGI217LM I217LM The following SIMATIC IPCs are Intel AMT capable when equipped with one of the listed CPUs IPCs with Intel AMT support BIOS version at least SIMATIC IPC627C V15 02 05 SIMATIC IPC827C V15 02 05 SIMATIC HMI IPC677C V15 02 05 MC PC BOX V5 xxx V15 02 05 SIMATIC IPC647C V15 01 05 SIMATIC IPC8
18. ece ee eeeeeeeteeeeeeeeeeeaeeeeeeaaeeeseeeaeeeeeaaeeeseeaeeeseeaeeeeeenaeeeeeeaas 2 2 Installing the SIMATIC IPC Remote Manager ccceceeeeeceeeeeeeeeeeeeeeeeeeeeeeeeeeseeeeeeeseneaeeeseeeaeees 2 3 Configuring a modem route 2ccccseccceseees acted cence anie EEEE EEE EE EE 2 4 Configuring Transport Layer Security TLS sssseessssesssnneseerneessnnasetaneetsnnastenneetannaatenneanannaneennae 2 4 1 Management Director TOO eedonia 2 4 2 Setup and Configuration Software SCS eee eeeeeeeeeeeeeeeeeeeeeeeeaeeeeeeeaeeeeeeaaeeeseaeeeseeaeeeeeeaas 3 Operating INtel AMT sccissseuvinuvevevessxe cous Espe Ennan ease sass neu EEKEREN a NEEE REEERE EENE susneincereuxeuenneseeneeesens 3 1 NOM CNCrypted connections pac crecfiwead teen sdecectehecocdensathcatseeceueeenecdladesacycentsetdeckcneeedursedecatngyleeteeccd 3 1 1 With the VNC Viewer Plus of the SIMATIC IPC Remote Managet cccecccceeeeseeeeeeeeteeeeeees 3 1 2 With the Web intertace sscte A getcs wegeeteseseceed puveddes deeds syeutelav ved eeeeeteiar ee ensacia ae ates 3 2 Encrypted COMMOCONS cicccciees cectenceseceuens ieteeet cee edeesectvdaasee rE E E E T 3 2 1 With the VNC Viewer Plus of the SIMATIC IPC Remote Managet cccesccceeeeeireeeeteteeeerens 3 2 2 With the Web interfaces ccccits sectd cesseced eee eh eieceet eagheid EE EEE 3 3 SIMA TIC IPC DiagMonitor integration 0 eee ceecseeeeeneeeeeeeneeeeeeaeeeeeeaaeeeeeeaeeeseeaeeeeeenaeeeee
19. er Guide at Intel Setup and Configuration Service http software intel com en us articles download the latest version of intel amt setup and configuration service scs SCS User Guide http www ssl intel com content www us en software scs user guide html SIMATIC IPC Remote Manager Compact User Manual 07 2014 A5E03356938 03 Operating Intel AMT 3 Encrypted and non encrypted connections are established via the SIMATIC IPC Remote Manager VNC Viewer Plus or the Web interface You must first enter the license key before you can use the VNC Viewer Plus of the SIMATIC IPC Remote Manager If you do not enter a license key a test version of the software will be available for 60 days Enter the license key after you install the software with Start gt Programs gt Siemens Automation gt Remote Manager gt Advanced gt Enter VNC Viewer Plus License Key 3 1 Non encrypted connections 3 1 1 With the VNC Viewer Plus of the SIMATIC IPC Remote Manager Procedure Proceed as follows 1 Start the VNC Viewer Plus of the SIMATIC IPC Remote Manager The New Connection dialog appears VNC Viewer Plus New Connection VNC Viewer Plus for Windows fvevew realvnc com for more information on Username admin ve Password eeeeeseseeoo 2 In the New Connection dialog enter the following data Address FQDN or IP address of the SIMATIC IPC with Intel AMT Encryption None Connection Mode Intel
20. l 07 2014 A5E03356938 03 Configuring the system 2 2 1 Configuring the BIOS and Management Engine BIOS Extension MEBx 2 1 1 Enabling Intel AMT basic configuration For security reasons Intel AMT is not enabled on new devices The Management Engine ME is always active Procedure For IPCxxxD and Field PG M4 devices 1 If necessary first reset Intel AMT to the default status 2 To open the BIOS selection menu press the lt ESC gt key while the device is booting 3 Open the BIOS Setup using the Setup Configuration Utility SCU 4 Select the Active Management Technology Support command in the Advanced menu For IPC547D and IPC547E devices only Select AMT Configuration Activate the option Intel AMT Support 6 For IPC547D and PC547E devices only Select the Normal setting for MEBx Mode 7 Exit the BIOS Setup with lt F10 gt key Save and Exit For IPC547D and IPC547E devices only Exit the BIOS Setup with lt F4 gt key oa For IPCxxxC devices To open the BIOS selection menu press the lt F2 gt key while the device is booting Open the BIOS Setup using the Setup Configuration Utility SCU Select the Active Management Technology Support command in the Advanced menu Activate the option Intel AMT Support Activate the option Intel AMT Setup Prompt Exit the BIOS Setup with lt F10 gt key Save and Exit O a A OO N gt SIMATIC IPC Remote Manager Compact User Manual
21. n the next dialog select the root certificate you have created from the Issuer Certificate drop down list SIMATIC IPC Remote Manager Compact User Manual 07 2014 A5E03356938 03 Configuring the system 2 4 Configuring Transport Layer Security TLS 11 Fill in the Organization name and Country Code fields and set the Key size to 2048 12 Confirm your selection with OK 13 By clicking the button next to Accounts amp Permissions you can optionally add additional user accounts Assigning a security profile 1 2 Click on the Set this profile on computers button at the bottom of the application In the next dialog select the desired SIMATIC IPC with Intel AMT and then click on the Set Profile button Installing a root certificate on additional management PCs Exporting a root certificate 1 Select the Configuration Server gt Certificate Manager node in the Manageability Director Tool Select the root certificate you created Click Export In the next dialog save the certificate to a USB flash drive Importing a root certificate 1 Oo N O oO A OO N On the management PC double click on the root certificate on the USB flash drive to open it In the dialog that follows click Install Certificate In the dialog that follows click Next Select Place all certificates in the following store in the next dialog Click Browse and select Trusted R
22. nnel qualified for the specific task in accordance with the relevant documentation in particular its warning notices and safety instructions Qualified personnel are those who based on their training and experience are capable of identifying risks and avoiding potential hazards when working with these products systems Proper use of Siemens products Trademarks Note the following WARNING Siemens products may only be used for the applications described in the catalog and in the relevant technical documentation If products and components from other manufacturers are used these must be recommended or approved by Siemens Proper transport storage installation assembly commissioning operation and maintenance are required to ensure that the products operate safely and without any problems The permissible ambient conditions must be complied with The information in the relevant documentation must be observed All names identified by are registered trademarks of Siemens AG The remaining trademarks in this publication may be trademarks whose use by third parties for their own purposes could violate the rights of the owner Disclaimer of Liability We have reviewed the contents of this publication to ensure consistency with the hardware and software described Since variance cannot be precluded entirely we cannot guarantee full consistency However the information in this publication is reviewed regularly and any neces
23. oot Certification Authorities Confirm by clicking OK Click Next Click Finish A security warning appears and informs you that the selected root certificate has been added to the certificate store Confirm the procedure with Yes SIMATIC IPC Remote Manager Compact User Manual 07 2014 A5E03356938 03 15 Configuring the system 2 4 Configuring Transport Layer Security TLS 2 4 2 See also 16 Setup and Configuration Software SCS Intel Setup and Configuration Software is another tool that can be used to configure the SIMATIC IPC with Intel AMT for TLS and additionally managed in an Active Directory SCS is available for download from the Internet at the following URL Intel Setup and Configuration Service http software intel com en us articles download he latest version of intel amt setup and configuration service scs SCS requires Windows Server with the following roles e Certificate Services e Dynamic Host Configuration Protocol DHCP Server e Domain Name System DNS Server e Microsoft SQL Server Express Setting up SCS and the necessary programs is extremely complex SCS offers many additional functions for these tasks e g PKI and PSK Provisioning Using the Manageability Director is a faster and more efficient way to configure a SIMATIC IPC with Intel AMT for TLS You can find detailed instructions on the setup in the Intel Setup and Configuration Software Us
24. pt communications via the common TLS methods for example with the SIMATIC IPC Remote Manager and the Web Interface The SIMATIC IPC with Intel AMT must be configured accordingly To do this you need to store a certificate on the SIMATIC IPC with Intel AMT and in the operating system certificate store of the Management PC The host name and domain must be defined by the AMT See Configuring the host name Page 11 for a description TLS encrypts the connection between the SIMATIC IPC with Intel AMT and the management PC This is not a replacement for a secure password it only serves to complement it The configuration of the SIMATIC IPC with Intel AMT should only be made via a secure network connection Management Director Tool Das Management Director Tool is a program of the Open Manageability Developer Tool Kit Open MDTK Open MDTK is available for download from the Internet at the following URL Open MDTK http opentools homeip net open manageability Proceed as follows to create a certificate load it to the ME and configure the ME for TLS SIMATIC IPC Remote Manager Compact User Manual 07 2014 A5E03356938 03 13 Configuring the system 2 4 Configuring Transport Layer Security TLS Configuring a SIMATIC IPC with Intel AMT for TLS 14 1 2 3 Download Open MDTK Install Open MDTK on the management PC Start the Management Director Tool Adding a SIMATIC IPC with Intel AMT 1 2
25. rinting AMT Served Exe V Enable toolbar Name Value s V Adapt to network speed recommended AcceptBell True a AddrBookPath i AdvancedOptions AmtHttpProxyServer Connection AmtHttpProxyUsername View only V Pass spedal keys Use these settings for all new connections Coc coe Between 1 minute and 255 minutes can be set as a session timeout 60 minutes are set in the example above 0 disables session timeout the KVM connection is never be automatically closed in this case A value of 1 is used as the default for AMT AmtSessionTimeout value 1 to 255 minutes Timeout after a configured time Timeout disabled 1 minute Timeout as AMT default value SIMATIC IPC Remote Manager 18 Compact User Manual 07 2014 A5E03356938 03 Operating Intel AMT 3 1 Non encrypted connections 3 1 2 With the Web interface You can also use a Web interface to operate Intel AMT in addition to the KVM connection Procedure Proceed as follows 1 Enter the following URL in the WEB browser http IP address 16992 or http IPC_Name 16992 The following website is displayed TA Intel Active N x hip ANIEBNSLIEDeson 200 CE Re Favorites We E Suggested Sites v g jallery yg Web Slic O Intel Active Management Technology gt A v Pagew Safetyy Toolsv e Intel Active Management Technology The server 192 168 0 51 at Digest F1AA45E599588127F1746BB88EB14DB2 requires a username and password se e
26. sary corrections are included in subsequent editions Siemens AG A5E03356938 03 Copyright Siemens AG 2014 Industry Sector 07 2014 Subject to change All rights reserved Postfach 48 48 90026 NURNBERG GERMANY Introduction Intel Active Management Technology Intel AMT is an Intel technology for the remote maintenance of SIMATIC Industrial PCs IPCs with AMT technology using a management PC It is not necessary to install an operating system on the SIMATIC IPC with Intel AM Intel AMT provides numerous functions e g Keyboard Video Mouse KVM Redirection KVM connections are always possible using the KVM server that is integrated in the firmware KVM enables access to IPCs with a corrupted or no operating system as the KVM server is integrated in the AMT hardware KVM enables you to reboot a remote computer and make changes to its BIOS settings Remote power management SIMATIC IPC with Intel AMT can be switched on and off or restarted using another PC IDE redirection An image on the management PC can be emulated on the SIMATIC IPC with Intel AMT and integrated and used as a DVD drive or floppy drive If the image is bootable you can also boot the SIMATIC IPC with Intel AMT from it The following figure shows remote maintenance of SIMATIC IPCs with Intel AMT e g for troubleshooting a corrupt operating system or incorrect BIOS settings Administrator Help Desk PC SIMATIC IPC with Intel AMT eee
27. scribed in the section Procedure 1 First reset Intel AMT to the default settings 2 Open the BIOS selection setup 3 Select the Active Management Technology Support command in the Advanced menu For IPC547D and IPC547E devices only Select AMT Configuration 4 Clear the Intel AMT Support option For IPC547D and IPC547E devices only Select the Normal setting for MEBx Mode 5 Exit the BIOS Setup with lt F10 gt key For IPC547D and IPC547E devices only Exit the BIOS Setup with lt F4 gt key Resetting the Intel AMT to the default settings and disabling AMT Page 8 SIMATIC IPC Remote Manager Compact User Manual 07 2014 A5E03356938 03 9 Configuring the system 2 1 Configuring the BIOS and Management Engine BIOS Extension MEBx 2 1 4 Configuring the IP address manually The IP address and subnet mask must be assigned manually if no DHCP server is available Procedure Proceed as follows for this 1 a A OO N O Reboot the IPC The following message appears briefly on the display at the end of the self test Press ESC for boot options Open the BIOS selection setup Use the arrow keys to select MEBx and confirm with the lt Enter gt key Alternatively you can open the MEBX with the key combination lt Ctrl P gt For IPCxxxC devices only Switch to the Intel R ME General Settings submenu Alternatively you can switch to the Intel R AMT Configuration submenu Select Network
28. state of technology The products of other manufacturers need to be taken into consideration if they are also used You can find addition information on Industrial Security under http Awww siemens com industrialsecurity Sign up for our product specific newsletter to receive the latest information on product updates For more information see under http www siemens de automation csi_en_WW Disclaimer for third party software updates This product includes third party software Siemens AG only provides a warranty for updates patches of the third party software if these have been distributed as part of a Siemens software update service contract or officially released by Siemens AG Otherwise updates patches are undertaken at your own risk You can find more information about our Software Update Service offer on the Internet at Software Update Service http Awww automation siemens com mcms automation software en software update service Pages Default aspx Notes on protecting administrator accounts A user with administrator privileges has extensive access and manipulation options in the system Therefore ensure there are adequate safeguards for protecting the administrator accounts to prevent unauthorized changes To do this use secure passwords and a standard user account for normal operation Other measures such as the use of security policies should be applied as needed SIMATIC IPC Remote Manager 6 Compact User Manua
Download Pdf Manuals
Related Search