HP DC7800 User's Manual
Contents
1. The HP Compaq dc7800p Business PC is Intel vPro Processor Technology compliant The HP Compaq dc7700p Business PC is fully Intel vPro Processor Technology compliant and readily sup ports Virtual Appliances with the appropriate BIOS update See BIOS Requirements on page 3 for details The HP dc7800p and de7700p PCs are enabled for Intel vPro Processor Technology Some functionality of this technology such as Intel Active Management Technology and Intel Virtualization Technology requires additional 3rd party software to run Availability of future virtual appliance applications for Intel vPro Processor Technology is dependant on 3rd party software providers Compat ibility of this generation of Intel vPro Processor Technology based hardware with future virtual appliances and Microsoft Windows Vista operating system is yet to be determined What is Virtualization Virtualization is an abstraction layer that separates physical system resources from an operating system It allows a single processor to run multiple operating systems simultaneously and independently through the use of a Virtual Machine Monitor VMM A VMM is also known as a hypervisor and is software that han dles the sharing of system resources between different operating systems running beneath it Intel Virtualization Technology VT provides hardware support for virtualization This simplifies the need for complex VMM software A Light weight Virtual Machine2. AMT CONFIGURATION J Un Provision VLAN SOL IDE R Secure Firmware Update Set PRIC Idle Timeout Return to Previous Menu ESC 1 Exit t4 Select AS Figure 1 VA Configuration option in the MEBx O invent Enable VA Support Verified Boot Policy Clear Verified Boot Hash Clear Public Key Clear Key Wrap Key Return to Previous Menu ENABLED Figure 2 VA Support Enabled Set Verified Boot Policy to Verified Boot and Halt R VA VA my Clear Verified Boot Hash Clear Public Key Clear Key Hrap Key Return to Previous Menu Normal Boot Verified Boot and Continue Figure 3 Verified Boot Policy set to Verified Boot and Halt 10 Exit MEBx and boot into the operating system invent A VA can be uninstalled This can be because a VA is no longer needed or the user wants to install a dif ferent VA Only one VA can be installed at any given time The following provides an example of a VA 2 6 appliance uninstallation 1 Run the VA uninstallation file 2 Reboot the system The ME firmware will display an error stating that VA has been uninstalled with the VA boot policy set to Verified Boot and Halt You will then see the 2221 POST error message see Appendix A POST Error Messages on page 13 Cycle power to the system and go into the MEBx by pressing Ctrl P during POST Enter the MEBx password Select Intel AMT Configuration oS 0 A Select VA Configuration at the bottom of
3. Compaq dc7700p and de7800p Business PCs The HP Compaq dc7800p Business PC shipped in 2007 BIOS Requirements The HP Compaq dc7800p Business PC uses the 786F1 BIOS family Use BIOS version 1 04 or later for best compatibility and performance with VA 2 6 The HP Compaq dc7700p Business PC uses the 786E1 BIOS family Use BIOS version 3 03 or later for best compatibility and performance with VA 2 0 and VA 2 6 Intel Virtualization Technology must be enabled in F10 Setup before a VA can be launched VT is dis abled by default in F10 Setup A VA can be installed with VT enabled or disabled although some VA installers may warn users that VT is disabled during installation If VT is disabled during installation enter F10 Setup and enable VT after the installation is complete There are two kinds of Intel Virtualization Technology VTx and VTd Intel Virtualization Technology for lA 32 processors VTx deals with virtualization at the processor level This must be enabled for a VA to function Virtualization Technology Directed I O VTd is an extension of VTx and deals with virtualization at the chipset level VTd provides the capability to control DMA accesses and direct them to specific domains which are regions in physical memory All Core 2 Duo processors support VTx More advanced versions of Core 2 Duo also support VTd in addi tion to VIx Depending on which VT is supported by the processor one or both options may appear in O i
4. Management BIOS Driver 4 Microsoft UAA Bus Driver for High Definition Audio y Microsoft Windows Management Interface for ACPI 4 Motherboard resources Motherboard resources 4 Motherboard resources 4 Numeric data processor PCI bus Y Plug and Play Software Device Enumerator Pi Programmable interrupt controller System board 4 System CMOS real time clock System speaker System timer 4 Terminal Server Device Redirector e Unsupported Virtual Network Device Universal Serial Bus controllers Figure 6 Unsupported Virtual Network Device Hard Drive Layout A VA is located on its own hard drive partition called the Service OS partition to isolate it from the Client operating system Since the VA is an isolated entity that does not require COS interaction it is much more resistant to malicious software HP Compaq dc7700p and dc7800p Business PCs have a 102MB SOS partition at the end of the hard drive This partition is empty and is of type 72h Once a VA is installed the partition will become type 71h The VA loaded in the SOS partition will be in a single binary image ra invent 10 The SOS partition is not formatted or given a hard drive letter It does not have a file system and is not accessible through normal means The HP Backup and Recovery partition is located in between the COS partition and the SOS partition HP Backup _ d Client OS Partition Rocoraiy Service OS Partition Manager COS P
5. other network devices can be functional when a VA is installed The virtualization of the network adapter will cause network packets to be redirected to the SOS in the SOS partition which can impact network traffic performance If additional network packet monitoring and filtering are applied network performance may be impacted invent 7 The following is an example of a system with two network devices the Intel 82566DM and a Broadcom before a VA is installed El Device Manager File Action View Help e gt 8 amp 8 l A E UNIT342 Y Computer See Disk drives E 3 Display adapters DWD CD ROM drives Floppy disk controllers 3 IDE ATAJATAPI controllers Se Keyboards gt Mice and other pointing devices Monitors mee Network adapters Broadcom 802 11b g WLAN EN Intel R 82566DM 2 Gigabit Network Connection 614 Ports COM amp LPT SMR Processors 8 Sound video and game controllers See Storage volumes System devices E Universal Serial Bus controllers Figure 4 Two Network Devices Intel 82566DM and Broadcom After the VA is installed the Intel 82566DM NIC is renamed Intel Virtual 82555 Gigabit Net work Connection Ol invent Notice that the Broadcom network device is no longer under Network Adapters in Device Manager E Device Manager File Action Yiew Help gt 4 aA SA UNITS42 WY Computer See Disk drives 2 Display adapters 2 DVD CD ROM drives
6. Floppy disk controllers IDE ATAJATAPI controllers Keyboards Mice and other pointing devices Monitors Network adapters E Intel R Virtual 82566 Gigabit Network Connection Y Ports COM amp LPT SR Processors m Sound video and game controllers Se Storage volumes E System devices E Universal Serial Bus controllers DADAN aAA E Figure 5 Virtualized Intel 82566DM Network Controller After the VA is installed the Broadcom network device is renamed Unsupported Virtual Network Device and moved to System Devices in Device Manager O invent E Device Manager File Action View Help YB A Mice and other pointing devices Monitors BB Network adapters 4 Ports COM amp LPT SBR Processors 8 Sound video and game controllers See Storage volumes E System devices 4 ACPI Fixed Feature Button ACPI Power Button Advanced programmable interrupt controller 4 Direct memory access controller 4 High precision event timer Y Y Y Infineon Trusted Platform Module 4 Intel R 82801 PCI Bridge 244E 4 Intel R ICH9 Family PCI Express Root Port 1 2940 YY Intel R ICH9 Family PCI Express Root Port 2 2942 4 Intel R ICH9DO LPC Interface Controller 2914 Intel R LYMM Driver 4 Intel R Management Engine Interface YY Intel R Q35 Express Chipset Processor to I O Controller 2980 4 ISAPNP Read Data Port 4 Microsoft ACPI Compliant System 4 Microsoft System
7. HP Compaq dc7800p Business PC with Intel vPro Processor Technology and Virtual Appliances Me NY cay eh wet iaiia 9 hs crs a tc te WCB AES A 2 What is Virtualization ra RR RS O 2 What is a Virtual Appliance corta a AAA A 2 Virtual Appliance Generations aida rad 3 BIOS Requirements sico 240 4 eaten riada Ga E EE AA RS deck 3 BIOS Recommendation ain ar io a 4 Hardware Requirements izada dee E e a dea Ad 4 Virtual Appliance Installation o id BES E AA EN 5 Network Modifications pida id ie 7 Hard Driye LOVE ee Ao ate 10 Known Limitations 2 20 2 eee eee eee 1 Appendix A POST Error Messages pitan idas aia RAS 13 Additional Information sasse 4 oo ade oe lia he AI AA He de le e 14 O invent Introduction Intel vPro Processor Technology is designed to improve management of PC systems and provide proac tive security It is a combination of Intel AMT Active Management Technology and Intel VT Virtualization Technology Intel AMT provides several defense mechanisms against malicious software attacks System Defense to monitor and control network traffic e Network Outbreak Containment to isolate a compromised system e Agent Presence to detect malfunctioning software In addition to the system protection Intel AMT provides the hardware virtualization capabilities of Intel VT allows for a virtualized layer of protection This virtualized layer protection is accomplished by what is known as a Virtual Appliance VA
8. Monitor VMM can be used instead of a full VMM What is a Virtual Appliance A Virtual Appliance is a virtualized environment that runs independently yet concurrently with the Client Operating System COS It is transparent to the COS and the user The purpose of a VA is to protect the COS from malicious software attacks and provide automatic security updates without user intervention A VA is composed of several components an LVMM a Service OS SOS and embedded applications The LVMM along with Intel VT virtualizes the VA from the COS The SOS executes the embedded appli cations within the VA Using a management console IT personnel can control a VA VA packages are available through third party vendors such as Symantec or Altiris invent 2 Virtual Appliance Generations Virtual Appliance 2 0 features include SOS based on Windows CE 5 0 e COS is Windows XP 32 bit e Supports AMT 2 1 and later The HP Compaq dc7700p Business PC shipped in 2006 and will have a VA 2 0 compliant BIOS avail able in September 2007 see BIOS Requirements on page 3 The version of VA 2 0 on the HP Compaq dc7700p is VA 2 0 1 which is VA 2 0 with an Intel LVMM hot fix For the purposes of this white paper VA 2 0 is listed to avoid confusion See Known Limitations on page 11 Virtual Appliance 2 6 features include e All features of VA 2 0 Support for AMT 3 0 VA 2 6 is backwards compatible with VA 2 0 and supports both HP
9. artition SOS Beginning of HDD End of HDD Figure 7 HP Compaq dc7700p and dc7800p hard drive layout Known Limitations Intel vPro technology currently supports only a single VA You will need to select the right VA to suit your needs VA 2 6 is available at time of launch of the HP Compaq dc7800p Business PC but will only support Windows XP as the COS There is no Vista support for VA 2 6 VAs do not support RAID configurations at this time VAs do not support more than two processor cores at this time Therefore quad core processors such as the Intel Q6xxx are not supported VAs do not support AMT 1 0 The system must be in AMT 2 x or AMT 3 0 mode VAs do not support any other network cards besides the onboard Intel 82566DM network controller Installation of a VA to a system with multiple hard drives might encounter complications This is due to the Windows XP plug n play PnP algorithms using an in place reorder mechanism for PnP enumera tion More details on this issue can be found in the Microsoft Knowledge Base Article at http sup port microsoft com kb 825668 en us To work around this issue the IDE R controller in Device Manager must be disabled and the system reboo ted before installing the VA Once this is done Windows XP will only see one IDE controller and enumer ate the hard drives properly The IDE R controller appears as a standard dual channel PCI IDE controller O invent 11 amp Device Mana
10. e BIOS 2 x abled VT versions VT is disabled after uninstall ing a VA Virtualization Technology should be turned off when not in use for security reasons This is done to protect your system from malicious attacks To re enable VT enter F10 Setup and set Virtualization Technol ogy to Enable 2229 EIT Failure VA does not support processors Replace processor with a single or 2 x with more than two cores dual core processor ca invent bs Additional Information To learn more about HP Compaq Business PC and Intel vPro Processor Technology go to www hp com and read the following white papers e vPro Prerequisites and Trade offs for the dc7800 Business PC with Intel vPro Technology e vPro Setup and Configuration for the dc7800 Business PC with Intel vPro Technology 2007 Hewlett Packard Development Company L P The information in this document is subject to change without notice The only warranties for HP products and services are set forth in the express warranty statements accompanying such products and services Nothing herein should be construed as constituting an additional warranty HP shall not be liable for technical or editorial errors or omissions contained herein Microsoft MS DOS Windows and Windows NT are trademarks of Microsoft Corporation in the U S and other countries 461594 001 10 2007 invent 14
11. endix A POST Error Messages The following are POST error messages related to VA problems during system boot VA Version Post Error Message Suggested Action Applicable 2213 EIT Failure Hardware for VA support not Ensure Intel AMT is enabled and a VT 2 x present capable processor is installed 2214 EIT Failure VA partition corrupt or missing Ensure drive with VA image is installed 3 x correctly 2215 ElT Failure VA boot record read failure Ensure drive with VA image is installed 2 x correctly 2221 EIT Failure VA partition corrupt or missing Enter MEBx setup and change Verified 2 x Boot Policy to continue normal boot 2222 EIT Failure Unknown boot policy returned Upgrade ME firmware Re flash BIOS 2 x from MEBx 2223 EIT Failure VT must be enabled to launch VA Enter F10 Setup and enable Intel Virtu 2 x and 3 x alization Technology 2224 ElT Failure Embedded Security must be avail Enter F10 Setup and set Embedded 2 x able to launch VA Security Device to Device Available 2225 ElT Failure VT d must be enabled to launch Enter F10 Setup and enable Intel Virtu 3 x VA alization Technology Directed I O 2226 ElT Failure TXT must be enabled to launch VA Enter F10 Setup and enable Trusted 3 x Execution Technology 2227 EIT Failure Embedded Security must be Enter F10 Setup and set Embedded 3 x enabled to launch VA Security Device support to Enable 2228 EIT uninstall has automatically dis No action required For som
12. ger File Action View Help e re R Ra HPTEST 44 Computer Sw Disk drives ig Display adapters 4 DVD CD ROM drives LE Floppy disk controllers 1 48 Floppy disk drives IDE ATAJATAPI controllers 2 Intel R ICHS 4 port Serial ATA Storage Controller 2820 2 Primary IDE Channel Primary IDE Channel 2 Secondary IDE Channel 2 Secondary IDE Channel 3 Standard Dual Channel PCI IDE Controller ae Keyboards a Mice and other pointing devices El EL Le Figure 8 IDE R controller in Device Manager e There are restrictions in the way hard drives can be duplicated using duplication software such as Symantec Ghost once a virtual appliance is installed Hard drive cloning through software means is only possible for same sized hard drives This is because of the LVMM and the way it boots e A system with a VA installation cannot swap out its booting hard drive with another hard drive The hash check will fail and the system will not boot e VA 2 0 appliances on the dc7700p systems require the 2 0 1 LVMM hotfix from Intel Without this hot fix the following symptoms may be seen e Failure to load LVMM with error code of 0x81 e Failure to load Windows XP with the KB909095 Microsoft patch applied or other patches that update NTOSKRNL EXE to a version greater than 5 1 2600 2774 This patch is included in the preinstall image shipping with the dc7700p e Failure to resume from S3 Ol invent 12 App
13. nvent 3 The VT options are located in the Security tab in F10 Setup For the HP Compaq dc7700p Business PC go to e Security gt OS Security gt Virtualization Technology VTx For the HP Compaq dc7800p Business PC go to e Security gt System Security gt Virtualization Technology VTx e Security gt System Security gt Virtualization Technology Directed I O VTd If the processor supports Intel Trusted Execution Technology TxT then that option will also appear under System Security below the VT options on a HP Compaq dc7800p Business PC TxT is a processor fea ture that protects data on the system and verifies that the system is loading from a known safe state TxT is not required for VA2 0 or VA2 6 BIOS Recommendation HP recommends that administrators set an F10 Setup password and a MEBx password when deploying Virtual Appliances HP also recommends that IT administrators disable Removable Media Boot in F10 Setup located at Storage gt Storage Options gt Removable Media Boot This prevents malicious users from bypassing the SOS boot Hardware Requirements An Intel vPro processor technology capable system is required to use a VA VA 2 0 requires the following hardware e Intel Core 2 Duo processor E6x00 e Intel Q965 with ICH8 DO chipset e Intel 82566DM Network Interface Controller A TPM is needed for VA 2 0 is to hash the VA boot record It has to be unhidden but does not have to be enabled VA 2 6 mus
14. t have the following hardware e Intel Core 2 Duo processor E6x50 e Intel Q35 with ICH9 DO chipset e Intel 82566DM Network Interface Controller e 1 2 TCP compliant TPM The HP Compaq dc7700p Business PC is an Intel vPro processor technology branded system that meets all Intel vPro processor technology hardware requirements and supports VA 2 0 and VA 2 6 with the appropriate BIOS update ra invent 4 The HP Compaq dc7800p Business PC is an Intel vPro processor technology branded system that meets all Intel vPro processor technology hardware requirements and supports VA 2 6 In addition to the hardware requirements HP recommends that the system has a minimum of 1 GB RAM Virtual Appliance Installation Currently VA 2 0 and VA 2 6 must be installed on a system with Windows XP 32 bit The system must meet or exceed the hardware and BIOS requirements mentioned in the previous sections The following provides an example of a VA 2 6 appliance installation Run the VA Setup file Follow the directions from the installer Reboot the system If necessary enable VT in F10 Setup and then reboot Go into the MEBx by pressing Ctrl P during POST Type the MEBx password NOUR WN D Select Intel AMT Configuration The VA Configuration option will now be available at the bottom of the AMT Configuration list Intel R Management Engine BIOS Extension v3 8 2 0064 Copyright C 2883 87 Intel Corporation All Rights Reserved INTEL R
15. the list and change the VA Boot Policy to Normal Boot Depending on the BIOS version the system may reboot and then display the 2228 POST message see Appendix A POST Error Messages on page 13 This is an informational message that lets the user know that VTx has automatically been disabled Press F1 to continue the boot process The system boots normally to Windows XP Network Modifications The installation of a VA causes the onboard network controller to be virtualized The COS is no longer in control of the physical network device Instead the COS is in control of a virtual version of the network device and the SOS is in control of the physical network device The network device virtualization will cause the Device ID and name string of the Intel 82566DM network adapter to change This should result in new hardware found message and the installation of Intel vir tual network drivers All other network devices will be virtualized away This means e Vendor and Device ID will be changed to 8086h 10B8h e Moved to System Devices as an Unsupported Virtual Network Device e No driver is installed for unsupported devices e Although device is non operational system resources will be used The purpose of this network device virtualization is for security reasons Network traffic can be monitored and filtered through the Intel 82566DM network controller but this cannot be done with any other net work devices Therefore no
Download Pdf Manuals
Related Search