Dell D630 Administrator's Guide
Contents
1. IT TLS PSK Legacy If you want Transport Layer Security TLS execute the legacy method of Intel AMT setup and configuration on an isolated network separate from the corporate network A setup and configuration server SCS requires a secondary network connection to a certification authority an entity which issues digital certificates for TLS configuration Initially the computers are shipped in the factory default state with Intel AMT ready for configuration and provisioning These computers must go through Intel AMT setup in order to go from the factory default state to the setup state Once the computer is in the setup state you can continue to configure it manually or connect it to a network where it connects with an SCS and begin Enterprise Mode Intel AMT configuration IT TLS PSK IT TLS PSK Intel AMT setup and configuration is usually performed in a company s IT department The following are required Setup and configuration server Network and security infrastructure Intel AMT capable computers in the factory default state are given to the IT department which is responsible for Intel AMT setup and configuration The IT department can use any method to input Intel AMT setup information after which the computers are in Enterprise mode and in the In Setup phase An SCS must generate PID and PPS sets Intel AMT configuration must occur over a network The network can be encrypted using the Transport Layer Security Pre Shared Key2. O Reports O Tasks FE Pe Tos Des cription Modified By Modified Date Section 1 Provisioning Folder TRVPRO Administrator 6 14 2007 1 17 14 PM Section 2 Intel AMT Tasks Folder TRVPRO Administrator 6 14 2007 1 17 13 PM Type Favorites amp My Favorites Altris Console Home Rows 1to2o0f2 Page 1 of 1 Rows per page ail x ES Pe a wu 7 Select Step 1 Configure DNS The notification server with an out of band management solution installed must be registered in DNS as ProvisionServer Altiris Console 6 5 Windows Internet Explorer xj Go v Zo retp ifairistox trepro local AkrisiConsoleJDel aut asp ConsoleGuid 3l aaBbG7 250b 42ad 8186 e2 4949e 7078 ViewGuder v X five Search p We Se y akiris Conscle 6 5 c altiris console Home View Manage Sakka 3 amp Out of Band Management Alert Standard Format Getting Started sb panim Intel AMT Getting Started O Configuration S E Intel AMT Getting Started S C Secten 1 Provisioning O Basic Provisioning without TLS Step 1 Configure ONS GP Step 2 Oscover Capsbiites Gi Siep 3 View Intel AMT Capable Computers Step 4 Create Profie Step 5 Generate Security Keys Step 6 Configure Automatc Profle Assignments Step 7 Monitor Provisioning Process Step 8 Monitor Profile Assignments O Enade Security ILS amp C Section 2 Intel AMT Tasks O Reports amp C
3. Step 6 Configure Automate Profle Assignments Applies to collections rat z Step 7 Monitor Computers All 32 bit Windows Vista Computers Step 8 Monitor Profie Assignments Package Multicast Disable download via multicast B O Enabie Security MS San AERO E EO T PO estre ET RAAS SS SSS SSN E C Section 2 Intel AMT Tasks Scheduling Options amp CJ Reports C Manual F Run once ASAP C Tasks Scheduled F Schedule No schedule has been defined Only run at scheduled time Run as soon as possible after the scheduled time F user Can Run F Notify user when the task is available I wam before running lgj x re fes P C Yaseen pas SN Ad ATL ME AL Altiris Console 6 5 Windows Internet Explorer gt MEAS rato j ehirizbox trvpro Jocal Akria Conaole Det au 2 pxc Console Guide Sf aab 7 250b 422d 0186 21494907078 Gd jx Home View Manage amp Outof Banc Management it amp A Ajert Standard Format Getting Ste tec Fa E EE EEEE EIEEE amp C Colectons All Intel AMT Capable Computers amp Configuraten All computers in this collection are Intel AMT capable G amp Intel AMT Getting Started Lest Updated 6 27 2007 11 03 11 AM amp C Section i Provisioning e O Basic Prowsioning without TLS Step 1 Configure Ors Bb Step 2 Discover Capab bes Ui Step 3 View Intel AMT Capabie Computers Step
4. amp CJ Tasks The computers for which the keys were applied begin to appearing in the system list At first the status is Unprovisioned then the system status changes to In provisioning and finally it changes to Provisioned at the end of the process Altiris Console 6 5 Windows Internet Explorer BR Zp Akiris Console 6 5 AME 2j Pe Tos c altiris console i gt Home View Manage fel amp amp Out of Band Management S Eg Aet Standard Format Getting Started amp CJ Colectons C3 Configuration E Intel AMT Gettng Started amp O Section i Provisioning m O Base Provisioning without TLS Step 1 Configure ONS ap Step 2 Oscover Capabiites Gi Step 3 View Intel AMT Capable Computers ST Step 4 Create Profi of Step S Generate Security Keys Step 6 Configure Automate Profile Assignments Step 7 Monitor Provisioning Process Step 8 Monitor Profile Assignments S O Enade Security MS amp C Section 2 Intel AMT Tasks aitirisbox trvpro tocal TE ver OVAdministestor La VUH FODN Status Provision Date Version m E O Reports amp C3 Tasks es veri zl guj inerovisioning X 7 Records an Favorites Y By T By rn a z E My Favorites 2 name defaut 5 zl Li UUID B date s 27 2006 12100100 AM gh tes Console Home Order by vuro m direction ascending z paa ENTE UE Red ua ee RUNI 4 35 Select Step 8 Monitor Profile Assignments gt Altiris Console 6
5. G hitp faltirisbox trvpro local Akirisi Console Del suit aspx ConsoleGuida3f 446b67 250b 42 88 8 1 86 Fa2f 49498 707 B View Gida wo 2 Akiris Console 6 5 gt E oopa Tos altiris console aitirisbox trvpeo tocal TRVPRO Administrator l Home View Manage Tools Reports Configure Help gt 4 3 e os of Band Management ESI IUE Gl Z MIX Ej Aet Standard Format Getting Started Profile Assignments jJ Collections O Configuration FADN UUID Profile Name E Intel AMT Getting Started 3 O Section i Provisioning O Bask Provisioning without TLS Step 1 Configure ONS SB Step 2 Oscover Capeb bes Di Siep 3 View Intel AMT Capabie Computers ST Step 4 Create Profle Step S Generate Security Keys ul Step 6 Configure Automabc Profle Assignments Step 7 Monitor Provisioning Process Step 8 Monitor Profile Assignments Enable Security TLS H C Section 2 Intel AMT Tasks Reports Tasks Favorites f Tw ey vuro ey FQon Ey Profile eefaut_3 x y Favorites HP Alteis Console Home Order By fuvie direction Ascending y AO Ou Done LITT TL Dee nens i10 Once the computers are provisioned they are visible under the Collections folder in All configured Intel AMT computers f Altiris Console 6 5 Windows Internet Explorer ET 7 l0j xj G X hitp sitirebox trvpro local Altiris Consola Detak aspx Console Guid 3f 55
6. Provision Model set PID and PPS Un Provision SOL IDE R Secure Firmware Update Set PRTC B IESCI Exit fi Select ENTER Access Bx Set PRTC Enter PRTC in GMT UTC format YYYY MM DD HH MM SS Valid date range is 1 1 2004 1 4 2021 Setting PRTC value is used for virtually maintaining PRTC during power off G3 state This configuration is only displayed for the Enterprise Provision Model 4 Copuright C 2 2003 06 Intel pact all Mais each INTEL R ANT CONFIGURATION TCP IP Provisioning Server Provision Model set PID and PPS Un Provision SOL IDE R Secure Firmware Update Enter PRTC in GMT UTC format C YYY MM DD HH MM SS ESC Exit Boon ENTUM Idle Timeout Use this setting to define the ME WoL idle timeout When this timer expires the ME enters a low power state This timeout takes effect only when one of the ME WoL power policies is selected Enter the value in minutes Intel R Management Engine BIOS Extension v2 5 15 0000 Copyright C 2003 06 Intel Corporation All Rights Reserved 1 ALI RN Al COU _ Provisioning Server Provision Model set PID and PPS Un Provision SOL IDE R secure Firmware Update Set PRTC Timeout Value 0 65535 ESC Exit ENTER Submit Intel AMT in DHCP Mode Settings Example The table below shows a basic field settings example for the Intel AMT Configuration menu page to configure the computer in DHCP mode Intel AMT Con
7. 2003 06 Intel Corporation All Rights Reserved UAM LC c BA Intel R ME Configuration bk Intel R AMT Configuration Change Intel R ME Password Exit tl Select CENTER Access ESCJ Exit 5 The following message appears fter configuration change Continue Y N System resets ai Press lt y gt Intel R Management Engine BIOS Extension vZ 5 15 0000 Copyright C 2003 06 Intel Corporation All Rights Reserved d AE ih LN Intel R ME Configuration Intel R AMT Configuration Change Intel R ME Password Exit ESC Exit tl Select ENTER Access Caution System resets after configuration changes Continue Y N 6 Intel ME State Control is the next option The default setting for this option is Enabled Do not change this setting to Disabled If you want to disable option to None Intel AMT change the Intel R Management Engine BIOS Extension u2 5 15 0000 Copyright C 2003 06 Intel Corporation All Rights Reserved Intel R ME Firmware Local Update LAN Controller Intel R ME Features Control Intel R ME Power Control Return to Previous Menu ESC Exit RESENA ENTER Access DISABLED x ENABLED 7 Select Intel ME Firmware Local Update Press lt Enter gt 8 Select Always Open Press lt Enter gt The default setting for this option is Disabled Intel R Management Engine BIOS Extension v2 5 15 0000 Copyright C 2003 06 Intel Corporatio
8. 65535 ESCI Exit ENTER Submit 16 Select Return to Previous Menu Press Enter Intel R Management Engine BIOS Extension vZ 5 15 0000 Copyright C 2003 06 Intel Corporation All Rights Reserved INTEL R ANT CONFIGURATION J TCP IP Provision Model Un Provision SOLZ IDE R secure Firmware Update set PRTC Idle Timeout Return to Previous Menu IESC Exit th Select ENTER Access 17 Select Exit Press lt Enter gt Intel R Management Engine BIOS Extension v2 5 15 0000 Copyright C 2003 06 Intel Corporation All Rights Reserved SSS Intel R ME Configuration Intel R AMT Configuration Ch ange Intel R ME Password it ESC Exit tl Select ENTER Access 18 The following message appears Are you sure you want to exit Y N Press lt y gt Intel R Management Engine BIOS Extension v2 5 15 0000 Copyright C 2003 06 Intel Corporation All Rights Reserved M 9 DAE ih iN ee Intel R ME Configuration Intel R AMT Configuration Change Intel R ME Password Exit ESC Exit E t Select ENTER Access fre you sure you want to exit Y N 19 The computer restarts Turn off the computer and disconnect the power cable The computer is now in setup state and is ready for Back to Contents Page Troubleshooting Dell Systems Management Administrator s Guide Return to Default Un Provisioning Firmwar
9. Enter gt Intel R Management Engine BIOS Extension y2 5 15 0000_ Copyright C 2003 06 Intel Corporation All Rights Reserved INTEL R AMT CONFIGURATION 1 Host Name TCP IP Provisioning Server Provision Mode set PID and PPS Un Provision SOL IDE R secure Firmware Update ESC J Exit BEES EST ENTER Access 7 Type the provisioning server IP in the Provisioning server address field and press lt Enter gt Intel R Management Engine BIOS Extension v2 5 15 0000 Copyright C 2003 06 Intel Corporation All Rights Reserved a INTEL R AMT CONFIGURATION Host Name TCP IP Provisioning Server Provision Mode Set PID and PPS Un Provision SOLZ IDE R Secure Firmware Update Provisioning server address ESC Exit EE PETI K NOTE The default setting is 0 0 0 0 This default setting works only if the DNS server has an entry that can resolve tech provision server to the IP of the provisioning server 8 Type the port in the Port number field and press lt ENTER gt Intel R Management Engine BIOS Extension v2 5 15 0000 Copyright C 2003 06 Intel Corporation All Rights Reserved INTELCR AMT CONFIGURATION Host Name TCP IP Provisioning Server Provision Mode set PID and PPS Un Provision SOL IDE R secure Firmware Update Port number 0 65535 ESCT Exit EE LENTER Submit NOTE The default setting is 0 If left at the default setting of 0 the AMT attempts to contact
10. Greate an M5 DOS startup disk Removable Disk Cut File System FAT Copy 3 Select AMT Quick Start from the left navigation menu to open the Altiris Console gt Altiris Quick Start Console Windows Internet Explorer fm jw e hitp ffaltinisbox trvpro loc alf Akiris NS QuickStaet asp Console Guida 996 1 448 4 16 4001 8544 e2f Ldsc74 acf 9 XK Love Sesi P WR ie Faris Quick Start Console p gt E o oopa O To DOLL Dell Client Manager Standard a4n0n0esed99ue Getting Started Discover Manageable Resources install the Altiris Agent Configure Altiris Agent settings D lt GLL Dell Client Manager Standard Enable Hardware Management HARDWARE Discover Dell Client Systems MANAGEMENT Configure Agents for 32 bit Hardware Management Welcome Configure Agents for 64 bit Welcome to Dell Client Manager Standard This hardware management solution lets you manage your Dell Hardware Management Precision workstations OptiPlex desktops and Lastude notebooks from a remote management console View Client Systems Discovery Management capabilities for certain older models as well as Dell Inspiron notebooks and Dimension Results desktops are limited to discovery only See the Product Guide for a complete list of supported models View Client Systems Configured for Dell Client Manager Standard includes a 90 day license If the license is allowed to expire inventory functions Hardware Management will cease functioning
11. Rights Reserved INTEL R AMT CONFIGURATION J TCP IP Provisioning Server Provision Model set PID and PPS Un Provision SUL IDE R Secure Firmuare Update Set PRTC ESC Exit ft Select ENTER Access Username and Password DISABLED ENABLED This option provides the user authentication for SOL IDER session If the Kerberos protocol is used set this option to Disabled and set the user authentication through Kerberos If Kerberos is not used you have the choice to enable or disable user authentication on the SOL IDER session Serial Over LAN SOL DISABLED ENABLED SOL allows the Intel AMT managed client console input output to be redirected to the management server console IDE Redirection I DE R DISABLED ENABLED IDE R allows the Intel AMT managed client to be booted from remote disk images at the management console Secure Firmware Update This option allows you to enable disable secure firmware updates Secure firmware update requires an administrator user name and password If the administrator user name and password are not supplied the firmware cannot be updated When the secure firmware update feature is enabled you are able to update the firmware using the secure method Secure firmware updates pass through the LMS driver Intel R Management Engine BIOS Extension v2 5 15 0000 Copyright C 2003 06 Intel Corporation All Rights Reserved INTEL R AMT CONFIGURATION TCP IP Provisioning Server
12. Serial Over LAN LC J DISABLED x ENABLED IDE Redirection Select Enabled and then press lt Enter gt Intel R Management Engine BIOS Extension v2 3 15 0000 Copyright C 2003 06 Intel Corporation All Rights Reserved INTEL R AMT CONFIGURATION I TCP IP Provisioning Server Provision Model set PID and PPS Un Provision Secure Firmuare Update set PRTC E C Exit f Select LENTER Access IDE Redirection DISABLED 12 Secure Firmware Update is the next option The default setting is Enabled 13 14 Intel R Management Engine BIOS Extension v2 5 15 0000 Copyright C 2003 06 Intel Corporation INTEL R AMT CONFIGURAT TCP IP Provisioning Server Provision Model set PID and PPS Un Provision SOLZ IDE R Set PRTC ESC Exit fil Select fee n I SABLET mal D 4 ES IDLLLU IB Skip Set PRTC Q un HixAsta 9CC ur a F irmi Ja rc Update All Rights Reserved 0N j ENTER Access Intel R Management Engine BIOS Extension v2 5 15 0000 Copyright C 2003 06 Intel Corporation All Rights Reserved INTEL R AMT CONFIGURATION TCP IP Provisioning Server Provision Model set PID and PPS Un Provision SOL IDE R Secure Firmware Update Enter PRTC in GMT UTC format C YYY MM DD HH MM SS ESCI Exit Idle Timeout is the next option The default setting is 1 This timeout is applicable only when a WoL option is selected in enabling ME fo
13. Setup and Configuration Process Dell Systems Management Administrator s Guide Using a Configuration Service to Complete Provisioning Using MEBx Interface to Complete Provisioning The computer has to be configured before the Intel AMT capabilities are ready to interact with the management application Two methods are available to complete the provisioning process in order from least complex to most complex Configuration service A configuration service allows you to complete the provisioning process from a GUI console on their server with only one touch on each of the Intel AMT capable computers The PPS and PID fields are completed using a file created by the configuration service saved to a USB mass storage device MEBx interface The IT administrator manually configures the Management Engine BIOS Extension MEBx settings on each Intel AMT ready computer The PPS and PID fields are completed by typing the 32 character and 8 character alpha numeric keys created by the configuration service into the MEBx interface Using a Configuration Service to Complete Provisioning Using a USB Storage Device This section discusses Intel AMT setup and configuration using a USB storage device You can set up and locally configure password provisioning ID PID and provisioning passphrase PPS information with a USB drive key This is also called USB provisioning USB provisioning allows you to manually set up and configure compute
14. names other than its own October 2007 Rev A00 Back to Contents Page Deployment Dell Systems Management Administrator s Guide Once you are ready to deploy a computer to a user plug the computer into a power source and connect it to the network Use the integrated Intel 82566MM NIC Intel Active Management Technology iAMT does not work with any other NIC solution When the computer is turned on it computer immediately looks for a setup and configuration server SCS If the computer finds this server the Intel AMT capable computer sends a Hello message to the server DHCP and DNS must be available for the setup and configuration server search to automatically succeed If DHCP and DNS are not available then the setup and configuration servers SCS IP address must be manually entered into the Intel AMT capable computer s MEBx The Hello message contains the following information Provisioning ID PID Universally Unique Identifier UUI D IP address ROM and firmware FW version numbers The Hello message is transparent to the end user There is no feedback mechanism to tell you that the computer is broadcasting the message The SCS uses the information in the Hello message to initiate a Transport Layer Security TLS connection to the Intel AMT capable computer using a TLS Pre Shared key PSK cipher suite if TLS is supported The SCS uses the PID to look up the provisioning passphrase PPS in the provisioning server d
15. press Ctrl p when the Dell logo screen appears to enter the MEBx application 2 A prompt for the password appears Enter the new Intel ME password 3 Select Intel AMT Configuration Press Enter Intel R Management Engine BIOS Extension v2 5 15 0000 Copyright C 2003 06 Intel Corporation All Rights Reserved MAIN MENU em M ented th ME LL Ub Change intel R ME IU Exit IESCI Exit th Select ENTER Access 4 Select Host Name Press lt Enter gt 5 Then type in a unique name for this Intel AMT machine Press lt Enter gt Spaces are not accepted in the host name Make sure there is not a duplicate host name on the network Host names can be used in place of the computer s IP for any applications requiring the IP address Intel R Management Engine BIOS Extension v2 5 15 0000 Copyright C 2003 06 Intel Corporation All Rights Reserved INTEL R AMT CONFIGURATION J TCP IP Provisioning Server Provision Model set PID and PPS Un Provision SOL IDE R Secure Firmware Update Computer host name ESCT Exit ENTER I Submit Select TCP IP Press Enter The following messages appear and require the response indicated in the following bulleted list DEN Disable Network Interface Y N Press n If the network is disabled then all remote Intel AMT capabilities are disabled and TCP IP settings are not necessary This option is a toggle and the next time it is ac
16. tab the administrator can modify the profile name description and password The administrator sets a standard password for easy maintenance in the future Select the manual radio button and enter a new password e Altiris Console Webpage Dialog P batp Jakirisbox trypeo locallAltiris OO6SC EGRProfileOig aspx7action add Configure Intel AMT Setup amp Configuration Service Profile General Network TLS ACL Power Policy General Administrator Credentials Profile name defautt_2 User name pov e Profile description Intel AMT 2 0 password Default profile Random creation Manual f altiris Kerberos Max clock tolerance 15 The Network tab provides the option to enable ping responses VLAN WebUl Serial over LAN and IDE Redirection If you are configuring Intel AMT manually all these settings are also available in the MEBx Altiris Console Webpage Dialog P hitp j akirisbox trvpro local Altiris OOGSC EGRProfileOlg aspx actioneadd Configure Intel AMT Setup amp Configuration Service Profile o q tiris Iv Enable ping response VLAN T Use VLAN VLAN tag E Enabled Interfaces M web UI V Serial over LAN Iv IDE redirection 16 The TLS Transport Layer Security tab provides the ability to enable TLS If enabled several other pieces of information are required including the certificate authority CA server name CA common name CA type and certificate templa
17. tasks ME peeve Tos gt Lo Name Type Description Modified By Modified Date Section 1 Provisioning Folder TRYPROWdministrator 6 14 2007 1 17 14 PM Section 2 Intel AMT Tasks Folder TRYPROWdministrator 6 14 2007 1 17 13 PM Favorites m My Favorites Bi atris Console Home Roms 1to20f2 Page 1 of 1 Rows per page Done LETT Dag enn Ais 7 8 Click Test on the DNS Configuration screen to verify that DNS has the ProvisionServer entry and that it resolves to the correct Intel setup and configuration server SCS S amp Out of Band Management Gy aet Standard Format Getting Started CJ Collections amp CJ Configuraton amp E Intel AMT Gettng Started amp O Section i Provisioning amp O Basic Provisioning without TLS Step 1 Configure ONS GP Step 2 Giscover Capabiites Qi Step 3 View Intel AMT Capable Computers Step 4 Create Profie Step 5 Generate Security Keys Step 6 Configure Automate Profle Assignments Step 7 Monitor Provisioning Process Step 8 Monitor Profile Assignments amp O Enable Security MS i O Section 2 Intel AMT Tasks Cj Reports amp O tasks DNS Configuration Intel AMT device setup and configuration requires the presence of a Domain Name System DNS Server The DNS must have information for two entities The computer running Intel SCS Server must be registered in the DN
18. the provisioning server on port 9971 If the provisioning server is listening on a different port enter it here The following message appears Intel R AMT 2 6 Mode Enterprise change to Small Business Y N Press n 9 Set PI D and PPS is the next option The PID and PPS can be input manually or by using a USB key once the SCS generates the codes This option is for entering the provisioning ID PID and provisioning passphrase PPS PIDs are eight characters and PPS are 32 characters There are dashes between every set of four characters so including dashes PIDs are nine characters and PPS are 40 characters An SCS must generate these entries Intel R Management Engine BIOS Extension v2 5 15 0000 Copyright C 2003 06 Intel Corporation All Rights Reserved INTEL R AMT CONFIGURATION J Host Name TCP IP Provisioning Server Provision Model ImumTE NIA Secure Firmware Update Enter PID e g ABCD 1234 LESC Exit CENTER Submit 10 Select SOL I DE R Press Enter Intel R Management Engine BIOS Extension v2 5 15 0000 Copyright C 2003 06 Intel Corporation All Rights Reserved NTEL R ANT CON IGURAR NR Lm TCP IP Provisioning Server Provision Model set PID and PPS Un Provision Secure Firmware Update set PRTC ESCI Exit t Select ENTER Access 11 The following messages appear and require the response indicated in the following bulleted list Caution
19. troubleshooting n Enterprise mode DHCP automatically loads the domain name 3 Un provision setting only seen if the box is provisioned Back to Contents Page Disabled Enabled Disabled Enabled Disabled Enabled Disabled Enabled blank Back to Contents Page About Intel Active Management Technology Dell Systems Management Administrator s Guide Intel Active Management Technology Intel AMT or iAMT allows companies to easily manage their networked computers IT management can Discover computing assets on a network regardless of whether the computer is turned on or off Intel AMT uses information stored in nonvolatile computer memory to access the computer The computer can even be accessed while it is powered off also called out of band or OOB access Remotely repair computers even after operating system failures In the event of a software or operating system failure Intel AMT can be used to access the computer remotely for repair purposes IT administrators can also detect computer problems easily with the assistance of Intel AMT s out of band event logging and alerting Protect networks from incoming threats while easily keeping software and virus protection up to date across the network Software Support Several independent software vendors ISVs are building software packages to work with Intel AMT features This provides IT administrators many options when it comes to remotely ma
20. updated locally The default setting is Always Open The other settings available are Never Open and Restricted Intel R Management Engine BIOS Extension v2 5 15 0000 Copyright C 2003 06 Intel Corporation All Rights Reserved INTEL R ME PLATFORM CONFIGURATION J Intel R ME State Control Intel R ME Firmware Lo LAN Controller Intel R ME Features Control Intel R ME Power Control Return to Previous Menu ESC Exit ttl Select LENTER Access SE J ENABLED To assist with the manufacturing process as well as OEM specific in field firmware update processes ME firmware provides an OEM configurable capability that leaves the local firmware update channel always open no matter what value you select for the ME Firmware Local Update option The Always Open option allows OEMs to use the ME firmware local update channel to update the ME firmware without going through MEBx every time If you select Always Open the ME FW Local Update option does not appear under the ME configuration menu The table below illustrates the detail of the options r 1 ME Firmware Local Update Option po eseription The ME firmware local update channel is always enabled A boot cycle does not change enabled to disabled The ME FW Local Update option can be ignored The ME firmware local update channel is controlled by the ME FW Local Update option which can be enabled or disabled A boot cycle changes enabled to disabled The ME firmware local up
21. 0 ME WoL in S3vAC Mobile in 0 ME WoL in S3 AC 54 5 RC The power package selected determines when the ME is turned ON The default power package turns off the ME in all Sx S3 S4 S5 states The end user administrator can choose which power package is used depending on computer usage The power package selection page can be seen above Supported Power Packages Power Package SO Computer On S3 Suspend to RAM S4 S5 Suspend to disk Soft off ME OFF After Power Loss WoL Wake on LAN If the power package selected indicates OFF After Power Loss Intel ME remains off after returning from a mechanical off G3 state If the power package selected does NOT indicate OFF After Power Loss Intel ME powers the computer on SO briefly then turn the computer off S5 Configuring Your Computer to Support I ntel AMT Management Features After you completely configure the Intel Management Engine ME feature you must reboot before configuring the Intel AMT for a clean boot The image below shows the Intel AMT configuration menu after a user selects the Intel AMT Configuration option from the Management Engine BIOS Extension MEBx main menu This feature allows you to configure an Intel AMT capable computer to support the Intel AMT management features You need to have a basic understanding of networking and computer technology terms such as TCP IP DHCP VLAN IDE DNS subnet mask default gateway and do
22. 4 Create Profie Step S Generate Security Keys Step 6 Configure Automatic Profle Assignments Step 7 Monitor Provisioning Process Step 8 Monitor Profile Assignments O Enadie Security TLS E C Section 2 Intel AMT Tasks O Reports O Tasks Tools Reports Configure Help gt alti xi Pattp altirisbox trypro local Akiris Console Del adit aspx ConsoleGuidm3f aa8b67 250b 42a4 0186 fa2F taraa 707 B6 View Guidint Hi i Love Search P id QE eomm Oe gltirisbox trvpeo loca TEVOeR OVAdministestor gt sole rls Manage Security Keys PID PPS IF actory Default Password New Password Favorites oo NR Fiterbypto Febems i a Re 21 Select the Generate keys before export radio button e Altiris Console Webpage Dialog Export Security Keys to USB Key manually into te Mensgement F Altiris onsole Webpage Dialog Export Security Keys to USB Key 23 The Intel ME default password is admin Configure the new Intel ME password for the environment e Altiris Console Webpage Dialog Export Security Keys to USB Key 24 Click Generate Once the keys have been created a link appears to the left of the Generate button Export Security Keys to USB Key T altiris Export keys C all Only selected C Generate keys before export Generate Security Keys Number of security keys to generate o Factory Default Inte
23. 4 Create Profle Step 5 Generate Secunty Keys Step 6 Configure Automate Profle Assignments Step 7 Monitor Provisioning Process Step 8 Monitor Profle Assignments amp Enable Security 715 i O Secton 2 Intel AMT Tasks O Reports amp CJ Tass d This collection has no members 12 Select Step 4 Create Profile sgj B D ee Ome Altiris Console 6 5 Windows Internet Explorer Mtp if risbox trepro localfAltris Console Def au aspx ConeoleGuidu Sf aa6b67 250b 4Zad 8 1 86 fe2 49u96707BViewGuid t altirisbox trvpeo local TREVOeRn OVAdministrstor BE Zp akris Console 6 5 altiris console Home View Manage Tools Reports Configure Help gt Sule amp amp Out of Band Management i Eg Aert Standard Format Getting Started amp C Colectons All Intel AMT Capable Computers amp C3 Configuration All computers in this collection are Intel AMT capable Last Updated 6 27 2007 11 03 11 AM S E Intel AMT Gettng Started amp Section 1 Provisioning This collection has no members amp O Basic Provisioning without TLS SSS rere Step L Configure ONS Sj Step 2 Oscover Capabiites Qi Step 3 View Intel AMT Capable Computers Step 5 Generate Security Keys Step 6 Configure Automate Profile Assignments Step 7 Monitor Provisioning Process Step 8 Monitor Profile Assignments S O Enable Security
24. 5 Windows Internet Explorer go betp ffatrsbox trvpro JocaliARiriConsole Det aut aspi ConsoleGuide 3f aa8b67 250b 42ad 8186 fe2 4 04967076 vewGadei v n1 X live search D GE BE Zp ahis Console 6 5 IPIE oeae Tow C altiris console Home View Manage Sule 5 E Out of Band Management ie E Alert Standard Format Getting Started amp CJ Collections amp CJ Configuration S E Intel AMT Gettng Started amp O Section i Provisioning m O Basic Provisioning without TLS Step 1 Configure ONS of Step 2 Oscover Capabiltes Ui Siep 3 View Intel AMT Capable Computers ST Step 4 Create Profile of Step S Generate Security Keys Step 6 Configure Automatic Profle Assignments Step 7 Monitor Provisioning Process gt IPn Intel AMT Systems UUID FQDN Status Provision Date Version Protile CJ Enabie Security TLS C Section 2 Intel AMT Tasks Reports amp O Tasks D xd lans Verso mis 3e 1 2revisioming Records alt Favorites By profe aus By poo From 7727 2006 12100100 AM Gi B My Favorites m x duis default 3 rr UUID r teak 6 27 2006 12100100 AM gh Alteis Console Home Order by uutc m direction Ascencing x pac i a a a enna ah scd Fats os ine n SR The computers for which profiles were assigned appear in the list Each computer is identified by the FQDN UUID and Profile Name columns f Altiris Console 6 5 Windows Internet Explorer
25. 567 250b 423d 9186 fe2f 43898707 bNiewaid v X f Ses P N WE Se 7 Akiris Console 6 5 E Bee Tow c altiris console Home View Manage Tools Reports Configure Help gt 4 1 T zi E Out of Band Management x a 7 4 D 9 E Aet Standard Format Getting Started a CI Collections All Configured Intel AMT Computers gi Al Broadcom ASF capable computers All computers in this collection are configured Intel AMT computers Qi Al configured Intel AMT computers Last Updated 7 11 2007 11 37 16 AM Di Al Intel AMT capable computers A This collection has no members S amp Provisoning Configuration Reports 2 amp Intel AMT Getting Started Tasks Favorites z My Favontes Bh Altris Console Home Using MEBx I nterface to Complete Provisioning Intel AMT can be set up for either Enterprise or Small and Medium Business operational modes also called provisioning models Both operational modes support dynamic and static IP networking If you use dynamic IP networking DHCP the Intel AMT host name and the operating system host name must match You must also configure both the operating system and Intel AMT to use DHCP as well If you use static IP networking the Intel AMT IP address must be different from the operating system s IP address Additionally the Intel AMT hostname must be different from the operating system s hostname Enterprise mode This mode is for large o
26. 6 Intel Corporation All Rights Reserved INTEL R AMT CONFIGURATION 1 Host Name TCP IP Provision Model Un Provision SOL IDE R secure Firmware Update Set PRTC Idle Timeout ESC J Exit t Select ENTER Access Caution System resets after configuration changes Continue Y N User name amp Password Select Enabled and then press lt Enter gt This option allows you to add users and passwords from the WebGUI If the option is disabled then only the administrator has MEBx remote access Intel R Management Engine BIOS Extension v2 5 15 0000 Copyright C 2003 06 Intel Corporation All Rights Reserved INTEL R AMT CONFIGURATION em Host Mame TCP IP Provision Model Un Provision SOL IDE R secure Firmware Update Set PRTC Idle Timeout ESC Exit ti Select ENTER Access Username amp Password Et DISABLED x ENABLED Serial Over LAN Select Enabled and then press lt Enter gt Intel R Management Engine BIOS Extension v2 5 15 0000 Copyright C 2003 06 Intel Corporation All Rights Reserved INTEL R ANT CONFIGURATION Host Name TCP IP Provision Model Un Provision pem Firauare Update set PRTC Idle Timeout ESC Exit tt Select ENTER Access serial Over LAN Le ENABLED IDE Redirection Select Enabled and then press lt Enter gt Intel R Management Engine BIOS Extension v2 5 15 0000 Copyright C 2003 06 Intel Corp
27. Dell Systems Management Administrator s Guide About Intel Active Management Technology Deployment Intel AMT Setup and Configuration Overview Using the Intel AMT WebGUI Intel Management Engine BIOS Extension MEBx Redirecting Serial and IDE Communications Provisioning Setup and Configuration Completion Troubleshooting Notes Notices and Cautions K NOTE A NOTE indicates important information that helps you make better use of your computer NOTI CE A NOTICE indicates either potential damage to hardware or loss of data and tells you how to avoid the problem _ CAUTION A CAUTION indicates a potential for property damage personal injury or death Information in this document is subject to change without notice 2007 Dell Inc All rights reserved Reproduction in any manner whatsoever without the written permission of Dell Inc is strictly forbidden Intel Corporation is a contributing source of content in this document Trademarks used in this text Dell and the DELL logo are trademarks of Dell Inc Intel and iAMT are registered trademarks of Intel Corporation Microsoft and Windows are either trademarks or registered trademarks of Microsoft Corporation in the United States and or other countries Other trademarks and trade names may be used in this document to refer to either the entities claiming the marks and names or their products Dell Inc disclaims any proprietary interest in trademarks and trade
28. Dell Client Manager tasks Links to these tasks are found under the BIOS Upgrades Getting Started section of the quick start task menu Also depending upon your environment and management preferences you may want to consider adjusting some Notficabon Server configurabon gt Reports options to better suit your needs _ Dell Client Manager Agent gj Leammore xj Done FETT Ts wm PR t00 4 4 Click the plus to expand the Intel AMT Getting Started section gt Altiris Console 6 5 Windows Internet Explorer CG Dorian trepro doctri Console Del ad expr CoreleGusd tan8b67 2506 42a6 0106 Fe2t42e9e707ENewGadsie 6v X love search p We SE 7 Akiris Console 6 5 M Gl o yea G Tos C altiris console F gt Home View Manage Salaa 3 Out of Band Management S Eg Aet Standard Format Getting Started F i C Colectons Intel AMT Getting Started e CJ Confg raton iName Type Description Modifie d By Modified Date s e Section 1 Provisioning Folder TRYPROWdministrator 6 14 2007 1 17 14 PM E ixi Section 2 Intel AMT Tasks Folder TRVPROVdministretor 6 14 2007 1 17 13 PM t Tasks Favorites x amp amp My Favorites Altris Console Hom R 2of2 T inom i 1 Rows per page all x C A e ee 5 Click the plus to expand the Section 1 Provisioning section gt Altiris Console 6 5 Windows Internet Explorer sli xj Go Zo rtp tfatiniebox trepro local Akiris Console Def aut aspx Consol
29. ENTER Access fre you sure you want to exit Y N 18 The computer restarts Turn off the computer and disconnect the power cable The computer is now in setup state and is ready for SMB Mode The Intel Management Engine BIOS Extension MEBx is an optional ROM module that Intel provides to Dell to be included in the Dell BIOS The MEBx has been customized for Dell computers Dell also supports setup and configuration of Intel AMT in the Small and Medium Business SMB mode The only setting not required in the SMB mode is the Set PI D and PPS option Also the Provision Model option is set to Small Business instead of Enterprise To setup and configure a computer for SMB mode you must enable the Management Engine for SMB mode and configure Intel AMT for SMB mode For instructions see and 1 ME Configuration Enabling Management Engine for SMB Mode To enable Intel ME configuration settings on the target platform perform the following steps 1 Turn on the computer and during the boot process press Ctrl p when the Dell logo screen appears to enter the MEBx application 2 Type admin in the Intel ME Password field Press lt Enter gt Passwords are case sensitive You must change the default password before making changes to the MEBx options Intel R Management Engine BIOS Extension v2 5 15 0000 Copyright C 2003 06 Intel Corporation All Rights Reserved MAIN MENU Intel R ME Configuration Intel
30. Enter gt Intel R Management Engine BIOS Extension v2 5 15 0000 Copyright C 2003 06 Intel Corporation All Rights Reserved M MM ELLE ME PLATFORM CONFIGURATION J Intel R ME State Control Intel R ME Firmware Local Update LAN Controller Intel R ME caa Control Z TCR ME r GO room DTI to cmt hend ESC I Exit tl Select LENTERJ Access 13 Intel ME ON in Host Sleep States is the next option The default setting is Mobile ON in SO Intel R Management Engine BIOS Extension v2 5 15 0000 Copyright C 2003 06 TROMSUNNGESMUR tS all Rights Reserved INTEL R ME POWER CONTROL l Betiri to Previous Menu ESC Exit tl Select ENTER Access I Mobile j 537AC Mobile j sd AC 4 57AC Mobile in 50 ME WoL in S3 AC Mobile in 50 ME WoL in 53 AC 4 5 AC 14 Select Return to Previous Menu Press lt Enter gt 15 Select Return to Previous Menu Press lt Enter gt Intel R Management Engine BIOS Extension v2 5 15 0000 Copyright C 2003 06 Intel CORPOSO LOREA All Rights Reserved M A ME PLATFORM CONFIGURATION J Intel R ME State Control Intel R ME Firmware Local Update LAN Controller Intel R ME Features Control Tatel s ME Power Control I ESC Exit ERE BESTIA T4 ENTER BED DOES 16 Exit the MEBx Setup and save the ME configuration The computer displays an Intel ME Configuration Complete message and then restarts After the ME configuration is complete you can config
31. Export Security Keys to USB Key and drive explorer windows to return to the Altiris Console 28 Take the USB device to the computer insert the device and turn on the computer The USB device is recognized immediately and the following message appears Continue with Auto Provisioning Y N 29 Press y Intel R Management Engine BIOS Extension Copyright C 2683 8 Intel Corporation All Rights Reserved Found USB Key for provisioning Intel R AMT Continue with Auto Provisioning Y N 30 Press any key to continue with system boot Intel R Management Engine BIOS Extension Copyright C 2683 87 Intel Corporation All Rights Reserved Found USB Key for provisioning Intel R AMT Continue with Auto Provisioning Y N Intel R AMT Provisioning complete Press any key to continue with system boot Intel R Management Engine BIOS Extension Copyright C 2683 87 Intel Corporation All Rights Reserved Found USB Key for provisioning Intel R AMT Continue with Auto Provisioning Y N Intel R AMT Provisioning complete Press any key to continue with system boot ME BIOS Sync Successful 31 Once complete turn off the computer and move back to the management server 32 Select Step 6 Configure Automatic Profile Assignments f Altiris Console 6 5 Windows Internet Explorer BE 2 81 x ww Cp Akiris Console 6 5 1 mb v Page Took altiris console G 1 Home View Manage Tools Reports Configure He
32. ME Features Control Press lt Enter gt Intel R Management Engine BIOS Extension v2 5 15 0000 Copyright C 2003 06 Intel Corporation All Rights Reserved INTEL R ME PLATFORM CONFIGURATION Intel R ME State Control Intel R ME Firmware Local Update LAN Controller Intel R ME Power Coste Return to Previous Menu ESC Exit tl Select ENTER l Access Manageability Feature Selection is the next option This feature sets the platform management mode The default setting is Intel AMT Selecting the 10 None option disables all remote management capabilities Intel R Management Engine BIOS Extension v2 5 15 0000 Copyright C 2003 06 Intel Corporation All Rights Reserved INTEL R ME FEATURES CONTROL 1 Manageability Feature Selection Return to Previous Menu ESC I Exit BEES ESTA ENTER Access L J NONE x Intel R AMT ASF 11 Select Return to Previous Menu Press lt Enter gt Intel R Management Engine BIOS Extension v2 5 15 0000 Copyright C 2003 06 Intel Corporation All Rights Reserved INTEL R ME FEATURES CONTROL Manageability Feature Selection ESC Exit tt Select ENTER l Access 12 Select Intel ME Power Control Press lt Enter gt Intel R Management Engine BIOS Extension v2 5 15 0000 Copyright C 2003 06 Intel Corporation All Rights Reserved M MM ELLE ME PLATFORM CONFIGURATION J Intel R ME State Control Intel R ME Firmware Local Update LAN Cont
33. MLS E C Section 2 Intel AMT Tasks Reports a O tasks Favorites amp My Favorites Bh Altes Console Home Do mam PE Wu I rm emen rd eri ced en xa e v 1 177 NE 13 Click the plus to add a new profile Altiris Console 6 5 Windows Internet Explorer wif xj Go Daretscitahrstos trepro local Atrisi Console Del st aspx ConsoleGude Sf ae0b67 2506 42ad 8186 1e2 434967076 evade y g X love Search D po ij altirisbox trvpeo loca TEVeRn OVAdministestor ae Zp Airis Console 6 5 C altiris console EE Home View Manage Tools Reports Configure Help gt 4 amp E Out of Band Management T9 lili 7 MERCI EHI ELEME ie E Alert Standard Format Getting Started Manage Profiles CJ Collections 8 si i amp O Configuration S amp Intel AMT Gettng Started amp Secton i Provisioning S O Basic Provisioning without TLS Step 1 Configure DS 3B Step 2 Discover Capsblbes Gi step 3 View Intel AMT Capable Computers ST Step 4 Create Profle Step 5 Generate Security Keys Step 6 Configure Automate Profile Assignments Step 7 Monitor Provisioning Process Step 8 Monitor Profile Assignments amp C Enable Security MS ie C Section 2 Intel AMT Tasks i Cj Reports amp CJ Tasks A D Oe uw Profile ID Profile Name Devices Favorites Ez amp My Favorites Bh Altes Console Home FTT De 100 77 14 On the General
34. MT 2 6 Mode Provision Model Small Business Enable SOL SOL I DE R Enable IDE R Remote FW Update Enabled Save and exit MEBx and then boot computer to the Microsoft Windows operating system MEBx Default Settings The table below lists all the default settings for the Intel Management Engine BIOS Extension MEBx Password admin Intel ME Platform Configuration Default Settings Enabled 1 Intel ME Platform State Control Disabled Enabled Intel ME Firmware Local Update Disabled Intel ME Features Control None Manageability Feature Selection Intel AMT ASF Intel ME Power Control Mobile ON in SO Mobile ON in SO S3 AC Intel ME ON in Host Sleep States Mobile ON in SO S3 AC S4 5 AC Mobile ON in SO ME WoL in S3 AC Mobile ON in SO ME WoL in S3 AC S4 5 AC I ntel AMT Configuration Default Settings Host Name TCP IP Disable Network Interface N DHCP Enabled Disable N Domain Name blank2 Provisioning Server Provisioning Server Address 0 0 0 0 Port Number 0 65535 0 Provision Model AMT 2 6 Mode N Set PID and PPS Set PID and PPS PPS Format 1234 ABCD 1234 ABCD 1234 ABCD 1234 ABCD 3 Un Provision SOL I DE R Username amp Password Serial Over LAN IDE Redirection Secure Firmware Update Set PRTC Idle Timeout Timeout Value 0x0 OxFFFF Default setting May cause Intel AMT partial unprovision l Intel ME Platform State Control is only changed for Management Engine ME
35. O Enable Security LS Package name Out of Band Discovery Package Program name out of Band Discovery Program gt Enable Verbose Reporting of Status Events Mu E CORDES IOS saga LE Apphies to collections Computers All 32 bit Windows Vista Computers 4 Package Multicast Disable download via multicast amp i C Section 2 Intel AMT Tasks ume T amp amp O Reports C Manual F Run once ASAP amp O Tasis Scheduled Schedule No schedule has been defined only run at scheduled time Run as soon as possible after the scheduled time F user Can Run I Notify user when the task is available MyFavontes Bi Altris Console Home 11 Select Step 3 View Intel AMT Capable Computers Altiris Console 6 5 Windows Internet Explorer altiris console M H WT RR A amp amp Out of Band Management Out of Band Discovery Alert Standard Format Getting Started e a Collections S M Enable currently enabled amp Configuration BN LUNES N Out of Band Discovery amp Section 1 Provisioning Detects Out of Band capability of client system amp O Bask Provisioning without TLS ee eee ee NSN Step 1 Configure ONS Package name Out of Band Discovery Package BUM CRM GE Program name Out of Band Discovery Program Steo 4 Create Profie Enable Verbose Reporting of Status Events Step 5 Generate Security Keys All 32 bit Windows XP Computers All 64 bit Windows Vista
36. PS in the dash format Ex PID 1234 ABCD PPS 1234 ABCD 1234 ABCD 1234 ABCD 1234 ABCD Note A PPS value of 0000 0000 0000 0000 0000 0000 0000 0000 does not change the setup configuration state If this value is used the setup and configuration state stays as Not started Un Provision Intel R Management Engine BIOS Extension v2 5 15 0000 Copyright C 2003 06 Intel Corporation All Rights Reserved Host Mame TCP IP Provisioning Server Provision Model set PID and PPS SOLZ IDE R secure Firmware Update ESC J Exit BE SENT n ENTER Access The Un Provision option allows you to reset the Intel AMT configuration to factory defaults There are three types of un provision Partial Un provision This option resets all of the Intel AMT settings to their default values but leaves the PID PPS The MEBx password remains untouched Full Un provision This option resets all of the Intel AMT settings to their default values If a PID PPS value is present both values are lost The MEBx password remains untouched CMOS clear This un provision option is not available in the MEBx This option clears all values to their default values If a PID PPS is present both values are lost The MEBx password resets to the default value admin To invoke this option you need to clear the CMOS i e system board jumper SOL IDE R Intel R Management Engine BIOS Extension v2 5 15 0000 Copyright C 2003 06 Intel Corporation All
37. R AMT Configuration Change Intel R ME Password Exit Intel R Current ME Password ESC Exit CENTER Submit 3 Select Change Intel ME Password Press lt Enter gt Type the new password twice for verification The new password must include the following elements Eight characters One uppercase letter One lowercase letter l l A number A special nonalphanumeric character such as or excluding the and characters The underscore _ and spacebar are valid password characters but do NOT add to the password complexity Change the password to establish Intel AMT ownership The computer then goes from the factory default state to the setup state Intel R Management Engine BIOS Extension v2 5 15 0000 Copyright C 2003 06 Intel Corporation All Rights Reserved E MAIN MENU 1 Intel R ME Configuration Intel R AMT Configuration Change Intel R ME Password Intel R ME New Password ESC Exit ENTER Submit 4 Select Intel ME Configuration Press lt Enter gt ME Platform Configuration allows you to configure ME features such as power options firmware update capabilities and so on Intel R Management Engine BIOS Extension v2 5 15 0000 Copyright C 2003 06 Intel Corporation All Rights Reserved UAM LC c BA Intel R ME Configuration bk Intel R AMT Configuration Change Intel R ME Password Exit tl Select CENTER Access ESCJ Exit 5 T
38. S e A configured operational Intel AMT device must be registered within ONS Intel SCS The Notification Server with Out of Band Management Solution installed with i e Intel SCS Server is running on this computer must be registered in the DNS as This must be done in each DNS Domain When it sends its Hello message the Intel AMT device first uses the domain name received from the DHCP server If there is more than one SCS in the domain the DNS will alternate between the servers If there are multiple SCS instances or the server platform has a different name then CNAME records need to be added to the DNS Click on the Test button below to verify that DNS has the ProvisionServer entry and that it to the correct Intel SCS Server Resolved ProvisionServer IP Resolved Intel SCS IP Intel AMT Devices Ensure that the DNS is configured with the Fully Qualified Domain Names FQDN of the Intel AMT enabled machines that are being configured Intel AMT devices must be configured to have the same FQON as the host OS This stems from the fact the Intel AMT device is not a secure DNS client and it relies on the host OS to maintain the DNS record For this reason the Intel AMT device snoops the DHCP requests and responses issued by the host OS The Intel AMT device then uses the IP provided by the DHCP to the host OS as its own When the host OS is down the Intel AMT device requests DNS registration of its Bh Alt
39. Select ENTER Access x Intel R AMT ASF You can use this option to determine which manageability feature is enabled ASF Alert Standard Format ASF is a standardized corporate assets management technology The Intel ICH9 platform supports ASF specification 2 0 Intel AMT Intel Active Management Technology Intel AMT is an improved corporate assets management technology Intel ICH9 platform supports Intel AMT 2 6 The table below explains these options Management Feature Select Option Intel AMT When you change the option from Intel AMT to None a warning that Intel AMT un provisions automatically if you accept the change appears The None option has no manageability feature provided by the ME computer In this case the firmware is loaded that is ME is still enabled but the management applications remain disabled Intel ME Power Control The ME Power Control menu configures the ME platform power related options It contains the following configuration selection ME On in Host Sleep States When the ME ON in Host Sleep States option is selected on the ME Power Control menu the ME in Host Sleep States menu loads Intel R Management Engine BIOS Extension v2 5 15 0000 Copyright C 2003 06 Intel Corporation All Rights Reserved Intel R ME ON in Host Sleep States Return to Previous Menu ESC Exit Tl Select ENTER Access Mobile Mobile in S0 S3 aC 54 574C Mobile in S
40. System resets after configuration changes Continue Y N Press lt y gt Intel R Management Engine BIOS Extension y2 5 15 0000 Copyright C 2003 06 Intel Corporation All Rights Reserved INTELCR AMT CONFIGURATION bm TCP IP Provisioning Server Provision Mode set PID and PPS Un Provision SOL IDE R secure Firmware Update Set PRTC ESC J Exit gt GESEN alas ENTER J Access Caution System resets after configuration changes Continue Y N User name amp Password o Select Enabled and then press Enter This option allows you to add users and passwords from the WebGUI If the option is disabled then only the administrator has MEBx remote access Intel R Management Engine BIOS Extension v2 5 15 0000 Copyright C 2003 06 Intel Corporation All Rights Reserved INTEL R AMT CONFIGURATION J TCP IP Provisioning Server Provision Model set PID and PPS Un Provision Secure Firmuare Update set PRTC ESC Exit f1 Select ENTER Access Username amp Password 1 DISABLED ENABLED Serial Over LAN Select Enabled and then press lt Enter gt Intel R Management Engine BIOS Extension v2 m 15 0000 Copyright C 2003 06 Intel Corporation All Rights Reserved INTEL R AMT CONFIGURATION TCP IP Provisioning Server Provision Model set PID and PPS Un Provision Secure Firmuare Update set PRTC TESCI Exit tt Select ENTER J Access
41. TLS PSK protocol Once the computers connect to an SCS Enterprise mode configuration occurs Enterprise Mode The Intel Management Engine BIOS Extension MEBx is an optional ROM module that Intel provides to Dell to be included in the Dell BIOS The MEBx has been customized for Dell computers Enterprise mode for large corporate customers requires a setup and configuration server SCS An SCS runs an application over a network that performs Intel AMT setup and configuration The SCS is also known as a provisioning server as seen in the MEBx An SCS is typically provided by independent software vendors ISVs and is contained within the ISV management console product Consult with the management console supplier for more information To setup and configure a computer for Enterprise mode you must enable the Management Engine for Enterprise mode and configure Intel AMT for Enterprise mode For instructions see ME Configuration Enabling Management Engine for Enterprise Mode and AMT Configuration Enabling Intel AMT for Enterprise Mode ME Configuration Enabling Management Engine for Enterprise Mode To enable Intel ME configuration settings on the target platform perform the following steps 1 Turn on the computer and during the boot process press Ctrl p when the Dell logo screen appears to enter the MEBx application 2 Type admin in the Intel ME Password field Press Enter Passwords are case sensitive You must change
42. To obtain a free unlimited license you must register your product Once you have obtained your unlimited icense you will need to install it Click here to install a license Hardware Management Tasks Scan for Inventory Data Scan for Current BIOS Settings Configure BIOS Setings Upgrade BIOS Version Set Monitoring and Alerts Getting Started Quick Start Tasks If you ve already installed the Altiris management framework Altiris Notification Server plus management agents on the systems you wish to manage you are ready to enable hardware management on your qualified Dell client systems by following the links in the Enable Hardware Management section at the top of the quick start task menu on the left gt ASF and AMT Setup and Tasks Clicking any link on the quick stan task menu opens the target task policy or report in this window Click the ASF Quick Start View Report button on any of the five hardware management task pages to leam the status of the task AMT Quick Start Please note that depending upon your Notification Server configuration settings and other factors these reports may take some time to begin retuming data the first time you enable the policy or task that is being Summaries reported on Dell Client Discovery and installation Summary First Time Setup if you ve just installed Altiris Notification Server for the first tne there are a few things you BIOS Configuration need to do first before you can perform
43. af Step 5 Generate Security Keys E Step 6 Configure Automatc Profle Assignments a sm Poe AUREUS cts C Section 2 Intel AMT Tasks w Reports amp Tasks m My Favontes Bi Altris Console Home 34 Select Step 7 Monitor Provisioning Process Altiris Console 6 5 w Altiris Console 6 5 Windows Internet Explorer 75 LL i E Aet Standard Format Getting Started amp CJ Collections amp CJ Configuration S E Intel AMT Gettng Started amp Section 1 Provisioning amp O Bask Provisioning without TLS Step 1 Configure ONS d Step 2 Oscover Capsbiites Qi step 3 view Intel AMT Capabie Computers Resource Synchronization M Enable currently enabled l profile assignments will be ted automatically for all systems that in unprovisioned state and have FO Quales Domain Name FQDN found in the Notfcation Sarver database based on the system UUID F Intel AMT 1 0 to profile defaut 3 F Intel AMT 2 0 to profile aefault_3 MT Step 4 Create Profi gf Step S Generate Security Keys Synchronize Intel SCS and Notification Server resources a T so F Remove dicate Intt AMT resources rom Notification Server database 9 Step 7 Monitor Provisoning Process V Enable Schedule Daily At 2 10 AM every 1 days starting Saturday January 01 2005 Siep 8 Monitor Profile Assignments amp O Enade Security TLS amp C Section 2 Intel AMT Tasks Cj Reports
44. amp Section i Provisioning O Bask Provisioning without TLS Step 1 Configure ONS 3B Step 2 Oiscover Capab bes Di Step 3 View Intel AMT Capable Computers ST Step 4 Create Profie Step S Generate Security Keys Step 6 Configure Automate Profile Assignments Step 7 Monitor Provisioning Process Step 8 Monitor Profile Assignments O Enabie Security MLS Pitp attirisbox trvpro local Akiris Console JDef ait aspx ConsoleGuidm 3f 4a6b67 250b 42 ad B 186 fe2f49496 7070New ida zjx BE LY Bage C Toos Live Search AD eitirisbox trvpeo tocal TRVPERO Administrator f gt Manage Profiles Profile ID Profile Name Devices Description Detault prole detault_3 amp C Section 2 Intel AMT Tasks Reports CJ Tasks fe R itolofi 5 My Favorites Papar 1 rly Rows per page la B Alteis Console Home a yee Mt a ee ea eee 20 Select the icon with the arrow pointing out to Export Security Keys to USB Key gt Altiris Console 6 5 Windows Internet Explorer We DE Zp Akiris Console 6 5 C altiris console Home View Manage dul n 3 amp Out of Band Management S Ej Aet Standard Format Getting Started amp J Collections O Configuration S E Intel AMT Gettng Started S Section i Provisioning O Basic Provisioning without TLS Step 1 Configure ONS P Step 2 Oscover Capeb bes Di Step 3 View Intel AMT Capable Computers ST Step
45. anagement Application The default console package provided is the Dell Client Management DCM application This section provides the procedure to set up and configure Intel AMT with the DCM package As mentioned earlier in the document several other packages are available through third party vendors The computer must be configured and seen by the DNS server before you begin this process Also a USB storage device is required and must conform to the requirements listed in the previous section The nature of management software is that it is not always dynamic or real time In fact sometimes if you tell a computer to do something such as to reboot you may have to reboot again for it to work Setup and Configuration Using a USB Storage Device 1 Format a USB device with the FAT16 file system and no volume label and then set it aside JM NE ME ME TACUE uu Format Removable Disk E Ax Name Type 0 1l 243 MB System Tasks A Hard Disk Drives File system gl View system information amp LocalDisk C Local Disk 15 Add or remove programs FAT E Devices with Removable Storage pots n Allocation unit size ij Eject this disk Bcd Drive D CD Drive mm TTI oo ahle Dick Default allocation size Other Places A fpem Volume label Sy My Network Places Search My Documents AutoPlay G Control Panel sd Format options IV i ormat L Enable Compression Details a Amii Eject
46. atabase and uses the PPS and PID to generate a TLS Pre Master Secret TLS is optional For secure and encrypted transactions use TLS if the infrastructure is available If you do not use TLS then HTTP Digest is used for mutual authentication HTTP Digest is not as secure as TLS The SCS logs into the Intel AMT computer with the username and password and provisions the following required data items New PPS and PID for future setup and configuration TLS certificates Private keys Current date and time HTTP Digest credentials HTTP Negotiate credentials The computer goes from the setup state to the provisioned state and then Intel AMT is fully operational Once in the provisioned state the computer can be remotely managed Back to Contents Page Back to Contents Page Intel Management Engine BIOS Extension MEBx Dell Systems Management Administrator s Guide intel MEBx Overview E Configuring the Intel Management Engine ME E Configuring Your Computer to Support Intel AMT Features MEBx Default Settings MEBx Overview The Intel Management Engine BIOS Extension MEBx provides platform level configuration options for you to configure the behavior of Management Engine ME platform Options include enabling and disabling individual features and setting power configurations This section provides details about MEBx configuration options and constraints if any All the ME Configuration setting changes are not
47. cached in MEBx They are note committed to ME nonvolatile memory NVM until you exit MEBx Hence if MEBx crashes the changes made until that point are NOT going to be committed to ME NVM K NOTE Briscoe AMT is shipped in enterprise mode as default Accessing MEBx Configuration User I nterface The MEBx configuration user interface can be accessed on a computer through the following steps 1 Turn on or restart your computer 2 When the blue DELL logo appears press Ctrl p immediately If you wait too long and the operating system logo appears continue to wait until you see the Microsoft Windows operating system desktop Then shut down your computer and try again 3 Type the ME password Press Enter The MEBx screen appears as shown below Intel R Management Engine BIOS Extension u2 5 15 0000 Copyright C 2003 06 Intel Corporation All Rights Reserved Intel R ME Configuration Intel R AMT Configuration Change Intel R ME Password Exit ESC J Exit ft Select ENTER Access The main menu presents three function selections Intel ME Configuration Intel AMT Configuration Change Intel ME Password The Intel ME Configuration and Intel AMT Configuration menus are discussed in the following sections First you must change the password before you can proceed through these menus Changing the Intel ME Password The default password is admin and is the same on all newly deployed plat
48. cessed you are prompted with the opposite setting Intel R Management Engine BIOS Extension v2 5 15 0000 Copyright C 2003 06 Intel Corporation All Rights Reserved M S 0 ERR atl COUR NE m Host Mame TCP IP Provisioning Server Provision Model Set PID and PPS Un Provision SOL IDE R secure Firmware Update ESC J Exit tb Select ENTER Access Disable Network Interface Y N DHCP Enable Disable DHCP Y N Press lt n gt Intel R Management Engine BIOS Extension v2 5 15 0000 Copyright C 2003 06 Intel Corporation All Rights Reserved INTEL A AMT CONFIGURATION I Host Name TCP IP Provisioning Server Provision Mode Set PID and PPS Un Provision SOL IDE R secure Firmware Update ESC J Exit tL Select ENTER Access DHCP Enabled Disable DHCP Y N Domain Name Type the domain name into the field Intel R Management Engine BIOS Extension v2 5 15 0000 Copyright C 2003 06 Intel Corporation All Rights Reserved M INTEL R ANT CONFIGURATION _ _ _ _ Provision Mode set PID and PPS Un Provision SOLZ IDE R secure Firmware Update Domain name ESC Exit ENTER Submit 8 Select Provision Model from the menu Press lt Enter gt 9 The following message appears The following message appears Change to Intel AMT 1 0 Mode Y N Intel R Management Engine BIOS Extension v2 5 15 0000 Copyright C 2003 06 Inte
49. date channel is always enabled only if Intel AMT is in un provision state A boot cycle Restricted Joes not change enabled to disabled Always Open qualifies the override counter and allows local ME firmware updates The override counter is a value set in the factory that by default allows local ME firmware updates The Never Open and Restricted options disqualify the override counter and do not allow local ME firmware updates unless explicitly permitted with the Intel ME Firmware Local Update option Selecting Never Open or Restricted adds the Intel ME Firmware Local Update option which can be set to Enable or Disable By default it is disabled LAN Controller Many OEMs platforms supply a BIOS setup option to enable or disable the integrated LAN controller In an ME operating system with AMT or ASF Alert Standard Format capabilities the LAN controller is shared between the ME and host and must be enabled for AMT to work correctly Disabling the controller may unintentionally affect the ME subsystem functionality Therefore you should not disable the LAN controller as long as the ME uses it to provide AMT or ASF However if the platform s integrated LAN controller BIOS option is set to None then the LAN Controller option on the ME Platform Configuration menu has Enabled and Disabled options Intel R Management Engine BIOS Extension v2 5 15 0000 Copyright C 2003 06 Intel Corporation All Rights Reserved Intel R ME State Contr
50. e Flash Serial Over LAN SOL and IDE Redirection IDE R Error Messages This section describes a few basic troubleshooting steps to follow if problems are experienced with the Intel AMT configuration Return to Default Un Provisioning Return to default is also known as un provisioning An Intel AMT setup and configured computer can be un provisioned using the Intel AMT Configuration screen and the Un Provision option Follow the steps below to un provision a computer 1 Select Un Provision and then select Full Un provision Full un provisioning is available for SMB Mode provisioned computers This option returns all Intel AMT configuration settings to factory defaults and does NOT reset ME configuration settings or passwords Full and partial un provisioning is available for Enterprise Mode provisioned computers Partial un provisioning returns all Intel AMT configuration settings to factory defaults with the exception of the PID and PPS Partial un provisioning does NOT reset ME configuration settings or passwords An un provisioning message displays after about 1 minute After un provisioning completes control is passed back to the Intel AMT Configuration screen Provisioning Server Set PI D and PPS and Set PRTC options are available again because the computer is set to the default Enterprise Mode 2 Select Return to previous menu 3 Select Exit and then press lt y gt The computer restarts Firmware Flash Flash the fir
51. eGuide 3f aaBbG7 2506 428d 8186 fe2f42a9e 707b VewGade v 6 X love Search p gt We Se Zp akris Conscle 6 5 FE oeae e Toos altiris console dL 3 Ej Out of Band Management GE Eg Aet Standard Format Getting Started z i C Colectons Intel AMT Getting Started t Configuration Name Type Description TZIE d By Modified Date S amp Intel AMT Geteng Started Section 1 Provisioning Folder TRVPRONVAdministretor 6 14 2007 1 17 14 PM C Section 1 Provisioning Section 2 Intel AMT Tasks Folder TRVPROVAdministretor 6 14 2007 1 17 13 PM I Section 2 Intel AMT Tasks O Reports O Tasks Favorites r a E My Favorites Bh Altris Console Home Roms 1to20f2 Page 1 of 1 Rows per page Al puc ie cT Wu a A EE mBESMDR a EUN 6 Click the plus to expand the Basic Provisioning without TLS section gt Altiris Console 6 5 Windows Internet Explorer Go Zo rtp tfatiniebox trvpro local Akiris Console Del aut aspx ConsoleGuid 3f aaBbG7 2506 42ad 8186 fe2f40a0e 7076 VewGader v X We dE 7 Aliis Console 6 5 altiris console Home View Manage Tools Reports Configure Help gt 4h S Out of Band Management i t F t t auc cR Intel AMT Getting Started O Configuration S amp Intel AMT Gettng Started 3 C Section 1 Provisioning amp C Basic Provisioning without TLS O Ensbie Security 7 5 amp Secton 2 Intel t AMT Tasks
52. eis Console Home confiqured FQON from the DHCP option 81 This works only if the DNS and DHCP are zi The IP address for the ProvisionServer and Intel SCS are now visible amp E Outof Band Management S Ej aet Standard Format Getting Started amp CJ Collections amp CJ Confg raton amp E Intel AMT Get ng Started amp Section i Provisioning S O Basi Provisioning without TLS Si Step 1 Configure ONS Bp Step 2 Oscover Capsbitbes Gi Siep 3 View Intel AMT Capable Computers Step 4 Create Profle Step 5 Generate Security Keys Step 6 Configure Automate Profile Assignments Step 7 Monitor Provisioning Process Step 8 Monitor Profle Assignments amp O Enade Security MS amp C Section 2 Intel AMT Tasks O Reports amp C3 Tass DNS Configuration Intel AMT device setup and configuration requires the presence of a Domain Name System DNS Server The DNS must have information for two entities The computer running Intel SCS Server must be registered in the DNS e A configured operational Intel AMT device must be registered within DNS Intel SCS The Notification Server with Out of Band Management Solution installed with i e Intel SCS Server is running on this computer must be registered in the DNS as ProvisionServer This must be done in each DNS Domain When it sends its Hello message the Intel AMT device first uses the domain name received from the DHCP ser
53. el AMT device setup and configuration requires the presence of a Domain Name System DNS Server The DNS must have information for two entities The computer running Intel SCS Server must be registered in the DNS e A configured operational Intel AMT device must be registered within ONS Intel SCS The Notification Server with Out of Band Management Solution installed with i e Intel SCS Server is running on this computer must be registered in the ONS as ProvisionServer This must be done in each DNS Domain When it sends its Hello message the Intel AMT device first uses the domain name received from the DHCP server If there is more than one SCS in the domain the DNS will alternate between the servers If there are multiple SCS instances or the server platform has a different name then CNAME records need to be added to the DNS Click on the Test button below to verify that DNS has the ProvisionServer entry and that it resolves to the correct Intel SCS Server Resolved ProvisionServer IP 192 168 20 10 Resolved Intel SCS IP 192 168 20 10 Intel AMT Devices Ensure that the DNS is configured with the Fully Qualified Domain Names FQDN of the Intel AMT enabled machines that are being configured Intel AMT devices must be configured to have the same FQON as the host OS This stems from the fact the Intel AMT device is not a secure DNS client and it relies on the host OS to maintain the DNS record For this rea
54. ement The WebGUI is often used as a test to determine if Intel AMT setup and configuration was performed properly on a computer A successful remote connection between a remote computer and the host computer running the WebGUI indicates proper Intel AMT setup and configuration on the remote computer The Intel AMT WebGUI is accessible from any Web browser such as the Internet Explorer or Netscape applications Limited remote computer management includes Hardware inventory Event logging Remote computer reset Changing of network settings Addition of new users WebGUI support is enabled by default for SMB setup and configured computers WebGUI support for Enterprise setup and configured computers is determined by the setup and configuration server Information on using the WebGUI interface is available on the Intel website at www intel com Follow the steps below to connect to the Intel AMT WebGUI on a computer that has been configured and set up 1 2 3 Turn on an Intel AMT capable computer that has completed Intel AMT setup and configuration Launch a Web browser from a separate computer such as a management computer on the same subnet as the Intel AMT computer Connect to the IP address specified in the MEBx and port of the Intel AMT capable computer example http ip_address 16992 or http 192 168 2 1 16992 By default the port is 16992 Use port 16993 and https to connect to the Intel AMT WebGUI on a computer that
55. en set up Intel AMT is ready to receive Enterprise mode configuration settings from a configuration service Provisioned state The provisioned state is a fully configured state in which the Intel Management Engine ME has been configured with power options and Intel AMT has been configured with its security settings certificates and the settings that activate the Intel AMT capabilities When Intel AMT has been configured the capabilities are ready to interact with management applications Methods for Completing the Provisioning Process The computer has to be configured before the Intel AMT capabilities are ready to interact with management application There are two methods to complete the provisioning process in order from least complex to most complex Configuration service A configuration service allows you to complete the provisioning process from a GUI console on their server with only one touch on each of the Intel AMT capable computers The PPS and PID fields are completed using a file created by the configuration service saved to a USB device MEBx interface The IT administrator manually configures the Management Engine BIOS Extension MEBx settings on each Intel AMT ready computer The PPS and PID fields are completed by typing the 32 character and 8 character alpha numeric keys created by the configuration service into the MEBx interface Back to Contents Page Back to Contents Page Provisioning Completing the
56. ey file first configure settings and click Generate file and then click Download USB key fie Place downloaded file to the USB Storage Device Available 6 27 2007 11 12 43 AM cse http Jakirigbox trvpro Jocall Aris OOBSC SecurtyMEBxSettingsPage aspi e Internet p a Click Save in the File Download dialog box I x aa ean a dr eee Lee See eae Nama setup bin Typa Unknown File Typa 25 5KB Frome akirisbox trypro local m i Whe fles from the Intemet can be useful some files can potertialy e ham your computer If vou do not trust the source do not find a program to open this fle or save this fle What s the tisk b Verify the Save in location is directed to the USB device Click Save SA ux Save in Removable Disk E df c Click Close in the Download complete dialog box iix Dowrlosd Complete sebup bin from altirisbox trvpeo local PTET TTT Downloaded 25 5KB in 1 sex Downlosd to E setup bin Transfer rate 25 SKB Sec Klose this dialog box when download completes de sente Gn The setup bin file is now visible in the drive explorer window e zigixi Ble Edt yew Favorkes Joos Heb F seach Folders m Address we E Em Name Siza Type Date Modified Attributes File and Folder Tasks Y f setup bin 26KB BINFie 6 27 2007 11 12AM A Other Places Y Details a Removable Disk E Removable Dish File System FAT 27 Close the
57. face Y N Press n If the network is disabled then all remote AMT capabilities are disabled and TCP IP settings are not necessary This option is a toggle and the next time it is accessed you are prompted with the opposite setting Intel R Management Engine BIOS Extension v2 5 15 0000 Copyright C 2003 06 Intel Corporation All Rights Reserved M S 0 ERR atl COUR NE m Host Mame TCP IP Provisioning Server Provision Model Set PID and PPS Un Provision SOL IDE R secure Firmware Update ESC J Exit tb Select ENTER Access Disable Network Interface Y N DHCP Enable Disable DHCP Y N Press lt n gt Intel R Management Engine BIOS Extension v2 5 15 0000 Copyright C 2003 06 Intel Corporation All Rights Reserved n AO NEL ANT CONFIGURATION _ Host Name TCP IP Provisioning Server Provision Model Set PID and PPS Un Provision SOL IDE R secure Firmware Update ESC J Exit Bg S ESTA TU ENTER Access DHCP Enabled Disable DHCP Y N Domain Name Type the domain name into the field Intel R Management Engine BIOS Extension y2 5 15 0000 Copyright C 2003 06 Intel Corporation All Rights Reserved C INTEL R AMT CONFIGURATION Host Name Provisioning Server Provision Model set PID and PPS Un Provision SOL IDE R secure Firmware Update Domain name ESC Exit ENTER Submit 6 Select Provision Server from the menu Press lt
58. figurations Example in DHCP Mode Intel AMT Configuration Parameters Values Intel AMT Configuration Select and press lt Enter gt Example IntelAMT most NAME This is the same as the operating system machine name Set the parameters as follows TCP IP Enable Network interface Enable DHCP Mode Set a domain name e g amt intel com Intel AMT 2 6 Mode Provision Model Small Business Enable SOL SOL I DE R Enable IDE R Remote FW Update Enabled Save and exit MEBx and then boot the computer to the Microsoft Windows operating system I ntel AMT in Static Mode Settings Example The table below shows a basic field settings example for the Intel AMT Configuration menu page to configure the computer in static mode The computer requires two MAC addresses GBE MAC address and Manageability MAC Address to operate in static mode If there is no Manageability MAC address Intel AMT cannot be set in static mode I ntel AMT Configurations Example in Static Mode Intel AMT Configuration Parameters I ntel AMT Configuration Select and press Enter Host Name Example IntelAMT Set the parameters as follows Enable Network interface Disable DHCP Mode Set an IP address e g 192 168 0 15 TCP IP Set a subnet mask e g 255 255 255 0 The default gateway address is optional The preferred DNS address is optional The Alternate DNS address is optional Set the domain name for example amt intel com Intel A
59. forms You must change the default password before changing any feature configuration options The new password must include the following elements Eight characters One uppercase letter One lowercase letter A number A special nonalphanumeric character such as or excluding the and characters The underscore and spacebar are valid password characters but do NOT add to the password complexity Configuring the Intel Management Engine ME To reach the Intel Management Engine ME Platform Configuration page follow these steps 1 Under the Management Engine BIOS Extension MEBx main menu select ME Configuration Press Enter 2 The following message appears System resets after configuration changes Continue Y N 3 Press Y The ME Platform Configuration page opens This page allows you to configure the specific functions of the ME such as features power options and so on Below are quick links to the various sections Intel ME State Control Intel ME Firmware Local Update Intel ME Features Control o Manageability Feature Selection o LAN Controller Intel ME Power Control o Intel ME ON in Host Sleep States Intel R Management Engine BIOS Extension u2 5 15 0000 Copyright C 2003 06 Intel Corporation All Rights Reserved Intel R ME State Control Intel R ME Firmware Local Update LAN Controller Intel R ME Features Control Intel R ME Power Control Retu
60. guration Overview Dell Systems Management Administrator s Guide Terms Setup and Configuration States Terms The following is a list of important terms related to the Intel AMT setup and configuration Setup and configuration The process that populates the Intel AMT managed computer with usernames passwords and network parameters that enable the computer to be administered remotely Provisioning The act of setting up and fully configuring Intel AMT Configuration service A third party application that completes the Intel AMT provisioning for the Enterprise operational mode Intel AMT WebGUI A Web browser based interface providing limited remote computer management Operational modes Intel AMT can be set up for use in either Enterprise mode for large organizations or Small and Medium Business SMB mode also called provisioning models Enterprise mode requires a configuration service to complete provisioning SMB mode is set up manually does not require much infrastructure and completes provisioning through the Intel ME BIOS Extension MEBx Enterprise mode Once Intel AMT is set up in Enterprise mode it is ready to initiate configuration of its own capabilities When all required network elements are available simply connect the computer to a power source and the network and Intel AMT automatically initiates its own configuration The configuration service a third party application com
61. has been configured and set up in the Enterprise mode If DHCP is used then use the fully qualified domain name FQDN for the ME The FQDN is the combination of the host name and domain example http host_name 16992 or http system1 16992 The management computer makes a TCP connection to the Intel AMT capable computer and accesses the top level Intel AMT embedded Web page within the Management Engine of the Intel AMT capable computer Type the username and password The default username is admin and the password is what was set during Intel AMT setup in the MEBx Review the computer information and make any necessary changes You can change the MEBx password for the remote computer in the WebGUI Changing the password in the WebGUI or a remote console results in two passwords The new password known as the remote MEBx password only works remotely with the WebGUI or remote console The local MEBx password used to locally access the MEBx is not changed You have to remember both the local and remote MEBx passwords to access the computer MEBx locally and remotely When the MEBx password is initially set in Intel AMT setup the password serves as both the local and remote password If the remote password is changed then the passwords are out of sync 6 Select Exit Back to Contents Page
62. he following message appears figuration change Continue Y N System resets after coni Press lt y gt Intel R Management Engine BIOS Extension vZ 5 15 0000 Copyright C 2003 06 Intel Corporation All Rights Reserved d AE ih Ne Intel R ME Configuration Intel R AMT Configuration Change Intel R ME Password Exit ESC Exit tl Select ENTER Access Caution System resets after configuration changes Continue Y N Intel ME State Control is the next option The default setting for this option is Enabled Do not change this setting to Disabled If you want to disable 6 Intel AMT change the to None Intel R Management Engine BIOS Extension u2 5 15 0000 Copyright C 2003 06 Intel Corporation All Rights Reserved Intel R ME Firmware Local Update LAN Controller Intel R ME Features Control Intel R ME Power Control Return to Previous Menu ESC Exit RESENA ENTER Access DISABLED x ENABLED 7 Select Intel ME Firmware Local Update Press lt Enter gt 8 Select Disabled Press lt Enter gt The default setting for this option is Disabled Intel R Management Engine BIOS Extension v2 5 15 0000 Copyright C 2003 06 Intel Corporation All Rights Reserved Intel R ME State Control Intel R ME Firmware Local LAN Controller Intel R ME Features Control Intel R ME Power Control Return to Previous Menu ESC Exit 11 Select ENTER Access 9 Select Intel
63. l Management Engine Password Intel ME Password admin New Intel Management Engine Password This password is either uploaded from USB key or typed in manually into the Management Engine BIOS Extension screen Intel ME Password pei123 Export Result To create and download USB key file first configure settings and click Generate file and then click Download USB key file Place downloaded file to the USE Storage Device Avadable No data exported yet Ce Close http Jakirisbox trvpro local Airis OOBSC SecurtyMEBxSettingsPage aspi Internet A 25 Insert the previously formatted USB device into a USB connector on the ProvisioningServer 26 Click the Download USB key file link to download setup bin file to the USB device The USB device is recognized by default save the file to the USB device If additional keys are needed in the future the USB device must be reformatted before saving the setup bin file to it Altiris Console Webpage Dialog Export Security Keys to USB Key 4 altiris Only selected C Generate keys before export Generate Security Keys Number of security keys to generate so Factory Default Intel Management Engine Password Intel ME Password admin New Intel Management Engine Password This password is either uploaded from USB key or typed in manually into the Management Engine BIOS Extension screen Intel ME Password pei123 Export Result To create and download USB k
64. l Corporation All Rights Reserved INTEL R AMT CONFIGURATION J Host Name TCP IP Provisioning Server Provision Model set PID and PPS Un Provision SOLZ IDE R secure Firmware Update ESC J Exit ti Select ENTER Access Umtel R AMT 2 5 Mode l Change to Intel R AMT 1 0 Mode Y N Press lt y gt Intel R Management Engine BIOS Extension v2 5 15 0000 Copyright C 2003 06 Intel Corporation All Rights Reserved INTEL R AMT CONFIGURATION Host Name TCP IP Provisioning Server Provision Mode set PID and PPS Un Provision SOL IDE R secure Firmware Update ESC Exit t Select ENTER Access Enterprise ET Change to Small Business Y N 10 Skip the Un Provision option This option returns the computer to factory defaults See 11 Select SOL I DE R Press Enter Intel R Management Engine BIOS Extension v2 5 15 0000 Copyright C 2003 06 Intel Corporation All Rights Reserved INTEL R AMT CONFIGURATION B Host Name TCP IP Provision Model Un Provision Senare oe Update set PRTC Idle Timeout ESC J Exit BE S ESTA TU ENTER Access 12 The following messages appear and require the response indicated in the following bulleted list Caution System resets after configuration changes Continue Y N Press lt y gt for more information about unprovisioning Intel R Management Engine BIOS Extension y2 5 15 0000 Copyright C 2003 0
65. lp gt 4 S r 2 65 outor Sond on Olr erat z Manage Security Keys O Config E3 intel AMT ta PID PPS Factory Default Password New Password 3 C Sect Step 1 Configure ONS ay Step 2 Discover Capab bes gi Steo 3 Vew Intel X AMT Caoaoe Compubers dT Step Create Profe Step 5 Generate Security Keys p Step S Generate Security Ke Step 6 Configure Automatic Profile Assignments 07 5 60 8 BCE e Secu t 5 C Sects te O Reports 2 O tas Favorites s 3 My Favorites Filter by PID Fitter by PPS 5 Aliris Console Howe Done p O intar Ai 33 Verify that the setting setting is enabled In the Intel AMT 2 0 dropdown select the profile created previously Configure the other settings for the environment G6 A Z vet etrisbox trvpro local As Console Def a aspr ConsoleGukde aab 250b 42ad 8186 le2H4 967078 ew Get ps m E Out of Banc Management amp Ej Aert Standard Format Getting Started w O Collections O Configuration amp C Section i Provisioning Waw profite axsignmentz will be created automatically for ait entere UM Sen jn unprovizioned state and have amp O Basic Provisioning without TLS Fully Qualified Domain Name FQDN found in the Server databaze based on the system UID Step 1 Configure Ones ACCU 10 Lees default 3 d Step 2 Discover Capabiibes i Di Step 3 view Intel AMT Capable Computers i ST Step Create Profle
66. main name Explaining these terms is beyond the scope of this document Intel R Management Engine BIOS Extension v2 5 15 0000 Copyright C 2003 06 Intel Corporation fill Rights Reserved Host Name TCP IP Provisioning Server Provision Mode set PID and PPS Un Provision SOL IDE R Secure Firmware Update ESC J Exit ti Select ENTER Access The Intel AMT Configuration page contains the user configurable options listed below For images of these menu options see Enterprise Mode and SMB Mode Menu Options Host Name Un Provision TCP IP SOL IDE R Provisioning Server Secure Firmware Update Provision Model Set PRTC Set PID and PPS Idle Timeout Host Name A hostname can be assigned to the Intel AMT capable computer This is the host name of the Intel AMT enabled computer If Intel AMT is set to DHCP the host name MUST be identical to the operating system machine name TCP IP Allows you to change the following TCP IP configuration of Intel AMT Network interface ENABLE DISABLED If the network interface is disabled all the TCP IP settings are no longer needed DHCP Mode ENABLE DISABLED If DHCP Mode is enabled TCP IP settings are configured by a DHCP server If DHCP mode is disabled the following static TCP IP settings are required for Intel AMT If a computer is in static mode it needs a separate MAC address for the Intel Management Engine This extra MAC address is of
67. mware to upgrade to newer versions of Intel AMT The automatic flash feature can be disabled by selecting Disabled under the Secure Firmware Update setting in the MEBx interface The firmware flash when available is located on the support dell com site for download The firmware CANNOT be flashed to an older version or to the current version installed The firmware flash is available on the support dell com site for download Serial Over LAN SOL and I DE Redirection 1 DE R If you cannot use IDE R and SOL follow these steps At the initial boot screen press Ctrl p to enter the MEBx screens A prompt for the password appears Enter the new Intel ME password Select Intel AMT Configuration Press Enter Select Un Provision Press Enter Select Full Unprovision Press Enter Reconfigure the settings on the Intel AMT Configuration screen O0 Ure Error Messages Not able to enter the MEBx on POST The MEBx requires the DI MM A slot to be populated otherwise the following message appears upon POST and you are unable to enter the MEBx interface Bad ME memory configuration K NOTE DIMM A is located beneath the keyboard For instructions on accessing this slot refer to your User s Guide Back to Contents Page Back to Contents Page Using the Intel AMT WebGUI Dell Systems Management Administrator s Guide The Intel AMT WebGUI is a Web browser based interface for limited remote computer manag
68. n fill Rights Reserved Intel R ME State Control Intel R ME Firmware Local LAN Controller Intel R ME Features Control Intel R ME Power Control Return to Previous Menu ESC Exit 11 Select ENTER Access 9 Select Intel ME Features Control Press lt Enter gt Intel R Management Engine BIOS Extension v2 5 15 0000 Copyright C 2003 06 Intel Corporation All Rights Reserved INTEL R ME PLATFORM CONFIGURATION Intel R ME State Control Intel R ME Firmware Local Update LAN Controller Intel R ME Power Coste Return to Previous Menu ESC Exit tl Select ENTER l Access 10 Manageability Feature Selection is the next option This feature sets the platform management mode The default setting is Intel AMT Selecting the None option disables all remote management capabilities Intel R Management Engine BIOS Extension y2 5 15 0000 Copyright C 2003 06 Intel Corporation All Rights Reserved 0 0 0 8 ME FEATURES CONTROL l_ Tanageabiity Feature Selection Return to Previous Menu ESC IJ Exit th Select ENTER Access si e x Intel R AMT ASF 11 Select Return to Previous Menu Press lt Enter gt Intel R Management Engine BIOS Extension v2 5 15 0000 Copyright C 2003 06 Intel Corporation All Rights Reserved INTEL R ME FEATURES CONTROL Manageability Feature Selection ESC Exit tt Select ENTER l Access 12 Select Intel ME Power Control Press lt
69. naging the networked computer assets within their company Features and Benefits Intel AMT Features Out of band 00B access Remote troubleshooting and recovery Proactive alerting Remote hardware and software asset tracking Increases speed and accuracy over manual inventory tracking reducing asset accounting costs Third party nonvolatile storage Increases speed and accuracy over manual inventory tracking reducing asset accounting cost The Intel Management Engine BIOS Extension MEBx is an optional ROM module provided to Dell from Intel that is included in the Dell BIOS The MEBx has been customized for Dell computers Back to Contents Page Back to Contents Page Redirecting Serial and IDE Communications Dell Systems Management Administrator s Guide Intel AMT makes it possible to redirect serial and IDE communications from a managed client to a management console regardless of the boot and power state of the managed client The client need only have the Intel AMT capability a connection to a power source and a network connection Intel AMT supports Serial Over LAN SOL text keyboard redirection and IDE Redirection IDER CD ROM redirection over TCP IP Serial Over LAN Overview Serial Over LAN SOL is the ability to emulate serial port communication over a standard network connection SOL can be used for most management applications where a local serial port connection is normally required When an active SOL
70. o USB drive key or setup bin file is found then restart the computer Ignore the remaining steps 7 The computer BIOS displays a message that automatic setup and configuration will occur o The first available record in the setup bin file is read into memory The process accomplishes the following n Validates the file header record n Locates the next available record n If the procedure is successful the current record is invalidated so it cannot be used again o The process places the memory address into the MEBx parameter block o The process calls MEBx 8 MEBx processes the record 9 MEBx writes a completion message to the display 10 The IT technician turns off the computer The computer is now in the setup state and is ready to be distributed to users in an Enterprise mode environment 11 Repeat step 5 if you have more than one computer Refer to the management console supplier for more information on USB drive key setup and configuration USB Storage Device Key Requirements The USB storage device key must meet the following requirements to be able to set up and configure Intel AMT It must be greater than 16 MB It must be formatted with the FAT16 file system The sector size must be 1 KB The USB drive key is not bootable The setup bin file must be the first file landed on the USB drive key The USB key must not contain any other files whether hidden deleted or otherwise Configuring Intel AMT With the Dell Client M
71. ol Intel R ME Firmware Local Update LAN Controller Intel R ME Features Control Intel R ME Power Control Return to Previous Menu ESC Exit BE RENTA Tn ENTER Access DISABLED x ENABLED When you select the LAN Controller option on the ME Platform Configuration menu when the ME feature Intel AMT or Intel QST is selected the following message displays Please set Manageability Feature to None before changing this option For the ME platform client the default LAN Controller setting is Enabled Intel R Management Engine BIOS Extension v2 5 15 0000 Copyright C 2003 06 be Corporation All Rights Reserved INTEL R ME PLATFORM CONFIGURATION J Intel R Ht State Control Intel R ME Firmware Local Update LAN Controller Intel R ME Features Contro Intel R ME Power Control Return to Previous Menu ESC Exit tl Select ENTER Access Please set Manageability Feature to NONE before changing this option Intel ME Features Control The ME Features Control menu contains the following configuration selection Manageability Feature Selection When you select the Manageability Feature Selection option on the ME Features Control menu the ME Manageability Feature menu appears Intel R Management Engine BIOS Extension v2 5 15 0000 Copyright C 2003 06 Intel Corporation All Rights Reserved D NTEL R ME FEATURES CONTROL J geability Feature Selection Return to Previous Menu ESC Exit tl
72. oration all Rights Reserved INTELCR AMT CONFIGURATION Host Name TCP IP Provision Model Un Provision Secure Firmuare Update set PRTC Idle Timeout IESC zExit f1 Select ENTER Access IDE Redirection E x ENABLED 13 Secure Firmware Update is the next option The default setting is Enabled Intel R Management Engine BIOS Extension v2 5 15 0000 Copyright C 2003 06 Intel Corporation All Rights Reserved ESC Exit 14 Skip Set PRTC INTEL R AMT CONFIGURATION Host Haie TCP IP Provision Model Un Provision SUL IDE R Set PRTC Idle Timeout ttl Select ENTER Access Intel R Management Engine BIOS Extension y2 5 15 0000 Copyright C 2003 06 Intel Corporation all Rights Reserved INTEL R ANT CONFIGURATION M Host Name TCP IP Provision Model Un Provision SOLZ IDE R secure Firmware Update Idle Timeout Enter PRTC in GMT UTC format C YYY MM DD HH MM SS ESC Exit 15 Idle Timeout is the next option The default setting is 1 This timeout is applicable only when a WoL option is selected in ENTER Submit enabling the ME for SMB operating mode lt of the process for Intel R Management Engine BIOS Extension v2 5 15 0000 Copyright C 2003 06 Intel Corporation All Rights Reserved INTEL R AMT CONFIGURATION TCP IP Provision Model Un Provision SOL IDE R Secure Firmware Update Set PRTC Return to Previous Menu Timeout Value 0
73. pletes the process for you Intel AMT is then ready for remote management This configuration typically takes only a few seconds When Intel AMT is set up and configured you can reconfigure the technology as needed for your business environment SMB mode Once Intel AMT is set up in SMB mode the computer does not have to initiate any configuration across the network It is set up manually and is ready to use with the Intel AMT WebGUI You must set up and configure Intel AMT in a computer before using it Intel AMT setup readies the computer for Intel AMT mode and enables network connectivity This setup is generally performed only once in the lifetime of a computer When Intel AMT is enabled it can be discovered by management software over a network Setup and Configuration States An Intel AMT capable computer can be in one of three setup and configuration states Factory default state The factory default state is a fully unconfigured state in which security credentials are not yet established and Intel AMT capabilities are not yet available to management applications In the factory default state Intel AMT has the factory defined settings Setup state The setup state is a partially configured state in which Intel AMT has been set up with initial networking and transport layer security TLS information an initial administrator password the provisioning passphrase PPS and the provisioning identifier PID When Intel AMT has be
74. r the Enterprise operating mode setting must be used in TENTER Submit gt of the process for Intel R Management Engine BIOS Extension v2 5 15 0000 Copyright C 2003 06 Intel Corporation All Rights Reserved INTEL R AMT CONFIGURATION Provisioning Server Provision Model Set PID and PPS Un Provision SOLZ IDE R secure Firmware Update Set ii Timeout Value 0 65535 1 ESC Exit ENTER Submit 15 Select Return to Previous Menu Press lt Enter gt Intel R Management Engine BIOS Extension v2 5 15 0000 Copyright C 2003 06 Intel Corporation all Rights Reserved INTEL R AMT CONFIGURATION Provision Model Set PID and PPS Un Provision SOL IDE R secure Firmware Update Set PRTC Idle Timeout Return to Previous Menu ESC J Exit tL Select ENTER Access 16 Select Exit Press lt Enter gt Intel R Management Engine BIOS Extension v2 5 15 0000 Copyright C 2003 06 Intel Corporation All Rights Reserved SSS Intel R ME Configuration Intel R AMT Configuration M ESC Exit tl Select ENTER Access 17 The following message appears Are you sure you want to exit Y N Press lt y gt Intel R Management Engine BIOS Extension v2 5 15 0000 Copyright C 2003 06 Int All Rights Reserved Intel R ME Configuration Intel R AMT Configuration Change Intel R ME Password Exit ESC J Exit tl Select
75. rganizations This is an advanced networking mode that supports Transport Layer Security TLS which requires a configuration service Enterprise mode allows IT administrators to set up and configure Intel AMT securely for remote management The Dell computer is defaulted to Enterprise mode when it leaves the factory The mode can be changed during the setup and configuration process Small Medium Business SMB mode This mode is a simplified operational mode that does not support TLS and does not require a setup application SMB mode is for customers who do not have independent software vendor ISV management consoles or the necessary network and security infrastructures to use encrypted TLS In SMB mode Intel AMT setup and configuration is a manual process completed through the Intel ME BIOS Extension MEBx This mode is the easiest to implement since it does not require much infrastructure but it is the least secure since all network traffic is not encrypted Intel AMT Configuration sets up all other Intel AMT options not covered in Intel AMT Setup such as enabling the computer for Serial Over LAN SOL or IDE Redirect IDE R You can change the settings modified in the configuration phase many times over the course of a computer s life span Changes can be made to the computer locally or through a management console Enterprise Mode Provisioning Methods There are two methods of provisioning a computer with Enterprise mode Legacy
76. rn to Previous Menu ESC Exit th Select ENTER Access I ntel ME State Control When the ME State Control option is selected on the ME Platform Configuration menu the ME State Control menu appears You can disable ME to isolate the ME computer from main platform until the end of the debugging process Intel R Management Engine BIOS Extension v2 5 15 0000_ Copyright C 2003 06 Intel Corporation All Rights Reserved INTEL C ME PI RTPURM CONF GURATION J Intel R ME HIT Local Update LAN Controller Intel R ME Features Contro Intel R ME Power Control Return to Previous Menu ESC Exit tl Select LENTERJ Access ENABLED When enabled the ME State Control option lets you disable ME to isolate the ME computer from the main platform while debugging a field malfunction The table below illustrates the details of the options ME Platform State Control po Desitin Enabled Enable the Management Engine on the platform Disabled Disable the Management Engine on the platform In fact the ME is not really disabled with the Disabled option Instead it is paused at the very early stage of its booting so the computer has no traffic originating from the ME on any of its busses ensuring that an you can debug a computer problem without worrying about any role the ME might have played in it Intel ME Firmware Local Update This option on the ME Platform Configuration menu sets the policy for allowing the MEBx to be
77. roller Intel R ME caa Control Z TCR ME r GO room DTI to cmt hend ESC I Exit tl Select LENTERJ Access 13 Intel ME ON in Host Sleep States is the next option The default setting is Mobile ON in SO Intel R Management Engine BIOS Extension v2 5 15 0000 Copyright C 2003 06 TROMSUNNGESMUR tS all Rights Reserved INTEL R ME POWER CONTROL l Betiri to Previous Menu ESC Exit tl Select ENTER Access I Mobile j 537AC Mobile j sd AC 4 57AC Mobile in 50 ME WoL in S3 AC Mobile in 50 ME WoL in 53 AC 4 5 AC 14 Select Return to Previous Menu Press lt Enter gt 15 Select Return to Previous Menu Press lt Enter gt Intel R Management Engine BIOS Extension v2 5 15 0000 Copyright C 2003 06 Intel CORPOSO LOREA All Rights Reserved M A ME PLATFORM CONFIGURATION J Intel R ME State Control Intel R ME Firmware Local Update LAN Controller Intel R ME Features Control Tatel s ME Power Control I ESC Exit ERE BESTIA T4 ENTER BED DOES 16 Exit the MEBx Setup and save the ME configuration The computer displays an Intel ME Configuration Complete message and then restarts After the ME configuration is complete you can configure the Intel AMT settings Intel AMT Configuration Enabling I ntel AMT for SMB Mode To enable Intel AMT Configuration settings on the target platform perform the following steps 1 Turn on the computer and during the boot process
78. rs without the problems associated with manually typing in entries USB provisioning only works if the MEBx password is set to the factory default of admin If the password has been changed reset it to the factory default by clearing the CMOS For instructions see System Setup in the User s Guide for your computer The following is a typical USB storage device key setup and configuration procedure For a detailed walk through using Altiris Dell Client Manager DCM see Configuring Intel AMT With the Dell Client Management Application 1 An IT technician inserts a USB drive key into a computer with a management console 2 The technician requests local setup and configuration records from a setup and configuration server SCS through the console 3 The SCS does the following o Generates the appropriate passwords PID and PPS sets n Stores this information in its database n Returns the information to the management console 4 The management console writes the password PID and PPS sets to a setup bin file in the USB drive key 5 The technician takes the USB drive key to the staging area where new Intel AMT capable computers are located The technician then does the following o If necessary npacks and connects computers o Inserts the USB drive key into a computer o Turns on that computer 6 The computer BIOS detects the USB drive key o If found the BIOS looks for a setup bin file at the beginning of the drive key Go to step 7 o If n
79. session is established between an Intel AMT enabled client and a management console using the Intel AMT redirection library the client s serial traffic is redirected through Intel AMT over the LAN connection and made available to the management console Similarly the management console may send serial data over the LAN connection that appears to have come through the client s serial port I DE Redirection Overview IDE Redirection IDER is capable of emulating an IDE CD drive or a legacy floppy or LS 120 drive over a standard network connection IDER enables a management machine to attach one of its local drives to a managed client over the network Once an IDER session is established the managed client can use the remote device as if it were directly attached to one of its own IDE channels This can be useful for remotely booting an otherwise unresponsive computer I DER does not support the DVD format For example I DER is used to boot a client with a corrupt operating system First a valid boot disk is loaded into the management console disk drive This drive is then passed as an argument when the management console opens the IDER TCP session Intel AMT registers the device as a virtual IDE device on the client regardless of its power or boot state Both SOL and IDER may be used together since the client BIOS may need to be configured to boot from the virtual IDE device Back to Contents Page Back to Contents Page Intel AMT Setup and Confi
80. son the Intel AMT device snoops the DHCP requests and responses issued by the host OS The Intel AMT device then uses the IP provided by the DHCP to the host OS as its own When the host OS is down the Intel AMT device requests DNS registration of its confiqured FQON from the DHCP option 81 This works only if the DNS and DHCP are Qi Step 3 view Intel AMT Capable Computers Step 4 Create Profle Step 5 Generate Security Keys Step 6 Configure Automate Profle Assignments Step 7 Monitor Provisioning Process Step 8 Monitor Profle Assignments amp O Enable Security TLS ie O Section 2 Intel AMT Tasks O Reports amp O Tass Bh Altris Console Home 10 Verify that the setting is Enabled If Disabled click the checkbox next to Disabled and click Apply ERE aena e aE a aa 3 Out of Barc Management Out of Band Discovery i Ej Alet Standard Format Getting Started T amp CJ Colections F Enable currently enabled amp O Configuration Name Out of Band Discovery S amp Intel AMT Get ng Started Description tects Out of sity of amp Section i Provisioning S O Basic Prowsioning without TLS Step 1 Configure Ores d Step 2 Discover Capabilities Gi Step 3 view Intel AMT Capable Computers Step 4 Create Profle Step 5 Generate Secunty Keys Step 6 Configure Automate Profile Assignments Step 7 Monitor Provisioning Process Step 8 Monitor Profle Assignments S
81. te e Altiris Console Webpage Dialog x e hitp aktirisbox trvpro local AkirisOOGSC EdKProfleOlg aspx actione add j Configure Intel AMT Setup amp Configuration Service Profile CO altiris 17 The ACL access control list tab is used to review users already associated with this profile and to add new users and define their access privileges e Altiris Console Webpage Dialog P hitp j akirisbox trvpro local Altiris OOBSC EGRProfileOlg aspx7action add Configure Intel AMT Setup amp Configuration Service Profile o altiris 18 The Power Policy tab has configuration options to select the sleep states for Intel AMT and an Idle Timeout setting It is recommended that Idle timeout is always set to 1 for optimal performance e Altiris Console Webpage Dialog P hitp j akirisbox trvpro local AkirisjOOBSC EdKProfileDlg aspx7action add Configure Intel AMT Setup amp Configuration Service Profile CO altiris General Network TLS ACL Power Policy Configure the Profile Power Policy Intel AMT is ON in the following host sleep states Intel AMT is always ON SO SS minutes 19 Select Step 5 Generate Security Keys gt Altiris Console 6 5 Windows Internet Explorer We SE 7 Aris Console 6 5 C altiris console E Out of Band Management B Ej Aet Standard Format Getting Started amp O Collections C3 Configuration S E Intel AMT Geteng Started
82. ten called the Manageability MAC MNGMAC address Without a separate Manageability MAC address the computer can NOT be set to static mode IP address Internet address of the Intel Management Engine Subnet mask The subnet mask used to determine what subnet IP address belongs to Default Gateway address The default gateway of the Intel Management Engine Preferred DNS address Preferred domain name server address Alternate DNS address Alternate domain name server address Domain name Domain name of the Intel Management Engine Provisioning Server Sets the IP address and port number 0 765535 for an Intel AMT provisioning server This configuration only appears for Enterprise Provision Model Provision Model The following provisioning models are available Compatibility Mode Intel AMT 2 6 Intel AMT 1 0 Compatibility mode allows user to switch between Intel AMT 2 6 and Intel AMT 1 0 Provisioning Mode Enterprise Small Business This allows you to select between small business and enterprise mode Enterprise mode may have different security settings than small business mode Because of the different security settings each of these modes requires a different process to complete the setup and configuration process Set PI D and PPS Setting or deleting the PI D PPS causes a partial un provision if the setup and configuration is In process Set PID and PPS Sets the PID and PPS Enter the PID and P
83. the default password before making changes to the MEBx options Intel R Management Engine BIOS Extension v2 5 15 0000 Copyright C 2003 06 Intel Corporation All Rights Reserved MAIN MENU Intel R ME Configuration Intel R AMT Configuration Change Intel R ME Password Exit Intel R Current ME Password ESC Exit ENTER Submit 3 Select Change Intel ME Password Press lt Enter gt Type the new password twice for verification The new password must include the following elements Eight characters One uppercase letter One lowercase letter A number A special nonalphanumeric character such as or excluding the and characters The underscore _ and spacebar are valid password characters but do NOT add to the password complexity Change the password to establish Intel AMT ownership The computer then goes from the factory default state to the setup state Intel R Management Engine BIOS Extension v2 5 15 0000 Copyright C 2003 06 Intel Corporation All Rights Reserved M 71100 02 I 017 te Intel R ME Configuration gt Intel R AMT Configuration Change Intel R ME Password Exit ESC Exit tl Select CENTER Access 4 Select Intel ME Configuration Press lt Enter gt ME Platform Configuration allows you to configure ME features such as power options firmware update capabilities and so on Intel R Management Engine BIOS Extension v2 5 15 0000 Copyright C
84. ure the Intel AMT settings For instructions see Intel AMT Configuration Enabling Intel AMT for Enterprise Mode To enable Intel AMT configuration settings on the target platform perform the following steps 1 Turn on the computer and during the boot process press Ctrl p when the Dell logo screen appears to enter the MEBx application 2 A prompt for the password appears Enter the new Intel ME password 3 Select Intel AMT Configuration Press Enter Intel R Management Engine BIOS Extension v2 5 15 0000 Copyright C 2003 06 Intel Corporation All Rights Reserved MAIN MENU em M ented th ME LL Ub Change intel R ME IU Exit IESCI Exit th Select ENTER Access 4 Select Host Name Press lt Enter gt Then type in a unique name for this Intel AMT machine Press lt Enter gt Spaces are not accepted in the host name Make sure there is not a duplicate host name on the network Host names can be used in place of the computer s IP for any applications requiring the IP address Intel R Management Engine BIOS Extension v2 5 15 0000 Copyright C 2003 06 Intel Corporation All Rights Reserved Ex m EL R AMT CONFIGURATION J TCP IP Provisioning Server Provision Mode set PID and PPS Un Provision SOL IDE R Secure Firmware Update Computer host name ESC Exit ENTER Submit 5 Select TCP IP Press Enter The following messages appear Disable Network Inter
85. ver If there is more than one SCS in the domain the DNS will alternate between the servers If there are multiple SCS instances or the server platform has a different name then CNAME records need to be added to the DNS Click on the Test button below to verify that DNS has the ProvisionServer entry and that it resolves to the correct Intel SCS Server Intel AMT Devices Ensure that the DNS is configured with the Fully Qualified Domain Names FQDN of the Intel AMT enabled machines that are being configured Intel AMT devices must be configured to have the same FQON as the host OS This stems from the fact the Intel AMT device is not a secure DNS client and it rees on the host OS to maintain the DNS record For this reason the Intel AMT device snoops the DHCP requests and responses issued by the host OS The Intel AMT device then uses the IP provided by the DHCP to the host OS as its own When the host OS is down the Intel AMT device requests DNS registration of its confiqured FQON from the DHCP option 81 This works only if the DNS and DHCP are Bh Alteis Console Home 9 Select Step 2 Discovery Capabilities gt Windows Internet Explorer S amp Out of Band Management S Gy Alet Standard Format Getting Started amp CJ Collections amp CJ Confg raton S E Intel AMT Geteng Started amp Section i Provisioning S O Basic Provisioning without TLS L ons DNS Configuration Int
Download Pdf Manuals
Related Search