Compaq 8000 vPro Setup and Configuration for the 8000 Elite Business PC with I
Compaq 8000 - Elite Convertible Minitower PC Manual
UPC - 884420665106
View all Compaq 8000 manuals
Add to My Manuals
Save this manual to your list of manuals |
Compaq 8000 manual content summary:
- Compaq 8000 | vPro Setup and Configuration for the 8000 Elite Business PC with I - Page 1
and Configuration for the 8000 Elite Business PC with Intel vPro Processor Example 13 Setup and Configuration Server 15 Setup and Configuration Server Availability 15 Enterprise Mode in HP Systems 27 Remote Configuration Prerequisites 28 MEBx and Hashes 28 List of Supported CA Certificates - Compaq 8000 | vPro Setup and Configuration for the 8000 Elite Business PC with I - Page 2
Introduction The HP Compaq 8000 Elite Business PC uses Intel vPro processor technology to simplify PC management and reduce IT-related expenditures. Intel vPro processor technology is a combination of Active Management Technology (AMT) and Intel Virtualization Technology (VT), which allows for - Compaq 8000 | vPro Setup and Configuration for the 8000 Elite Business PC with I - Page 3
Setup, such as enabling the system for Serial-Over-LAN (SOL) be a manual or automated procedure with a Setup and Configuration Server. The HP by Intel to be included in the HP system BIOS. The MEBx is not HP-specific and contains options that are not used by HP. If an option is not used by HP - Compaq 8000 | vPro Setup and Configuration for the 8000 Elite Business PC with I - Page 4
paper is for use with HP Compaq 8000 Elite Business PCs. The HP Compaq 8000 Elite Business PC uses the 786G7 BIOS family. For best performance and to take advantage of AMT 5.2 features, use the latest version of BIOS and ME firmware for HP Compaq 8000 Elite Business PC, which is available at www - Compaq 8000 | vPro Setup and Configuration for the 8000 Elite Business PC with I - Page 5
settings are in place. This white paper details HP-recommended settings for options, some of which may be options. 1. Press Ctrl+P during POST to enter Manageability Engine BIOS Extension (MEBx) Setup. You can dis- play this window displays indicating that the system resets after configuration. 5 - Compaq 8000 | vPro Setup and Configuration for the 8000 Elite Business PC with I - Page 6
Enabled, Recommended Setting = Enabled This option enables or disables the ME and is used for diagnostic purposes. If set to Disabled, the ME is still initialized during POST, but is halted soon afterward so that it does not generate any traffic. If there is a problem allows the BIOS to override the - Compaq 8000 | vPro Setup and Configuration for the 8000 Elite Business PC with I - Page 7
BIOS and allows local ME firmware updates until the ME is configured. Never Open Restricted ME Firmware Local Update Local ME firmware updates Enabled management mode: None, Intel AMT, or ASF. By default, HP Compaq 8000 Elite Business PCs are set to Intel AMT, and ASF is an available option. - Compaq 8000 | vPro Setup and Configuration for the 8000 Elite Business PC with I - Page 8
ME Power Control Screen a. Select Intel ME ON in Host Sleep States, and then select Desktop:ON in S0, S3, ME WoL in S3, S4-5, OFF After Power Loss. Default Setting = Desktop: ON in S0, Recommended Setting = Desktop: ON is S0, S3, ME WoL in S3, S4-5, OFF After Power Loss This option - Compaq 8000 | vPro Setup and Configuration for the 8000 Elite Business PC with I - Page 9
the IP address. 15. Select TCP/IP. a. Select Disable Network Interface, and then select N. Default Setting = Network Interface Enabled, Recommended Setting = Network Interface Enabled If the network is disabled, then all remote AMT capabilities are disabled and TCP/IP settings are not necessary. 9 - Compaq 8000 | vPro Setup and Configuration for the 8000 Elite Business PC with I - Page 10
. b. Select DHCP Disable, and then select Y. Default Setting = DHCP Enabled, Recommended Setting = User Dependent You can use DHCP if it is available domain of "Provisionserver" is used when connecting to a Setup and Configuration Server. If the name of the S&CS is not "Provisionserver" and the - Compaq 8000 | vPro Setup and Configuration for the 8000 Elite Business PC with I - Page 11
no longer available once the system is in Small Business mode. This option is only used in support is not necessary for AMT or Virtual Appliances. If enabled, it allows the grouping of systems from different networks into one virtual network. 19. Select SOL/IDE-R. a. Select Y in the message window - Compaq 8000 | vPro Setup and Configuration for the 8000 Elite Business PC with I - Page 12
Firmware Update, and then select Enabled. Default Setting = Enabled, Recommended Setting = Enabled This option enables/disables the ability to remotely the ME will not go to sleep when not being used in a nonactive system. HP recommends a setting of 1, which allows the ME to go to sleep after 1 - Compaq 8000 | vPro Setup and Configuration for the 8000 Elite Business PC with I - Page 13
of new users and passwords • Updating ME firmware WebGUI support is enabled by default for SMB Setup and Configured systems. WebGUI support for Enterprise Setup and Configured systems is determined by the Setup and Configuration Server. Connecting with the Intel AMT WebGUI - SMB Example 1. Power - Compaq 8000 | vPro Setup and Configuration for the 8000 Elite Business PC with I - Page 14
password. The default username is admin and the password is what you set during AMT Setup in the MEBx. Figure 6 Intel AMT WebGUI Screen 5. Review system information and/or make any necessary changes. NOTE: You can change the MEBx password for the remote system in the WebGUI. Changing the password - Compaq 8000 | vPro Setup and Configuration for the 8000 Elite Business PC with I - Page 15
a set of Provisioning ID (PID) and Provisioning Passphrase (PPS). This pair forms a Pre-Shared Key (PSK). PIDs are 8 characters and PPS are 32 and Configuration Server Availability There are several independent software vendors (ISV) that offer Setup and Configuration Servers, including: • HP Out of - Compaq 8000 | vPro Setup and Configuration for the 8000 Elite Business PC with I - Page 16
Enterprise mode Setup and Configuration. The SCS is also known as a Provisioning Server as seen in the MEBx. Enterprise Mode - AMT Setup and Configuration Steps ME Platform Configuration. 5. In Intel ME State Control, select Enabled. 6. In Intel ME Firmware Local Update Qualifier, select Always - Compaq 8000 | vPro Setup and Configuration for the 8000 Elite Business PC with I - Page 17
12. Select Intel AMT Configuration. The Intel AMT Configuration screen includes numerous options, which are available by scrolling down the menu. Figure 7 Intel AMT Configuration Screen Figure 8 Intel AMT Configuration Screen Continued 13. Select Host Name, and then type a host name Default Setting - Compaq 8000 | vPro Setup and Configuration for the 8000 Elite Business PC with I - Page 18
Recommended Setting = User Dependent For the purpose of this white paper, DHCP is enabled. 15. Select Provision Model. a. Change to Small Business, and then select N. Default Setting = Enterprise, Recommended Setting = Enterprise b. Select Return to previous menu. 16. Select Setup and Configuration - Compaq 8000 | vPro Setup and Configuration for the 8000 Elite Business PC with I - Page 19
Mode • DNS • Host Initiated • Hash Data • Hash Algorithm • Serial Number • ISDefault Bit • Time Validity Pass • FQDN • Provisioning IP Select Provisioning Server IP. i. Enter Provisioning Server IP Default Setting = 0.0.0.0, Recommended Setting = Network Dependent ii. Enter Port. Default Setting - Compaq 8000 | vPro Setup and Configuration for the 8000 Elite Business PC with I - Page 20
Enter Port. Default Setting = 0, Recommended Setting = 9971 This option is used in Enterprise mode when an Intel AMT Setup and Configuration (Provisioning) Server is SCS. The Admin Password, PID, and PPS can be pre-populated by HP during manufacturing. Go to the OEM TLS-PSK section for details. ii. - Compaq 8000 | vPro Setup and Configuration for the 8000 Elite Business PC with I - Page 21
Setting = Disabled, Recommended Setting = User Dependent This option enables or disables VLAN support. If VLAN is enabled, then the VLAN tag must be provided (1-4094). 19. Select SOL/IDE-R, and then select Y. a. A message window indicates that the system resets after configuration. b. Select - Compaq 8000 | vPro Setup and Configuration for the 8000 Elite Business PC with I - Page 22
sleep when not being used in a nonactive system. HP recommends a setting of 1 which allows the ME to the Setup and Configuration Server's IP address must be manually entered into the AMT TLS is supported. The Setup and Configuration server uses the PID to lookup PPS in provisioning server database - Compaq 8000 | vPro Setup and Configuration for the 8000 Elite Business PC with I - Page 23
• TLS certificates • Private keys • Current date and time • HTTP Digest credentials • HTTP Negotiate credentials You can set other options depending on S&CS implementation. The system goes from In-Setup phase to Operational phase, and AMT is fully operational. Once in the Operational phase, you can - Compaq 8000 | vPro Setup and Configuration for the 8000 Elite Business PC with I - Page 24
phase, the system can continue to be configured manually or be connected to a network where it will following are required: • Setup and Configuration Server • Network and security infrastructure AMT systems in the first stage, customers purchase systems from HP, which will AMT Setup those systems - Compaq 8000 | vPro Setup and Configuration for the 8000 Elite Business PC with I - Page 25
port Server HP for more information about this valuable service. USB Drive Key Set Up and Configuration You can set up and locally configure password, PID, and PPS information with a USB drive key. This feature allows an IT technician to manually setup and configure systems without the problems - Compaq 8000 | vPro Setup and Configuration for the 8000 Elite Business PC with I - Page 26
7. The system BIOS displays a message that automatic setup and configuration will occur. a. The first is the ability to use a single OEM image to provision systems securely without the need manually modify AMT options. RCFG uses a Public Key Infrastructure with Certificate Hashes (PKI-CH) protocol - Compaq 8000 | vPro Setup and Configuration for the 8000 Elite Business PC with I - Page 27
communicating with the ME through the HECI driver. This requires a functional OS and agent support. Remote Configuration Time-outs in HP Systems The HP Compaq 8000 Elite Business PCs through the MEBx. Once the network interface has been re-enabled it will send out Hello messages for the next 6 hours - Compaq 8000 | vPro Setup and Configuration for the 8000 Elite Business PC with I - Page 28
one pre-programmed active root certificate hash. • The SCS must have a server certificate with the proper OID or OU values. • OID value in the Extended AMT 5.0 has the feature in the MEBx to allow IT administrators to manually activate a hash and to add up to three additional certificate hashes. - Compaq 8000 | vPro Setup and Configuration for the 8000 Elite Business PC with I - Page 29
Figure 11 Intel Remote Configuration Screen 1. Select Remote Configuration Enable/Disable. Default Setting = Enabled, Recommended Setting = Enabled This option enables or disables remote configuration. 2. Skip Manage Certificate Hashes. This option shows the hashes in the system, including the name - Compaq 8000 | vPro Setup and Configuration for the 8000 Elite Business PC with I - Page 30
CA Certificates The following list provides supported Certificate Authorities and certificates. Not all certificates are populated in certain configurations 23 A4 6D 17 D6 8F D9 25 64 C2 F1 F1 60 17 64 D8 E3 49 • Starfield Class 2 CA • SHA1 Fingerprint: AD 7E 1C 28 B0 64 EF 8F 60 03 40 20 14 C3 D0 - Compaq 8000 | vPro Setup and Configuration for the 8000 Elite Business PC with I - Page 31
Return to Default Return to Default is also know as Unprovisioning. An AMT Setup and Configured system can be unprovisioned. It is done through the AMT Configuration Screen and the Un-Provision option. Figure 12 Intel AMT Unprovisioning Screen Depending on how the system was previously provisioned, - Compaq 8000 | vPro Setup and Configuration for the 8000 Elite Business PC with I - Page 32
"admin". This is a behavior change from the HP Compaq dc7800p Business PC, where a CMOS change only clears the AMT three times, the system will reboot. The user can go back into the MEBx after the reboot and attempt to enter the port. Local access does not originate from an outside network. 32 - Compaq 8000 | vPro Setup and Configuration for the 8000 Elite Business PC with I - Page 33
HP Out of Band Manager and ISVs such as Altiris provide Setup and Configuration Servers. Check with your management console supplier to see if they offer this service. Q: Can AMT be set for static address and the OS set for DHCP or vice versa? A: No. Although it can be done, this is not a supported - Compaq 8000 | vPro Setup and Configuration for the 8000 Elite Business PC with I - Page 34
Appendix B: Power / Sleep / Global States Explained A computer can be in one of several power states under the Advanced Configuration and Power Interface (ACPI) specification. These power states are also known as Sleep (Sx) states or Global (Gx) states. • S0 is the ON state. The computer is fully - Compaq 8000 | vPro Setup and Configuration for the 8000 Elite Business PC with I - Page 35
warranty statements accompanying such products and services. Nothing herein should be construed as constituting an additional warranty. HP shall not be liable for technical or editorial errors or omissions contained herein. Microsoft, MS-DOS, Windows, and Windows NT are trademarks of Microsoft
1
vPro Setup and Configuration for the 8000 Elite Business PC
with Intel vPro Processor Technology
Introduction
. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .2
AMT Setup and Configuration
. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .3
AMT System Phases . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .3
SMB Mode - AMT Setup and Configuration with MEBx
. . . . . . . . . . . . . . . . . . . . . . . . . . .3
SMB Mode - AMT Setup and Configuration Steps . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .5
Intel AMT WebGUI . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .13
Connecting with the Intel AMT WebGUI - SMB Example
. . . . . . . . . . . . . . . . . . . . . . . . .13
Setup and Configuration Server
. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .15
Setup and Configuration Server Availability . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .15
Enterprise Mode Setup and Configuration
. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .16
Enterprise Mode - AMT Setup and Configuration Steps
. . . . . . . . . . . . . . . . . . . . . . . . . .16
Provisioning Methods
. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .24
Legacy . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .24
IT TLS-PSK . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .24
OEM TLS-PSK . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .24
USB Drive Key Set Up and Configuration . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .25
USB Drive Key Requirements . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .26
Remote Configuration
. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .26
Remote Configuration: Bare-Metal vs. Delayed . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .27
Remote Configuration Time-outs in HP Systems
. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .27
Remote Configuration Prerequisites
. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .28
MEBx and Hashes . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .28
List of Supported CA Certificates . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .30
Return to Default . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .31
Full Return to Factory Defaults . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .32
Appendix A: Frequently Asked Questions
. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .32
Appendix B: Power / Sleep / Global States Explained
. . . . . . . . . . . . . . . . . . . . . . . . . . . . .34
Appendix C: Wake-On-ME Explained . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .35