HP 8000f vPro Setup and Configuration for the 8000 Elite Business PC with Inte
HP 8000f - Elite Ultra-slim Desktop PC Manual
UPC - 885631750551
View all HP 8000f manuals
Add to My Manuals
Save this manual to your list of manuals |
HP 8000f manual content summary:
- HP 8000f | vPro Setup and Configuration for the 8000 Elite Business PC with Inte - Page 1
and Configuration for the 8000 Elite Business PC with Intel vPro Processor Technology Introduction 2 AMT Setup and Configuration 3 AMT System Phases 3 SMB Mode Time-outs in HP Systems 27 Remote Configuration Prerequisites 28 MEBx and Hashes 28 List of Supported CA Certificates 30 Return - HP 8000f | vPro Setup and Configuration for the 8000 Elite Business PC with Inte - Page 2
PC systems and enhanced security. Intel vPro processor technology no longer supports Virtual Appliances. This is a change from previous generations of HP Compaq dx7 Business PCs on the HP Compaq 8000 Elite Business PC will be inactive. It must be set up and configured in the system before it can - HP 8000f | vPro Setup and Configuration for the 8000 Elite Business PC with Inte - Page 3
AMT Setup, such as enabling the system for Serial-Over-LAN (SOL) or IDE-Redirect up and configuration is a manual process done through the Intel HP by Intel to be included in the HP system BIOS. The MEBx is not HP-specific and contains options that are not used by HP. If an option is not used by HP - HP 8000f | vPro Setup and Configuration for the 8000 Elite Business PC with Inte - Page 4
bit HP Compaq 8000 Elite Business PCs. The HP Compaq 8000 Elite Business PC uses the 786G7 BIOS family. For best performance and to take advantage of AMT 5.2 features, use the latest version of BIOS and ME firmware for HP Compaq 8000 Elite Business PC, which is available at www.hp.com. The system - HP 8000f | vPro Setup and Configuration for the 8000 Elite Business PC with Inte - Page 5
(Factory phase), the default settings are in place. This white paper details HP-recommended settings for options, some of which may be the same as the password twice for verification. Change the password to establish AMT ownership. The system will go from Factory phase to In-Setup phase. The ME and - HP 8000f | vPro Setup and Configuration for the 8000 Elite Business PC with Inte - Page 6
not generate any traffic. If there is a problem that affects the ME, it can be removed from the system to eliminate it from the suspect list until root Open is the default and allows for as many local updates as the system BIOS allows, which is unlimited. Choosing Never Open or Restricted adds the - HP 8000f | vPro Setup and Configuration for the 8000 Elite Business PC with Inte - Page 7
"Restricted" ignores what is set in the system BIOS and allows local ME firmware updates until the ME This option sets the platform management mode: None, Intel AMT, or ASF. By default, HP Compaq 8000 Elite Business PCs are set to Intel AMT, and ASF is an available option. Note that setting the None - HP 8000f | vPro Setup and Configuration for the 8000 Elite Business PC with Inte - Page 8
= Desktop: ON in S0, Recommended Setting = Desktop: ON is S0, S3, ME WoL in S3, S4-5, OFF After Power Loss This option sets the ME power policy when the system is initialize after recovering from a G3 power loss. ME is ON only when the system is in S0. It will be asleep in S3 - S5 unless it is - HP 8000f | vPro Setup and Configuration for the 8000 Elite Business PC with Inte - Page 9
to previous menu to exit the MEBx Setup and save ME configuration. The system will display an Intel ME Configuration Complete message and reboot. After the ME name on the network. You can use host names in place of the system's IP for any applications requiring the IP address. 15. Select TCP/IP. - HP 8000f | vPro Setup and Configuration for the 8000 Elite Business PC with Inte - Page 10
you use DHCP, then steps 15c through 15g are not necessary. Otherwise, the system administrator will have to configure TCP/IP settings. For the purpose of this Setting = Network Dependent Leave as 0.0.0.0 if this option is not needed. h.Select Domain Name, and then type a domain name Default Setting - HP 8000f | vPro Setup and Configuration for the 8000 Elite Business PC with Inte - Page 11
available once the system is in Small Business mode. This support is not necessary for AMT or Virtual Appliances. If enabled, it allows the grouping of systems from different networks into one virtual network. 19. Select SOL/IDE-R. a. Select Y in the message window enables/disables Serial Over - HP 8000f | vPro Setup and Configuration for the 8000 Elite Business PC with Inte - Page 12
is disabled and the ME will not go to sleep when not being used in a nonactive system. HP recommends a setting of 1, which allows the ME to go to sleep after 1 minute of to take advantage of Wake-On-ME. This value is not used when the system is in an active state - S0. This value is used only if the - HP 8000f | vPro Setup and Configuration for the 8000 Elite Business PC with Inte - Page 13
AMT system. a. By default, the port is 16992. b. If DHCP was used, then use the Fully Qualified Domain Name (FQDN) for the ME. The FQDN is the combination of the hostname and domain. Example A: http://192.168.0.1:16992 Example B: http://hpsystem.hp.com:16992 (from steps 14 and 15h) The Management - HP 8000f | vPro Setup and Configuration for the 8000 Elite Business PC with Inte - Page 14
is what you set during AMT Setup in the MEBx. Figure 6 Intel AMT WebGUI Screen 5. Review system information and/or make any necessary changes. NOTE: You can change the MEBx password for the remote system in the WebGUI. Changing the password in the WebGUI or a remote console results in two passwords - HP 8000f | vPro Setup and Configuration for the 8000 Elite Business PC with Inte - Page 15
Enterprise mode setup and configuration. In a PSK Setup and Configuration, both the AMT client system and the SCS must share a set of Provisioning ID (PID) and Provisioning Passphrase (PPS Setup and Configuration Servers, including: • HP Out of Band Manager • Altiris • LANDesk • Microsoft SMS 15 - HP 8000f | vPro Setup and Configuration for the 8000 Elite Business PC with Inte - Page 16
. Repeat Steps 1 through 15 to perform AMT Setup. This will take the system from Factory Mode to In Setup Mode. Refer to "SMB Mode - AMT Setup MEBx" on page 3 for examples of MEBx menus and full text. The following are quick steps for AMT Setup: 1. Access the MEBx by pressing Ctrl-P during POST. 2. - HP 8000f | vPro Setup and Configuration for the 8000 Elite Business PC with Inte - Page 17
12. Select Intel AMT Configuration. The Intel AMT Configuration screen includes numerous options, which are available by scrolling down the menu. Figure 7 Intel AMT Configuration Screen Figure 8 Intel AMT Configuration Screen Continued 13. Select Host Name, and then type a host name Default Setting - HP 8000f | vPro Setup and Configuration for the 8000 Elite Business PC with Inte - Page 18
Setting = User Dependent For the purpose of this white paper, DHCP is enabled. 15. Select Provision Model. a. Change to Small Business, and then select N. Default Setting = Enterprise, Recommended Setting = Enterprise b. Select Return to previous menu. 16. Select Setup and Configuration. Figure - HP 8000f | vPro Setup and Configuration for the 8000 Elite Business PC with Inte - Page 19
system with PKI provisioning will include the following information: • TLS Provisioning Mode • DNS • Host Initiated • Hash Data • Hash Algorithm • Serial Number • ISDefault Bit . The default port for many SCS is at 9971. Some ISVs may require additional settings, such as the SCS port number and SCS - HP 8000f | vPro Setup and Configuration for the 8000 Elite Business PC with Inte - Page 20
. Enter Port. Default SCS. The Admin Password, PID, and PPS can be pre-populated by HP during manufacturing. Go to the OEM TLS-PSK section for details. ii. PID and PPS. This option deletes the current PID and PPS entries in the system. iii. Select Return to previous menu. e. Skip TLS-PKI. This option - HP 8000f | vPro Setup and Configuration for the 8000 Elite Business PC with Inte - Page 21
support. If VLAN is enabled, then the VLAN tag must be provided (1-4094). 19. Select SOL/IDE-R, and then select Y. a. A message window indicates that the system , then only the administrator has MEBx remote access. c. Select Serial Over LAN, and then select Enabled. Default Setting = Enabled, - HP 8000f | vPro Setup and Configuration for the 8000 Elite Business PC with Inte - Page 22
not go to sleep when not being used in a nonactive system. HP recommends a setting of 1 which allows the ME to go Server's IP address must be manually entered into the AMT system's MEBx. The "Hello" message the AMT system using a TLS Pre-Shared-Key (PSK) cipher suite if TLS is supported. The Setup - HP 8000f | vPro Setup and Configuration for the 8000 Elite Business PC with Inte - Page 23
• Private keys • Current date and time • HTTP Digest credentials • HTTP Negotiate credentials You can set other options depending on S&CS implementation. The system goes from In-Setup phase to Operational phase, and AMT is fully operational. Once in the Operational phase, you can remotely manage the - HP 8000f | vPro Setup and Configuration for the 8000 Elite Business PC with Inte - Page 24
phase. Once the system is in In-Setup phase, the system can continue to be configured manually or be connected which the systems will be in Enterprise mode and in the In-Setup phase. An S&CS will need to , customers purchase systems from HP, which will AMT Setup those systems during manufacturing, - HP 8000f | vPro Setup and Configuration for the 8000 Elite Business PC with Inte - Page 25
SC&S port number HP for more information about this valuable service. USB Drive Key Set Up and Configuration You can set up and locally configure password, PID, and PPS information with a USB drive key. This feature allows an IT technician to manually setup and configure systems without the problems - HP 8000f | vPro Setup and Configuration for the 8000 Elite Business PC with Inte - Page 26
current record so it cannot be used again. b. The process places the memory address into the MEBx parameter block. c. The process calls MEBx. 8. MEBx ability to use a single OEM image to provision systems securely without the need manually modify AMT options. RCFG uses a Public Key Infrastructure - HP 8000f | vPro Setup and Configuration for the 8000 Elite Business PC with Inte - Page 27
the ME through the HECI driver. This requires a functional OS and agent to be installed on the AMT system. OTP authentication can be used on operating system agents for Delayed remote configuration support. Remote Configuration Time-outs in HP Systems The HP Compaq 8000 Elite Business PCs are shipped - HP 8000f | vPro Setup and Configuration for the 8000 Elite Business PC with Inte - Page 28
as shown. • In the case of a Delayed Setup and Configuration, an operating system and local agent must be installed on the AMT system. MEBx and Hashes AMT 5.0 has the feature in the MEBx to allow IT administrators to manually activate a hash and to add up to three additional certificate hashes. To - HP 8000f | vPro Setup and Configuration for the 8000 Elite Business PC with Inte - Page 29
enables or disables remote configuration. 2. Skip Manage Certificate Hashes. This option shows the hashes in the system, including the name of the hash and whether it is active. If no hashes are in the system, then an option to add one is available. If hashes are available, then an option to delete - HP 8000f | vPro Setup and Configuration for the 8000 Elite Business PC with Inte - Page 30
CA Certificates The following list provides supported Certificate Authorities and certificates. Not all certificates are populated in certain configurations 23 A4 6D 17 D6 8F D9 25 64 C2 F1 F1 60 17 64 D8 E3 49 • Starfield Class 2 CA • SHA1 Fingerprint: AD 7E 1C 28 B0 64 EF 8F 60 03 40 20 14 C3 D0 - HP 8000f | vPro Setup and Configuration for the 8000 Elite Business PC with Inte - Page 31
hash will be made active. It does not reset ME Configuration settings or passwords. Partial unprovisioning is available for Enterprise mode provisioned systems. Partial unprovisioning will return all AMT Configuration setting to factory defaults with the exception of the PID, PPS, and PKICH. It does - HP 8000f | vPro Setup and Configuration for the 8000 Elite Business PC with Inte - Page 32
from the HP Compaq dc7800p Business PC, where a CMOS change only clears the AMT settings and the password. The system will need to be set access the MEBx on the system it is running from? A: No. WebGUI access has to come from an outside network to a specific IP and port. Local access does not - HP 8000f | vPro Setup and Configuration for the 8000 Elite Business PC with Inte - Page 33
Setup and Configuration Servers? A: HP Out of Band Manager and ISVs service. Q: Can AMT be set for static address and the OS set for DHCP or vice versa? A: No. Although it can be done, this is not a supported setting by Intel and may cause unexpected system behavior. Q: What is the default port - HP 8000f | vPro Setup and Configuration for the 8000 Elite Business PC with Inte - Page 34
of several power states under the Advanced Configuration and Power Interface (ACPI) specification. These power states are also known as Sleep (Sx) states or Global . The system context (memory) is saved to the hard drive as a hibernation file. When the system resumes from S4, the system context is - HP 8000f | vPro Setup and Configuration for the 8000 Elite Business PC with Inte - Page 35
can be put to sleep and awaken if needed when the system is in a sleep state. The ME services. Nothing herein should be construed as constituting an additional warranty. HP shall not be liable for technical or editorial errors or omissions contained herein. Microsoft, MS-DOS, Windows, and Windows
1
vPro Setup and Configuration for the 8000 Elite Business PC
with Intel vPro Processor Technology
Introduction
. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .2
AMT Setup and Configuration
. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .3
AMT System Phases . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .3
SMB Mode - AMT Setup and Configuration with MEBx
. . . . . . . . . . . . . . . . . . . . . . . . . . .3
SMB Mode - AMT Setup and Configuration Steps . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .5
Intel AMT WebGUI . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .13
Connecting with the Intel AMT WebGUI - SMB Example
. . . . . . . . . . . . . . . . . . . . . . . . .13
Setup and Configuration Server
. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .15
Setup and Configuration Server Availability . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .15
Enterprise Mode Setup and Configuration
. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .16
Enterprise Mode - AMT Setup and Configuration Steps
. . . . . . . . . . . . . . . . . . . . . . . . . .16
Provisioning Methods
. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .24
Legacy . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .24
IT TLS-PSK . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .24
OEM TLS-PSK . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .24
USB Drive Key Set Up and Configuration . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .25
USB Drive Key Requirements . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .26
Remote Configuration
. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .26
Remote Configuration: Bare-Metal vs. Delayed . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .27
Remote Configuration Time-outs in HP Systems
. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .27
Remote Configuration Prerequisites
. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .28
MEBx and Hashes . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .28
List of Supported CA Certificates . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .30
Return to Default . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .31
Full Return to Factory Defaults . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .32
Appendix A: Frequently Asked Questions
. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .32
Appendix B: Power / Sleep / Global States Explained
. . . . . . . . . . . . . . . . . . . . . . . . . . . . .34
Appendix C: Wake-On-ME Explained . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .35