Home » HP Manuals » Desktops » HP Dc7700 » Manual Viewer

HP Dc7700 vPro Setup and Configuration for the dc7700 Business PC with Intel v - Page 20

Transport Layer Security TLS connection to the AMT system using a TLS Pre-Shared-Key PSK cipher

UPC - 882780715318

Add to My Manuals
Save this manual to your list of manuals

Page 20 highlights

26. Select Exit, and then select Y to exit the MEBx Setup and save settings. The system displays an Intel ME Configuration Complete message and reboots. 27. Turn off the system and remove power. The system is now in In-Setup Mode and is ready for deployment. 28. Plug the system into a power source and connect the network. Use the integrated Intel 82566DM NIC. Intel AMT does not work with any other NIC solution. When power is reapplied to the system, the system immediately looks for a Setup and Configuration Server. If the system finds this server, the AMT system will send a "Hello" message to the server. DHCP and DNS must be available for the Setup and Configuration Server search to automatically succeed. If DHCP and DNS are not available, then the Setup and Configuration Server's IP address must be manually entered into the AMT system's MEBx. The "Hello" message contains the following information: • PID • UUID (Universally Unique Identifier) • IP address • ROM and firmware version numbers The "Hello" message is transparent to the end-user. There is no feedback mechanism to tell the user the system is broadcasting the message. The Setup and Configuration Server uses the information in the "Hello" message to initiate a Transport Layer Security (TLS) connection to the AMT system using a TLS Pre-Shared-Key (PSK) cipher suite if TLS is supported. The Setup and Configuration server uses the PID to lookup PPS in provisioning server database and uses the PPS and PID to generate TLS Pre-Master Secret. TLS is optional. For secure and encrypted transactions, use TLS if the infrastructure is available. If you do not use TLS, then HTTP Digest will be used for mutual authentication. HTTP Digest is not as secure as TLS. Setup and Configuration Server logs into AMT system with the user name and password and provisions all required data items: • New PPS and PID (for future Setup and Configuration) • TLS certificates • Private keys • Current date and time • HTTP Digest credentials • HTTP Negotiate credentials You can set other options depending on S&CS implementation. The system goes from In-Setup phase to Operational phase, and AMT is fully operational. Once in the Operational phase, you can remotely manage the system and you can provide the system to endusers for regular use. 20

Section	Page
vPro Setup and Configuration for the dc7700 Business PC with Intel vPro Technology	1
Introduction	2
AMT Setup and Configuration	2
AMT System Phases	2
SMB Mode - AMT Setup and Configuration with MEBx	3
Password Guidelines	3
BIOS Prerequisite	4
SMB Mode - AMT Setup and Configuration Steps	4
1. Press Ctrl-P during POST to enter Manageability Engine BIOS Extension (MEBx) Setup. You can dis play this option only during POST if set in F10-Setup.	4
Figure 1 Intel MEBx Password Screen	4
2. Type the default password, which is admin. Passwords are case-sensitive.	5
3. Change the MEBx password. The new password must meet the Strong Password criteria defined in the Password Guidelines Section. Type the password twice for verification.	5
4. Select the Intel ME Platform Configuration. A window displays indicating that the system resets after configuration.	5
5. Select Y. ME platform configuration allows IT personnel to configure ME features such as AMT/ASF selection, power options, firmware update capabilities, and so on.	5
Figure 2 Intel ME Platform Configuration screen	5
6. Select Intel ME State Control, and then select Enabled.	5
7. Select Intel ME Firmware Local Update Qualifier, and then select Always Open.	5
8. Skip LAN Controller.	6
9. Select Intel ME Features Control.	6
Figure 3 Intel ME Features Control Screen with AMT selected	7
10. Select Intel ME Power Control.	7
Figure 4 Intel ME Power Control Screen	7
11. Return to previous menu to exit the MEBx Setup and save AMT configuration. The system will display an Intel ME Configuration Complete message and reboot.	9
12. Press Ctrl-P during POST to enter MEBx Setup again.	9
13. Type the MEBx password.	9
14. Select Intel AMT Configuration.	10
Figure 5 Intel AMT Configuration screen	10
15. Select Host Name, and then type a host name.	10
16. Select TCP/IP.	10
17. Skip Provisioning Server.	11
18. Select Provision Model.	12
19. Skip Un-Provision. This option returns the system to factory defaults. See “Return to Default” on page 23 for more information about unprovisioning.	12
20. Skip VLAN.	12
21. Select SOL/IDE-R.	12
22. Select Remote Firmware Update, and then select Enabled.	12
23. Select Idle Timeout.	13
24. Select Return to previous menu.	13
25. Select Exit, and then select Y to exit the MEBx Setup and save settings.	13
Figure 6 Intel AMT Enabled and Configured - ME configuration complete	13
Intel AMT WebGUI	14
Connecting with the Intel AMT WebGUI - SMB Example	14
1. Power on an AMT system that has completed AMT Setup and Configuration.	14
2. Execute a Web browser from a separate system - a Management computer on the same subnet as the AMT computer.	14
3. Connect to the IP address specified in the MEBx and port of the AMT system.	14
4. Type the user name and password. The default username is admin and the password is what you set during AMT Setup in the MEBx.	15
Figure 7 Intel AMT WebGUI Screen	15
5. Review system information and/or make any necessary changes.	15
6. Select Exit.	15
Enterprise Mode Setup and Configuration	16
Enterprise Mode - AMT Setup and Configuration Steps	16
1. Access the MEBx by pressing Ctrl-P during POST.	16
2. Type the default password, which is admin.	16
3. Change the MEBx password, following strong password guidelines.	16
4. Select Intel ME Platform Configuration.	16
5. In Intel ME State Control, select Enabled.	16
6. In Intel ME Firmware Local Update Qualifier, select Always Open.	16
7. Skip LAN Controller.	16
8. Select Intel ME Features Control.	16
9. Select Intel ME Power Control.	16
10. Select Exit and save. The system displays the Intel ME Configuration Complete message, and then reboots.	16
11. Press Ctrl-P during POST to enter MEBx Setup again.	16
12. Type the MEBx password.	16
13. Select Intel AMT Configuration. The Intel AMT Configuration screen includes numerous options, which are available by scrolling down the menu.	17
Figure 8 Intel AMT Configuration Screen	17
Figure 9 Intel AMT Configuration Screen Continued	17
14. Select Host Name, and then type a host name	17
15. Select TCP/IP.	18
16. Select Provisioning Server.	18
17. Select Provision Model.	18
18. Select Set PID and PPS.	18
19. Skip Un-Provision. This option returns the system to factory defaults. See the Return to Default sec tion for more information about unprovisioning.	18
20. Skip VLAN.	19
21. Select SOL/IDE-R, and then select Y.	19
22. Select Remote Firmware Update, and then select Enabled.	19
23. Skip Set PRTC.	19
24. Select Idle Timeout.	19
25. Select Return to previous menu.	19
26. Select Exit, and then select Y to exit the MEBx Setup and save settings. The system displays an Intel ME Configuration Complete message and reboots.	20
27. Turn off the system and remove power. The system is now in In-Setup Mode and is ready for deploy ment.	20
28. Plug the system into a power source and connect the network. Use the integrated Intel 82566DM NIC. Intel AMT does not work with any other NIC solution.	20
Setup and Configuration Server Preparation	21
Provisioning Methods	21
Legacy	21
IT TLS-PSK	21
OEM TLS-PSK	22
Return to Default	23
Figure 10 Intel AMT Unprovisioning Screen	23
1. Select Un-Provision.	23
2. Select Return to previous menu.	23
3. Select Exit, and then select Y. The system reboots.	23
Full Return to Factory Defaults	24
USB Drive Key Set Up and Configuration	24
1. An IT technician inserts a USB drive key into a system with a management console.	24
2. The technician request local setup and configuration records from an S&CS through the console.	24
3. The S&CS:	24
4. The management console writes the password, PID, and PPS sets to a Setup.bin file in the USB drive key.	24
5. The technician takes the USB drive key to the staging area where new AMT platforms are located. The technician:	24
6. The system BIOS detects the USB drive key.	24
7. The system BIOS displays a message that automatic setup and configuration will occur.	25
8. MEBx processes the record.	25
9. MEBx writes a completion message to display.	25
10. The IT technician powers down the system. The system is now in In-Setup phase and is ready to be dis tributed to users in an Enterprise mode environment.	25
11. Repeat Step 5 if necessary (more than one system).	25
USB Drive Key Requirements	25
Appendix A: Frequently Asked Questions	26
Appendix B: Power / Sleep / Global States Explained	29

Match case Limit results 1 per page

26.

Select

Exit

, and then select

to exit the MEBx Setup and save settings. The system displays an Intel

ME Configuration Complete message and reboots.

27.

Turn off the system and remove power. The system is now in In-Setup Mode and is ready for deploy-

ment.

28.

Plug the system into a power source and connect the network. Use the integrated Intel 82566DM

NIC. Intel AMT does not work with any other NIC solution.

When power is reapplied to the system, the system immediately looks for a Setup and Configuration

Server. If the system finds this server, the AMT system will send a “Hello” message to the server.

DHCP and DNS must be available for the Setup and Configuration Server search to automatically

succeed. If DHCP and DNS are not available, then the Setup and Configuration Server’s IP address

must be manually entered into the AMT system’s MEBx.

The “Hello” message contains the following information:

•

PID

•

UUID (Universally Unique Identifier)

•

IP address

•

ROM and firmware version numbers

The “Hello” message is transparent to the end-user. There is no feedback mechanism to tell the user

the system is broadcasting the message.

The Setup and Configuration Server uses the information in the “Hello” message to initiate a

Transport Layer Security (TLS) connection to the AMT system using a TLS Pre-Shared-Key (PSK) cipher

suite if TLS is supported.

The Setup and Configuration server uses the PID to lookup PPS in provisioning server database and

uses the PPS and PID to generate TLS Pre-Master Secret. TLS is optional. For secure and encrypted

transactions, use TLS if the infrastructure is available. If you do not use TLS, then HTTP Digest will be

used for mutual authentication. HTTP Digest is not as secure as TLS.

Setup and Configuration Server logs into AMT system with the user name and password and

provisions all required data items:

•

New PPS and PID (for future Setup and Configuration)

•

TLS certificates

•

Private keys

•

Current date and time

•

HTTP Digest credentials

•

HTTP Negotiate credentials

You can set other options depending on S&CS implementation.

The system goes from In-Setup phase to Operational phase, and AMT is fully operational. Once in

the Operational phase, you can remotely manage the system and you can provide the system to end-

users for regular use.