Home » HP Manuals » Desktops » HP Dc7800 » Manual Viewer

HP Dc7800 vPro Setup and Configuration for the dc7800p Business PC with Intel

HP Dc7800 - Compaq Business Desktop Manual

UPC - 883585764365

View all HP Dc7800 manuals

Add to My Manuals
Save this manual to your list of manuals

HP Dc7800 manual content summary:

HP Dc7800 | vPro Setup and Configuration for the dc7800p Business PC with Intel - Page 1
vPro Setup and Configuration for the dc7800p Business PC with Intel vPro Processor Technology Introduction 3 AMT Setup and 27 Remote Configuration Time-outs in HP Systems 28 Remote Configuration Prerequisites 28 MEBx and Hashes 28 List of Supported CA Certificates 30 Return to Default
HP Dc7800 | vPro Setup and Configuration for the dc7800p Business PC with Intel - Page 2
that provides many new features when compared to the existing AMT 2.x feature set. HP has updated this white paper to include the new features of AMT 3.0. By default, AMT shipping on the HP Compaq dc7800p Business PC will be inactive. It must be set up and configured in the system before it can
HP Dc7800 | vPro Setup and Configuration for the dc7800p Business PC with Intel - Page 3
such as enabling the system for Serial-Over-LAN (SOL) or IDE- options are set. This can be a manual or automated procedure with a Setup and HP by Intel to be included in the HP system BIOS. The MEBx is not HP-specific and contains options that are not used by HP. If an option is not used by HP
HP Dc7800 | vPro Setup and Configuration for the dc7800p Business PC with Intel - Page 4
. Examples of valid characters include: • Exclamation ! • At @ • Number # • Dollar $ • Percent % • Caret ^ • Asterisk * HP Compaq dc7700p and dc7800p Business PCs. • The HP Compaq dc7700p Business PC uses the 786E1 BIOS family. • The HP Compaq dc7800p Business PC uses the 786F1 BIOS
HP Dc7800 | vPro Setup and Configuration for the dc7800p Business PC with Intel - Page 5
and to take advantage of AMT 2.2 features, make sure HP Compaq dc7700p Business PCs have a BIOS revision of at least version 3.03, an ME firmware of at least version 2.2.1.1034, and a MEBx of at least version 2.1.4.000. Updating an HP Compaq dc7700p system from AMT 2.0 or 2.1 to AMT 2.2 by flashing
HP Dc7800 | vPro Setup and Configuration for the dc7800p Business PC with Intel - Page 6
or disables the ME and is used for diagnostic purposes. If set to Disabled, the ME not generate any traffic. If there is a problem that affects the ME, it can be removed updates as the system BIOS allows, which is unlimited. Choosing Never Open or Restricted adds the Intel ME Firmware Local Update
HP Dc7800 | vPro Setup and Configuration for the dc7800p Business PC with Intel - Page 7
BIOS and allows local ME firmware updates until the ME is configured. Never Open Restricted ME Firmware Local Update Local ME firmware updates Enabled allowed. Local ME firmware updates allowed. ME Firmware Local Update Local ME firmware updates By default, HP Compaq dc7800p Business PCs are
HP Dc7800 | vPro Setup and Configuration for the dc7800p Business PC with Intel - Page 8
ME Power Control Screen a. Select Intel ME ON in Host Sleep States, and then select Desktop:ON in S0, S3, ME WoL in S3, S4-5, OFF After Power Loss. Default Setting = Desktop: ON in S0, Recommended Setting = Desktop: ON is S0, S3, ME WoL in S3, S4-5, OFF After Power Loss This option
HP Dc7800 | vPro Setup and Configuration for the dc7800p Business PC with Intel - Page 9
ME ON in Host Sleep State Option 6 Option 7 ME Behavior ME is ON at all times S0, S3, S4, and S5. ME will not automatically initialize after recovering from a G3 power loss. ME is ON only when the system is in S0. It will be asleep in S3 - S5 unless it is called upon. Timer for ME sleep is set by
HP Dc7800 | vPro Setup and Configuration for the dc7800p Business PC with Intel - Page 10
NOTES: Spaces are not accepted in the host name. Make sure there is not a duplicate host name on the network. You can use host names in place of the system's IP for any applications requiring the IP address. 15. Select TCP/IP. a. Select Disable Network Interface, and then select N. Default Setting =
HP Dc7800 | vPro Setup and Configuration for the dc7800p Business PC with Intel - Page 11
is no longer available once the system is in Small Business mode. This option is only used in Enterprise Mode. VLAN support. If VLAN is enabled, then you must provide the VLAN tag (label) (1-4094). VLAN support is MEBx remote access. c. Select Serial Over LAN, and then select Enabled. Default
HP Dc7800 | vPro Setup and Configuration for the dc7800p Business PC with Intel - Page 12
, Recommended Setting = Enabled This option enables/disables the ability to remotely update the ME firmware. 21. Skip Set PRTC. Default Setting = None the ME will not go to sleep when not being used in a nonactive system. HP recommends a setting of 1, which allows the ME to go to sleep after 1 minute
HP Dc7800 | vPro Setup and Configuration for the dc7800p Business PC with Intel - Page 13
• Remote system reset • Changing of network settings • Addition of new users and passwords • Updating ME firmware WebGUI support is enabled by default for SMB Setup and Configured systems. WebGUI support for Enterprise Setup and Configured systems is determined by the Setup and Configuration Server
HP Dc7800 | vPro Setup and Configuration for the dc7800p Business PC with Intel - Page 14
password. The default username is admin and the password is what you set during AMT Setup in the MEBx. Figure 6 Intel AMT WebGUI Screen 5. Review system information and/or make any necessary changes. NOTE: You can change the MEBx password for the remote system in the WebGUI. Changing the password
HP Dc7800 | vPro Setup and Configuration for the dc7800p Business PC with Intel - Page 15
encrypted with Transport Layer Security (TLS). Setup and Configuration Server Availability There are several independent software vendors (ISV) that offer Setup and Configuration Servers, including: • HP Out of Band Manager • Altiris • LANDesk • Microsoft SMS 15
HP Dc7800 | vPro Setup and Configuration for the dc7800p Business PC with Intel - Page 16
password guidelines. 4. Select Intel ME Platform Configuration. 5. In Intel ME State Control, select Enabled. 6. In Intel ME Firmware Local Update Qualifier, select Always Open. 7. Select Intel ME Features Control. a. Select Check Manageability Features. b. Select Intel AMT. 8. Select Intel ME
HP Dc7800 | vPro Setup and Configuration for the dc7800p Business PC with Intel - Page 17
12. Select Intel AMT Configuration. The Intel AMT Configuration screen includes numerous options, which are available by scrolling down the menu. Figure 7 Intel AMT Configuration Screen Figure 8 Intel AMT Configuration Screen Continued 13. Select Host Name, and then type a host name Default Setting
HP Dc7800 | vPro Setup and Configuration for the dc7800p Business PC with Intel - Page 18
Intel AMT 1.0 Mode, and then select N. Default Setting = Intel AMT 3.0 Mode, Recommended Setting = Intel AMT 3.0 Mode b. Change to Small Business, and then select N. Default Setting = Enterprise, Recommended Setting = Enterprise c. Select Return to previous menu. 16. Select Setup and Configuration
HP Dc7800 | vPro Setup and Configuration for the dc7800p Business PC with Intel - Page 19
Provisioning Mode • DNS • Host Initiated • Hash Data • Hash Algorithm • Serial Number • ISDefault Bit • Time Validity Pass • FQDN • Provisioning IP • on DNS. The default port for many SCS is at 9971. Some ISVs may require additional settings, such as the SCS port number and SCS IP address. Contact
HP Dc7800 | vPro Setup and Configuration for the dc7800p Business PC with Intel - Page 20
be generated by an SCS. The Admin Password, PID, and PPS can be pre-populated by HP during manufacturing. Go to the OEM TLS-PSK section for details. ii. Skip Delete PID = User Dependent This option enables or disables VLAN support. If VLAN is enabled, then the VLAN tag must be provided (1-4094). 20
HP Dc7800 | vPro Setup and Configuration for the dc7800p Business PC with Intel - Page 21
Enabled This option allows you to add users and passwords from the WebGUI MEBx remote access. c. Select Serial Over LAN, and then select 20. Select Remote Firmware Update, and then select Enabled. sleep when not being used in a nonactive system. HP recommends a setting of 1 which allows the ME to
HP Dc7800 | vPro Setup and Configuration for the dc7800p Business PC with Intel - Page 22
and Configuration Server's IP address must be manually entered into the AMT system's MEBx. The • IP address • ROM and firmware version numbers The "Hello" message is transparent to the end Pre-Shared-Key (PSK) cipher suite if TLS is supported. The Setup and Configuration server uses the PID to
HP Dc7800 | vPro Setup and Configuration for the dc7800p Business PC with Intel - Page 23
the system is in In-Setup phase, the system can continue to be configured manually or be connected to a network where it will connect with an S&CS and during OEM manufacturing and the second stage at the customer location. In the first stage, customers purchase systems from HP, which will AMT Setup
HP Dc7800 | vPro Setup and Configuration for the dc7800p Business PC with Intel - Page 24
HP for more information about this valuable service. USB Drive Key Set Up and Configuration You can set up and locally configure password, PID, and PPS information with a USB drive key. This feature allows an IT technician to manually setup and configure systems without the problems associated
HP Dc7800 | vPro Setup and Configuration for the dc7800p Business PC with Intel - Page 25
need manually modify AMT options. RCFG uses a Public Key Infrastructure with Certificate Hashes (PKI-CH) protocol to maintain security. A DHCP environment is required. RCFG is available starting with AMT 2.2 for the dc7700p HP Compaq Business PC and with AMT 3.0 for the dc7800p HP Compaq Business PC
HP Dc7800 | vPro Setup and Configuration for the dc7800p Business PC with Intel - Page 26
dc7800p HP Compaq Business PC. It is not available for AMT 2.2 on the dc7700p HP Compaq Business with the ME through the HECI driver. This requires a functional OS support. Delayed RCFG is available for both AMT 3.0 on the dc7800 HP Compaq Business PC and AMT 2.2 on the dc7700p HP Compaq Business PC
HP Dc7800 | vPro Setup and Configuration for the dc7800p Business PC with Intel - Page 27
Hashes AMT 3.0 has the feature in the MEBx to allow IT administrators to manually activate a hash and to add up to three additional certificate hashes. This feature is not available in AMT 2.x on dc7700p HP Compaq Business PC products. To enter the Remote Configuration screen in the MEBx: 1. Press
HP Dc7800 | vPro Setup and Configuration for the dc7800p Business PC with Intel - Page 28
no hashes are in the system, then an option to add one is available. If hashes are available, then an option to delete one or more is available. To add a hash: a. Press Insert. b. Type a name for the hash. c. Type the
HP Dc7800 | vPro Setup and Configuration for the dc7800p Business PC with Intel - Page 29
CA Certificates The following list provides supported Certificate Authorities and certificates. Not all certificates are populated in certain 26 1B A0 D7 77 70 02 8F 20 EE E4 • Comodo AAA CA (*not supported on the dc7800) • End Date: 12/31/2028 • SHA1 Fingerprint: D1 EB 23 A4 6D 17 D6
HP Dc7800 | vPro Setup and Configuration for the dc7800p Business PC with Intel - Page 30
Return to Default Return to Default is also know as Unprovisioning. An AMT Setup and Configured system can be unprovisioned. It is done through the AMT Configuration Screen and the Un-Provision option. Figure 12 Intel AMT Unprovisioning Screen Depending on how the system was previously provisioned,
HP Dc7800 | vPro Setup and Configuration for the dc7800p Business PC with Intel - Page 31
in the ME such as the ME Power Settings will not be reset. Those settings must be manually reset to the default for the system to be in a true factory default state. The system has to come from an outside network to a specific IP and port. Local access does not originate from an outside network. 31
HP Dc7800 | vPro Setup and Configuration for the dc7800p Business PC with Intel - Page 32
provides Setup and Configuration Servers? A: HP Out of Band Manager and ISVs supplier to see if they offer this service. Q: Can AMT be set for supported setting by Intel and may cause unexpected system behavior. Q: What is the default port used by the Intel WebGUI? A: The Intel WebGUI listens to port
HP Dc7800 | vPro Setup and Configuration for the dc7800p Business PC with Intel - Page 33
of several power states under the Advanced Configuration and Power Interface (ACPI) specification. These power states are also known as Sleep (Sx) states or • S3 is the Standby (Microsoft terminology) or Suspend-to-RAM state. The memory subsystem and Vaux power rail remains powered, while the rest of
HP Dc7800 | vPro Setup and Configuration for the dc7800p Business PC with Intel - Page 34
to change without notice. The only warranties for HP products and services are set forth in the express warranty statements accompanying such products and services. Nothing herein should be construed as constituting an additional warranty. HP shall not be liable for technical or editorial errors

Section	Page
vPro Setup and Configuration for the dc7800p Business PC with Intel vPro Processor Technology	1
Introduction	2
AMT Setup and Configuration	3
AMT System Phases	3
SMB Mode - AMT Setup and Configuration with MEBx	3
Password Guidelines	3
BIOS Prerequisite	4
SMB Mode - AMT Setup and Configuration Steps	5
1. Press Ctrl+P during POST to enter Manageability Engine BIOS Extension (MEBx) Setup. You can dis play this option only during POST if set in F10-Setup.	5
Figure 1 Intel MEBx Password Screen	5
2. Type the default password, which is admin. Passwords are case-sensitive.	5
3. Change the MEBx password. The new password must meet the Strong Password criteria defined in the Password Guidelines Section. Type the password twice for verification.	5
4. Select the Intel ME Platform Configuration. A window displays indicating that the system resets after configuration.	6
5. Select Y. ME platform configuration allows IT personnel to configure ME features such as AMT/ASF selection, power options, firmware update capabilities, and so on.	6
Figure 2 Intel ME Platform Configuration screen	6
6. Select Intel ME State Control, and then select Enabled.	6
7. Select Intel ME Firmware Local Update Qualifier.	6
8. Select Intel ME Features Control.	7
Figure 3 Intel ME Features Control Screen with AMT selected	7
9. Select Intel ME Power Control.	8
Figure 4 Intel ME Power Control Screen	8
10. Return to previous menu to exit the MEBx Setup and save ME configuration. The system will display an Intel ME Configuration Complete message and reboot. After the ME Configuration is complete, you can configure the AMT on the next boot.	9
11. Press Ctrl-P during POST to enter MEBx Setup again.	9
12. Type the MEBx password.	9
13. Select Intel AMT Configuration.	9
Figure 5 Intel AMT Configuration screen	9
14. Select Host Name, and then type a host name.	9
15. Select TCP/IP.	10
16. Select Provision Model.	11
17. Skip Un-Provision. This option returns the system to factory defaults.	11
18. Skip VLAN.	11
19. Select SOL/IDE-R.	11
20. Select Secure Firmware Update, and then select Enabled.	12
21. Skip Set PRTC.	12
22. Select Idle Timeout.	12
23. Select Return to previous menu.	12
24. Select Exit, and then select Y to exit the MEBx Setup and save settings.	12
Intel AMT WebGUI	12
Connecting with the Intel AMT WebGUI - SMB Example	13
1. Power on an AMT system that has completed AMT Setup and Configuration.	13
2. Execute a Web browser from a separate system - a Management computer on the same subnet as the AMT computer.	13
3. Connect to the IP address specified in the MEBx and port of the AMT system.	13
4. Type the user name and password. The default username is admin and the password is what you set during AMT Setup in the MEBx.	14
Figure 6 Intel AMT WebGUI Screen	14
5. Review system information and/or make any necessary changes.	14
6. Select Exit.	14
Setup and Configuration Server	15
1. The AMT system sends out a “hello” message that includes the PSK over the network.	15
2. The SCS receives the “hello” message and verifies the PSK.	15
3. If the verification passes, then the SCS begins setup and configuration.	15
4. Once setup and configuration completes, the original PSK is deleted from the AMT client system, and a new PSK is given.	15
Setup and Configuration Server Availability	15
Enterprise Mode Setup and Configuration	16
Enterprise Mode - AMT Setup and Configuration Steps	16
1. Access the MEBx by pressing Ctrl-P during POST.	16
2. Type the default password, which is admin.	16
3. Change the MEBx password, following strong password guidelines.	16
4. Select Intel ME Platform Configuration.	16
5. In Intel ME State Control, select Enabled.	16
6. In Intel ME Firmware Local Update Qualifier, select Always Open.	16
7. Select Intel ME Features Control.	16
8. Select Intel ME Power Control.	16
9. Select Exit and save. The system displays the Intel ME Configuration Complete message, and then reboots.	16
10. Press Ctrl+P during POST to enter MEBx Setup again.	16
11. Type the MEBx password.	16
12. Select Intel AMT Configuration. The Intel AMT Configuration screen includes numerous options, which are available by scrolling down the menu.	17
Figure 7 Intel AMT Configuration Screen	17
Figure 8 Intel AMT Configuration Screen Continued	17
13. Select Host Name, and then type a host name	17
14. Select TCP/IP.	18
15. Select Provision Model.	18
16. Select Setup and Configuration.	18
Figure 9 Intel Setup and Configuration Screen	18
Figure 10 Intel TLS PSK Configuration Screen	20
17. Skip Un-Provision. This option returns the system to factory defaults. See the Return to Default sec tion for more information about unprovisioning.	20
18. Skip VLAN.	20
19. Select SOL/IDE-R, and then select Y.	21
20. Select Remote Firmware Update, and then select Enabled.	21
21. Skip Set PRTC.	21
22. Select Idle Timeout.	21
23. Select Return to previous menu.	21
24. Select Exit, and then select Y to exit the MEBx Setup and save settings. The system displays an Intel ME Configuration Complete message (only once) and reboots.	21
25. Turn off the system and remove power. The system is now in In-Setup Mode and is ready for deploy ment.	21
26. Plug the system into a power source and connect the network. Use the integrated Intel 82566DM NIC. Intel AMT does not work with any other NIC solution.	22
Provisioning Methods	23
Legacy	23
IT TLS-PSK	23
OEM TLS-PSK	23
USB Drive Key Set Up and Configuration	24
1. An IT technician inserts a USB drive key into a system with a management console.	24
2. The technician request local setup and configuration records from an S&CS through the console.	24
3. The S&CS:	24
4. The management console writes the password, PID, and PPS sets to a Setup.bin file in the USB drive key.	24
5. The technician takes the USB drive key to the staging area where new AMT platforms are located. The technician:	24
6. The system BIOS detects the USB drive key.	24
7. The system BIOS displays a message that automatic setup and configuration will occur.	25
8. MEBx processes the record.	25
9. MEBx writes a completion message to display.	25
10. The IT technician powers down the system. The system is now in In-Setup phase and is ready to be dis tributed to users in an Enterprise mode environment.	25
11. Repeat Step 5 if necessary (more than one system).	25
USB Drive Key Requirements	25
Remote Configuration	25
Remote Configuration: Bare-Metal vs. Delayed	26
Remote Configuration Time-outs in HP Systems	27
Remote Configuration Prerequisites	27
MEBx and Hashes	27
1. Press Ctrl+P for the MEBx, and then type the MEBx password.	27
2. Select Intel AMT Configuration.	27
3. Select Setup and Configuration.	27
4. Select TLS PKI.	28
Figure 11 Intel Remote Configuration Screen	28
1. Select Remote Configuration Enable/Disable.	28
2. Skip Manage Certificate Hashes.	28
3. Set FQDN. This option allows the Fully Qualified Domain Name (FQDN) of the SCS to be entered.	28
4. Set PKI DNS Suffix. This option allows you to enter the PKI DNS Suffix of the SCS.	28
5. Select Return to the Previous Menu.	28
List of Supported CA Certificates	29
Return to Default	30
Figure 12 Intel AMT Unprovisioning Screen	30
1. Select Un-Provision, and then select the appropriate unprovision mode.	30
2. Select Return to previous menu.	30
3. Select Exit, and then select Y.	30
Full Return to Factory Defaults	31
Appendix A: Frequently Asked Questions	31
Appendix B: Power / Sleep / Global States Explained	33

Match case Limit results 1 per page

vPro Setup and Configuration for the dc7800p Business PC

with Intel vPro Processor Technology

Introduction

. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .3

AMT Setup and Configuration

. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .4

AMT System Phases . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .4

SMB Mode - AMT Setup and Configuration with MEBx

. . . . . . . . . . . . . . . . . . . . . . . . . . .4

SMB Mode - AMT Setup and Configuration Steps . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .6

Intel AMT WebGUI . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .13

Connecting with the Intel AMT WebGUI - SMB Example

. . . . . . . . . . . . . . . . . . . . . . . . .14

Setup and Configuration Server

. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .16

Setup and Configuration Server Availability . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .16

Enterprise Mode Setup and Configuration

. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .17

Enterprise Mode - AMT Setup and Configuration Steps

. . . . . . . . . . . . . . . . . . . . . . . . . .17

Provisioning Methods

. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .24

Legacy . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .24

IT TLS-PSK . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .24

OEM TLS-PSK . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .24

USB Drive Key Set Up and Configuration . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .25

USB Drive Key Requirements . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .26

Remote Configuration

. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .26

Remote Configuration: Bare-Metal vs. Delayed . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .27

Remote Configuration Time-outs in HP Systems

. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .28

Remote Configuration Prerequisites

. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .28

MEBx and Hashes . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .28

List of Supported CA Certificates . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .30

Return to Default . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .31

Full Return to Factory Defaults . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .32

Appendix A: Frequently Asked Questions

. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .32

Appendix B: Power / Sleep / Global States Explained

. . . . . . . . . . . . . . . . . . . . . . . . . . . . .34

Appendix C: Wake-On-ME Explained . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .35