HP Dc7900 vPro Setup and Configuration for the dc7900p Business PC with Intel
HP Dc7900 - Compaq Business Desktop Manual
UPC - 884962028483
View all HP Dc7900 manuals
Add to My Manuals
Save this manual to your list of manuals |
HP Dc7900 manual content summary:
- HP Dc7900 | vPro Setup and Configuration for the dc7900p Business PC with Intel - Page 1
vPro Setup and Configuration for the dc7900 Business PC with Intel vPro Processor Technology Introduction 2 AMT Setup and 27 Remote Configuration Time-outs in HP Systems 27 Remote Configuration Prerequisites 28 MEBx and Hashes 28 List of Supported CA Certificates 30 Return to Default 31 - HP Dc7900 | vPro Setup and Configuration for the dc7900p Business PC with Intel - Page 2
supports Virtual Appliances. This is a change from previous generations of HP Compaq of AMT 5.0. By default, AMT shipping on the HP Compaq dc7900 Business PC will be inactive. It must be set configuration: • Small Business (SMB) mode • Enterprise mode This white paper details Small Business mode - HP Dc7900 | vPro Setup and Configuration for the dc7900p Business PC with Intel - Page 3
, such as enabling the system for Serial-Over-LAN (SOL) or IDE-Redirect are set. This can be a manual or automated procedure with a Setup and HP by Intel to be included in the HP system BIOS. The MEBx is not HP-specific and contains options that are not used by HP. If an option is not used by HP - HP Dc7900 | vPro Setup and Configuration for the dc7900p Business PC with Intel - Page 4
characters include: • Exclamation ! • At @ • Number # • Dollar $ • Percent % • Caret ^ HP Compaq dc7900 Business PCs. The HP Compaq dc7900 Business PC uses the 786G1 BIOS family. For best performance and to take advantage of AMT 5.0 features, make sure HP Compaq dc7900 PCs have a BIOS - HP Dc7900 | vPro Setup and Configuration for the dc7900p Business PC with Intel - Page 5
phase), the default settings are in place. This white paper details HP-recommended settings for options, some of which may be the same as double-check important options. 1. Press Ctrl+P during POST to enter Manageability Engine BIOS Extension (MEBx) Setup. You can dis- play this option only during - HP Dc7900 | vPro Setup and Configuration for the dc7900p Business PC with Intel - Page 6
soon afterward so that it does not generate any traffic. If there is a problem that affects the ME, it can be removed from the system to eliminate it is the default and allows for as many local updates as the system BIOS allows, which is unlimited. Choosing Never Open or Restricted adds the Intel - HP Dc7900 | vPro Setup and Configuration for the dc7900p Business PC with Intel - Page 7
"Restricted" ignores what is set in the system BIOS and allows local ME firmware updates until the ME AMT This option sets the platform management mode: None, Intel AMT, or ASF. By default, HP Compaq dc7900 Business PCs are set to Intel AMT, and ASF is an available option. Note that setting the - HP Dc7900 | vPro Setup and Configuration for the dc7900p Business PC with Intel - Page 8
ME Power Control Screen a. Select Intel ME ON in Host Sleep States, and then select Desktop:ON in S0, S3, ME WoL in S3, S4-5, OFF After Power Loss. Default Setting = Desktop: ON in S0, Recommended Setting = Desktop: ON is S0, S3, ME WoL in S3, S4-5, OFF After Power Loss This option - HP Dc7900 | vPro Setup and Configuration for the dc7900p Business PC with Intel - Page 9
See "Appendix B: Power / Sleep / Global States Explained" on page 34 for an explanation of sleep/ power states. See "Appendix C: Wake-On-ME Explained" on page 35 for an explanation of Wake-On-ME/ ME WoL. b. Select Return to the previous menu. 10. Return to previous menu to exit the MEBx Setup and - HP Dc7900 | vPro Setup and Configuration for the dc7900p Business PC with Intel - Page 10
This option is a toggle, and the next time you access it you are prompted with the opposite setting. b. Select DHCP Disable, and then select Y. Default Setting = DHCP Enabled, Recommended Setting = User Dependent You can use DHCP if it is available. If you use DHCP, then steps 15c through 15g are - HP Dc7900 | vPro Setup and Configuration for the dc7900p Business PC with Intel - Page 11
option is no longer available once the system is in Small Business mode. This option is only used in Enterprise VLAN support. If VLAN is enabled, then you must provide the VLAN tag (label) (1-4094). VLAN support is = Enabled This option enables/disables Serial Over LAN (SOL) functionality. d. - HP Dc7900 | vPro Setup and Configuration for the dc7900p Business PC with Intel - Page 12
. A value of 0 means the Wake-On-ME feature is disabled and the ME will not go to sleep when not being used in a nonactive system. HP recommends a setting of 1, which allows the ME to go to sleep after 1 minute of inactivity. The timeout value can only be set in both decimal - HP Dc7900 | vPro Setup and Configuration for the dc7900p Business PC with Intel - Page 13
support is enabled by default for SMB Setup and Configured systems. WebGUI support port is 16992. b. If DHCP was used, then use the Fully Qualified Domain Name (FQDN) for the ME. The FQDN is the combination of the hostname and domain. Example A: http://192.168.0.1:16992 Example B: http://hpsystem.hp - HP Dc7900 | vPro Setup and Configuration for the dc7900p Business PC with Intel - Page 14
password. The default username is admin and the password is what you set during AMT Setup in the MEBx. Figure 6 Intel AMT WebGUI Screen 5. Review system information and/or make any necessary changes. NOTE: You can change the MEBx password for the remote system in the WebGUI. Changing the password - HP Dc7900 | vPro Setup and Configuration for the dc7900p Business PC with Intel - Page 15
SCS must share a set of Provisioning ID (PID) and Provisioning Passphrase (PPS). This pair forms a Pre-Shared Key (PSK). PIDs are 8 characters and PPS are 32 characters. There are that offer Setup and Configuration Servers, including: • HP Out of Band Manager • Altiris • LANDesk • Microsoft SMS 15 - HP Dc7900 | vPro Setup and Configuration for the dc7900p Business PC with Intel - Page 16
Enterprise Mode Setup and Configuration Enterprise mode is for large corporate customers. An SCS is required for Enterprise mode Setup and Configuration. The SCS is also known as a Provisioning Server as seen in the MEBx. Enterprise Mode - AMT Setup and Configuration Steps The AMT Setup portion for - HP Dc7900 | vPro Setup and Configuration for the dc7900p Business PC with Intel - Page 17
12. Select Intel AMT Configuration. The Intel AMT Configuration screen includes numerous options, which are available by scrolling down the menu. Figure 7 Intel AMT Configuration Screen Figure 8 Intel AMT Configuration Screen Continued 13. Select Host Name, and then type a host name Default Setting - HP Dc7900 | vPro Setup and Configuration for the dc7900p Business PC with Intel - Page 18
. a. Change to Intel AMT 1.0 Mode, and then select N. Default Setting = Intel AMT 3.0 Mode, Recommended Setting = Intel AMT 3.0 Mode b. Change to Small Business, and then select N. Default Setting = Enterprise, Recommended Setting = Enterprise c. Select Return to previous menu. 16. Select Setup and - HP Dc7900 | vPro Setup and Configuration for the dc7900p Business PC with Intel - Page 19
Provisioning Mode • DNS • Host Initiated • Hash Data • Hash Algorithm • Serial Number • ISDefault Bit • Time Validity Pass • FQDN • Provisioning IP • Date Default Setting = 0.0.0.0, Recommended Setting = Network Dependent ii. Enter Port. Default Setting = 0, Recommended Setting = 9971 This option is - HP Dc7900 | vPro Setup and Configuration for the dc7900p Business PC with Intel - Page 20
Default Setting = None, Recommended Setting = Network Dependent ii. Enter Port. Default Setting = 0, Recommended Setting = 9971 This option is used by an SCS. The Admin Password, PID, and PPS can be pre-populated by HP during manufacturing. Go to the OEM TLS-PSK section for details. ii. Skip Delete - HP Dc7900 | vPro Setup and Configuration for the dc7900p Business PC with Intel - Page 21
Disabled, Recommended Setting = User Dependent This option enables or disables VLAN support. If VLAN is enabled, then the VLAN tag must be provided (1-4094 disabled, then only the administrator has MEBx remote access. c. Select Serial Over LAN, and then select Enabled. Default Setting = Enabled, - HP Dc7900 | vPro Setup and Configuration for the dc7900p Business PC with Intel - Page 22
in a nonactive system. HP recommends a setting of 1 manually entered into the AMT system's MEBx. The "Hello" message contains the following information: • PID • UUID (Universally Unique Identifier) • IP address • ROM and firmware version numbers suite if TLS is supported. The Setup and Configuration - HP Dc7900 | vPro Setup and Configuration for the dc7900p Business PC with Intel - Page 23
• New PPS and PID (for future Setup and Configuration) • TLS certificates • Private keys • Current date and time • HTTP Digest credentials • HTTP Negotiate credentials You can set other options depending on S&CS implementation. The system goes from In-Setup phase to Operational phase, and AMT is - HP Dc7900 | vPro Setup and Configuration for the dc7900p Business PC with Intel - Page 24
system is in In-Setup phase, the system can continue to be configured manually or be connected to a network where it will connect with an S&CS the customer location. In the first stage, customers purchase systems from HP, which will AMT Setup those systems during manufacturing, bringing them to - HP Dc7900 | vPro Setup and Configuration for the dc7900p Business PC with Intel - Page 25
port number and HP for more information about this valuable service. USB Drive Key Set Up and Configuration You can set up and locally configure password, PID, and PPS information with a USB drive key. This feature allows an IT technician to manually setup and configure systems without the problems - HP Dc7900 | vPro Setup and Configuration for the dc7900p Business PC with Intel - Page 26
system BIOS displays a message that automatic setup and configuration will occur. a. The first available record in the Setup.bin is read into memory. The a single OEM image to provision systems securely without the need manually modify AMT options. RCFG uses a Public Key Infrastructure with - HP Dc7900 | vPro Setup and Configuration for the dc7900p Business PC with Intel - Page 27
application initiates the process by communicating with the ME through the HECI driver. This requires a functional OS and agent to be installed on system agents for Delayed remote configuration support. Remote Configuration Time-outs in HP Systems The HP Compaq dc7900 Business PCs are shipped out of - HP Dc7900 | vPro Setup and Configuration for the dc7900p Business PC with Intel - Page 28
and local agent must be installed on the AMT system. MEBx and Hashes AMT 5.0 has the feature in the MEBx to allow IT administrators to manually activate a hash and to add up to three additional certificate hashes. To enter the Remote Configuration screen in the MEBx: 1. Press Ctrl+P for the MEBx - HP Dc7900 | vPro Setup and Configuration for the dc7900p Business PC with Intel - Page 29
Figure 11 Intel Remote Configuration Screen 1. Select Remote Configuration Enable/Disable. Default Setting = Enabled, Recommended Setting = Enabled This option enables or disables remote configuration. 2. Skip Manage Certificate Hashes. This option shows the hashes in the system, including the name - HP Dc7900 | vPro Setup and Configuration for the dc7900p Business PC with Intel - Page 30
CA Certificates The following list provides supported Certificate Authorities and certificates. Not all certificates are populated in certain configurations. • VeriSign Class 3 Primary CA-G1 • End Date: 8/1/2028 • SHA1 Fingerprint: 74 2C 31 - HP Dc7900 | vPro Setup and Configuration for the dc7900p Business PC with Intel - Page 31
Return to Default Return to Default is also know as Unprovisioning. An AMT Setup and Configured system can be unprovisioned. It is done through the AMT Configuration Screen and the Un-Provision option. Figure 12 Intel AMT Unprovisioning Screen Depending on how the system was previously provisioned, - HP Dc7900 | vPro Setup and Configuration for the dc7900p Business PC with Intel - Page 32
includes resetting the password to the default "admin". This is a behavior change from the HP Compaq dc7800p Business PC, where a CMOS change only clears the AMT settings and the password. from an outside network to a specific IP and port. Local access does not originate from an outside network. 32 - HP Dc7900 | vPro Setup and Configuration for the dc7900p Business PC with Intel - Page 33
provides Setup and Configuration Servers? A: HP Out of Band Manager and ISVs supplier to see if they offer this service. Q: Can AMT be set for supported setting by Intel and may cause unexpected system behavior. Q: What is the default port used by the Intel WebGUI? A: The Intel WebGUI listens to port - HP Dc7900 | vPro Setup and Configuration for the dc7900p Business PC with Intel - Page 34
of several power states under the Advanced Configuration and Power Interface (ACPI) specification. These power states are also known as Sleep (Sx) states or • S3 is the Standby (Microsoft terminology) or Suspend-to-RAM state. The memory subsystem and Vaux power rail remains powered, while the rest of - HP Dc7900 | vPro Setup and Configuration for the dc7900p Business PC with Intel - Page 35
to change without notice. The only warranties for HP products and services are set forth in the express warranty statements accompanying such products and services. Nothing herein should be construed as constituting an additional warranty. HP shall not be liable for technical or editorial errors
1
vPro Setup and Configuration for the dc7900 Business PC
with Intel vPro Processor Technology
Introduction
. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .2
AMT Setup and Configuration
. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .3
AMT System Phases . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .3
SMB Mode - AMT Setup and Configuration with MEBx
. . . . . . . . . . . . . . . . . . . . . . . . . . .3
SMB Mode - AMT Setup and Configuration Steps . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .5
Intel AMT WebGUI . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .13
Connecting with the Intel AMT WebGUI - SMB Example
. . . . . . . . . . . . . . . . . . . . . . . . .13
Setup and Configuration Server
. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .15
Setup and Configuration Server Availability . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .15
Enterprise Mode Setup and Configuration
. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .16
Enterprise Mode - AMT Setup and Configuration Steps
. . . . . . . . . . . . . . . . . . . . . . . . . .16
Provisioning Methods
. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .24
Legacy . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .24
IT TLS-PSK . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .24
OEM TLS-PSK . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .24
USB Drive Key Set Up and Configuration . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .25
USB Drive Key Requirements . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .26
Remote Configuration
. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .26
Remote Configuration: Bare-Metal vs. Delayed . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .27
Remote Configuration Time-outs in HP Systems
. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .27
Remote Configuration Prerequisites
. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .28
MEBx and Hashes . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .28
List of Supported CA Certificates . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .30
Return to Default . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .31
Full Return to Factory Defaults . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .32
Appendix A: Frequently Asked Questions
. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .32
Appendix B: Power / Sleep / Global States Explained
. . . . . . . . . . . . . . . . . . . . . . . . . . . . .34
Appendix C: Wake-On-ME Explained . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .35