HP Z200 HP Z200 Workstation - AMT Setup and Configuration for the Z200 Worksta
HP Z200 - Small Form Factor Workstation Manual
 |
View all HP Z200 manuals
Add to My Manuals
Save this manual to your list of manuals |
HP Z200 manual content summary:
- HP Z200 | HP Z200 Workstation - AMT Setup and Configuration for the Z200 Worksta - Page 1
AMT Setup and Configuration for the Z200 Workstation with Intel AMT Technology March 2010 Table of Contents: Introduction ...2 AMT Setup and Configuration 2 AMT System Phases 3 Manual Mode - AMT Setup and Configuration with MEBx 3 BIOS Prerequisite 5 Manual Mode (SMB Mode) - AMT Setup and - HP Z200 | HP Z200 Workstation - AMT Setup and Configuration for the Z200 Worksta - Page 2
system is connected to a power source and a network. AMT is a hardware and firmware platform resident solution relying upon the Management Engine (ME) within the Intel 3450 chipset. By default, the AMT shipping on the HP Z200 will be inactive. It must be setup and configured in the system before it - HP Z200 | HP Z200 Workstation - AMT Setup and Configuration for the Z200 Worksta - Page 3
mode AMT Setup and Configuration is a manual process done through the Intel ME BIOS Extension (MEBx). Manual mode is the easiest to implement since it does not require much infrastructure, but it is the least secure since all network traffic is not encrypted. HP recommends that this be done in - HP Z200 | HP Z200 Workstation - AMT Setup and Configuration for the Z200 Worksta - Page 4
have at least one 7-bit ASCII non-alphanumeric character with an ASCII value between 33d and 126d that is not part of the invalid character list below. Some examples: Exclamation ! At @ Number # Dollar $ Percent % Caret ^ Asterisk * The underscore '_' is considered alpha - HP Z200 | HP Z200 Workstation - AMT Setup and Configuration for the Z200 Worksta - Page 5
the HP Z200 workstation. The HP Z200 workstation uses the 786H3 BIOS family. The system BIOS and the ME FW must be updated individually. Refer to the BIOS Flash Whitepaper at www.hp.com for more information on flashing the system BIOS and ME FW. Manual Mode (SMB Mode) - AMT Setup and Configuration - HP Z200 | HP Z200 Workstation - AMT Setup and Configuration for the Z200 Worksta - Page 6
the Intel ME Platform Configuration. Figure 2: Intel ME Platform Configuration Screen 5. Check the Intel ME State Control. Default Setting : Enabled so that it does not generate any network traffic. It is used for diagnostic purposes. If there is a problem where the ME is affected, it can - HP Z200 | HP Z200 Workstation - AMT Setup and Configuration for the Z200 Worksta - Page 7
default password has not been changed yet. During Setup and Configuration - The Intel MEBX password can be changed through the network interface during the setup and configuration process but at no other time. Once the setup and configuration process is complete, the Intel MEBX password cannot be - HP Z200 | HP Z200 Workstation - AMT Setup and Configuration for the Z200 Worksta - Page 8
host name on the network. Hostnames can be used is no response after four DNS queries to the Update protocol. If DDNS Update is disabled then the firmware will make no attempt to update DNS using DHCP option 81 or Dynamic DNS update. If the DDNS Update state (Enabled or Disabled) is not configured - HP Z200 | HP Z200 Workstation - AMT Setup and Configuration for the Z200 Worksta - Page 9
8. TCP/IP Settings. AMT 6.0 supports IPV4 and IPV6 interface. Follow steps 8a-8f to configure for IPV4 and 8g-8h for IPV6. Figure 4: Intel ME TCP/IP Settings Screen a. Wired LAN IPV4 Configuration DHCP Mode Default Setting : Enabled Recommended Setting : Enabled DHCP can be used if it is - HP Z200 | HP Z200 Workstation - AMT Setup and Configuration for the Z200 Worksta - Page 10
Figure 5: Intel ME Wired LAN IPv4 Configuration Screen b. IPV4 Address Enter a static address Default Setting Recommended Setting Example: 192.168.0.1 : 0.0.0.0 : Network Dependent Make sure all AMT systems have a unique static IP address. Multiple systems sharing the same IP address can lead to - HP Z200 | HP Z200 Workstation - AMT Setup and Configuration for the Z200 Worksta - Page 11
Network Dependent g. Wired LAN IPV6 Configuration Select Enabled option for IPv6 Feature Selection If DHCP is disabled, then steps 8h through 8i are required to configure MAC address. Manual ID - The IPv6 Interface ID is configured manually. Selecting this type requires that the Manual Interface ID - HP Z200 | HP Z200 Workstation - AMT Setup and Configuration for the Z200 Worksta - Page 12
supports IPv6 network interface. Enter a static IPv6 address Default Setting Recommended Setting : None : Network Dependent Network Dependent Example: 2001:db8::1428:57ab 9. Activate Network Access. From the Intel ME Platform Configuration menu, select 'Activate Network Access'. Activate Network - HP Z200 | HP Z200 Workstation - AMT Setup and Configuration for the Z200 Worksta - Page 13
Figure 7: Intel ME Activate Network Access Screen 10. FW Update Settings. a. Local FW Update Qualifier. Intel ME Firmware Local Update Qualifier Default Setting : Always Open Recommended Setting : Always Open 13 - HP Z200 | HP Z200 Workstation - AMT Setup and Configuration for the Z200 Worksta - Page 14
is set in the system BIOS and follows the Intel ME Firmware Local Update option. "Restricted" ignores what is set in the system BIOS and allows local ME FW update until the ME is configured. ME FW Local Update Enabled ME FW Local Update Disabled Never Open Local ME FW updates allowed. Local ME FW - HP Z200 | HP Z200 Workstation - AMT Setup and Configuration for the Z200 Worksta - Page 15
virtually maintaining PRTC during the power-off (G3) state. PRTC has a valid date range of 1/1/2004 to 1/4/2021. 12. Power Control. Figure 9: Intel ME Power Control Screen a. Intel ME ON in Host Sleep States. Default Setting : Desktop: ON in S0 Recommended Setting : Desktop: ON in S0, ME Wake - HP Z200 | HP Z200 Workstation - AMT Setup and Configuration for the Z200 Worksta - Page 16
State mode will automatically set to Desktop: ON in S0, ME Wake in S3, S4-5 after Activating the Network Access (step 9). b. Idle Timeout issue, HP recommends a setting of 1 which allows the ME to go to sleep after approximately 1 minute of inactivity. This allows for maximum power savings when - HP Z200 | HP Z200 Workstation - AMT Setup and Configuration for the Z200 Worksta - Page 17
14. Go into the Intel AMT Configuration. Figure 10: Intel AMT Configuration Screen Press the Enter key when MEBx displays "Update Network settings in the General Settings menu". Press 'Y' at the MEBx prompt below: 17 - HP Z200 | HP Z200 Workstation - AMT Setup and Configuration for the Z200 Worksta - Page 18
Figure 11: Intel AMT Configuration Screen a. Check the Manageability Feature Selection. Default Setting Recommended Setting : Enabled : Enabled This option allows Intel AMT to be enabled or disabled. By default, the HP Z200 workstation is set to enable Intel AMT. Note that setting the Disabled - HP Z200 | HP Z200 Workstation - AMT Setup and Configuration for the Z200 Worksta - Page 19
Figure 12: Intel ME Features Control Screen with AMT Selected b. Check SOL/IDE-R. Figure 13: Intel ME SOL-IDE-R Configuration Screen 19 - HP Z200 | HP Z200 Workstation - AMT Setup and Configuration for the Z200 Worksta - Page 20
. d) Legacy Redirection Mode. Default Setting Recommended Setting : Disabled : Disabled Select Disabled. This option allows the Redirection feature to work with the pre-AMT 6.0 remote consoles. c. KVM Configuration. Default Setting Recommended Setting : Disabled : User Dependent 20 - HP Z200 | HP Z200 Workstation - AMT Setup and Configuration for the Z200 Worksta - Page 21
Figure 14: Intel ME KVM Configuration Screen i. KVM feature Selection. Default Setting Recommended Setting : Enabled : Enabled Figure 15: Intel ME KVM Configuration Screen 21 - HP Z200 | HP Z200 Workstation - AMT Setup and Configuration for the Z200 Worksta - Page 22
. In this case only the local user can control the opt-in policy. Enable Remote Control of KVM Opt-in Policy - Enables Remote User's ability to select User OPT-IN Policy. Note: Intel integrated graphics CPU (iGfx) CPU is required for KVM option and console support at this time may be limited. 15 - HP Z200 | HP Z200 Workstation - AMT Setup and Configuration for the Z200 Worksta - Page 23
Updating ME firmware WebGUI support is enabled by default for SMB Setup and Configured systems. WebGUI support for Enterprise Setup and Configured systems is determined by the Setup and Configuration Server. Connecting with the Intel AMT WebGUI - SMB Example: 1) Power http://hpsystem.hp.com:16992 - HP Z200 | HP Z200 Workstation - AMT Setup and Configuration for the Z200 Worksta - Page 24
Figure 16: Intel AMT WebGUI Screen 6) Review system information and/or make any necessary changes will result in two passwords. The new password, known as the "remote" MEBx password, will only work remotely with the WebGUI or remote console. The local MEBx password used to access the MEBx locally - HP Z200 | HP Z200 Workstation - AMT Setup and Configuration for the Z200 Worksta - Page 25
Setup and Configuration, both the AMT client system and the SCS must share a set of Provisioning ID (PID) and Provisioning Passphrase (PPS). This pair forms a Pre-Shared Key (PSK). PIDs are 8 characters long and PPS are 32 characters. There are dashes between every set of four characters so counting - HP Z200 | HP Z200 Workstation - AMT Setup and Configuration for the Z200 Worksta - Page 26
to Manual Mode - AMT Setup and Configuration for Configuration. 5) Check the Intel ME State Control, select Enabled. 6) Check the Intel ME Firmware Local Update Qualifier, select Always Open. 7) Go into Intel ME Power Control. a. Go into ME ON in Host Sleep States, select Option 2 (Desktop - HP Z200 | HP Z200 Workstation - AMT Setup and Configuration for the Z200 Worksta - Page 27
Figure 17a: Intel ME Platform Configuration Screen Figure 17b: Intel AMT Configuration Screen Continued 27 - HP Z200 | HP Z200 Workstation - AMT Setup and Configuration for the Z200 Worksta - Page 28
ID - The IPv6 Interface ID is configured manually. Selecting this type requires that the Manual Interface ID is set with a valid value. IPv6 Address Enter a static IPv6 address Default Setting : None Recommended Setting : Network Dependent Example: 2001:db8::1428:57ab IPv6 default Router - HP Z200 | HP Z200 Workstation - AMT Setup and Configuration for the Z200 Worksta - Page 29
Dependent Example: 2001:db8::1428:57ab 12) Skip Activate Network Access. 13) Skip Un-Configure Network Access. 14) Go into Remote Setup And Configuration. Figure 18: Intel Setup and Configuration Screen This is the menu where the Enterprise mode provisioning data is entered. a. Current - HP Z200 | HP Z200 Workstation - AMT Setup and Configuration for the Z200 Worksta - Page 30
FQDN o Provisioning IP o Date of Provisioning This option is only for display, no changes can be made here. c. Provisioning Server IPV4/IPV6. 0.0.0.0 Recommended Setting : Network Dependent This option is used in Enterprise mode when an Intel AMT Setup and Configuration (Provisioning) Server is - HP Z200 | HP Z200 Workstation - AMT Setup and Configuration for the Z200 Worksta - Page 31
four characters so counting dashes PIDs are 9 characters and PPS are 40 characters. They must be generated by an S&CS. The Admin Password, PID, and PPS can be pre-populated by HP . This option is for Remote Configuration (RCFG) also known as Zero Touch Configuration (ZTC). This option only appears - HP Z200 | HP Z200 Workstation - AMT Setup and Configuration for the Z200 Worksta - Page 32
32 - HP Z200 | HP Z200 Workstation - AMT Setup and Configuration for the Z200 Worksta - Page 33
not supplied, the firmware cannot be updated. When the Secure Firmware Update feature is enabled, the IT administrator can update the firmware using the secure method. 16) Skip Set PRTC. 17) Power Control. a. Intel ME ON in Host Sleep States. Default Setting : Desktop: ON in S0 Recommended - HP Z200 | HP Z200 Workstation - AMT Setup and Configuration for the Z200 Worksta - Page 34
have this issue, HP recommends a setting of 1 which allows the ME to go to sleep after approximately 1 minute of inactivity. This allows for maximum power savings when the under Intel AMT Configuration menu. a. A message window telling the user that the system resets after configuration will appear. - HP Z200 | HP Z200 Workstation - AMT Setup and Configuration for the Z200 Worksta - Page 35
and remove power. At this point the system is out of Factory Mode and is in In-Setup mode. It is ready to be deployed in a corporation. 25) User plugs system into a power source and connects the network. Only use the integrated Intel NIC. Intel AMT does not work with any other NIC solution. 35 - HP Z200 | HP Z200 Workstation - AMT Setup and Configuration for the Z200 Worksta - Page 36
DNS are not available, then the Setup and Configuration Server's IP address must be manually entered into the AMT system's MEBx. The "Hello TLS Pre-Shared-Key (PSK) cipher suite if TLS is supported. 28) The Setup and Configuration server uses the PID to lookup PPS in provisioning server database - HP Z200 | HP Z200 Workstation - AMT Setup and Configuration for the Z200 Worksta - Page 37
is in In-Setup phase, the system can continue to be configured manually or be connected to a network where it will connect with an S&CS and begin Enterprise Mode - AMT Configuration. The Legacy method places all of the work of AMT Setup and Configuration on the customer. It is no touch for the OEM - HP Z200 | HP Z200 Workstation - AMT Setup and Configuration for the Z200 Worksta - Page 38
contact HP for more information about this valuable service. USB Drive Key Setup and Configuration Password, PID, and PPS information can be Setup and Configured locally with a USB Drive Key. This allows an IT technician to manually Setup and Configure systems without the problems of manually typing - HP Z200 | HP Z200 Workstation - AMT Setup and Configuration for the Z200 Worksta - Page 39
c. Turn on that platform. 6) The system BIOS will detect for a USB Drive Key. a. If found, the BIOS will look for a Setup.bin file at memory address into the MEBx parameter block. c. Calls MEBx. 8) MEBx processes the record. 9) MEBx writes completion message to display. 10) The IT technician powers - HP Z200 | HP Z200 Workstation - AMT Setup and Configuration for the Z200 Worksta - Page 40
network access Configuration is started when a remote console application initiates the process by communicating with the ME through the HECI driver configuration support. Remote Configuration Timeouts in HP Systems The HP Z200 workstation is shipped out of the factory with the Remote Configuration - HP Z200 | HP Z200 Workstation - AMT Setup and Configuration for the Z200 Worksta - Page 41
the ME is active and the system is connected to a network. Remote Configuration Prerequisites RCFG requires certain prerequisites before it can be used. IT administrators to manually activate a hash and to add up to three additional certificate hashes. To enter the Remote Configuration screen in the - HP Z200 | HP Z200 Workstation - AMT Setup and Configuration for the Z200 Worksta - Page 42
Enable/Disable Default Setting : Enabled Recommended Setting : Enabled This option enables or disables Remote Configuration. 2) Set PKI DNS Suffix This option allows the PKI DNS Suffix of the SCS to be entered. 3) Manage Certificate Hashes This option shows the hashes - HP Z200 | HP Z200 Workstation - AMT Setup and Configuration for the Z200 Worksta - Page 43
CA Certificates The following are a list of supported Certificate Authorities and certificates. Not all of the certificates might be populated in certain configurations. • VeriSign Class 3 Primary CA-G1 o SHA1 Fingerprint: 74 2C 31 92 E6 07 E4 24 EB 45 49 54 2B E1 BB C5 3E 61 - HP Z200 | HP Z200 Workstation - AMT Setup and Configuration for the Z200 Worksta - Page 44
unprovisioning options may appear. 1) Go into Unconfigure Network Access menu . a. Select the needed Unprovision mode. Full unprovisioning is available for Manual and Enterprise mode provisioned systems. It will return all AMT Configuration settings to factory defaults. All certificate hashes will - HP Z200 | HP Z200 Workstation - AMT Setup and Configuration for the Z200 Worksta - Page 45
control is passed back to the AMT Configuration screen. Notice that the Setup and Configuration option is available again since the system is set to the default Enterprise mode. 2) Return to previous menu. 3) Exit. a. Select Y. 4) System will reboot. A partial unprovisioning will re-open the network - HP Z200 | HP Z200 Workstation - AMT Setup and Configuration for the Z200 Worksta - Page 46
access does not originate from an outside network. Q: Why does a new password set with the WebGUI cannot be used locally in the MEBx? A: A password set with the WebGUI is a remote password and will only work when accessing the MEBx remotely. It does not work with the MEBx locally. The local password - HP Z200 | HP Z200 Workstation - AMT Setup and Configuration for the Z200 Worksta - Page 47
such as Altiris provide Setup and Configuration Servers. Check with your management console supplier to see if they offer this service. Q: Can AMT be set for static address and the OS set for DHCP or vice versa? A: No. Although it can be done, this is not a supported setting by Intel and may cause - HP Z200 | HP Z200 Workstation - AMT Setup and Configuration for the Z200 Worksta - Page 48
file. When the system resumes from S4, the system context is restored from the hibernation file. Vaux remains powered, but all other subsystems including system memory and the processor are not powered. S5 is the Soft Off state. It is identical to S4 with the exception that the system context is - HP Z200 | HP Z200 Workstation - AMT Setup and Configuration for the Z200 Worksta - Page 49
known as ME WoL, is a feature that allows the ME to go into a low power state when it is not used. There are three conditions that must be met for Wake and services. Nothing herein should be construed as constituting an additional warranty. HP shall not be liable for technical or editorial errors or
-
1 -
2 -
3 -
4 -
5 -
6 -
7 -
8
-
9
-
10
-
11
-
12
-
13
-
14
-
15
-
16
-
17
-
18
-
19
-
20
-
21
-
22
-
23
-
24
-
25
-
26
-
27
-
28
-
29
-
30
-
31
-
32
-
33
-
34
-
35
-
36
-
37
-
38
-
39
-
40
-
41
-
42
-
43
-
44
-
45
-
46
-
47
-
48
-
49
 |
 |
AMT Setup and Configuration
for the Z200 Workstation with
Intel AMT Technology
March 2010
Table of Contents:
Introduction
........................................................................................................
2
AMT Setup and Configuration
..............................................................................
2
AMT System Phases
........................................................................................
3
Manual Mode – AMT Setup and Configuration with MEBx
................................
3
BIOS Prerequisite
............................................................................................
5
Manual Mode (SMB Mode) – AMT Setup and Configuration Steps:
....................
5
Intel AMT WebGUI
............................................................................................
23
Connecting with the Intel AMT WebGUI - SMB Example:
.................................
23
Setup and Configuration Server
.........................................................................
25
Setup and Configuration Server Availability
.......................................................
25
Enterprise Mode Setup and Configuration
..........................................................
25
Enterprise Mode – AMT Setup and Configuration Steps:
..................................
26
Provisioning Methods
........................................................................................
37
Legacy
..........................................................................................................
37
IT TLS-PSK
.....................................................................................................
37
OEM TLS-PSK
................................................................................................
38
USB Drive Key Setup and Configuration
.............................................................
38
USB Drive Key Requirements
.........................................................................
39
Remote Configuration
........................................................................................
40
Remote Configuration Timeouts in HP Systems
................................................
40
Remote Configuration Prerequisites
................................................................
41
MEBx and Hashes
.........................................................................................
41
List of Supported CA Certificates
....................................................................
43
Return to Default
...............................................................................................
44
Full Return to Factory Defaults
............................................................................
45
Appendix B: Power / Sleep / Global States Explained
........................................
48
Appendix C: Wake-On-ME Explained
................................................................
49