Administrator Guide

ManualsBrandsDell ManualsNotebookprecision m2400

Intel® Active Management Technology v4.0

Administrator's Guide

Overview

Product Overview

Operational Modes

Setup and Configuration Overview

Provisioning Methods

Menus and Defaults

MEBx Settings Overview

ME Configuration Menu

AMT Configuration Menu

MEBx Defaults

Setup and Configuration

Methods Overview

Configuration Service

MEBx Interface (Enterprise Mode)

MEBx Interface

(SMB Mode)

System Deployment

Operating System Drivers

Management

Intel AMT Web GUI

AMT Redirection (SOL/IDE-R)

AMT Redirection Overview

Troubleshooting

If you purchased a DELL™ n Series computer, any references in this document to Microsoft

Windows

operating systems

are not applicable.

Information in this document is subject to change without notice.

Reproduction of these materials in any manner whatsoever without the written permission of Dell Inc. is strictly forbidden.

Trademarks used in this text: Dell, Latitude, and the DELL logo are trademarks of Dell Inc.; Intel is a registered trademark of Intel Corporation in

the U.S. and other countries; Microsoft and Windows are either trademarks or registered trademarks of Microsoft Corporation in the United States

and/or other countries.

Other trademarks and trade names may be used in this document to refer to either the entities claiming the marks and names or their products.

Dell Inc. disclaims any proprietary interest in trademarks and trade names other than its own.

August 2008 Rev. A00

Summary of content (143 pages)

PAGE 1
Intel® Active Management Technology v4.
PAGE 2
Back to Contents Page Overview Intel® Active Management Technology (Intel AMT) allows companies to easily manage their networked computers in the following ways: Discover computing assets on a network regardless of whether the computer is turned on or off – Intel AMT uses information stored in nonvolatile system memory to access the computer. The computer can even be accessed while it is powered off (also called out-of-band or OOB access).
PAGE 3
Back to Contents Page Operational Modes Intel® AMT can be set up for either Enterprise or Small and Medium Business operational modes (also called provisioning models). Both operational modes support dynamic and static IP networking. If you use dynamic IP networking (DHCP), the Intel AMT host name and the operating system host name must match. You must also configure both the operating system and Intel AMT to use DHCP as well.
PAGE 4
Back to Contents Page Setup and Configuration Overview The following is a list of important terms related to the Intel® AMT setup and configuration. Setup and configuration — The process that populates the Intel AMT-managed computer with usernames, passwords, and network parameters that enable the computer to be administered remotely. Provisioning — The act of setting up and configuring Intel AMT. Configuration service — A third-party application that completes the Intel AMT provisioning.
PAGE 5
Back to Contents Page The act of setting up and configuring Intel® AMT is known as provisioning. There are two methods of provisioning a computer with Enterprise mode: Legacy IT TLS-PSK Legacy If you want Transport Layer Security (TLS), execute the legacy method of Intel AMT setup and configuration on an isolated network separate from the corporate network.
PAGE 6
Back to Contents Page MEBx Settings Overview The Intel® Management Engine BIOS Extension (MEBx) provides platform-level configuration options for you to configure the behavior of Management Engine (ME) platform. Options include enabling and disabling individual features and setting power configurations. This section provides details about MEBx configuration options and constraints, if any. All the ME Platform Configuration setting changes are not cached in MEBx.
PAGE 7
Intel AMT Configuration Change Intel ME Password The Intel ME Configuration and Intel AMT Configuration menus are discussed on the following pages. First, the password must be changed in order to proceed through these menus. Changing the Intel ME Password The default password is admin and is the same on all newly deployed platforms. You must change the default password before changing any feature configuration options.
PAGE 8
Back to Contents Page ME Configuration Menu To reach the Intel® Management Engine (ME) Platform Configuration page, follow these steps: 1. Under the Management Engine BIOS Extension (MEBx) main menu, select ME Configuration. Press . 2. The following message appears: System resets after configuration changes. Continue: (Y/N) 3. Press . The ME Platform Configuration page opens. This page allows you to configure the specific functions of the ME such as features, power options, and so on.
PAGE 9
When enabled, the ME State Control option lets you disable ME to isolate the ME computer from the main platform while debugging a field malfunction. The table below illustrates the details of the options. ME Platform State Control Option Description Enabled Enable the Management Engine on the platform Disabled Disable the Management Engine on the platform In fact, the ME is not really disabled with the Disabled option.
PAGE 10
Intel ME Features Control The ME Features Control menu contains the following configuration selection. Manageability Feature Selection When you select the Manageability Feature Selection option on the ME Features Control menu, the ME Manageability Feature menu appears.
PAGE 11
You can use this option to determine which manageability feature is enabled. ASF — Alert Standard Format. ASF is a standardized corporate assets management technology. The Intel ICH9 platform supports ASF specification 2.0. Intel AMT — Intel Active Management Technology. Intel AMT is an improved corporate assets management technology. The table below explains these options.
PAGE 12
menu loads. The power package selected determines when the ME is turned ON. The default power package is Mobile: ON in S0. The end user administrator can choose which power package is used depending on computer usage. The power package selection page can be seen above. * Information on this page provided by Intel.
PAGE 13
Back to Contents Page AMT Configuration Menu After you completely configure the Intel® Management Engine (ME) feature, you must reboot before configuring the Intel AMT for a clean system boot. The image below shows the Intel AMT configuration menu after a user selects the Intel AMT Configuration option from the Management Engine BIOS Extension (MEBx) main menu. This feature allows you to configure an Intel AMT capable computer to support the Intel AMT management features.
PAGE 14
TCP/IP Allows you to change the following TCP/IP configuration of Intel AMT. Network interface – ENABLE** / DISABLED If the network interface is disabled, all the TCP/IP settings are no longer needed. DHCP Mode – ENABLE** / DISABLED If DHCP Mode is enabled, TCP/IP settings are configured by a DHCP server. If DHCP mode is disabled, the following static TCP/IP settings are required for Intel AMT. If a computer is in static mode it needs a separate MAC address for the Intel Management Engine.
PAGE 15
Current Provisioning Mode – Displays the current provisioning TLS Mode: None, PKI, or PSK. This configuration is only shown in Enterprise Provision Model. Provisioning Record – Displays the provision PSK/PKI record data of the computer. If the data has not been entered, the MEBX displays a message that states "Provision Record not present". If the data is entered, the Provision Record displays the following: TLS provisioning mode – Displays the current configuration mode of the computer: None, PSK or PKI.
PAGE 16
change the active status of the certificate press the <+> key. To delete the hash press the key. To add another key press the key. Set FQDN – Sets the fully qualified domain name for the computer. Set PKI DNS suffix – Sets the PKI DNS suffix. TLS PSK The submenu contains the settings for TLS PSK configuration settings. Setting or deleting the PID/PPS causes a partial unprovision if the setup and configuration is "In-process". Set PID and PPS – Sets the PID and PPS.
PAGE 17
Remote Configuration Enable/Disable The selectable options are Enable and Disable. If Remote Configuration is disabled, the menu options underneath are still displayed, but are not be used until Remote Configuration is enabled. This option cannot be modified once the setup and configuration process is in process. This parameter can only be modified while the computer is in the factory default or un-provisioned state.
PAGE 18
The Manage Certificate Hash screen has several keyboard controls available to you to manage the hashes on the computer.
PAGE 19
Change the active state of this hash? (Y/N) prompt. Answering yes to this question toggles the active state of the currently selected certificate hash. Setting a hash as active indicates that the hash is available to use when during PSK provisioning. Viewing a Certificate Hash Press in the Manage Certificate Hash screen. The details of the selected certificate hash are displayed to include: the hash name, the certificate hash data, and the active and default states.
PAGE 20
Un-provision The Un-Provision option allows you to reset the Intel AMT configuration to factory defaults. There are two types of unprovision: Full Un-provision – This option resets all of the Intel AMT settings to their default values. If a PID/PPS value is present, both values are lost. The MEBx password remains untouched. CMOS clear – This un-provision option is not available in the MEBx. This option clears all values to their default values. If a PID/PPS is present, both values are lost.
PAGE 21
SOL/IDE-R Username and Password – DISABLED** / ENABLED This option provides the user authentication for SOL/IDER session. If the Kerberos protocol is used, set this option to Disabled and set the user authentication through Kerberos. If Kerberos is not used, you have the choice to enable or disable user authentication on the SOL/IDER session. Serial-Over-LAN (SOL) – DISABLED** / ENABLED SOL allows the Intel AMT managed client console input/output to be redirected to the management server console.
PAGE 22
Password Policy There are two passwords present for the firmware. The MEBX password is the password that is entered when a user is physically at the system. The network password is the password that is entered when accessing an ME enabled system through the network. This option determines when network password and the MEBX password will be synched. The MEBX password can still be modified by users directly in front of the system.
PAGE 23
Secure Firmware Update This option allows you to enable/disable secure firmware updates. Secure firmware update requires an administrator user name and password. If the administrator user name and password are not supplied, the firmware cannot be updated. When the secure firmware update feature is enabled, you are able to update the firmware using the secure method. Secure firmware updates pass through the LMS driver.
PAGE 24
Set PRTC Enter PRTC in GMT (UTC) format (YYYY:MM:DD:HH:MM:SS). Valid date range is 1/1/2004 – 1/4/2021. Setting PRTC value is used for virtually maintaining PRTC during power off (G3) state. This configuration is only displayed for the Enterprise Provision Model.
PAGE 25
Idle Timeout Use this setting to define the ME WOL idle timeout. When this timer expires, the ME enters a low-power state. This timeout only takes affect when one of the ME WOL power policies is selected. Enter the value in minutes.
PAGE 26
Intel AMT in DHCP Mode Settings Example The table below shows a basic field settings example for the Intel AMT Configuration menu page to configure the computer in DHCP mode. Intel AMT Configurations Example in DHCP Mode Intel AMT Configuration Parameters Values Intel AMT Configuration Select and press . Host Name Example: IntelAMT This is the same as the operating system machine name. Set the parameters as follows: TCP/IP Enable Network interface Enable DHCP Mode Set a domain name (e.g., amt.
PAGE 27
The table below shows a basic field settings example for the Intel AMT Configuration menu page to configure the computer in static mode. The computer requires two MAC addresses (GBE MAC address and Manageability MAC Address) to operate in static mode. If there is no Manageability MAC address, Intel AMT cannot be set in static mode.
PAGE 28
Back to Contents Page MEBx Defaults The table below lists all the default settings for the Intel® Management Engine BIOS Extension (MEBx).
PAGE 29
Anytime Secure Firmware Update Disabled Enabled * Set PRTC blank Idle Timeout Timeout Value (0x0-0xFFFF) 1 *Default setting **May cause Intel AMT partial unprovision 1 Intel ME Platform State Control is only changed for Management Engine (ME) troubleshooting. 2 In Enterprise mode, DHCP automatically loads the domain name. 3 Un-provision setting only seen if the box is provisioned.
PAGE 30
Back to Contents Page Setup and Configuration Methods Overview As discussed in the Setup and Configuration Overview section, the computer has to be configured before the Intel AMT capabilities are ready to interact with management application.
PAGE 31
Back to Contents Page Configuration Service This section discusses Intel® AMT setup and configuration using a USB storage device. You can set up and locally configure password, provisioning ID (PID), and provisioning passphrase (PPS) information with a USB drive key. This is also called USB provisioning. USB provisioning allows you to manually set up and configure computers without the problems associated with manually typing in entries.
PAGE 32
Back to Contents Page MEBx Interface (Enterprise Mode) The Intel® Management Engine BIOS Extension (MEBx) is an optional ROM module that Intel provides to Dell™ to be included in the Dell BIOS. The MEBx has been customized for Dell computers. Enterprise mode (for large corporate customers) requires a setup and configuration server (SCS). An SCS runs an application over a network that performs Intel AMT setup and configuration. The SCS is also known as a provisioning server as seen in the MEBx.
PAGE 33
One uppercase letter One lowercase letter A number A special (nonalphanumeric) character, such as !, $, or ; excluding the :, ", and , characters.) The underscore ( _ ) and spacebar are valid password characters but do NOT add to the password complexity. 4. Change the password to establish Intel AMT ownership. The computer then goes from the factory-default state to the setup state. 5. Select Intel ME Configuration, and then press .
PAGE 34
6. Press when the following message appears: System resets after configuration change. Continue (Y/N).
PAGE 35
Intel ME State Control is the next option. The default setting for this option is Enabled. Do not change this setting to Disabled. If you want to disable Intel AMT, change the Manageability Feature Selection option to None in step 9.
PAGE 36
7. Select Intel ME Firmware Local Update. Press . 8. Then, select either Enabled or Disabled, and press . The default setting for this option is Disabled.
PAGE 37
9. Select Intel ME Features Control, and then press .
PAGE 38
Manageability Feature Selection is the next option. This feature sets the platform management mode. The default setting is Intel AMT. Selecting the None option disables all remote management capabilities.
PAGE 39
10. Select Return to Previous Menu, and then press .
PAGE 40
11. Select Intel ME Power Control, and then press .
PAGE 41
Intel ME ON in Host Sleep States is the next option. The default setting is Mobile: ON in S0.
PAGE 42
12. Select Return to Previous Menu, and then press .
PAGE 43
13. Select Return to Previous Menu, and then press .
PAGE 44
14. Exit the MEBx Setup and save the ME configuration. The computer displays an Intel ME Configuration Complete message and then restarts. After the ME configuration is complete, you can configure the Intel AMT settings. Intel AMT Configuration To enable Intel AMT Configuration settings on the target platform, perform the following steps: 1. At the initial boot screen, press
to re-enter the MEBx screens as seen in step 1 of "Enabling Management Engine for Enterprise Mode." 2.
PAGE 45
4. Select Host Name, and then press . 5. Type in a unique name for this Intel AMT machine, and then press . Spaces are not accepted in the host name. Make sure there is not a duplicate host name on the network. Host names can be used in place of the computer's IP for any applications requiring the IP address.
PAGE 46
6. Select TCP/IP. Press . 7.
PAGE 47
8. Type the domain name into the Domain name field.
PAGE 48
9. Select Provision Model from the menu, and then press . 10.
PAGE 49
11. Select Setup and Configuration from the menu, and then press .
PAGE 50
12. Select Current Provisioning Mode to display the current mode, and then press . The current provisioning mode is displayed. Press or to exit.
PAGE 51
13. Select Provisioning Record from the menu, and then press . The screen displays the provision PSK/PKI record data of the computer. If the data has not been entered, the MEBX displays a message that states Provision Record not present If the data is entered, the Provision Record displays one of several messages.
PAGE 52
14. Select Provisioning Server from the menu, and then press .
PAGE 53
15. Type the provisioning server IP in the Provisioning server address field and press . The default setting is 0.0.0.0. This default setting works only if the DNS server has an entry that can resolve the provision server to the IP of the provisioning server.
PAGE 54
16. Type the port in the Port number field and press . The default setting is 0. If left at the default setting of 0, the Intel AMT attempts to contact the provisioning server on port 9971. If the provisioning server is listening on a different port, enter it here.
PAGE 55
17. Select TLS PSK from the menu, and then press .
PAGE 56
18. Set PID and PPS is the next option. The PID and PPS can be input manually or by using a USB key once the SCS generates the codes. This option is for entering the provisioning ID (PID) and provisioning passphrase (PPS). PIDs are eight characters and PPS are 32 characters. There are dashes between every set of four characters, so including dashes, PIDs are nine characters and PPS are 40 characters. An SCS must generate these entries.
PAGE 57
Skip the Delete PID and PPS option. This option returns the computer to factory defaults. See the "Return to Default" section for more information about unprovisioning. 19. Select Return to Previous Menu, and then press .
PAGE 58
20. Select TLS PKI from the menu, and then press .
PAGE 59
21. Select Remote Configuration Enable/Disable from the menu, and then press . This option is Disabled by default and can be Enabled if the network infrastructure does not support a Certificate Authority (CA).
PAGE 60
22. If Enabled, refer to steps 19 through 21. If not Enabled, skip to step 22.
PAGE 61
Manage Certificate Hashes option is the next option. Four hashes are configured by default. Hashes can be deleted or added per customer needs.
PAGE 62
23. Select Set FQDN from the menu, and then press . 24. Type the FQDN of the provisioning server in the text field and press .
PAGE 63
25. Select Set PKI DNS Suffix from the menu. Press . 26. Type the PKI DNS Suffix in the text field and press .
PAGE 64
27. Select Return to Previous Menu, and press .
PAGE 65
28. Select Return to Previous Menu, and then press . This returns you to the Intel AMT Configuration menu.
PAGE 66
Skip the Un-Provision option. This option returns the computer to factory defaults. See the "Return to Default" section for more information about unprovisioning.
PAGE 67
29. Select SOL/IDE-R, and then press .
PAGE 68
30. Press when the following message appears: [Caution] System resets after configuration changes. Continue: (Y/N) .
PAGE 69
User name & Password 31. Select Enabled and then press . This option allows you to add users and passwords from the WebGUI. If the option is disabled, then only the administrator has MEBx remote access.
PAGE 70
32. For Serial Over LAN (SOL/IDE-R), select Enabled and then press .
PAGE 71
33. For IDE Redirection<, select Enabled and then press .
PAGE 72
Secure Firmware Update is the next option. The default setting is Enabled.
PAGE 73
Skip Set PRTC.
PAGE 74
Idle Timeout is the next option. The default setting is 1. This timeout is applicable only when a WoL option is selected for enabling ME for the Enterprise operating mode.
PAGE 75
34. Select Return to Previous Menu, and then press .
PAGE 76
35. Select Exit, and then press .
PAGE 77
36.
PAGE 78
The computer restarts. Turn off the computer and disconnect the power cable. The computer is now in setup state and is ready for deployment.
PAGE 79
Back to Contents Page MEBx Interface (SMB Mode) The Intel® Management Engine BIOS Extension (MEBx) is an optional ROM module that Intel provides to Dell™ to be included in the Dell BIOS. The MEBx has been customized for Dell computers. Dell also supports setup and configuration of Intel AMT in the small and medium business (SMB) mode. The only setting not required in the SMB mode is the Set PID and PPS option. Also, the Provision Model option is set to Small Business instead of Enterprise.
PAGE 80
A number A special (nonalphanumeric) character, such as !, $, or ; excluding the :, ", and , characters.) The underscore ( _ ) and spacebar are valid password characters but do NOT add to the password complexity. 5. Change the password to establish Intel AMT ownership. The computer then goes from the factory-default state to the setup state. 6. Select Intel ME Configuration, and then press .
PAGE 81
7. Press when the following message appears: System resets after configuration change. Continue (Y/N).
PAGE 82
Intel ME State Control is the next option. The default setting for this option is Enabled. Do not change this setting to Disabled. If you want to disable Intel AMT, change the Manageability Feature Selection option to None later in this procedure.
PAGE 83
8. Select Intel ME Firmware Local Update and then press . 9. Select either Enabled or Disabled, and then press . The default setting for this option is Disabled.
PAGE 84
10. Select Intel ME Features Control, and then press .
PAGE 85
Manageability Feature Selection is the next option. This feature sets the platform management mode. The default setting is Intel AMT. Selecting the None option disables all remote management capabilities.
PAGE 86
11. Select Return to Previous Menu, and then press .
PAGE 87
12. Select Intel ME Power Control, and then press .
PAGE 88
Intel ME ON in Host Sleep States is the next option. The default setting is Mobile: ON in S0.
PAGE 89
13. Select Return to Previous Menu and then press .
PAGE 90
14. Select Return to Previous Menu, and then press .
PAGE 91
15. Exit the MEBx Setup and save the ME configuration. The computer displays an Intel ME Configuration Complete message and then restarts. After the ME configuration is complete, you can configure the Intel AMT settings. Intel AMT Configuration Enabling Intel AMT for SMB Mode 1. At the initial boot screen, press
to re-enter the MEBx screens. 2. When a prompt for the password appears, enter the new Intel ME password. 3. Select Intel AMT Configuration, and then press .
PAGE 92
4. Select Host Name, and then press . 5. Type in a unique name for this Intel AMT machine, and then press . Spaces are not accepted in the host name. Make sure there is not a duplicate host name on the network. Host names can be used in place of the computer's IP for any applications requiring the IP address.
PAGE 93
6. Select TCP/IP, and then press . 7.
PAGE 94
8. Type the domain name into the field.
PAGE 95
9. Select Provision Model from the menu, and then press . 10.
PAGE 96
11. Skip the Un-Provision option. This option returns the computer to factory defaults. See the "Return to Default" section for more information about unprovisioning. 12. Select SOL/IDE-R. Press .
PAGE 97
13. Press when The following message appears: [Caution] System resets after configuration changes.
PAGE 98
14. Select Enabled for Username & Password, and then press . This option allows you to add users and passwords from the WebGUI. If the option is disabled, then only the administrator has MEBx remote access.
PAGE 99
15. For Serial Over LAN, select Enabled and then press .
PAGE 100
16. For IDE Redirection, select Enabled and then press .
PAGE 101
Secure Firmware Update is the next option. The default setting is Enabled.
PAGE 102
17. Skip Set PRTC.
PAGE 103
Idle Timeout is the next option. The default setting is 1. This timeout is applicable only when a WoL option is selected for Intel ME ON in Host Sleep States screen of the process for enabling ME for the Enterprise operating mode.
PAGE 104
18. Select Return to Previous Menu, and then press .
PAGE 105
19. Select Exit, and then press .
PAGE 106
20.
PAGE 107
21. After the computer restarts, turn off the computer and disconnect the power cable. The computer is now in setup state and is ready for deployment.
PAGE 108
Back to Contents Page System Deployment Once you are ready to deploy a computer to a user, plug the computer into a power source and connect it to the network. Use the integrated Intel® 82566DM NIC. Intel Active Management Technology (Intel AMT) does not work with any other NIC solution. When the computer is turned on, it computer immediately looks for a setup and configuration server (SCS). If the computer finds this server, the Intel AMT capable computer sends a Hello message to the server.
PAGE 109
Back to Contents Page Operating System Drivers Within the operating system, two drivers must be installed to remove unknown devices in the Device Manager. These drivers are discussed below. SOL/LMS Driver The Intel® AMT Serial-Over-LAN (SOL) / Local Manageability Service (LMS) driver is available on support.dell.com and on the ResourceCD under Chipset Drivers. The driver is labeled Intel AMT SOL/LMS.
PAGE 110
Back to Contents Page Intel AMT WebGUI The Intel® AMT WebGUI is a Web browser-based interface for limited remote computer management. The WebGUI is often used as a test to determine if Intel AMT setup and configuration was performed properly on a computer. A successful remote connection between a remote computer and the host computer running the WebGUI indicates proper Intel AMT setup and configuration on the remote computer.
PAGE 111
Back to Contents Page AMT Redirection Overview Intel® AMT makes it possible to redirect serial and IDE communications from a managed client to a management console regardless of the boot and power state of the managed client. The client need only have the Intel AMT capability, a connection to a power source, and a network connection. Intel AMT supports Serial Over LAN (SOL, text/keyboard redirection) and IDE Redirection (IDER, CD-ROM redirection) over TCP/IP.
PAGE 112
Back to Contents Page Troubleshooting This page describes a few basic troubleshooting steps to follow if problems are experienced with the Intel® AMT configuration. Remember to always check DSN for more troubleshooting options. Return to Default Return to default is also known as un-provisioning. An Intel AMT setup and configured computer can be un-provisioned using the Intel AMT Configuration screen and the Un-Provision option. Follow the steps below to un-provision a computer: 1.
PAGE 113
Bad ME memory configuration DIMM A is located beneath the keyboard. For instructions on accessing this slot, refer to the system documentation.
PAGE 114
Back to Contents Page USB Setup and Configuration The default console package provided is the Dell™ Client Management (DCM) application. This section provides the procedure to set up and configure Intel® AMT with the DCM package. As mentioned earlier in the document, several other packages are available through third-party vendors. The computer must be configured and seen by the DNS server before you begin this process.
PAGE 115
Click the <+> to expand the Intel AMT Getting Started section.
PAGE 116
Click the <+> to expand the Section 1. Provisioning section.
PAGE 117
Click the <+> to expand the Basic Provisioning (without TLS) section.
PAGE 118
Select Step 1. Configure DNS. The notification server with an out-of-band management solution installed must be registered in DNS as "ProvisionServer.
PAGE 119
Click Test on the DNS Configuration screen to verify that DNS has the ProvisionServer entry and that it resolves to the correct Intel setup and configuration server (SCS).
PAGE 120
The IP address for the ProvisionServer and Intel SCS are now visible.
PAGE 121
Select Step 2. Discovery Capabilities.
PAGE 122
Verify that the setting is Enabled. If Disabled, click the check box next to Disabled and click Apply.
PAGE 123
Select Step 3. View Intel AMT Capable Computers.
PAGE 124
Any Intel AMT capable computers on the network are visible in this list.
PAGE 125
Select Step 4. Create Profile.
PAGE 126
Click the plus symbol to add a new profile.
PAGE 127
On the General tab the administrator can modify the profile name and description along with the password. The administrator sets a standard password for easy maintenance in the future. Select the manual radio button and enter a new password.
PAGE 128
The Network tab provides the option to enable ping responses, VLAN, WebUI, Serial over LAN, and IDE Redirection. If you are configuring Intel AMT manually, all these settings are also available in the MEBx. The TLS (Transport Layer Security) tab provides the ability to enable TLS. If enabled, several other pieces of information are required including the certificate authority (CA) server name, CA common name, CA type, and certificate template.
PAGE 129
The Power Policy tab has configuration options to select the sleep states for Intel AMT as well as an Idle Timeout setting. It is recommended that Idle timeout is always set to 0 for optimal performance. The setting for the Power Policy tab can potentially impact a computer's ability to remain E-Star 4.0 compliant. Select Step 5. Generate Security Keys.
PAGE 130
Select the icon with the arrow pointing out to Export Security Keys to USB Key.
PAGE 131
Select the Generate keys before export radio button.
PAGE 132
Enter the number of keys to generate (depends on the number of computers that need to be provisioned). The default is 50. The Intel ME default password is admin. Configure the new Intel ME password for the environment. Click Generate. Once the keys have been created, a link appears to the left of the Generate button.
PAGE 133
Insert the previously formatted USB device into a USB connector on the Provisioning Serverr. Click the Download USB key file link to download setup.bin file to the USB device. The USB device is recognized by default; save the file to the USB device. If additional keys are needed in the future, the USB device must be reformatted before saving the setup.bin file to it.
PAGE 134
a. Click Save in the File Download dialog box. b. Verify the Save in: location is directed to the USB device. Click Save. c. Click Close in the Download complete dialog box. The setup.bin file is now visible in the drive explorer window.
PAGE 135
Close the Export Security Keys to USB Key and drive explorer windows to return to the Altiris Console. Take the USB device to the computer, insert the device, and turn on the computer. The USB device is recognized immediately and you are prompted to Continue with Auto Provisioning (Y/N) Press . Press any key to continue with system boot...
PAGE 136
Once complete, turn off the computer and move back to the management server. Select Step 6. Configure Automatic Profile Assignments.
PAGE 137
Verify that the setting is enabled. In the Intel AMT 2.0+ dropdown, select the profile created previously. Configure the other settings for the environment.
PAGE 138
Select Step 7. Monitor Provisioning Process.
PAGE 139
The computers for which the keys were applied begin to appearing in the system list. At first the status is Unprovisioned, then the system status changes to In provisioning, and finally it changes to Provisioned at the end of the process.
PAGE 140
Select Step 8. Monitor Profile Assignments.
PAGE 141
The computers for which profiles were assigned appear in the list. Each computer is identified by the FQDN, UUID, and Profile Name columns.
PAGE 142
Once the computers are provisioned, they are visible under the Collections folder in All configured Intel AMT computers.
PAGE 143
Back to Contents Page