Intel® Active Management Technology with System Defense Feature Quick Start Guide Introduction .......................................................3 Basic Functions ...................................................... 3 System Requirements............................................. 3 Configuring the Client System ............................4 Intel® Management Engine Configuration .................. Intel® AMT Configuration and Provisioning ................
INFORMATION IN THIS DOCUMENT IS PROVIDED IN CONNECTION WITH INTEL® PRODUCTS. NO LICENSE, EXPRESS OR IMPLIED, BY ESTOPPEL OR OTHERWISE, TO ANY INTELLECTUAL PROPERTY RIGHTS IS GRANTED BY THIS DOCUMENT.
Introduction Intel® Active Management Technology with System Defense Feature (Intel® AMT) is a hardware-based solution that uses out-of-band communication for system management access to client systems. Even with a crashed hard drive, a locked operating system, or if a system is turned off, access is still available to the client system to perform basic management tasks. This guide contains basic system configuration instructions and information on using a web browser to access a client system.
Console System The console system (i.e., the system used to access the Intel AMT client system) must have one of the following web browsers installed: • Microsoft* Internet Explorer 6 SP1 or newer • Netscape* Navigator 7.1 or newer • Mozilla* Firefox* 1.0 or newer • Mozilla Mozilla* 1.
Figure 1. Intel Management Engine Configuration Menu in the BIOS 4. The Intel Management Engine password must be changed prior to gaining access to Intel AMT setup options. Change the Intel Management Engine password. NOTE Intel Management Engine passwords must be between 8 and 32 characters long, have at least one upper case character, one lower case character, one number, and a special character (for example: !, @, #, $, %, ^, &, *).
Figure 2. Intel Management Engine Menu in the BIOS 5. Select the Intel Management Engine Configuration item. 6. To enable Intel AMT, confirm that the Manageability Feature is set to Intel AMT. Other manageability options include enabling ASF and disabling manageability altogether. Intel AMT will be disabled if either of these options are selected. 7. To enable Intel AMT out-of -band communication in all sleep states, change the value of Turn On Intel Management Engine in Sleep States item to Always. 8.
Intel® AMT Configuration and Provisioning After completing configuration of the Intel Management Engine, the Intel AMT settings can be set. 1. Power on the computer and enter the system BIOS by pressing the F2 key. 2. Using the arrow keys, select the Intel Management Engine item from the top menu bar and press the Enter key. 3. Type in the Intel Management Engine password. (Note: This password is case sensitive.) 4. Select Intel Active Management Technology Configuration and press the Enter key. 5.
10. Select Provisioning Mode from the menu and choose SmallMedium Business. By default, Enterprise provisioning is selected. • The Small Business setting indicates that Intel AMT will be locally configured for this system. • The Enterprise setting indicates that Intel AMT will be configured by an external provisioning server within the local enterprise. Enter the following information: ⎯ Provisioning Server Address ⎯ Provisioning Server Port • TLS Pre-Shared Key PID • TLS Pre-Shared Key PPS 11.
NOTE Intel Management Engine passwords must be between 8 and 32 characters long, have at least one upper case character, one lower case character, one number, and a special character (for example: !, @, #, $, %, ^, &, *). The system owner should document the new Intel Management Engine password, store it in a secured location (a vault, safe deposit box, or off-site storage), and have it available for future use. This document should be updated after any password change is made. 6.
Using the Intel AMT Web Browser Interface Logging In From a Remote Console 1. On the remote console, open a web browser and enter the client computer name or IP address, and the port number. • Use the following, if the network can resolve the client system host name to a TCP/IP address: http://host_name:16992 Example: http://TestSystem:16992 • Use the following if a static TCP/IP address is defined for the Intel AMT client system: http://ip_address:16992 Example: http://192.168.1.7:16992 Figure 3.
NOTE Both the user name and password are case sensitive. Make sure to note any capitalization changes in either field when defining or changing them. The web browser shows the current status of the computer. The computer host name is shown in the top banner. Using the Intel AMT Web Pages Click the links on the left to access the Intel AMT information pages. The padlock icon indicates areas where the current Intel AMT user does not have sufficient rights to view.
System Status Page This page displays the power state, IP address, and other basic system information. Figure 4.
Hardware Pages These pages display information about the hardware installed in the computer. Intel AMT gets this information from the client system’s BIOS. Hardware changes will not be shown until after the client system is rebooted. Figure 5.
Event Log Page This page displays the Intel AMT Event Log. The options at the bottom of the page can be used to stop and start the Event Log and clear all events from the log. Figure 6.
Remote Control Page The Remote control page can be used to power cycle the client system, reset it, and power the system on or off. Boot options for the Intel AMT client system can also be specified. NOTE The options available on this page depend on the abilities of the client system. CAUTION These commands may cause data loss. They go directly to the system hardware and do not cause the operating system to shutdown gracefully. Figure 7.
Network Settings Page The Network Settings page can be used to change the Intel AMT network settings made on the client system. Figure 8. Intel AMT Network Settings Screen Host Name: The Host Name is a name that can used to browse to this computer. In DHCP mode, use the same name as the one set in the operating system. In static IP mode, use a name different from the one set in the operating system.
Preferred and Alternate DNS addresses: Specify the address of the DNS server that will resolve the computer host name. Respond to ping: Configures Intel AMT to respond to an IP ping. In static IP mode, Intel AMT always responds to a ping. In DHCP mode, Intel AMT will only respond to a ping when the operating system is down. Use tagged VLAN: This option is used to confine network traffic to a VLAN. The VLAN ID range is 1-4094. VLAN ID 1 is often reserved. Check the network switch documentation for details.
User accounts can also be setup with limited access rights. If access is limited, then that user will see a padlock icon on the links to the pages that the account cannot access. Figure 9.
Troubleshooting I can ping the client system, but cannot connect using a web browser • Make sure you changed the client system’s default Intel Management Engine password in the BIOS. • Make sure you are using a valid user name and password. • Make sure that you are connecting to the correct http interface (http, not https) and the correct port (16992).
Intel Active Management with System Defense Feature Quick Reference Guide
