Guide Intel® Centrino® with vPro™ Technology Intel® Core™2 Processor with vPro™ Technology Intel® vPro™ and Intel® Centrino® Pro Processor Technology Quick Start Guide Based on Intel® Active Management Technology and LANDesk® Management Suite 8.8 Version 1.
Intel® vPro™ and Intel® Centrino® Pro Processor Technology Quick Start Guide Contents Preface.................................................................................................................................3 Intended Audience....................................................................................................................................................................................3 What This Document Contains ............................................................
Intel® vPro™ and Intel® Centrino® Pro Processor Technology Quick Start Guide Preface This document provides the high level steps required to deploy desktop and notebook PCs with Intel® vPro™ technology. It does not provide step-by-step procedures for completing those high level steps, but instead provides links to more detailed information where such step-by-step procedures may be found.
Intel® vPro™ and Intel® Centrino® Pro Processor Technology Quick Start Guide Process Overview Intel® Active Management Technology1 (Intel® AMT) provides significant flexibility in order to meet the needs of various customer environments. This flexibility requires that customers make a number of decisions when planning and implementing their deployment of Intel AMT-enabled systems. The overall deployment process is shown below: • Install the LANDesk Management System (LDMS) agent on each client system.
Intel® vPro™ and Intel® Centrino® Pro Processor Technology Quick Start Guide Section 1: Deciding Which Provisioning Mode to Use Before starting the deployment, you must decide which provisioning mode to use: SMB or Enterprise. Note: SMB mode, which stands for “Small-Medium Business,” is also known as “Basic” mode, and Enterprise mode can be divided into “Standard” and “Advanced” modes, based on whether you require Transport Layer Security (TLS) certificate-based encryption for you management traffic.
Intel® vPro™ and Intel® Centrino® Pro Processor Technology Quick Start Guide Section 2 – Deploying Intel® vPro Using SMB (Basic) Mode Provisioning Process Flowchart The following picture shows the overall process flow for provisioning Intel vPro client systems in SMB mode. The steps are described in further detail in this section.
Intel® vPro™ and Intel® Centrino® Pro Processor Technology Quick Start Guide Step 1: Configure Existing IT Infrastructure Step 1a: Choose DHCP or Static IP Addressing for Client Systems. If your IT environment requires the use of static IP addresses, be aware that the Intel AMT client must then have two IP addresses: one for the host OS and one for the Intel Management Engine (Intel ME).
Intel® vPro™ and Intel® Centrino® Pro Processor Technology Quick Start Guide It is recommended that the LANDesk client agent also be installed, although it is not required. Discovery of the Intel vPro machine will differ depending on whether the client agent is installed. See Step 5: Discover Intel vPro Clients Through the Management Console on page 11 for further information.
Intel® vPro™ and Intel® Centrino® Pro Processor Technology Quick Start Guide Step 3b: Select TLS or non-TLS mode. Under the Discovery & Provisioning portion of the dialog box you’ll find two options: • Provision in TLS mode for secure communication • Provision in non-TLS mode Since you have made the choice to use SMB mode, select “Provision in non-TLS mode,” then click Apply.
Intel® vPro™ and Intel® Centrino® Pro Processor Technology Quick Start Guide • Contain both upper and lower case Latin characters • Have at least one numeric character • Have at least one ASCII non-alphanumeric character (!, @, #, $, %, ^, &, *) Step 4d: Select an IP Addressing Scheme SMB mode supports both Static IP and Dynamic Host Protocol Configuration (DHCP). DHCP is the most commonly used scheme today and provides the easiest integration with Intel AMT.
Intel® vPro™ and Intel® Centrino® Pro Processor Technology Quick Start Guide Step 5: Discover Intel vPro Clients Through the Management Console Discovery of the Intel vPro devices varies depending on whether the latest LANDesk client agent is loaded. Discovery Without the LANDesk Agent Installed on the Client: 1. In LANDesk, navigate to the Unmanaged Device Discovery (UDD) tab. The bottom half of the UUD tab displays the undiscovered devices, 2.
Intel® vPro™ and Intel® Centrino® Pro Processor Technology Quick Start Guide o Remote Boot Manager – Power On/Off o Remote Boot Manager using Console Redirection (Serial over LAN /SOL) and IDE Redirection For further information on testing these features, refer to the following whitepaper: • Integrating Intel® vPro™ Technology with LANDesk® Management Products http://download.intel.com/business/vpro/pdfs/landesk_whitepaper.
Intel® vPro™ and Intel® Centrino® Pro Processor Technology Quick Start Guide Step 7: Post Configuration Once you’ve deployed and configured your Intel vPro client machines, there are still some additional actions you should consider. Adding New Devices: As new Intel vPro clients are added to the network you will need to perform the deployment process described above to activate Intel AMT on the new devices, discover the new devices, and then add them to your management database.
Intel® vPro™ and Intel® Centrino® Pro Processor Technology Quick Start Guide Once AP starts on the client (default startup time is 6 minutes after the client is powered on), if the COLLECTOR.EXE process is killed or the LANDesk Management Agent service is stopped, an AP alert is generated. AP start and stop alerts are displayed in the LSM log, not the Intel AMT Event Log. Note: If the COLLECTOR.EXE process is killed, restart it by running RESTARTMON.
Intel® vPro™ and Intel® Centrino® Pro Processor Technology Quick Start Guide • A Kill All NICs policy which will stop all network traffic except for LANDesk management, Intel AMT, DNS, and DHCP traffic, thus isolating the client system from the network except for system management functions. Note: In LANDesk 8.8 there is no GUI to create or modify System Defense filters or policies. Currently all modifications have to be made to the XML pages used for System Defense.
Intel® vPro™ and Intel® Centrino® Pro Processor Technology Quick Start Guide Section 3 – Deploying Intel vPro Using Enterprise (Standard and Advanced) Mode Provisioning Process Flowchart The following picture shows the overall process flow for provisioning Intel vPro client systems in Enterprise (Standard and Advanced) mode. The steps are described in further detail in this section.
Intel® vPro™ and Intel® Centrino® Pro Processor Technology Quick Start Guide Intel vPro Enterprise Setup and Configuration Flow Prior to executing the steps for configuring the Intel vPro components (Intel AMT and Intel ME) in Enterprise mode (either Standard or Advanced), it is first important to understand the overall flow of the Enterprise mode configuration process (recall that the main difference between Standard and Advanced is that if you provision your clients in Advanced mode, all management traff
Intel® vPro™ and Intel® Centrino® Pro Processor Technology Quick Start Guide Step 1: Configure Existing IT Infrastructure In order for an Intel vPro machine to be manageable, it must become known to the management console. The process by which this occurs is called “provisioning”.
Intel® vPro™ and Intel® Centrino® Pro Processor Technology Quick Start Guide the system BIOS.. It.is provided to the OEM by Intel. The Intel MEBx allows you to configure settings that control the operation of the Management Engine which runs on the Intel AMT client. For more information on Intel MEBx, see the Intel Management Engine BIOS Extension User’s Guide. Step 1a: Manually register the “provision server” entry into the DNS server. Manually resister the “provision server” entry into the DNS server.
Intel® vPro™ and Intel® Centrino® Pro Processor Technology Quick Start Guide Step 2: Verify Intel vPro Client Windows Drivers The following Intel AMT drivers, which are digitally signed by Intel and compatible with Microsoft Windows* operating systems (including Windows 2000, Windows XP, and Windows Vista*), are required on the Intel vPro client platform.
Intel® vPro™ and Intel® Centrino® Pro Processor Technology Quick Start Guide Step 3a: Set Intel MEBx Password In the LANDesk Configuration Services tool, click the Intel vPro Configuration tab and enter a strong password in the Current Intel vPro Credentials (top) portion of the screen. This is the password you will use in the future if you need to access the Intel MEBx on any individual client system after the initial provisioning process is complete.
Intel® vPro™ and Intel® Centrino® Pro Processor Technology Quick Start Guide • Use your own root certificate, if you already have one • Use one of the certificate hashes provided with Intel vPro (i.e.
Intel® vPro™ and Intel® Centrino® Pro Processor Technology Quick Start Guide Skip to Step 5: Discover Intel vPro Clients through the Management Console, on page 27. Note: You can also test Remote Configuration using a LANDesk generated certificate. The appropriate server certificates are already in place. However, the client hash needs to be placed into the Intel ME BIOS on the Intel AMT 3.0 client. The client hash is automatically generated and stored at the beginning of the AMTDiscService.log file.
Intel® vPro™ and Intel® Centrino® Pro Processor Technology Quick Start Guide management console. Skip to Step 5: Discover Intel vPro Clients through the Management Console, on page 27. Step 4C: One-Touch Configuration of Intel vPro Client - Factory State to Setup State The Intel vPro clients need authentication information configured on them so that they can authenticate themselves to the provisioning server; otherwise the server won’t provision them.
Intel® vPro™ and Intel® Centrino® Pro Processor Technology Quick Start Guide 4. The console will display the values for manual entry into the Intel vPro machine, or there is an option to export/import (at the bottom of the dialogue box) the security keys to a USB thumb drive (filename setup.bin) for one-touch configuration.
Intel® vPro™ and Intel® Centrino® Pro Processor Technology Quick Start Guide Step 4C-3a: Manual Configuration of the Intel vPro Clients (alternative to USB drive method): Use this method to manually enter the password and PID-PPS credentials for each Intel vPro client machine. A minimal amount of information is required to change the Intel vPro client from Factory Mode to Setup Mode. The information required includes: • Change Intel MEBx password (change from factory default).
Intel® vPro™ and Intel® Centrino® Pro Processor Technology Quick Start Guide Step 5: Discover Intel vPro Clients through the Management Console Discovery of the Intel vPro devices varies depending on whether the latest LANDesk client agent is loaded. Discovery Without the LANDesk Agent Installed on the Client: 1. In LANDesk, navigate to the Unmanaged Device Discovery (UDD) tab. The bottom half of the UUD tab displays the undiscovered devices, 2.
Intel® vPro™ and Intel® Centrino® Pro Processor Technology Quick Start Guide Step 6: Test Intel vPro Client Functionality After the device has been discovered and added to the management database, it is a good idea to test the functionality of the Intel vPro machine. Perform the following steps to test the Intel AMT client functionality. Step 6a: Test Intel vPro Client Functionality From LANDesk 1. In the All Devices list, right-click an Intel vPro device to display the menu of Intel AMT Options. 2.
Intel® vPro™ and Intel® Centrino® Pro Processor Technology Quick Start Guide o Network Settings o User Accounts Step 7: Post Configuration Once you’ve deployed and configured your Intel vPro client machines, there are still some additional actions you should consider.
Intel® vPro™ and Intel® Centrino® Pro Processor Technology Quick Start Guide While these agents are running you can monitor any other service on the client machine using the LSM service monitoring tool. These agents and their descriptions are defined in AGENTPRESENCE.XML which is sent down to the Intel AMT non-volatile memory (NVM) storage area on the client Intel AMT machine and subsequently read by the LANDesk agent to determine what it should monitor.
Intel® vPro™ and Intel® Centrino® Pro Processor Technology Quick Start Guide • A UDP flood policy which will trigger SD if Intel AMT sees at least 20,000 UDP packets per second and will monitor for a Denial-of-service attack. • An SYN flood policy which will trigger SD if Intel AMT sees at least 20,000 IP packets per second and will monitor for a Denial-of-service attack.
Intel® vPro™ and Intel® Centrino® Pro Processor Technology Quick Start Guide Appendix A: Troubleshooting Additional troubleshooting information can be found at the Known Issues, Best Practices, and Workarounds wiki: http://communities.intel.com/docs/DOC-1247. Intel vPro machine not discovered: The Intel vPro machine may not have completed the “provisioning cycle” with the LANDesk core server. One way to tell this would be to look into the AMTDiscService.
Intel® vPro™ and Intel® Centrino® Pro Processor Technology Quick Start Guide Export or Import Intel AMT IDs) that you enter the same password in the field that says “Specify Intel vPro ME password (for Intel AMT 2.5 or greater only)”. This needs to be filled in for any Intel vPro machine of 2.1 or greater. Intel vPro machine was discovered through UDD (Unmanaged Device Discovery) when a network scan was run, but the Intel AMT option and Move to Management Database option are grayed out.
Intel® vPro™ and Intel® Centrino® Pro Processor Technology Quick Start Guide An example of Successful Provisioning Thu, 28 Feb 2008 113500 LANDesk Intel AMT Provisioning Manager Thu, 28 Feb 2008 113500 IP 192.168.0.100 UUID 44454C4C-FF00-10FF-80FF-FFC04FFF0000 Thu, 28 Feb 2008 113500 FQDN name for ZTC client1.vprodemo.com Thu, 28 Feb 2008 113501 Host Name client1 Thu, 28 Feb 2008 113501 UUID 44454C4C-FF00-10FF-80FF-FFC04FFF0000 Thu, 28 Feb 2008 113501 PID no Thu, 28 Feb 2008 113501 IP Address 192.168.0.
Intel® vPro™ and Intel® Centrino® Pro Processor Technology Quick Start Guide Thu, 28 Feb 2008 113507 Action SetRngKey Thu, 28 Feb 2008 113507 SetRngKey passed Thu, 28 Feb 2008 113507 Action SetTLSKeyAndCertificate Thu, 28 Feb 2008 113507 To generate keys and certificate Thu, 28 Feb 2008 113509 Success to generate keys and certificate Thu, 28 Feb 2008 113509 SetTLSKeyAndCertificate passed Thu, 28 Feb 2008 113509 Action EnumerateTrustedRootCertificates Thu, 28 Feb 2008 113509 EnumerateTrustedRootCertificat
Intel® vPro™ and Intel® Centrino® Pro Processor Technology Quick Start Guide An example of an unsuccessful Provisioning Thu, 06 Mar 2008 11:26:23 LANDesk Intel AMT Provisioning Manager Thu, 06 Mar 2008 11:26:23 IP: 192.168.0.100 UUID: 44454C4C-4A00-1032-8038-C6C04F514431 Thu, 06 Mar 2008 11:26:28 Hostname from DNS: Thu, 06 Mar 2008 11:26:29 Host Name: 192.168.0.
Intel® vPro™ and Intel® Centrino® Pro Processor Technology Quick Start Guide Thu, 06 Mar 2008 11:26:35 Action: getDomainname Thu, 06 Mar 2008 11:26:35 GetDomainName passed Thu, 06 Mar 2008 11:26:35 Action: GetPkiCapabilities Thu, 06 Mar 2008 11:26:35 GetPkiCapabilities passed Thu, 06 Mar 2008 11:26:35 Action: SetEnabledInterfaces Thu, 06 Mar 2008 11:26:35 SetEnabledInterfaces passed Thu, 06 Mar 2008 11:26:35 Action: SetRedirectionListenerState Thu, 06 Mar 2008 11:26:35 GetRedirectionListenerState passed
Intel® vPro™ and Intel® Centrino® Pro Processor Technology Quick Start Guide Thu, 06 Mar 2008 11:26:37 Success to generate keys and certificate Thu, 06 Mar 2008 11:26:37 SetTLSKeyAndCertificate passed Thu, 06 Mar 2008 11:26:37 Action: setNetworkTime Thu, 06 Mar 2008 11:26:37 GetLowAccuracyTimeSynch passed Thu, 06 Mar 2008 11:26:37 SetHighAccuracyTimeSynch passed Thu, 06 Mar 2008 11:26:37 Action: EnumerateTrustedRootCertificates Thu, 06 Mar 2008 11:26:37 EnumerateTrustedRootCertificates passed Thu, 06 M
Intel® vPro™ and Intel® Centrino® Pro Processor Technology Quick Start Guide Appendix B: Glossary of Terms used in this guide PPS: Provisioning Pass phrase. Pre-shared key used in provisioning Intel vPro machines. BIOS: Basic Input Output System PSK: Pre-shared key DHCP: Dynamic Host Configuration Protocol SMB Mode: Small (and Medium) Business model used for provisioning an Intel vPro machine DNS: Domain Name Service.
Intel® vPro™ and Intel® Centrino® Pro Processor Technology Quick Start Guide
Intel® vPro™ and Intel® Centrino® Pro Processor Technology Quick Start Guide *Other names and brands may be claimed as the property of Intel® Active Management Technology requires the computer others. system to have an Intel® AMT-enabled chipset, network Copyright © 2008 Intel Corporation. All rights reserved. hardware and software, as well as connection with a power Intel®, the Intel logo, Intel. Leap ahead™, the Intel Leap ahead™ source and a corporate network connection.
