manualshive.com logo in svg

Dell Precision M4500, Administrator'S Manual

The Dell Precision M4500 Setup & Features Manual is a comprehensive user guide for this powerful laptop. This manual covers everything you need to know about setting up and utilizing the features of the M4500. Download it for free from our website to maximize your productivity with this outstanding device.

Share
Download
background image

Setup and Configuration Overview

The following is a list of important terms related to the Intel AMT setup and configuration.

Setup and configuration

 — The process that populates the Intel AMT-managed computer with usernames,

passwords, and network parameters that enable the computer to be administered remotely.

Configuration service

 — A third-party application that completes the Intel AMT provisioning.

Intel AMT WebUI

 — A Web browser-based interface for limited remote computer management.

You must set up and configure Intel AMT in a computer before using it. Intel AMT setup readies the computer for Intel AMT

mode and enables network connectivity. This setup is generally performed only once in the lifetime of a computer. When Intel

AMT is enabled, it can be discovered by management software over a network.

Once Intel AMT is set up in Enterprise mode, it is ready to initiate configuration of its own capabilities. When all required

network elements are available, simply connect the computer to a power source and the network, and Intel AMT automatically

initiates its own configuration. The configuration service (a third-party application) completes the process for you. Intel AMT is

then ready for remote management. This configuration typically takes only a few seconds. When Intel AMT is set up and

configured, you can reconfigure the technology as needed for your business environment.

Once Intel AMT is set up in SMB mode, the computer does not have to initiate any configuration across the network. It is set

up manually and is ready to use with the Intel AMT Web GUI.

Intel AMT Setup and Configuration States

The act of setting up and configuring Intel AMT is also known as provisioning. An Intel AMT capable computer can be in one

of three setup and configuration states:

Factory-default state

Setup state

Provisioned state

The 

Factory-Default State 

is a fully unconfigured state in which security credentials are not yet established and Intel AMT

capabilities are not yet available to management applications. In the factory-default state, Intel AMT has the factory-defined

settings.

The 

Setup State 

is a partially configured state in which Intel AMT has been set up with initial networking and transport layer

security (TLS) information: an initial administrator password, the provisioning passphrase (PPS), and the provisioning

identifier (PID). When Intel AMT has been set up, Intel AMT is ready to receive enterprise configuration settings from a

configuration service.

The 

Provisioned State 

is a fully configured state in which the Intel Management Engine (ME) has been configured with

power options, and Intel AMT has been configured with its security settings, certificates, and the settings that activate the

Intel AMT capabilities. When Intel AMT has been configured, the capabilities are ready to interact with management

applications.

Provisioning Methods

TLS-PKI

TLS-PKI is also known as "Remote Configuration". The SCS uses TLS-PKI (Public Key Infrastructure) certificates to securely

connect to an Intel AMT enabled computer. The certificates can be generated a few ways:

The SCS can connect using one of the default certificates pre-programmed on the computer, as detailed in the MEBx

interface section of this document.

The SCS can create a custom certificate, which can be deployed on the AMT computer by means of a desk-side visit

with a specially formatted USB thumb drive as detailed in the Configuration Service section of this document.

The SCS could use a custom certificate which was pre-programmed at the Dell factory through the Custom Factory

Integration (CFI) process.

TLS-PSK

TLS-PSK is also known as "One-Touch Configuration". The SCS uses PSK's (Pre-Shared Key's) to establish a secure

connection with the AMT computer. These 52-character keys can be created by the SCS, and then deployed on the AMT

Summary of Contents for Precision M4500

Page 1: ...demarks used in this text Dell the DELL logo Dell Precision Precision ON ExpressCharge Latitude Latitude ON OptiPlex Vostro and Wi Fi Catcher are trademarks of Dell Inc Intel Pentium Xeon Core Atom Centrino and Celeron are registered trademarks or trademarks of Intel Corporation in the U S and other countries AMD is a registered trademark and AMD Opteron AMD Phenom AMD Sempron AMD Athlon ATI Radeo...

Page 2: ...ages to work with Intel AMT features Hence this provides IT administrators many options to remotely manage networked computer assets within a company Features and Benefits Intel AMT Features Benefits Out of band OOB access Allows remote management of platforms regardless of system power or operating system state Remote troubleshooting and recovery Significantly reduces onsite visits increasing the...

Page 3: ...following firmware and software requirements are required for the installation and setup before the Intel Management Engine can be configured and run on the client system An SPI flash device programmed with Intel AMT 7 0 flash image integrating BIOS Intel Management Engine and GbE component images BIOS set up with Intel AMT enabled can access MEBx setup from F12 menu To enable all the Intel Manage...

Page 4: ...ctory installation Intel AMT 7 0 is shipped in the factory default state from Dell factories Setup and Quick Reference Guide Intel AMT overview Backup media Firmware and critical drivers are available on the Resource CD See the Administrator Guide for detailed information about Intel AMT available on support dell com manuals ...

Page 5: ...Mode Controls FW listening for incoming redirection connections Disabled Enabled if feature enabled in Intel MEBX Disabled Need to set to Enabled in order to work with Legacy SMB consoles NOTE Customers may purchase TLS permanently disabled from the factory due to restrictions on encryption technology in their country of delivery therefore customers cannot re enable TLS NOTE KVM is supported only ...

Page 6: ... state Provisioned state The Factory Default State is a fully unconfigured state in which security credentials are not yet established and Intel AMT capabilities are not yet available to management applications In the factory default state Intel AMT has the factory defined settings The Setup State is a partially configured state in which Intel AMT has been set up with initial networking and transp...

Page 7: ...nto the MEBx The SCS can create a list of custom keys and put them onto a specially formatted USB thumb drive Then each AMT computer retrieves a custom key from the specially formatted USB thumb drive during BIOS boot as detailed in the Configuration Service section of this document ...

Page 8: ...ly and select MEBx NOTE If you wait too long and the operating system logo appears continue to wait until you see the Microsoft Windows desktop Then shut down your computer and try again 3 Type the ME password Press Enter The default password is admin and it can be altered by the user The MEBx screen appears as shown below The main menu presents three function selections Intel ME General Settings ...

Page 9: ...ters no more than 32 One uppercase letter One lowercase letter A number A special Non alphanumeric character such as or excluding the and characters NOTE The underscore _ and spacebar are valid password characters but do NOT add to the password complexity NOTE The password can be reset to the default setting admin by shutting down the system removing AC and DC power and performing a RTC reset Info...

Page 10: ...password power options and so on The following are quick links to the various sections Change Intel ME Password Set PRTC Power Control Intel ME ON in Host Sleep Idle Time Out Previous Menu Previous Menu Intel ME Platform Configuration NOTE The option of Intel ME State Control appearing in previous versions of MEBx has been removed in order to avoid end users accidentally disable Intel ME The optio...

Page 11: ...nfiguration menu select Set PRC and press Enter Valid date range 1 1 2004 to 1 4 2021 Setting the PRTC value is used for virtually maintaining PRTC during the power off G3 state Type PRTC in GMT UTC format YYYY MM DD HH MM SS and press Enter ...

Page 12: ...UP LOT6 requirements the Intel ME can be turned off in various sleep states The Intel ME Power Control menu configures the Intel ME platform power related policies Intel ME ON in Host Sleep States Under the Intel ME Power Control menu select Intel ME ON in Host Sleep States and press Enter Move the Up Down arrow key to select the desired power policy and press Enter ...

Page 13: ...hort time to transition from the M off state to the M0 or M3 state During this time Intel AMT will not respond to any Intel ME commands When the Intel ME has reached the M0 or M3 state the system will respond to Intel ME commands The following table illustrates the details of the power packages Power Package 1 2 S0 ON ON S3 OFF ON ME WoL S4 S5 OFF ON ME WoL Select the desired Power Policy and pres...

Page 14: ...n M3 before transitioning to the M off state NOTE If the Intel ME is in M0 it will NOT transition to M off Previous Menu Under the Intel ME Platform Configuration menu select Previous Menu and press Enter The Intel ME Platform Configuration page appears Previous Menu Under the Intel ME Platform Configuration menu select Previous Menu and press Enter The Main Menu appears Information on this page p...

Page 15: ...el AMT Configuration screen appears The quick links displayed on the Intel AMT Configuration screen are Manageability Feature Selection SOL IDER KVM Username and Password SOL IDER Legacy Redirection Mode KVM Previous Menu User Consent User Opt in Opt in Configurable from remote IT Previous Menu Password Policy Network Setup Network Name Settings Host Name Domain Name Shared Dedicated FQDN Dynamic ...

Page 16: ...onfiguration menu select Manageability Feature Selection and press Enter 2 A message is displayed Caution Disabling reset network settings including network ACLs to factory default System resets on MEBx exit Continue Y N Press Y to change setting or N to cancel When the Manageability Feature Selection is enabled the Intel ME manageability feature menu appears If it is disabled ME manageability fea...

Page 17: ...used this option should be set to DISABLED The user authentication is handled through Kerberos If Kerberos is not used the IT administrator has the choice to enable or disable user authentication on SOL IDER session Option Description Enabled Username and Password is enabled Disabled Username and Password is disabled SOL Under the SOL IDER page select SOL and press Enter ...

Page 18: ...console if the client system supports SOL If the system does not support SOL this value cannot enable it Option Description Enabled SOL is enabled Disabled SOL is disabled NOTE Disabling SOL does not remove this feature but prevents it from being used IDER Under the SOL IDER page select IDER and press Enter ...

Page 19: ... client system does not support IDER this value cannot enable it Option Description Enabled IDER is enabled Disabled IDER is disabled NOTE Disabling IDER does not remove this feature but prevents it from being used Legacy Redirection Mode Under the SOL IDER page select Legacy Redirection Mode and press Enter ...

Page 20: ...consoles and new SMB consoles that support opening the redirection ports The old SMB consoles before Intel AMT 6 0 which do not support opening the redirection ports function need to manually turn on the redirection port through this Intel MEBx option When selecting the mode the following message appears Option Description Disabled Legacy redirection Mode is disabled Default ...

Page 21: ...IDER page select Previous Menu and press Enter The SOL IDER page changes to the Intel AMT Configuration page User Consent Under the Intel AMT Configuration page select User Consent and press Enter The User Consent Configuration screen appears Sets whether local user consent is required before remote computer can establish a KVM Remote Control session to the local computer Also sets whether the rem...

Page 22: ... Based Provisioning Client mode will override this setting and behave as if the ALL option has been selected For more details on Host Based Provisioning and Client Mode see the Activator User guide and the UCT User Consent Tool user guide in the SDK kit Opt in Configurable from remote IT Under the IKVM Configuration page select Opt in Configurable from remote IT and press Enter This setting determ...

Page 23: ...n determines when the user is allowed to change the Intel MEBx password through the network There are two passwords for the firmware The Intel MEBx password is the password that is entered when a user is physically at the system The network password is the password that is entered when accessing an Intel ME enabled system through the network NOTE By default they are both the same until the network...

Page 24: ...ration process but at no other time Once the setup and configuration process is complete the Intel MEBx password cannot be changed via the network interface Anytime The Intel MEBx password can be changed through the network interface at any time Network Setup Under the Intel ME Platform Configuration menu select Network Setup and press Enter The Intel ME Network Setup page appears Network Name Set...

Page 25: ...st Name Under the Intel ME Network Name Settings select Host Name and press Enter A host name can be assigned to the Intel AMT machine This will be the hostname of the Intel AMT enabled system 2 Domain Name ...

Page 26: ...MT machine 3 Shared Dedicated FQDN Under the Intel ME Network Name Settings select Shared Dedicated FQDN and press Enter This setting determines whether the Intel ME Fully Qualified Domain Name FQDN HostName DomainName is shared with the host and identical to the operating system machine name or dedicated to the Intel ME ...

Page 27: ...option 81 or Dynamic DNS update If the DDNS Update state Enabled or Disabled is not configured by the user then the firmware will assume its old implementation where the firmware used DHCP option 81 for DNS registration but did not directly update DNS using the DDNS update protocol For selecting Enabled for Dynamic DNS Update it is required that the Host Name and Domain Name are set Option Descrip...

Page 28: ...ic updates It should be set according to corporate DNS scavenging policy Units are minutes A value of 0 disables periodic update The value set should be equal or greater than 20 minutes The default value for this property is 24 hours 1440 minutes 6 TTL Under the Intel ME Network Name Settings select TTL and press Enter Type the desired time in seconds and press Enter ...

Page 29: ...ings menu changes to the Intel Network Setup page TCP IP Settings Under the Network Setup menu select TCP IP Settings and press Enter The Intel Network Setup page appears The Intel Network Setup menu changes to the TCP IP Settings page NOTE The Intel MEBx has menus for Wireless IPv6 but no menu for wireless IPv4 When the Intel MEBx starts it will check for the wireless interface to make the decisi...

Page 30: ...f DHCP mode is disabled the following static TCP IP settings are required for Intel AMT If a system is in static mode the system may require a second IP address This IP address often called the Intel ME IP address may be different from the host IP address Enabled If DHCP Mode is enabled TCP IP settings will be configured by a DHCP server DHCP mode enabled ...

Page 31: ...DHCP mode disabled 2 IPv4 Address Select IPv4 Address and press Enter Type the IPv4 Address in the address column and press Enter ...

Page 32: ...3 Subnet Mask Address Select Subnet Mask Address and press Enter Type the Subnet Mask Address in the address column and press Enter 4 Default Gateway Address ...

Page 33: ...ess and press Enter Type the Default Gateway Address in the address column and press Enter 5 Preferred DNS Address Select Preferred DNS Address and press Enter Type the Preferred DNS Address in the address column and press Enter ...

Page 34: ...Previous Menu and press Enter The TCP IP Settings menu appears Wired LAN IPv6 Configuration Under the TCP IP Settings select Wired LAN IPv6 Configuration and press Enter The Wired LAN IPv6 Configuration page appears The Intel ME IPv6 addresses are dedicated and not shared with the host operating system To enable Dynamic DNS registration for IPv6 addresses it is required to configure a dedicated FQ...

Page 35: ...sses 1 One link local auto configured address 2 Three auto configured global addresses 3 One DHCPv6 configured address 4 One statically configured IPv6 address 1 IPv6 Feature Selection Under the Wired LAN IPv6 Configuration select IPv6 Feature Selection and press Enter DISABLED select Disabled and press Enter IPv6 Feature Selection disabled ...

Page 36: ...llowed 2 IPv6 Interface ID Type Under the Wired LAN IPv6 Configuration select IPv6 Interface ID Type and press Enter The auto configured IPv6 address consists of two parts the IPv6 Prefix set by the IPv6 router is the first and the interface ID is following part 64 bits each Option Description ...

Page 37: ...ally generated using the MAC address Manual ID The IPv6 Interface ID is configured manually Selecting this type requires that the Manual Interface ID is set with a valid value To select Manual ID 1 Select Manual ID 2 Press Enter A new option of IPV6 Interface ID will be displayed below IPV6 Interface ID Type 3 Select IPV6 Interface ID 4 Press Enter 5 Enter preferred Manual ID ...

Page 38: ...Under the Wired LAN IPv6 Configuration select IPv6 Address and press Enter Type the IPv6 Address and press Enter 4 IPv6 Default Router Under the Wired LAN IPv6 Configuration select IPv6 Default Router and press Enter ...

Page 39: ...AN IPv6 Configuration select Preferred DNS IPv6 Address and press Enter Type the Preferred DNS IPv6 Address and press Enter 6 Alternate DNS IPv6 Address Under the Wired LAN IPv6 Configuration select Alternate DNS IPv6 Address and press Enter Type the Alternate DNS IPv6 Address and press Enter ...

Page 40: ...onfiguration select Previous Menu and press Enter The TCP IP Settings menu appears Wireless LAN IPv6 Configuration Under the TCP IP Settings select Wireless LAN IPv6 Configuration and press Enter The Wireless LAN IPv6 Configuration page appears ...

Page 41: ...s consists of two parts IPv6 Prefix set by the IPv6 router Interface ID 64 bits each Option Description Random ID The IPv6 Interface ID is automatically generated using a random number as described in RFC 3041 This is the default option Intel ID The IPv6 Interface ID is automatically generated using the MAC address Manual ID The IPv6 Interface ID is configured manually Selecting this type requires...

Page 42: ...Manual ID 1 Select Manual ID 2 Press Enter A new option of IPV6 Interface ID will be displayed below IPV6 Interface ID Type 3 Select IPV6 Interface ID 4 Press Enter 5 Type the preferred Manual ID 3 Previous Menu ...

Page 43: ...figuration page select Activate Network Access and press Enter Press Y to activate or press N to cancel Activate Network Access causes the Intel ME to transition to the POST provisioning state if all required settings are configured Without Activating Network Access ME will not be able to connect to the network NOTE Power policy will change to PP2 after activating if the default power policy is se...

Page 44: ...visioning and press Enter Option Description Full Unprovision The IPv6 Interface ID is automatically generated using a random number as described in RFC 3041 This is the default Full unprovision will unprovision AMT and remove all the PID PPS ...

Page 45: ... address Partial Unprovisoin will unprovision AMT but will retain PID PPD information entered or any new certification information entered Unprovisioning in progress Remote Setup and Configuration Under the Intel AMT Configuration select Remote Setup and Configuration and press Enter The Intel Automated Setup and Configuration page appears ...

Page 46: ...visioning Mode Under the Automated Setup and Configuration select Current Provisioning Mode and press Enter Current Provisioning Mode Displays the current provisioning TLS Mode None PKI or PSK Provisioning Record ...

Page 47: ... this suffix to the FQDN in the Configuration Server s client certificate A value of 1 indicates that the DNS Suffix was configured and the firmware matched it against the DNS Suffix in the Configuration Server s client certificate Host Initiated Indicates whether the setup and configuration process was initiated by the host No indicates that the setup and configuration process was NOT host initia...

Page 48: ...ess Enter The Intel Remote Configuration page appears Start Configuration Under the Intel Remote Configuration menu select Start Configuration and press Enter If Remote Configuration is not activated Remote configuration cannot occur To activate enable remote configuration select Y ...

Page 49: ...appears Provisioning Server IPv4 IPv6 Under the Intel Automated Setup and Configuration menu select Provisioning Server IPv4 IPv6 and press Enter 1 Type provisioning server address and press Enter 2 Type provisioning server port number and press Enter The port number 0 65535 of the Intel AMT provisioning server The default port number is 9971 ...

Page 50: ...uration menu select Provisioning Server FQDN and press Enter Type the FQDN of the provisioning server and press Enter FQDN of the provisioning server mentioned in the certificate PKI only This is also the FQDN of the server that AMT sends hello packets to for both PSK and PKI ...

Page 51: ... press Enter The Intel TLS PSK Configuration page appears This submenu contains the settings for TLS PSK configuration settings Set PID and PPS Under the Intel TLS PSK Configuration menu select Set PID and PPS and press Enter Type the PID and press Enter Type the PPS and press Enter ...

Page 52: ...rmat for example PID 1234 ABCD PPS 1234 ABCD 1234 ABCD 1234 ABCD 1234 ABCD NOTE A PPS value of 0000 0000 0000 0000 0000 0000 0000 0000 will not change the setup configuration state If this value is used the setup and configuration state will remain Not started If an invalid entry is attempted an error message will be displayed Delete PID and PPS ...

Page 53: ...KI Under the Intel Automated Setup and Configuration menu select TLS PKI and press Enter The Intel Remote Configuration page appears Remote Configuration Under the Intel Remote Configuration menu select Remote Configuration and press Enter Enabling Disabling Remote configuration will cause a partial un provision if the setup and configuration server is In process Option Description Disabled Remote...

Page 54: ...PKI DNS Suffix Under the Intel Remote Configuration menu select PKI DNS Suffix and press Enter Type the PKI DNS Suffix and press Enter Key Value will be maintained in the EPS Manage Hashes ...

Page 55: ...s of adding customized hash The Manage Certificate Hash screen provides keyboard controls for managing the hashes on the system The following keys are valid when in the Manage Certificate Hash menu Key Description Escape Exits from the menu Insert Adds a customized certificate hash to the system Delete Deletes the currently selected certificate hash from the system Changes the active state of the ...

Page 56: ... is displayed To add a customized certificate hash Type the hash name up to 32 characters When you press Enter you are prompted to select the algorithm of hash being used for PKI provisioning Type Y if SHA1 is being used otherwise enter N The supported hash algorithms are 1 SHA1 2 SHA2 256 ...

Page 57: ... to select the option of supported SHA2 algorithm Type Y if SHA256 is being used otherwise enter N When SHA256 is not chosen in the next screen type Y to select SHA2 384 If N is entered an error message will be shown to prompt the user to select one supported algorithm ...

Page 58: ...The Certificate hash value is a hexadecimal number for SHA 1 it is 20 bytes for SHA 2 it is 32 bytes If the value is not entered in the correct format the message Invalid Hash Certificate Entered Try Again is displayed When you press Enter you are prompted to set the active state of the hash ...

Page 59: ...zed hash will be marked as active No Default The customized hash will add to the EPS but will not be active Deleting a Hash When the Delete is pressed in the Manage Certificate Hash screen the following screen is displayed NOTE A certificate hash that is set to Default cannot be deleted ...

Page 60: ...ctive State When the is pressed in the Manage Certificate Hashes screen the following screen is displayed as seen in the following screen Answering Y toggles the active state of the currently selected certificate hash Setting a hash as active indicates that the hash is available for use during PSK provisioning Viewing a Certificate Hash When Enter is pressed in the Manage Certificate Hash screen t...

Page 61: ...ion menu select Previous Menu and press Enter The Intel Automated Setup and Configuration page appears Previous Menu Under the Intel Automated Setup and Configuration menu select Previous Menu and press Enter The Intel AMT Configuration menu appears Previous Menu Under the Intel AMT Configuration menu select Previous Menu and press Enter The Main Menu appears Information on this page provided by I...

Page 62: ...llows Intel AMT to determine if the system is within the corporate network This is configured through an ISV app 2 A remote connection policy must be created before an Intel Fast call for help can be initiated The policy for the BIOS initiated call does not need to be configured but another policy must exist before initiating a help call from the BIOS The BIOS must support the hot key that initiat...

Page 63: ... Change Intel ME Password blank SET PRTC Set PRTC blank Power Control Power Control Intel ME ON in Host Sleep Mobile ON is S0 Mobile ON is S0 ME Wake in S3 S4 5 AC only Idle Time Out 1 Default setting May cause Intel AMT partial unprovision 1 Intel ME Platform State Control is only changed for Management Engine ME troubleshooting 2 Un provision setting only seen if the box is provisioned ...

Page 64: ...gurable from remote IT Disable Remote Control of KVM Opt In Policy Enable Remote Control of KVM Opt In Policy NOTE In order for KVM to work the requirement must be an Intel i3 i5 i7 Celeron Pentium CPU Password Policy Password Policy Default Password Only During Setup and Configuration Anytime Network Setup Network Name Settings Host Name blank Domain Name blank Shared Dedicated FQDN Dedicated Sha...

Page 65: ...nk Activate Network Access Y N Unconfigure Network Access Y N Remote Setup and Configuration Current Provisioning Mode Provisioning Record RCFG Start Configuration Y N Provisioning Server IPv4 IPv6 blank Provisioning Server FQDN blank TLS PSK Set PID and PPS blank Delete PID and PPS Y N TLS PKI Remote Configuration Disabled Enabled PKI DNS Suffix blank Manage Hashes Default setting May cause Intel...

Page 66: ...guration service saved to a USB mass storage device MEBx interface The IT administrator manually configures the Management Engine BIOS Extension MEBx settings on each Intel AMT ready computer The PPS and PID fields are completed by typing the 32 character and 8 character alpha numeric keys created by the configuration service into the MEBx interface TLS PKI Commonly referred to as Remote Configura...

Page 67: ...puter 6 The computer BIOS detects the USB drive key If found the BIOS looks for a setup bin file at the beginning of the drive key Go to step 7 If no USB drive key or setup bin file is found then restart the computer Ignore the remaining steps 7 The computer BIOS displays a message that automatic setup and configuration will occur 1 The first available record in the setup bin file is read into mem...

Page 68: ...begin this process A USB storage device is also required and must conform to the requirements listed on Using a USB Device page NOTE The nature of management software is that it is not always dynamic or real time You may have to repeat an action multiple times to cause a result 1 Format a USB device with the FAT16 file system and no volume label and then set it aside 2 Open the Altiris Dell Client...

Page 69: ...4 Click the to expand the Intel AMT Getting Started section ...

Page 70: ...5 Click the to expand the Section 1 Provisioning section ...

Page 71: ...6 Click the to expand the Basic Provisioning without TLS section ...

Page 72: ...7 Select Step 1 Configure DNS 8 The notification server with an out of band management solution installed must be registered in DNS as ProvisionServer ...

Page 73: ...9 Click Test on the DNS Configuration screen to verify that DNS has the ProvisionServer entry and that it resolves to the correct Intel Setup and Configuration Server SCS ...

Page 74: ...10 The IP address for the ProvisionServer and Intel SCS are now visible ...

Page 75: ...11 Select Step 2 Discovery Capabilities ...

Page 76: ...12 Verify that the setting is Enabled If Disabled select the check box next to Disabled and click Apply ...

Page 77: ...13 Select Step 3 View Intel AMT Capable Computers ...

Page 78: ...14 Any Intel AMT capable computers on the network are visible in this list ...

Page 79: ...15 Select Step 4 Create Profile ...

Page 80: ...16 Click the plus symbol to add a new profile ...

Page 81: ...ab the administrator can modify the profile name and description along with the password The administrator sets a standard password for easy maintenance in the future Select the manual radio button and type a new password ...

Page 82: ... are configuring Intel AMT manually all these settings are also available in the MEBx 19 The TLS Transport Layer Security tab provides the ability to enable TLS If enabled several other pieces of information are required including the certificate authority CA server name CA common name CA type and certificate template ...

Page 83: ...cess privileges 21 The Power Policy tab has configuration options to select the sleep states for Intel AMT as well as an Idle Timeout setting It is recommended that Idle timeout is always set to 0 for optimal performance NOTE The setting for the Power Policy tab can potentially impact a computer s ability to remain E Star 4 0 compliant ...

Page 84: ...22 Select Step 5 Generate Security Keys ...

Page 85: ...23 Select the icon with the arrow pointing out to Export Security Keys to USB Key ...

Page 86: ...24 Select the Generate keys before export radio button ...

Page 87: ...the number of keys to generate depends on the number of computers that need to be provisioned The default is 50 26 The Intel ME default password is admin Configure the new Intel ME password for the environment ...

Page 88: ...27 Click Generate Once the keys have been created a link appears to the left of the Generate button 28 Insert the previously formatted USB device into a USB connector on the ProvisioningServer ...

Page 89: ... is recognized by default save the file to the USB device NOTE If additional keys are needed in the future the USB device must be reformatted before saving the setup bin file to it a Click Save on the File Download dialog box b Verify that the Save in location is directed to the USB device Click Save ...

Page 90: ...c Click Close in the Download complete dialog box 30 The setup bin file is now visible in the drive explorer window ...

Page 91: ... explorer windows to return to the Altiris Console 32 Insert the USB device and turn on the computer The USB device is recognized immediately and you are prompted to Continue with Auto Provisioning Y N 33 Press Y Press any key to continue with system boot ...

Page 92: ...34 Once complete turn off the computer and move back to the management server 35 Select Step 6 Configure Automatic Profile Assignments ...

Page 93: ...36 Verify that the setting is enabled In the Intel AMT 2 0 dropdown select the profile created previously Configure the other settings for the environment ...

Page 94: ...37 Select Step 7 Monitor Provisioning Process ...

Page 95: ...rs for which the keys were applied are updated in the system list At first the status is Unprovisioned then the system status changes to In provisioning and finally it changes to Provisioned at the end of the process ...

Page 96: ...39 Select Step 8 Monitor Profile Assignments ...

Page 97: ...40 The computers for which profiles were assigned appear in the list Each computer is identified by the FQDN UUID and Profile Name columns ...

Page 98: ...41 Once the computers are provisioned they are visible under the Collections folder in All configured Intel AMT computers ...

Page 99: ......

Page 100: ...the AMT 7 in the OS select IMSS 2 Under the Advanced tab select Extended System Details 3 Click Intel ME Information If Provisioning Mode states In Provisioning the hello packets are being sent to provision server in the network The SCS uses the information in the Hello message to initiate a Transport Layer Security TLS connection to the Intel AMT capable computer using a TLS Pre Shared key PSK ci...

Page 101: ...l Manageability Service LMS driver is available on support dell com and on the ResourceCD under Chipset Drivers The driver is labeled Intel AMT SOL LMS Install the driver by double clicking on the installer Once you install the SOL LMS driver the PCI Serial Port entry becomes the Intel Active Management Technology SOL COM3 entry The Intel AMT Host Embedded Controller Interface HECI driver is avail...

Page 102: ...168 2 1 16992 By default the port is 16992 NOTE Use port 16993 and https to connect to the Intel AMT WebUI on a computer that has been configured and set up in the Enterprise mode If DHCP is used then use the fully qualified domain name FQDN for the ME The FQDN is the combination of the host name and domain example http host_name 16992 or http system1 16992 4 The management computer makes a TCP co...

Page 103: ...console Similarly the management console may send serial data over the LAN connection that appears to have come through the client s serial port IDE Redirection Overview IDE Redirection IDER is capable of emulating an IDE CD drive or a legacy floppy or LS 120 drive over a standard network connection IDER enables a management machine to attach one of its local drives to a managed client over the ne...

Page 104: ... The IMSS icon indicates whether Intel AMT and Intel Standard Manageability are running on the platform The icon is located in the notification area By default the notification icon is displayed every time Windows starts The Intel Management and Security Status application has a separate version per every Intel AMT generation 4 x 5 x 6 x This is to describe the Intel Management and Security Status...

Page 105: ......

Page 106: ...nabled on the platform If the Intel Management and Security Status application is started manually via the Start menu the icon is loaded even if none of these technologies are enabled as long as all the drivers have been installed NOTE The information displayed in the Intel Management and Security Status is not shown in real time The data is refreshed at different intervals Information on this pag...

Page 107: ...e minute After the un provisioning completes control is passed back to ME General Settings screen 1 Select Return to previous menu 2 Select Exit and then press y The computer restarts Firmware Flash Flash the firmware to upgrade to newer versions of Intel AMT The automatic flash feature can be disabled by selecting Disabled under the Secure Firmware Update setting in the MEBx interface If this set...

Reviews:

No comments

Related manuals for Precision M4500

Panasonic Toughbook CF-T7BWATZJM Operating Instructions Manual preview
Toughbook CF-T7BWATZJM
Brand: Panasonic Pages: 44
Vega Ultra Portable PC Product Manual preview
Ultra Portable PC
Brand: Vega Pages: 23
Packard Bell EasyNote TE69KB User Manual preview
EasyNote TE69KB
Brand: Packard Bell Pages: 120
Compaq Presario,Presario 1234 Maintenance & Service Manual preview
Presario,Presario 1234
Brand: Compaq Pages: 126
BenQ DHR200 Service Manual preview
DHR200
Brand: BenQ Pages: 32
Lenovo 21BX0013US User Manual preview
21BX0013US
Brand: Lenovo Pages: 56
Lenovo 21BX001LGE Hardware Maintenance Manual preview
21BX001LGE
Brand: Lenovo Pages: 96
Lenovo 21DH000QGE Instructions Manual preview
21DH000QGE
Brand: Lenovo Pages: 12
Lenovo 2516ADU Brochure preview
2516ADU
Brand: Lenovo Pages: 4
Lenovo 20WJ001HGE Hardware Maintenance Manual preview
20WJ001HGE
Brand: Lenovo Pages: 64
Lenovo 27384FU Hardware Maintenance Manual preview
27384FU
Brand: Lenovo Pages: 154
Lenovo 27434AU Hardware Maintenance Manual preview
27434AU
Brand: Lenovo Pages: 240
Lenovo 266872U Brochure preview
266872U
Brand: Lenovo Pages: 4
Toshiba A9-S9012X User Manual preview
A9-S9012X
Brand: Toshiba Pages: 258
Texas Instruments Extensa 570CD Maintenance Manual preview
Extensa 570CD
Brand: Texas Instruments Pages: 85
Sony VPCZ13CGX Specifications preview
VPCZ13CGX
Brand: Sony Pages: 2
Sony VPCZ13AHX Specifications preview
VPCZ13AHX
Brand: Sony Pages: 2
Sony VPCZ133GM Specifications preview
VPCZ133GM
Brand: Sony Pages: 2

Brands by name

Popular brands

Load more brands