background image

Intel® vPro™ and Intel® Centrino® Pro Processor Technology Quick Start Guide 

23 

 

 

Skip to Step 5:  Discover Intel vPro Clients through the Management Console, on page 27. 

 

Note:  You can also test Remote Configuration using a LANDesk generated certificate.  The appropriate 
server certificates are already in place.  However, the client hash needs to be placed into the Intel ME 
BIOS on the Intel AMT 3.0 client.  The client hash is automatically generated and stored at the 
beginning of the AMTDiscService.log file.  It will look something like this: 

 

Fri, 30 Nov 2007 11:30:37 InitInstance() 

Fri, 30 Nov 2007 11:30:37 LANDesk(R) Intel AMT Provisioning Service 

Fri, 30 Nov 2007 11:30:45 sha1 hash: (32A1-F117-AB25-0E1B-482B-7EFE-C0BE-92A7-B090-

D416) 

Fri, 30 Nov 2007 11:30:45 md5  hash: (D29A-E72B-1029-846C-CE50-4C52-82EC-8F24) 

Fri, 30 Nov 2007 11:31:01 Hash added to DB 

Fri, 30 Nov 2007 11:31:01 Server listens for incoming connections. 

 

The administrator will need to place the sha1 hash in the ME BIOS on the client. 

For further detailed information on obtaining and configuring certificates see file Installing VeriSign 
Certificate for Landesk 8.8.pdf at web site http://communities.intel.com/docs/DOC-1639. 

You can set several Intel ME and Intel AMT parameters in the LANDesk Management Suite (LDSM), just 
as you would manually in the Intel MEBx directly on the individual client.  Intel vPro parameters set in 
the management console are applied to all Intel vPro machines being provisioned. 

 

 

Step 4B:  OEM Pre-configuration – Factory State to Configured State 

Most OEMs are willing to provide the service of changing the Intel vPro client from factory state to setup 
state by entering the password and client authentication information into the Intel MEBx on each client 
system for you.  This often requires an additional fee to the OEM.  This method is most useful when an 
Intel vPro client machines are to be delivered directly to the end user from the manufacturer. 

The authentication information (security keys) can be provided to the OEM for loading into the client 
system’s BIOS (via the Intel MEBx), or the OEM could provide you with a list of keys they generated.  
The keys must match between the Intel vPro machines and the management console.  The 
management consoles have an option to import and export keys to facilitate this transaction. 

If you ordered your Intel vPro client systems pre-configured with Intel MEBx password and client 
authentication information already loaded by the OEM, then they are already in a Setup state.  When 
you connect the client systems to the network and power them on they will automatically authenticate 
themselves with the provisioning server and provisioning will occur (assuming you performed Steps 1-3 
above).  Then they will be in a Configured state, ready to be discovered and managed by the 

Summary of Contents for Centrino Pro

Page 1: ...Technology Intel Core 2 Processor with vPro Technology Intel vPro and Intel Centrino Pro Processor Technology Quick Start Guide Based on Intel Active Management Technology and LANDesk Management Suit...

Page 2: ...onsole 11 Step 6 Test Intel vPro Client Functionality 11 Step 7 Post Configuration 13 Section 3 Deploying Intel vPro Using Enterprise Standard and Advanced Mode Provisioning 16 Process Flowchart 16 In...

Page 3: ...e overall deployment process lists high level steps including decisions to be made which are explained in more detail in subsequent sections Deciding Which Provisioning Mode To Use Provides the necess...

Page 4: ...vPro clients Configure Intel vPro components Intel ME and Intel AMT in Intel Management Engine BIOS Extension Intel MEBx on Intel vPro clients Discover Intel vPro clients in your management console T...

Page 5: ...n provisioning modes is how the client system receives its configuration information In Enterprise mode you can use manual one touch or remote configuration options or have your OEM pre provision the...

Page 6: ...tart Guide 6 Section 2 Deploying Intel vPro Using SMB Basic Mode Provisioning Process Flowchart The following picture shows the overall process flow for provisioning Intel vPro client systems in SMB m...

Page 7: ...er Ports 16992 and 16994 to open for Intel AMT management traffic Step 2 Verify Intel vPro Client Windows Drivers The following Intel AMT drivers which are digitally signed by Intel and compatible wit...

Page 8: ...ess functionality of systems based on Intel Centrino 2 with vPro technology Step 3a Set Password 1 In the LANDesk Configure Services tool enter a strong password on the Intel vPro Configuration tab 2...

Page 9: ...232030 swLang 13 taskId 135 swEnv OID 1093 Lenovo http www 307 ibm com pc support site wss MIGR 67881 html Dell http support dell com support downloads driverslist aspx c us l en s gen ServiceTag Sy s...

Page 10: ...he Intel MEBx whether you choose static IP or DHCP within SMB mode It is not necessary to enter the Domain name into the Intel MEBx for SMB mode Step 4e Set Additional Intel MEBx Parameters There are...

Page 11: ...ist was already displayed when you moved the Intel vPro machines 5 Right click an Intel vPro machine to see all the Intel AMT selections available Discovery With the LANDesk Agent Installed on the Cli...

Page 12: ...t console system login as an administrator with user rights 2 Open a web browser and enter the IP address and assigned port number 16992 in the browser address bar example http 192 168 0 1 16992 The f...

Page 13: ...client agents must be installed on the client PC in order to use AP AP is automatically configured when the LANDesk client agents are installed However you can perform additional configuration in the...

Page 14: ...esk Out of Band Monitor AMTMON Features LANDesk 8 8 has the ability to disable the network on the client at the OS level This is not done through the System Defense feature but rather through LANDesk...

Page 15: ...e made to the XML pages used for System Defense Once SD triggers an alert the alert is displayed in the LSM log LANDesk and Intel AMT limit network access by replacing the current client policy with t...

Page 16: ...ploying Intel vPro Using Enterprise Standard and Advanced Mode Provisioning Process Flowchart The following picture shows the overall process flow for provisioning Intel vPro client systems in Enterpr...

Page 17: ...s fully loaded Ready for remote management SETUP SETUP Pre Pre Provisioning Provisioning CONFIGURATION CONFIGURATION Provisioning Provisioning Factory State An Intel vPro machine comes from the OEM in...

Page 18: ...l ME also uses the DHCP server to help dynamically update the DNS server with its network address information The DHCP server must support Option 81 to register network address information into the DN...

Page 19: ...ed in Enterprise mode to listen for Hello packets This port is configurable in the LDMS console To change the port number on the LANDesk core server do the following 1 Go to the following registry key...

Page 20: ...the driver will cause a pop up to occur to confirm that Intel AMT is running The pop up can be disabled As the Intel AMT firmware is updated this driver is most likely to require a coordinated update...

Page 21: ...re server is used to issue the certificates to the proper trusted devices within the network Under the Discovery Provisioning portion of the dialog box you ll find two options related to encryption Pr...

Page 22: ...sioning server Once a matching root certificate is present on the provisioning server the Intel vPro clients will automatically authenticate themselves with the provisioning server at power on and wil...

Page 23: ...in the Intel MEBx directly on the individual client Intel vPro parameters set in the management console are applied to all Intel vPro machines being provisioned Step 4B OEM Pre configuration Factory...

Page 24: ...used again unless an Intel vPro machine is re provisioned Whereas the other TLS keys are used for all communications from the management console to the Intel vPro machine Step 4C 1 Confirm Latest BIO...

Page 25: ...ferred restart the system and let it boot to Windows The Intel vPro client will automatically authenticate itself with the provisioning server and provisioning will occur 4 Repeat for each Intel vPro...

Page 26: ...rocess This uses Transport Layer Security TLS Pre shared Key PSK for authentication To manually update the Intel vPro clients with new Intel MEBx passwords and valid PID PPS security keys do the follo...

Page 27: ...3 Move the Intel vPro machines to your management database by right clicking one of the devices and selecting Move to Inventory Database Repeat for each Intel vPro machine 4 Click the All Devices list...

Page 28: ...er information on testing these features refer to the following whitepaper Integrating Intel vPro Technology with LANDesk Management Products http download intel com business vpro pdfs landesk_whitepa...

Page 29: ...ue screened at a remote site using the new Intel AMT features now available in your management console Using Agent Presence AP Agent Presence AP monitors for the existence of agents The LANDesk client...

Page 30: ...Intel AMT and sent to the LANDesk core server The core server will then issue a System Defense policy to the client that will stop all network traffic except for LANDesk management traffic Intel AMT t...

Page 31: ...policies Currently all modifications have to be made to the XML pages used for System Defense Once SD triggers an alert the alert is displayed in the LSM log LANDesk and Intel AMT limit network access...

Page 32: ...is coming from the device s DHCP address Next the hostname will likely be the hostname that is registered in DNS for this client If the hostname is blank in the Management Engine or a different hostna...

Page 33: ...ocess between the Intel AMT client your Domain services provision server and LDMS In the examples below you can see exactly what is happening between the Client in the provisioning process with RCT an...

Page 34: ...1 IP Address 192 168 0 100 Thu 28 Feb 2008 113501 user cert 1 exists Thu 28 Feb 2008 113503 soap_ssl_client_context return 0 Thu 28 Feb 2008 113503 Action getCoreVersion Thu 28 Feb 2008 113506 GetCore...

Page 35: ...s and certificate Thu 28 Feb 2008 113509 SetTLSKeyAndCertificate passed Thu 28 Feb 2008 113509 Action EnumerateTrustedRootCertificates Thu 28 Feb 2008 113509 EnumerateTrustedRootCertificates passed Th...

Page 36: ...1 26 29 user cert 1 exists Thu 06 Mar 2008 11 26 31 soap_ssl_client_context return 0 Thu 06 Mar 2008 11 26 31 Action getCoreVersion Thu 06 Mar 2008 11 26 34 GetCoreVersion passed Thu 06 Mar 2008 11 26...

Page 37: ...te Disabled Enable it now Thu 06 Mar 2008 11 26 35 SetRedirectionListenerState passed Thu 06 Mar 2008 11 26 35 Action setActivePowerPackage Thu 06 Mar 2008 11 26 35 EnumeratePowerPackages passed Thu 0...

Page 38: ...008 11 26 37 SetHighAccuracyTimeSynch passed Thu 06 Mar 2008 11 26 37 Action EnumerateTrustedRootCertificates Thu 06 Mar 2008 11 26 37 EnumerateTrustedRootCertificates passed Thu 06 Mar 2008 11 26 37...

Page 39: ...Pro Processor Technology Intel processor technology that provides a higher level of security and management to desktop computers ISV Independent Software Vendor LMS Local Management Service driver Pro...

Page 40: ...Intel vPro and Intel Centrino Pro Processor Technology Quick Start Guide...

Page 41: ...IN CONNECTION WITH INTEL PRODUCTS NO LICENSE EXPRESS OR IMPLIED BY ESTOPPEL OR OTHERWISE TO ANY INTELLECTUAL PROPERTY RIGHTS IS GRANTED BY THIS DOCUMENT EXCEPT AS PROVIDED IN INTEL S TERMS AND CONDIT...

Reviews: