background image

10

This option is a toggle, and the next time you access it you are prompted with the opposite 

setting.

b. Select 

DHCP Disable

, and then select 

Y

.

Default Setting = DHCP Enabled, Recommended Setting = User Dependent
You can use DHCP if it is available. If you use DHCP, then steps 15c through 15g are not 

necessary. Otherwise, the system administrator will have to configure TCP/IP settings.
For the purpose of this white paper, DHCP is disabled so steps 15c through 15g can be 

illustrated. Step h will appear for both DHCP and Static configurations.

c. Select 

IP Address

, and then type a static address.

Default Setting = 10.0.0.2, Recommended Setting = Network Dependent
Example: 192.168.0.1
Make sure all AMT systems have a unique static IP address. Multiple systems sharing the same IP 

address can lead to network collisions, which will cause the systems to not respond correctly.

d. Select 

Subnet Mask

, and then type a subnet mask.

Default Setting = 255.255.255.0, Recommended Setting = Network Dependent
Example: 255.255.255.0

e. Select 

Default Gateway Address

, and then accept the default and press 

Enter

.

Default Setting = 0.0.0.0, Recommended Setting = Network Dependent, 
Leave as 0.0.0.0 if this option is not needed.

f. Select 

Preferred DNS Address

, and then accept the default value and press 

Enter

.

Default Setting = 0.0.0.0, Recommended Setting = Network Dependent
Leave as 0.0.0.0 if this option is not needed.

g. Select 

Alternate DNS Address

, and then accept the default value and press 

Enter

.

Default Setting = 0.0.0.0, Recommended Setting = Network Dependent
Leave as 0.0.0.0 if this option is not needed.

h.Select 

Domain Name

, and then type a domain name

Default Setting = none, Recommended Setting = Network Dependent
The domain name is blank by default. If not populated, then the default domain of 

“Provisionserver” is used when connecting to a Setup and Configuration Server.
If the name of the S&CS is not “Provisionserver” and the domain name is blank, then an alias 

must be set up in the DHCP server to redirect the connection for "Provisionserver" to the proper 

S&CS domain name.
If the 

Domain Name

 field is populated, that is the domain used. However, if there is no 

response after four DNS queries to the named domain, then that domain name is no longer  used 

and the default “Provisionserver” is used.

Содержание 8000 - Elite Convertible Minitower PC

Страница 1: ...rise Mode Setup and Configuration 16 Enterprise Mode AMT Setup and Configuration Steps 16 Provisioning Methods 24 Legacy 24 IT TLS PSK 24 OEM TLS PSK 24 USB Drive Key Set Up and Configuration 25 USB Drive Key Requirements 26 Remote Configuration 26 Remote Configuration Bare Metal vs Delayed 27 Remote Configuration Time outs in HP Systems 27 Remote Configuration Prerequisites 28 MEBx and Hashes 28 ...

Страница 2: ...Web download in the Fall of 2007 with HP Compaq dc7700p Business PCs AMT 3 0 Introduced with the Intel Q35 Express chipset and will be shipped with HP Compaq d7800p systems AMT 3 2 Introduced with the HP Compaq dc7800p April 2008 Refresh AMT 5 0 Introduced with the Intel Q45 Express chipset and shipped with HP Compaq dc7900 sys tems AMT 5 2 Shipped on the HP Compaq 8000 Elite Business PCs AMT 5 0 ...

Страница 3: ...after changing the default password Enterprise mode systems also require that you set the Provisioning ID PID and Provisioning Passphrase PPS More details about passwords PIDs and PPS are provided in later sections of this paper The In Setup phase is the next stage and is where most AMT options are set This can be a manual or automated procedure with a Setup and Configuration Server The Operationa...

Страница 4: ...amation At Number Dollar Percent Caret Asterisk The underscore _ is considered alpha numeric The following characters are not allowed Quotation mark Apostrophe Comma Greater than Less than Colon Ampersand Space BIOS Prerequisite This white paper is for use with HP Compaq 8000 Elite Business PCs The HP Compaq 8000 Elite Busi ness PC uses the 786G7 BIOS family For best performance and to take advant...

Страница 5: ...ring POST if set in F10 Setup Figure 1 Intel MEBx Password Screen 2 Type the default password which is admin Passwords are case sensitive NOTE You must change the default password before making changes to the MEBx options 3 Change the MEBx password The new password must meet the Strong Password criteria defined in the Password Guidelines Section Type the password twice for verification Change the ...

Страница 6: ... list until root cause is found Note that if the ME is disabled then all AMT and ASF functions are also disabled The system will not be remotely manageable 7 Select Intel ME Firmware Local Update Qualifier Default Setting Always Open Recommended Setting Always Open This option allows the BIOS to override the ME Firmware Locale Update option and to permit local ME firmware updates Always Open is th...

Страница 7: ...MT and ASF is an available option Note that setting the None option will disable all remote management capabilities Setting None will also unprovision any AMT settings i Select Intel AMT ii Select Return to previous menu Figure 3 Intel ME Features Control Screen with AMT selected iii Select Return to the previous menu Never Open Restricted ME Firmware Local Update Enabled Local ME firmware updates...

Страница 8: ...Option 2 ME is ON only when the system is in S0 or S3 Option 3 ME is ON at all times S0 S3 S4 and S5 Option 4 ME is ON only when the system is in S0 It will be asleep in S3 unless it is called upon Timer for ME sleep is set by the Idle Timeout option Option 5 ME is ON only when the system is in S0 It will be asleep in S3 S5 unless it is called upon Timer for ME sleep is set by the Idle Timeout opt...

Страница 9: ...nter MEBx Setup again 12 Type the MEBx password 13 Select Intel AMT Configuration Figure 5 Intel AMT Configuration screen 14 Select Host Name and then type a host name Default Setting HPSystem Recommended Setting User Dependent NOTES Spaces are not accepted in the host name Make sure there is not a duplicate host name on the network You can use host names in place of the system s IP for any applic...

Страница 10: ...Address and then accept the default and press Enter Default Setting 0 0 0 0 Recommended Setting Network Dependent Leave as 0 0 0 0 if this option is not needed f Select Preferred DNS Address and then accept the default value and press Enter Default Setting 0 0 0 0 Recommended Setting Network Dependent Leave as 0 0 0 0 if this option is not needed g Select Alternate DNS Address and then accept the ...

Страница 11: ...etworks into one virtual network 19 Select SOL IDE R a Select Y in the message window b Select Username and Password and then select Enabled Default Setting Enabled Recommended Setting Enabled This option allows users and passwords to be added from the WebGUI If the option is disabled then only the administrator has MEBx remote access c Select Serial Over LAN and then select Enabled Default Settin...

Страница 12: ...700p that allowed both decimal and hexadecimal notation It must be set to a non zero value for the ME to take advantage of Wake On ME This value is not used when the system is in an active state S0 This value is used only if the ME ON in Host Sleep State setting is set to allow ME WoL See Appendix C Wake On ME Explained on page 35 for an explanation of Wake On ME ME WoL 24 Select Return to previou...

Страница 13: ...efault for SMB Setup and Configured systems WebGUI support for Enterprise Setup and Configured systems is determined by the Setup and Configuration Server Connecting with the Intel AMT WebGUI SMB Example 1 Power on an AMT system that has completed AMT Setup and Configuration 2 Execute a Web browser from a separate system a Management computer on the same subnet as the AMT computer 3 Connect to the...

Страница 14: ...w password known as the remote MEBx password only works remotely with the WebGUI or remote console The local MEBx password used to locally access the MEBx is not changed The user has to remember both local and remote MEBx passwords to access the system MEBx locally and remotely When the MEBx password is initially set in AMT Setup the password serves as both the local and remote password If the rem...

Страница 15: ...abase can be trans ferred to another Setup and Configuration server s database The following provides a brief outline of the initial communication between an AMT client system and an SCS 1 The AMT system sends out a hello message that includes the PSK over the network 2 The SCS receives the hello message and verifies the PSK 3 If the verification passes then the SCS begins setup and configuration ...

Страница 16: ...for AMT Setup 1 Access the MEBx by pressing Ctrl P during POST 2 Type the default password which is admin 3 Change the MEBx password following strong password guidelines 4 Select Intel ME Platform Configuration 5 In Intel ME State Control select Enabled 6 In Intel ME Firmware Local Update Qualifier select Always Open 7 Select Intel ME Features Control a Select Check Manageability Features b Select...

Страница 17: ...options which are available by scrolling down the menu Figure 7 Intel AMT Configuration Screen Figure 8 Intel AMT Configuration Screen Continued 13 Select Host Name and then type a host name Default Setting HPSystem Recommended Setting User Dependent Spaces are not accepted in the host name ...

Страница 18: ...ting DHCP Enabled Recommended Setting User Dependent For the purpose of this white paper DHCP is enabled 15 Select Provision Model a Change to Small Business and then select N Default Setting Enterprise Recommended Setting Enterprise b Select Return to previous menu 16 Select Setup and Configuration Figure 9 Intel Setup and Configuration Screen This is the menu where the Enterprise mode provisioni...

Страница 19: ...play no changes can be made here c Select Provisioning Server IP i Enter Provisioning Server IP Default Setting 0 0 0 0 Recommended Setting Network Dependent ii Enter Port Default Setting 0 Recommended Setting 9971 This option is used in Enterprise mode when an Intel AMT Setup and Configuration Provisioning Server is available It points to the IP address of the SCS If the IP is left as the default...

Страница 20: ... 9 characters and PPS are 40 characters They must be generated by an SCS The Admin Password PID and PPS can be pre populated by HP during manufacturing Go to the OEM TLS PSK section for details ii Skip Delete PID and PPS This option deletes the current PID and PPS entries in the system iii Select Return to previous menu e Skip TLS PKI This option is for Remote Configuration RCFG also known as Zero...

Страница 21: ...on determines if the local MEBx password can be modified from a remote console 21 Select Remote Firmware Update and then select Enabled Default Setting Enabled Recommended Setting Enabled This option enables or disables the ability to remotely update the ME firmware 22 Skip Set PRTC Default Setting None Recommended Setting Current Date and Time This option sets the PRTC Protected Real Time Clock I...

Страница 22: ...ied to the system the system immediately looks for a Setup and Configuration Server If the system finds this server the AMT system will send a Hello message to the server DHCP and DNS must be available for the Setup and Configuration Server search to automatically succeed If DHCP and DNS are not available then the Setup and Configuration Server s IP address must be manually entered into the AMT sy...

Страница 23: ...otiate credentials You can set other options depending on S CS implementation The system goes from In Setup phase to Operational phase and AMT is fully operational Once in the Operational phase you can remotely manage the system and you can provide the system to end users for regular use ...

Страница 24: ...frastructure AMT systems in the Factory phase are given to the IT department which is responsible for AMT set up and configuration The IT department can use any method to enter in AMT setup information after which the systems will be in Enterprise mode and in the In Setup phase An S CS will need to generate PID and PPS sets AMT Configuration must occur over a network The network can be encrypted u...

Страница 25: ...ill eliminate manual AMT Setup of each unit at the customer site Contact HP for more information about this valuable service USB Drive Key Set Up and Configuration You can set up and locally configure password PID and PPS information with a USB drive key This fea ture allows an IT technician to manually setup and configure systems without the problems associated with manually typing in entries The...

Страница 26: ...our management console supplier for more information on USB drive key set up and configura tion USB Drive Key Requirements The USB drive key must meet the following requirements to be usable in USB Drive Key Setup and Config uration It must be greater than 16MB The sector size must be 1KB The USB drive key is not formatted to boot The Setup bin file must be the first file landed on the USB drive k...

Страница 27: ...tive and the system is connected to a network This means that the AMT system is configured without the use of a local agent and does not use One Time Password OTP authentication Delayed as the name implies is remote configuration at a later time when an operating system has been installed on the AMT system In this implementation Setup and Configuration is started when a remote console application ...

Страница 28: ...sage field 2 16 840 1 1 13741 1 2 3 This is the unique Intel AMT OID OU value in Subject field Intel Client Setup Certificate This OU value is case sensitive and must be entered exactly as shown In the case of a Delayed Setup and Configuration an operating system and local agent must be installed on the AMT system MEBx and Hashes AMT 5 0 has the feature in the MEBx to allow IT administrators to ma...

Страница 29: ...he hash and whether it is active If no hashes are in the system then an option to add one is available If hashes are available then an option to delete one or more is available To add a hash a Press Insert b Type a name for the hash c Type the fingerprint of the hash d Select whether this hash is active Hashes can be made active not active default or not default in this screen 3 Set PKI DNS Suffix...

Страница 30: ...6 07 E4 24 EB 45 49 54 2B E1 BB C5 3E 61 74 E2 VeriSign Class 3 Primary CA G3 SHA1 Fingerprint 13 2D 0D 45 53 4B 69 97 CD B2 D5 C3 39 E2 55 76 60 9B 5C C6 Go Daddy Class 2 CA SHA1 Fingerprint 27 96 BA E6 3F 18 01 E2 77 26 1B A0 D7 77 70 02 8F 20 EE E4 Comodo AAA CA SHA1 Fingerprint D1 EB 23 A4 6D 17 D6 8F D9 25 64 C2 F1 F1 60 17 64 D8 E3 49 Starfield Class 2 CA SHA1 Fingerprint AD 7E 1C 28 B0 64 E...

Страница 31: ...ode provisioned systems It will return all AMT Configuration settings to factory defaults All certificate hashes will be deleted and the default hash will be made active It does not reset ME Configuration settings or passwords Partial unprovisioning is available for Enterprise mode provisioned systems Partial unprovisioning will return all AMT Configuration setting to factory defaults with the exc...

Страница 32: ...ault username and password are both admin Q Why does the MEBx not accept my new password A All MEBx passwords other than the default password must comply with the strong password guidelines See the Password Guidelines section for more details Q If the password is not known how can the system be recovered A Clearing CMOS will reset all AMT options including the password The password will revert bac...

Страница 33: ... console supplier to see if they offer this service Q Can AMT be set for static address and the OS set for DHCP or vice versa A No Although it can be done this is not a supported setting by Intel and may cause unexpected system behavior Q What is the default port used by the Intel WebGUI A The Intel WebGUI listens to port 16992 Q What is the difference between the ME and AMT A The ME is the contro...

Страница 34: ...ontext is restored from the hibernation file Vaux remains powered but all other subsystems including system memory and the processor are not powered S5 is the Soft Off state It is identical to S4 with the exception that the system context is not saved When the system resumes from S5 it powers up and going through POST S5 is also known as G2 G3 is the Mechanical Off state All subsystems are not pow...

Страница 35: ... system is in a sleep state The ME counts down from the amount of time set in Idle Timeout before it will go to sleep Idle Timeout must be set to a non zero value If it is set to zero then the Wake On ME feature is dis abled and the ME will not go to sleep when not being used 2009 Hewlett Packard Development Company L P The information in this document is subject to change without notice The only ...

Отзывы: