Skip to main content

Full text of "Dell Latitude D630, D630 User guide"

See other formats


Dell'" Systems Management Administrator's Guide 


About Intel® Active Management Technology Deployment 

Intel AMT Setup and Configuration Overview Using the Intel AMT WebGUI 

Intel Management Engine BIOS Extension (MEBx) Redirecting Serial and IDE Communications 
Provisioning: Setup and Configuration Completion Troubleshooting 


Notes, Notices, and Cautions 


Ká NOTE: A NOTE indicates important information that helps you make better use of your computer. 


© NOTI CE: A NOTICE indicates either potential damage to hardware or loss of data and tells you how to avoid the problem. 


Å _ CAUTION: A CAUTION indicates a potential for property damage, personal injury, or death. 




















Information in this document is subject to change without notice. 
© 2007 Dell Inc. All rights reserved. 


Reproduction in any manner whatsoever without the written permission of Dell Inc. is strictly forbidden. 
Intel Corporation is a contributing source of content in this document. 


Trademarks used in this text: Dell and the DELL logo are trademarks of Dell Inc.; Intel and iAMT are registered trademarks of Intel Corporation; Microsoft and Windows are either 
trademarks or registered trademarks of Microsoft Corporation in the United States and/or other countries. 


Other trademarks and trade names may be used in this document to refer to either the entities claiming the marks and names or their products. Dell Inc. disclaims any 
proprietary interest in trademarks and trade names other than its own. 


October 2007 Rev. A00 


Back to Contents Page 


Deployment 


Dell'" Systems Management Administrator's Guide 


Once you are ready to deploy a computer to a user, plug the computer into a power source and connect it to the network. Use the integrated Intel? 82566MM 
NIC. Intel Active Management Technology (iAMT®) does not work with any other NIC solution. 


When the computer is turned on, it computer immediately looks for a setup and configuration server (SCS). If the computer finds this server, the Intel AMT 
capable computer sends a Hello message to the server. 


DHCP and DNS must be available for the setup and configuration server search to automatically succeed. If DHCP and DNS are not available, then the setup 
and configuration servers (SCS) IP address must be manually entered into the Intel AMT capable computer's MEBx. 


The Hello message contains the following information: 


Provisioning ID (PID) 

Universally Unique Identifier (UUID) 

IP address 

ROM and firmware (FW) version numbers 


The Hello message is transparent to the end user. There is no feedback mechanism to tell you that the computer is broadcasting the message. The SCS uses 
the information in the Hello message to initiate a Transport Layer Security (TLS) connection to the Intel AMT capable computer using a TLS Pre-Shared key 
(PSK) cipher suite if TLS is supported. 


The SCS uses the PID to look up the provisioning passphrase (PPS) in the provisioning server database and uses the PPS and PID to generate a TLS Pre- 
Master Secret. TLS is optional. For secure and encrypted transactions, use TLS if the infrastructure is available. If you do not use TLS, then HTTP Digest is used 
for mutual authentication. HTTP Digest is not as secure as TLS. The SCS logs into the Intel AMT computer with the username and password and provisions the 
following required data items: 


| New PPS and PID (for future setup and configuration) 
| TLS certificates 

| Private keys 

| Current date and time 

| HTTP Digest credentials 

| HTTP Negotiate credentials 


The computer goes from the setup state to the provisioned state, and then Intel AMT is fully operational. Once in the provisioned state, the computer can be 
remotely managed. 


Back to Contents Page 


Back to Contents Page 
I ntel? Management Engine BI OS Extension ( MEBx) 
Dell'" Systems Management Administrator's Guide 


Q intel MEBx Overview 


E Configuring the Intel Management Engine (ME) 
E Configuring Your Computer to Support Intel AMT Features 
@ MEBx Default Settings 


MEBx Overview 


The Intel® Management Engine BIOS Extension (MEBx) provides platform-level configuration options for you to configure the behavior of Management Engine 
(ME) platform. Options include enabling and disabling individual features and setting power configurations. 


This section provides details about MEBx configuration options and constraints, if any. 


All the ME Configuration setting changes are not cached in MEBx. They are note committed to ME nonvolatile memory (NVM) until you exit MEBx. Hence, if MEBx 
crashes, the changes made until that point are NOT going to be committed to ME NVM. 


Ká NOTE: Briscoe AMT is shipped in enterprise mode as default. 


Accessing MEBx Configuration User I nterface 


The MEBx configuration user interface can be accessed on a computer through the following steps: 


1. Turn on (or restart) your computer. 
2. When the blue DELL™ logo appears, press <Ctrl><p> immediately. 


If you wait too long and the operating system logo appears, continue to wait until you see the Microsoft® Windows® operating system desktop. Then 
shut down your computer and try again. 


3. Type the ME password. Press <Enter>. 
The MEBx screen appears as shown below. 


Intel(R) Management Engine BIOS Extension y2.5.15.0000 
Copyright(C) 2003-06 Intel Corporation. All Rights Reserved. 
[ ] 


Intel(R) ME Configuration > 
Intel CR) AMT Configuration 
Change Intel(R) ME Password 
ets 


[ESC]-Exit [ft}]=Select [ENTER ] -Access 





The main menu presents three function selections: 


| Intel ME Configuration 
| Intel AMT Configuration 
| Change Intel ME Password 


The Intel ME Configuration and Intel AMT Configuration menus are discussed in the following sections. First, you must change the password before you can 
proceed through these menus. 


Changing the Intel ME Password 


The default password is admin and is the same on all newly deployed platforms. You must change the default password before changing any feature 
configuration options. 


The new password must include the following elements: 


| Eight characters 

| One uppercase letter 

| One lowercase letter 

| Anumber 

| Aspecial (nonalphanumeric) character, such as !, $, or ; excluding the :, ", and , characters.) 


The underscore ( _ ) and spacebar are valid password characters but do NOT add to the password complexity. 


Configuring the Intel® Management Engine (ME) 


To reach the Intel® Management Engine (ME) Platform Configuration page, follow these steps: 


1. Under the Management Engine BIOS Extension (MEBx) main menu, select ME Configuration. Press <Enter>. 
2. The following message appears: 

System resets after configuration changes. Continue: (Y/N) 
3. Press <Y>. 





The ME Platform Configuration page opens. This page allows you to configure the specific functions of the ME such as features, power options, and so on. 
Below are quick links to the various sections. 


| Intel ME State Control 


| Intel ME Firmware Local Update 
| Intel ME Features Control 


o Manageability Feature Selection 
o LAN Controller 


| Intel ME Power Control 
o Intel ME ON in Host Sleep States 


Intel(R) Management Engine BIOS Extension v2.5.15.0000 
Copyright(C) 2003-06 Intel Corporation. All Rights Reserved. 
[ ] 

Intel(R) ME State Control 
Intel(R) ME Firmware Local Update 
LRN Controller 
Intel(R) ME Features Control 
Intel(R) ME Power Control 
Return to Previous Menu 


[ESC]-Exit [11]-Select [ENTER] -ficcess 





Intel ME State Control 


When the ME State Control option is selected on the ME Platform Configuration menu, the ME State Control menu appears. You can disable ME to isolate 
the ME computer from main platform until the end of the debugging process. 


Intel(R) Management Engine BIOS Extension v2.5.15.0000 
Copyright(C) 2003-06 Intel Corporation. All Rights Reserved, 
[ DAITE ME PI TPURM CUNT [GURATION 1] 


Intel(R) y» Firmar Local Update 
LAàN Controller 

Intel(R) ME Features Contro! 
Intel(R) ME Power Contro! 

Return to Previous Menu 


I[ESCI]-Exit [ti]1-Select [ENTER1-ficcess 


ETIN 





When enabled, the ME State Control option lets you disable ME to isolate the ME computer from the main platform while debugging a field malfunction. The 
table below illustrates the details of the options. 


omn OO  Bexnpiom O 


In fact, the ME is not really disabled with the Disabled option. Instead, it is paused at the very early stage of its booting so the computer has no traffic 
originating from the ME on any of its busses, ensuring that an you can debug a computer problem without worrying about any role the ME might have played 
in it. 





I ntel ME Firmware Local Update 


This option on the ME Platform Configuration menu sets the policy for allowing the MEBx to be updated locally. The default setting is Always Open. The other 
settings available are Never Open and Restricted. 


Intel(R) Management EUER HUS Extension v2.5.15.0000- 
Copyright(C) 2003-06 Intel Corporation. al Cet M 
[ INTELCR) ME PLATFORM CONFIGURATION J 

Intel(R) ME State Control 
Intel(R) ME Firmware Lo: 

LAN Controller 

Intel(R) ME Features Contro! 
Intel(R) ME Power Contro! 
Return to Previous Menu 


[ESC]-Exit [f1]15Select [ENTER ]-ficcess 


"[ ] ENABLED 





To assist with the manufacturing process as well as OEM-specific in-field firmware update processes, ME firmware provides an OEM- configurable capability that 
leaves the local firmware update channel always open no matter what value you select for the ME Firmware Local Update option. 


The Always Open option allows OEMs to use the ME firmware local update channel to update the ME firmware without going through MEBx every time. If you 
select Always Open, the ME FW Local Update option does not appear under the ME configuration menu. The table below illustrates the detail of the options. 





r 1 


ME Firmware Local Update Option 


Description S 


The ME firmware local update channel is always enabled. A boot cycle does not change enabled to disabled 
The ME FW Local Update option can be ignored. 


The ME firmware local update channel is controlled by the ME FW Local Update option, which can be enabled 
or disabled. A boot cycle changes enabled to disabled 

Restricted The ME firmware local update channel is always enabled only if Intel AMT is in un-provision state. A boot cycle 
does not change enabled to disabled. 





Always Open qualifies the override counter and allows local ME firmware updates. The override counter is a value set in the factory that, by default, allows 
local ME firmware updates. The Never Open and Restricted options disqualify the override counter and do not allow local ME firmware updates unless 
explicitly permitted with the Intel ME Firmware Local Update option. Selecting Never Open or Restricted adds the Intel ME Firmware Local Update option, 
which can be set to Enable or Disable. By default it is disabled. 


LAN Controller 


Many OEMs' platforms supply a BIOS setup option to enable or disable the integrated LAN controller. In an ME operating system with AMT or ASF (Alert 
Standard Format) capabilities, the LAN controller is shared between the ME and host and must be enabled for AMT to work correctly. Disabling the controller 
may unintentionally affect the ME subsystem functionality. Therefore, you should not disable the LAN controller as long as the ME uses it to provide AMT or ASF. 
However, if the platform's integrated LAN controller BIOS option is set to None, then the LAN Controller option on the ME Platform Configuration menu has 
Enabled and Disabled options. 


Intel(R) Management Engine BIOS Extension v2.5.15.0000 
Copyright(C) 2003-06 Intel Corporation. All Rights Reserved. 
[ ] 

Intel(R) ME State Control 
Intel(R) ME Firmware Local Update 
LAN Controller 

Intel(R) ME Features Control 
Intel(R) ME Power Control 

Return to Previous Menu 


[ESC]-Exit [11]-Select [ENTER ]-ficcess 


[ ] DISABLED 
[x] ENABLED 





When you select the LAN Controller option on the ME Platform Configuration menu when the ME feature (Intel AMT or Intel QST) is selected, the following 


message displays: Please set Manageability Feature to None before changing this option. For the ME platform client, the default LAN Controller setting is 
Enabled. 


. Itel(R) Management Engine BIOS Extension v2.5.15.0000 
Copyright(C) 2003-06 Intel Corporation. All Rights Reserved. 
c= INTELIR) ME PLATFORM CONFIGURATION J 

Intel(R) ME State Control 

Intel(R) ME Firmuare Local Update 

LAN Controller 

Intel(R) ME Features Contro! 

Intel(R) ME Power Contro! 

Return to Previous Menu 


[ESC ]=Exit [ti]-Select [ENTER]-ficcess 


Please set Manageability Feature to NONE 
before changing this option 





I ntel ME Features Control 
The ME Features Control menu contains the following configuration selection. 
Manageability Feature Selection 


When you select the Manageability Feature Selection option on the ME Features Control menu, the ME Manageability Feature menu appears. 


. Intel(R) Management Engine BIOS Extension v2.5.15.0000 
Copyright(C) 2003-06 Intel Corporation. fill Rights Reserved. 
— [ [NTEL(R) ME FEATURES CONTROL J= 


TS PY Oy PS ES ee 
taida! eability Feature t 
Return to Previous Menu 


[ESC]-Exit [ti]-Select [ENTER1-ficcess 


[x] Intel(R) AMT 
SN: 





You can use this option to determine which manageability feature is enabled. 


| ASF — Alert Standard Format. ASF is a standardized corporate assets management technology. The Intel ICH9 platform supports ASF specification 2.0. 
| Intel AMT — Intel Active Management Technology. Intel AMT is an improved corporate assets management technology. Intel ICH9 platform supports 
Intel AMT 2.6. 


The table below explains these options. 





Management Feature Select Option 


[None sid Manageability Feature is not selected 
Intel AMT Intel AMT manageability feature is selected 
ASF ssid ASF manageability feature is selected 





When you change the option from Intel AMT to None, a warning that Intel AMT un-provisions automatically if you accept the change appears. 


The None option has no manageability feature provided by the ME computer. In this case, the firmware is loaded (that is, ME is still enabled) but the 
management applications remain disabled. 


I ntel ME Power Control 


The ME Power Control menu configures the ME platform power-related options. It contains the following configuration selection. 


ME On in Host Sleep States 
When the ME ON in Host Sleep States option is selected on the ME Power Control menu, the ME in Host Sleep States menu loads. 


Intel(R) Management Engine BIOS Extension v2.5.15.0000 
Copyright(C) 2003-06 Intel Corporation. All Rights Reserved. 
[ |= 


Intel(R) ME ON in Host Sleep States 


Return to Previous Menu 


[ESC]-Exit [11]-Select [ENTER ]-fccess 


] Mobile: 

] Mobile: in SQ, S3/aC, 54-574C 
] Mobile: TECH ETC 
| 


[ 
[ 
[ 
[ ] Mobile: in 50; ME WoL in 33/RC, 54-5/AC 





The power package selected determines when the ME is turned ON. The default power package turns off the ME in all Sx (S3/S4/S5) states. 


The end user administrator can choose which power package is used depending on computer usage. The power package selection page can be seen above. 


Supported Power Packages 


Power Package 


SO (Computer On) 


S3 (Suspend to RAM) 


S4/ S5 (Suspend to disk/Soft off) 


ME OFF After Power Loss 








* WoL - Wake on LAN 


If the power package selected indicates OFF After Power Loss, Intel ME remains off after returning from a mechanical off (G3) state. If the power package 
selected does NOT indicate OFF After Power Loss Intel ME powers the computer on (SO) briefly, then turn the computer off (S5). 


Configuring Your Computer to Support Intel AMT Management Features 


After you completely configure the Intel® Management Engine (ME) feature, you must reboot before configuring the Intel AMT for a clean boot. The image 
below shows the Intel AMT configuration menu after a user selects the Intel AMT Configuration option from the Management Engine BIOS Extension 
(MEBx) main menu. This feature allows you to configure an Intel AMT capable computer to support the Intel AMT management features. 


You need to have a basic understanding of networking and computer technology terms, such as TCP/IP, DHCP, VLAN, IDE, DNS, subnet mask, default gateway, 
and domain name. Explaining these terms is beyond the scope of this document. 


Intel(R) Management Engine BIOS Extension y2.5.15.0000 
Copyright(C) 2003-06 Intel Corporation. fill Rights Reserved. 
[ |= 
Host Name 


TCP/ IP 


Provisioning Server 
Provision Model 

Set PID and PPS 
Un-Provision 

SüL/IDE-R 

secure Firmware Update 


[ESC]-Exit [f}]=Select [ENTER] -ficcess 





The Intel AMT Configuration page contains the user-configurable options listed below. 


For images of these menu options, see Enterprise Mode and SMB Mode. 


Menu Options 


| Host Name | Un-Provision 

| TCP/IP | SOL/IDE-R 

| Provisioning Server | Secure Firmware Update 
| Provision Model | Set PRTC 

| Set PID and PPS | Idle Timeout 


Host Name 


A hostname can be assigned to the Intel AMT capable computer. This is the host name of the Intel AMT-enabled computer. If Intel AMT is set to DHCP, the host 
name MUST be identical to the operating system machine name. 


TCP/IP 
Allows you to change the following TCP/IP configuration of Intel AMT. 


| Network interface - ENABLE** / DISABLED 

If the network interface is disabled, all the TCP/IP settings are no longer needed. 
| DHCP Mode - ENABLE** / DISABLED 

If DHCP Mode is enabled, TCP/IP settings are configured by a DHCP server. 


If DHCP mode is disabled, the following static TCP/IP settings are required for Intel AMT. If a computer is in static mode it needs a separate MAC address for 
the Intel Management Engine. This extra MAC address is often called the Manageability MAC (MNGMAC) address. Without a separate Manageability MAC 
address, the computer can NOT be set to static mode. 


| IP address - Internet address of the Intel Management Engine. 

| Subnet mask - The subnet mask used to determine what subnet IP address belongs to. 
| Default Gateway address - The default gateway of the Intel Management Engine. 

| Preferred DNS address - Preferred domain name server address. 

| Alternate DNS address - Alternate domain name server address. 

| Domain name - Domain name of the Intel Management Engine. 


Provisioning Server 


Sets the IP address and port number (0-65535) for an Intel AMT provisioning server. This configuration only appears for Enterprise Provision Model. 


Provision Model 
The following provisioning models are available: 


| Compatibility Mode - Intel AMT 2.6** / Intel AMT 1.0 
Compatibility mode allows user to switch between Intel AMT 2.6 and Intel AMT 1.0. 
| Provisioning Mode - Enterprise** / Small Business 


This allows you to select between small business and enterprise mode. Enterprise mode may have different security settings than small business mode. 
Because of the different security settings, each of these modes requires a different process to complete the setup and configuration process. 


Set PI D and PPS 
Setting or deleting the PI D/PPS causes a partial un-provision if the setup and configuration is "In-process". 


| Set PID and PPS - Sets the PID and PPS. Enter the PID and PPS in the dash format. (Ex. PID: 1234-ABCD ; PPS: 1234-ABCD-1234-ABCD-1234-ABCD- 
1234-ABCD) Note - A PPS value of '0000-0000-0000-0000-0000-0000-0000-0000' does not change the setup configuration state. If this value is used 
the setup and configuration state stays as "Not-started." 


Un-Provision 


Intel(R) Management Engine BIOS Extension v2.5.15.0000 
Copyright(C) 2003-06 Intel Corporation. All Rights Reserved. 
[ ] 

Host Mame 

TCP/ IP 

Provisioning Server 
Provision Model 

set PID and PPS 

SOL/ IDE-R 

secure Firmware Update 


[ESC J=Exit [11]-Select [ENTER ]-fccess 





The Un-Provision option allows you to reset the Intel AMT configuration to factory defaults. There are three types of un-provision: 


| Partial Un-provision - This option resets all of the Intel AMT settings to their default values but leaves the PID/PPS. The MEBx password remains 
untouched. 

| Full Un-provision - This option resets all of the Intel AMT settings to their default values. If a PID/PPS value is present, both values are lost. The MEBx 
password remains untouched. 

| CMOS clear - This un-provision option is not available in the MEBx. This option clears all values to their default values. If a PID/PPS is present, both 
values are lost. The MEBx password resets to the default value (admin). To invoke this option, you need to clear the CMOS (i.e. system board jumper). 


SOL/ IDE-R 


Intel(R). Management Engine BIOS Extension v2.5.15.0000 
AAO 2003-06 Intel Corporation. All Rights Reserved, 
[ INTEL(R) AMT CONFIGURATION J= 
TCP/ IP 
Provisioning Server 
Provision Model 
set PID and PPS 
Un-Frovision 
SOLZ IDE-R 


Secure Firmuare Update 
Set PRTC 


BONE) ona [ti]-Select [ENTER]-ficcess 





| Username and Password - DISABLED** / ENABLED 
This option provides the user authentication for SOL/IDER session. If the Kerberos protocol is used, set this option to Disabled and set the user 
authentication through Kerberos. If Kerberos is not used, you have the choice to enable or disable user authentication on the SOL/IDER session. 
| Serial-Over-LAN (SOL) - DISABLED** / ENABLED 
SOL allows the Intel AMT managed client console input/output to be redirected to the management server console. 
| IDE Redirection (I DE-R) - DISABLED** / ENABLED 
IDE-R allows the Intel AMT managed client to be booted from remote disk images at the management console. 


Secure Firmware Update 


This option allows you to enable/disable secure firmware updates. Secure firmware update requires an administrator user name and password. If the 
administrator user name and password are not supplied, the firmware cannot be updated. 


When the secure firmware update feature is enabled, you are able to update the firmware using the secure method. Secure firmware updates pass through 
the LMS driver. 


Intel(R) Management ILL UN Extension v2.5.15.0000. 
Copyright(C). 2003-06 Intel Corporation. All ae Reserved. 
{ INTEL(R) AMT CONFIGURATION ] 

TCP/ IP 

Provisioning Server 
Provision Model 

set PID and PPS 
Un-Provision 

SOL/ IDE-R 

Secure Firmware Update 


TINIU n 


SON ED + en [fi]-Select [ENTER] -Access 


T] ETN 





Set PRTC 


Enter PRTC in GMT (UTC) format (YYYY: MM: DD: HR: MM: SS). Valid date range is 1/1/2004 - 1/4/2021. Setting PRTC value is used for virtually maintaining PRTC 
during power off (G3) state. This configuration is only displayed for the Enterprise Provision Model. 


4 


Copuright(C) 2 2003-06 Intel p stadi. Hn Pen Mese 
— [NTEL(R) ANT CONFIGURATION 1 
TCP/IP 
Provisioning Server 
Provision Model 
set PID and PPS 


Un-Provision 
SOL/ IDE-R 
and MU Eu 


Enter PRTC in GMT(UTC) format C'YYY:MM:DD:HH:MM:SS) 


[ESC]-Exit  [ENTER1-Submit | 





Idle Timeout 


Use this setting to define the ME WoL idle timeout. When this timer expires, the ME enters a low-power state. This timeout takes effect only when one of the 
ME WoL power policies is selected. Enter the value in minutes. 


Intel(R) Management. DL BIOS Extension v2.5.15.0000 
Copyright(C) 2003-06 Intel Corporation. All. Rights. ota 
=] [NTELIR) AMT CONFIGURATION J... 

Provisioning Seruer 
Provision Model 

Set PID and PPS 
Un-Provision 

SOL/ IDE-R 

Secure Firmware Update 
Set aie 


Timeout Value (0-65535) 





[ESCI-Exit [ENTER] -Submit | 


I ntel AMT in DHCP Mode Settings Example 


The table below shows a basic field settings example for the Intel AMT Configuration menu page to configure the computer in DHCP mode. 


I ntel AMT Configurations Example in DHCP Mode 


I ntel AMT Configuration Parameters Values 


I ntel AMT Configuration Select and press «Enter». 


Example: IntelAMT 
MOSE NAME This is the same as the operating system machine name. 


Set the parameters as follows: 


TCP/IP Enable Network interface 


Enable DHCP Mode 
Set a domain name (e.g., amt.intel.com) 





| Intel AMT 2.6 Mode 
Provision Model | Small Business 





| Enable SOL 
SOL/ I DE-R | Enable IDE-R 





Remote FW Update Enabled 


Save and exit MEBx and then boot the computer to the Microsoft® Windows® operating system. 


Intel AMT in Static Mode Settings Example 


The table below shows a basic field settings example for the Intel AMT Configuration menu page to configure the computer in static mode. The computer 
requires two MAC addresses (GBE MAC address and Manageability MAC Address) to operate in static mode. If there is no Manageability MAC address, Intel 
AMT cannot be set in static mode. 


Intel AMT Configurations Example in Static Mode 


Intel AMT Configuration Parameters 
Intel AMT Configuration Select and press <Enter> 
Host Name Example: IntelAMT 


Set the parameters as follows: 


Enable Network interface 

Disable DHCP Mode 

Set an IP address (e.g., 192.168.0.15) 
TCP/IP Set a subnet mask (e.g., 255.255.255.0) 

The default gateway address is optional 


The preferred DNS address is optional 
The Alternate DNS address is optional 
Set the domain name (for example., amt.intel.com) 


Intel AMT 2.6 Mode 
Provision Model Small Business 


Enable SOL 
SOL/ I DE-R Enable IDE-R 


Remote FW Update Enabled 


Save and exit MEBx and then boot computer to the Microsoft® Windows® operating system. 








MEBx Default Settings 


The table below lists all the default settings for the Intel® Management Engine BIOS Extension (MEBx). 


Password admin 
Intel ME Platform Configuration Default Settings 
Enabled * 
1 
Intel ME Platform State Control- Disabled 
: Enabled 

Intel ME Firmware Local Update Disabled* 

Intel ME Features Control 
None 

Manageability Feature Selection Intel AMT * 

ASF 


Intel ME Power Control 


Mobile: ON in SO* 
Mobile: ON in SO, S3/AC 
Intel ME ON in Host Sleep States Mobile: ON in SO, S3/AC, S4-5/AC 
Mobile: ON in SO; ME WoL in S3/AC 
Mobile: ON in SO; ME WoL in S3/AC, S4-5/AC 


I ntel AMT Configuration Default Settings 


Host Name 

TCP/ IP 
Disable Network Interface? N 
DHCP Enabled. Disable? N 
Domain Name blank2 


Provisioning Server 


Provisioning Server Address 0.0.0.0 
Port Number (0-65535) 0 
Provision Model 
AMT 2.6 Mode N 
Set PID and PPS ** 
Set PID and PPS ** PPS Format: 1234-ABCD-1234-ABCD-1234-ABCD-1234-ABCD 
3 


Un-Provision= 
SOL/ IDE-R 


Username & Password 
Serial Over LAN 
IDE Redirection 


Secure Firmware Update 


Set PRTC 
Idle Timeout 


Timeout Value (Ox0-OxFFFF) 


* Default setting 


**May cause Intel AMT partial unprovision 

l Intel ME Platform State Control is only changed for Management Engine (ME) troubleshooting. 
? |n Enterprise mode, DHCP automatically loads the domain name. 

? Un- provision setting only seen if the box is provisioned. 


Back to Contents Page 


Disabled 
Enabled * 


Disabled 
Enabled * 


Disabled 
Enabled * 


Disabled 
Enabled * 


blank 


Back to Contents Page 


About Intel® Active Management Technology 


Dell™ Systems Management Administrator's Guide 


Intel® Active Management Technology (Intel AMT, or iAMT®) allows companies to easily manage their networked computers. IT management can: 


| Discover computing assets on a network regardless of whether the computer is turned on or off — Intel AMT uses information stored in nonvolatile 
computer memory to access the computer. The computer can even be accessed while it is powered off (also called out-of-band or OOB access). 


| Remotely repair computers even after operating system failures — In the event of a software or operating system failure, Intel AMT can be used to 
access the computer remotely for repair purposes. IT administrators can also detect computer problems easily with the assistance of Intel AMT's out-of- 
band event logging and alerting. 


| Protect networks from incoming threats while easily keeping software and virus protection up to date across the network 


Software Support 


Several independent software vendors (ISVs) are building software packages to work with Intel AMT features. This provides IT administrators many options 
when it comes to remotely managing the networked computer assets within their company. 


Features and Benefits 





I ntel AMT 


Features 
Out-of-band (OOB) access 
Remote troubleshooting and recovery 
Proactive alerting 








Remote hardware and software asset tracking|Increases speed and accuracy over manual inventory tracking, reducing asset accounting costs 
Third-party nonvolatile storage Increases speed and accuracy over manual inventory tracking, reducing asset accounting cost 


The Intel® Management Engine BIOS Extension (MEBx) is an optional ROM module provided to Dell from Intel that is included in the Dell BIOS. The MEBx has 
been customized for Dell computers. 


Back to Contents Page 


Back to Contents Page 


Redirecting Serial and IDE Communications 


Dell'" Systems Management Administrator's Guide 


Intel? AMT makes it possible to redirect serial and IDE communications from a managed client to a management console regardless of the boot and power 
state of the managed client. The client need only have the Intel AMT capability, a connection to a power source, and a network connection. Intel AMT supports 
Serial Over LAN (SOL, text/keyboard redirection) and IDE Redirection (IDER, CD-ROM redirection) over TCP/IP. 


Serial Over LAN Overview 


Serial Over LAN (SOL) is the ability to emulate serial port communication over a standard network connection. SOL can be used for most management 
applications where a local serial port connection is normally required. 


When an active SOL session is established between an Intel AMT-enabled client and a management console using the Intel AMT redirection library, the client's 
serial traffic is redirected through Intel AMT over the LAN connection and made available to the management console. Similarly, the management console may 
send serial data over the LAN connection that appears to have come through the client's serial port. 


I DE Redirection Overview 


IDE Redirection (IDER) is capable of emulating an IDE CD drive or a legacy floppy or LS-120 drive over a standard network connection. IDER enables a 
management machine to attach one of its local drives to a managed client over the network. Once an IDER session is established, the managed client can use 
the remote device as if it were directly attached to one of its own IDE channels. This can be useful for remotely booting an otherwise unresponsive computer. 
IDER does not support the DVD format. 


For example, I DER is used to boot a client with a corrupt operating system. First, a valid boot disk is loaded into the management console disk drive. This drive 
is then passed as an argument when the management console opens the I DER TCP session. Intel AMT registers the device as a virtual IDE device on the 
client, regardless of its power or boot state. Both SOL and IDER may be used together since the client BIOS may need to be configured to boot from the virtual 
IDE device. 


Back to Contents Page 


Back to Contents Page 


Intel® AMT Setup and Configuration Overview 


Dell™ Systems Management Administrator's Guide 


@ Terms 
@ Setup and Configuration States 


Terms 


The following is a list of important terms related to the Intel® AMT setup and configuration: 


| Setup and configuration — The process that populates the Intel AMT-managed computer with usernames, passwords, and network parameters that 
enable the computer to be administered remotely. 

| Provisioning — The act of setting up and fully configuring Intel AMT. 

| Configuration service — A third-party application that completes the Intel AMT provisioning for the Enterprise operational mode. 

| Intel AMT WebGUI — A Web browser-based interface providing limited remote computer management. 

| 


Operational modes — Intel® AMT can be set up for use in either Enterprise mode (for large organizations) or Small and Medium Business (SMB) 
mode (also called provisioning models). Enterprise mode requires a configuration service to complete provisioning; SMB mode is set up manually, does 
not require much infrastructure, and completes provisioning through the Intel ME BIOS Extension (MEBx). 

| Enterprise mode — Once Intel AMT is set up in Enterprise mode, it is ready to initiate configuration of its own capabilities. When all required network 
elements are available, simply connect the computer to a power source and the network, and Intel AMT automatically initiates its own configuration. The 
configuration service (a third-party application) completes the process for you. Intel AMT is then ready for remote management. This configuration 
typically takes only a few seconds. When Intel AMT is set up and configured, you can reconfigure the technology as needed for your business 
environment. 

| SMB mode — Once Intel AMT is set up in SMB mode, the computer does not have to initiate any configuration across the network. It is set up manually 
and is ready to use with the Intel AMT WebGUI. 


You must set up and configure Intel AMT in a computer before using it. Intel AMT setup readies the computer for Intel AMT mode and enables network 
connectivity. This setup is generally performed only once in the lifetime of a computer. When Intel AMT is enabled, it can be discovered by management 
software over a network. 


Setup and Configuration States 


An Intel AMT capable computer can be in one of three setup and configuration states: 


| Factory-default state — The factory-default state is a fully unconfigured state in which security credentials are not yet established and Intel AMT 
Capabilities are not yet available to management applications. In the factory-default state, Intel AMT has the factory-defined settings. 

| Setup state — The setup state is a partially configured state in which Intel AMT has been set up with initial networking and transport layer security (TLS) 
information: an initial administrator password, the provisioning passphrase (PPS), and the provisioning identifier (PID). When Intel AMT has been set 
up, Intel AMT is ready to receive Enterprise mode configuration settings from a configuration service. 

| Provisioned state — The provisioned state is a fully configured state in which the Intel Management Engine (ME) has been configured with power 
options, and Intel AMT has been configured with its security settings, certificates, and the settings that activate the Intel AMT capabilities. When Intel 
AMT has been configured, the capabilities are ready to interact with management applications. 


Methods for Completing the Provisioning Process 


The computer has to be configured before the Intel AMT capabilities are ready to interact with management application. There are two methods to complete 
the provisioning process (in order from least complex to most complex): 


| Configuration service — A configuration service allows you to complete the provisioning process from a GUI console on their server with only one touch 
on each of the Intel AMT capable computers. The PPS and PID fields are completed using a file created by the configuration service saved to a USB 
device. 

| MEBx interface — The IT administrator manually configures the Management Engine BIOS Extension (MEBx) settings on each Intel AMT ready computer. 
The PPS and PID fields are completed by typing the 32 character and 8 character alpha-numeric keys created by the configuration service into the MEBx 
interface. 


Back to Contents Page 


Back to Contents Page 


Provisioning: Completing the Setup and Configuration Process 


Dell™ Systems Management Administrator's Guide 


» Using a Configuration Service to Complete Provisioning 
E Using MEBx Interface to Complete Provisioning 


The computer has to be configured before the Intel® AMT capabilities are ready to interact with the management application. Two methods are available to 
complete the provisioning process (in order from least complex to most complex): 


| Configuration service — A configuration service allows you to complete the provisioning process from a GUI console on their server with only one touch 
on each of the Intel AMT capable computers. The PPS and PID fields are completed using a file created by the configuration service saved to a USB mass 
storage device. 

| MEBx interface — The IT administrator manually configures the Management Engine BIOS Extension (MEBx) settings on each Intel AMT ready computer. 
The PPS and PID fields are completed by typing the 32 character and 8 character alpha-numeric keys created by the configuration service into the MEBx 
interface. 


Using a Configuration Service to Complete Provisioning 


Using a USB Storage Device 


This section discusses Intel® AMT setup and configuration using a USB storage device. You can set up and locally configure password, provisioning ID (PID), 
and provisioning passphrase (PPS) information with a USB drive key. This is also called USB provisioning. USB provisioning allows you to manually set up and 
configure computers without the problems associated with manually typing in entries. 


USB provisioning only works if the MEBx password is set to the factory default of admin. If the password has been changed, reset it to the factory default by 
clearing the CMOS. For instructions, see "System Setup" in the User's Guide for your computer. 


The following is a typical USB storage device key setup and configuration procedure. For a detailed walk-through using Altiris® Dell™ Client Manager (DCM), 
see Configuring Intel AMT With the Dell Client Management Application. 


1. An IT technician inserts a USB drive key into a computer with a management console. 
2. The technician requests local setup and configuration records from a setup and configuration server (SCS) through the console. 
3. The SCS does the following: 
o Generates the appropriate passwords, PID, and PPS sets 
n Stores this information in its database 
n Returns the information to the management console 
4. The management console writes the password, PID, and PPS sets to a setup.bin file in the USB drive key. 
5. The technician takes the USB drive key to the staging area where new Intel AMT capable computers are located. The technician then does the following: 
o If necessary, npacks and connects computers 
o Inserts the USB drive key into a computer 
o Turns on that computer 
6. The computer BIOS detects the USB drive key. 
o If found, the BIOS looks for a setup.bin file at the beginning of the drive key. Go to step 7. 
o If no USB drive key or setup.bin file is found, then restart the computer. Ignore the remaining steps. 
7. The computer BIOS displays a message that automatic setup and configuration will occur. 
o The first available record in the setup.bin file is read into memory. The process accomplishes the following: 
n Validates the file header record 
n Locates the next available record 
n If the procedure is successful, the current record is invalidated so it cannot be used again 
o The process places the memory address into the MEBx parameter block. 
o The process calls MEBx. 
8. MEBx processes the record. 
9. MEBx writes a completion message to the display. 
10. The IT technician turns off the computer. The computer is now in the setup state and is ready to be distributed to users in an Enterprise mode 
environment. 
11. Repeat step 5 if you have more than one computer. 


Refer to the management console supplier for more information on USB drive key setup and configuration. 


USB Storage Device Key Requirements 


The USB storage device key must meet the following requirements to be able to set up and configure Intel AMT: 


| It must be greater than 16 MB. 

| It must be formatted with the FAT16 file system. 

| The sector size must be 1 KB. 

| The USB drive key is not bootable. 

| The setup.bin file must be the first file landed on the USB drive key. The USB key must not contain any other files whether hidden, deleted, or otherwise. 


Configuring Intel AMT With the Dell Client Management Application 


The default console package provided is the Dell™ Client Management (DCM) application. This section provides the procedure to set up and configure Intel® 
AMT with the DCM package. As mentioned earlier in the document, several other packages are available through third-party vendors. 


The computer must be configured and seen by the DNS server before you begin this process. Also, a USB storage device is required and must conform to the 
requirements listed in the previous section. 


The nature of management software is that it is not always dynamic or real time. In fact, sometimes if you tell a computer to do something, such as to reboot, 
you may have to reboot again for it to work. 


Setup and Configuration Using a USB Storage Device 


1. Format a USB device with the FAT16 file system and no volume label and then set it aside. 














JM ONE ME ME TACUE . un Format Removable Disk (E) Ax] 


Name Type 0l — [243 MB -| 








System Tasks A Hard Disk Drives 
i " File system 
2) View system information &localDisk(C:) Local Disk 
15 Addor remove programs FAT x 
Devices with Removable Storage 
pots "e Allocation unit size 
ij) Eject this disk db CD Drive (D:) CD Drive es 
TTI ao ahle Dick: [Defaut allocation size -| 
Other Places A fpem Volume label 
V My Network Places Search... | 
É) My Documents AutoPlay i 
G Control Panel | ET x: Format options 






IV i ormat; 


Tee ee eene nnn nnn nnn 


[ Enable Compression 


Details a 

: FERRERA Eject [ create an M5-DO5 startup disk 
Removable Disk Cut 

File System: FAT Copy 


3. Select AMT Quick Start from the left navigation menu to open the Altiris Console. 





> Altiris Quick Start Console - Windows Internet Explorer 


fm 
jy > le, hitp:ffaltinisbox trvpro loc alf Akiris [NS QuickStart aspi Console Guide 9981 4485-4 16/-4001-8544d-e2f Ldsc74 acf | $9 X1]ve Se P- 


SEE Fais Quick Start Console M- E o Pe - O To - ” 
DOLL Dell Client Manager Standard 40e 9ue 


* Getting Started 


* Discover Manageable Resources 
* install the Altiris Agent 


* Configure Altiris Agent settings DELL 


Dell Client Manager Standard 





* Enable Hardware Management HARDWARE 

* Discover Dell Client Systems MANAGEMENT 

, Configure Agents for 32-bit 
Hardware Management Welcome 

, Configure Agents for 64-bit Welcome to Dell Client Manager Standard. This hardware management solution lets you manage your Dell 
Hardware Management Precision workstations, OptiPlex desktops and Latitude notebooks from a remote management console 

, View Client Systems Discovery Management capabilities for certain older models as well as Dell Inspiron notebooks and Dimension 
Results desktops are limited to discovery only. See the Product Guide for a complete list of supported models 

, View Client Systems Configured for Dell Client Manager Standard includes a 90 day license. Ifthe license is allowed to expire, inventory functions 
Hardware Management will cease functioning. To obtain a free, unlimited license you must register your product. Once you have 


obtained your unlimited icense you will need to install iL. Click here to install a license 
* Hardware Management Tasks 


* Scan for Irwentory Data 

* Scan for Current BIOS Settings 
* Configure BIOS Sefings 

* Upgrade BIOS Version 

* Set Monitoring and Alerts 


Getting Started 

Quick Start Tasks. if you've already installed the Altiris management framework - Altiris Notification Server 
plus management agents on the systems you wish to manage - you are ready to enable hardware 
management on your qualified Dell client systems by following the links in the Enable Hardware 
Management section at the top of the quick start task menu, on the left. 


+ ASF and AMT Setup and Tasks Clicking any link on the quick Stat task menu opens the target task, policy, or report in this window Click the 
+ ASF Quick Start View Report button on any of the five hardware management task pages to leam the status of the task 
* AMT Quick Start Please note that, depending upon your Notification Server configuration settings and other factors, these 
reports may take some time to begin retuming data the first time you enable the policy or task that is being 
+ Summaries reported on 
, Dell Client Discovery and 
installation Summary First Time Setup. if you've just installed Altiris Notification Server for the first tne. there are a few things you 
"BIOS Configuration need to do first before you can perform Dell Client Manager tasks. Links to these tasks are found under the 
* BIOS Upgrades Getting Started section of the quick start task menu. Also, depending upon your environment and 
Management preferences, you may want to consider adjusting some Nos#icaton Server configuration 
> Reports options to better suit your needs 
, Deli Client Manager Agent gj Leammore xj 
Done FTT TT Ts wm —— [Roe 


4. Click the plus (+) to expand the Intel AMT Getting Started section. 


^^ Altiris Console 6.5 - Windows Internet Explorer 





Qu CO ~ [Dorian trvoro oct Conaole Del aepx? Conse Guide f asb67-2506-42ad-8186-Te2t sane 07b Vewade Y] 6v | x [n p- 
WE SE Z) akiris Console 6.5 | | M- E o o beare - (Tos -" 


C altiris console / > 
Home View Manage 




























Salaa 
2 Ej Out of Band Management 
S E Aet Standard Format Getting Started » 
i C) Colectons Intel® AMT Getting Started 
E CJ Confg.raton ta) [Type |Description |Modifie d By Modified Date 
s e Section 1. Provisioning Folder TRYPROWdministrator — 6/14/2007 1:17:14 PM 
E e Section 2. Inte AMT Tasks Folder TRVPROVdministretor — 6/14/2007 11713 PM 
t Tasks 
Favorites x 
& (&) My Favorites | 
Altris Console Hom R 2of2 
" T " Pena a 1 Rows per page: E -] 
pau cing ESL RS uU a Pod al ES nd Pes Lak NDS NOB (Ng 


5. Click the plus (+) to expand the Section 1. Provisioning section. 


^2 Altiris Console 6.5 - Windows Internet Explorer ala) x) 
Go ~ [Zp rtp:tfatiniebox.trepro locsArisiConsoleJDel adt. aspx?ConsoleGuide 3f aaBbG7-2506-428d-8186-fe2f4249e 707b VewGader v]. #7 X five Search p= 
WE Se Zp akris Conscle 6.5 | | CESSES RII Nol dd 





C altiris console 































dL 
= & Out of Sand Management 
Sy Alert Standard Format Getting Started S 
i (C) Colectons Intel® AMT Getting Started 
t Confg.raton DEE i Type Description [Modifie d By Modified Date 
S & Intel® AMT Geteng Started Section 1. Provisioning Folder TRYPRO\dministrator — 6/14/2007 1:17:14 PM 
= O Section 1. Provisioning Section 2. Intel® AMT Tasks Folder TRYPRO\Administrator 6/14/2007 1:17:13 PM 
# C) Section 2. Intel® AMT Tasks 
H C Reports 
€* Cj Tasks 
Favorites. r | 
&B (E) My Favorites | 
Bh Altris Console Home Roms: 1to2of2 
Page: 1 of 1 Rows per page: | ^!! - 
puc a ps EE RENDER a SUE 7, 


6. Click the plus (+) to expand the Basic Provisioning (without TLS) section. 





/^ Altiris Console 6.5 - Windows Internet Explorer 


Goo ~ [Zo rtp:tfatiniebox.trepro local/Akiris/Console/Def aut. aspx?CorsoleGud= If aa6b67-250b-42ad-8186-fe2h4axde707EVewGidete] | X 
We SE Zp Akiris Console 6.5 | | 


5 altiris console 


Home View Manage Tools Reports Configure Help > 
$1.42 | 
S © Out of Band Management |] 
* t 5t F t t | 
Meu S: | Intel® AMT Getting Started 
* C3 Confg.raton 
S E Intel® AMT Gettng Started 
3 O Section i. Provisioning 
& C) Basie Provisioning (without TLS) 
a O Enbe Security (7.5) 
& C] Secton 2. Intel® AMT Tasks 
€ DJ Reps 
ə O Tass 





M- E o Yea O Tos e ” 





















Des cription [Modified By Modified Date 
Section 1. Provisioning Folder TRVPROhVAdministretor — 6/14/2007 1:17:14 PM 
Section 2. Inte& AMT Tasks Folder TRYPROWdministrator 6/14/2007 1:17:13 PM 


[Type 











Favorites ~ 
& (&) My Favorites 
Altiris Console Home | Romas: 1to2o0f2 
" Page: 1 of 1 Rowe per page: [all -] 


Racism Pe ee 


ies 


7. Select Step 1. Configure DNS. 


The notification server with an out-of-band management solution installed must be registered in DNS as "ProvisionServer." 





^^ Altiris Console 6.5 - Windows Internet Explorer : g xj 
Go v. [DÀ retosiiahiistos treprolocal/AkrisiConsoleJDel adt. aspx?ConsoleGude 3f aaBbG7-250b-42ad-8186-e2/4949e 7078 ViewGader v]. X [o Search P- 


WE Se Zp akris Conscle 6.5 | | 
5 altiris console . 
Home View Manage 
d aulas 
S & Out of Band Management | 
+ Alert Standard Format Getting Started | 
a » | Intel® AMT Getting Started 
* O Confg.raton 
S E Intel® AMT Getting Started 
S ©) Section i. Provisioning 
- (C) Basic Provisioning (without TLS) 
@) Step L Configure ONS 
SP Step 2. Oscover Capsbiites 
Gi Step 3. View Intel® AMT Capable Computers 
@) Step +. Create Profie 
@) Step 5S. Generate Security Keys 
@) Step 6. Configure Automate Profle Assignments 
@) 5:ep 7. Monitor Provisioning Process 
@) Step G. Monitor Profile Assignments 
ə O Enade Security (MLS) 
& (C) Secton 2. Intel® AMT Tasks 
*& ©) Reports 
& C) Tesis 


FPE) s jb» - (Tos - " 


> \ 













[Name [Type |Description |Modified By | Modified Date 
Section 1. Provisioning Folder TRYPROWdministrator — 6/14/2007 1:17:14 PM 
Section 2. Intel® AMT Tasks Folder TRVPROAdministrator 6/14/2007 1:17:13 PM 


















Favorites r 
- My Favorites 


Bi atris Console Home Rows: 1to20f2 
Page: 1 of 1 Rows ser page: | 4!! - 


Done CETT T EO neme [Rio e 





8. Click Test on the DNS Configuration screen to verify that DNS has the ProvisionServer entry and that it resolves to the correct Intel setup and 
configuration server (SCS). 



























& £3 Out of Band Management 
Gy Alet Standard Format Getting Started 
& CJ Colectons 
& CJ Confg.raton 
S E Intel® Amt Gettng Started 
S O Section 1. Provisioning 
& O Basie Provisioning (without TLS} 
@) Step 1. Configure ONS 
SP Step 2. Orscover Capabiites 
Gi Step 3. View Intel® AMT Capable Computers 
@) Step +. Create Profie 
@) Step 5. Generate Security Keys 
@) Step 6. Configure Automate Profile Assignments 
@) Step 7. Monitor Provisioning Process 
@) Step &. Monitor Profle Assignments 
® O Enade Security MS) 
ii O Section 2. Intel® AMT Tasks 
€ © Reports 
e © tasks 


DNS Configuration 


Intel® AMT device setup and configuration requires the presence of a Domain Name System 
(DNS) Server. The DNS must have information for two entities: 

* The computer running Intel® SCS Server must be registered in the ONS 

e A configured, operational Intel® AMT device must be registered within ONS 


Intel® SCS 

The Notification Server with Out of Band Management Solution installed (with i.e. Intel® 
SCS Server is running on this computer) must be registered in the DNS as 

This must be done in each DNS Domain. When it sends its "Hello" message, the Intel® AMT. 
device first uses the domain name received from the DHCP server. If there is more than one 
SCS in the domain, the DNS will alternate between the servers. If there are multiple SCS 
instances or the server platform has a different name, then CNAME records need to be 
added to the DNS. 


Click on the Test button below to verify that DNS has the "ProvisionServer" entry and that it 
to the correct Intel® SCS Server. 





Resolved "ProvisionServer" IP: 

Resolved Intel® SCS IP: 

Intel® AMT Devices 

Ensure that the DNS is configured with the Fully Qualified Domain Names (FQDN) of 
the Intel® AMT-enabled machines that are being configured. 

Intel® AMT devices must be configured to have the same FQON as the host OS. This stems 
from the fact the Intel® AMT device is not a secure DNS client and it relies on the host OS 
to maintain the DNS record. For this reason, the Intel® AMT device snoops the DHCP 
requests and responses issued by the host OS. The Intel® AMT device then uses the IP 
provided by the DHCP to the host OS as its own. 

When the host OS is down, the Intel® AMT device requests DNS registration of its 


HP Alteis Console Home 
confiqured FQON from the DHCP (option 81). This works only if the DNS and DHCP are zi 


The IP address for the ProvisionServer and Intel SCS are now visible. 
























S E Outof Band Management 
& Ej aet Standard Format Getting Started 
& CJ Colectons 
& CJ Configuration 
S E Intel AMT Gettng Started 
& ©) Section i. Provisioning 
G O Basi Provisioning (without TLS) 
es Step L Configure ONS 
Sed Step 2. Oscover Capsbiibes 
Gi Step 3. View Intel® AMT Capable Computers 
@) Step +. Create Profie 
@) Step 5. Generate Security Keys 
@) Step 6. Configure Automate Profle Assignments 
@) Step 7. Monitor Provisioning Process 
@) Step 8. Monitor Profle Assignments 
B O Enade Security (TLS) 
& (C) Section 2. Intel AMT Tasks 
@ O Reports 
& C3 Tass 


DNS Configuration 


Intel® AMT device setup and configuration requires the presence of a Domain Name System 
(DNS) Server. The DNS must have information for two entities; 

+ The computer running intel SCS Server must be registered in the DNS 

e A configured, operational Intel® AMT device must be registered within DNS 





Intel® SCS 

The Notification Server with Out of Band Management Solution installed (with i.e. Intel® 
SCS Server is running on this computer) must be registered in the ONS as "ProvisionServer". 
This must be done in each DNS Domain. When it sends its “Hello” message, the Intel® AMT 
device first uses the domain name received from the DHCP server. If there is more than one 
SCS in the domain, the DNS will alternate between the servers. If there are multiple SCS 
instances or the server platform has a different name, then CNAME records need to be 
added to the DNS. 


Click on the Test button below to verify that DNS has the "ProvisionServer" entry and that it 
resolves to the correct Intel® SCS Server. 


Intel® AMT Devices 

Ensure that the DNS is configured with the Fully Qualified Domain Names (FQDN) of 
the Intel® AMT-enabled machines that are being configured. 

Intel® AMT devices must be configured to have the same FQON as the host OS. This stems 
from the fact the Intel® AMT device is not a secure DNS client and it rees on the host OS 
to maintain the DNS record. For this reason, the Intel® AMT device snoops the DHCP 
requests and responses issued by the host OS. The Intel® AMT device then uses the IP 
provided by the DHCP to the host OS as its own. 

When the host OS is down, the Intel® AMT device requests DONS registration of its 
confiqured FQON from the DHCP (option 81). This works only if the DNS and DHCP are 





Bh Altris Console Home 


9. Select Step 2. Discovery Capabilities. 


> - Windows Internet Explorer 





S & Out of Band Management 
Gy Alet Standard Format Getting Started 
& ©) Collections 
w © Configuration 
S E Intel® Amt Geteng Started 

S O Section i. Provisioning 
S O Basic Provisioning (without TLS} 
L ons 


Qi Step 3. View Intel® AMT Capable Computers 
@) Step 4. Create Profie 
@) Step 5. Generate Security Keys 


@) Siep é. Configure Automatic Profile Assignments 


@) Step 7. Monitor Provisioning Process 
@) Step S. Monitor Profile Assignments 
& C Enade Security (TLS) 
i (C] Section 2. Intel® AMT Tasks 
€ Cj Repos 
e O Tass 


Bh Altis Console Home 

























DNS Configuration 


Intel® AMT device setup and configuration requires the presence of a Domain Name System 
(DNS) Server. The DNS must have information for two entities: 


* The computer running Intel® SCS Server must be registered in the DNS 
e A configured, operational Intel® AMT device must be registered within ONS 





Intel SCS 

The Notification Server with Out of Band Management Solution installed (with i.e. Intel® 
SCS Server is running on this computer) must be registered in the ONS as "ProvisionSe 
This must be done in each DNS Domain. When it sends its “Hello” message, the Intel® AMT 
device first uses the domain name received from the DHCP server. If there is more than one 
SCS in the domain, the DNS will alternate between the servers. If there are multiple SCS 
instances or the server platform has a different name, then CNAME records need to be 
added to the DNS. 


Click on the Test button below to verify that DNS has the "ProvisionServer" entry and that it 
resolves to the correct Intel® SCS Server. 


Resolved "ProvisionServer" IP: 192.168.20.10 

Resolved Intel® SCS IP: 192.168.20.10 

Intel® AMT Devices 

Ensure that the DNS is configured with the Fully Qualified Domain Names (FQDN) of 
the Intel® AMT-enabled machines that are being configured. 

Intel® AMT devices must be configured to have the same FQON as the host OS. This stems 
from the fact the Intel® AMT device is not a secure DNS client and it relies on the host OS 
to maintain the DNS record. For this reason, the Intel® AMT device snoops the DHCP 
requests and responses issued by the host OS. The Intel® AMT device then uses the IP 
provided by the DHCP to the host OS as its own. 

When the host OS is down, the Intel® AMT device requests DNS registration of its 
confiqured FQON from the DHCP (option 81). This works only if the DNS and DHCP are 


10. Verify that the setting is Enabled. If Disabled, click the checkbox next to Disabled and click Apply. 


PERENNE REPE RNC Aut 





- E Out of Band Management 
ie E Aet Standard Format Getting Started 
& O Colectons 
& CJ Confg.raton 
& E53 Intel® Ant Get?ng Started 
& ©) Section i Provisioning 
S O Basic Provsioning (without TLS) 
@) Step 1. Configure Ores 
d]. Step 2. Discover Capabübes 
Di Step 3. view Intel® AMT Capable Computers 
@) Step 4. Create Profe 
@) Step 5. Generate Secunty Keys 


@) Step 6. Configure Automate Profle Assign>ments 


@) Step 7. Monitor Provisioning Process 
@) Step 5. Monitor Profle Assignments 
S O Enae Security (LS) 
i (C) Section 2. Intel® AMT Tasks 
@ ©) Reports 
& LJ asks 


= @ My Favontes 
Bi Altris Console Home 


Out of Band Discovery 


Name: Qut of Band Discovery 
Description: Detects Out of Band capability of dient system. 


Package name: Out of Band Discovery Package 
Program name: [out of Band Discovery Program =] 
VV Enable Verbose Reporting of Status Events 
- Sections: Mu E Oa EV LM 
= Computers, All 32-bit Windows Vista Computers .. 4 


Package Multicast: T Disable download via multicast 


Scheduling 
C Manual F Run once ASAP 


€ Scheduled F Schedule: No schedule has baen defined 
€ only run at scheduled time 
© Run as soon as possible after the scheduled time 


F user Can Run 





I Notify user when the task is available 
F wam before running 


' Apply | ] emen] ) The Agent installabon task has been saved successfully - 








11. Select Step 3. View Intel AMT Capable Computers. 


Altiris Console 65.5 - Windows Internet Explorer 


^; altiris console ————— M —MÓ—— 





fhi i 
5 E Out of Band Management Out of Band Discovery 
+ Alert Standard Format Getting Started 
e a Collections S? M Enable (currently enabled) 
&& CJ Confg.raton : 
BN NUR ES Label = Out of Band Discovery 
S O Section 1. Provisioning : Detects Out of Band capability of client system. 
& Cy Bask Provisioning (without TLS) ee a a a 
@) Step 1. Configure ONS Package name: Out of Band Discovery Package 
BUM CRM DE Program name: [Out of Band Discovery Program =] 


@) Steo 4. Create Profie F Enable verbose Reporting of Status Events 
@) Step 5. Generate Security Keys 


All 32-bit Windows XP Computers, All 64-bit Windows Vista : 
@) Step 6. Configure Automate Profle Assignments | Applies to collections: ret z P 4 
@) Sup 7. Monitor Computers, All 32-bit Windows Vista Computers ... 
Q) 5160 8. Monitor Profie Assignments Package Multicast: I” Disable download via multicast 
B O Enable Security (715) San E t i B DUET ech IIA STUDD OE ad IEE De gaa ee eee te ae ae eae E OAA AAAA AAAA A AN AAA 
$i (C) Section 2. Intel AMT Tasks Scheduling Options 
& CJ Reports C Manual F Run once ASAP 


$ C) Tess € Scheduled I” Schedule: No schedule has been defined 
@ Only run at scheduled time 
€ Run as soon as possible after the scheduled time 


F User Can Run 


I Notify user when the task is available 
I" warn before running 








— alti x 
Lx Bh 


ra C JESUS IE MEI 
M E AL ME AL, 


Altiris Console 5.5 - Windows Internet Explorer 


e MA natpí/eirisbes.trepro.local/AbrisiConsole/Def aut asp ConsoleGuide M aab67-250b-422d-8186- «21494967078 Gd x 


Home View Manage 
bal dhe 
= & Outof Banc Management 








it B Ajert Standard Format Getting Ste tec : ——————— SN 
& C) Colectons All Intel® AMT Capable Computers 

@ © Configuraten All computers in this collection are Intel® AMT capable. 

S E Intel® Ant Getting Started Lest Updated: 6/27/2007 11:03:11 AM 


& ©) Section i. Provisioning 
e C) Basic Prowsioning (without TLS) 
@) Step 1. Configure Ons 
HB Step 2. Discover Capabübes 
Ui Step 3. View Intel® AMT Capabie Computers 
@) Step + Create Profle 
@) Sten 5. Generate Secunty Keys 
@) Step 6. Configure Automate Profle Assignments 
@) Step 7. Monitor Provisioning Process 
@) Step 5. Moritor Profle Assignments 
& ©) Enable Security (LS) 
i C] Secbon 2. Intel® AMT Tasks 
@ ©) Reports 
& O Tass 





| d$ This collection has no members. 





12. Select Step 4. Create Profile. 










sex) 
LXI ML ” 


Altiris Console 5.5 - Windows Internet Explorer 






http: risbonx,trepro.localfAltris]Console]Def su. asp ConsoleGuide f aa8b67-2506-42ad-8186-e2f404967076 eG iden z 


sitrisbox.trvpeo.tocal « TRVPR O Administrator 


BE Zp akris Console 6.5 
© altiris console — aannam 
|. Home View Manage Tools Reports Configure Help > 
dla 
& B3 Out of Band Management 

S E Aert Standard Format Getting Started 


& C) Colectons All Intel® AMT Capable Computers | 














@ © Configuration | All computers in this collection are Intel® AMT capable. | 
| Last Updated: 6/27/2007 11:03:11 AM | 


& E Intel® AMT Gettng Started 
& ©) Section i. Provisioning (4) This collection has no members. | 
& O Basie Provisioning (without TLS} Genn DR —' — : rere : —) 
@) Step 1. Configure ONS 
3j. Step 2. Oscover Capabábes 
Gi Step 3. View Intel® AMT Capable Computers 


@) Step 5. Generate Security Keys 
@) Step 6. Configure Automate Profile Assignments 
@) Step 7. Monitor Provisioning Process 
@) Step S. Monitor Profile Assignments 
S O Enade Security MLS) 
E C Section 2. Intel® AMT Tasks 
® ©) Reports 
a O tasks 





Favorites a 
& (&) My Favorites 
MP Alteis Console Home 


a PSE Ee [EE 


13. Click the plus (+) to add a new profile. 









Altiris Console 6.5 - Windows Internet Explorer wif xj 
Gc - [Daretscitahretos trepro localAtrisiConsole[Del st. asp ConsoleGude Sí ae0b67-2506-4224-8186-1e2149496 7076 eade Z] $| X [oe cn pe 
pay il 






altirisbox trvpeo.loca! - TEVen OVAdministestor 


ae p Akiris Console 6.5 
CO altiris console EE 
Home View Manage Tools Reports Configure Help > 
4) A —— i , 
& £3 Out of Band Management T |+ MX s ER EAR EET 
S E Aet Standard Format Getting Started Manage Profiles 
© O Colectons 8 E) i 
& O configraton | 
S E Intel® Amt Geteng Started 
& ©) Secton i. Provisioning 
© O Basic Provisioning (without TLS) 
@) Step 1. Configure Ons 
d. Step 2. Discover Capsblbes 
Gi step 3. View Intel® AMT Capable Computers 
ST Step 4. Create Profle 
@) Step S. Generate Security Keys 
@) Step 6. Configure Automatc Profile Assignments 
@) Step 7. Monitor Provisioning Process 
@) Step &. Monitor Profile Assignments 
& C) Enable Security MS) 
i$ C] Secton 2. Intel $ AMT Tasks 
@ O Reports 
& O Tass 





B9 m ee " 


lw 





























Profile ID [Profile Name Dr 








Favorites X 
S @ My Favorites 
Bh Altes Console Home 






imimimimim ri tere ELI E 


14. On the General tab the administrator can modify the profile name, description, and password. The administrator sets a standard password for easy 


maintenance in the future. Select the manual radio button and enter a new password. 





e | Altiris Console -- Webpage Dialog 


P hitp://akirisbox.trvpro.local/AkirisJOO8SC/EdKProfleOlg. aspx? actione add 
Configure Intel® AMT Setup & Configuration Service Profile 


General | Network | TLS | ACL | Power Policy | 


General Administrator Credentials 
Profile name: [aefauit, 2 User name: Form e 
Profile description: Intel® AMT 2.0 password: 
Default profile Random creation 
Manual: 












f altiris 









Kerberos 
Max clock tolerance: 





15. The Network tab provides the option to enable ping responses, VLAN, WebUl, Serial over LAN, and IDE Redirection. If you are configuring Intel AMT 
manually, all these settings are also available in the MEBx. 


e | Altiris Console -- Webpage Dialog 


P hitp:j/akirisbox.trvpro.localj/AkirisJ|OOBSC/EdKProfilleDlg. aspx?actioneadd 
Configure Intel® AMT Setup & Configuration Service Profile o9 a 





tiris 





Iv Enable ping response 
VLAN 
[F Use VLAN 


VLAN tag E 


Enabled Interfaces 
[lM web UI 
IV Serial over LAN 
Iv IDE redirection 





16. The TLS (Transport Layer Security) tab provides the ability to enable TLS. If enabled, several other pieces of information are required including the 
certificate authority (CA) server name, CA common name, CA type, and certificate template. 





ü Altiris Console -- Webpage Dialog a: x 
le bitps/akivisbox. trypeo. local//Altiris/OOGSC/EGRProfileOQlg, aspx7action=add -j 


Configure Intel® AMT Setup & Configuration Service Profile CO altiris 











17. The ACL (access control list) tab is used to review users already associated with this profile and to add new users and define their access privileges. 


e | Altiris Console -- Webpage Dialog 


P hittp:j/akirisbox.trvpro local AkirisjOOBSC]EdKProfileDlg. aspx?actione add 


Configure Intel® AMT Setup & Configuration Service Profile o altiris 





18. The Power Policy tab has configuration options to select the sleep states for Intel AMT and an Idle Timeout setting. It is recommended that Idle 
timeout is always set to 1 for optimal performance. 





ü Altiris Console -- Webpage Dialog 


P. hitp:j/akirisbox.trvpro. local AkirisJjOOBSC/EdKProfileDlg, aspx?actione add 










Configure Intel® AMT Setup & Configuration Service Profile C) altiris 
General | Network | TLS | act | Power Policy 


Configure the Profile Power Policy 


Intel® AMT is ON in the following host sleep states: 
Intel® AMT is always ON (S0-SS) 





minutes 





19. Select Step 5. Generate Security Keys. 





^^ Altiris Console 6.5 - Windows Internet Explorer 


WE SE 7) Aris Console 6.5 


C altiris console 





E Out of Sand Management 
E Aert Standard Format Getting Started 
& CJ Colectons 
* O Configuraton 
S E Intel® AMT Geteng Started 
& O Section i. Provisioning 
3 O Base Provisioning (without TLS) 
@) Siep 1 Configure ONS 
3B Step 2. Oscover Capabábes 
G3 Step 3. View Intel® AMT Capable Computers 
gT Step 4. Create Profie 
@) Step S. Generate Security Keys 
@) Step 6. Configure Automate Profile Assignments 
@) Step 7. Monitor Provisioning Process 
@) Step &. Moriter Profile Assignments 
ə O Enable Security (TLS) 





http:j/altirisbox trvpro.localf/Akris) Console Def ait .aspx?ConsoleGuidm 3f 4a6b67-250b-42 ad-B 186-fe2f49496 7078 ViewGuidet vw 


JE 
BE 
LY Bage - (Tee - " 


Love Search 


AD- 


altirisbox trvpeo.loca! - TEVen OVAdministestor i > 





Manage Profiles 


[Profile ID [Profile Name [Devices Description 


Default prole 





default, 3 





& C] Section 2. Intel® AMT Tasks 
a ©) Reports 
@ O Tasks 
— 
re =. R itolofi 
5 My Favorites Panar 1 eri" Rows cer page: [au = 
BP Alteis Console Home 
Pini r Do ey 


20. Select the icon with the arrow pointing out to Export Security Keys to USB Key. 





^2 Altiris Console 6.5 - Windows Internet Explorer 


WE DE Zp Akiris Console 6.5 
© altiris console - 
Home View Manage 

LLa 
3 E Out of Band Management 

Gy Alet Standard Format Getting Started 

# (J Collections 

© O Configuration 

S E Intel® AMT Gettng Started 

B ©) Section 1. Provisioning 
S O Basie Provisioning (without TLS) 
@) Step 1. Configure ONS 
BP Step 2- Oscover Capebábes 
Qi Siep 3. View Intel® AMT Capable Computers 
OT Step 4. Create Profie 
@) Step S. Generate Security Keys 
@) Step 6. Configure Automatc Profle Assignments 
@) Step 7. Monitor Provisioning Process 
@) Siep G. Monitor Profle Assignments 
O Enase Security (L5) 
& (C) Secton 2. Intel $ AMT Tasks 
w O Reports 
& C Tass 










Tools Reports Configure Help > 







iai xi 
Pattp://altirisbox. trvpro.local/Akiris/(Corcole/Def sult. aspx *CorcoleGuid= Sf 488b67-250b-42 44-8 1 86-Fa2f42406 707 B evident vw °F iF Love Search Pp S 
| | A-D- -he GT” 







gltirisbox trvpeo.loca! - TEVOeRn O Administrator > 


eges 


Manage Security Keys 





IPID |PPS r actory Default Password nmm Password 











Favorites = | 
= go [M Fite bye: | «~‘(PFimerbypps:[ 
i a Se v 


21. 


Select the Generate keys before export radio button. 


^3 Altiris Console -- Webpage Dialog 


| Export Security Keys to USB Key 


manually Into the Mensgement 





ser onsole Webpage T 
Export Security Keys to USB Key 





23. The Intel ME default password is admin. Configure the new Intel ME password for the environment. 


e | Altiris Console -- Webpage Dialog 


Export Security Keys to USB Key 





24. Click Generate. Once the keys have been created, a link appears to the left of the Generate button. 


























Export Security Keys to USB Key cC altiris 


Export keys 
C AN 
C Only selected 
C [Generate keys before export: 

Generate Security Keys 

Number of security keys to generate: [o 


Factory Default Intel® Management Engine Password 


Intel® ME Password: [admin 


New Intel® Management Engine Password 
This password is either uploaded from USB key or typed in manually into the Management 
Engine BIOS Extension screen 


Intel ME Password: [pe123! 


Export Result 


To create and download USB key file, first configure settings and click Generate file, and then 


click Download USB key file. Place downloaded fie to the USB Storage Device. 
Available: No data exported yet [sea ] Close | 


hito:JJakirisbox trvpeo-locall Aris JOOBSC JSecurityMEBxSettingsP age. aspi Internet | A 


25. Insert the previously formatted USB device into a USB connector on the ProvisioningServer. 
26. Click the Download USB key file link to download setup.bin file to the USB device. The USB device is recognized by default; save the file to the USB 
device. 


If additional keys are needed in the future, the USB device must be reformatted before saving the setup.bin file to it. 


e | Altiris Console -- Webpage Dialog 


Export Security Keys to USB Key c altiris 


€ Only selected 


C [Generate keys before export: 


Generate Security Keys 
Number of security keys to generate: [so 


Factory Default Intel® Management Engine Password 


Intel® ME Password: [admin 


New Intel® Management Engine Password 
This password is either uploaded from USB key or typed in manually into the Management 
Engine BIOS Extension screen 


Intel® ME Password: [pet123! 


Export Result 
To create and download USB key file, first configure settings and click Generate file. and then 
dick Download USB key fie. Place downloaded fie to the USB Storage Device 


Available: 6/27/2007 11:12:43 AM Sese | 


hetp:j] skirisbox trvpeo Jocalj Aris /OOBSC SecurityMEBxSettingsPsge aspi: e Internet | dh 


a. Click Save in the File Download dialog box. 


I x 


e M Hp Se SS 


=) Nama satup.bin 
Typa Unknown Fie Typa, 25.5KB 


Frome akirisbox.trvpro, local 


—m | 





i Wháe fles from the Intemet can be usetul, some fles can potertialy 
e harm your computer. If you do not trust the source, do not find a 
program to open this fe or save this fle. What's the risk? 





b. Verify the Save in: location is directed to the USB device. Click Save. 


SA 0 z 
Save in [= Removable Disk [E:) -] zoem 





C. Click Close in the Download complete dialog box. 


„iix 
A” 


^ Download Complete 


setup. bin from akirisbox.trypeo. local 

PTET 
Downloaded: 25.5KB in 1 sex 

Downlosd to: E:\setup.bin 

Transfer rae: 25.SKBjSec 

[^ lose this dialog box when download completes 


ETNEU Imm 





The setup.bin file is now visible in the drive explorer window. 





e| zigi 
Ble Edt yew Favorkes Took Heb a” 
. -| seach > Folders [m] 
Address [9 & -| Eja 
Name ^ Siza | Type | Date Modified Attributes |. 
File and Folder Tasks Y i setup.bin 26KB BINFie 6/27/2007 11:12AM A 
Other Places Y 
Details a 


Removable Disk (E:) 
Removable Dish 


File System: FAT 





27. Close the Export Security Keys to USB Key and drive explorer windows to return to the Altiris Console. 
28. Take the USB device to the computer, insert the device, and turn on the computer. The USB device is recognized immediately and the following message 
appears: 


Continue with Auto Provisioning (Y/N) 
29. Press <y>. 


Intel(R) Management Engine BIOS Extension 
Copyright(C) 2683-8? Intel Corporation. All Rights Reserved. 


Found USB Key for provisioning Intel(R) AMT 
Continue with Auto Provisioning (Y/N) 





30. Press any key to continue with system boot... 


Intel(R) Management Engine BIOS Extension 
Copyright(C) 2683-87 Intel Corporation. All Rights Reserved. 


Found USB Key for provisioning Intel(R) AMT 
Continue with Auto Provisioning (Y/N) 


Intel(R) AMT Provisioning complete 
Press any key to continue with system boot... 


Intel(R) Management Engine BIOS Extension 
Copyright(C) 2003-07 Intel Corporation. All Rights Reserved. 


Found USB Key for provisioning Intel(R) AMT 
Continue with Auto Provisioning (Y/N) 


Intel(R) AMT Provisioning complete 
Press any key to continue with system boot... 
ME-BIOS Sync - Successful 





31. Once complete, turn off the computer and move back to the management server. 
32. Select Step 6. Configure Automatic Profile Assignments. 


(2 Altiris Console 6.5 - Windows Internet Explorer BE EIE: 





p » 


ww MI Console 6.5 | T meo v Page » Tools ~ 


© altiris console G o 


Home View Manage Tools Reports Configure Help > 











4 a ! * Z 
IE -6|* grat 
z = — " Manage Security Keys 
$ C3 Config. 
3 6 intel aT ta PID |PPS |Factory Default Password |New Password 
3 0 Sect 
@) Step 1. Configure Ons 
ay Step 2. D'scover Capabiábes 
gi Steo 3. View Inte’ ® AMT Caoaoe Compubers 
aT Step +. Create Profe 


@) Step 5. Generate Security Keys 
p) Siep S. Generate Security Ke 


@) Step 6. Configure Automatc Profile Assignments 


à) $07 
@) Steps." 
2 OE s Sec; n 
5 C] Secta te 
a ©) Reports 
BO) tas 
Favorites = 
= (È) My Favorites [^ Filter by PID [T Filter by PPS: 
5 Altiris Console Home 
Done p @ intar AI ~ 


33. Verify that the setting setting is enabled. In the Intel AMT 2.0+ dropdown, select the profile created previously. Configure the other settings for the 
environment. 






C To Z) ret: etrisbox.trvpro locl/As/ Console [Def aut. aspx?ConsoleGuide Sf aaBb67-250b-420d-6166-fe21492967078Miewtadd=t B3 


—— E 






E Out of Banc Management 
Gy Alet Standard Format Getting Started 


w O Collections 
& O Confg.raton 
= C) Section 1, Provisioning “New profile assignments will be created automatically for ai entere M tem jn unprovizioned state and have. 
S O Basie Provisioning (without TLS) Fully Qualified Domain Name (FQDN) found in the Server database based on the system UID. 


@) Step 1. Configure Ones LENA 10 E: default. 3 
d]. Step 2. Discover Capabiibes ; d i 

Di Step 3. view Intel® AMT Capable Computers i 
ST Step +. Create Profle 

gf Sten 5. Generate Security Keys 


2) Step &. Configure Autemabc Profie Assignments L 
© sm? Pee T 





® O Section 2. Intel® AMT Tasks 
w ©) Reports 
& O Tasis 





m @ My Favontes 
HF Altiris Console Home 


34. Select Step 7. Monitor Provisioning Process. 


Altiris Console 6.5 C Anaa aa ada ds a s 





i E Alert Standard Format Getting Started 
& CJ Colectons 
& CJ Confg.raton 
S E Intel® Amt Gettng Started 
S O Section i. Provisioning 
& O Basie Provisioning (without TLS} 
@) Step 1. Configure ONS 
dj. Step 2. Oecover Capsbiites 
G3 step 3. view Intel® AMT Capadie Computers 


Resource Synchronization 
M Enable (currently enabled) - l 


profile assignments will be ted automatically for all systems that in unprovisioned state and have 
FO Quales Domain ame [EQUN) feund i the Nobfcation Server database baned on the system UUID. 


F Intel® AMT 1.0 to profile: - [defaut 3 9]. 
F Intel® AMT 2.0+ to profile: [aetauit 5 =] 
ST Step 4. Create Profie 
oof Step S. Generate Security Keys Synchronize Intel® SCS and Notification Server resources - 
[ICT TTE LE T mm T Remove dupkcate Intt AMT recrce rom Notfcaton Seve database 
@) Step 7. Monitor Provisoning Process 


V Enable Schedule: Daily 
^ At 2:10 AM every. 1 days, starting Saturday, January 01, 2005 — 


















@) 5:60 8. Monitor Profle Assignments 
@ O Enade Security (TLS) 
& (C) Section 2. Intel AMT Tasks 
e O Reports 
& CJ Tasks 








The computers for which the keys were applied begin to appearing in the system list. At first the status is Unprovisioned, then the system status changes to 
In provisioning, and finally it changes to Provisioned at the end of the process. 


Altiris Console 6.5 - Windows Internet Explorer 





WR BR Zp Akiris Console 6.5 | | AME) 2g - Ts -" 
C altiris console > 
Home View Manage 
fel 
& & Out of Band Management 
S E Aet Standard Format Getting Started 
& CJ Colectons 
C3 Configuration 
£3 intel AMT Gettng Started 
& O Section 1. Provisioning 
m (D) Basic Provisioning (without TLS) 
@) Siep 1 Configure ONS 
Bh. Step 2 Oscover Capebübes 
Gi Step 3. View Intel® AMT Capable Comouters 
dT Step 4. Create Profie 
gf Step 5. Generate Secunty Keys 
@) Step 6. Configure Automate Profile Assignments 
@) Step 7. Monitor Provisioning Process 
@) Siep G. Monitor Profile Assignments 
S O Enade Security MS) 
E C Section 2. Intel® AMT Tasks 





altirisbox.trvpro local © TRVPR OlAdministrator 


e 


VUN FODN [Status | Provision Vate/|Version 





m 





@ O Reports 
& C3 Tasks 
[s [veri zl mjii [inerovisioning x] T Records: [an -] 
Favorites X By T By Sen zz ; z 
Em (E) My Favorites L name: [defaults z] Li UUID: [ B date: [s 27/2006 12100100 AM 
HF Altes Console Home [ Order by: [vuro m] dete [Ae z] 


SSS ESS SSeS en Pe ee RUNI 4 


35. Select Step 8. Monitor Profile Assignments. 





Altiris Console 6.5 - Windows Internet Explorer 





6o- http;lfirisbox.trvpro.loclfArisiConsolejDel sit. asp ConsoleGuide 3f aa8b67-250b-42ad-8186-fe2/4 04967076 VewGadei v]. 5v | x [on D 
WE dE Zp akris Console 6.5 | | IPIE) 4o pee - Grow ~ ” 


C altiris console 
Home View Manage 
dla 
5 E Out of Band Management 
S E Aet Standard Format Getting Started 
& CJ Collections 
© O Configuration 
G É3 IntelE AMT Gettng Started 
& O Section i. Provisioning 
S O Basic Provisioning (without TLS) 
@) Siep 1 Configure ONS 
d. Step 2. Oscover Capabiltes 
Qi Siep 3. View Intel® AMT Capable Comouters 
ST Step 4. Create Profie 
gf Step 5. Generate Security Keys 
@) Step 6. Configure Automatic Profle Assignments 
@) Step 7. Monitor Provisioning Process 


> 





Intel® AMT Systems 





TUM em merc ee hart |Protile 






+ CJ Enabie Security (TLS) = 
# (C) Section 2. Intel® AMT Tasks 





E O Reports 
& O Tass 
D xd lans [veris x] Pa [1»2rovisioming =) [^ Records: | alt - 
Favorites = By profe [enaus — I] By ed From — [7727/2006 12:000 AM 
Gi B My Fevorites Er x duos default, 3 "n UUID: r as 6/27/2006 12100100 AM 
HP Alteis Console Home [^ Order by: |uutc m] direction: [Ascencing x] 


int i a a a enna (ah ea ieee SR, 


The computers for which profiles were assigned appear in the list. Each computer is identified by the FQDN, UUID, and Profile Name columns. 





{> Altiris Console 6.5 - Windows Internet Explorer 





G- Y hitp:]faltirisbox trvpro.local/Akirisi Console Del suit .aspx?ConsoleGuida3f 446b67-250b-424-8186-Fa2f49496 707 B View Guidest Y 


we oe 2) Aktiris Conscle 6.5 | | CRESSES oopa - Gio ~ ” 
5 altiris console x RT at l 





Home View Manage Tools Reports Configure Help > 


mE: 
= e os of Band Management Exiit e uii Gl+ Z| MIX 


* Ej Alet Standard Format Getting Started Profile Assignments 


# [jJ Collections 
a 0) Configuration 


[FQDN |UUID [Profile Name - 





E intel'$ AMT Gettng Started 
3 O Section i. Provisioning 
3 O Basie Provisioning (without TLS) 
@) Step 1. Configure ONS 
SB Step 2. Oscover Capebábes 
Qi Siep 3. View Intel® AMT Capabdie Computers 
BT Step 4. Create Profie 


Step S. Generate Security Keys 


A 


Step 6. Configure Automate Profle Assignments 
@) Step 7. Monitor Provisioning Process 
@) Step &. Monitor Profile Assignments 
t Enable Security (TLS) 


* [L) Secton 2. Intel® AMT Tasks 








* Reports 
+ Tasks 
Favorites T 
s [^ &y uuro: [ [^ &y Fqow: [ [^ &y Profile: [each 3 x] 
= ^y Favorites 
HP Alteis Console Home [ Order By: fuvic -] direction: [Ascending -] [ $y 40 Ou: [ 
Done LIT TT T Dee nens [Rio * ; 


Once the computers are provisioned, they are visible under the Collections folder in All configured Intel AMT computers. 


(> Altiris Console 6.5 - Windows Internet Explorer NT. 3 ini xj 








G- X hitp://sitirebox.trvpro.local/ Altiris Console /Def auk aep? ConscleG uide 3f 55567 -250b-42d-9186-fe2f 494957075 MewGuds vw] ty X f. e Sea P~ 
Í ^ » 
WE dE Zp Akiris Console 6.5 | | E- E- - Bee - (Tons - 


C altiris console 
Home View Manage Tools Reports Configure Help > 


4.1% " | 
zi CJ Out of Band Management x a 7 4 D 9 


* 3 Alert Standard Format Getting Started 
a (E Collections All Configured Intel® AMT Computers 
9i Al Broadcom ASE capable computers All computers in this collection are configured Intel$ AMT computers 


Di Al configured Intel® AMT computers Last Updated: — 7/11/2007 11:37:16 AM 


Di Al Intel® AMT capable computers A This collection has no members 
* &) Provisoning 


Configuration 


Resorts 


+ 
+ & Intel® AMT Getting Started 
* 
* Tasks 





Favorites z 
= © My Favontes 


Bh Altris Console Home 











Using MEBx Interface to Complete Provisioning 


Intel® AMT can be set up for either Enterprise or Small and Medium Business operational modes (also called provisioning models). Both operational modes 


support dynamic and static IP networking. 


If you use dynamic IP networking (DHCP), the Intel AMT host name and the operating system host name must match. You must also configure both the 


operating system and Intel AMT to use DHCP as well. 


If you use static IP networking, the Intel AMT IP address must be different from the operating system's IP address. Additionally, the Intel AMT hostname must 


be different from the operating system's hostname. 


| Enterprise mode - This mode is for large organizations. This is an advanced networking mode that supports Transport Layer Security (TLS) which 
requires a configuration service. Enterprise mode allows IT administrators to set up and configure Intel AMT securely for remote management. The Dell™ 
computer is defaulted to Enterprise mode when it leaves the factory. The mode can be changed during the setup and configuration process. 

| Small Medium Business (SMB) mode - This mode is a simplified operational mode that does not support TLS and does not require a setup application. 
SMB mode is for customers who do not have independent software vendor (ISV) management consoles or the necessary network and security 
infrastructures to use encrypted TLS. In SMB mode, Intel AMT setup and configuration is a manual process completed through the Intel ME BIOS 
Extension (MEBx). This mode is the easiest to implement since it does not require much infrastructure, but it is the least secure since all network traffic is 


not encrypted. 


Intel AMT Configuration sets up all other Intel AMT options not covered in Intel AMT Setup, such as enabling the computer for Serial-Over-LAN (SOL) or IDE- 
Redirect (IDE-R). 


You can change the settings modified in the configuration phase many times over the course of a computer's life span. Changes can be made to the computer 
locally or through a management console. 


Enterprise Mode Provisioning Methods 


There are two methods of provisioning a computer with Enterprise mode: 


| Legacy 
| IT TLS-PSK 


Legacy 


If you want Transport Layer Security (TLS), execute the legacy method of Intel AMT setup and configuration on an isolated network separate from the 
corporate network. A setup and configuration server (SCS) requires a secondary network connection to a certification authority (an entity which issues digital 
certificates) for TLS configuration. 


Initially the computers are shipped in the factory-default state with Intel AMT ready for configuration and provisioning. These computers must go through Intel 
AMT setup in order to go from the factory-default state to the setup state. Once the computer is in the setup state, you can continue to configure it manually 
or connect it to a network where it connects with an SCS and begin Enterprise Mode Intel AMT configuration. 


IT TLS-PSK 


IT TLS-PSK Intel AMT setup and configuration is usually performed in a company's IT department. The following are required: 


| Setup and configuration server 
| Network and security infrastructure 


Intel AMT capable computers in the factory-default state are given to the IT department, which is responsible for Intel AMT setup and configuration. The IT 
department can use any method to input Intel AMT setup information, after which the computers are in Enterprise mode and in the In-Setup phase. An SCS 
must generate PID and PPS sets. 


Intel AMT configuration must occur over a network. The network can be encrypted using the Transport Layer Security Pre-Shared Key (TLS-PSK) protocol. Once 
the computers connect to an SCS, Enterprise mode configuration occurs. 


Enterprise Mode 


The Intel® Management Engine BIOS Extension (MEBx) is an optional ROM module that Intel provides to Dell™ to be included in the Dell BIOS. The MEBx has 
been customized for Dell computers. 


Enterprise mode (for large corporate customers) requires a setup and configuration server (SCS). An SCS runs an application over a network that performs 
Intel AMT setup and configuration. The SCS is also known as a provisioning server as seen in the MEBx. An SCS is typically provided by independent software 
vendors (ISVs) and is contained within the ISV management console product. Consult with the management console supplier for more information. 


To setup and configure a computer for Enterprise mode, you must enable the Management Engine for Enterprise mode and configure Intel AMT for Enterprise 


mode. For instructions, see ME Configuration: Enabling Management Engine for Enterprise Mode and AMT Configuration: Enabling Intel AMT for Enterprise 
Mode. 


ME Configuration: Enabling Management Engine for Enterprise Mode 


To enable Intel ME configuration settings on the target platform, perform the following steps: 
1. Turn on the computer and during the boot process, press «Ctrl» «p» when the Dell logo screen appears to enter the MEBx application. 
2. Type admin in the Intel ME Password field. Press «Enter». Passwords are case sensitive. 


You must change the default password before making changes to the MEBx options. 


Intel(R). Management Engine ‘BIOS Extension vZ.5.15.0000. 


Copyright(C). 2003-06 Intel Corporation. ll Rights Reserved. 
[ MAIN MENU ] 


Intel(R) ME Configuration 
Intel(R) AMT Configuration 
Change Intel(R) ME Passuord 
Exit 


Intel(R) Current ME Password 


[ESC]-Exit [ENTER] -Subnit 





3. Select Change Intel ME Password. Press <Enter>. Type the new password twice for verification. 
The new password must include the following elements: 


| Eight characters 

| One uppercase letter 

| One lowercase letter 

| A number 

| A special (nonalphanumeric) character, such as !, $, or; excluding the :, ", and , characters.) 


The underscore ( _ ) and spacebar are valid password characters but do NOT add to the password complexity. 


Change the password to establish Intel AMT ownership. The computer then goes from the factory-default state to the setup state. 


Intel(R) Management Engine BIOS Extension v2.5.15.0000 
Copyright(C) 2003-06 Intel Corporation. - [LH Rights Reserved. 
————SÀ[ MAIN MENU ]em— 


Intel(R) ME Configuration > 
Intel CR) AMT Configuration 
Change Intel(R) ME Password 
Exit 


BONE yo ha [ti]-Select [ENTER] -Access 





4. Select Intel ME Configuration. Press <Enter>. 


ME Platform Configuration allows you to configure ME features such as power options, firmware update capabilities, and so on. 


Intel(R) Management Engine BIOS Extension y2.5.15.0000 
Copyright(C) 2003-06 Intel Corporation. All Rights Reserved. 
—  á—— L EE EEE 


Intel(R) ME Configuration > 
Intel CR) AMT Configuration 
Change Intel(R) ME Password 


Exit 


[t}]=Select OA MUA Beets 


[ESC1-Exit 





5. The following message appears: 


fter configuration change. Continue (Y/N). 





System resets ai 


Press <y>. 


. Intel(R) Management Engine BIOS Extension vZ.5.15.0000 
Copyright(C) 2003-06 Intel Corporation. All Rights Reserved. 
— [MAIN MENU eFe__ 


Intel(R) ME Configuration 
Intel(R) AMT Configuration 
Change Intel(R) ME Password 


Exit 


[ESC ]=Exit [ti]-Select [ENTER ]-ficcess 


| [Caution] 
System resets after configuration changes 
Continue: (Y/N) 





6. Intel ME State Control is the next option. The default setting for this option is Enabled. Do not change this setting to Disabled. If you want to disable 
option to None. 


Intel AMT, change the 


Intel(R) Management Engine BIOS Extension y2.5.15.0000 
Copyright(C) 2003-06 Intel Corporation. All Rights Reserved. 
[ 


Intel(R) ME Firmware Local Update 
LAN Controller 

Intel (R) ME Features Control 
Intel(R) ME Power Control 

Return to Previous Menu 


[ESC]-Exit [11]-Select [ENTER] -ficcess 


"DISABLED 
[x] ENABLED 





7. Select Intel ME Firmware Local Update. Press «Enter». 
8. Select Always Open. Press «Enter». The default setting for this option is Disabled. 


Intel(R) Management Engine BIOS Extension v2.5.15.0000 
Copyright(C) 2003-06 Intel Corporation. All Rights Reserved. 
[ 


Intel(R) ME State Control 
Intel(R) ME Firmware Local 
LAàN Controller 

Intel(R) ME Features Control 
Intel(R) ME Power Contro! 
Return to Previous Menu 


[ESC]-Exit [t}]=Select [ENTER] -ficcess 





9. Select Intel ME Features Control. Press «Enter». 


Intel(R) Management Engine BIOS Extension y2.5.15.0000- 


Copyright(C) 2003-06 Intel Corporation. All Rights Reserved. 
[ INTEL(CR) ME PLATFORM CONFIGURATION ] 


Intel(R) ME State Control 
Intel(R) ME Firmware Local Update 
LAN Controller 


TIT ME peur 
Return to Previous Menu 


I[ESC]-Exit. [t}]=Select [ENTER l] -Access 





10. Manageability Feature Selection is the next option. This feature sets the platform management mode. The default setting is I ntel AMT. 


Selecting the None option disables all remote management capabilities. 


Intel(R) Management Engine BIOS Extension v2.5.15.0000. 


Copyright(C) 2003-06 Intel Corporation. All Rights Reserved. 
—M[ [NTEL(R) ME FERTURES CONTROL 1 


‘Tanageabitty Feature Selection 
Return to Previous Menu 


I[ESC]-Exit [fi]-Select [ENTER]-ficcess 


oe a 
[x] Intel(R) AMT 
ES: 1j 





11. Select Return to Previous Menu. Press «Enter». 


Intel(R) Management Engine BIOS Extension v2.5.15.0000 


Copyright(C) 2003-06 Intel Corporation, fll Rights Reserved. 
[ INTEL(R) ME FEATURES CONTROL ] 


Manageability Feature aaa 


[ESC]-Exit [f1]-Select [ENTER l] -Access 





12. Select Intel ME Power Control. Press <Enter>. 


Intel(R) Management Engine BIOS Extension v2.5.15.0000- 
Copyright(C) 2003-06 Intel Corporation. All Rights Reserved. 
———[ INTEL(R) ME PLATFORM CONFIGURATION J 

Intel(R) ME State Control 
Intel(R) ME Firmware Local Update 
LAN Controller 

Intel (i) ME eis, util 


Z ET CR) ME zr Ld ro) 
DT to E € 


BON ES he (tl]=Select LO MU BE oars 





13. Intel ME ON in Host Sleep States is the next option. The default setting is Mobile: ON in SO. 


Intel(R) Management Engine BIOS Extension v2.5.15.0000. 
Copyright(C) 2003-06 Aai ali Rights Reserved. 
— [D INTEL(R) ME POWER CONTROL l= 


Dur pr ImmT Menu 


SOE Soha [ti]-Select [ENTER ] Access 


[ | Mobile: NK ALD 

[ ] Mobile: j , sd/AC, $4-57AC 

[ ] Mobile: in 50; ME WoL in S3/AC 

[ ] Mobile: in 50; ME WoL in S3/AC, $4-5/AC 





14. Select Return to Previous Menu. Press <Enter>. 
15. Select Return to Previous Menu. Press <Enter>. 


Intel(R) Management Engine BIOS Extension v2.5.15.0000- 
Copyright(C) 2003-06 Intel pool pt All DR 

— M [ [NTEL(R) ME PLATFORM CONFIGURATION J= 

TT ydo State Control 

Intel(R) ME Firmuare Local Update 

LAN Controller 

Intel (R) ME Features Control 

Tate (8) p? l'ouer Control 


I[ESC]-Exit [fi]-Select [ENTER]-ficcess 





16. Exit the MEBx Setup and save the ME configuration. The computer displays an Intel ME Configuration Complete message and then restarts. After the 
ME configuration is complete, you can configure the Intel AMT settings. For instructions, see 





Intel AMT Configuration: Enabling Intel AMT for Enterprise Mode 


To enable Intel AMT configuration settings on the target platform, perform the following steps: 


1. Turn on the computer and during the boot process, press «Ctrl» «p» when the Dell logo screen appears to enter the MEBx application. 
2. A prompt for the password appears. Enter the new Intel ME password. 
3. Select Intel AMT Configuration. Press «Enter». 


Intel(R) Management. 2 BIOS Extension v2.5.15.0000. 
Copyright(C) 2003-06 Intel Corporation. All te Reserved. 
= C MAIN MENU m 


LALL ME bA Lob 


Change T [3 IUS 
d 


BUM» BOSSES alia) [ENTER 1-ficcess 





4. Select Host Name. Press «Enter». Then type in a unique name for this Intel AMT machine. Press «Enter». 


Spaces are not accepted in the host name. Make sure there is not a duplicate host name on the network. Host names can be used in place of the computer's 
IP for any applications requiring the IP address. 


EE PM CLE 04 Engine BIOS Extension v2.5.15.0000 
Copyright(C) 2003-06 Intel Corporation. All Rights Reserved. 
Lxx i Ll (R) AMT CONFIGURATION J= 


TCP/IP 

Provisioning Server 
Provision Model 

Set PID and PPS 
Un-Provision 

SOL/IDE-R 

Ae ea ee Ca 


Computer host name 





[ESC]-Exit [ENTER ]-Submit 


5. Select TCP/ IP. Press «Enter». 
The following messages appear: 


| Disable Network Interface: (Y/N) 





Press «n». 


If the network is disabled, then all remote AMT capabilities are disabled and TCP/IP settings are not necessary. This option is a toggle, and the next time 
it is accessed you are prompted with the opposite setting. 


Intel(R) Management Engine BIOS Extension v2.5.15.0000 
Copyright(C) 2003-06 Intel Corporation. All Rights Reserved. 
—  [ [NTELCR) BMT CONFIGURATIUN ]em—— 

Host Mame 

TCP/IP 

Provisioning Server 
Provision Model 

set PID and PPS 
Un-Provision 

SOL/ IDE-R 

Secure Firmuare Update 


[ESC]-Exit [ft}]=Select [ENTER ] -Access 


Disable Network Interface: (Y/N) 





| [DHCP Enable] Disable DHCP (Y/N) 


Press <n>. 


Intel(R) Management Engine BIOS Extension v2.5.15.0000 
Copyright(C) 2003-06 Intel Corporation. All Rights Reserved. 
——[ [INTEL(R) &MT CONFIGURATION ]ee— 
Host Name 
TCP/ IP 
Provisioning Server 
Provision Model 
Set PID and PPS 
Un-Provision 
SOL/ IDE-R 
Secure Firmuare Update 


[ESC]-Exit [tL]=Select [ENTER ]*ficcess 


[DHCP Enabled] 
TIER ECT D 





| Domain Name 


Type the domain name into the field. 


. Intel(R) Management Engine. BIOS Extension v2.5.15.0000 
Copyright(C) 2003-06 Intel Corporation. All as Reserved. 
[ INTEL(R) AMT CONFIGURATION == 
Host Name 


Provisioning Server 
Provision Model 


ASSUM d 
Un-Provision 

SüL/IDE-R 

secure Firmware Update 


Domain name 





[ESC]-Exit [ENTER ]-Submit- 
6. Select Provision Server from the menu. Press «Enter». 


Intel(R) Management Engine BIOS Extension v2.5.15.0000 
Copyright(C) 2003-06 Intel Corporation. All Rights. BITTE 
=] [NTEL(R) AMT CONFIGURATION 11 

Host Name 

TCP/ IP 

Provisioning Server 
Provision Model 

set PID and PPS 
Un-Provision 

SOL/ IDE-R 

Secure Firmuare Update 


NB SIME BEES EST! [ENTER ] -Access 





7. Type the provisioning server IP in the Provisioning server address field and press «Enter». 


Intel(R) Management Engine BIOS Extension v2.5.15.0000_ 
Copyright(C) 2003-06 Intel Corporation. "n Pights. ‘Reserved. 
——M[ INTEL(RO) AMT CONFIGURATION = 
Host Name 
wats 


Provisioning Server 
Provision Model 

set PID and PPS 
Un-Provision 

SOL/ IDE-R 

secure Firmware Update 


Provisioning server address 





[ESC]-Exit . [ENTER ]-Submit 


Ká NOTE: The default setting is 0.0.0.0. This default setting works only if the DNS server has an entry that can resolve tech provision server to the IP of 
the provisioning server. 


8. Type the port in the Port number field and press <ENTER>. 


. Intel(R) Management Engine BIOS Extension v2.5.15.0000 
Copyright(C) 2003-06 Intel Corporation. All ates Reserved. 

[ INTELCR) AMT CONFIGURATION ] 

iMi 

TCP/ IP 

Provisioning Server 

Provision Model 

set PID and PPS 

Un-Provision 

SOL/ IDE-R 

Secure Firmware Update 


Port number (0-65535) 





[ESCI-Exit | EE V SENTI T 


NOTE: The default setting is O. If left at the default setting of 0, the AMT attempts to contact the provisioning server on port 9971. If the provisioning 
server is listening on a different port, enter it here. 


The following message appears: 


| [Intel (R) AMT 2.6 Mode] [Enterprise] change to Small Business: (Y/N) 








Press <n>. 
9. Set PID and PPS is the next option. The PID and PPS can be input manually or by using a USB key once the SCS generates the codes. 


This option is for entering the provisioning ID (PID) and provisioning passphrase (PPS). PIDs are eight characters and PPS are 32 characters. There are dashes 
between every set of four characters, so including dashes, PIDs are nine characters and PPS are 40 characters. An SCS must generate these entries. 


Intel(R) Management Engine BIOS Extension y2.5.15.0000- 
Tat Ae 2003-06 Intel Corporation. All Rights Reserved, 
[ INTELCR) AMT CONFIGURATION J= 

Host Name 

TCP/IP 

Provisioning Server 
Provision Model 


i Sorry ora 
SOL/IDE-R 
secure Firmware Update 


Enter PID (e.g. ABCD-1234) 





[ESC]-Exit [ENTER] -Submit 
10. Select SOL/ I DE-R. Press «Enter». 


Intel(R) Management Engine BIOS Extension v2.5.15.0000. 
UTC 2003-06 Intel Corporation, All Rights Reserved. 
— 9À[ [NTEL(R) AMT CONFIGURATION ]e— 

TCP/IP 

Provisioning Server 
Provision Model 

set PID and PPS 
Un-Provision 


Secure Firmuare Update 
Set PRTC 


Bee» [ti]-Select [ENTER] -ficcess 





11. The following messages appear, and require the response indicated in the following bulleted list: 





[Caution] System resets after configuration changes. Continue: (Y/N) 


Press «y». 


= Intel(R) Management Engine BIOS Extension y2.5.15.0000 E 
Copyright(C) 2003-06 Intel Corporation. Áll Rights Reserved. 
——— [C INTEL(R) AMT CONFIGURATION b 

TCP/ IP 

Provisioning Seruer 

Provision Model 

set PID and PPS 

Un-Provision 

SOL/ IDE-R 

secure Firmware Update 

Set PRTC 


[ESC]*Exit [ti]-Select [ENTER]-ficcess 


: [Caution] 
System resets after configuration changes 
Continue: (Y/N) 





| User name & Password 
o Select Enabled and then press «Enter». 


This option allows you to add users and passwords from the WebGUI. If the option is disabled, then only the administrator has MEBx remote access. 


Intel(R) Management Engine BIOS Extension v2.5.15.0000 
Copyright(C) 2003-06 Intel Corporation. All Rights Reserved. 
=( INTEL(R) AMT CONFIGURATION J 
TCP/ IP 
Provisioning Seruer 
Provision Model 
set PID and PPS 
Un-Provision 


Secure Firmuare update 
Set PRTC 


[ESC]-Exit. [fT1]-Select [ENTER ]1-ficcess 


Username & Password 
CJ DISABLED 
[x] ENABLED 





| Serial Over LAN 


Select Enabled and then press «Enter». 


Intel(R) Management Engine BIOS Extension v2. 3. 15.0000 
TACITI 2003-06 Intel Corporation. All Rights Reserved. 
[ INTELCR) &MT CONFIGURATION ]- 

TCP/ IP 

Provisioning Server 
Provision Model 

set PID and PPS 
Un-Provision 


Secure Firmuare Update 
Set PRTC 


me NED) on ae ([th]=Select DONNA Bears 


Serial Over LAN 
LC J DISABLED 
[x] ENABLED 








IDE Redirection 
Select Enabled and then press «Enter». 


Intel(R) Management Engine LIN Extension. v2 .9.15 0000 

EI 2003-06 Intel Corporation, All Cae Reserved. 
[ INTELCR) AMT CONFIGURATION I 
TCP/IP 
Provisioning Seruer 
Provision Model 
set PID and PPS 
Un-Provision 


Secure Firmuare Update 
Set PRTC 


BONE) ena [ti]-Select [ENTER]-ficcess 


IDE Redirection 
i | dE 





12. Secure Firmware Update is the next option. The default setting is Enabled. 


13. 


14. 


Intel(R) Management. a BIOS Extension v2.5.15.0000. 


TACITI 2003-06 Intel Corporation. 
[ INTELCR) AMT CONF IGURAT 


TCP/IP 

Provisioning Server 
Provision Model 

set PID and PPS 
Un-Provision 

SOL/ IDE-R 


Tra a he 


Mu» BEES EST dn 


[^3 n [ SABLET 
i 4 =" 


IDLLL 


[x] ENABLED 


Skip Set PRTC. 


Chai Heata 
| SEC! ur "a F irte Wa rc Update 


aa as Reserved, 
0N uÁ 


[ENTER ] Access 





Intel(R) Management LEDGE BIOS Extension v2.5.15.0000- 


AAO 2003-06 Intel Corporation. 


"i Rights Reserved, 


—— [ INTELCR) AMT CONFIGURATION = 


TCP/ IP 


Provisioning Server 


Provision Model 
set PID and PPS 
Un-Provision 
SOL/ IDE-R 


Sandi Firmuare llpdate 


Enter PRTC in GMT(UTC) format C'YYY:MM:DD:HH:MM:SS) 


CESCI=Exit 


Idle Timeout is the next option. The default setting is 1. This timeout is applicable only when a WoL option is selected in 


enabling ME for the Enterprise operating mode. 


setting 
must 
be 
used 
in 





[ENTER ]-Submit | 


of the process for 


Intel(R) Management Engine BIOS Extension v2.5.15.0000 
TSCA 2003-06 Intel Corporation. All Rights. Reserved. 
[ INTELCR) GMT CONFIGURATION == 
Provisioning Server 
Provision Model 
Set PID and PPS 
Un-Provision 
SOL/ IDE-R 
secure Firmware Update 
Set € 


Timeout Value (0-65535) 


1 





[ESC]-Exit [ENTER ] Submit - 
15. Select Return to Previous Menu. Press «Enter». 


Intel(R) Management D i Extension v2.5.15.0000. 
UICE 2003-06 Intel Corporation. all Rights. Reserved. 
—— [ INTELCR) AMT CONFIGURATION == 

Provision Model 

Set PID and PPS 
Un-Provision 

SÜL/IDE-R 

secure Firmware Update 
Set PRTC 

Idle Timeout 
Return to Previous Menu 


[ESC]-Exit .[ti]-Select [ENTER]-fccess 





16. Select Exit. Press «Enter». 


Intel(R) Management Engine BIOS Extension v2.5.15.0000 
Copyright(C) 2003-06 Intel Corporation. All Rights Reserved. 
:— ————— ———! CN E 


Intel(R) ME Configuration 
Intel(R) AMT Configuration 
M 


[ESC]-Exit [fi]-Select [ENTER]-fccess 





17. The following message appears: 
Are you sure you want to exit? (Y/N): 


Press «y». 


Intel(R) Management Engine BIOS Extension v2.5.15.0000 M 
Copyright(C) 2003-06 Int &ll Rights Reserved. 


Intel(R) ME Configuration 
Intel(R) AMT Configuration 
Change Intel(R) ME Passuord 
dtr 


[ESC]-Exit ([tl]=Select [ENTER]-fccess 


[ ] 


fre you sure you uant to exit? (Y/N): 





18. The computer restarts. Turn off the computer and disconnect the power cable. The computer is now in setup state and is ready for 


SMB Mode 


The Intel® Management Engine BIOS Extension (MEBx) is an optional ROM module that Intel provides to Dell™ to be included in the Dell BIOS. The MEBx has 
been customized for Dell™ computers. 


Dell also supports setup and configuration of Intel AMT in the Small and Medium Business (SMB) mode. The only setting not required in the SMB mode is the 
Set PID and PPS option. Also, the Provision Model option is set to Small Business instead of Enterprise. 


To setup and configure a computer for SMB mode, you must enable the Management Engine for SMB mode and configure Intel AMT for SMB mode. For 
instructions, see and : 


ME Configuration: Enabling Management Engine for SMB Mode 


To enable Intel ME configuration settings on the target platform, perform the following steps: 


1. Turn on the computer and during the boot process, press «Ctrl» «p» when the Dell logo screen appears to enter the MEBx application. 


2. Type admin in the I ntel ME Password field. Press «Enter». 


Passwords are case sensitive. You must change the default password before making changes to the MEBx options. 


Intel(R) Management Engine BUS Extension v2.5.15.0000 
Copyright(C) 2003-06 Intel Corporation. All Rights Reserved. 
( MAIN MENU ] 


Intel(R) ME Configuration 
Intel(R) AMT Configuration 
Change Intel(R) ME Passuord 
Exit 


Intel(R) Current ME Password 


COTRU  [ENTERI-Submit. 





3. Select Change Intel ME Password. Press <Enter>. Type the new password twice for verification. 
The new password must include the following elements: 


| Eight characters 

| One uppercase letter 
| One lowercase letter 
l 
l 


A number 
A special (nonalphanumeric) character, such as !, $, or ; excluding the :, ", and , characters.) 


The underscore ( _ ) and spacebar are valid password characters but do NOT add to the password complexity. 


Change the password to establish Intel AMT ownership. The computer then goes from the factory-default state to the setup state. 
. Intel(R) Management Engine BIOS Extension v2.5.15.0000 
Copyright(C) 2003-06 Intel Corporation. All Rights Reserved. 
[ MAIN MENU 1 


Intel(R) ME Configuration 
Intel(R) AMT Configuration 


Change Intel(R) ME Passuord 


Intel(R) ME New Password 


[ESC]-Exit Boo PEST | 





4. Select Intel ME Configuration. Press «Enter». 


ME Platform Configuration allows you to configure ME features such as power options, firmware update capabilities, and so on. 


Intel(R) Management Engine BIOS Extension y2.5.15.0000 
Copyright(C) 2003-06 Intel Corporation. All Rights Reserved. 
—  á—— L EE EEE 


Intel(R) ME Configuration > 
Intel CR) AMT Configuration 
Change Intel(R) ME Password 


Exit 


[t}]=Select OA MUA Beets 


[ESC1-Exit 





5. The following message appears: 


figuration change. Continue (Y/N). 





System resets after cont 


Press <y>. 


. Intel(R) Management Engine BIOS Extension vZ.5.15.0000 
Copyright(C) 2003-06 Intel Corporation. All Rights Reserved. 
— [MAIN MENU eFe__ 


Intel(R) ME Configuration 
Intel(R) AMT Configuration 
Change Intel(R) ME Password 


Exit 


[ESC ]=Exit [ti]-Select [ENTER ]-ficcess 


| [Caution] 
System resets after configuration changes 
Continue: (Y/N) 





Intel ME State Control is the next option. The default setting for this option is Enabled. Do not change this setting to Disabled. If you want to disable 


6. 
Intel AMT, change the to None. 


Intel(R) Management Engine BIOS Extension y2.5.15.0000 
Copyright(C) 2003-06 Intel Corporation. All Rights Reserved. 
[ 


Intel(R) ME Firmware Local Update 
LAN Controller 

Intel (R) ME Features Control 
Intel(R) ME Power Control 

Return to Previous Menu 


[ESC]-Exit [11]-Select [ENTER] -ficcess 


"DISABLED 
[x] ENABLED 





7. Select Intel ME Firmware Local Update. Press «Enter». 
8. Select Disabled. Press «Enter». The default setting for this option is Disabled. 


Intel(R) Management Engine BIOS Extension v2.5.15.0000 
Copyright(C) 2003-06 Intel Corporation. All Rights Reserved. 
[ 


Intel(R) ME State Control 
Intel(R) ME Firmware Local 
LAàN Controller 

Intel(R) ME Features Control 
Intel(R) ME Power Contro! 
Return to Previous Menu 


[ESC]-Exit [t}]=Select [ENTER] -ficcess 





9. Select Intel ME Features Control. Press «Enter». 


Intel(R) Management Engine BIOS Extension y2.5.15.0000- 


Copyright(C) 2003-06 Intel Corporation. All Rights Reserved. 
[ INTEL(CR) ME PLATFORM CONFIGURATION ] 


Intel(R) ME State Control 
Intel(R) ME Firmware Local Update 
LAN Controller 


TIT ME peur 
Return to Previous Menu 


I[ESC]-Exit. [t}]=Select [ENTER l] -Access 





Manageability Feature Selection is the next option. This feature sets the platform management mode. The default setting is Intel AMT. Selecting the 


10. 
None option disables all remote management capabilities. 


Intel(R) Management Engine BIOS Extension v2.5.15.0000 
Copyright(C) 2003-06 Intel Corporation. ALL Rights Reserved. 
[ INTEL(R) ME FEATURES CONTROL 1] 


| Manageability Feature Selection 
Return to Previous Menu 


I[ESC]-Exit [ti]-Select [ENTER]-ficcess 


LE J NONE 
[x] Intel(R) AMT 
ES: 1j 





11. Select Return to Previous Menu. Press «Enter». 


Intel(R) Management Engine BIOS Extension v2.5.15.0000 


Copyright(C) 2003-06 Intel Corporation, fll Rights Reserved. 
[ INTEL(R) ME FEATURES CONTROL ] 


Manageability Feature aaa 


[ESC]-Exit [f1]-Select [ENTER l] -Access 





12. Select Intel ME Power Control. Press <Enter>. 


Intel(R) Management Engine BIOS Extension v2.5.15.0000- 
Copyright(C) 2003-06 Intel Corporation. All Rights Reserved. 
———[ INTEL(R) ME PLATFORM CONFIGURATION J 

Intel(R) ME State Control 
Intel(R) ME Firmware Local Update 
LAN Controller 

Intel (i) ME eis, util 


Z ET CR) ME zr Ld ro) 
DT to E € 


BON ES he (tl]=Select LO MU BE oars 





13. Intel ME ON in Host Sleep States is the next option. The default setting is Mobile: ON in SO. 


Intel(R) Management Engine BIOS Extension v2.5.15.0000. 
Copyright(C) 2003-06 Aai ali Rights Reserved. 
— [D INTEL(R) ME POWER CONTROL l= 


Dur pr ImmT Menu 


SOE Soha [ti]-Select [ENTER ] Access 


[ | Mobile: NK ALD 

[ ] Mobile: j , sd/AC, $4-57AC 

[ ] Mobile: in 50; ME WoL in S3/AC 

[ ] Mobile: in 50; ME WoL in S3/AC, $4-5/AC 





14. Select Return to Previous Menu. Press <Enter>. 
15. Select Return to Previous Menu. Press <Enter>. 


Intel(R) Management Engine BIOS Extension v2.5.15.0000- 
Copyright(C) 2003-06 Intel pool pt All DR 

— M [ [NTEL(R) ME PLATFORM CONFIGURATION J= 

TT ydo State Control 

Intel(R) ME Firmuare Local Update 

LAN Controller 

Intel (R) ME Features Control 

Tate (8) p? l'ouer Control 


I[ESC]-Exit [fi]-Select [ENTER]-ficcess 





16. Exit the MEBx Setup and save the ME configuration. The computer displays an Intel ME Configuration Complete message and then restarts. After the 
ME configuration is complete, you can configure the Intel AMT settings. 





I ntel AMT Configuration: Enabling I ntel AMT for SMB Mode 


To enable Intel AMT Configuration settings on the target platform, perform the following steps: 


1. Turn on the computer and during the boot process, press «Ctrl» «p» when the Dell logo screen appears to enter the MEBx application. 
2. A prompt for the password appears. Enter the new Intel ME password. 
3. Select Intel AMT Configuration. Press «Enter». 


Intel(R) Management. 2 BIOS Extension v2.5.15.0000. 
Copyright(C) 2003-06 Intel Corporation. All te Reserved. 
= C MAIN MENU m 


LALL ME bA Lob 


Change T [3 IUS 
d 


BUM» BOSSES alia) [ENTER 1-ficcess 





4. Select Host Name. Press «Enter». 
5. Then type in a unique name for this Intel AMT machine. Press «Enter». 


Spaces are not accepted in the host name. Make sure there is not a duplicate host name on the network. Host names can be used in place of the 
computer's IP for any applications requiring the IP address. 


Intel(R) Management Eu BIOS Extension v2.5.15.0000 — 
Copyright(C) 2003-06 Intel Corporation. All Rights Reserved. 
[ INTEL(R) AMT CONFIGURATION 1] 

TCP/IP 

Provisioning Server 
Provision Model 

set PID and PPS 
Un-Provision 


SOL/IDE-R 
Secure Firmuare llpdate 


Computer host name 





[ESCT-Exit [ENTER I-Submit 


Select TCP/ IP. Press «Enter». 
The following messages appear and require the response indicated in the following bulleted list: 


DE 








| Disable Network Interface: (Y/N) 





Press «n». 


If the network is disabled, then all remote Intel AMT capabilities are disabled and TCP/IP settings are not necessary. This option is a toggle, and the 
next time it is accessed you are prompted with the opposite setting. 


Intel(R) Management Engine BIOS Extension v2.5.15.0000 
Copyright(C) 2003-06 Intel Corporation. All Rights Reserved. 
—  [ [NTELCR) BMT CONFIGURATIUN ]em—— 

Host Mame 

TCP/IP 

Provisioning Server 
Provision Model 

set PID and PPS 
Un-Provision 

SOL/ IDE-R 

Secure Firmuare Update 


[ESC]-Exit [ft}]=Select [ENTER ] -Access 


Disable Network Interface: (Y/N) 





| [DHCP Enable] Disable DHCP (Y/N) 
Press <n>. 


Intel(R) Management Engine BIOS Extension v2.5.15.0000 
Copyright(C) 2003-06 Intel Corporation. fill Rights Reserved. 
==] INTEL(A) ANT CONFIGURATION ]— 

Host Mame 

TCP/ IP 

Provisioning Server 
Provision Mode! 

set PID and PPS 
Un-Provision 

SOL/ IDE-R 

Secure Firmuare Update 


[ESC]-Exit [11]-Select [ENTER]-fccess 


[DHCP Enabled] 
Disable DHCP: (Y/N) 





| Domain Name 


Type the domain name into the field. 


Intel(R) Management Engine BIOS Extension v2.5.15.0000 


Copyright(C) 2003-06 Intel Corporation. All Rights Reserved. 


— IMTEL(R) AMT CONFIGURATION je 


Provision Model 

set PID and PPS 
Un-Provision 

SOL/ IDE-R 

Secure Firmware Update 


Domain name 





[ESC1-Exit [ENTER 1-Submit 


8. Select Provision Model from the menu. Press «Enter». 
9. The following message appears: 


The following message appears: 


| Change to Intel AMT 1.0 Mode: (Y/N) 





Intel(R) Management Engine BIOS Extension v2.5.15.0000 
Copyright(C) 2003-06 Intel Corporation. All Rights Reserved. 

= [ INTEL(R) AMT CONFIGURATION J= 

Host Mame 

TCP/ IP 

Provisioning Server 

Provision Model 

set PID and PPS 

Un-Provision 

SüL/IDE-R 

secure Firmware Update 


[ESC J=Exit [11]-Select [ENTER ] Access 


.. Umtel(R) AMT 2.5 Mode] 
Change to Intel(R) AMT 1.0 Mode: (Y/N) 





Press «y». 


Intel(R) Management Engine BIOS Extension v2.5.15.0000° 
ALOR 2003-06 Intel Corporation. All Rights Reserved, 
—— [ INTELCR) &MT CONFIGURATION ] 
Host Name 
TCP/ IP 
Provisioning Server 
Provision Model 


Set PID and PPS 
Un-Provision 

SüL/IDE-R 

secure Firmware Update 


[ESCI]*Exit [11]-Select [ENTER ] Access 


[Enterprisel "et 
Change. to Small Business: (Y/N) 


10. Skip the Un-Provision option. This option returns the computer to factory defaults. See 
11. Select SOL/ I DE-R. Press «Enter». 


Intel(R) Management Engine BIOS Extension v2.5.15.0000 
EI Er CR 2003-06 Intel Corporation. "I Rights. Reserved. 
==[ INTEL(R) AMT CONFIGURATION == —— 
HD TTE 
TCP/IP 
Provision Model 
us Lia 


prye Ti Update 
Set PRTC 
Idle Timeout 


[ESCI]-Exit [11]-Select [ENTER ]-ficcess 


12. The following messages appear and require the response indicated in the following bulleted list: 





| [Caution] System resets after configuration changes. Continue: (Y/N) 


Press «y». 








for more information about unprovisioning. 


= Intel(R) Management Engine BIOS Extension yv2.5.15.0000 
Copyright(C) 2003-06 Intel Corporation. All Rights Reserved. 
— [ INTELCR) AMT CONFIGURATION 1- 

Host Name 

TCP/ IP 

Provision Model 

Un-Provision 

SOL/ IDE-R 

secure Firmware Update 

Set PRTC 

Idle Timeout 


[ESC]-Exit (t}]=Select GA MUA BES hts 


] [Caution] 
System resets after configuration changes 
Continue: (Y/N) 





| User name & Password 


Select Enabled and then press <Enter>. 


This option allows you to add users and passwords from the WebGUI. If the option is disabled, then only the administrator has MEBx remote access. 


. Intel(R) Management Engine BIOS Extension v2.5.15.0000 
Copyright(C) 2003-06 Intel Corporation. All Rights Reserved. 
[ INTEL(R) AMT CONFIGURATION == 
Host Mame 
TCP/ IP 
Provision Model 
Un-Provision 
| SOL/IDE-R 
Ni ud Pa eam GA 
Set PRTC 
Idle Timeout 


[ESC]*Exit [11]-Select [ENTER ]-ficcess 


Username & eRe 
Et: J] DISABLED 
[x] ENABLED 





| Serial Over LAN 


Select Enabled and then press «Enter». 


Intel(R) ‘Management Engine BIOS Extension v2.5.15.0000 
"TUIS PULS CIE Corporation. eM ee ota a 
[ INTELCR) AMT CONFIGURATION 
Host Name 
(in Vals 
Provision Model 
m Provision 


pem) Firauare Update 
set PRTC 
Idle Timeout 


I[ESC]-Exit eee EN [nd [ENTER 1-ficcess 


ete 2s LAN 


"[x] ENABLED 





IDE Redirection 





Select Enabled and then press «Enter». 


Intel(R) Management Engine. BIOS Extension vZ.5.15.0000 
Copyright(C) 2003-06 Intel Corporation. a Rights Reserved, 
[ INTELCR) &MT CONFIGURATION ] 

Host Mame 

(iH Vds 
Provision Model 
Un-Provision 


Secure Firmuare Update 
Set PRTC 
Idle Timeout 
BO Nite Eso ba RESEN GA [ENTER ]7fccess 


IDE Redirection 


gt 
[x] ENABLED 





13. Secure Firmware Update is the next option. The default setting is Enabled. 


Intel(R) ‘Management Engine BIOS Extension v2.5.15.0000 
"TUIS 2003-06 IL Corporation. E IO tara 


I[ESC]-Exit 


14. Skip Set PRTC. 


[ INTELCR) &MT CONFIGURATION ] 
Host "n 

TGEZIP 

Provision Model 

Un-Provision 

SüL/TDE- i 


TE 
Idle Timeout 


(th]=Select [ENTER]-fccess 





Intel(R) Management Engine BIOS Extension v2.5.15.0000. 
TTE 2003-06 Intel Corporation. UN Rights Reserved. 


[ INTEL(R) AMT CONFIGURATION M- 
Host Name 

(i ZA. 

Provision Model 

Un-Provision 

SOL/ IDE-R 

did Firmware Update 


Idle Timeout 


Enter PRTC in GMT(UTC) format C'YYY:MM:DD:HH:MM:SS) 


[PD eas 


15. Idle Timeout is the next option. The default setting is 1. This timeout is applicable only when a WoL option is selected in 


[ENTER ]-Submit | 





enabling the ME for SMB operating mode. 


< 


of the process for 


.. Intel(R) Management Engine BIOS Extension v2.5.15.0000. 
Copyright(C) 2003- -06 Intel Corporation. EELS Reserved. 

[ INTEL(R) AMT CONFIGURATION == 

TCP/ IP 

Provision Model 

Un-Provision 

SOL/ IDE-R 

secure Firmware Update 

Set PRTC 


Return to Preuious Menu 


Timeout Value (0-65535) 





[ESC J=Exit [ENTER] -Submit- 
16. Select Return to Previous Menu. Press «Enter». 


. Intel(R) Management Engine BIOS Extension vZ.5.15.0000- 
Copyright(C) 2003-06 Intel ui fll Rights Reserved. 
— [D [NTELCR) &MT CONFIGURATION ] 
TCP/IP 
Provision Model 
Un-Provision 
SOL/ IDE-R 
Secure Firmware Update 
Set PRTC 
Idle Timeout 


Return to Previous Menu 


[ME i NEUES dn [ENTER ]-ficcess 





17. Select Exit. Press «Enter». 


Intel(R) Management Engine BIOS Extension v2.5.15.0000 
Copyright(C) 2003-06 Intel Corporation. All Rights Reserved. 
:— ————— ———! CN E 


Intel(R) ME Configuration 
Intel(R) AMT Configuration 
Ch 


ange Intel(R) ME Password 
it 


[ESC]-Exit [fi]-Select [ENTER]-fccess 





18. The following message appears: 


Are you sure you want to exit? (Y/N): 


Press «y». 
Intel(R) Management Engine BIOS Extension v2.5.15.0000 
Copyright(C) 2003-06 Intel Corporation. All Rights Reserved. 

: === (ih ike 


Intel(R) ME Configuration 
Intel(R) AMT Configuration 
Change Intel(R) ME Password 


Exit 


[ESC]-Exit [t1]-Select [ENTER]-fccess 


[ ] 


Are you sure you want to exit? (Y/N): 





19. The computer restarts. Turn off the computer and disconnect the power cable. The computer is now in setup state and is ready for 


Back to Contents Page 


Troubleshooting 


Dell™ Systems Management Administrator's Guide 


@ Return to Default (Un-Provisioning) 

@ Firmware Flash 

@ Serial-Over-LAN (SOL) and IDE Redirection (IDE-R) 
@ Error Messages 


This section describes a few basic troubleshooting steps to follow if problems are experienced with the Intel® AMT configuration. 


Return to Default (Un-Provisioning) 


Return to default is also known as un-provisioning. An Intel AMT setup and configured computer can be un-provisioned using the Intel AMT Configuration 
screen and the Un-Provision option. 


Follow the steps below to un-provision a computer: 
1. Select Un-Provision and then select Full Un-provision. 


Full un-provisioning is available for SMB Mode provisioned computers. This option returns all Intel AMT configuration settings to factory defaults and does 
NOT reset ME configuration settings or passwords. Full and partial un-provisioning is available for Enterprise Mode provisioned computers. Partial un- 
provisioning returns all Intel AMT configuration settings to factory defaults with the exception of the PID and PPS. Partial un-provisioning does NOT reset 
ME configuration settings or passwords. 


An un-provisioning message displays after about 1 minute. After un-provisioning completes, control is passed back to the Intel AMT Configuration screen. 
Provisioning Server, Set PI D and PPS, and Set PRTC options are available again because the computer is set to the default Enterprise Mode. 


2. Select Return to previous menu. 
3. Select Exit and then press <y>. The computer restarts. 


Firmware Flash 


Flash the firmware to upgrade to newer versions of Intel AMT. The automatic flash feature can be disabled by selecting Disabled under the Secure Firmware 
Update setting in the MEBx interface. The firmware flash, when available, is located on the support.dell.com site for download. 


The firmware CANNOT be flashed to an older version or to the current version installed. The firmware flash is available on the support.dell.com site for 
download. 


Serial-Over-LAN (SOL) and IDE Redirection (I DE-R) 


If you cannot use IDE-R and SOL, follow these steps: 


At the initial boot screen, press «Ctrl» «p» to enter the MEBx screens. 
A prompt for the password appears. Enter the new Intel ME password. 
Select I ntel AMT Configuration. 

Press «Enter». 

Select Un-Provision. 

Press «Enter». 

Select Full Unprovision. 

Press «Enter». 

Reconfigure the settings on the Intel AMT Configuration screen. 


Qro mud ra 


Error Messages 
Not able to enter the MEBx on POST 


The MEBx requires the DI MM A slot to be populated otherwise the following message appears upon POST and you are unable to enter the MEBx 
interface. 


Bad ME memory configuration. 


Ká NOTE: DIMM A is located beneath the keyboard. For instructions on accessing this slot, refer to your User's Guide. 


Back to Contents Page 


Back to Contents Page 


Using the I ntel? AMT WebGUI 


Dell'" Systems Management Administrator's Guide 


The Intel® AMT WebGUI is a Web browser-based interface for limited remote computer management. The WebGUI is often used as a test to determine if Intel 
AMT setup and configuration was performed properly on a computer. A successful remote connection between a remote computer and the host computer 
running the WebGUI indicates proper Intel AMT setup and configuration on the remote computer. 


The Intel AMT WebGUI is accessible from any Web browser, such as the Internet Explorer® or Netscape® applications. 


Limited remote computer management includes: 


Hardware inventory 

Event logging 

Remote computer reset 
Changing of network settings 
Addition of new users 


WebGUI support is enabled by default for SMB setup and configured computers. WebGUI support for Enterprise setup and configured computers is determined 
by the setup and configuration server. 


Information on using the WebGUI interface is available on the Intel website at www.intel.com. 


Follow the steps below to connect to the Intel AMT WebGUI on a computer that has been configured and set up: 


I 
2; 
3 


Turn on an Intel AMT capable computer that has completed Intel AMT setup and configuration. 

Launch a Web browser from a separate computer, such as a management computer on the same subnet as the Intel AMT computer. 
Connect to the IP address specified in the MEBx and port of the Intel AMT capable computer. (example: nttp://ip address:16992 Or 
http://192.168.2.1:16992) 


| By default, the port is 16992. Use port 16993 and https:// to connect to the Intel AMT WebGUI on a computer that has been configured and 
set up in the Enterprise mode. 

| If DHCP is used, then use the fully qualified domain name (FQDN) for the ME. The FQDN is the combination of the host name and domain. 
(example: http: //host_name:16992 or http://system1:16992) 


The management computer makes a TCP connection to the Intel AMT capable computer and accesses the top level Intel AMT-embedded Web page 
within the Management Engine of the Intel AMT capable computer. 


Type the username and password. 
The default username is admin and the password is what was set during Intel AMT setup in the MEBx. 
Review the computer information and make any necessary changes. 


You can change the MEBx password for the remote computer in the WebGUI. Changing the password in the WebGUI or a remote console results in two 
passwords. The new password, known as the remote MEBx password, only works remotely with the WebGUI or remote console. The local MEBx 
password used to locally access the MEBx is not changed. You have to remember both the local and remote MEBx passwords to access the computer 
MEBx locally and remotely. When the MEBx password is initially set in Intel AMT setup, the password serves as both the local and remote password. If 
the remote password is changed, then the passwords are out of sync. 


6. Select Exit. 


Back to Contents Page