Dell OptiPlex 790 (Early 2011)- Manuals

Operational Modes In Intel AMT 5.0 and earlier versions, there were two operational modes – SMB and Enterprise. In Intel AMT 6.0 and AMT 7.0, their functionality has been integrated to provide the same functionality previously available in Enterprise mode. The new configuration options are: Manual S...

Setup and Configuration Overview The following is a list of important terms related to the Intel AMT setup and configuration. Setup and configuration — The process that populates the Intel AMT-managed computer with usernames, passwords, and network parameters that enable the computer to be administe...

MEBx Settings Overview The Intel Management Engine BIOS Extension (MEBx) provides platform-level configuration options for you to configure the behavior of Management Engine (ME) platform. Options include enabling and disabling individual features and setting power configurations. This section provi...

ME General Settings To reach the Intel Management Engine (ME) Platform Configuration page, follow these steps: 1. Under the Management Engine BIOS Extension (MEBx) main menu, select Intel ME General Settings . Press <Enter>. 2. The following message appears: "Acquiring General Settings con...

Set PRTC Under the Intel ME Platform Configuration menu select Set PRC and press <Enter>. Valid date range: 1/1/2004 to 1/4/2021. Setting the PRTC value is used for virtually maintaining PRTC during the power-off (G3) state. Type PRTC in GMT (UTC) format (YYYY:MM:DD:HH:MM:SS) and press <Ent...

Power Control Under the Intel ME Platform Configuration menu select Power Control and press <Enter>. The Intel Power Control page appears. To comply with ENERGY STAR* and EUP LOT6 requirements, the Intel ME can be turned off in various sleep states. The Intel ME Power Control menu configures t...

The end user administrator can select the desired power package to use depending on the system usage. With Intel ME WoL, after the time-out timer expires, the Intel ME remains in the M -off state until a command is sent to the ME. After this command has been sent, the Intel ME will transition to an ...

This setting is used to set time out value as to define the Intel ME idle timeout in M3 state. The value should be entered in minutes. The value indicates the amount of time that the Intel ME is allowed remain idle in M3 before transitioning to the M - off state. NOTE: If the Intel ME is in M0, it w...

AMT Configuration After you configure the Intel Management Engine (ME) feature, you must reboot before configuring the Intel AMT for a clean system boot. The following image shows the Intel AMT configuration menu after a user selects the Intel AMT Configuration option from the Management Engine BIOS...

RCFG Start Configuration Previous Menu Provisioning Server IPv4/IPv6 Provisioning Server FQDN TLS PSK Set PID and PPS Delete PID and PPS Previous Menu TLS PKI Remote Configuration PKI DNS Suffix Manage Hashes Adding Customized Hash Deleting a Hash Changing the Active State Viewing a Certificate Hash...

Username and Password Under the SOL/IDER page select Username and Password and press <Enter>. This option provides the user authentication for SOL/IDER session. If Kerberos* is used, this option should be set to DISABLED. The user authentication is handled through Kerberos. If Kerberos is not ...

SOL allows the console input/output of an Intel AMT managed client to be redirected to a management server console (if the client system supports SOL). If the system does not support SOL, this value cannot enable it. Option Description Enabled SOL is enabled Disabled SOL is disabled. NOTE: Disabling...

IDER allows an Intel AMT managed client to be booted by a management console from a remote disk image. If the client system does not support IDER, this value cannot enable it. Option Description Enabled IDER is enabled Disabled IDER is disabled. NOTE: Disabling IDER does not remove this feature but ...

Enabled The port is left open at all times when redirection is enabled in the Intel MEBx. SMB consoles before Intel AMT 6.0 require this mode enabled for redirection sessions. KVM Under the SOL/IDER page select KVM and press <Enter>. Option Description Disabled KVM feature is disabled Enabled ...

The following options can be selected: Option Description None Local User Consent is not required for a remote computer to establish KVM Remote Control session. KVM Local User Consent is required for a remote computer to establish KVM Remote Control session. All Local User Consent is required for SO...

Option Description Disable Remote Control of KVM Opt -in Policy Disables the remote user's ability to select User OPT -IN Policy. In this case only the local user can control the opt-in policy. Enable Remote Control of KVM Opt -in Policy Enables remote user's ability to select User OPT -IN Policy. P...

The options are: Option Description Default Password Only The Intel MEBx password can be changed through the network interface if the default password has not been changed. During Setup and Configuration The Intel MEBx password can be changed through the network interface during the setup and config...

1. Host Name Under the Intel ME Network Name Settings select Host Name and press <Enter>. A host name can be assigned to the Intel AMT machine. This will be the hostname of the Intel AMT enabled system. 2. Domain Name

Under the Intel ME Network Name Settings select Domain Name and press <Enter>. A domain name can be assigned to the Intel AMT machine. 3. Shared/Dedicated FQDN Under the Intel ME Network Name Settings select Shared/Dedicated FQDN and press <Enter>. This setting determines whether the Int...

NOTE: Periodic Update Interval option is only available when Dynamic DNS Update is enabled. Defines the interval at which the firmware DDNS Update client will send periodic updates. It should be set according to corporate DNS scavenging policy. Units are minutes. A value of 0 disables periodic updat...

NOTE: The TTL option is only available when Dynamic DNS Update is enabled. This setting allows configuring the TTL time in seconds. This number should be greater than zero. If set to zero firmware uses its internal default value which is 15 min or 1/3 of lease time for DHCP. 7. Previous Menu Under t...

1. DHCP Mode Under Wired LAN IPv4 Configuration select DHCP Mode and press <Enter>. The Wired LAN IPv4 Configuration page appears. Option Description Disabled If DHCP mode is disabled, the following static TCP/IP settings are required for Intel AMT. If a system is in static mode the system may...

DHCP mode disabled. 2. IPv4 Address Select IPv4 Address and press <Enter>. Type the IPv4 Address in the address column and press <Enter>.

3. Subnet Mask Address Select Subnet Mask Address and press <Enter>. Type the Subnet Mask Address in the address column and press <Enter>. 4. Default Gateway Address

Select Default Gateway Address and press <Enter>. Type the Default Gateway Address in the address column and press <Enter>. 5. Preferred DNS Address Select Preferred DNS Address and press <Enter>. Type the Preferred DNS Address in the address column and press <Enter>.

6. Alternate DNS Address Select Alternate DNS Address and press <Enter>. Type the Alternate DNS Address in the address column and press <Enter>. 7. Previous Menu Under the Wired LAN IPv4 Configuration select Previous Menu and press <Enter>. The TCP/IP Settings menu appears. Wired L...

NOTE: The Intel ME network stack supports a multi-homed IPv6 interface. Each network interface can be configured with the following IPv6 addresses: 1. One link local auto-configured address 2. Three auto-configured global addresses 3. One DHCPv6 configured address 4. One statically configured IPv6 a...

ENABLED , select 'Enabled' and press <Enter>. IPv6 Feature Selection enabled as more configuration allowed. 2. IPv6 Interface ID Type Under the Wired LAN IPv6 Configuration select IPv6 Interface ID Type and press <Enter>. The auto-configured IPv6 address consists of two parts, the IPv6 P...

3. IPv6 Address Under the Wired LAN IPv6 Configuration select IPv6 Address and press <Enter>. Type the IPv6 Address and press <Enter>. 4. IPv6 Default Router Under the Wired LAN IPv6 Configuration select IPv6 Default Router and press <Enter>.

Type the IPv6 Default Router and press <Enter>. 5. Preferred DNS IPv6 Address Under the Wired LAN IPv6 Configuration select Preferred DNS IPv6 Address and press <Enter>. Type the Preferred DNS IPv6 Address and press <Enter>. 6. Alternate DNS IPv6 Address Under the Wired LAN IPv6 Co...

7. Previous Menu Under the Wired LAN IPv6 Configuration select Previous Menu and press <Enter>. The TCP/IP Settings menu appears. Wireless LAN IPv6 Configuration Under the TCP/IP Settings select Wireless LAN IPv6 Configuration and press <Enter>. The Wireless LAN IPv6 Configuration page a...

To select Manual ID: 1. Select Manual ID . 2. Press <Enter>. A new option of IPV6 Interface ID will be displayed below IPV6 Interface ID Type. 3. Select IPV6 Interface ID . 4. Press <Enter>. 5. Type the preferred Manual ID. 3. Previous Menu

Under the Wireless LAN IPv6 Configuration select Previous Menu and press <Enter>. The TCP/IP Settings menu appears. Previous Menu Under the TCP/IP Setting menu select Previous Menu and press <Enter>. The Intel ME Network Setup menu appears. Previous Menu Under the Intel ME Network Setup ...

Select Y to unconfigure. Select Full Unprovisioning and press <Enter>. Option Description Full Unprovision The IPv6 Interface ID is automatically generated using a random number as described in RFC 3041. This is the default. Full unprovision will unprovision AMT and remove all the PID/PPS

information or any new certificate information populated. Partial Unprovision The IPv6 Interface ID is automatically generated using the MAC address. Partial Unprovisoin will unprovision AMT but will retain PID/PPD information entered or any new certification information entered. Unprovisioning in p...

Current Provisioning Mode Under the Automated Setup and Configuration select Current Provisioning Mode and press <Enter>. Current Provisioning Mode – Displays the current provisioning TLS Mode: None, PKI, or PSK. Provisioning Record

Under the Automated Setup and Configuration select Provisioning Record and press <Enter>. Provisioning Record – Displays the system's provision PSK/PKI record data. If the data has not been entered, the Intel MEBx displays a message stating " Provision Record not present ". If the data...

Under the Intel Automated Remote Setup and Configuration menu select RCFG and press <Enter>. The Intel Remote Configuration page appears. Start Configuration Under the Intel Remote Configuration menu select Start Configuration and press <Enter>. If Remote Configuration is not activated, ...

Previous Menu Under the Intel Remote Configuration menu select Previous Menu and press <Enter>. The Intel Automated Setup and Configuration page appears. Provisioning Server IPv4/IPv6 Under the Intel Automated Setup and Configuration menu select Provisioning Server IPv4/IPv6 and press <Ente...

Provisioning Server FQDN Under the Intel Automated Remote Setup and Configuration menu select Provisioning Server FQDN and press <Enter>. Type the FQDN of the provisioning server and press <Enter>. FQDN of the provisioning server mentioned in the certificate (PKI only) . This is also the...

TLS PSK Under the Intel Automated Setup and Configuration menu select TLS PSK and press <Enter>. The Intel TLS PSK Configuration page appears. This submenu contains the settings for TLS PSK configuration settings Set PID and PPS Under the Intel TLS PSK Configuration menu select Set PID and PPS...

Setting the PID/PPS will cause a partial unprovision if the setup and configuration is "In -process". The PID and PPS should be entered in the dash format. (for example: PID: 1234-ABCD ; PPS: 1234-ABCD -1234-ABCD -1234-ABCD -1234-ABCD). NOTE: A PPS value of '0000-0000-0000-0000-0000-0000-000...

Under the Intel TLS PSK Configuration menu select Delete PID and PPS and press <Enter>. This option deletes the current PID and PPS stored in Intel ME. If the PID and PPS were not entered previously, the Intel MEBx will return an error message. To delete the PID and PPS entries, select Y , els...

PKI DNS Suffix Under the Intel Remote Configuration menu select PKI DNS Suffix and press <Enter>. Type the PKI DNS Suffix and press <Enter>. Key Value will be maintained in the EPS. Manage Hashes

Under the Intel Remote Configuration menu select Manage Hashes and press <Enter>. Selecting this option will enumerate the hashes in the system and display the Hash Name and the active and default state. If the system does not contain any hashes yet, Intel MEBx will display the following scree...

When the Insert key is pressed in the Manage Certificate Hash screen, the following screen is displayed. To add a customized certificate hash : Type the hash name (up to 32 characters). When you press <Enter>, you are prompted to select the algorithm of hash being used for PKI provisioning. Ty...

Your response sets the active state of the customized hash as follows: Yes – The customized hash will be marked as active. No (Default) – The customized hash will add to the EPS but will not be active. Deleting a Hash When the Delete is pressed in the Manage Certificate Hash screen, the following sc...

This option allows deleting of the selected certificate hash. Yes – Intel MEBx sends the firmware a message to delete the selected hash. No – Intel MEBx does not delete the selected hash, and returns to Remote Configuration. Changing the Active State When the + is pressed in the Manage Certificate H...

Intel Fast Call for Help Intel Fast Call for help is available for VPro SKUs. An Intel Fast Call for help connection allows the end user to request assistance if the VPro system is outside the corporate network. NOTE: It is recommended that to press <F12> and select Fast Call for Help. It will...

ME General Settings The table below lists the default settings for the Intel Management Engine BIOS Extension (MEBx) on general settings page. Password Password admin Change Intel ME Password Change Intel ME Password blank SET PRTC Set PRTC blank Power Control Power Control Intel ME ON in Host Sleep...

AMT Configuration The table below lists the default settings for the Intel Management Engine BIOS Extension (MEBx) on AMT configuration page. Manageability/Feature Selection SOL/IDER Username and Password Disabled Enabled * SOL Disabled Enabled * IDER Disabled Enabled * Legacy Redirection Mode Disab...

Methods Overview As discussed in the Setup and Configuration Overview section, the computer has to be configured before the Intel AMT capabilities are ready to interact with management application. There are three methods to complete the provisioning process (from least complex to most complex): Con...

Using a USB Device This section discusses Intel AMT setup and configuration using a USB storage device. You can set up and locally configure password, provisioning ID (PID), and provisioning passphrase (PPS) information with a USB drive key. This is also called USB provisioning. USB provisioning all...

USB Device Procedure Dell Client Management (DCM) application is the default console package provided. This section provides the procedure to set up and configure Intel AMT with the DCM package. As mentioned earlier in the document, several other packages are available through third-party vendors. T...

4. Click the <+> to expand the Intel AMT Getting Started section.

5. Click the <+> to expand the Section 1. Provisioning section.

7. Select Step 1. Configure DNS . 8. The notification server with an out-of-band management solution installed must be registered in DNS as "ProvisionServer."

9. Click Test on the DNS Configuration screen to verify that DNS has the ProvisionServer entry and that it resolves to the correct Intel Setup and Configuration Server (SCS).

12. Verify that the setting is Enabled . If Disabled , select the check box next to Disabled and click Apply .

13. Select Step 3. View Intel AMT Capable Computers .

20. The ACL (access control list) tab is used to review users already associated with this profile and to add new users and define their access privileges. 21. The Power Policy tab has configuration options to select the sleep states for Intel AMT as well as an Idle Timeout setting. It is recommende...

23. Select the icon with the arrow pointing out to Export Security Keys to USB Key .

24. Select the Generate keys before export radio button.

27. Click Generate . Once the keys have been created, a link appears to the left of the Generate button. 28. Insert the previously formatted USB device into a USB connector on the ProvisioningServer.

c. Click Close in the Download complete dialog box. 30. The setup.bin file is now visible in the drive explorer window.

34. Once complete, turn off the computer and move back to the management server. 35. Select Step 6. Configure Automatic Profile Assignments .

38. The computers for which the keys were applied are updated in the system list. At first the status is Unprovisioned , then the system status changes to In provisioning , and finally it changes to Provisioned at the end of the process.

40. The computers for which profiles were assigned appear in the list. Each computer is identified by the FQDN , UUID , and Profile Name columns.

41. Once the computers are provisioned, they are visible under the Collections folder in All configured Intel AMT computers .

System Deployment Once you are ready to deploy a computer to a user, plug the computer into a power source and connect it to the network. Use the integrated Intel 82566DM Network Interface Card (NIC). Intel Active Management Technology (Intel AMT) does not work with any other NIC solution. When the ...

Operating System Drivers Within the operating system, AMT Unified driver must be installed to remove unknown devices in the Device Manager. Unlike previous version 3, 4 or 5 (which used to have two separate HECI and LMS/SOL drivers from customer re-install stand- point), they are both now in a commo...

Intel AMT Web GUI The Intel AMT WebUI is a Web browser-based interface for limited remote computer management. The WebUI is often used as a test to determine if Intel AMT setup and configuration was performed properly on a computer. A successful remote connection between a remote computer and the ho...

AMT Redirection Overview Intel AMT makes it possible to redirect serial and IDE communications from a managed client to a management console regardless of the boot and power state of the managed client. The client need only have the Intel AMT capability, a connection to a power source, and a network...

Intel Management and Security Status Application Intel Management and Security Status (IMSS) is an application that displays information about a platform‘s Intel Active Management Technology (Intel AMT) and Intel Standard Manageability services. The IMSS icon indicates whether Intel AMT and Intel St...

Troubleshooting This page describes a few basic troubleshooting steps to follow if problems are experienced with the Intel AMT configuration. Check DSN for more troubleshooting options. Return to Default Return to Default is also known as un-provisioning. An Intel AMT setup and configured computer c...