Intel vPro Technology Setup and Configuration Guide

ManualsBrandsIntel ManualsOtherIntel Desktop Board DQ57TM

Intel® Desktop Board

DQ57TM

Intel® vPro™ Technology Setup and

Configuration Guide

July 2010

Order Number: G12102-001

Summary of content (38 pages)

PAGE 1
Intel® Desktop Board DQ57TM Intel® vPro™ Technology Setup and Configuration Guide July 2010 Order Number: G12102-001
PAGE 2
Intel Desktop Board DQ57TM Intel vPro Technology Setup and Configuration Guide Revision History Revision Revision History Date -001 First release of the Intel® vPro™ Technology Setup and Configuration Guide for Intel® Desktop Board DQ57TM July 2010 INFORMATION IN THIS DOCUMENT IS PROVIDED IN CONNECTION WITH INTEL® PRODUCTS. NO LICENSE, EXPRESS OR IMPLIED, BY ESTOPPEL OR OTHERWISE, TO ANY INTELLECTUAL PROPERTY RIGHTS IS GRANTED BY THIS DOCUMENT.
PAGE 3
Intel Desktop Board DQ57TM Intel vPro Technology Setup and Configuration Guide Contents Preface ........................................................................................................................................... 5 Feature Summary .......................................................................................................................... 6 1. Intel® vPro™ Technology Setup and Configuration .............................................................. 7 1.1 BIOS Setup..
PAGE 4
Intel Desktop Board DQ57TM Intel vPro Technology Setup and Configuration Guide Figure 19. Figure 20. Figure 21. Figure 22. Figure 23. Figure 24. Figure 25. Figure 26. Figure 27. Figure 28. Figure 29. Figure 30. Figure 31. Figure 32. Figure 33. Figure 34. Figure 35. Figure 36. Figure 37. Figure 38. Figure 39. Figure 40. Intel AMT - SOL/IDE-R Configuration....................................................................... 23 Intel AMT - Intel KVM Remote Control Configuration ............................
PAGE 5
Intel Desktop Board DQ57TM Intel vPro Technology Setup and Configuration Guide Preface This Setup and Configuration Guide specifies the steps necessary for enabling the different features of Intel® vPro™ technology for the Intel® Desktop Board DQ57TM. It does not cover the various third-party software applications that take advantage of these features.
PAGE 6
Intel Desktop Board DQ57TM Intel vPro Technology Setup and Configuration Guide Feature Summary Intel Desktop Board DQ57TM supports the Intel® Core™ i3, Intel® Core™ i5 and Intel® Core™ i7 processors in the LGA1156 package. It uses the Intel® Q57 Express Chipset to provide the latest in remote management via Intel® vPro™ technology. Table 1 summarizes the major Intel vPro technology features of the board. Intel® vPro™ Technology Intel® Active Management Technology (Intel® AMT) 6.
PAGE 7
Intel Desktop Board DQ57TM Intel vPro Technology Setup and Configuration Guide 1. Intel® vPro™ Technology Setup and Configuration 1.1 BIOS Setup 1.1.1 Overview The Intel Desktop Board DQ57TM BIOS interface is based upon the UEFI specification. As a result, most of the Intel® vPro™ technology features are accessed from the BIOS Setup screens. The menus of interest to the Intel vPro technology user are Configuration, Security and Intel® Management Engine (Intel® ME).
PAGE 8
Intel Desktop Board DQ57TM Intel vPro Technology Setup and Configuration Guide Upon entering BIOS Setup, the user will be presented the BIOS Setup Main menu screen as shown in Figure 2. Figure 2.
PAGE 9
Intel Desktop Board DQ57TM Intel vPro Technology Setup and Configuration Guide 1.1.3 BIOS Setup – Configuration Menu The Configuration Menu, shown in Figure 3, contains settings for On-Board Devices, as well as access to the system Event Log. Figure 3.
PAGE 10
Intel Desktop Board DQ57TM Intel vPro Technology Setup and Configuration Guide TPM is enabled or disabled by means of the Configuration / On-Board Devices menu as shown in Figure 4. Figure 4.
PAGE 11
Intel Desktop Board DQ57TM Intel vPro Technology Setup and Configuration Guide In the Event Log screen, shown in Figure 5, the user can enable or disable Memory Correction. Figure 5. BIOS Setup - ECC Memory Correction Note: Memory Correction requires the use of Intel® Xeon™ 3400-series processors and unbuffered ECC DDR3 DIMMs. This will result in Standard Manageability level of remote management features.
PAGE 12
Intel Desktop Board DQ57TM Intel vPro Technology Setup and Configuration Guide 1.1.4 BIOS Setup – Security Menu Figure 6 displays the Security menu. This menu gives you access to virtualization-related features such as Intel VT, Intel TXT and Intel VT-d. It also allows you to set passwords for platform- and hard drive-level security and to control the Execute Disable Bit (XD) technology and Chassis Intrusion features. Figure 6. BIOS Setup - Security Menu Note: Intel VT must be enabled before Intel TXT.
PAGE 13
Intel Desktop Board DQ57TM Intel vPro Technology Setup and Configuration Guide 1.1.5 BIOS Setup – Intel® ME Menu When first accessing the Intel ME menu, the user will be asked to change the default password of “admin”. The new password must be at least eight characters long and be composed of upper- and lower-case letters, numbers and symbols (excluding colon, comma and double quotes). Figure 7 illustrates the initial Intel ME menu. Figure 7.
PAGE 14
Intel Desktop Board DQ57TM Intel vPro Technology Setup and Configuration Guide Once the administrator password is set, the user is presented the Intel ME main menu, shown in Figure 8. Figure 8.
PAGE 15
Intel Desktop Board DQ57TM Intel vPro Technology Setup and Configuration Guide 1.1.5.1 Intel ME – Intel ME Configuration Under the Intel ME Configuration menu, the user will be able to disable Intel AMT (enabled by default); select the Intel ME Power Policy; and set the Idle Timeout, the amount of time, in seconds, Intel ME must be idle before it will enter its lowest-power state (valid values are from 1 – 65535). These options are shown in Figure 9. Figure 9.
PAGE 16
Intel Desktop Board DQ57TM Intel vPro Technology Setup and Configuration Guide 1.1.5.2 Intel® ME – Intel® AMT Configuration Figure 10 displays the main Intel AMT Configuration screen. From here, the user can select the Setup and Configuration (Provisioning) Mode as well as reset Intel AMT back to factory defaults (except the Intel ME administrator password). Figure 10.
PAGE 17
Intel Desktop Board DQ57TM Intel vPro Technology Setup and Configuration Guide 1.1.5.2.1 Intel AMT Configuration – Remote Configuration Once the user selects the provisioning mode to use, the detailed settings of these modes can be viewed and configured. Figure 11 shows the details of Remote Setup and Configuration Mode (previously known as Enterprise, or Standard/Advanced, Provisioning). Figure 11.
PAGE 18
Intel Desktop Board DQ57TM Intel vPro Technology Setup and Configuration Guide 1.1.5.2.1.1 Remote Configuration – TLS with PKI Figure 12 shows the options for TLS with PKI configuration. Figure 13 follows with a view of Permanent Certificate Manager; the User Certificate Manager operates in a similar manner. Figure 12. Intel AMT TLS with PKI Provisioning Options Figure 13.
PAGE 19
Intel Desktop Board DQ57TM Intel vPro Technology Setup and Configuration Guide 1.1.5.2.1.2 Remote Configuration – TLS with PSK For TLS with PSK, the options are shown in Figure 14. The Provisioning Identifier (PID) is an eight-character string formatted as two quartets separated by a dash. Figure 14.
PAGE 20
Intel Desktop Board DQ57TM Intel vPro Technology Setup and Configuration Guide The Provisioning Passphrase (PPS) similarly is a 32-character string formatted as eight quartets separated by dashes, as shown in Figure 15. Figure 15.
PAGE 21
Intel Desktop Board DQ57TM Intel vPro Technology Setup and Configuration Guide 1.1.5.2.2 Intel® AMT Configuration – Local Configuration As can be seen from Figure 16 through Figure 18, the user can manually set Computer and Domain Name in the Local Setup and Configuration screen (previously known as SMB/Small-Medium Business Mode).
PAGE 22
Intel Desktop Board DQ57TM Intel vPro Technology Setup and Configuration Guide Figure 17. Intel AMT - Local Configuration, IPV4 Configuration Options Figure 18.
PAGE 23
Intel Desktop Board DQ57TM Intel vPro Technology Setup and Configuration Guide 1.1.5.2.3 Intel AMT Configuration – Other Options The following screens highlight several of the common features of Intel AMT provisioning. These include: SOL/IDE-R (Serial-over-LAN/IDE-Redirection) configuration in Figure 19; Intel® KVM (Keyboard Video Mouse) Remote Control Configuration in Figure 20; as well as PRTC (Protected Real Time Clock). Figure 19.
PAGE 24
Intel Desktop Board DQ57TM Intel vPro Technology Setup and Configuration Guide New for Intel AMT 6.0 is the Redirection Mode setting under SOL/IDE-R, as highlighted in Figure 19. Legacy platforms (Intel AMT 5.0 and earlier) require specific port initialization commands whenever performing redirection operations which were eliminated for Intel AMT 6.0. Enabling this mode allows the use of Intel AMT 5.0 (and earlier) management consoles with this platform. Figure 20.
PAGE 25
Intel Desktop Board DQ57TM Intel vPro Technology Setup and Configuration Guide 1.2 Intel AMT – Local Configuration As described in the previous sections, Intel AMT Setup and Configuration is divided into two provisioning modes: Local (aka SMB or Basic) and Remote (aka Enterprise or Standard/Advanced). To provision Intel Desktop Board DQ57TM in Local Mode, the user needs to simply enter the Local Setup and Configuration page under Intel ME in BIOS Setup and set the Computer Name, as shown in Figure 21.
PAGE 26
Intel Desktop Board DQ57TM Intel vPro Technology Setup and Configuration Guide Figure 22 and Figure 23 show the results of the MEINFO utility before and after Local Configuration. Figure 22. MEINFO Output - Intel AMT Defaults Figure 23. MEINFO Output - Local Configuration The platform is now ready for remote management.
PAGE 27
Intel Desktop Board DQ57TM Intel vPro Technology Setup and Configuration Guide 1.3 Intel AMT – Remote Configuration, TLS-PSK Intel AMT Remote Configuration using TLS with PSK can be configured manually as shown in Section 1.1.5.2.1.2 and Figure 14 and Figure 15, or the user can insert a USB flash drive containing a SETUP.BIN file created by a Setup and Configuration Server (SCS). This method of provisioning is known as One Touch Configuration.
PAGE 28
Intel Desktop Board DQ57TM Intel vPro Technology Setup and Configuration Guide 1.4 Intel AMT – Remote Configuration, TLS-PKI TLS with PKI configuration requires a provisioning server configured with an Intel AMT Remote Configuration certificate that is rooted in one of the pre-installed permanent certificates. This method of configuration is shown in Section 1.1.5.2.1.1 and Figure 12 and Figure 13.
PAGE 29
Intel Desktop Board DQ57TM Intel vPro Technology Setup and Configuration Guide Figure 26. Intel(R) Remote PC Assist Wizard From this screen the user would press F3 to accept terms and continue. The next screen requests a 12-digit session code. This code is provided by the contracted service provider and entered by the user, see example shown in Figure 27. Figure 27.
PAGE 30
Intel Desktop Board DQ57TM Intel vPro Technology Setup and Configuration Guide If a successful connection is made to the service provider, the screen shown in Figure 28 will display. Figure 28.
PAGE 31
Intel Desktop Board DQ57TM Intel vPro Technology Setup and Configuration Guide Figure 29. Intel RPAT Client Agent Contact Service Provider Figure 30.
PAGE 32
Intel Desktop Board DQ57TM Intel vPro Technology Setup and Configuration Guide Figure 31. Intel RPAT Client Agent Wait Screen Figure 32.
PAGE 33
Intel Desktop Board DQ57TM Intel vPro Technology Setup and Configuration Guide 1.6 Intel® KVM Remote Control Intel® KVM Remote Control is available on Intel vPro Q57 Express Chipset-based desktop boards that contain 2010 Intel Core vPro processors with integrated Intel HD Graphics. Note: Intel KVM Remote Control is not supported on platforms with discrete graphics. Note: For the purposes of this guide, the Intel AMT client system is provisioned in Local (SMB) mode.
PAGE 34
Intel Desktop Board DQ57TM Intel vPro Technology Setup and Configuration Guide Figure 35. VNC Viewer+ Management Console Access Code Screen Figure 36.
PAGE 35
Intel Desktop Board DQ57TM Intel vPro Technology Setup and Configuration Guide 1.7 BIOS Maintenance Mode A quick way to reset Intel AMT to default settings (including the Intel ME admin password) is to enter BIOS Maintenance Mode. This is done by moving the BIOS_CFG jumper from the Normal to the Config position and powering on the board (see Figure 40 for location). From the BIOS Maintenance screen, select “Reset Intel® AMT to default factory settings” as displayed in Figure 37 and press “Y”. Figure 37.
PAGE 36
Intel Desktop Board DQ57TM Intel vPro Technology Setup and Configuration Guide Figure 38. Intel AMT Reset in Progress Figure 39.
PAGE 37
Intel Desktop Board DQ57TM Intel vPro Technology Setup and Configuration Guide Figure 40.
PAGE 38
Intel Desktop Board DQ57TM Intel vPro Technology Setup and Configuration Guide 2. References http://download.intel.com/technology/vpro/Whitepaper_AllNew2010IntelCorevProProcesso rs.pdf for a complete list of Intel vPro features for 2010. Not all 2010 Intel vPro technology features may be supported on the Intel Desktop Board DQ57TM. http://www.intel.com/technology/security/downloads/TrustedExec_Overview.pdf for an overview of Intel TXT. http://www.intel.com/technology/virtualization/index.