Intel desktop boards may contain design defects or errors known as errata, which may cause the product to deviate from published specifications. Current characterized errata are available on request.
This Setup and Configuration Guide specifies the steps necessary for enabling the different features of Intel® vPro™ technology for the Intel® Desktop Boards DQ67SW, DQ67EP and DQ67OW. It does not cover the various third-party software applications that take advantage of these features.
Intel Desktop Boards DQ67SW, DQ67EP and DQ67OW support the Intel® Core™ i3, Intel® Core™ i5, Intel® Core™ i7, and Intel® Xeon® E3 processor families in the LGA1155 package. They use the Intel® Q67 Express Chipset to provide the latest in remote management via Intel® vPro™ technology. Table 1 summarizes the major Intel®...
The Intel Desktop Boards DQ67SW, DQ67EP and DQ67OW BIOS interface is based upon the UEFI specification. As a result, the Intel® vPro™ technology features are accessed from the BIOS Setup screens. The menus of interest to the Intel vPro technology user are Configuration, Security and Intel® Management Engine (Intel® ME).
Intel® Desktop Board DQ67SW, DQ67EP, DQ67OW Intel® vPro™ Technology Setup and Configuration Guide Figure 2. BIOS Setup - Main Menu 1.1.3 BIOS Setup – Configuration Menu The Configuration Menu, shown in Figure 3, contains settings for On-Board Devices, as well as access to the...
Intel® Desktop Board DQ67SW, DQ67EP, DQ67OW Intel® vPro™ Technology Setup and Configuration Guide Figure 3. BIOS Setup - Configuration Menu TPM is enabled or disabled by means of the Configuration / On-Board Devices menu as shown in Figure 4. Figure 4. BIOS Setup - Configuration...
Figure 5 displays the Security menu. This menu gives you access to virtualization-related features such as Intel VT, Intel TXT and Intel VT-d. It also allows you to set passwords for platform- and hard drive-level security and to control the Execute Disable Bit (XD) technology and Chassis Intrusion features.
1.1.5 BIOS Setup – Intel® ME Menu When first accessing the Intel ME menu, the user will be asked to change the default password of “admin”. The new password must be at least eight characters long and be composed of upper- and lower-case letters, numbers and symbols (excluding colon, comma and double quotes).
Intel® Desktop Board DQ67SW, DQ67EP, DQ67OW Intel® vPro™ Technology Setup and Configuration Guide Once the administrator password is set, the user is presented the Intel ME main menu, shown in Figure 7. Figure 7. Intel ME - Main Menu...
Choosing Power Policy 1 (On in S0) effectively disables Intel AMT Out-of-Band (OOB) operation. Power Policy 2 (On in S0, ME Wake in S3, S4-S5) allows Intel ME and Intel AMT to operate when the system is turned off or in a standby state. After the Idle Timeout timer has expired, Intel ME will enter its lowest power state, but can be awakened by network traffic directed at the Intel ME without waking the entire system.
1.1.5.2 Intel® ME – Intel® AMT Configuration Figure 9 displays the main Intel AMT Configuration screen. From here, the user can select the Setup and Configuration (Provisioning) Mode as well as reset Intel AMT back to factory defaults (except the Intel ME administrator password).
Fully Qualified Domain Name (FQDN) for the Provisioning Server to enhance enterprise security. For this generation of Intel AMT, the Remote Configuration Service is disabled by default. As a result, Bare Metal Provisioning is no longer supported. To begin TLS with PKI remote configuration, select Start Configuration under the Communication with Provisioning Server heading.
Figure 11 shows the options for TLS with PKI configuration. Figure 12 follows with a view of the Permanent Certificate Manager; the User Certificate Manager operates in a similar manner. Figure 11. Intel AMT TLS with PKI Provisioning Options Figure 12. Intel AMT Permanent Certificate Manager...
For TLS with PSK, the options are shown in Figure 13. The Provisioning Identifier (PID) is an eight-character string formatted as two quartets separated by a dash. Figure 13. Intel AMT TLS with PSK Provisioning Identifier (PID) Figure 14. Intel AMT TLS with PSK Provisioning Passphrase (PPS)
Intel® Desktop Board DQ67SW, DQ67EP, DQ67OW Intel® vPro™ Technology Setup and Configuration Guide 1.1.5.2.2 Intel AMT Configuration – Local Configuration As can be seen from Figure 15 through Figure 17, the user can manually set Computer and Domain Name in the Local Setup and Configuration screen (previously known as SMB/Small-Medium Business Mode).
Intel® vPro™ Technology Setup and Configuration Guide 1.1.5.2.3 Intel AMT Configuration – Other Options The following screens highlight several of the common features of Intel AMT provisioning. These include: SOL/IDE-R (Serial-over-LAN/IDE-Redirection) configuration in Figure 18; KVM Remote Control (Keyboard Video Mouse) Configuration in Figure 19;...
Intel® Desktop Board DQ67SW, DQ67EP, DQ67OW Intel® vPro™ Technology Setup and Configuration Guide Figure 19. Intel AMT KVM Remote Control Configuration As shown in Figure 19, the options for KVM Remote Control not only include enabling and disabling the KVM Remote Control feature, but also include the ability to set the level of user-controlled security.
Intel® vPro™ Technology Setup and Configuration Guide 1.2 Intel® AMT – Quick Configuration: Local As described in the previous sections, Intel AMT Setup and Configuration is divided into two provisioning modes: Local (aka SMB or Basic) and Remote (aka Enterprise or Standard/Advanced).
Intel® vPro™ Technology Setup and Configuration Guide Figure 21 and Figure 22 show the results of the MEINFO utility before and after Local Configuration. Figure 21. MEINFO Output - Intel AMT Defaults Figure 22. MEINFO Output - Local Configuration The platform is now ready for remote management.
SCS or management application and are beyond the scope of this document. The results of Intel Desktop Boards DQ67SW, DQ67EP or DQ67OW encountering a USB flash drive with a valid SETUP.BIN at startup is shown in Figure 23. At this point the user presses “Y” and the platform will complete TLS with PSK One Touch configuration.
1.5 Intel AMT Configuration – Host Based Configuration Host Based Setup and Configuration needs no BIOS or Intel MEBX configuration. Instead, an agent is pushed or downloaded to the client, requiring the configuration process to be done from within the operating system, while the client is up (In Band).
Note: KVM Remote Control is not supported on platforms with discrete graphics. Note: For the purposes of this guide, the Intel AMT client system is provisioned in Local (SMB) mode. If using VNC* Viewer+* as the remote management console, the user enters the IP address of the client, as shown in Figure 26.
Download Center. The security agent can be found at the respective 3rd-party websites. See Section 2 for links to more information on Intel IPT, as well as links to Intel Download Center and suggested sites for 3rd-party security agents. Figure 30 represents a Symantec VIP Access security credential; Figure 31 shows a security credential for VASCO DIGIPASS for Web Powered by Intel IPT.
1.9 BIOS Maintenance Mode A quick way to reset Intel AMT to default settings (including the Intel ME administrator password) is to enter BIOS Maintenance Mode. This is done by moving the BIOS_CFG jumper from the Normal to the Config position and powering on the board (see Figure 35 for location).
Figure 34. The user must then save and exit BIOS Setup, power off the system and restore the BIOS_CFG jumper back to the Normal position. These steps are necessary for proper reset of Intel AMT. Figure 33. Intel AMT Reset in Progress...
Intel® vPro™ Technology Setup and Configuration Guide One other way to reset Intel AMT back to defaults is to use the MEBX_RST header. First, the user must remove all power from the board. A jumper is then placed for 5 seconds shorting pins 1 and 2 of the MEBX_RST header.
1 - and 2 generation Intel Core i5 and Core i7 vPro processors. http://www.intel.com/content/www/us/en/processors/vpro/vpro-technology-reference- guide.html for a high-level overview of Intel vPro technology and use cases. http://www.intel.com/technology/security/downloads/TrustedExec_Overview.pdf for an overview of Intel TXT. http://www.intel.com/technology/virtualization/index.htm?iid=tech_vpro_body_vt for an overview of Intel VT.