1. Manuals
  2. Brands
  3. Intel Manuals
  4. Motherboard
  5. BX80623I52500
  6. Configuration manual

Intel BX80623I52500 Configuration Manual

Desktop boards, vpro technology
Hide thumbs
Table of Contents

Advertisement

Quick Links

Intel® Desktop Boards
DQ67SW, DQ67EP, DQ67OW
Intel® vPro™ Technology Setup and
Configuration Guide
September 2011
Part Number: G45734-001

Advertisement

Table of Contents
loading

Related Manuals for Intel BX80623I52500

Summary of Contents for Intel BX80623I52500

  • Page 1 Intel® Desktop Boards DQ67SW, DQ67EP, DQ67OW Intel® vPro™ Technology Setup and Configuration Guide September 2011 Part Number: G45734-001...

  • Page 2: Revision History

    Intel desktop boards may contain design defects or errors known as errata, which may cause the product to deviate from published specifications. Current characterized errata are available on request.

  • Page 3: Table Of Contents

    Figure 10. Remote Setup and Configuration - Main Screen ..............15 Figure 11. Intel AMT TLS with PKI Provisioning Options ................16 Figure 12. Intel AMT Permanent Certificate Manager ................16 Figure 13. Intel AMT TLS with PSK Provisioning Identifier (PID) ............17...

  • Page 4: Tables

    Figure 25. Fast Call for Help Alert Screen ......................26 Figure 26. VNC Viewer+ Console Remote Login .................... 27 Figure 27. Intel AMT Client Screen Showing KVM Remote Control Access Code ......27 Figure 28. VNC Viewer+ Management Console Access Code Screen ..........28 Figure 29.

  • Page 5: Preface

    This Setup and Configuration Guide specifies the steps necessary for enabling the different features of Intel® vPro™ technology for the Intel® Desktop Boards DQ67SW, DQ67EP and DQ67OW. It does not cover the various third-party software applications that take advantage of these features.

  • Page 6: Feature Summary

    Intel Desktop Boards DQ67SW, DQ67EP and DQ67OW support the Intel® Core™ i3, Intel® Core™ i5, Intel® Core™ i7, and Intel® Xeon® E3 processor families in the LGA1155 package. They use the Intel® Q67 Express Chipset to provide the latest in remote management via Intel® vPro™ technology. Table 1 summarizes the major Intel®...

  • Page 7: Intel® Vpro™ Technology Setup And Configuration

    The Intel Desktop Boards DQ67SW, DQ67EP and DQ67OW BIOS interface is based upon the UEFI specification. As a result, the Intel® vPro™ technology features are accessed from the BIOS Setup screens. The menus of interest to the Intel vPro technology user are Configuration, Security and Intel® Management Engine (Intel® ME).

  • Page 8: Bios Setup - Configuration Menu

    Intel® Desktop Board DQ67SW, DQ67EP, DQ67OW Intel® vPro™ Technology Setup and Configuration Guide Figure 2. BIOS Setup - Main Menu 1.1.3 BIOS Setup – Configuration Menu The Configuration Menu, shown in Figure 3, contains settings for On-Board Devices, as well as access to the...

  • Page 9: Figure 3. Bios Setup - Configuration Menu

    Intel® Desktop Board DQ67SW, DQ67EP, DQ67OW Intel® vPro™ Technology Setup and Configuration Guide Figure 3. BIOS Setup - Configuration Menu TPM is enabled or disabled by means of the Configuration / On-Board Devices menu as shown in Figure 4. Figure 4. BIOS Setup - Configuration...

  • Page 10: Bios Setup - Security Menu

    Figure 5 displays the Security menu. This menu gives you access to virtualization-related features such as Intel VT, Intel TXT and Intel VT-d. It also allows you to set passwords for platform- and hard drive-level security and to control the Execute Disable Bit (XD) technology and Chassis Intrusion features.

  • Page 11: Bios Setup - Intel® Me Menu

    1.1.5 BIOS Setup – Intel® ME Menu When first accessing the Intel ME menu, the user will be asked to change the default password of “admin”. The new password must be at least eight characters long and be composed of upper- and lower-case letters, numbers and symbols (excluding colon, comma and double quotes).

  • Page 12: Figure 7. Intel Me - Main Menu

    Intel® Desktop Board DQ67SW, DQ67EP, DQ67OW Intel® vPro™ Technology Setup and Configuration Guide Once the administrator password is set, the user is presented the Intel ME main menu, shown in Figure 7. Figure 7. Intel ME - Main Menu...

  • Page 13: Figure 8. Intel Me - Intel Me Configuration

    Choosing Power Policy 1 (On in S0) effectively disables Intel AMT Out-of-Band (OOB) operation. Power Policy 2 (On in S0, ME Wake in S3, S4-S5) allows Intel ME and Intel AMT to operate when the system is turned off or in a standby state. After the Idle Timeout timer has expired, Intel ME will enter its lowest power state, but can be awakened by network traffic directed at the Intel ME without waking the entire system.

  • Page 14: Figure 9. Intel Me - Intel Amt Configuration

    1.1.5.2 Intel® ME – Intel® AMT Configuration Figure 9 displays the main Intel AMT Configuration screen. From here, the user can select the Setup and Configuration (Provisioning) Mode as well as reset Intel AMT back to factory defaults (except the Intel ME administrator password).

  • Page 15: Figure 10. Remote Setup And Configuration - Main Screen

    Fully Qualified Domain Name (FQDN) for the Provisioning Server to enhance enterprise security. For this generation of Intel AMT, the Remote Configuration Service is disabled by default. As a result, Bare Metal Provisioning is no longer supported. To begin TLS with PKI remote configuration, select Start Configuration under the Communication with Provisioning Server heading.

  • Page 16: Figure 11. Intel Amt Tls With Pki Provisioning Options

    Figure 11 shows the options for TLS with PKI configuration. Figure 12 follows with a view of the Permanent Certificate Manager; the User Certificate Manager operates in a similar manner. Figure 11. Intel AMT TLS with PKI Provisioning Options Figure 12. Intel AMT Permanent Certificate Manager...

  • Page 17: Figure 13. Intel Amt Tls With Psk Provisioning Identifier (Pid)

    For TLS with PSK, the options are shown in Figure 13. The Provisioning Identifier (PID) is an eight-character string formatted as two quartets separated by a dash. Figure 13. Intel AMT TLS with PSK Provisioning Identifier (PID) Figure 14. Intel AMT TLS with PSK Provisioning Passphrase (PPS)

  • Page 18: Figure 15. Intel Amt - Local Configuration

    Intel® Desktop Board DQ67SW, DQ67EP, DQ67OW Intel® vPro™ Technology Setup and Configuration Guide 1.1.5.2.2 Intel AMT Configuration – Local Configuration As can be seen from Figure 15 through Figure 17, the user can manually set Computer and Domain Name in the Local Setup and Configuration screen (previously known as SMB/Small-Medium Business Mode).

  • Page 19: Figure 16. Intel Amt - Local Configuration, Ipv4 Configuration Options

    Intel® Desktop Board DQ67SW, DQ67EP, DQ67OW Intel® vPro™ Technology Setup and Configuration Guide Figure 16. Intel AMT - Local Configuration, IPV4 Configuration Options Figure 17. Intel AMT - Local Configuration, IPV6 Configuration Options...

  • Page 20: Figure 18. Intel Amt - Sol/Ide-R Configuration

    Intel® vPro™ Technology Setup and Configuration Guide 1.1.5.2.3 Intel AMT Configuration – Other Options The following screens highlight several of the common features of Intel AMT provisioning. These include: SOL/IDE-R (Serial-over-LAN/IDE-Redirection) configuration in Figure 18; KVM Remote Control (Keyboard Video Mouse) Configuration in Figure 19;...

  • Page 21: Figure 19. Intel Amt Kvm Remote Control Configuration

    Intel® Desktop Board DQ67SW, DQ67EP, DQ67OW Intel® vPro™ Technology Setup and Configuration Guide Figure 19. Intel AMT KVM Remote Control Configuration As shown in Figure 19, the options for KVM Remote Control not only include enabling and disabling the KVM Remote Control feature, but also include the ability to set the level of user-controlled security.

  • Page 22: Intel® Amt - Quick Configuration: Local

    Intel® vPro™ Technology Setup and Configuration Guide 1.2 Intel® AMT – Quick Configuration: Local As described in the previous sections, Intel AMT Setup and Configuration is divided into two provisioning modes: Local (aka SMB or Basic) and Remote (aka Enterprise or Standard/Advanced).

  • Page 23: Figure 21. Meinfo Output - Intel Amt Defaults

    Intel® vPro™ Technology Setup and Configuration Guide Figure 21 and Figure 22 show the results of the MEINFO utility before and after Local Configuration. Figure 21. MEINFO Output - Intel AMT Defaults Figure 22. MEINFO Output - Local Configuration The platform is now ready for remote management.

  • Page 24: Intel Amt - Remote Configuration, Tls-Psk

    SCS or management application and are beyond the scope of this document. The results of Intel Desktop Boards DQ67SW, DQ67EP or DQ67OW encountering a USB flash drive with a valid SETUP.BIN at startup is shown in Figure 23. At this point the user presses “Y” and the platform will complete TLS with PSK One Touch configuration.

  • Page 25: Intel Amt - Remote Configuration, Tls-Pki

    1.5 Intel AMT Configuration – Host Based Configuration Host Based Setup and Configuration needs no BIOS or Intel MEBX configuration. Instead, an agent is pushed or downloaded to the client, requiring the configuration process to be done from within the operating system, while the client is up (In Band).

  • Page 26: Figure 25. Fast Call For Help Alert Screen

    Intel® Desktop Board DQ67SW, DQ67EP, DQ67OW Intel® vPro™ Technology Setup and Configuration Guide Figure 25. Fast Call for Help Alert Screen...

  • Page 27: Kvm Remote Control

    Note: KVM Remote Control is not supported on platforms with discrete graphics. Note: For the purposes of this guide, the Intel AMT client system is provisioned in Local (SMB) mode. If using VNC* Viewer+* as the remote management console, the user enters the IP address of the client, as shown in Figure 26.

  • Page 28: Figure 28. Vnc Viewer+ Management Console Access Code Screen

    Intel® Desktop Board DQ67SW, DQ67EP, DQ67OW Intel® vPro™ Technology Setup and Configuration Guide Figure 28. VNC Viewer+ Management Console Access Code Screen Figure 29. VNC Viewer+ Management Console View...

  • Page 29: Intel® Identity Protection Technology (Intel® Ipt)

    Download Center. The security agent can be found at the respective 3rd-party websites. See Section 2 for links to more information on Intel IPT, as well as links to Intel Download Center and suggested sites for 3rd-party security agents. Figure 30 represents a Symantec VIP Access security credential; Figure 31 shows a security credential for VASCO DIGIPASS for Web Powered by Intel IPT.

  • Page 30: Bios Maintenance Mode

    1.9 BIOS Maintenance Mode A quick way to reset Intel AMT to default settings (including the Intel ME administrator password) is to enter BIOS Maintenance Mode. This is done by moving the BIOS_CFG jumper from the Normal to the Config position and powering on the board (see Figure 35 for location).

  • Page 31: Figure 33. Intel Amt Reset In Progress

    Figure 34. The user must then save and exit BIOS Setup, power off the system and restore the BIOS_CFG jumper back to the Normal position. These steps are necessary for proper reset of Intel AMT. Figure 33. Intel AMT Reset in Progress...

  • Page 32: Figure 35. Bios_Cfg And Mebx_Rst Header Locations

    Intel® vPro™ Technology Setup and Configuration Guide One other way to reset Intel AMT back to defaults is to use the MEBX_RST header. First, the user must remove all power from the board. A jumper is then placed for 5 seconds shorting pins 1 and 2 of the MEBX_RST header.

  • Page 33: References

    1 - and 2 generation Intel Core i5 and Core i7 vPro processors. http://www.intel.com/content/www/us/en/processors/vpro/vpro-technology-reference- guide.html for a high-level overview of Intel vPro technology and use cases. http://www.intel.com/technology/security/downloads/TrustedExec_Overview.pdf for an overview of Intel TXT. http://www.intel.com/technology/virtualization/index.htm?iid=tech_vpro_body_vt for an overview of Intel VT.

This manual is also suitable for:

Dq67swDq67epDq67ow

Table of Contents