HP 8100 - Elite Convertible Minitower PC Setup And Configuration Manual

Vpro setup and configuration for the 8100 elite business pc with intel vpro processor technology

Hide thumbs Also See for 8100 - Elite Convertible Minitower PC:

Maintenance and service manual (248 pages)

Technical reference manual (112 pages)

Specification (66 pages)

Table of Contents

Quick Links

See also: Maintenance and Service Manual , Illustrated Parts & Service Map

vPro Setup and Configuration for the

8100 Business PC with Intel vPro

Processor Technology

January 2010

Need help?

Do you have a question about the 8100 - Elite Convertible Minitower PC and is the answer not in the manual?

Questions and answers

Summary of Contents for HP 8100 - Elite Convertible Minitower PC

Page 1: Table Of Contents
vPro Setup and Configuration for the 8100 Business PC with Intel vPro Processor Technology January 2010 Table of Contents: Introduction ......................2 AMT Setup and Configuration ................3 AMT System Phases ..................3 Manual Mode – AMT Setup and Configuration with MEBx ........ 3 BIOS Prerequisite ....................
Page 2: Introduction
This whitepaper has been updated to include the new features of AMT 6.0. By default, the AMT shipping on the HP Compaq 8100 Business PC will be inactive. It must be setup and configured in the system before it can be used. The setup and configuration process is also known as provisioning.
Page 3: Amt Setup And Configuration
Please refer to the Intel website: www.intel.com/technology/vpro/index.htm for other whitepapers and technical information regarding Intel vPro Technology. AMT Setup and Configuration AMT must be Setup and Configured in a system before it can be used. AMT Setup involves the necessary steps to enable AMT such as setting up the system for AMT mode and enabling network connectivity.
Page 4 Important Note: The MEBx is an option ROM module that is provided to HP by Intel to be included in the HP system BIOS. The MEBx is not HP-specific and contains options that are not used by HP. If an option is not used by HP, ignore it and do not modify from its default state.
Page 5: Bios Prerequisite
For best performance and to take advantage of AMT 6.0 features, make sure the HP Compaq 8100 Business PCs have a BIOS revision of at least version 1.02, a ME FW of at least version 6.0.3.1 195, and a MEBx of at least version 6.0.3.0019.
Page 6 Enter the default password. The default password is “admin”. Passwords are case sensitive. The user must change the default password before any changes can be made in the MEBx. Change the password for the MEBx. The new password must meet the criteria defined in the Password Guideline Section, also known as a strong password.
Page 7 can be removed from the system to eliminate it from the suspect list until root cause is found. Note that if the ME is disabled, then all AMT functions are also disabled. The system will not be remotely manageable. Check Password Policy. Default Setting : Default Password Only Recommended Setting...
Page 8 Intel ME Network Name Settings Enter a Host Name Default Setting : None Recommended Setting : User Dependent Note that spaces are not accepted in the host name. Make sure there is not a duplicate host name on the network. Hostnames can be used in place of the system’s IP for any applications requiring the IP address.
Page 9 TCP/IP Settings. AMT 6.0 supports IPV4 and IPV6 interface. Follow steps 8a-8f to configure for IPV4 and 8g-8h for IPV6. Figure 4: Intel ME TCP/IP Settings Screen Wired LAN IPV4 Configuration DHCP Mode Default Setting : Enabled Recommended Setting : Enabled DHCP can be used if it is available (TCP/IP settings will be configured by a DHCP server).
Page 10 Figure 5: Intel ME Wired LAN IPv4 Configuration Screen IPV4 Address Enter a static address Default Setting : 0.0.0.0 Recommended Setting : Network Dependent Example: 192.168.0.1 Make sure all AMT systems have a unique static IP address. Multiple systems sharing the same IP address can lead to network collisions, which will cause the systems to not respond correctly.
Page 11 Alternate DNS Address Leave as default value and hit Enter Default Setting : 0.0.0.0 Recommended Setting : Network Dependent Wired LAN IPV6 Configuration Select Enabled option for IPv6 Feature Selection If DHCP is disabled, then steps 8h through 8i are required to configure the IPV6 static IP address.
Page 12 IPv6 Address. AMT 6.0 supports IPv6 network interface. Enter a static IPv6 address Default Setting : None Recommended Setting : Network Dependent Example: 2001:db8::1428:57ab iii. IPv6 default Router. Enter the IPv6 Default Router address Default Setting : None Recommended Setting : Network Dependent Example: 2001:db8::1428:57ab Preferred DNS IPv6 Address...
Page 13 Figure 7: Intel ME Activate Network Access Screen FW Update Settings. a. Local FW Update Qualifier. Intel ME Firmware Local Update Qualifier Default Setting : Always Open Recommended Setting : Always Open...
Page 14 Figure 8: Intel ME FW Update Settings Screen This option allows the BIOS to override the ME Firmware Locale Update option and to permit local updates. By default, the system BIOS allows for an unlimited number of local ME FW updates.
Page 15 b. Secure FW Update. Intel ME Firmware Local Update Qualifier Default Setting : Enabled Recommended Setting : Enabled The Secure Firmware Update function requires an administrator user name and password. If the administrator user name and password are not supplied, the firmware cannot be updated. When the Secure Firmware Update feature is enabled, the IT administrator can update the firmware using the secure method.
Page 16 Note: The ME On in Host Sleep State mode will automatically set to Desktop: ON in S0, ME Wake in S3, S4-5 after Activating the Network Access (step 9). b. Idle Timeout Default Setting : 65535 Recommended Setting : 65535 This option sets the timeout value for Wake-On-ME.
Page 17 Go into the Intel AMT Configuration. Figure 10: Intel AMT Configuration Screen Press the Enter key when MEBx displays “Update Network settings in the General Settings menu”. Press ’Y’ at the MEBx prompt below:...
Page 18 : Enabled This option allows Intel AMT to be enabled or disabled. By default, HP Compaq 8100 Business PCs are set to enable Intel AMT. Note that setting the Disabled option will disable all remote management capabilities. Setting Disabled will also unprovision any AMT settings.
Page 19 Figure 12: Intel ME Features Control Screen with AMT Selected b. Check SOL/IDE-R. Figure 13: Intel ME SOL-IDE-R Configuration Screen...
Page 20 a) Username & Password Default Setting : Enabled Recommended Setting : Enabled Select Enabled. This option allows users and passwords to be added from the WebGUI. If it is disabled, then only the administrator has MEBx remote access. b) SOL. Default Setting : Enabled Recommended Setting...
Page 21 Figure 14: Intel ME KVM Configuration Screen KVM feature Selection. Default Setting : Enabled Recommended Setting : Enabled Figure 15: Intel ME KVM Configuration Screen...
Page 22 ii. User opt-in. Default Setting : User Consent is required for KVM session Recommended Setting : User Dependent iii. Opt-in Configuration from remote IT Default Setting : Enabled Remote Control of KVM Opt-in Policy Recommended Setting : User Dependent Disable Remote Control of KVM Opt-in Policy – This option disables the Remote User’s ability to select User OPT-IN Policy.
Page 23: Intel Amt Webgui
Intel AMT WebGUI The Intel AMT WebGUI is a web browsre-based interface for limited remote system management. The WebGUI is often used as a test to determine if AMT Setup and Configuration was performed properly on a system. A successful remote connection between a remote system and the host system running the WebGUI indicates proper AMT Setup and Configuration on the remote system.
Page 24: Important Note
Figure 16: Intel AMT WebGUI Screen 6) Review system information and/or make any necessary changes. Important Note: The MEBx password can be changed for the remote system in the WebGUI. Changing the password in the WebGUI or a remote console will result in two passwords.
Page 25: Setup And Configuration Server
Setup and Configuration Server A Setup and Configuration Server (SCS) is simply an application that executes over a network performing AMT Setup and Configuration. It is required for Enterprise mode setup and configuration. In a PSK Setup and Configuration, both the AMT client system and the SCS must share a set of Provisioning ID (PID) and Provisioning Passphrase (PPS).
Page 26: Enterprise Mode - Amt Setup And Configuration Steps
Enterprise Mode – AMT Setup and Configuration Steps: The AMT Setup portion for Enterprise mode is the same as SMB mode. Repeat Steps 1 through 15 to perform AMT Setup. This will take the system from Factory mode to In Setup Mode. Refer to Manual Mode –...
Page 27 Figure 17a: Intel ME Platform Configuration Screen Figure 17b: Intel AMT Configuration Screen Continued...
Page 28 10) Go into Network Setup & select Host Name. Enter a host name Default Setting : None Recommended Setting : User Dependent Spaces are not accepted in the host name. 11) Go into Network Setup and select TCP/IP. a. Wired LAN IPv4 Configuration DHCP Mode Default Setting : DHCP Enabled...
Page 29 Alternate DNS IPv6 Address Enter the Alternate DNS IPv6 Address Default Setting : None Recommended Setting : Network Dependent Example: 2001:db8::1428:57ab 12) Skip Activate Network Access. 13) Skip Un-Configure Network Access. 14) Go into Remote Setup And Configuration. Figure 18: Intel Setup and Configuration Screen This is the menu where the Enterprise mode provisioning data is entered.
Page 30 TLS Provisioning Mode Provisioning IP Date of Provisioning The provisioning record for a system with PKI provisioning will include the following information: TLS Provisioning Mode Host Initiated Hash Data Hash Algorithm Serial Number ISDefault Bit Time Validity Pass FQDN Provisioning IP Date of Provisioning This option is only for display, no changes can be made here.
Page 31 Figure 19: Intel TLS PSK Configuration Screen Go into Set PID and PPS. Default Setting : None Recommended Setting : System Dependent This option is for Provisioning ID (PID) and Provisioning Passphrase (PPS) entry. PIDs are 8 characters and PPS are 32 characters. There are dashes between every set of four characters so counting dashes PIDs are 9 characters and PPS are 40 characters.
Page 32 15) FW Update Settings. Local FW Update Qualifier. Intel ME Firmware Local Update Qualifier Default Setting : Always Open Recommended Setting : Always Open This option allows the BIOS to override the ME Firmware Locale Update option and to permit local updates. By default, the system BIOS allows for an unlimited number of local ME FW updates.
Page 33 Default Setting : Desktop: ON in S0 Recommended Setting : Desktop: ON is S0, ME Wake in S3, S4-5 b. Idle Timeout Default Setting : 65535 Recommended Setting :65534 This option sets the timeout value for Wake-On-ME. The default timeout value is 65535 from the factory and it is in units of a minute.
Page 34 d. IDE Redirection Default Setting : Enabled Recommended Setting : Enabled Select Enabled. e. Legacy Redirection Mode. Default Setting : Disabled Recommended Setting : Disabled Select Disabled. This option allows the Redirection feature to work with the pre-AMT 6.0 remote consoles (need to set to Enabled). 20) Check KVM Configuration.
Page 35 26) When power is reapplied to the system, it will immediately look for a Setup and Configuration Server. If one is found, the AMT system will send a “Hello” message to the server. DHCP and DNS must be available for the Setup and Configuration Server search to automatically succeed.
Page 36: Provisioning Methods
Provisioning Methods There are three methods of provisioning a system with Enterprise mode: Legacy • IT TLS-PSK • • OEM TLS-PSK Legacy Legacy method of AMT Setup and Configuration should be executed on an isolated network separate from the corporate network if TLS is desired. An S&CS server would have to have a secondary network connection to Certification Authority for TLS configuration.
Page 37: Oem Tls-Psk
OEM TLS-PSK OEM TLS-PSK AMT Setup and Configuration is done in two stages. The first stage is performed during OEM manufacturing and the second stage at the customer location. In the first stage, customers purchase systems from HP. HP will setup those systems during manufacturing bringing them to the In-Setup phase.
Page 38: Usb Drive Key Requirements
c. Return the information to the management console. 4) The management console writes the password, PID and PPS sets to a Setup.bin file in the USB Drive Key. 5) Technician takes the USB Drive Key to the staging area where new AMT platforms are located.
Page 39: Remote Configuration
Delayed remote configuration support. Remote Configuration Timeouts in HP Systems The HP Compaq 8100 Business PCs are shipped out of the factory with the Remote Configuration Timer set to 0 (no Hello message broadcasting). In order to enable ME to broadcast Hello messages, an Activator local agent must be used.
Page 40: Remote Configuration Prerequisites
If no SCS responds to the Hello messages within the timeout period, then the network interface that sends out the Hello messages will be disabled. The network interface can be re-enabled to send out Hello messages again by the following methods: Restarted by a local agent.
Page 41 Figure 20: Intel Remote Configuration Screen 1) Remote Configuration Enable/Disable Default Setting : Enabled Recommended Setting : Enabled This option enables or disables Remote Configuration. 2) Set PKI DNS Suffix This option allows the PKI DNS Suffix of the SCS to be entered. 3) Manage Certificate Hashes This option shows the hashes in the system including the name of the hash and whether it is active or not.
Page 42: List Of Supported Ca Certificates
List of Supported CA Certificates The following are a list of supported Certificate Authorities and certificates. Not all of the certificates might be populated in certain configurations. VeriSign Class 3 Primary CA-G1 • SHA1 Fingerprint: 74 2C 31 92 E6 07 E4 24 EB 45 49 54 2B E1 BB C5 3E 61 74 E2 VeriSign Class 3 Primary CA-G2 •...
Page 43: Return To Default
Return to Default Return to Default is also known as Unprovisioning. An AMT Setup and Configured system can be unprovisioned. It is done through the ME Platform Configuration Screen and the Un-Configure Network Access option. Figure 21: Intel AMT Un-configure Network Screen Depending on how the system was previously provisioned, one or both unprovisioning options may appear.
Page 44: Full Return To Factory Defaults
c. After unprovisioning is done, control is passed back to the AMT Configuration screen. Notice that the Setup and Configuration option is available again since the system is set to the default Enterprise mode. 2) Return to previous menu. 3) Exit. a.
Page 45 Appendix A: Frequently Asked Questions Q: How can the MEBx be locally accessed? A: The MEBx can be locally accessed by pressing CTRL-P during POST. Q: Why is the CTRL-P prompt not displayed during POST? A: By default the CTRL-P prompt is hidden during POST, but it can be display if set in F10 Setup.
Page 46 A: HP Client Configuration Manager and ISVs such as Altiris provide Setup and Configuration Servers. Check with your management console supplier to see if they offer this service. Q: Can AMT be set for static address and the OS set for DHCP or vice versa? A: No.
Page 47: Appendix B: Power / Sleep / Global States Explained
Appendix B: Power / Sleep / Global States Explained Under Advanced Configuration and Power Interface (ACPI) specification a PC can be in one of several Power states. These power states are also known as Sleep (Sx) states or Global (Gx) states. is the ON state.
Page 48: Appendix C: Wake-On-Me Explained
Appendix C: Wake-On-ME Explained Wake-On-ME, also known as ME WoL, is a feature that allows the ME to go into a low power state when it is not used. There are three conditions that must be met for Wake-On-ME to function. The system is in a sleep state: S3, S4, or S5 •...

This manual is also suitable for:

Compaq 8100