Table of Contents
Advertisement
Quick Links
Advertisement
Table of Contents
Related Manuals for Intel Centrino Pro
Summary of Contents for Intel Centrino Pro
- Page 1 Guide Intel® Centrino® with vPro™ Technology Intel® Core™2 Processor with vPro™ Technology Intel® vPro™ and Intel® Centrino® Pro Processor Technology Quick Start Guide Based on Intel® Active Management Technology and LANDesk® Management Suite 8.8 Version 1.8 October 2008...
-
Page 2: Table Of Contents
Step 1: Configure Existing IT Infrastructure...18 Step 2: Verify Intel vPro Client Windows Drivers...20 Step 3: Set Intel vPro Password and TLS mode in Management Console ...20 Step 4: Configure Intel vPro Client Authentication Settings ...21 Step 5: Discover Intel vPro Clients through the Management Console ...27 Step 6: Test Intel vPro Client Functionality...28... -
Page 3: Preface
Preface This document provides the high level steps required to deploy desktop and notebook PCs with Intel® vPro™ technology. It does not provide step-by-step procedures for completing those high level steps, but instead provides links to more detailed information where such step-by-step procedures may be found. -
Page 4: Process Overview
This out of band (OOB) controller has embedded firmware that runs on the Intel® Management Engine (Intel® ME), a separate small ARC architecture processor built into either the North Bridge or NIC of the motherboard. The Intel AMT firmware is stored in the same SPI flash memory component used to store the BIOS and is generally updated along with the BIOS. -
Page 5: Section 1: Deciding Which Provisioning Mode To Use
You may choose either SMB or Enterprise Go to: Section 2 – Deploying Intel® vPro Using SMB (Basic) Mode Provisioning on page 6 Section 3 – Deploying Intel vPro Using Enterprise (Standard and Advanced) Mode Provisioning on page 16... -
Page 6: Section 2 - Deploying Intel® Vpro Using Smb (Basic) Mode Provisioning
Section 2 – Deploying Intel® vPro Using SMB (Basic) Mode Provisioning Process Flowchart The following picture shows the overall process flow for provisioning Intel vPro client systems in SMB mode. The steps are described in further detail in this section. -
Page 7: Step 1: Configure Existing It Infrastructure
Step 1a: Choose DHCP or Static IP Addressing for Client Systems. If your IT environment requires the use of static IP addresses, be aware that the Intel AMT client must then have two IP addresses: one for the host OS and one for the Intel Management Engine (Intel ME). -
Page 8: Step 3: Ensure Management Console Has The Correct Intel Amt Support
It is recommended that the LANDesk client agent also be installed, although it is not required. Discovery of the Intel vPro machine will differ depending on whether the client agent is installed. See Step 5: Discover Intel vPro Clients Through the Management Console on page 11 for further information. -
Page 9: Step 4: Configure Intel Vpro Client Bios
Upon entering the Intel MEBx for the first time, you will be required to enter the default password, which is “admin.” When you enter the Intel MEBx for the first time, you will be prompted to change the password. The Intel MEBx password must meet “strong” password criteria which include: •... - Page 10 DHCP value is set properly in the MEBx (“DHCP Disabled? If you choose static IP addressing, the Intel AMT client must have two IP addresses, one for the host OS and one for the Intel Management Engine (Intel ME). Static IP addressing also requires a separate host (computer) name for the host OS and the Intel ME.
-
Page 11: Step 5: Discover Intel Vpro Clients Through The Management Console
Move to Inventory Database. Repeat for each Intel vPro machine. 4. Click the All Devices list to see the Intel vPro machines. You may need to click Refresh if the All Devices list was already displayed when you moved the Intel vPro machines. - Page 12 Mozilla 1.7 for Windows and Linux 3. Once the Intel AMT Configuration Web Page is displayed, login using ”admin” as the username and the Intel MEBx “strong” password you created in Step 4c on page 12. You can then view the following client management information:...
-
Page 13: Step 7: Post Configuration
Work with your management console to determine how best to utilize the new capabilities available to you through your Intel vPro devices. Further, it is a good idea to update your procedures to utilize Intel vPro features, such as those procedures your help desk staff follow when helping users. For example, you will want to update the process to re-image a PC that has blue screened at a remote site using the new Intel AMT features (i.e., SOL and IDE –... - Page 14 A message dialog is displayed on the client system whenever these three operations are performed. Note: Do not ping the Intel AMT client to test if the network is disabled. Intel AMT will still respond to pings.
- Page 15 XML pages used for System Defense. Once SD triggers an alert, the alert is displayed in the LSM log. LANDesk and Intel AMT limit network access by replacing the current client policy with the Kill All NICs policy when SD is triggered. The client machine is also placed in the Remediation queue, which can be found in Configure | System Defense | Remediation.
-
Page 16: Section 3 - Deploying Intel Vpro Using Enterprise (Standard And Advanced) Mode Provisioning
Section 3 – Deploying Intel vPro Using Enterprise (Standard and Advanced) Mode Provisioning Process Flowchart The following picture shows the overall process flow for provisioning Intel vPro client systems in Enterprise (Standard and Advanced) mode. The steps are described in further detail in this section. -
Page 17: Intel Vpro Enterprise Setup And Configuration Flow
– Security credentials fully loaded – Ready for remote management Factory State: An Intel vPro machine comes from the OEM in Factory State. In this state Intel AMT is un-configured and not available for use by management applications. When an operator enters information via the Intel Management Engine BIOS extension (Intel MEBx) manually or with the aid of a USB storage device, the Intel vPro machine makes the transition into the setup state. -
Page 18: Step 1: Configure Existing It Infrastructure
The DHCP server must support Option 81 to register network address information into the DNS server on behalf of the Intel ME. Option 15 should also be enabled in the DHCP Scope Options to allow the DNS to resolve host queries after IP address changes. - Page 19 BIOS.. It.is provided to the OEM by Intel. The Intel MEBx allows you to configure settings that control the operation of the Management Engine which runs on the Intel AMT client. For more information on Intel MEBx, see the Intel Management Engine BIOS Extension User’s Guide.
-
Page 20: Step 2: Verify Intel Vpro Client Windows Drivers
(e.g. XML, SOAP). When first loaded, the driver will cause a pop-up to occur to confirm that Intel AMT is running. The pop-up can be disabled. As the Intel AMT firmware is updated, this driver is most likely to require a coordinated update as new features are enabled. -
Page 21: Step 4: Configure Intel Vpro Client Authentication Settings
Current Intel vPro Credentials (top) portion of the screen. This is the password you will use in the future if you need to access the Intel MEBx on any individual client system after the initial provisioning process is complete. See the Intel MEBx User Guide for information on accessing and using the Intel MEBx on an Intel vPro machine. - Page 22 Intel MEBx on each Intel vPro client before deployment If you instruct your OEM to load the certificate hashes onto your Intel vPro clients, the clients will already have a certificate hash that matches the existing root certificate on your provisioning server when they arrive.
- Page 23 Step 4B: OEM Pre-configuration – Factory State to Configured State Most OEMs are willing to provide the service of changing the Intel vPro client from factory state to setup state by entering the password and client authentication information into the Intel MEBx on each client system for you.
- Page 24 Once the TLS-PSK keys are used during the setup and configuration stage, they are not used again unless an Intel vPro machine is re-provisioned. Whereas, the other TLS keys are used for all communications from the management console to the Intel vPro machine.
- Page 25 4. The console will display the values for manual entry into the Intel vPro machine, or there is an option to export/import (at the bottom of the dialogue box) the security keys to a USB thumb drive (filename setup.bin) for one-touch configuration.
- Page 26 Use this method to manually enter the password and PID-PPS credentials for each Intel vPro client machine. A minimal amount of information is required to change the Intel vPro client from Factory Mode to Setup Mode. The information required includes: •...
-
Page 27: Step 5: Discover Intel Vpro Clients Through The Management Console
Move to Inventory Database. Repeat for each Intel vPro machine. 4. Click the All Devices list to see the Intel vPro machines. You may need to click Refresh if the All Devices list was already displayed when you moved the Intel vPro machines. -
Page 28: Step 6: Test Intel Vpro Client Functionality
Step 6a: Test Intel vPro Client Functionality From LANDesk 1. In the All Devices list, right-click an Intel vPro device to display the menu of Intel AMT Options. 2. At a minimum, look at the following Intel vPro Options to test that the Intel AMT configuration... -
Page 29: Step 7: Post Configuration
Work with your management console to determine how best to utilize the new capabilities available to you through your Intel vPro devices. Further, it is a good idea to update your procedures to utilize Intel vPro features, such as those procedures your help desk staff follow when helping users. For example, you will want to update the process to re-image a PC that has blue screened at a remote site using the new Intel AMT features now available in your management console. - Page 30 A message dialog is displayed on the client system whenever these three operations are performed. Note: Do not ping the Intel AMT client to test if the network is disabled,; Intel AMT will still respond to pings.
- Page 31 • A UDP flood policy which will trigger SD if Intel AMT sees at least 20,000 UDP packets per second and will monitor for a Denial-of-service attack. • An SYN flood policy which will trigger SD if Intel AMT sees at least 20,000 IP packets per second and will monitor for a Denial-of-service attack.
-
Page 32: Appendix A: Troubleshooting
If you do not see these entries the most likely causes are: You have not matched the PID / PPS pre-shared keys between the Intel AMT client and the LANDesk core server. The keys generated through the LANDesk System Manager Configure | Intel vPro Options | ID Generation must match those you entered into the Intel MEBx. - Page 33 Intel AMT option and Move to Management Database option are grayed out. This error will occur if you run a network scan on the segment the Intel vPro machine resides on and it has not completed the provisioning process and does not have a LANDesk client agent installed. Use...
-
Page 34: An Example Of Successful Provisioning
Intel® vPro™ and Intel® Centrino® Pro Processor Technology Quick Start Guide An example of Successful Provisioning Thu, 28 Feb 2008 113500 LANDesk Intel AMT Provisioning Manager Thu, 28 Feb 2008 113500 IP 192.168.0.100 UUID 44454C4C-FF00-10FF-80FF-FFC04FFF0000 Thu, 28 Feb 2008 113500 FQDN name for ZTC client1.vprodemo.com... - Page 35 Intel® vPro™ and Intel® Centrino® Pro Processor Technology Quick Start Guide Thu, 28 Feb 2008 113507 Action SetRngKey Thu, 28 Feb 2008 113507 SetRngKey passed Thu, 28 Feb 2008 113507 Action SetTLSKeyAndCertificate Thu, 28 Feb 2008 113507 To generate keys and certificate...
-
Page 36: An Example Of An Unsuccessful Provisioning
Intel® vPro™ and Intel® Centrino® Pro Processor Technology Quick Start Guide An example of an unsuccessful Provisioning Thu, 06 Mar 2008 11:26:23 LANDesk Intel AMT Provisioning Manager Thu, 06 Mar 2008 11:26:23 IP: 192.168.0.100 UUID: 44454C4C-4A00-1032-8038-C6C04F514431 Thu, 06 Mar 2008 11:26:28 Hostname from DNS: Thu, 06 Mar 2008 11:26:29 Host Name: 192.168.0.100... - Page 37 Intel® vPro™ and Intel® Centrino® Pro Processor Technology Quick Start Guide Thu, 06 Mar 2008 11:26:35 Action: getDomainname Thu, 06 Mar 2008 11:26:35 GetDomainName passed Thu, 06 Mar 2008 11:26:35 Action: GetPkiCapabilities Thu, 06 Mar 2008 11:26:35 GetPkiCapabilities passed Thu, 06 Mar 2008 11:26:35 Action: SetEnabledInterfaces...
- Page 38 Intel® vPro™ and Intel® Centrino® Pro Processor Technology Quick Start Guide Thu, 06 Mar 2008 11:26:37 Success to generate keys and certificate Thu, 06 Mar 2008 11:26:37 SetTLSKeyAndCertificate passed Thu, 06 Mar 2008 11:26:37 Action: setNetworkTime Thu, 06 Mar 2008 11:26:37 GetLowAccuracyTimeSynch passed...
-
Page 39: Appendix B: Glossary Of Terms Used In This Guide
DNS: Domain Name Service. Enterprise Mode: Provisioning model used for larger organizations Intel® AMT: Intel® Active Management Technology allows Web Service calls to Intel desktops and notebook clients for out-of-band management and services. Intel® Centrino® Pro processor technology: Intel processor technology that provides a higher level of security and management to mobile computers. - Page 40 Intel® vPro™ and Intel® Centrino® Pro Processor Technology Quick Start Guide...
- Page 41 *Other names and brands may be claimed as the property of others. Copyright © 2008 Intel Corporation. All rights reserved. Intel®, the Intel logo, Intel. Leap ahead™, the Intel Leap ahead™ Logo, Centrino®, the Centrino® logo, Intel® Core™, vPro™, the vPro™ logo, Intel SpeedStep™, Pentium®, and Celeron® are registered trademarks of Intel Corporation in the United States and other countries.
Need help?
Do you have a question about the Centrino Pro and is the answer not in the manual?
Questions and answers