Good to Know Database

Intel AMT: Setup AMT 2.6 in Enterprise Mode


The Enterprise provisioning mode is designed to serve the needs of large enterprises with trained IT staff in securely managing multi-site networks. When supported with the proper network infrastructure services, this mode can provide automated, secure, one-touch provisioning for Intel AMT platforms.

The required network infrastructure services include:
- DHCP service
- DNS Service
- TLS Certificate Authority Service
- Provisioning Service

Intel AMT systems arrive at a customer's site from the PC vendor's factory and are placed into inventory in an IT staging area. The staging area features an isolated wired LAN with DHCP, DNS, and Provisioning servers. The wired LAN must be isolated from the rest of the enterprise network(s) to prevent disclosure of security-related parameters while they are being uploaded to Intel AMT systems The Provisioning Server should also support a secured connection over a second interface to a TLS Certificate Authority server. Intel AMT systems in the Enterprise provisioning mode will typically have DHCP enabled by default.

Source: http://www.intel.com

Activate MEBx (Management Engine BIOS Extensions)
1. power on the AMT computer
2. enter the BIOS Setup
3. change to page 3 for Toshiba BIOS
4. enable the MEBx Setup
5. save the BIOS settings

Change the AMT Password
1. press CTRL-P while rebooting
2. enter the AMT password (default = "admin")
3. select "Change Intel(R) ME Password"
4. enter new password

Activate AMT
1. select "Intel(R) ME Configuration"
2. press the Y key
3. select "Intel(R) ME Features Control"
4. select "Manageability Feature Selection"
5. select "Intel(R) AMT"
6. select "Return to Previous Menu"
7. select "Intel(R) ME Power Control"
8. select "Intel(R) ME ON in Host Sleep States"
9. select "Mobile: ON in S0; ME WoL in S3/AC, S4-5/AC"
10. select "Return to Previous Menu"
11. select "Return to Previous Menu"
12. wait while the machine is rebooting

Preparing the Intel® AMT Developer Tool Kit (DTK)
1. start a second machine in the same network
2. check if the .NET Framework 2.0 is installed
3. download the latest Intel® AMT Developer Tool Kit (DTK) (in this description I have used the version 0.41)
4. install the AMT DTK
5. execute the "Intel AMT Director.exe"
6. open "\Configuration Server\Certificate Manager"
7. click on "Create Root Certificate..."
8. enter the Common name (e.g. "Test Root Certificate")
9. enter the Organization name (e.g. "Toshiba Europe GmbH")
10. enter the Country code (e.g. "GR")
11. click on "Generate"
12. click on "Yes"
13. open "\Configuration Server\Security Profiles"
14. click on "Add Security Profile..."
15. enter the profile name (e.g. TestProfile)
16. open "\Configuration Server\Security Profiles\TestProfile"
17. click on the button behind the "Intel AMT Features"
18. enable all features
19. click on "OK"
20. open "\Configuration Server\One Touch Configuration"
21. click on "Generate Key..."
22. enter the AMT password
23. move the "Key strength" controller to unhide the "OK" button
24. click on "OK"
25. note the generated "Identifier" (PID) and the "Stored Key" (PPS) for the further instructions
26. open the "Help" menu
27. click on "Show Debug Information..."
28. switch to the "Events" tab

Delete old AMT settings
1. power on the AMT computer
2. press CTRL-P while booting
3. enter the AMT password
4. select "Intel(R) AMT Configuration"
5. select "Un-Provision"
6. press the Y key
7. select "Full Unprovision"

Enable the Enterprise Mode
1. select "Provisioning Server"
2. enter the IP address of the provisioning server (e.g. 192.168.20.55)
3. enter the port number "9971"
4. select "Set PID and PPS"
5. enter the PID (e.g. "0000-003F")
6. enter the PPS (e.g. "0000-0000-0000-0000-0000-0000-NM5S-XTY9")
7. select "SOL/IDE-R" (Serial Over LAN/IDE-Redirection)
8. press the Y key
9. enable "Username & Password"
10. enable "Serial Over LAN"
11. enable "IDE Redirection"
12. select "Return to Previous Menu"
13. select "Exit"
14. press the Y key
15. wait while the machine is rebooting

Checking the AMT-Configuration with the Intel® AMT Developer Tool Kit
1. check the event log from the AMT Director (if nothing appears, please wait a few minutes)
2. open "\Network"
3. check if the AMT computer is registered and the connection is established

Checking the AMT-Configuration with the AMT web interface
1. start the AMT computer
2. check the IP address
3. open any web browser on a second machine in the same network
4. enter the URL "http://<ip-address>:16992"
5. click on the "Log On..."-button
6. enter the username "admin" and the password
7. the AMT web interface should be available


Dieser Eintrag wurde am 02.11.2007 erstellt und zuletzt am 10.02.2011 bearbeitet.

Direkter Link zu dieser Seite: http://www.gtkdb.de/index_15_199.html

[ Zur Startseite ]   [ Zur Kategorie ]


Valid XHTML 1.0 Transitional Valid CSS Valid Atom 1.0

© 2004-2018 by Georg Kainzbauer