Intel Centrino Pro, vPro User Manual

466.26 Kb
Loading...

Guide

Intel® Centrino® with vPro™ Technology

Intel® Core™2 Processor with vPro™ Technology

Intel® vPro™ and Intel®

Centrino® Pro

Processor

Technology Quick

Start Guide

Based on Intel® Active Management Technology and LANDesk® Management Suite 8.8

Version 1.8

October 2008

Intel® vPro™ and Intel® Centrino® Pro Processor Technology Quick Start Guide

Contents

 

Preface.................................................................................................................................

3

Intended Audience....................................................................................................................................................................................

3

What This Document Contains ...........................................................................................................................................................

3

Process Overview..............................................................................................................

4

Section 1: Deciding Which Provisioning Mode to Use .............................................

5

Where do I go from here? .....................................................................................................................................................................

5

Section 2 – Deploying Intel® vPro Using SMB (Basic) Mode Provisioning ............

6

Process Flowchart ....................................................................................................................................................................................

6

Step 1: Configure Existing IT Infrastructure..............................................................................................................................

7

Step 2: Verify Intel vPro Client Windows Drivers....................................................................................................................

7

Step 3: Ensure Management Console Has the Correct Intel AMT Support.................................................................

8

Step 4: Configure Intel vPro Client BIOS ......................................................................................................................................

9

Step 5: Discover Intel vPro Clients Through the Management Console ...................................................................

11

Step 6: Test Intel vPro Client Functionality.............................................................................................................................

11

Step 7: Post Configuration...............................................................................................................................................................

13

Section 3 – Deploying Intel vPro Using Enterprise (Standard and Advanced) Mode

Provisioning.....................................................................................................................

16

Process Flowchart .................................................................................................................................................................................

16

Intel vPro Enterprise Setup and Configuration Flow ...........................................................................................................

17

Step 1: Configure Existing IT Infrastructure...........................................................................................................................

18

Step 2: Verify Intel vPro Client Windows Drivers.................................................................................................................

20

Step 3: Set Intel vPro Password and TLS mode in Management Console ...............................................................

20

Step 4: Configure Intel vPro Client Authentication Settings ..........................................................................................

21

Step 5: Discover Intel vPro Clients through the Management Console ....................................................................

27

Step 6: Test Intel vPro Client Functionality.............................................................................................................................

28

Step 7: Post Configuration...............................................................................................................................................................

29

Appendix A: Troubleshooting......................................................................................

32

An example of Successful Provisioning......................................................................................................................................

34

An example of an unsuccessful Provisioning ..........................................................................................................................

36

Appendix B: Glossary of Terms used in this guide.................................................

39

2

Intel® vPro™ and Intel® Centrino® Pro Processor Technology Quick Start Guide

Preface

This document provides the high level steps required to deploy desktop and notebook PCs with Intel® vPro™ technology. It does not provide step-by-step procedures for completing those high level steps, but instead provides links to more detailed information where such step-by-step procedures may be found.

Intended Audience

This Quick Start Guide is intended for Information Technology (IT) professionals, system integrators, and other technical specialists with experience deploying computer systems and networking technologies in an Information Technology environment. It is not intended for general audiences.

What This Document Contains

Section

Description

 

 

Process Overview

Provides a brief overview of the overall deployment process; lists high

 

level steps, including decisions to be made, which are explained in

 

more detail in subsequent sections.

 

 

Deciding Which Provisioning Mode To

Provides the necessary information to make the decision as to which

Use

provisioning mode will best suit your deployment needs based on the

 

size and complexity of your IT environment.

 

 

Deploying Intel vPro Using SMB (Basic)

Provides the overall steps to deploy Intel vPro based systems into your

Mode Provisioning

IT environment using SMB (also known as Basic) mode provisioning.

 

 

Deploying Intel vPro Using Enterprise

Provides the overall steps to deploy Intel vPro based systems into your

(Standard and Advanced) Mode

IT environment using Enterprise (composed of both Standard and

Provisioning

Advanced) mode provisioning.

 

 

Appendix A: Troubleshooting

Provides information on correcting problems that may arise during

 

deployment.

 

 

Appendix B: Glossary

Provides a list of terms used in this document and their definitions.

 

 

3

Intel® vPro™ and Intel® Centrino® Pro Processor Technology Quick Start Guide

Process Overview

Intel® Active Management Technology1 (Intel® AMT) provides significant flexibility in order to meet the needs of various customer environments. This flexibility requires that customers make a number of decisions when planning and implementing their deployment of Intel AMT-enabled systems.

The overall deployment process is shown below:

Install the LANDesk Management System (LDMS) agent on each client system. Since you will ultimately be utilizing the LANDesk Management Suite to manage your vPro clients the LANDesk Client Agent should be installed prior to provisioning Intel vPro. You can either push the client agent from the LANDesk Management Console or in the case of the One-Touch provisioning you can pull the client agent from the LANDesk Management Console. By having the client agent installed prior to provisioning the Intel vPro client you are not subject to your DNS resolving the host name and therefore provisioning should be fairly quick and easy.

Decide which provisioning mode to use (SMB or Enterprise). This decision determines which of the subsequent sections of this guide you will use to accomplish the remaining steps (below). See Section 1 for information on deciding which provisioning mode to use.

Install or validate infrastructure components (DNS, DHCP, SQL Server, etc.).

Ensure required Windows* drivers (for SOL and IDE-R) are installed on vPro clients.

Configure your management console to manage Intel vPro clients.

Configure Intel vPro components (Intel ME and Intel AMT) in Intel® Management Engine BIOS Extension (Intel® MEBx) on Intel vPro clients.

Discover Intel vPro clients in your management console.

Test Intel vPro client management functionality in your management console.

Perform post configuration steps (IT support process changes, maintenance procedures, etc.).

For Additional Information: Most sections will have a reference to additional information. Below is the URL where you can locate the documents referenced throughout the paper.

LANDesk® - http://download.intel.com/business/vpro/pdfs/landesk_whitepaper.pdf

Note: If you decide to use Enterprise mode provisioning, the process described above can vary significantly depending on whether or not you plan to use Remote Configuration, which uses Public Key Infrastructure (PKI) to authenticate communication between the provisioning server and the Intel vPro clients, and automates some of the steps above. See the flow chart in the next section below for a visual representation of the overall provisioning process, and the various “paths” through it depending on which provisioning mode and method you choose.

1. Intel® Active Management Technology (Intel® AMT) is a hardware-based technology that facilitates remote out-of-band management of computers by use of a small secondary processor located on the motherboard.

This out of band (OOB) controller has embedded firmware that runs on the Intel® Management Engine (Intel® ME), a separate small ARC architecture processor built into either the North Bridge or NIC of the motherboard. The Intel AMT firmware is stored in the same SPI flash memory component used to store the BIOS and is generally updated along with the BIOS.

4

Intel® vPro™ and Intel® Centrino® Pro Processor Technology Quick Start Guide

Section 1: Deciding Which Provisioning Mode to Use

Before starting the deployment, you must decide which provisioning mode to use: SMB or Enterprise.

Note: SMB mode, which stands for “Small-Medium Business,” is also known as “Basic” mode, and Enterprise mode can be divided into “Standard” and “Advanced” modes, based on whether you require Transport Layer Security (TLS) certificate-based encryption for you management traffic.

Several factors should be considered in deciding which provisioning mode to use, such as security requirements, size of organization, and existing IT infrastructure.

The primary difference between SMB and Enterprise modes is the ability to encrypt management traffic. In the Advanced Enterprise mode, all management traffic may be encrypted with Transport Layer Security (TLS). In SMB mode and the Standard Enterprise mode the traffic is not encrypted.

The other major difference in provisioning modes is how the client system receives its configuration information. In Enterprise mode, you can use manual, one-touch, or remote configuration options, or have your OEM pre-provision the client systems before shipment. In SMB mode, you must manually provision each client system.

The following questions can help you decide which mode to use.

Question

Yes

No

 

 

 

Do your security needs require that

You must choose Enterprise

You may choose either SMB or

all traffic from a management

Advanced mode.

Enterprise

console to the Intel vPro machine be

 

 

encrypted?

 

 

 

 

 

Is your IT infrastructure set up to

You should choose SMB (Basic)

You may choose either SMB or

support either Static IP or Windows

mode; manual management of the

Enterprise

Workgroups?

client host list is required.

 

 

 

 

Is your organization small enough to

You may choose either SMB or

You should choose Enterprise

provision each system manually?

Enterprise

 

 

 

 

Where do I go from here?

Selected provisioning mode:

Go to:

 

 

 

 

SMB

Section 2

– Deploying Intel® vPro Using SMB (Basic) Mode Provisioning on

 

page 6

 

 

 

 

Enterprise

Section 3

– Deploying Intel vPro Using Enterprise (Standard and Advanced)

 

Mode Provisioning on page 16

 

 

 

5

Intel® vPro™ and Intel® Centrino® Pro Processor Technology Quick Start Guide

Section 2 – Deploying Intel® vPro Using SMB (Basic) Mode Provisioning

Process Flowchart

The following picture shows the overall process flow for provisioning Intel vPro client systems in SMB mode. The steps are described in further detail in this section.

6

Intel® vPro™ and Intel® Centrino® Pro Processor Technology Quick Start Guide

Step 1: Configure Existing IT Infrastructure

Step 1a: Choose DHCP or Static IP Addressing for Client Systems.

If your IT environment requires the use of static IP addresses, be aware that the Intel AMT client must then have two IP addresses: one for the host OS and one for the Intel Management Engine (Intel ME). Use of static IP addresses also requires that the host OS and Intel ME on the client system have separate host (computer) names.

DHCP is recommended if it is supported in your IT environment. This allows the Intel AMT client to share a single IP address and hostname with the client OS. If static IP addressing is required for some applications, use reserved addresses for those clients that require a static IP address. This allows the application that requires a static IP address to meet its requirements, but allows Intel AMT to use one IP address and hostname instead of two.

If using DHCP, configure DHCP to support Option 81 so that the client provides its fully qualified domain name (FQDN) to the DHCP server, as well as instructions on how the DHCP server should process DNS updates for the client. Option 15 should also be enabled in the DHCP Scope Options to allow the DNS to resolve host queries after IP address changes.

Step 1b: Set Firewall/Router Ports

Set Firewall/Router Ports 16992 and 16994 to “open” for Intel AMT management traffic.

Step 2: Verify Intel vPro Client Windows Drivers

The following Intel AMT drivers, which are digitally signed by Intel and compatible with Microsoft Windows* operating systems (including Windows 2000, Windows XP, and Windows Vista*), are required on the Intel AMT client platform. Obtain these drivers from your client system manufacturer’s driver and download support pages (most client drivers and Intel MEBx updates are contained on the same support web page by the OEM).

Intel® Management Engine Interface (Intel MEI) driver -- Provides a secure local communications interface between the host operating system and the Intel ME via the Intel MEI.

Serial-over-LAN (SoL) driver -- Enables a COM port for VT100 or ANSI remote sessions prior to graphic interface when the operating system loads. You can view and send commands to a remote client prior to the operating system loading, including entering into the BIOS, viewing POST, etc.

Local Management Service (LMS) driver –Provides an interface enabling local management software agents to communicate with the Intel Management Engine using the same high-level protocols as those used for remote management (e.g. XML, SOAP). When first loaded, the driver will cause a pop-up to occur to confirm that Intel AMT is running. The pop-up can be disabled. As the Intel AMT firmware is updated, this driver is most likely to require a coordinated update as new features are enabled. The driver also checks for consistency of the Intel AMT hostname and the operating system host name.

7

Intel® vPro™ and Intel® Centrino® Pro Processor Technology Quick Start Guide

It is recommended that the LANDesk client agent also be installed, although it is not required. Discovery of the Intel vPro machine will differ depending on whether the client agent is installed. See Step 5: Discover Intel vPro Clients Through the Management Console on page 11 for further information.

Step 3: Ensure Management Console Has the Correct Intel AMT

Support

The Intel vPro features included in LANDesk System Manager (LSM) are now built into LANDesk Management Suite (LDMS) 8.8. This is a change from LDMS 8.7 where both LDMS and LMS were required for full Intel vPro functionality. LDMS 8.8 supports all Intel AMT features including System Defense and Agent Presence. LDMS 8.8 also supports both the wired and wireless functionality of systems based on Intel® Centrino® 2 with vPro™ technology.

Step 3a: Set Password:

1.In the LANDesk Configure Services tool, enter a strong password on the Intel vPro Configuration tab.

2.In the Current Intel vPro Credentials area, enter the current name and password for the Intel MEBx. This name and password will be used to enter the Intel MEBx after the original provisioning process has finished.

The Intel Management Engine BIOS Extension (Intel MEBx) is an option ROM module extension to the system BIOS. It.is provided to the OEM by Intel. The Intel MEBx allows you to configure settings that control the operation of the Management Engine which runs on the Intel AMT client. For more information on Intel MEBx, see the Intel Management Engine BIOS Extension User’s Guide.

Note: Use the same password in step 4c below when you change the Intel MEBx password on the Intel vPro client.

3.Leave the bottom half of the screen, Provision with new Intel vPro Credentials, blank at this time.

8

Intel® vPro™ and Intel® Centrino® Pro Processor Technology Quick Start Guide

Step 3b: Select TLS or non-TLS mode.

Under the Discovery & Provisioning portion of the dialog box you’ll find two options:

Provision in TLS mode for secure communication

Provision in non-TLS mode

Since you have made the choice to use SMB mode, select “Provision in non-TLS mode,” then click

Apply.

Step 4: Configure Intel vPro Client BIOS

Step 4a: Confirm You Have the Latest BIOS and Firmware Version

Visit your Original Equipment Manufacturer (OEM) website to determine if you have the latest versions of BIOS and firmware. If an update is needed, follow the instructions provided by the OEM to implement the update.

Examples of OEM BIOS updates include:

HP: http://h20000.www2.hp.com/bizsupport/TechSupport/SoftwareIndex.jsp?lang=en&cc=us&prodN ameId=3232116&prodTypeId=12454&prodSeriesId=3232030&swLang=13&taskId=135&swEnv OID=1093

Lenovo: http://www-307.ibm.com/pc/support/site.wss/MIGR-67881.html

Dell: http://support.dell.com/support/downloads/driverslist.aspx?c=us&l=en&s=gen&ServiceTag=&Sy stemID=PLX_PNT_P4_745C&os=WW1&osl=en&catid=&impid=

Step 4b: Enter the Intel MEBx

There are two methods to enter the Intel MEBx.

Ctrl-P: Start the Intel AMT enabled system. After the BIOS settings screen has passed, another screen is displayed prompting you to enter Ctrl-P. Type Ctrl-P to enter the Intel MEBx.

BIOS: Some local OEMs have chosen to have the Intel MEBx be a portion of their regular BIOS menu system. In this case enter the keystrokes to launch their BIOS settings screen (usually F2 or Del).

Step 4c: Change the Intel MEBx Password

Upon entering the Intel MEBx for the first time, you will be required to enter the default password, which is “admin.” When you enter the Intel MEBx for the first time, you will be prompted to change the password. The Intel MEBx password must meet “strong” password criteria which include:

Be between 8- and 32-characters long

9

Intel® vPro™ and Intel® Centrino® Pro Processor Technology Quick Start Guide

Contain both upper and lower case Latin characters

Have at least one numeric character

Have at least one ASCII non-alphanumeric character (!, @, #, $, %, ^, &, *)

Step 4d: Select an IP Addressing Scheme

SMB mode supports both Static IP and Dynamic Host Protocol Configuration (DHCP). DHCP is the most commonly used scheme today and provides the easiest integration with Intel AMT. If DHCP is your choice, simply ensure that the DHCP value is set properly in the MEBx (“DHCP Disabled? No”).

If you choose static IP addressing, the Intel AMT client must have two IP addresses, one for the host OS and one for the Intel Management Engine (Intel ME). Static IP addressing also requires a separate host (computer) name for the host OS and the Intel ME. To select static IP addressing, select “DHCP Disabled? Yes.” You’ll then be prompted to enter the IP information including IP address, subnet mask, default gateway, and primary and secondary DNS server.

A host name must be entered into the Intel MEBx whether you choose static IP or DHCP within SMB mode. It is not necessary to enter the Domain name into the Intel MEBx for SMB mode.

Step 4e: Set Additional Intel MEBx Parameters

There are a number of parameters that you can change in the Intel MEBx. All fields have a default setting that may vary slightly depending on the system’s manufacturer. However, you’ll need to pay particular attention to the following settings for SMB mode.

Setting

Intel AMT Configuration Mode

Configuration Server Options

Intel AMT Hostname

Intel AMT Domain Name

DHCP Enabled

Description or value

Set to SMB

Not needed because these apply only to enterprise mode

In SMB mode this is required. If you use DHCP, this must match computer name in the host OS. If you use static IP addressing, this name must be unique from the computer name in the host OS.

This will match the Domain Name in the Host OS

DHCP is recommended, but in SMB, both DHCP and Static IP addressing are supported

Refer to documentation provided by your hardware manufacturer to determine which settings you need to change.

For an example of an OEM configuration document:

HP dc7700 Business PC - http://www.icare.hp.com.cn/TechCenter_StaticArticle/37022/44474.pdf

10

Intel® vPro™ and Intel® Centrino® Pro Processor Technology Quick Start Guide

Step 5: Discover Intel vPro Clients Through the Management Console

Discovery of the Intel vPro devices varies depending on whether the latest LANDesk client agent is loaded.

Discovery Without the LANDesk Agent Installed on the Client:

1.In LANDesk, navigate to the Unmanaged Device Discovery (UDD) tab. The bottom half of the UUD tab displays the undiscovered devices,

2.On the UUD tab, click the Intel AMT category to display the discovered Intel vPro machines. Allow a few minutes for the Intel AMT client to display as the LANDesk Core Database must complete a refresh before the Intel AMT client appears. If the client still does not display after a few minutes, click on the refresh icon in the UDD tool bar (second icon from left).

3.Move the Intel vPro machines to your management database by right-clicking one of the devices and selecting Move to Inventory Database. Repeat for each Intel vPro machine.

4.Click the All Devices list to see the Intel vPro machines. You may need to click Refresh if the All Devices list was already displayed when you moved the Intel vPro machines.

5.Right click an Intel vPro machine to see all the Intel AMT selections available.

Discovery With the LANDesk Agent Installed on the Client:

No explicit action is required to discover Intel vPro client systems if the LANDesk Agent is installed on them. If the LANDesk Agent is installed on the client system, then that client system will already be listed in the All Devices list in LANDesk.

However, when you activate the Intel Management Engine (Intel ME) on the client using the process described in Steps 3 and 4 on the preceding pages, you will then see the Intel vPro selections available for that client when you right click on it in the All Devices list.

Step 6: Test Intel vPro Client Functionality

After the device has been discovered and added to the management database, it is a good idea to test the functionality of the Intel vPro machine. Perform the following steps to test the Intel AMT client functionality.

Step 6a: Test Intel AMT Client Functionality From LANDesk

1.In the All Devices list, right-click an Intel AMT device to display the menu of Intel AMT Options.

2.At a minimum, look at the following Intel AMT Options to test that the Intel AMT configuration has been successfully completed:

o Intel AMT Summary

11

+ 30 hidden pages