Setup and Configuration of Intel AMT > Setup and Configuration Methods > Manual Setup and Configuration (from Release 6.0)

Manual Setup and Configuration (from Release 6.0)

note-icon Note:

To set up and configure the Intel AMT device, there are several tools available, such as Intel® Endpoint Management Assistant (Intel® EMA) and  Open AMT Cloud Toolkit, which streamline the Intel AMT provisioning process and provide endpoint manageability capability for IT.
Note: Intel® Setup and Configuration Software (Intel® SCS) is no longer supported since 12/31/2022.

 

note-icon Note:

This section applies only to Intel AMT release 6.0 and later.

A user who can access the ME BIOS extension can move Intel AMT to a setup state by providing a new admin password. Applications performing subsequent configuration will use this password as a credential.

From release 6.0 there are no feature limitations when configuring a platform manually, but there are some system behaviors to be noted:

   API methods will not return a PT_STATUS_INVALID_MODE status, as there is only one mode.

   TLS is disabled by default and should be explicitly enabled during configuration. This will always be the case with manual configuration, as there is no way to set TLS parameters locally.

   The local platform clock will be used until the network time is set (to UTC) remotely. Automatic configuration will not complete successfully unless network time was set, only when TLS or Kerberos was configured. Enabling TLS or Kerberos after configuration completion will not succeed if the network time was not set.

   WEBUI is enabled by default, unless a configuration server disables it.

   SOL and Storage Redirection are enabled by default, but the redirection listener is disabled by default.

   If KVM is enabled locally via the MEBx, it still will not be enabled until an administrator activates it over the network.

Performing Manual Setup

During power up, the Intel AMT platform first displays the BIOS startup screen, and then the BIOS Extensions are processed. Entry into the Intel AMT BIOS Extension is BIOS vendor dependent. Intel AMT reference platforms display a screen prompting you to press <Ctrl+P>. When you press <Ctrl+P> control passes to the Intel® Management Engine BIOS extension (MEBx) Main Menu.

Perform the following steps to perform manual setup:

1.  Enter the MEBx default password (“admin”)

2.  Change the default password to a new value (this step is required in order to proceed). The new value must be a “strong” password: It should contain at least one upper case letter, one lower case letter, one digit and one special character, and be at least eight characters. A management console application can change the Intel AMT password without modifying the MEBx password.

3.  Select Intel(R) AMT Configuration.

4.  Select Manageability Feature Selection.

5.  Select ENABLED to enable Intel(R) AMT.

6.  Exit to the Main Menu.

7.  Select Intel(R) ME General Settings.

8.  The default setting for IP address acquisition is to use a DHCP server. If you are setting the platform IP address manually perform the following steps:

a.   Select Network Setup.

b.   Select TCP/IP Settings.

c.    Select Wired LAN IPV4 Configuration.

d.   Select DHCP Mode.

e.   Set the mode to DISABLED.

f.    Once the DHCP mode is set to DISABLED, the static IPv4 options appear.  Select IPv4 Address and enter an IP address.

g.   Select Subnet Mask Address and enter a subnet mask.

h.   Set other parameters as required.

i.    Exit to the ME General Settings menu.

9.  Return to the Intel(R) AMT Configuration menu; Select SOL/IDE-R, select Legacy Redirection Mode and select ENABLED to enable the redirection listener.

note-icon Note:

Beginning in release 11.0, Storage Redirection uses the USB-R protocol rather than the IDE-R protocol; however, the menu item has not been changed so as to preserve backwards compatibility.

This can ensure compatibility with management consoles created to work with the legacy SMB mode and do not have a mechanism implemented to enable the listener.

10.       Return to the Intel(R) ME General Settings menu. Select Activate Network Access. Press <Y> in response to the confirmation message.

The platform is now configured. You can set additional parameters using the web interface or a remote console (see Accessing Intel AMT via the WebUI Interface).

If TLS will be used, see the certificate enrollment flow for a secure way to configure TLS.

Copyright © 2006-2022, Intel Corporation. All rights reserved.