Lenovo ThinkCentre M91p Configuration manual

Brand: Lenovo

Model: ThinkCentre M91p

Category: PC/workstation barebones

Type: Configuration manual

ThinkCentreM91p

IntelActiveManagementTechnology

CongurationGuide

ThinkCentreM91p

IntelActiveManagementTechnology

CongurationGuide

Note:Beforeusingthisinformationandtheproductitsupports,readthegeneralinformationinAppendixC

“Notices”onpage27.

FirstEdition(March2011)

©CopyrightLenovo2011.

LENOVOproducts,data,computersoftware,andserviceshavebeendevelopedexclusivelyatprivateexpenseandare

soldtogovernmentalentitiesascommercialitemsasdenedby48C.F.R.2.101withlimitedandrestrictedrightsto

use,reproductionanddisclosure.

LIMITEDANDRESTRICTEDRIGHTSNOTICE:Ifproducts,data,computersoftware,orservicesaredeliveredpursuant

aGeneralServicesAdministration“GSA”contract,use,reproduction,ordisclosureissubjecttorestrictionssetforth

inContractNo.GS-35F-05925.

Contents

Aboutthisdocument.........v

Chapter1.IntroductiontoIntelvPro

andIntelAMT.............1

Acronyms................1

Chapter2.Featuresandbenetsof

IntelAMT...............3

Featuresandbenets............3

Chapter3.Mainfeaturesof

computersbuiltwithIntelAMT....5

CIRA..................5

KVMredirection..............6

HostBasedProvisioning...........6

Chapter4.IntelAMTsetupand

congurationonLenovoThinkCentre

M91pdesktopcomputers......7

IntelAMTcongurationsettingsinSetupUtility..7

IntelMEBxsetupandconguration......8

EnteringtheMEBxcongurationuser

interface...............8

Intel(R)MEGeneralSettings.......8

Intel(R)AMTConguration........11

Driverdescription.............19

MEI.................19

LMS.................20

SOL.................20

Chapter5.Webuserinterface....21

AccessingtheWebuserinterface.......21

ConguringtheIntelAMTcomputer....21

Loggingontotheclient.........22

FunctionsintheWebuserinterface......22

AppendixA.Examplesofconguring

IntelAMTinmanualandautomatic

setupandcongurationmodes...23

ConguringIntelAMTinmanualsetupand

congurationmode.............23

ConguringIntelAMTinautomaticsetupand

congurationmode.............23

ZTCprovisioning............23

USBprovisioning............24

AppendixB.Factorydefaultsettings

fortheIntelMEBx...........25

AppendixC.Notices.........27

Trademarks................28

©CopyrightLenovo2011

iii

ivThinkCentreM91pIntelActiveManagementTechnologyCongurationGuide

Aboutthisdocument

ThisdocumentprovidesinformationaboutIntel

ActiveManagementTechnology(IntelAMT)forLenovo

ThinkCentre

M91pdesktopcomputers.Thisdocumentprovidesstep-by-stepinstructionsonhowtouse

IntelAMT.

ThisdocumentisintendedfortrainedITprofessionalsorthoseresponsibleforconguringcomputers

throughouttheirorganizations.Thereadersshouldhavebasicknowledgeofnetworkandcomputer

technology,andbefamiliarwiththetermsTCP/IP,DHCP ,IDE,DNS,SubnetMask,DefaultGateway,Domain

Name,andsoon.

Thisdocumentprovidesinformationaboutthefollowingtopics:

Chapter1“IntroductiontoIntelvProandIntelAMT”onpage1:Thischapterprovidesageneralintroduction

toIntelvPro

™

andIntelAMT.

Chapter2“FeaturesandbenetsofIntelAMT”onpage3:Thischapterintroducesthefeaturesand

benetsofIntelAMT.

Chapter3“MainfeaturesofcomputersbuiltwithIntelAMT”onpage5:Thischapterintroducesthemain

featuresofIntelAMTbuilt-incomputers.

Chapter4“IntelAMTsetupandcongurationonLenovoThinkCentreM91pdesktopcomputers”on

page7:ThischapterprovidesdetailedinstructionsonhowtocongureIntelAMTsettingsonLenovo

ThinkCentreM91pdesktopcomputers.

Chapter5“Webuserinterface”onpage21:Thischapterprovidesinstructionsonhowtoaccessthe

IntelAMTWebuserinterface.

©CopyrightLenovo2011

viThinkCentreM91pIntelActiveManagementTechnologyCongurationGuide

Chapter1.IntroductiontoIntelvProandIntelAMT

IntelvProisabusinesscomputerplatformthatprovidesbusinesscomputerswithenhancedremote

managementcapabilities.ForcomputersbuiltwithIntelvPro,ITadministratorscanuseathirdpartysoftware

toremotelycollectinventoryinformation,diagnoseproblems,andprovidevariousservicesregardlessof

thecomputerpowerstateortheoperatingsystemstate.ITadministratorscanalsoisolateandprotect

individualcomputersandthenetworkfromthreats.

AsafeatureofIntelvPro,IntelAMTisdesignedtoprovideremotemanagementofcomputersregardless

ofthecomputerpowerstateortheoperatingsystemstateaslongasthecomputersareconnectedtoan

electricaloutletandanetwork.

IntelAMTisdesignedasabuildingblockandnotacompletesolution.ThisenablesOriginalEquipment

Manufacturers(OEMs)toincorporateIntelAMTintotheirclientandserverhardwareplatforms.Competent

andauthorizedthirdpartyapplicationsprovidemanagementandsecurityservicesthattakeadvantageof

theIntelAMTfeatures,suchasout-of-bandaccesstoassetinformation,eventlogs,hardwareandsoftware

tables,andembeddedcapabilities.

Acronyms

Thefollowingtablelistsandexplainssomeacronymsusedinthisdocument.

AcronymDescription

ACLAccessControlList

AMTActiveManagementTechnology

ASFAlertStandardFormat

BIOSBasicInputOutputSystem

CIRAClientInitiatedRemoteAccess

DHCPDynamicHostCongurationProtocol

DNSDomainNameServer

FQDNFullyQualiedDomainName

FWFirmware

HBPHostBasedProvisioning

HECIHostEmbeddedControllerInterface

IDE-RIntegratedDeviceElectronics-Redirection

IPInternetProtocol

ISVIndependentSoftwareVendor

KVMKeyboard-Video-Mouse

LMSLocalManageabilityService

MEManagementEngine

MEBx

ManagementEngineBIOSExtension

MEI

ManagementEngineInterface

NVMNonvolatilememory

OEMOriginalEquipmentManufacturer

©CopyrightLenovo2011

AcronymDescription

OOBOut-of-band

PID/PPS

ProvisioningIDandProvisioningPre-sharedKey

PKI

PublicKeyInfrastructure

PRTCProtectedRealTimeClock

PSK

Pre-sharedKey

PXEPrebootExecutionEnvironment

RCFGRemoteConguration

SHASecureHashAlgorithm

SMBSmallandMediumBusinesses

SOLSerial-over-LAN

TCPTransmissionControlProtocol

TLSTransportLayerSecurity

WOL

WakeonLan

ZTCZeroTouchConguration

2ThinkCentreM91pIntelActiveManagementTechnologyCongurationGuide

Chapter2.FeaturesandbenetsofIntelAMT

ThischapterintroducesthefeaturesandbenetsofIntelAMT.

ThefollowingtableliststheLenovobusinesscomputerswithIntelAMTinstalled.

LenovocomputerIntelAMTversion

ThinkCentreM91p

IntelAMT7.X

ThinkCentreM90p

IntelAMT6.X

ThinkCentreM58p

IntelAMT5.X

ThinkCentreM57p

IntelAMT3.X

ThinkCentreM55p

IntelAMT2.X

Featuresandbenets

ThinkCentreM91pcomputersbuiltwithIntelAMTenableITadministratorstobetterdiscover,heal,and

protectthenetworkedcomputingassets.

•Discover:IntelAMTstoreshardwareandsoftwareinformationinnonvolatilememory(NVM).Withbuilt-in

manageability,IntelAMTenablesITadministratorstodiscoverassetsremotely,evenwhencomputersare

turnedoff.

•Heal:Thebuilt-inmanageabilityofIntelAMTprovidesout-of-band(OOB)managementcapabilities,which

enableITadministratorstoremotelydiagnosecomputerproblemsandrecovercomputersevenifthe

operatingsystemsareinoperable.ProactivealertingandeventlogginghelpITadministratorsdetect

problemsquicklytoreducecomputerdowntime.

•Protect:TheIntelAMTsystemdefensefeatureenablesbetterprotectionforcomputersbyproactively

blockingincomingthreats,controllinginfectedcomputersbeforethecomputerscauseproblemsinthe

network,andalertingITadministratorswhencriticalsoftwareagentsareremovedfromthecomputers.

ThefollowingtableshowsthefeaturesandbenetsofIntelAMT.

Table1.FeaturesandbenetsofIntelAMT

FeaturesBenets

OOBsystemaccess

Enablesremotemanagementofclientsregardlessof

clientpowerstateandoperatingsystemstate

Remotetroubleshootingandrecovery

SignicantlyreducesIThelpdeskvisitsandincreasesIT

serviceefciency

ProactivealertingDecreasescomputerdowntimeandminimizesITservice

time

RemotehardwareassettrackingIncreasesspeedandaccuracywithreducedaccounting

costs,comparedwithmanualinventorytracking

©CopyrightLenovo2011

4ThinkCentreM91pIntelActiveManagementTechnologyCongurationGuide

Chapter3.MainfeaturesofcomputersbuiltwithIntelAMT

ComputersbuiltwithIntelAMTversion2.0orlaterhavethefollowingfeaturesandimprovements:

•Remotepowercontrol

–Poweron

–Poweroff

–Powerreset

–Powercycle

•Assetmanagement

–E-Assettag

–OOBhardwareinventory

•IntegratedDeviceElectronics-Redirection(IDE-R)

–Floppyredirection

–CDredirection

•Serial-over-LAN(SOL)

–Screenredirectionbasedontext

–Keyboardredirection

–Networkredirection

•Remoterestart

–Restartfromalocalharddiskdrive

–RestartfromalocalCDorDVDdrive

–RestartfromalocalPrebootExecutionEnvironment(PXE)

•Eventmanagement

–Eventalerting

–Eventlogging

–Auditlog

•Agentpresence

•Systemdefense

•ClientInitiatedRemoteAccess(CIRA)

•Keyboard-Video-Mouse(KVM)redirection

•HostBasedProvisioning(HBP)

CIRA

ThinkCentreM91pcomputersbuiltwithIntelAMTsupporttheClientInitiatedRemoteAccess(CIRA)

function.YoucanperformthisfunctionthroughISVapplications..

TheCIRAfunctionenablesclient-initiated,secureOOBcommunicationtothemanageabilityconsole,

whichincludes:

•User-initiatedcall-homefeature

©CopyrightLenovo2011

•Scheduled,automatedcall-homefeature(nouserinputrequired)

•TransportLayerSecurity(TLS)sessionestablishedthroughclientinitiation

KVMredirection

ThinkCentreM91pcomputersbuiltwithIntelAMT7.XsupportKeyboard-Video-Mouse(KVM)redirection

overInternetProtocol(IP).KVMredirectionenablesITadministratorstoremotelycontrolthekeyboard,video

orvisualdisplayunit,andmouseofthemanagedclients.KVMredirectionhasthefollowingadvantages:

•Workstably

•Basedonhardware

Note:KVMredirectionisbasedonhardwaresothatitcanworkcorrectlyregardlessoftheoperating

systemstateofthemanagedclients.

•Manageclientsthroughmanagementserversremotely

•Healing,installationandapplicationssupport

Notes:

1.KVMredirectioninIntelAMT7.XcanbeusedonlyoncomputerswithIntelintegratedgraphics.For

computerswithdiscretegraphicscards,theSerial-over-LAN(SOL)functioncanbeusedtosupport

remotediagnosticsandrepair.

2.TheKVMuserinterfacesareonlyavailableoncomputersthatsupportKVMredirection.Formore

informationaboutKVMuserinterfaces,see“SOL/IDER/KVM”onpage12.

HostBasedProvisioning

ThinkCentreM91pcomputersbuiltwithIntelAMTsupporttheHostBasedProvisioning(HBP)function.As

anewfeatureinIntelAMT7.X,thisfunctionprovidesnewinterfacesforsystemsetupandconguration

throughoperatingsystems.Italsohelpsreducecostandeffortsrelatedtosystemsetup,conguration,

andmaintenance.

ByenablingHBPfunction,youcansimplifyIntelvProtechnologyactivationthroughthefollowingways:

•FullyactivatevProthroughsoftware

•RemotelyndandactivateIntelvProtechnologyinanautomaticmanner

6ThinkCentreM91pIntelActiveManagementTechnologyCongurationGuide

Chapter4.IntelAMTsetupandcongurationonLenovo

ThinkCentreM91pdesktopcomputers

TheIntelManagementEngine(ME)isanisolatedandprotectedcomputingresourcethatrunsonanIntel

AMTcomputer.TheIntelManagementEngineBIOSExtension(MEBx)providesauserinterfacetochangeor

conguresettingsthatcontroltheoperationoftheIntelManagementEngine(ME).

AllchangestotheMEplatformcongurationsettingsarenotcachedintheMEBx,butcommittedtotheME

nonvolatilememoryuntilyouexittheMEBx.IftheIntelMEBxcrashesintheprocessoftheconguration,the

changesthatyouhavemadewillnotbesaved.

Note:ToperformtheCIRAfunction,congureyourcomputerintheMEBxformanualsetupand

congurationmodeorautomaticsetupandcongurationmode,andthenusetheCIRAfunctionthroughISV

applications.YoudonotneedtodoanyadditionalsetupandcongurationintheMEBx.

IntelAMTcongurationsettingsinSetupUtility

TheSetupUtilityprogramenablesyoutoviewandchangetheIntelAMTrelatedcongurationsettings

foryourcomputer.

TovieworchangetheIntelAMTcongurationsettings,dothefollowing:

1.RepeatedlypressandreleasetheF1keywhenturningonthecomputer.Whenyouhearmultiplebeeps

orseealogoscreen,releasetheF1key.TheSetupUtilityprogramstarts.

2.FromtheSetupUtilityprogrammainmenu,selectAdvanced➙Intel(R)Managebility.Thefollowing

windowwillbedisplayed.

Figure1.Intel(R)ManageabilitycongurationsettingsinSetupUtility

Inthewindow,youcanviewthefollowingIntelAMTcongurationsettings:

©CopyrightLenovo2011

Option

DefaultsettingDescription

Intel(R)ManageabilityControl

Enabled

UsedtoenableordisabletheIntel(R)

Manageabilityinterface.

Intel(R)AMTReset

DisabledUsedtoenableordisabletheIntel

AMTresetfunction.

Press<Ctrl-P>toEnterMEBx

EnabledUsedtoenableordisablethe

entranceoftheMEBxsetup

congurationmenu.

Formoreinformation,seetheinstructionsandthehelpmessagesonthescreen.

IntelMEBxsetupandconguration

ThissectionprovidesinstructionsonhowtosetupandcongureIntelAMTforyourcomputer.

EnteringtheMEBxcongurationuserinterface

RepeatedlypressandreleaseCtrl+Pwhenturningonthecomputer.WhenyouseetheIntelManagement

EngineBIOSExtensionwindow,releasetheCtrlandPkeys.Youwillbepromptedtopress1toenterthe

IntelMEBxMAINMENUwindow(Figure2)Press1toenterMEcongurationscreenswindow.Youwillbe

promptedtoentertheIntelMEpassword.TypetheIntelMEdefaultpasswordadminandthenyouwillbe

promotedtotypeanewpassword.TosetanewIntelMEpassword,see“ChangeMEPassword”onpage9

Figure2.IntelMEBxMAINMENUwindow

Intel(R)MEGeneralSettings

SelectIntel(R)MEGeneralSettingsintheIntelMEBxMAINMENUwindowandpressEnter.TheINTEL(R)ME

PLATFORMCONFIGURATIONwindowopens(Figure3).Thiswindowenablesyoutocongurethegeneral

settingsoftheIntelME,suchasMEstate,MEpassword,powercontrol,andsoon.

8ThinkCentreM91pIntelActiveManagementTechnologyCongurationGuide

Figure3.INTEL(R)MEPLATFORMCONFIGURATIONwindow

ThefollowingoptionsarelistedintheINTEL(R)MEPLATFORMCONFIGURATIONwindow:

ChangeMEPassword

TheChangeMEPasswordoptionenablesyoutochangetheIntelMEpassword.

TochangetheIntelMEpassword,selectChangeMEPasswordandpressEnter.Typeyournewpassword

andpressEnter.Whenpromptedtoconrmthenewpassword,typeyournewpasswordagain.

Passwordconsiderations:Forsecurityreasons,itisrecommendedtouseastrongpasswordthatcannot

beeasilycompromised.Tosetastrongpassword,usethefollowingguidelines:

•Haveeightto32charactersinlength

•Containatleastonealphabeticcharacter,onenumericcharacter,andonesymbol

(!@#$%^&*andsoon)

•Containatleastoneuppercaseletterandonelowercaseletter

•Youcanalsousethespacebarandunderscore(_).

Notes:

•TheIntelMEpasswordhasalengthlimitof32characters.Ifyouentermorethan32characters,the

32ndcharacterwillbereplacedbythelastcharacteryouenter.Thus,thepasswordwillbecomprised

oftherst31charactersandthelastcharacter.

•TheIntelMEpasswordcanberesettothedefaultoneadminintheSetupUtilityprogram.Ifyouwant

toresetthepassword,settheIntel(R)AMTResetoptionfromDISABLEDtoENABLED.See“Intel

AMTcongurationsettingsinSetupUtility”onpage7.Whenthesystemrestarts,amessageFound

uncongurationofIntel(R)MEContinuewithunconguration(Y/N)willbedisplayed.PressY.When

youentertheMEBxagain,youwillndthatthepasswordhasbeensuccessfullyresettoadmin.

FWUpdateSettings

SelectFWUpdateSettingsandpressEnter.TheFWUpdateSettingswindowopens.

Chapter4.IntelAMTsetupandcongurationonLenovoThinkCentreM91pdesktopcomputers9

Option

Description

LocalFWUpdateYoucanenable,disable,orusetheMEBxpasswordto

protecttheIntelMErmwarelocalupdate.Whenthe

LocalFWUpdateoptionissettoENABLED,theIT

administratorcanupdatetheIntelMErmwarelocally

throughthelocalIntelMEinterfaceorthroughthelocal

secureinterface.WhentheLocalFWUpdateoptionis

settoDISABLED,thelocalIntelMErmwareupdateis

notallowed.WhentheLocalFWUpdateoptionissetto

PasswordProtected,LocalFWupdateisprotectedby

theMEBxpassword.

SetPRTC

SelectSetPRTCintheINTEL(R)MEPLATFORMCONFIGURATIONwindowandpressEnter.Youare

promptedtoentertheProtectedRealTimeClock(PRTC)valueinCoordinatedUniversalTime(UTC)format

(YYYY:MM:DD:HH:MM:SS).SettingaPRTCvaluehelpsmaintainthePRTCwhenyourcomputeristurned

off.ThevalidPRTCdaterangesfromJanuary1,2004toJanuary4,2021.

PowerControl

ThePowerControlmenuenablesyoutoconguretheMEpowercontrolpolicies.Toconformwiththe

ENERGYSTARprogramandtheEuPLot6requirements,theIntelMEcanbeturnedoffinvarioussleep

states.SelectPowerControlandpressEnter.TheINTEL(R)MEPOWERCONTROLwindowopens.Inthe

INTEL(R)MEPOWERCONTROLwindow,thefollowingoptionswillbedisplayed.

10ThinkCentreM91pIntelActiveManagementTechnologyCongurationGuide

Option

Description

Intel(R)MEONinHostSleepStates

UsedtospecifywhentheIntelMEwillbeturnedon.

SelectIntel(R)MEONinHostSleepStatesandpress

Enter.Youcanchoosewhichpowerpackagewillbeused.

•Desktop:ONinS0–Thisoptionmeansonlywhen

yourcomputeristurnedonandoperationalwillthe

IntelMEbeturnedon.

•Desktop:ONinS0,MEWakeinS3,S4-5–This

optionmeanstheIntelMEwillbeturnedonwhenyour

computeristurnedonandoperational.TheIntelME

canberemotelywokenupwhenyourcomputerisin

sleepmode,hibernationmode,orturnedoff.

Notes:

–S0:Poweronstate

–S3:Standbysleepstate

–S4:Hibernatesleepstate

–S5:Shutdownsleepstate

WithIntelMEWakeonLan(WOL),afterthetime-outtimer

expires,theIntelMEremainsintheM-off

stateuntila

commandissenttotheIntelME.Afterthiscommandis

sent,theIntelMEwilltransitiontotheM0

orM3

state

andwillrespondtothenextcommand.Apingtothe

IntelMEcanalsomaketheIntelMEtransitiontoanM0

orM3state.IntelMEtakesashorttimetotransitionfrom

theM-offstatetotheM0orM3state.Duringthistime,

thesystemwillnotrespondtoanyIntelMEcommands.

WhentheIntelMEisintheM0orM3state,thesystem

willrespondtoIntelMEcommands.

IdleTimeout

UsedtoenabletheIntelMEtowakeupanddenethe

IntelMEidletimeoutintheM3state.Theidletimeout

valueindicatestheamountoftimethattheIntelMEis

allowedtoremainidleintheM3statebeforetransitioning

totheM-offstate.Theidletimeoutvalueshouldbe

enteredinminutes.

Note:IftheIntelMEisintheM0state,itwillnottransition

totheM-offstate.

Intel(R)AMTConguration

TheIntel(R)AMTCongurationmenuenablesyoutocongureanIntelAMTcapablecomputertosupport

theIntelAMTmanagementfeatures.

SelectIntel(R)AMTCongurationfromtheIntelMEBxMAINMENUwindowandpressEnter.Amessage

willbedisplayedindicatingthatyoucanupdatenetworksettingsfromtheIntel(R)MEGeneralSettings

menu.PressEnterandtheINTEL(R)AMTCONFIGURATIONwindowopens(Figure4).

1.M-off:AnIntelMEFWpowerstatewhentheIntelMEFWisshutdown.

2.M0:AnIntelMEFWpowerstatewhentheIntelAMTcomputeristurnedonandoperational.

3.M3:AnIntelMEFWpowerstatewhentheIntelAMTcomputerisinsleepmode,hibernationmode,orturnedoff.

Chapter4.IntelAMTsetupandcongurationonLenovoThinkCentreM91pdesktopcomputers11

Figure4.INTEL(R)AMTCONFIGURATIONwindow

ThefollowingoptionsarelistedintheINTEL(R)AMTCONFIGURATIONwindow:

•“ManageabilityFeatureSelection”onpage12

•“SOL/IDER/KVM”onpage12

•“UserConsent”onpage13

•“PasswordPolicy”onpage14

•“NetworkSetup”onpage14

•“ActivateNetworkAccess”onpage16

•“UncongureNetworkAccess”onpage16

•“RemoteSetupAndConguration”onpage17

ManageabilityFeatureSelection

TheManageabilityFeatureSelectionoptionisusedtoenableordisabletheIntelMEmanageability

feature.ThedefaultsettingisENABLED.

Note:IfyoudisabletheManageabilityFeatureSelectionfunction,allthenetworksettingsincludingACLs

willberesettofactorydefaultsettings.

SOL/IDER/KVM

SelectSOL/IDER/KVMintheINTEL(R)AMTCONFIGURATIONwindowandpressEnter.TheSOL/IDER/KVM

windowopens.Thefollowingoptionswillbedisplayed.

Option

Description

Username&Password

Usedtoenableordisabletheusernameandpassword

fortheSOL/IDERsession.IftheKerberosnetwork

authenticationprotocolisused,thisoptionshouldbe

settoDISABLEDbecausetheuserauthenticationis

managedthroughKerberos.IftheKerberosnetwork

authenticationprotocolisnotused,theITadministrator

canchoosetoenableordisabletheusernameand

passwordfortheSOL/IDERsession.

12ThinkCentreM91pIntelActiveManagementTechnologyCongurationGuide

Page is loading ...

Lenovo ThinkCentre M91p Configuration manual

Brand: Lenovo

Model: ThinkCentre M91p

Category: PC/workstation barebones

Type: Configuration manual

Download PDF

report

Lenovo ThinkCentre M91p Configuration manual

Lenovo ThinkCentre M91p Configuration manual

Related papers

Other documents