I’m new to the selfhosted/homelab space and eyeing a used Dell Optiplex Micro system to experiment with. The unit has an i5-8500T and appears to support Intel vPro/AMT for remote management and KVM. This is interesting to me as I may not want to have a monitor and peripherals permanently connected. After substantial searching, most of the documentation and discussions on this topic are aimed at people with a deeper background. I believe I can figure out how to set it up, but I couldn’t find straightforward answers to these security questions:

-I only want to use this for KVM while at my home. It seems like a security risk if this functionality works over the internet rather than just LAN. Is this actually the case, and if so, can it be set to LAN-only?

-Since the machine had a prior owner, is it advisable to reset the BIOS or somehow clear out potential vPro settings from the previous user?

Thanks for any help you can offer!

  • joshuarupp
    link
    fedilink
    51 year ago

    So I have a 3-node cluster of optiplex 5060 micros with i5-6800. I have AMT enabled on a different VLAN from the hypervisor I have running and it works great for remote management. One thing to keep in mind that for the KVM access to continue to work, I had to add an HDMI dummy plugs to keep the display working after reboots. All of the other functions associated with AMT worked after reboots.

    For your other questions: ATM would only be accessible from the network you have it running on without any firewall rules/port forwarding/NAT

    Yes reset it to factory. Turn ATM off and reset it.

    • @AstronomikOP
      link
      English
      21 year ago

      Thanks for the tips - I can manage a dummy plug if required. Glad to hear AMT would be local-only unless I take additional steps.

    • @computergeek125
      link
      English
      11 year ago

      What software do you use to access the AMT machines?

      • joshuarupp
        link
        fedilink
        3
        edit-2
        1 year ago

        I use MeshCentral running on Debian on a small VM and then I access MeshCentral through the Web UI. If you have any Raspberry Pi’s laying around that aren’t being used, it would be a great candidate for that type of setup.

        • @computergeek125
          link
          English
          21 year ago

          Thank ye much.

          If it runs on a pi I can probably make a small VM for it without over angering the VMware HA capacity alarm.

  • @[email protected]
    link
    fedilink
    English
    31 year ago

    I would never open those types of services to the Internet. Wrap it in a VPN first yeah?

    I have this exact model machine as a web app server running Proxmox btw. Works great. I did need to get a genuine power supply for it as it refused to run above 800MHz with a generic!

    • @AstronomikOP
      link
      English
      21 year ago

      Glad to hear it’s working for your use case! I’ve seen lots of positive feedback about these Optiplex Micro’s.

  • @[email protected]B
    link
    fedilink
    English
    2
    edit-2
    1 year ago

    Acronyms, initialisms, abbreviations, contractions, and other phrases which expand to something larger, that I’ve seen in this thread:

    Fewer Letters More Letters
    HA Home Assistant automation software
    ~ High Availability
    NAT Network Address Translation
    SSD Solid State Drive mass storage
    VPN Virtual Private Network

    4 acronyms in this thread; the most compressed thread commented on today has 7 acronyms.

    [Thread #59 for this sub, first seen 17th Aug 2023, 22:55] [FAQ] [Full list] [Contact] [Source code]