I’m new to the selfhosted/homelab space and eyeing a used Dell Optiplex Micro system to experiment with. The unit has an i5-8500T and appears to support Intel vPro/AMT for remote management and KVM. This is interesting to me as I may not want to have a monitor and peripherals permanently connected. After substantial searching, most of the documentation and discussions on this topic are aimed at people with a deeper background. I believe I can figure out how to set it up, but I couldn’t find straightforward answers to these security questions:
-I only want to use this for KVM while at my home. It seems like a security risk if this functionality works over the internet rather than just LAN. Is this actually the case, and if so, can it be set to LAN-only?
-Since the machine had a prior owner, is it advisable to reset the BIOS or somehow clear out potential vPro settings from the previous user?
I would never open those types of services to the Internet. Wrap it in a VPN first yeah?
I have this exact model machine as a web app server running Proxmox btw. Works great. I did need to get a genuine power supply for it as it refused to run above 800MHz with a generic!
So I have a 3-node cluster of optiplex 5060 micros with i5-6800. I have AMT enabled on a different VLAN from the hypervisor I have running and it works great for remote management. One thing to keep in mind that for the KVM access to continue to work, I had to add an HDMI dummy plugs to keep the display working after reboots. All of the other functions associated with AMT worked after reboots.
For your other questions: ATM would only be accessible from the network you have it running on without any firewall rules/port forwarding/NAT
Yes reset it to factory. Turn ATM off and reset it.
I use MeshCentral running on Debian on a small VM and then I access MeshCentral through the Web UI. If you have any Raspberry Pi’s laying around that aren’t being used, it would be a great candidate for that type of setup.
You are not logged in. However you can subscribe from another Fediverse account, for example Lemmy or Mastodon. To do this, paste the following into the search field of your instance: !selfhosted@lemmy.world
A place to share alternatives to popular online services that can be self-hosted without giving up privacy or locking you into a service you don’t control.
Rules:
Be civil: we’re here to support and learn from one another. Insults won’t be tolerated. Flame wars are frowned upon.
No spam posting.
Posts have to be centered around self-hosting. There are other communities for discussing hardware or home computing. If it’s not obvious why your post topic revolves around selfhosting, please include details to make it clear.
Don’t duplicate the full text of your blog or github here. Just post the link for folks to click.
Submission headline should match the article title (don’t cherry-pick information from the title to fit your agenda).
I would never open those types of services to the Internet. Wrap it in a VPN first yeah?
I have this exact model machine as a web app server running Proxmox btw. Works great. I did need to get a genuine power supply for it as it refused to run above 800MHz with a generic!
Glad to hear it’s working for your use case! I’ve seen lots of positive feedback about these Optiplex Micro’s.
So I have a 3-node cluster of optiplex 5060 micros with i5-6800. I have AMT enabled on a different VLAN from the hypervisor I have running and it works great for remote management. One thing to keep in mind that for the KVM access to continue to work, I had to add an HDMI dummy plugs to keep the display working after reboots. All of the other functions associated with AMT worked after reboots.
For your other questions: ATM would only be accessible from the network you have it running on without any firewall rules/port forwarding/NAT
Yes reset it to factory. Turn ATM off and reset it.
What software do you use to access the AMT machines?
I use MeshCentral running on Debian on a small VM and then I access MeshCentral through the Web UI. If you have any Raspberry Pi’s laying around that aren’t being used, it would be a great candidate for that type of setup.
Thank ye much.
If it runs on a pi I can probably make a small VM for it without over angering the VMware HA capacity alarm.
Thanks for the tips - I can manage a dummy plug if required. Glad to hear AMT would be local-only unless I take additional steps.
Acronyms, initialisms, abbreviations, contractions, and other phrases which expand to something larger, that I’ve seen in this thread:
4 acronyms in this thread; the most compressed thread commented on today has 7 acronyms.
[Thread #59 for this sub, first seen 17th Aug 2023, 22:55] [FAQ] [Full list] [Contact] [Source code]