I’m new to the selfhosted/homelab space and eyeing a used Dell Optiplex Micro system to experiment with. The unit has an i5-8500T and appears to support Intel vPro/AMT for remote management and KVM. This is interesting to me as I may not want to have a monitor and peripherals permanently connected. After substantial searching, most of the documentation and discussions on this topic are aimed at people with a deeper background. I believe I can figure out how to set it up, but I couldn’t find straightforward answers to these security questions:

-I only want to use this for KVM while at my home. It seems like a security risk if this functionality works over the internet rather than just LAN. Is this actually the case, and if so, can it be set to LAN-only?

-Since the machine had a prior owner, is it advisable to reset the BIOS or somehow clear out potential vPro settings from the previous user?

Thanks for any help you can offer!

  • restlessyet@discuss.tchncs.deEnglish
    1·
    1 year ago

    Disclaimer: I did not yet have access to an AMT setup, but answering based on common sense:

    • Like most KVM options, it is most likely LAN only. Unless you do some port forwarding on your router, it should not be possible to access it outside of your LAN.

    • Yes, always factory reset sensitive settings on a second hand machine first.

  • ThorrJo@lemmy.sdf.orgEnglish
    1·
    1 year ago

    I would never open those types of services to the Internet. Wrap it in a VPN first yeah?

    I have this exact model machine as a web app server running Proxmox btw. Works great. I did need to get a genuine power supply for it as it refused to run above 800MHz with a generic!

  • joshuarupp@artemis.camp
    1·
    1 year ago

    So I have a 3-node cluster of optiplex 5060 micros with i5-6800. I have AMT enabled on a different VLAN from the hypervisor I have running and it works great for remote management. One thing to keep in mind that for the KVM access to continue to work, I had to add an HDMI dummy plugs to keep the display working after reboots. All of the other functions associated with AMT worked after reboots.

    For your other questions: ATM would only be accessible from the network you have it running on without any firewall rules/port forwarding/NAT

    Yes reset it to factory. Turn ATM off and reset it.