Power on the Intel NUC. Press CTRL+P at the splash screen to enter MEBx BIOS.

Change the default password. The default password is "admin". The new password has the comply with the following policies:

• At least 8 characters.
• At least one digit character (eg. 0, 1, … 9).
• At least one non-alpha-numeric character (e.g. !, $, ;) excluding colon, comma or quotes.
• At least one lower-case letter (a, b, c, d...).
• At least one upper case letter (A, B, C, D,...).
• At least 8 characters

The AMT system uses DHCP to configure an IP Address.

If you do not have a DHCP server you can configure a static IP within Intel AMT Configuration > Network Setup > TCP/IP Settings.

An then enable the Activate Network Access indicator.

Now the Web interface is available at port 16992, use a browser with the URL to connect to the interface:

http://IP:16992/

The user is "admin". Log in once to verify that it is available and properly configured.

To connect via VNC it is necessary to use a VNC viewer that supports Intel AMT KVM mode as VNC Viewer Plus. Don't use TLS encryption to establish the connection.

Enable the "Display Emulation" option with the value "Headless displya emulation" on the BIOS to allow the video output for the VNC connection.

1. Press "F2" on init screen
2. Go to Advanced option menu
3. Go to Devices option menu
4. Select "Headless display emulation"

Finally select the key "F10" to "Save and Exit".

By default the UEFI BIOS is active at the system. In order to allow an installation from a non UEFI Bootable disk, change to Legacy BIOS at Setup.

Enter to the BIOS panel configuration by click on Setup option on the top of the right when the server power on.

Donwload the ISO of the CentOS ISO latest minimal version and create a USB disk bootable with the image downloaded. Insert the USB on the machine and Power On.

For a 1TB disk we propose this configuration

Configure the network settings with nmtui utility.

IP: 192.168.9.170/20
Gateway: 192.168.10.251
DNS: 192.168.10.10
     8.8.8.8
     208.67.222.222

hostnamectl set-hostname nuc01

Choose the hostname for the machine (nuc01).

Upgrade to the last version the installed packages using the instruccion:

yum upgrade

When we install a distribution it includes a certain version of the Linux kernel. To show the current version installed on our system we can do:

uname -sr

To enable the ELRepo repository on CentOS 7, do:

rpm --import https://www.elrepo.org/RPM-GPG-KEY-elrepo.org
rpm -Uvh http://www.elrepo.org/elrepo-release-7.0-3.el7.elrepo.noarch.rpm

Once the repository has been enabled, you can use the following command to list the available kernel.related packages:

yum --disablerepo="*" --enablerepo="elrepo-kernel" list available

Next, install the latest mainline stable kernel:

yum --enablerepo=elrepo-kernel install kernel-ml

Finally, reboot your machine to apply the latest kernel, and then select latest kernel from the menu as shown.

Login as root, and run following command to check the kernel version:

uname -sr

To make the newly-installed version the default boot option, you will have to modify the GRUB configuration as follows:

Open and edit the file /etc/default/grub and set GRUB_DEFAULT=0. This means that the first kernel in the GRUB initial screen will be used as default.

GRUB_TIMEOUT=5
GRUB_DEFAULT=0
GRUB_DISABLE_SUBMENU=true
GRUB_TERMINAL_OUTPUT="console"
GRUB_CMDLINE_LINUX="rd.lvm.lv=centos/root rd.lvm.lv=centos/swap crashkernel=auto rhgb quiet"
GRUB_DISABLE_RECOVERY="true"

Next, run the following command to recreate the kernel configuration.

grub2-mkconfig -o /boot/grub2/grub.cfg

Search for the old kernel (the output can be different depending the source installation)

rpm -qa | grep kernel

kernel-ml-4.18.11-1.el7.elrepo.x86_64
kernel-tools-libs-3.10.0-862.14.4.el7.x86_64
kernel-3.10.0-862.14.4.el7.x86_64
kernel-tools-3.10.0-862.14.4.el7.x86_64

and remove the packages for the old version as for example

yum remove kernel-3.10.0-862.el7.x86_64

yum remove kernel-3.10.0-862.14.4.el7.x86_64

yum remove kernel-tools.x86_64

yum remove kernel-tools-libs.x86_64

We recommend disable the Firewall and Selinux in order to make easy the configuration of services. This option must be adapted to the security requirements of your environment.

To disable Firewall type:

systemctl disable firewalld

systemctl stop firewalld

To disable Selinux edit the file /etc/selinux/config and modify the SELINUX attribute with the value disable:

# This file controls the state of SELinux on the system.
# SELINUX= can take one of these three values:
#     enforcing - SELinux security policy is enforced.
#     permissive - SELinux prints warnings instead of enforcing.
#     disabled - No SELinux policy is loaded.
SELINUX=disabled

To enable the standard VNC connection you can install the package wsmancli. There is more information in this site Intel AMT on Linux for remote control/fencing and here How to remotely access Intel AMT KVM from Linux desktop

yum install wsmancli

You can use the following shell to activate the VNC access via vPro. Modify the

• [AMT_IP_ADDRESS]: The IP of the AMT service configured on the previous section.
• [AMT_PASSWORD]: The password for "admin" user of the AMT service configured on the previous section.

For the VNC connection we propose the password 'P*ssw0rd', 'P@ssw0rd' or 'In9tel@p', you can use another one but there are requirements that must have the key, as for example a 8 character long, mixcase, must contains numbers and at least one special symbol.

Copy this shell in another server (not on the NUC) with connection to the NUC via ethernet using the IP [AMT_IP_ADDRESS] in order to activate the service.

#!/bin/bash
# Name: nuc_kvm_vpro.sh
# Purpose : Control remote server/laptop/desktop using KVM and VNC client
# Deister,S.A.
# ----------------------------------------------------------------------
#
# sudo dnf install wsmancli
#
xIP='[AMT_IP_ADDRESS]'
xPASSWORD='[AMT_PASSWORD]'
xVNC_PWD='P*ssw0rd' # random but must be 8 character long
xVNC_PORT='5900'
wsman put http://intel.com/wbem/wscim/1/ips-schema/1/IPS_KVMRedirectionSettingData -h $xIP -P 16992 -u admin -p ${xPASSWORD} -k RFBPassword=${xVNC_PWD}
wsman put http://intel.com/wbem/wscim/1/ips-schema/1/IPS_KVMRedirectionSettingData -h $xIP -P 16992 -u admin -p ${xPASSWORD} -k Is5900PortEnabled=true
wsman put http://intel.com/wbem/wscim/1/ips-schema/1/IPS_KVMRedirectionSettingData -h $xIP -P 16992 -u admin -p ${xPASSWORD} -k OptInPolicy=false
wsman put http://intel.com/wbem/wscim/1/ips-schema/1/IPS_KVMRedirectionSettingData -h $xIP -P 16992 -u admin -p ${xPASSWORD} -k SessionTimeout=0
wsman invoke -a RequestStateChange http://schemas.dmtf.org/wbem/wscim/1/cim-schema/2/CIM_KVMRedirectionSAP -h ${xIP} -P 16992 -u admin -p ${xPASSWORD} -k RequestedState=2
echo "Open Linux vnc client. Use \"$xIP:$xVNC_PORT\" as host and when promoted enter \"$xVNC_PWD\" as password"

# yum install gcc

This section will demonstrate how to setting Up NTP (Network Time Protocol) Server in RHEL/CentOS 7.

Before anything else, you need to assign the correct time zone.

To get the current configuration

timedatectl

To get the list of all the available time zones:

timedatectl list-timezones

To set your time zone you can use command below: (e.g. Madrid)

timedatectl set-timezone Europe/Madrid

You can install and configure NTP server on CentOS/RHEL 7 and automatically synchronize time with the closest geographically peers available for your server location by using NTP Public Pool Time Servers list.

NTP server package is provided by default from official CentOS /RHEL 7 repositories and can be installed by issuing the following command.

yum install ntp

The NTP configuration is in the /etc/ntp.conf file.

If you've configured the firewall you must allow UDP traffic for the NTP service in order to communicate with the NTP pool

firewall-cmd --add-service=ntp --permanent

firewall-cmd --reload

Once the installation completes, start the service and configure it so it starts automatically each time the server boots. Use the following commands to manage the service.

systemctl start ntpd

systemctl enable ntpd

systemctl status ntpd

After NTP daemon has been started, wait a few minutes for the server to synchronize time with its pool list servers, then run the following commands to verify NTP peers synchronization status and your system time.

ntpq -p

date -R

[informix@nuc00 data]$ cat /proc/cpuinfo
processor	: 0
vendor_id	: GenuineIntel
cpu family	: 6
model		: 142
model name	: Intel(R) Core(TM) i7-8650U CPU @ 1.90GHz
stepping	: 10
microcode	: 0x96
cpu MHz		: 1000.012
cache size	: 8192 KB
physical id	: 0
siblings	: 8
core id		: 0
cpu cores	: 4
apicid		: 0
initial apicid	: 0
fpu		: yes
fpu_exception	: yes
cpuid level	: 22
wp		: yes
flags		: fpu vme de pse tsc msr pae mce cx8 apic sep mtrr pge mca cmov pat pse36 clflush dts acpi mmx fxsr sse sse2 ss ht tm pbe syscall nx pdpe1gb rdtscp lm constant_tsc art arch_perfmon pebs bts rep_good nopl xtopology nonstop_tsc aperfmperf eagerfpu pni pclmulqdq dtes64 monitor ds_cpl vmx smx est tm2 ssse3 sdbg fma cx16 xtpr pdcm pcid sse4_1 sse4_2 x2apic movbe popcnt tsc_deadline_timer aes xsave avx f16c rdrand lahf_lm abm 3dnowprefetch epb intel_pt tpr_shadow vnmi flexpriority ept vpid fsgsbase tsc_adjust bmi1 hle avx2 smep bmi2 erms invpcid rtm mpx rdseed adx smap clflushopt xsaveopt xsavec xgetbv1 ibpb ibrs stibp dtherm ida arat pln pts hwp hwp_notify hwp_act_window hwp_epp spec_ctrl intel_stibp
bogomips	: 4224.00
clflush size	: 64
cache_alignment	: 64
address sizes	: 39 bits physical, 48 bits virtual
power management: