AMD Device Management Portal (ADMP)

Prerequisites

• .NET Hosting Bundle (any version from 8.0 series)
  • Navigate to https://dotnet.microsoft.com/en-us/download/dotnet/8.0, then select the latest version and download the Hosting Bundle from the ASP.NET Core Runtime section.
• PostgreSQL (Version 16 is recommended)
  • Download and install from https://www.enterprisedb.com/downloads/postgres-postgresql-downloads

Configure PostgreSQL

1. Generate SSL Certificates which is required for database creation by using below commands using openssl

   Generate CA Key and Certificate

   # Generate CA key and cert  
   openssl genrsa -out ca.key 4096  
   openssl req -x509 -new -nodes -key ca.key -sha256 -days 3650 -out ca.crt -subj "/CN=ADMPRootCA"

   Create a file server_san.cnf with below commands and keep it in a folder where you generating these certificates.Replace {server name}and {server ip} with actual hostname and ip of your admp server machine.

   subjectAltName = @alt_names 
   [alt_names] 
   DNS.1 = {server name}
   IP.1 = {server ip}

   Generate Server Key and Certificate

   # Server key and cert  
   openssl genrsa -out server.key 2048
   openssl genrsa -out admpkey.key 2048  
   openssl req -new -key server.key -out server.csr -subj "/CN=your_server_name"
   openssl req -new -key admpkey.key -out admpcert.csr -subj "/CN=your_server_name" 
   openssl x509 -req -in server.csr -CA ca.crt -CAkey ca.key -CAcreateserial -out server.crt -days 365 -sha256 -extfile server_san.cnf
   openssl x509 -req -in admpcert.csr -CA ca.crt -CAkey ca.key -CAcreateserial -out admpcert.crt -days 365 -sha256 -extfile server_san.cnf

   Note: Replace your_server_name with your actual server name or hostname of admp server.

   Generate Client Key and Certificate

   # Client key and cert  
   openssl genrsa -out client.key 2048  
   openssl req -new -key client.key -out client.csr -subj "/CN=your_user"  
   openssl x509 -req -in client.csr -CA ca.crt -CAkey ca.key -CAcreateserial -out client.crt -days 365

   Note: Replace your_user with the appropriate client identifier.It could be any name.

2. Add the following location to your system's PATH environment variable:

   C:\Program Files\PostgreSQL\16\bin

3. Update the pg_hba.conf file (located at C:\Program Files\PostgreSQL\16\data\pg_hba.conf):

   hostssl all all 0.0.0.0/0 cert clientcert=verify-full  
     
   # IPv4 local connections:  
   host all all 127.0.0.1/32 scram-sha-256  
     
   # IPv6 local connections:  
   host all all ::1/128 scram-sha-256

   In the above lines, change scram-sha-256 to trust and add line hostssl, then save the file.

4. Secure Certificate key Permissions

   Remove inheritance and existing permissions and Grant full control to Administrator

   Note: All commands listed below must be executed in an administrator command prompt on the ADMP hosted server after the Create Database from the application.

   icacls "C:\\Program Files\\AMD\\ADMP\\SSLCerts\\server.key" /inheritance:r  
   icacls "C:\\Program Files\\AMD\\ADMP\\SSLCerts\\server.key" /remove:g Users Everyone 
   icacls "C:\Program Files\AMD\ADMP\SSLCerts\server.key" /grant Administrator:F /grant "NT AUTHORITY\NetworkService:R" /grant "NT AUTHORITY\SYSTEM:R"
   
   icacls "C:\\Program Files\\AMD\\ADMP\\SSLCerts\\client.key" /inheritance:r  
   icacls "C:\\Program Files\\AMD\\ADMP\\SSLCerts\\client.key" /remove:g Users Everyone 
   icacls "C:\Program Files\AMD\ADMP\SSLCerts\client.key" /grant Administrator:F /grant "NT AUTHORITY\NetworkService:R" /grant "NT AUTHORITY\SYSTEM:R"
   

5. Update the postgresql.conf file (located at C:\Program Files\PostgreSQL\16\data\postgresql.conf):

   ssl = on
   ssl_ca_file = 'C:\\Program Files\\AMD\\ADMP\\SSLCerts\\ca.crt'  
   ssl_cert_file = 'C:\\Program Files\\AMD\\ADMP\\SSLCerts\\server.crt' 
   ssl_key_file = 'C:\\Program Files\\AMD\\ADMP\\SSLCerts\\server.key'

6. Execute the following command from the command line:

   psql -U postgres -c "ALTER USER postgres WITH PASSWORD 'postgrespassword';"

   Note: 'postgrespassword' is just a placeholder. Users should choose their own secure password.

Installation

The AMD Device Management Portal{version}.exe package contains the following software:

• NGINX
• AMA
• KVM Viewer

To install AMD Device Management Portal-2.0.0.{buildnumber}.exe, double-click the file and follow the on-screen instructions.

Configure NGINX

1. Replace _ with hostname of the installed machine in C:\Program Files\nginx\conf\amd-manageability.conf:

   server_name _;

2. Add the following line inside the HTTP tag in C:\Program Files\nginx\conf\nginx.conf and ensure that the amd-manageability.conf path is properly mapped:

   include "C:/Program Files/nginx/conf/amd-manageability.conf";

3. Add the maximum file upload size, NGINX timeout settings, and hide the server version by adding these lines inside the HTTP tag in C:\Program Files\nginx\conf\nginx.conf:

   client_max_body_size 15028M;  
   server_tokens off;  
   proxy_read_timeout 5d; # set nginx timeout to 5 days, because of long running tasks  
   proxy_connect_timeout 5d; # set nginx timeout to 5 days, because of long running tasks  
   proxy_send_timeout 5d; # set nginx timeout to 5 days, because of long running tasks

Configure HTTPS

1. Take self-signed certificates (admpcert.crt, admpkey.key) from Configure PostgreSQL section.

2. Create a folder named ssl in C:\Program Files\nginx\.

3. Copy the certificates (admpcert.crt, admpkey.key) to C:\Program Files\nginx\ssl\.

4. Update the following lines inside the server tag in amd-manageability.conf:

   ssl_certificate "C:/Program Files/nginx/ssl/admpcert.crt";  
   ssl_certificate_key "C:/Program Files/nginx/ssl/admpkey.key";

Note: The NGINX path may vary based on your installation.

Run nginx.exe in Administrator mode to start the NGINX server (located at C:\Program Files\nginx\).

For more configuration options, refer to NGINX's official documentation: https://nginx.org/en/docs/http/configuring_https_servers.html

Completion

Navigate to https://<your-hostname> in your browser and complete the database configuration.