AMD Device Management Portal (ADMP)

Upgrade Instructions

Note: To upgrade to the latest build of the AMD Device Management Portal, follow these steps:

1. Run the installer:
   Launch the installer package named AMD Device Management Portal-2.1.0.{buildnumber}.exe.
2. Follow the on-screen instructions:
   The installer will guide you through the upgrade process.
3. Access the portal:
   Once installation is complete, open your browser and navigate to the portal.

Prerequisites

• .NET Hosting Bundle (any version from 8.0 series)
  • Navigate to https://dotnet.microsoft.com/en-us/download/dotnet/8.0, then select the latest version and download the Hosting Bundle from the ASP.NET Core Runtime section.
• PostgreSQL (Version 16 is recommended)
  • Download and install from postgresql Website
• SQL Server 2022 Express and SQL Server 2022(Download and install based on need) -- Choose Custom installation from installer
  • Download and install from Microsoft Website

  ADMP currently supports only the default port 1433. During installation, if the setup prompts for a port selection, please ensure that 1433is chosen as the default.

Configure PostgreSQL

1. Generate SSL Certificates which is required for database creation by using below commands using openssl

   Generate CA Key and Certificate

   # Generate CA key and cert  
   openssl genrsa -out CA.key 4096  
   openssl req -x509 -new -nodes -key CA.key -sha256 -days 3650 -out CA.crt -subj "/CN=ADMPRootCA"

   Create a file server_san.cnf with below commands and keep it in a folder where you generating these certificates.Replace {server name}and {server ip} with actual hostname and ip of your admp server machine.

   subjectAltName = @alt_names 
   [alt_names] 
   DNS.1 = {server name}
   IP.1 = {server ip}

   Generate Server Key and Certificate

   # Server key and cert  
   openssl genrsa -out server.key 2048
   openssl genrsa -out admpkey.key 2048  
   openssl req -new -key server.key -out server.csr -subj "/CN=your_server_name"
   openssl req -new -key admpkey.key -out admpcert.csr -subj "/CN=your_server_name" 
   openssl x509 -req -in server.csr -CA CA.crt -CAkey CA.key -CAcreateserial -out server.crt -days 365 -sha256 -extfile server_san.cnf
   openssl x509 -req -in admpcert.csr -CA CA.crt -CAkey CA.key -CAcreateserial -out admpcert.crt -days 365 -sha256 -extfile server_san.cnf

   Note: Replace your_server_name with your actual server name or hostname of admp server.

   Generate Client Key and Certificate

   # Client key and cert  
   openssl genrsa -out client.key 2048  
   openssl req -new -key client.key -out client.csr -subj "/CN=your_user"  
   openssl x509 -req -in client.csr -CA CA.crt -CAkey CA.key -CAcreateserial -out client.crt -days 365

   Note: Replace your_user with the appropriate client identifier.It could be any name.

2. Add the following location to your system's PATH environment variable:

   C:\Program Files\PostgreSQL\16\bin

3. Update the pg_hba.conf file (located at C:\Program Files\PostgreSQL\16\data\pg_hba.conf):

   hostssl all all 0.0.0.0/0 cert clientcert=verify-full  
     
   # IPv4 local connections:  
   host all all 127.0.0.1/32 scram-sha-256  
     
   # IPv6 local connections:  
   host all all ::1/128 scram-sha-256

   In the above lines, change scram-sha-256 to trust and add line hostssl, then save the file.

4. Update the postgresql.conf file (located at C:\Program Files\PostgreSQL\16\data\postgresql.conf):

   Note: The certificates mentioned in this path will be copied automatically during database creation.Users are not advised to copy the certificates manually.

   ssl = on
   ssl_ca_file = 'C:\\Program Files\\AMD\\ADMP\\SSLCerts\\CA.crt'  
   ssl_cert_file = 'C:\\Program Files\\AMD\\ADMP\\SSLCerts\\server.crt' 
   ssl_key_file = 'C:\\Program Files\\AMD\\ADMP\\SSLCerts\\server.key'

5. Execute the following command from the command line:

   psql -U postgres -c "ALTER USER postgres WITH PASSWORD 'postgrespassword';"

   Note: 'postgrespassword' is just a placeholder. Users should choose their own secure password.

Configure MSSQL

Set permission to create MSSQL database for ADMP service

Run the following commands in Command Prompt (Admin mode with heigher previlege) for local SQLEXPRESS configuration:

sqlcmd -S localhost\SQLEXPRESS -Q "CREATE LOGIN [NT AUTHORITY\SYSTEM] FROM WINDOWS;"
sqlcmd -S localhost\SQLEXPRESS -Q "ALTER SERVER ROLE [sysadmin] ADD MEMBER [NT AUTHORITY\SYSTEM];"

Follow below steps to configure SQLSEVER

Install SQLSERVER with SQL Server Authentication before proceed further(While configuring please ensure SQL Server and Windows Authentication mode is selected and provide password)

Run the following commands in Command Prompt (Admin mode with heigher previlege) for SQLSERVER configuration:

sqlcmd -S localhost -Q "CREATE LOGIN [NT AUTHORITY\SYSTEM] FROM WINDOWS;"
sqlcmd -S localhost -Q "ALTER SERVER ROLE [sysadmin] ADD MEMBER [NT AUTHORITY\SYSTEM];"

Installation

The AMD Device Management Portal{version}.exe package contains the following software:

• NGINX
• AMA
• KVM Viewer

To install AMD Device Management Portal-2.0.0.{buildnumber}.exe, double-click the file and follow the on-screen instructions.

Configure NGINX

1. Replace _ with hostname of the installed machine in C:\Program Files\nginx\conf\amd-manageability.conf:

   server_name _;

2. Add the following line inside the HTTP tag in C:\Program Files\nginx\conf\nginx.conf and ensure that the amd-manageability.conf path is properly mapped:

   include "C:/Program Files/nginx/conf/amd-manageability.conf";

3. Add the maximum file upload size, NGINX timeout settings, and hide the server version by adding these lines inside the HTTP tag in C:\Program Files\nginx\conf\nginx.conf:

   client_max_body_size 15028M;  
   server_tokens off;  
   proxy_read_timeout 5d; # set nginx timeout to 5 days, because of long running tasks  
   proxy_connect_timeout 5d; # set nginx timeout to 5 days, because of long running tasks  
   proxy_send_timeout 5d; # set nginx timeout to 5 days, because of long running tasks

Configure HTTPS

1. Take self-signed certificates (admpcert.crt, admpkey.key) from Configure PostgreSQL section.

2. Create a folder named ssl in C:\Program Files\nginx\.

3. Copy the certificates (admpcert.crt, admpkey.key) to C:\Program Files\nginx\ssl\.

4. Update the following lines inside the server tag in amd-manageability.conf:

   ssl_certificate "C:/Program Files/nginx/ssl/admpcert.crt";  
   ssl_certificate_key "C:/Program Files/nginx/ssl/admpkey.key";

Note: The NGINX path may vary based on your installation.

Run nginx.exe in Administrator mode to start the NGINX server (located at C:\Program Files\nginx\).

For more configuration options, refer to NGINX's official documentation: https://nginx.org/en/docs/http/configuring_https_servers.html

Completion

Navigate to https://<your-hostname> in your browser and complete the database configuration.

Secure Certificate key Permissions

Remove inheritance and existing permissions and Grant full control to Administrator

Note: All commands listed below must be executed in an administrator command prompt on the ADMP hosted server after the Create Database from the application.

icacls "C:\\Program Files\\AMD\\ADMP\\SSLCerts\\server.key" /inheritance:r  
icacls "C:\\Program Files\\AMD\\ADMP\\SSLCerts\\server.key" /remove:g Users Everyone 
icacls "C:\Program Files\AMD\ADMP\SSLCerts\server.key" /grant Administrator:F /grant "NT AUTHORITY\NetworkService:R" /grant "NT AUTHORITY\SYSTEM:R"


icacls "C:\\Program Files\\AMD\\ADMP\\SSLCerts\\client.key" /inheritance:r  
icacls "C:\\Program Files\\AMD\\ADMP\\SSLCerts\\client.key" /remove:g Users Everyone 
icacls "C:\Program Files\AMD\ADMP\SSLCerts\client.key" /grant Administrator:F /grant "NT AUTHORITY\NetworkService:R" /grant "NT AUTHORITY\SYSTEM:R"