Remote Configuration: Bare-Metal Vs. Delayed; Remote Configuration Time-Outs In Hp Systems - HP dc7900 - Convertible Minitower PC Setup And Configuration Manual

One or more hash root certificates are embedded into the AMT firmware. These certificates are integrated
into the Hello messages sent by the AMT system to the SCS. The SCS must have compatible certificates to
authenticate the AMT system.
A self signed certificate can be generated to create a secure connection between the AMT system and the
SCS. This certificate is used for encryption, not authentication. The SCS will use the public key from the
self signed certificate to encrypt the session key it generates and sends it to the AMT system. The AMT sys-
tem can decrypt SCS session key with its private key.
The One-Time Password (OTP) is created during provisioning. This password is used with the remote con-
sole to initiate RCFG and it is sent to both the AMT system and the SCS. This password is used to improve
security.
The network interface used to send out Hello messages is functional for a limited amount of time. The
amount of time is configurable by the OEM.

Remote Configuration: Bare-Metal vs. Delayed

There are two ways to implement Remote Configuration: Bare-Metal and Delayed.
Bare-Metal, as the name implies, is remote configuration of the AMT system without an operating system;
in other words, only the hardware. In this implementation, Setup and Configuration is started (Hello mes-
sage broadcast) as soon as the ME is active and the system is connected to a network. This means that
the AMT system is configured without the use of a local agent and does not use One Time Password (OTP)
authentication.
Delayed, as the name implies, is remote configuration at a later time when an operating system has been
installed on the AMT system. In this implementation, Setup and Configuration is started when a remote
console application initiates the process by communicating with the ME through the HECI driver. This
requires a functional OS and agent to be installed on the AMT system. OTP authentication can be used; it
is optional. The remote console provides the OTP to the AMT system and to the SCS.
Consult your ISV management console provider for details on operating system agents for Delayed remote
configuration support.

Remote Configuration Time-outs in HP Systems

The HP Compaq dc7900 Business PCs are shipped out of the factory in Bare-Metal mode with the ME set
to broadcast Hello messages for 255 hours when the ME is active and the system is connected to a net-
work.
If no SCS responds to the Hello messages within the time-out period, then the network interface that sends
out the Hello messages will be disabled.
The network interface can be re-enabled to send out Hello messages again by the following methods:
•
Restarted by a local agent.
•
Partial Unprovisioning through the MEBx.
Once the network interface has been re-enabled it will send out Hello messages for the next 6 hours as
long as the ME is active and the system is connected to a network.
27