Auxiliary Profiles: Remote Access Policies Page - Symantec ALTIRIS OUT OF BAND MANAGEMENT COMPONENT 7.0 SP3 - V1.0 Manual

26 About Out of Band Management Component pages

Auxiliary profiles: Remote Access Policies page

Auxiliary profiles: Remote Access Policies page

Options on the Add Management Presence Server dialog box
Table 2-3
(continued)
Option
Client certificate
Server certificate
Intel AMT 4.0 and later support CIRA (client-initiated remote access). CIRA allows
an Intel AMT computer that is located outside an enterprise to connect to
management consoles inside the enterprise. The connection is accomplished
through a Management Presence Server (MPS) that is located in the DMZ of the
enterprise. The MPS appears as a proxy server to management console
applications. The Intel AMT device establishes a Mutual Authentication TLS
tunnel with the MPS. Multiple consoles can interact with the Intel AMT device
through this tunnel.
Description
TLS mutual authentication is used to
authenticate the Intel AMT-MPS tunnel. The
Intel AMT device requires a client certificate
that the MPS will authenticate and a trusted
root certificate from the certification
authority that generated the MPS server
certificate.
Select client certificate generation
properties. To do this, choose the
certification authority that you want the
AMT platform to use to request a certificate
that the MPS can authenticate. Then select
the template that is defined for creating the
appropriate client certificate. This should
be a template where the subject name is
supplied in the request and the usage is
Client Authentication.
For information on creating a template for
802.1x client certificates, see the Intel®
Active Management Technology Setup and
Configuration Service Installation Guide.
Choose the root certificate of the
certification authority that you want the
MPS to use to authenticate itself to the AMT
platform.