Auxiliary Profiles: Remote Access Policies Page - Symantec ALTIRIS OUT OF BAND MANAGEMENT COMPONENT 7.0 SP3 - IMPLEMENTATION GUIDE V1.0 Implementation Manual

128 About Out of Band Management Component pages

Auxiliary profiles: Remote Access Policies page

Auxiliary profiles: Remote Access Policies page
Options on the Add Management Presence Server dialog box
Table 10-3
Option
Server FQDN or IP address
Server listening port
Client certificate
Server certificate
Intel AMT 4.0 and later support CIRA (client-initiated remote access). CIRA allows
an Intel AMT computer that is located outside an enterprise to connect to
management consoles inside the enterprise. The connection is accomplished
Description
Type the FQDN or the IP address of the
Management Presence Server.
If you type an IP address, you must specify
the common name in the box below.
Type the port that the Management Presence
Server listens on for connections from Intel
AMT devices.
TLS mutual authentication is used to
authenticate the Intel AMT-MPS tunnel. The
Intel AMT device requires a client certificate
that the MPS will authenticate and a trusted
root certificate from the certification
authority that generated the MPS server
certificate.
Select client certificate generation
properties. To do this, choose the
certification authority that you want the
AMT platform to use to request a certificate
that the MPS can authenticate. Then select
the template that is defined for creating the
appropriate client certificate. This should
be a template where the subject name is
supplied in the request and the usage is
Client Authentication.
For information on creating a template for
802.1x client certificates, see the Intel®
Active Management Technology Setup and
Configuration Service Installation Guide.
Choose the root certificate of the
certification authority that you want the
MPS to use to authenticate itself to the AMT
platform.