Symantec ALTIRIS OUT OF BAND MANAGEMENT COMPONENT 7.0 SP3 - IMPLEMENTATION GUIDE V1.0 Implementation Manual page 21

Intel AMT security features
Table 1-3
Feature Description
Intel AMT The user name and the password that you use to connect to the Intel
credentials AMT device remotely. These credentials should not be confused with
the MEBx credentials, which by default share the same user name
and password as the remote access Intel AMT credentials.
See
Access Control List The Intel AMT access control list (ACL) manages who has access to
(Enterprise mode which capabilities within Intel AMT. An ACL entry has a user ID and
only) a list of realms to which a user has access. This access is required
to use the functionality that is associated with a realm.
Two kinds of ACL entries exist: Kerberos and Digest. The main
difference between them is that Kerberos entries have an Active
Directory SID to identify a user or group of users. Digest entries
have a user name and password for user identification. When
Microsoft Active Directory is used, user identities are imported from
Active Directory; otherwise, user identities are added manually.
PID-PPS security A pair of keys that are used to ensure a secure connection when the
key pair (Enterprise configuration server configures an Intel AMT device. After a device
mode only) is configured, these keys are no longer used and are deleted from
the Intel SCS database.
TLS encryption TLS lets you encrypt communications between the configuration
(Enterprise mode server and the Intel AMT device after the device has been configured.
only) The encryption can be one direction (from the Intel AMT device to
the configuration server) or both directions (mutual authentication).
If you want to use TLS, you must use Intel AMT in enterprise mode
and have access to Microsoft certification authority.
See
Introducing Out of Band Management Component
How Out of Band Management Component works
"About Intel AMT related credentials"
"About TLS" on page 95.
on page 22.
21