Table of Contents
Advertisement
Back to Contents Page
Provisioning Methods
The act of setting up and configuring Intel® AMT is known as provisioning. There are three methods of provisioning a
computer:
Small Business
Enterprise TLS-PKI
Enterprise TLS-PSK
Transport Layer Security (TLS) is a protocol that provides secure communications on the Internet for such things as web
browsing, e-mail, Internet faxing, instant messaging and other data transfers. TLS was a legacy method of configuring Intel
AMT on an isolated network separate from the corporate network. A setup and configuration server (SCS) requires a
secondary network connection to a certification authority (an entity which issues digital certificates) for TLS configuration.
Initially the computers are shipped in the factory-default state with Intel AMT ready for configuration and provisioning. These
computers must go through Intel AMT setup in order to go from the factory-default state to the setup state. Once the
computer is in the setup state, you can continue to configure it manually or connect it to a network where it connects with an
SCS and begin Enterprise Mode Intel AMT configuration.
Small Business Mode
Small business mode is remains the same as from AMT v3.0 and basically means no security. Small business setup consists of
just three steps:
1. Set the host name
2. Configure the TCP/IP settings
3. Set Provisioning Mode to "Small Business"
Enterprise Mode
TLS-PKI and TLS-PSK Intel AMT setup and configuration is usually performed in a company's IT department. The following are
required:
Setup and configuration server
Network and security infrastructure
Intel AMT capable computers in the factory-default state are given to the IT department, which is responsible for Intel AMT
setup and configuration. The IT department can use the methods described below to input Intel AMT setup information, after
which the computers are in Enterprise Mode and in the In-Setup phase. An SCS must generate PID and PPS sets.
The Intel AMT configuration must occur over a network. The network can be encrypted using the Transport Layer Security
Pre-Shared Key (TLS-PSK) protocol. Once the computers connect to an SCS, Enterprise Mode Configuration occurs.
Enterprise TLS-PKI
Enterprise TLS-PKI is also known as "Remote Configuration". The SCS uses TLS-PKI (Public Key Infrastructure) certificates to
securely connect to an Intel AMT enabled computer. The certificates can be generated a few ways:
The SCS can connect using one of the default certificates pre-programmed on the computer, as detailed in the MEBx
interface section of this document.
The SCS can create a custom certificate, which can be deployed on the AMT computer by means of a desk-side visit
with a specially formatted USB thumb drive as detailed in the Configuration Service section of this document.
The SCS could use a custom certificate which was pre-programmed at the Dell factory through the Custom Factory
Integration (CFI) process.
Enterprise TLS-PSK
Enterprise TLS-PSK is also known as "One-Touch Configuration". The SCS uses PSK's (Pre-Shared Key's) to establish a secure
connection with the AMT computer. These 52-character keys can be created by the SCS, and then deployed on the AMT
Advertisement
Table of Contents
Troubleshooting
