Provisioning methods, Small business mode, Enterprise mode – Dell OptiPlex 960 (Late 2008) User Manual

Back to Contents Page

Provisioning Methods

The act of setting up and configuring Intel® AMT is known as provisioning. There are three methods of provisioning a

computer:

Small Business

Enterprise TLS-PKI

Enterprise TLS-PSK

Transport Layer Security (TLS) is a protocol that provides secure communications on the Internet for such things as web

browsing, e-mail, Internet faxing, instant messaging and other data transfers. TLS was a legacy method of configuring Intel

AMT on an isolated network separate from the corporate network. A setup and configuration server (SCS) requires a

secondary network connection to a certification authority (an entity which issues digital certificates) for TLS configuration.

Initially the computers are shipped in the factory-default state with Intel AMT ready for configuration and provisioning. These

computers must go through Intel AMT setup in order to go from the factory-default state to the setup state. Once the

computer is in the setup state, you can continue to configure it manually or connect it to a network where it connects with an

SCS and begin Enterprise Mode Intel AMT configuration.

Small Business Mode

Small business mode is remains the same as from AMT v3.0 and basically means no security. Small business setup consists of

just three steps:

1. Set the host name

2. Configure the TCP/IP settings

3. Set Provisioning Mode to "Small Business"

Enterprise Mode

TLS-PKI and TLS-PSK Intel AMT setup and configuration is usually performed in a company's IT department. The following are

required:

Setup and configuration server

Network and security infrastructure

Intel AMT capable computers in the factory-default state are given to the IT department, which is responsible for Intel AMT

setup and configuration. The IT department can use the methods described below to input Intel AMT setup information, after

which the computers are in Enterprise Mode and in the In-Setup phase. An SCS must generate PID and PPS sets.

The Intel AMT configuration must occur over a network. The network can be encrypted using the Transport Layer Security

Pre-Shared Key (TLS-PSK) protocol. Once the computers connect to an SCS, Enterprise Mode Configuration occurs.

Enterprise TLS-PKI

Enterprise TLS-PKI is also known as "Remote Configuration". The SCS uses TLS-PKI (Public Key Infrastructure) certificates to

securely connect to an Intel AMT enabled computer. The certificates can be generated a few ways:

The SCS can connect using one of the default certificates pre-programmed on the computer, as detailed in the MEBx

interface section of this document.

The SCS can create a custom certificate, which can be deployed on the AMT computer by means of a desk-side visit

with a specially formatted USB thumb drive as detailed in the Configuration Service section of this document.

The SCS could use a custom certificate which was pre-programmed at the Dell factory through the Custom Factory

Integration (CFI) process.

Enterprise TLS-PSK

Enterprise TLS-PSK is also known as "One-Touch Configuration". The SCS uses PSK's (Pre-Shared Key's) to establish a secure

connection with the AMT computer. These 52-character keys can be created by the SCS, and then deployed on the AMT