Setup and configuration overview, Intel amt setup and configuration states, Provisioning methods – Dell OptiPlex 980 (Early 2010) User Manual
Page 5
Setup and Configuration Overview
The following is a list of important terms related to the Intel
®
AMT setup and configuration.
Setup and configuration — The process that populates the Intel AMT-managed computer with usernames,
passwords, and network parameters that enable the computer to be administered remotely.
Configuration service — A third-party application that completes the Intel AMT provisioning.
Intel AMT WebGUI — A Web browser-based interface for limited remote computer management.
You must set up and configure Intel AMT on a computer before using it. Intel AMT setup readies the computer for Intel AMT
mode and enables network connectivity. This setup is generally performed only once in the lifetime of a computer. When Intel
AMT is enabled, it can be discovered by management software over a network.
Once Intel AMT is set up in Enterprise mode, it is ready to initiate configuration of its own capabilities. When all required
network elements are available, simply connect the computer to a power source and the network and Intel AMT automatically
initiates its own configuration. The configuration service (a third-party application) completes the process for you. Intel AMT is
then ready for remote management. This configuration typically takes only a few seconds. When Intel AMT is set up and
configured, you can reconfigure the technology as needed for your business environment.
Once Intel AMT is set up in the SMB mode, the computer does not have to initiate any configuration across the network. It is
set up manually and is ready to use with the Intel AMT Web GUI.
Intel AMT Setup and Configuration States
The act of setting up and configuring Intel AMT is also known as provisioning. An Intel AMT-capable computer can be in one
of three setup and configuration states (SCS):
Factory-default state
Setup state
Provisioned state
The factory-default state is a fully un-configured state in which security credentials are not yet established and Intel AMT
capabilities are not yet available to management applications. In the factory-default state, Intel AMT has the factory-defined
settings.
The setup state is a partially configured state in which Intel AMT has been set up with initial networking and transport layer
security (TLS) information: an initial administrator password, the provisioning passphrase (PPS), and the provisioning
identifier (PID). When Intel AMT has been set up, Intel AMT is ready to receive enterprise configuration settings from a
configuration service.
The provisioned state is a fully configured state in which the Intel Management Engine (ME) has been configured with power
options, and Intel AMT has been configured with its security settings, certificates, and the settings that activate the Intel AMT
capabilities. When Intel AMT has been configured, the capabilities are ready to interact with management applications.
Provisioning Methods
TLS-PKI
TLS-PKI is also known as "Remote Configuration". The SCS uses TLS-PKI (Public Key Infrastructure) certificates to securely
connect to an Intel AMT-enabled computer. The certificates can be generated in the following ways:
The SCS can connect using one of the default certificates pre-programmed on the computer, as detailed in the MEBx
interface section of this document.
The SCS can create a custom certificate, which can be deployed on the AMT computer by means of a desk-side visit
with a specially formatted USB thumb drive as detailed in the Configuration Service section of this document.
The SCS could use a custom certificate which was pre-programmed at the Dell factory through the Custom Factory
Integration (CFI) process.
TLS-PSK
TLS-PSK is also known as "One-Touch Configuration". The SCS uses PSK's (Pre-Shared Key's) to establish a secure