Dell Latitude E6420 Administration Guide - Page 6

Setup and Configuration Overview The following is a list of important terms related to the Intel AMT setup and configuration. Setup and configuration - The process that populates the Intel AMT-managed computer with usernames, passwords, and network parameters that enable the computer to be administered remotely. Configuration service - A third-party application that completes the Intel AMT provisioning. Intel AMT WebUI - A Web browser-based interface for limited remote computer management. You must set up and configure Intel AMT in a computer before using it. Intel AMT setup readies the computer for Intel AMT mode and enables network connectivity. This setup is generally performed only once in the lifetime of a computer. When Intel AMT is enabled, it can be discovered by management software over a network. Once Intel AMT is set up in Enterprise mode, it is ready to initiate configuration of its own capabilities. When all required network elements are available, simply connect the computer to a power source and the network, and Intel AMT automatically initiates its own configuration. The configuration service (a third-party application) completes the process for you. Intel AMT is then ready for remote management. This configuration typically takes only a few seconds. When Intel AMT is set up and configured, you can reconfigure the technology as needed for your business environment. Once Intel AMT is set up in SMB mode, the computer does not have to initiate any configuration across the network. It is set up manually and is ready to use with the Intel AMT Web GUI. Intel AMT Setup and Configuration States The act of setting up and configuring Intel AMT is also known as provisioning. An Intel AMT capable computer can be in one of three setup and configuration states: Factory-default state Setup state Provisioned state The Factory-Default State is a fully unconfigured state in which security credentials are not yet established and Intel AMT capabilities are not yet available to management applications. In the factory-default state, Intel AMT has the factory-defined settings. The Setup State is a partially configured state in which Intel AMT has been set up with initial networking and transport layer security (TLS) information: an initial administrator password, the provisioning passphrase (PPS), and the provisioning identifier (PID). When Intel AMT has been set up, Intel AMT is ready to receive enterprise configuration settings from a configuration service. The Provisioned State is a fully configured state in which the Intel Management Engine (ME) has been configured with power options, and Intel AMT has been configured with its security settings, certificates, and the settings that activate the Intel AMT capabilities. When Intel AMT has been configured, the capabilities are ready to interact with management applications. Provisioning Methods TLS-PKI TLS-PKI is also known as "Remote Configuration". The SCS uses TLS-PKI (Public Key Infrastructure) certificates to securely connect to an Intel AMT enabled computer. The certificates can be generated a few ways: The SCS can connect using one of the default certificates pre-programmed on the computer, as detailed in the MEBx interface section of this document. The SCS can create a custom certificate, which can be deployed on the AMT computer by means of a desk-side visit with a specially formatted USB thumb drive as detailed in the Configuration Service section of this document. The SCS could use a custom certificate which was pre-programmed at the Dell factory through the Custom Factory Integration (CFI) process. TLS-PSK TLS-PSK is also known as "One-Touch Configuration". The SCS uses PSK's (Pre-Shared Key's) to establish a secure connection with the AMT computer. These 52-character keys can be created by the SCS, and then deployed on the AMT