Using mebx interface to complete provisioning, Enterprise mode provisioning methods, Legacy – Dell OptiPlex 755 User Manual
Page 39: It tls-psk
Using MEBx Interface to Complete Provisioning
Intel® AMT can be set up for either Enterprise or Small and Medium Business operational modes (also called provisioning models). Both operational modes
support dynamic and static IP networking.
If you use dynamic IP networking (DHCP), the Intel AMT host name and the operating system host name must match. You must also configure both the
operating system and Intel AMT to use DHCP as well.
If you use static IP networking, the Intel AMT IP address must be different from the operating system's IP address. Additionally, the Intel AMT hostname must
be different from the operating system's hostname.
l
Enterprise mode – This mode is for large organizations. This is an advanced networking mode that supports Transport Layer Security (TLS) and requires
a configuration service. Enterprise mode allows IT administrators to set up and configure Intel AMT securely for remote management. The Dell™
computer is defaulted to Enterprise mode when it leaves the factory. The mode can be changed during the setup and configuration process.
l
Small Medium Business (SMB) mode – This mode is a simplified operational mode that does not support TLS and does not require a setup application.
SMB mode is for customers who do not have independent software vendor (ISV) management consoles or the necessary network and security
infrastructures to use encrypted TLS. In SMB mode, Intel AMT setup and configuration is a manual process completed through the Intel ME BIOS
Extension (MEBx). This mode is the easiest to implement since it does not require much infrastructure, but it is the least secure since all network traffic is
not encrypted.
Intel AMT Configuration sets up all other Intel AMT options not covered in Intel AMT Setup, such as enabling the computer for Serial-Over-LAN (SOL) or IDE-
Redirect (IDE-R).
You can change the settings modified in the configuration phase many times over the course of a computer's life span. You can make changes to the computer
locally or through a management console.
Enterprise Mode Provisioning Methods
There are two methods of provisioning a computer with Enterprise mode:
l
Legacy
l
IT TLS-PSK
Legacy
If you want Transport Layer Security (TLS), execute the legacy method of Intel AMT setup and configuration on an isolated network separate from the
corporate network. A setup and configuration server (SCS) requires a secondary network connection to a certification authority (an entity which issues digital
certificates) for TLS configuration.
Initially the computers are shipped in the factory-default state with Intel AMT ready for configuration and provisioning. These computers must go through Intel
AMT setup in order to go from the factory-default state to the setup state. Once the computer is in the setup state, you can continue to configure it manually
or connect it to a network where it connects with an SCS and begin Enterprise Mode Intel AMT configuration.
IT TLS-PSK
IT TLS-PSK Intel AMT setup and configuration is usually performed in a company's IT department. The following are required:
l
Setup and configuration server
l
Network and security infrastructure
Intel AMT capable computers in the factory-default state are given to the IT department, which is responsible for Intel AMT setup and configuration. The IT
department can use any method to input Intel AMT setup information, after which the computers are in Enterprise mode and in the In-Setup phase. An SCS
must generate PID and PPS sets.