System deployment – Dell OptiPlex 960 (Late 2008) User Manual
Page 139
System Deployment
Once you are ready to deploy a computer to a user, plug the computer into a power source and connect it to the network.
Use the integrated Intel® 82566DM NIC. Intel Active Management Technology (Intel AMT) does not work with any other NIC
solution.
When the computer is turned on, it computer immediately looks for a setup and configuration server (SCS). If the computer
finds this server, the Intel AMT capable computer sends a Hello message to the server.
DHCP and DNS must be available for the setup and configuration server search to automatically succeed. If DHCP and DNS
are not available, then the setup and configuration servers (SCS) IP address must be manually entered into the Intel AMT
capable computer's MEBx.
The Hello message contains the following information:
Provisioning ID (PID)
Universally Unique Identifier (UUID)
IP address
ROM and firmware (FW) version numbers
The Hello message is transparent to the end user. There is no feedback mechanism to tell you that the computer is
broadcasting the message. The SCS uses the information in the Hello message to initiate a Transport Layer Security (TLS)
connection to the Intel AMT capable computer using a TLS Pre-Shared key (PSK) cipher suite if TLS is supported.
The SCS uses the PID to look up the provisioning passphrase (PPS) in the provisioning server database and uses the PPS and
PID to generate a TLS Pre-Master Secret. TLS is optional. For secure and encrypted transactions, use TLS if the infrastructure
is available. If you do not use TLS, then HTTP Digest is used for mutual authentication. HTTP Digest is not as secure as TLS.
The SCS logs into the Intel AMT computer with the username and password and provisions the following required data items:
New PPS and PID (for future setup and configuration)
TLS certificates
Private keys
Current date and time
HTTP Digest credentials
HTTP Negotiate credentials
The computer goes from the setup state to the provisioned state, and then Intel AMT is fully operational. Once in the
provisioned state, the computer can be remotely managed.