Community
cancel
Showing results for 
Search instead for 
Did you mean: 
odla0024
Beginner
88 Views

Remote AMT Provisioning

Hello,

I am trying to figure out how to configure a machine over the internet without ever having direct contact with the machine.

The machine will be sent to the location and needs to be provisioned. The BIOS can be set up by the manufacturer and there will be someone on location who can do minimal tasks (ie: insert USB drive or type one word) if need be but the less the better.

I've been trying to accomplish this using SCS 6. The machines will have AMT 5 on them.

Thanks
0 Kudos
6 Replies
RBens2
Valued Contributor I
88 Views

What info can your OEM pre-load into the system?

Thanks,
Roger
odla0024
Beginner
88 Views

Quoting - rogerb
What info can your OEM pre-load into the system?

Thanks,
Roger

Not exactly sure. It will most likely be a machine ordered from Dell. We should be able to have a decent amount of control over settings.

The goal is to do this completely over the interent which I'm not even sure is possible. I've done a lot of looking and I've only been able to find a few references to people even trying it. Any idea if it is possible when they aren't on the same LAN?
Richard_B_Intel1
Employee
88 Views

The system needs to be inside the "corporate" network to provision it with SCS. Additionally, to manage the system outside the "corporate" network requires a vPro Enabled Gateway in your DMZ (please see the "Intel AMT Remote Access Overview.pdf" in the SDK)
odla0024
Beginner
88 Views

Quoting - RB (Intel)
The system needs to be inside the "corporate" network to provision it with SCS. Additionally, to manage the system outside the "corporate" network requires a vPro Enabled Gateway in your DMZ (please see the "Intel AMT Remote Access Overview.pdf" in the SDK)

Is the same true for using the Intel AMT SCA?

edit: Nevermind. It say that it has to be on the same intranet in that document.
RBens2
Valued Contributor I
88 Views

Quoting - odla0024

Is the same true for using the Intel AMT SCA?

edit: Nevermind. It say that it has to be on the same intranet in that document.
Hi odla,

You actually could do internet provisioning of a box, but you would have to be very careful about security. The provisioning process is setup to allow a secure connection between the system and the provisioning server. You would just have to make sure that the AMT system could connect to the IP address of the server running the SCA, and the AMT system couldn't access the SCA through a VPN connection. If you can setup the SCA in a DMZ, and you can put the AMT system on the internet without going through NAT, then the two system should be able to establish a secure connection and complete the configuration process. Again, you would need to be very careful about security and network visibility.

Regards,
Roger
Richard_B_Intel1
Employee
88 Views

Quoting - rogerb
Hi odla,

You actually could do internet provisioning of a box, but you would have to be very careful about security. The provisioning process is setup to allow a secure connection between the system and the provisioning server. You would just have to make sure that the AMT system could connect to the IP address of the server running the SCA, and the AMT system couldn't access the SCA through a VPN connection. If you can setup the SCA in a DMZ, and you can put the AMT system on the internet without going through NAT, then the two system should be able to establish a secure connection and complete the configuration process. Again, you would need to be very careful about security and network visibility.

Regards,
Roger

While this may be technically feasible, Intel does not recommend doing this because of the securityconcerns Roger is calling out.
Reply