- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Hello,
I am trying to figure out how to configure a machine over the internet without ever having direct contact with the machine.
The machine will be sent to the location and needs to be provisioned. The BIOS can be set up by the manufacturer and there will be someone on location who can do minimal tasks (ie: insert USB drive or type one word) if need be but the less the better.
I've been trying to accomplish this using SCS 6. The machines will have AMT 5 on them.
Thanks
I am trying to figure out how to configure a machine over the internet without ever having direct contact with the machine.
The machine will be sent to the location and needs to be provisioned. The BIOS can be set up by the manufacturer and there will be someone on location who can do minimal tasks (ie: insert USB drive or type one word) if need be but the less the better.
I've been trying to accomplish this using SCS 6. The machines will have AMT 5 on them.
Thanks
Link Copied
6 Replies
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
What info can your OEM pre-load into the system?
Thanks,
Roger
Thanks,
Roger
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Quoting - rogerb
What info can your OEM pre-load into the system?
Thanks,
Roger
Thanks,
Roger
Not exactly sure. It will most likely be a machine ordered from Dell. We should be able to have a decent amount of control over settings.
The goal is to do this completely over the interent which I'm not even sure is possible. I've done a lot of looking and I've only been able to find a few references to people even trying it. Any idea if it is possible when they aren't on the same LAN?
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
The system needs to be inside the "corporate" network to provision it with SCS. Additionally, to manage the system outside the "corporate" network requires a vPro Enabled Gateway in your DMZ (please see the "Intel AMT Remote Access Overview.pdf" in the SDK)
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Quoting - RB (Intel)
The system needs to be inside the "corporate" network to provision it with SCS. Additionally, to manage the system outside the "corporate" network requires a vPro Enabled Gateway in your DMZ (please see the "Intel AMT Remote Access Overview.pdf" in the SDK)
Is the same true for using the Intel AMT SCA?
edit: Nevermind. It say that it has to be on the same intranet in that document.
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Quoting - odla0024
Is the same true for using the Intel AMT SCA?
edit: Nevermind. It say that it has to be on the same intranet in that document.
You actually could do internet provisioning of a box, but you would have to be very careful about security. The provisioning process is setup to allow a secure connection between the system and the provisioning server. You would just have to make sure that the AMT system could connect to the IP address of the server running the SCA, and the AMT system couldn't access the SCA through a VPN connection. If you can setup the SCA in a DMZ, and you can put the AMT system on the internet without going through NAT, then the two system should be able to establish a secure connection and complete the configuration process. Again, you would need to be very careful about security and network visibility.
Regards,
Roger
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Quoting - rogerb
Hi odla,
You actually could do internet provisioning of a box, but you would have to be very careful about security. The provisioning process is setup to allow a secure connection between the system and the provisioning server. You would just have to make sure that the AMT system could connect to the IP address of the server running the SCA, and the AMT system couldn't access the SCA through a VPN connection. If you can setup the SCA in a DMZ, and you can put the AMT system on the internet without going through NAT, then the two system should be able to establish a secure connection and complete the configuration process. Again, you would need to be very careful about security and network visibility.
Regards,
Roger
You actually could do internet provisioning of a box, but you would have to be very careful about security. The provisioning process is setup to allow a secure connection between the system and the provisioning server. You would just have to make sure that the AMT system could connect to the IP address of the server running the SCA, and the AMT system couldn't access the SCA through a VPN connection. If you can setup the SCA in a DMZ, and you can put the AMT system on the internet without going through NAT, then the two system should be able to establish a secure connection and complete the configuration process. Again, you would need to be very careful about security and network visibility.
Regards,
Roger
While this may be technically feasible, Intel does not recommend doing this because of the securityconcerns Roger is calling out.
Reply
Topic Options
- Subscribe to RSS Feed
- Mark Topic as New
- Mark Topic as Read
- Float this Topic for Current User
- Bookmark
- Subscribe
- Printer Friendly Page