We are moving office and have a 500 brand new HP desktops with Vpro arriving in November. I would love to be able to have these machines pre-provisioned at factory level and then dropped off in the new office.
I have an idea of how we could deploy the machines, but would love to know someone opinion, many thanks
The proccess as I see it would be.
Machines pre-provisioned in factory level with USB TLS-PSK keys, machines remain un-imaged. the machines are brought into the new office and plugged in, once attached to power they will start to send 'hello' messages which will be picked up by the SCS.
SCS will provide the machines with a FQDN and place them into a profile. SMS 2003 will import this information and be able to populate itself with a list of asset numbers and then we can start using SMS to switch on the machines and push out an image to them using BDD.
We would like to accomplish this without using certificates as our environment does not require that level of encryption.
- Intel® vPro™
If you are having the clients pre-configured with PSK PID/PPS pairs at the factory, then you don't have any direct need for a Remote Configuration Certificate. Just load the PID/PPS pairs into the Intel SCS server and allow the SCS to provision the vPro Client.
In terms of encryption, there is not a hard requirement to use TLS for vPro client Management. Just create a profile in the Intel SCS that does not use TLS and allow the SCS to provision the vPro clients with that profile.