Intel AMT 9: Accessing one PC over Internet Securely
I hope, I am asking in the correct place: My question is regarding Intel AMT v9 technology. I have only one PC which is app 300 KM far from me. To have as good control over it as possible, I have decided to control it using Intel AMT. My configuration uses Intel AMT 9.
I can access the PC without problems through Intel AMT KVM through un-encrypted connection. However, I want to be able to access the PC securely. Here are my questions:
To my knowledge, standard procedures to configure encrypted Intel AMT KVM is using provisioning server. Is it possible to configure Intel AMT communication through TLS-PSK or TLS-PKI without installing provisioning server, please? For one remote PC it does not make too much sense to install a server. I would like to configure one PC manually.
If I have to install a provisioning and configuration server, is it enough to let the server running during remote PC provisioning only? After the Intel AMT PC is provisioned, I do not wish to have the server running all the time just for this PC, and I would like to shut it down.
Are TLS-PSK and TLS-PKI equally secure? I know that TLS-PSK will be discontinued, which looks like it is less secure encryption standard. However, I have also heard, that after both encryption standards are configured, they are equally safe.
Is it safe to use Intel AMT v9 over the Internet if the connection is encrypted?
As I use software firewall on the remote PC, I can not use a VPN channel through a router or a firewall, which would protect the Intel AMT communication. I would really take advantage of encrypted Intel AMT technology.