SMB vs Enterprise Provisioning Mode

idata · ‎04-08-2008

I'd like to have some explanations about SMB vs Enterprise Provisioning Mode.

I read a very interesting Guide (Intel vPro and Intel Centrino Pro Processor Technology Quick Start Guide) , but I still have some doubts.

Environment Configuration:

Microsoft Windows Server 2003 R2 Domain;
Microsoft Windows Server 2003 R2 DNS;
Microsoft Windows Server 2003 R2 DHCP;

Management Software:

Landesk Management Suite 8.8

We have some AMT 1.x PCs provisioned in SMB Mode and I'd like to Provision New AMT 2.1.3 Pcs via Enterprise Mode using One Touch Configuration (no AD Integration and no TLS).

If I use the same credentials (username and password) , can I have problems in a mixed environment (both SMB and Enterprise Mode Provisioned PCs)?
Are there any differences in managing SMB or Enterprise Provisioned PCs?
Are there things that I can/cannot do if a PC is provisioned in SMB/Enterprise Mode?

I know that different Management Consoles can have different behaviours: I'd like to know if there are differences from a theoretical point of view.

Thanks.

Paolo Sparvieri

KRISHNA_V_Intel · ‎04-08-2008

Let me explain the intent of the design for SMB mode. This is meant for small office (doctors or lawyers) that do not have IT people supporting the office. So the purpose is to provide ability to provision AMT so you can use remote management capabilities. The idea is to remotely power off/on machines. Intel also provides free webui, I am sure you are familiar and have been using it. This is generally not to be confused with using with an ISV provided software. SMB is meant for companied that do not have the resources of an IT department. One major difference with SMB mode is if you use with an ISV and implement advanced use case like IDE-R then the password goes over the wire in clear. So SMB mode is not secure implementation that you should be aware. Provisioning using SMB mode is also manual in that you have to touch every machine go into MEBX and set the required parameters.

On the contrary, enterprise mode requires that you install SCS server (free from Intel) or use an ISV software with provision server integrated. Enterprise mode gives you automated way of provisioning several AMT machines once you define a profile. You can push the profile to hundreds of machines and complete provision quickly. In addition, enterprise mode also gives you optionally secure setup using TLS or mutual authentication where the passwords or any data exchanged between managemnet console and client is encrypted and not exposed to prying eye. once you have SCS server setup or have an ISV software that can do enterprise setup there is no reason for mixed environment. intel recommends only enterprise mode operation for providing secure environment for customers.

Should you do mixed environment for academic purposes, there should be no problem with same adming/password

if you have an ISV that is capable of IP scan and recognize SMB provisioned machines you should be able to manage - take this with a grain of salt. However LANDesk uses security for enterprise provision and no security for SMB so you will not be able to manage mixed environment using LANDesk console

Big difference - enterprise mode offers security with automation and is recommended, SMB does not offer security and it is manual provision process

Hope this helps!

Mohan.