In our environment WOL is inconsistent and unreliable for a number of reasons, mostly uncontrollable networking issues. We need the ability to reliably wake machines up on demand and on a schedule. This is all we need from AMT, nothing more.
1) With that in mind, what is the least complex (not quickest) method to configure AMT?
2) Can vPro work independently while integrated with SCCM?
3) Will AMT simply not work at all in SCCM if certificates aren't used?
Once configured you can power them up on demand, or on a schedule using the AMT Alarm Clock feature.
Thanks for the input Alan. If I decided to try to tackle TLS so I can use AMT with SCCM, is it possible to set up SCS as an independent installation and then just "plug" it into SCCM later? (As opposed to doing everything via the Add-on 2.0; or would the Add-on be the better route?)
What is tripping me up the most is the TLS issue. It seems most of the documentation assumes a solid familiarity with certificates, but our team has never used them. I understand the importance for security, but the complexity is certainly an obstacle. Is it possible to have full AMT functionality without the use of certificates? (only using PSK?)
There seems to be so many versions, variations, and variables with vPro/AMT/SCS that it's hard to know you're starting on the right path. Maybe I'm an idiot but I could certainly benefit from some decision flowcharts :-O
Yes you are able to setup an SCS server separately. Then at a later time use the SCS Add-on to integrate it into SCCM.
It's absolutely possible to have full AMT functionality without using certificates. You can achieve full AMT functionality with a basic SCS profile. That profile only needs to contain the mandatory system settings. Later, if you want, you can go back and reconfigure your vPro computers with a new SCS profile that includes any of the increased security options.
I need to develop a process that covers the spectrum, AMT 2.2 and up.
Later, if I want to integrate AMT with SCCM it will require a certificate. Either a Microsoft CA, or 3rd party certificate. Our network team says we have an internal CA, and we have a "wildcard cert from Entrust I may be able to use".
Thanks so much for your help.
As far as your current Entrust certificate, in order for it to work as a provisioning certificate it will need to have been created as outlined in this document. https://downloadcenter.intel.com/Detail_Desc.aspx?agr=Y&DwnldID=22269 https://downloadcenter.intel.com/Detail_Desc.aspx?agr=Y&DwnldID=22269