it project planning guide for intel(r) amt project planning...it project planning guide for ... 2 it...

IT Project Planning Guide forIT Project Planning Guide forIntel® Active Management Technology DeploymentTechnology Deployment

Version 1.0April 2012

ii

Notices and Disclaimers Copyright © 2012 Intel Corporation. All rights reserved. Intel, the Intel logo, Intel® vPro™ are trademarks of Intel Corporation in the U.S. and/or other countries. *Other names and brands may be claimed as the property of others. INFORMATION IN THIS DOCUMENT IS PROVIDED IN CONNECTION WITH INTEL PRODUCTS. NO LICENSE, EXPRESS OR IMPLIED, BY ESTOPPEL OR OTHERWISE, TO ANY INTELLECTUAL PROPERTY RIGHTS IS GRANTED BY THIS DOCUMENT. EXCEPT AS PROVIDED IN INTEL'S TERMS AND CONDITIONS OF SALE FOR SUCH PRODUCTS, INTEL ASSUMES NO LIABILITY WHATSOEVER AND INTEL DISCLAIMS ANY EXPRESS OR IMPLIED WARRANTY, RELATING TO SALE AND/OR USE OF INTEL PRODUCTS INCLUDING LIABILITY OR WARRANTIES RELATING TO FITNESS FOR A PARTICULAR PURPOSE, MERCHANTABILITY, OR INFRINGEMENT OF ANY PATENT, COPYRIGHT OR OTHER INTELLECTUAL PROPERTY RIGHT. A "Mission Critical Application" is any application in which failure of the Intel Product could result, directly or indirectly, in personal injury or death. SHOULD YOU PURCHASE OR USE INTEL'S PRODUCTS FOR ANY SUCH MISSION CRITICAL APPLICATION, YOU SHALL INDEMNIFY AND HOLD INTEL AND ITS SUBSIDIARIES, SUBCONTRACTORS AND AFFILIATES, AND THE DIRECTORS, OFFICERS, AND EMPLOYEES OF EACH, HARMLESS AGAINST ALL CLAIMS COSTS, DAMAGES, AND EXPENSES AND REASONABLE ATTORNEYS' FEES ARISING OUT OF, DIRECTLY OR INDIRECTLY, ANY CLAIM OF PRODUCT LIABILITY, PERSONAL INJURY, OR DEATH ARISING IN ANY WAY OUT OF SUCH MISSION CRITICAL APPLICATION, WHETHER OR NOT INTEL OR ITS SUBCONTRACTOR WAS NEGLIGENT IN THE DESIGN, MANUFACTURE, OR WARNING OF THE INTEL PRODUCT OR ANY OF ITS PARTS. Intel may make changes to specifications and product descriptions at any time, without notice. Designers must not rely on the absence or characteristics of any features or instructions marked "reserved" or "undefined". Intel reserves these for future definition and shall have no responsibility whatsoever for conflicts or incompatibilities arising from future changes to them. The information here is subject to change without notice. Do not finalize a design with this information. The products described in this document may contain design defects or errors known as errata which may cause the product to deviate from published specifications. Current characterized errata are available on request. Contact your local Intel sales office or your distributor to obtain the latest specifications and before placing your product order. Copies of documents which have an order number and are referenced in this document, or other Intel literature, may be obtained by calling 1-800-548-4725, or go to: http://www.intel.com/design/literature.htm Intel® vPro™ Technology Intel® vPro™ Technology is sophisticated and requires setup and activation. Availability of features and results will depend upon the setup and configuration of your hardware, software and IT environment. To learn more visit: http://www.intel.com/technology/vpro. Intel® Active Management Technology (Intel® AMT) Requires activation and a system with a corporate network connection, an Intel® AMT-enabled chipset, network hardware and software. For notebooks, Intel AMT may be unavailable or limited over a host OS-based VPN, when connecting wirelessly, on battery power, sleeping, hibernating or powered off. Results dependent upon hardware, setup and configuration. For more information, visit http://www.intel.com/technology/platform-technology/intel-amt. KVM KVM Remote Control (Keyboard, Video, Mouse) is only available with Inte® Core™ i5 vPro and Core™ i7 vPro processors with Intel® Active Management technology activated and configured and with integrated graphics active. Discrete graphics are not supported.

http://www.intel.com/design/literature.htm

http://www.intel.com/technology/vpro

http://www.intel.com/technology/platform-technology/intel-amt

iii

Contents 1 Introduction .................................................................................. 1

1.1 Why Create an IT Plan? .................................................................................... 1 1.2 Resources ....................................................................................................... 1

2 IT Project Plan Outline .................................................................. 3

3 Task Descriptions .......................................................................... 5 3.1 Analysis or Exploration (Phase 1)....................................................................... 5

3.1.1 Evaluate Intel® AMT Features and Capabilities ..................................... 5 3.1.2 Evaluate Intel® AMT Use Cases.......................................................... 5 3.1.3 Evaluate Intel® AMT-compatible Management Software ........................ 6

3.1.3.1 Review Intel® Core™ vPro™ Technology Software Catalog ............ 6 3.1.3.2 Review Specific Third-Party Software Packages ............................. 7

3.1.4 Evaluate Intel® AMT Tools and Solutions ............................................. 7 3.1.4.1 Download and Evaluate Intel® Setup and Configuration Service ..... 8 3.1.4.2 Download and Evaluate Intel® Solution Reference Designs ............ 8 3.1.4.3 Download and Evaluate Intel® vPro™ Technology Module for

Microsoft* Windows* PowerShell* ...................................................... 9 3.1.4.4 Download and Evaluate Other Intel® Tools .................................. 9

3.1.5 Perform Return on Investment (ROI) Analysis ...................................... 9 3.2 Design or Planning Phase................................................................................ 10

3.2.1 Collect an Inventory of Intel® AMT Capable Systems .......................... 10 3.2.2 Collect Existing Network Infrastructure Information ............................ 10 3.2.3 Select Intel® AMT Use Cases ........................................................... 11 3.2.4 Select Management Software ........................................................... 11 3.2.5 Establish Intel® AMT Test Lab .......................................................... 11

3.2.5.1 Create a Lab Environment ........................................................ 12 3.2.5.2 Run a Proof of Concept Test in a Lab Environment ...................... 12

3.3 Deployment Phase ......................................................................................... 12 3.3.1 Modify the Network Infrastructure .................................................... 12

3.3.1.1 Set DHCP Option 15 ................................................................ 13 3.3.1.2 Open TCP Ports in Firewall........................................................ 13 3.3.1.3 Create User Accounts and Groups ............................................. 14 3.3.1.4 Modify Microsoft* Active Directory ............................................. 14

3.3.2 Update BIOS, Firmware, and Drivers on Intel® AMT Computers ........... 14 3.3.2.1 Update System BIOS ............................................................... 15 3.3.2.2 Update Intel® Management Engine Firmware ............................. 15 3.3.2.3 Update Intel® Management Engine Driver Package ..................... 16

3.3.3 Pilot the Deployment ....................................................................... 17 3.3.3.1 Configure the Management Software ......................................... 17 3.3.3.2 Install Intel® SCS in the Production Environment ....................... 17 3.3.3.3 Install and Configure Third Party Management Software .............. 18 3.3.3.4 Setup and Configure the Intel® AMT Clients ............................... 20

3.3.4 Setup and Configure Intel® AMT in the Entire Enterprise ..................... 22 3.3.4.1 Select Intel® AMT setup and configuration method ..................... 22 3.3.4.2 Create or Update Intel® AMT Profile Settings ............................. 22 3.3.4.3 Setup and Configure Intel® AMT Clients .................................... 22

3.3.5 Deploy Intel® AMT Use Cases to IT Help Desk ................................... 23 3.3.5.1 Add Intel® AMT Use Case to IT Help Desk ................................. 23 3.3.5.2 Perform Acceptance Testing to Verify Intel® AMT Use Cases ........ 23

3.4 Post Deployment Stabilization Phase ................................................................ 24

iv

3.4.1 Troubleshoot and Resolve Post Deployment Issues ............................. 24 3.4.2 Plan for Maintenance Tasks .............................................................. 24

4 What’s Next? ............................................................................... 25

5 Work Aids for Planning and Analysis ........................................... 26 5.1 Checklist of Intel® AMT Features and Capabilities.............................................. 26 5.2 Checklist of Intel® AMT Use Cases .................................................................. 27 5.3 Checklist of Management Software Supporting Intel® AMT ................................. 27 5.4 Checklist of Intel® Use Case Reference Designs and Intel® Solution Reference

Designs for Intel® AMT .................................................................................. 28 5.5 Checklist of Cmdlets in Intel® vPro™ Technology Module for Microsoft* Windows*

PowerShell* .................................................................................................. 29

6 Resources .................................................................................... 30

7 Glossary of Terms ........................................................................ 31

1

1 Introduction

This planning guide will help IT project managers create a project schedule for the deployment of Intel® Active Management Technology (Intel® AMT). Intel AMT is a technology included in every Intel® vPro™ Technology Brand certified PC. Intel AMT is used by IT departments to remotely manage and repair PCs.

A successful IT deployment of Intel AMT in an enterprise-scale organization will require some thoughtful planning. This guide will help IT project managers organize a project plan. Small and medium businesses can also modify the template to fit their needs. This guide will help you identify what needs to be done (the tasks) and provides some recommendations based on the experiences of Intel field engineers. It will not tell you how to do the tasks or how long each task will take—that depends on your unique situation.

Each task is described in enough detail for you to assign the task to a project team member. The Project Team Resources are listed in several generic job titles. You can adapt the template to fit your available resources.

Not all tasks are listed in the proposed template. We omitted the tasks that are common to almost every IT plan such as “Assemble the project team”, “Review plan with stakeholders”, “Integrate with IT Help Desk”, and “Readiness checkpoint milestone”. You will need to add the tasks that your IT organization requires.

The following table shows the outline of the IT project plan. The sections following the table describe each task.

1.1 Why Create an IT Plan? A measured, methodical planning approach will reduce the time it takes to deploy Intel AMT, reduce the cost, and will generally result in a smoother deployment. Your plan should encompass all aspects of the deployment, not just the setup and configuration of the Intel AMT clients. We recommend that you consider the following elements:

• Hardware deployment of Intel AMT capable clients and servers • Supporting infrastructure • IT process updates, including the PC refresh process • A feedback loop from your customers

1.2 Resources In general, most Intel AMT deployment projects will need three types of resources:

• IT Project Manager • IT Architect or Planner • IT Technician

The number of each resource depends on the scope of your project.

Some organizations might also need some specialists:

• Microsoft Active Directory Specialist • User Account Specialist • Network Security and Certificates Specialist • Network infrastructure (DNS, DHCP, 802.1X, Wireless 802.11) Specialist

2

• Help Desk Software Specialist • Process Documentation Writer

3

2 IT Project Plan Outline

This section shows the general task outline for deploying Intel AMT in an enterprise environment. The plan starts with an analysis of the capabilities of Intel AMT and then progresses to the point where all the PCs are configured for the Intel AMT features targeted by the plan. Intel AMT is flexible—you can enable a basic set of features during the initial deployment and later go back and turn on additional features.

WBS Task Name Notes 1 ANALYSIS OR EXPLORATION PHASE

1.1 Evaluate Intel® AMT Features and Capabilities Recommended

1.2 Evaluate Intel® AMT Use Cases Recommended

1.3 Evaluate Intel® AMT-compatible Management Software Recommended

1.3.1 Review Intel® Core™ vPro™ Technology Software Catalog Recommended

1.3.2 Review specific third-party software packages Optional

1.4 Evaluate Intel® AMT Tools and Solutions Recommended

1.4.1 Download and evaluate Intel® SCS Recommended

1.4.2 Download and evaluate Intel® Solution Reference Designs Optional

1.4.3 Download and evaluate Intel® vPro™ Technology Module for Microsoft* Windows* PowerShell*

Optional

1.4.4 Download and evaluate other Intel® tools Optional

1.5 Perform Return on Investment (ROI) Analysis Optional

2 DESIGN OR PLANNING PHASE

2.1 Collect inventory of Intel® AMT capable systems Important

2.2 Collect Existing Network Infrastructure information Recommended

2.3 Select Intel® AMT Use Cases Recommended

2.4 Select Management Software Important

2.5 Establish Intel® AMT Test Lab

2.5.1 Create a lab environment Recommended

2.5.2 Run a Proof of Concept Test in a lab environment Recommended

3 DEPLOYMENT PHASE

3.1 Modify the Network Infrastructure Important

3.1.1 DHCP Option 15 Important

3.1.2 Open ports in Firewall Important

3.1.3 Create User Accounts and Groups Important

3.1.4 Modify Microsoft* Active Directory Important

3.2 Update BIOS, firmware, and drivers on Intel® AMT computers Recommended

3.2.1 Update System BIOS Recommended

3.2.2 Update Intel® ME Firmware Important

4

WBS Task Name Notes

3.2.3 Update Intel® ME Driver Package (MEI, LNS, SOL drivers) Recommended

3.3 Run a Pilot Deployment Recommended

3.3.1 Configure the Management Software Recommended

3.3.1.1 Install Intel® SCS in Production Environment Recommended

3.3.1.1.1 Verify correct versions of Windows and .NET Framework Recommended

3.3.1.1.2 Install SCS components Recommended

3.3.1.2 Install and configure third party management software Recommended

3.3.1.2.1 Install updates or OOB extensions to existing management software

Important

3.3.1.2.2 Install RealVNC viewer for KVM Remote Control Optional

3.3.1.2.3 Install Intel® vPro Enabled Gateway for Fast Call for Help Optional

3.3.1.3 Purchase and install Certificates for Setup and Configuration with TLS

Optional

3.3.2 Setup and Configure the Intel® AMT clients for the pilot Recommended

3.3.2.1 Select Intel® AMT setup and configuration method Recommended

3.3.2.2 Create Intel® AMT Profile Settings Recommended

3.3.2.3 Setup and configure systems Recommended

3.4 Incremental Deployment of Intel® AMT to the entire enterprise Important

3.4.1 Select final Intel® AMT setup and configuration method Important

3.4.2 Modify or Create Intel® AMT Profile Settings Important

3.4.3 Setup and Configure the remaining Intel® AMT clients Important

3.5 Incremental Deployment of Intel® AMT Use Cases to IT Help Desk Recommended

3.5.1 Add first Intel® AMT Use Case to IT Help Desk Recommended

3.5.2 Repeat: Add next Intel® AMT Use Case to IT Help Desk Recommended

4 POST DEPLOYMENT OR STABALIZATION PHASE

4.1 Troubleshoot and resolve post deployment issues Recommended

4.2 Plan for Maintenance Tasks Recommended

5

3 Task Descriptions

3.1 Analysis or Exploration (Phase 1) Intel® vPro™ Technology PCs, Workstations, and Servers include Intel® Active Management Technology (Intel® AMT). Intel AMT provides remote manageability and security features to the other Intel vPro Technology features such as Intel Anit-Theft Technology and Intel Virtualization Technology. The first phase of the deployment of Intel AMT in an enterprise IT environment is an analysis of your IT requirements and an exploration of how Intel AMT can solve your IT problems.

3.1.1 Evaluate Intel® AMT Features and Capabilities WBS 1.1

Notes: Recommended

Task Description: Evaluate Intel® AMT Features and Capabilities

Resource Name: IT Architect

For More Information: http://www.intel.com/vpro

Recommendations: Create a matrix showing the “pain points” for your IT Help desk and the Intel AMT features and capabilities. Evaluate Intel AMT to see how it can solve your problems or add new capabilities.

Notes: Refer to: 5.1 Checklist of Intel® AMT Features and Capabilities

3.1.2 Evaluate Intel® AMT Use Cases WBS 1.2

Notes: Recommended

Task Description: Evaluate Intel® AMT use cases to determine which ones best fit the needs of your IT department and users


For More Information: http://www.intel.com/vPro

Recommendations: Choose a few key use cases that have the highest ROI for your IT department. Focus the deployment on these key use cases. Do not attempt to roll-out all the uses cases at one time across a large enterprise.

Notes: Refer to: 5.2 Checklist of Intel® AMT Use Cases

http://www.intel.com/vpro

http://www.intel.com/vPro

6

3.1.3 Evaluate Intel® AMT-compatible Management Software WBS 1.3

Notes: Recommended

Task Description: Evaluate Intel® AMT-compatible Management Software


For More Information: See: Intel® Core™ vPro™ Processor Family Software Catalog (link)

Recommendations: Select the use case first, then the management software solution. Examine the use cases supported by your existing management software first.

Notes: 1. Multiple management software solutions may be used together. 2. Only management software is shown in the catalog. Intel Setup and Configuration

Service and other Intel tools are not listed. The Intel tools are most often used in a lab environment to demonstrate the capabilities of Intel AMT or to debug a lab setup. The Intel SCS software is used to initially setup and configure the Intel AMT clients and then to perform updates and maintenance.

3. Tools such as Microsoft* PowerShell scripts and Real VNC* Viewer Plus may be used with various management consoles to implement various use cases.

3.1.3.1 Review Intel® Core™ vPro™ Technology Software Catalog WBS 1.3.1

Notes: Recommended Task Description: Review Intel® Core™ vPro™ Technology Software Catalog Resource Name: IT Architect For More Information: See: Intel® Core™ vPro™ Processor Family Software

Catalog (link) Recommendations: Start with the software packages that are already

deployed in your organization and see which Intel AMT features the packages support.

Notes: (None)

http://www.intel.com/content/www/us/en/processors/vpro/vpro-software-catalog-find-your-solution-stack-catalog.html

http://www.intel.com/content/www/us/en/processors/vpro/vpro-software-catalog-find-your-solution-stack-catalog.html

7

3.1.3.2 Review Specific Third-Party Software Packages WBS 1.3.2

Notes: Optional

Task Description: Choose one or more specific third-party software packages to evaluate. The packages should support the Intel AMT use cases that you are interested in. Review the packages in depth.


For More Information: Refer to the third-party software documentation.

Recommendations: Consider combinations of more than one package (for example, Intel SCS with McAfee ePO).

Notes: 1. You may already be using a management software package that supports Intel

AMT. Some software packages require optional modules to support OOB management.

2. If you are also going to use Intel SCS, include “Integration with Intel SCS” as one of your evaluation criteria.

3. Some third party management solutions have integrated setup and configuration solutions (HP and Symantec), or have integrated Intel SCS (Microsoft ConfigMgr, LANDesk, McAfee). You do not need to download Intel SCS separately for these products.

4. Automated integration tools may be available from Intel vPro Expert Center to help with Intel SCS with Microsoft ConfigMgr 2007.

3.1.4 Evaluate Intel® AMT Tools and Solutions WBS 1.4

Notes: Recommended

Task Description: Evaluate Intel® AMT Tools and Solutions


For More Information: Intel vPro Expert Center

Recommendations: Take advantage of the prepackaged solutions created by the experts in Intel AMT.

Notes: 1. The Intel vPro Technology Resource Kit (available in Q2) includes all the Intel

AMT tools typically needed by IT professionals. The kit downloader is available at download.intel.com.

2. Additional tools are available for management software developers at software.intel.com.

8

3.1.4.1 Download and Evaluate Intel® Setup and Configuration Service WBS 1.4.1

Notes: Recommended

Task Description: Download and Evaluate Intel® Setup and Configuration Service


For More Information: Intel SCS Help and Documentation

Recommendations: Intel recommends using Intel SCS for setup and configuration of Intel AMT systems.

Download Intel SCS here: link.

Notes: 1. Intel Setup and Configuration Service is now a supported Intel software

product. See the Intel SCS support page for information on your support options (link).

2. Intel SCS is only used to setup and configure Intel AMT systems—it is not a management console. You must use management software (e.g. a management console or Microsoft* PowerShell module) to take full advantage of the Intel AMT features in a large enterprise IT environment.

3.1.4.2 Download and Evaluate Intel® Solution Reference Designs WBS 1.4.2

Notes: Optional

Task Description: Download and Evaluate Intel® Solution Reference Designs

Resource Name: IT Solutions Architect


Recommendations: Incorporate Intel solution reference designs into your IT Help desk if they are a good fit for your application.

Download the Intel Solution Reference Designs here: link.

Notes: 1. The use case or solution reference designs created by Intel provide IT professionals

with detailed step-by-step instructions for solving real problems in their environments by leveraging Intel vPro technology.

2. Many of the use case reference designs include videos that demonstrate how they work. The code samples are included in the download packages and are all royalty free.

http://www.intel.com/support/vpro/scs/sb/CS-032915.htm

http://www.intel.com/p/en_US/support/highlights/sftwr-prod/scs

http://communities.intel.com/docs/DOC-4080

9

3.1.4.3 Download and Evaluate Intel® vPro™ Technology Module for Microsoft* Windows* PowerShell*

WBS 1.4.3

Notes: Optional

Task Description: Download and Evaluate Intel® vPro™ Technology Module for Microsoft* Windows* PowerShell*

Resource Name: IT Architect, IT Technician

For More Information: Microsoft* PowerShell* documentation; Intel® vPro™ Technology Module for Microsoft* Windows* PowerShell* documentation

Recommendations: Download the Intel® vPro™ Technology Module for Microsoft* Windows* PowerShell*here: link.

Notes: (None)

3.1.4.4 Download and Evaluate Other Intel® Tools WBS 1.4.4

Notes: Optional

Task Description: Download and Evaluate Other Intel® Tools

Resource Name: IT Technician

For More Information: See: Intel vPro Technology Resource Kit

Recommendations: Notes: 1. See also the tools for manageability software developers. These might be useful

for custom solutions.

3.1.5 Perform Return on Investment (ROI) Analysis WBS 1.5

Notes: Optional

Task Description: Perform Return on Investment (ROI) Analysis

Resource Name: Project Management; IT Help Desk Architect

For More Information: ROI tools and case studies on the Intel vPro Expert Center

Recommendations: Collect baseline information before the deployment to measure how Intel AMT has helped your organization reduce costs and increase responsiveness.

Notes: 1. Identify the highest priority use cases for your organization and then perform an

ROI analysis based on that scenario. 2. The Intel vPro Expert Center has about three dozen ROI case studies plus tools you

can use to perform the ROI analysis.


10

3.2 Design or Planning Phase After you have evaluated Intel AMT and the available tools to remotely manage PCs, you are now ready to start planning the deployment.

3.2.1 Collect an Inventory of Intel® AMT Capable Systems WBS 2.1

Notes: Important

Task Description: Collect an Inventory of Intel® AMT Capable Systems


For More Information: See the System Discovery Tools available in the current Intel SCS documentation

Finding Intel AMT Capable Machines in Your Environment (Intel vPro Expert Center Use Case Reference Design)

Recommendations: Use Intel SCS 8 (with the database option) and the System Discovery tool to collect the information into the Intel SCS database.

Notes: 1. The inventory will be used to determine which Intel AMT features are supported on

the PCs in your enterprise. For example, KVM Remote Control only works on PCs with Intel AMT 6.0 or later and integrated graphics.

2. The System Discovery tool in Intel SCS can be used to collect key data about your Intel AMT systems.

3.2.2 Collect Existing Network Infrastructure Information WBS 2.2

Notes: Recommended

Task Description: Collect Existing Network Infrastructure Information


For More Information: See Also: refer to the installation and planning documentation for your management software

Recommendations: Notes: 1. You will need answers to the following questions later in the design phase:

a. Do you require TLS security for remote setup and configuration of Intel AMT?

b. Do you require TLS for management traffic between the management console and the remote client?

c. Are you using Acitve Directory? d. Are you using 802.1x? e. Do your DCHP servers use Option 15? f. What domains and subdomains to you plan to use? g. Do you have 802.11 wireless networking?

11

3.2.3 Select Intel® AMT Use Cases WBS 2.3

Notes: Recommended

Task Description: Select the Intel® AMT Use Cases that have the highest ROI for your IT department

Resource Name: Project Management, IT Help Desk Specialist

For More Information: intel.com/vpro

Recommendations: Chose a limited number of use cases for your initial deployment, then incrementally add new use cases in future deployments. Involve your IT Operations and Help Desk teams at the beginning of the use case selection process.

Notes: 1. Simple, reliable use cases provide the best results in terms of ROI and technology

adoption.

3.2.4 Select Management Software WBS 2.4

Notes: Important

Task Description: Select the management software you want to use with your Intel AMT PCs

Resource Name: Project Management, IT Architect, IT Help Desk Specialists

For More Information: Refer to the software vendor documentation.

Recommendations: This is a major task—take time to consider all the other features of the management software that you will be using and how it fits into your infrastructure.

Notes: 1. This task may involve other considerations besides the compatibility and support

for Intel AMT features. 2. Two or more management software packages may, in some cases, be used

simultaneously with Intel AMT clients.

3.2.5 Establish Intel® AMT Test Lab WBS 2.5

Notes: Recommended

Task Description: Create a lab environment for testing Intel AMT clients with your management software


For More Information: Recommendations: Do not test the setup and configuration process in a

production environment.

12

Notes: 1. Some changes (e.g. Microsoft* Active Directory OU changes) should be tested in a

lab environment before going into your production environment. 2. In a lab environment you can easily pull the CMOS battery to reset the Intel ME to

the factory state and clear the provisioning settings.

3.2.5.1 Create a Lab Environment WBS 2.5.1

Notes: Recommended

Task Description: Create a Lab Environment


For More Information: Recommendations: Notes: (None)

3.2.5.2 Run a Proof of Concept Test in a Lab Environment WBS 2.5.2

Notes: Recommended

Task Description: Run a Proof of Concept Test in a Lab Environment



3.3 Deployment Phase In this phase, you will start to setup and configure the Intel AMT systems in your production environment.

3.3.1 Modify the Network Infrastructure WBS 3.1

Notes: Important

Task Description: Modify the Network Infrastructure


For More Information: Refer to the software management console documentation and the Intel SCS documentation

Recommendations: Preparing the network infrastructure is important for a smooth deployment of Intel AMT.

Notes: (None)

13

3.3.1.1 Set DHCP Option 15 WBS 3.1.1

Notes: Important

Task Description: Set DHCP Option 15


For More Information: Refer to the Windows* Server documentation for setting DHCP options

Recommendations: Notes: 1. This DHCP option is required for the remote management of the clients.

3.3.1.2 Open TCP Ports in Firewall WBS 3.2.1

Notes: Important

Task Description: Open TCP ports in you network firewalls and routers


For More Information: Refer to the documentation for your management software.

Recommendations: Notes: 1. Open one or more of the following TCP ports:

Port Purpose

80 Standard HTTP Port (Intel AMT Web UI)

443 Standard HTTPS Port (Intel AMT Web UI in SSL mode)

5900 KVM Remote Control (non-TLS mode)

9971 Default port used by Intel SCS Console (configurable)

16992 WS-MAN commands in non-TLS mode*

16994 SOL/IDE-Redirection in non-TLS mode*

16993 WS-MAN commands in TLS-PSK or TLS-PKI mode**

16995 SOL/IDE-Redirection and KVM Remote Control in TLS-PSK or TLS-PKI mode**

*16992 and 16994 are used during non-TLS mode and not used at all with TLS

**16993 and 16995 are used during TLS and not used at all with non-TLS

14

3.3.1.3 Create User Accounts and Groups WBS 3.1.3

Notes: Important

Task Description: Create User Accounts and Groups


For More Information: Recommendations: Notes: 1. Intel AMT supports both Digest and Kerberos users. 2. The setup and configuration profile is used to define the access permissions (called

Realms) and credentials (digest user accounts). 3. The Auditor user account should be defined if you are using the Audit Log feature. 4. The management software components might also need updated accounts (for

Intel vPro Technology enabled gateway for Fast Call for Help, Intel SCS database, making changes to Active Directory or requesting access to the Certificate Authority).

3.3.1.4 Modify Microsoft* Active Directory WBS 3.1.4

Notes: Important

Task Description: Modify Microsoft* Active Directory


For More Information: Refer to the documentation provided with your management software.

Recommendations: Follow the directions in the management software documentation. Be careful when extending the schema because you cannot undo the changes.

Notes: (None)

3.3.2 Update BIOS, Firmware, and Drivers on Intel® AMT Computers WBS 3.2

Notes: Recommended

Task Description: Update BIOS, Firmware, and Drivers on Intel® AMT Computers


For More Information: Refer to the support website for the PC manufacturer for the latest BIOS, firmware, and drivers.

Recommendations: Update to the latest versions of the BIOS, Intel ME firmware, and Intel drivers for your PCs

15

Notes: 1. Use the inventory data that you collected to plan the BIOS, firmware, and driver

updates. Sort the data by make of model of PC, then visit the support website for each OEM to determine the latest version of the BIOS, firmware and drivers.

2. Some OEMs release the BIOS, firmware, and drivers as one package while others release them individually. Check with the OEM for the PC.

3.3.2.1 Update System BIOS WBS 3.2.1

Notes: Recommended

Task Description: Update System BIOS to the latest version


For More Information: Refer to your OEM’s support website for information on the latest BIOS releases

Recommendations: Update the PCs with Intel AMT to the latest available System BIOS.

Notes: 1. The OEM for your PCs must provide a System BIOS that supports Intel AMT. Use

the BIOS update tool provided by your OEM. 2. The System BIOS will include the Intel ME BIOS Extensions (MEBX) screens that

allow administrators to locally setup and configure certain Intel AMT features. Not all the Intel AMT settings are configurable from the MEBX.

3. Different OEMs may release different versions of Intel AMT and may, as a consequence, release different BIOS updates to support the Intel AMT releases.

4. If the inventory scan returns a Universally Unique ID (UUID) of all zeros for an Intel AMT client, you must upgrade the BIOS to resolve this issue. Check your OEM’s support website if your PCs has this issue. Each Intel AMT client must have a unique UUID in order to be remotely manageable.

3.3.2.2 Update Intel® Management Engine Firmware WBS 3.2.2

Notes: Important

Task Description: Update Intel® Management Engine Firmware


For More Information: Refer to your OEM’s support website for information on the latest Intel ME firmware releases

Recommendations: Update to the latest Intel ME firmware.

Use the Inventory of Intel AMT systems to plan the upgrades.

Notes: 1. Some non-Intel AMT enabled systems have Intel ME firmware. You do not need to

upgrade these systems as part of this plan (non-Intel AMT capable systems cannot be remotely managed).

2. The OEM for your PC is responsible for releasing the Intel ME firmware. Use your inventory of Intel AMT systems to determine the make, model, and firmware

16

version of each Intel AMT capable PC. Then check the OEM support website to determine the latest available firmware release.

3. The OEM may choose to disable certain features found in other PCs with the same version of Intel AMT firmware. Upgrading to the same major and minor numbers of the firmware version on different PCs will not guarantee that both PCs will have exactly the same support for Intel AMT features. Intel recommends that you test the specific Intel AMT features you are interested in using on a representative sample of the actual PCs in your IT environment.

4. The Intel ME firmware version numbers are tied to each generation of hardware. You cannot upgrade between the major versions shown in the list (for example, from 3.x to 4.x). All major releases of Intel AMT are shown below along with the type of PC platform:

a. Intel AMT 2.0, 2.1, 2.2 Desktop b. Intel AMT 2.5, 2.6 Mobile c. Intel AMT 3.x Desktop d. Intel AMT 4.x Mobile e. Intel AMT 5.x Desktop f. Intel AMT 6.x Mobile, Desktop, Server/Workstation g. Intel AMT 7.x Mobile, Desktop, Server/Workstation

5. Some older firmware versions may include features that are no longer supported by Intel. For example the Intel Remote PC Assist Technology (RPAT) service is no longer available but you may see an option for it in the MEBX.

3.3.2.3 Update Intel® Management Engine Driver Package WBS 3.2.3

Notes: Recommended

Task Description: Update Intel® Management Engine Driver Package


For More Information: Refer to your OEM’s support website for information on the latest Intel ME firmware releases

Recommendations: Update to the latest drivers for your PCs.

Notes: 1. Update Intel Management Interface (Intel MEI) driver, the Local Notification

Service (LNS) driver, and the Serial-Over-LAN (SOL) driver. All the drivers are typically provided in a single package by the OEM.

2. The Intel MEI drivers was formerly called the HECI driver. You might see this term on support sites for older generations of Intel AMT platforms.

17

3.3.3 Pilot the Deployment WBS 3.3

Notes: Recommended

Task Description: Pilot the deployment of Intel AMT with a limited number of Intel AMT clients

Resource Name: Project Management; IT Technician

For More Information: Recommendations: Start with a small number of non-critical clients in the

production environment

Notes: 1. A pilot project provides a “safe zone” for learning how to use and support a new

technology, and helps ensure that the technology fully integrates with the computing infrastructure. When planning pilot projects, expand the team to include infrastructure owners.

2. Do not pilot the deployment on clients that are critical to the enterprise (factory floor PCs or mission critical servers, for just two examples). While the setup and configuration of Intel AMT clients generally will be invisible to users, it is possible with a error in the configuration of network filters, for example, to shut down the network interface and take the wired LAN interface of the PC off the network.

3.3.3.1 Configure the Management Software WBS 3.3.1

Notes: Recommended

Task Description: Configure the Management Software to support out-of-band communication through the Intel ME on the clients


For More Information: Refer to the documentation for the management software.

Recommendations: Notes: (None)

3.3.3.2 Install Intel® SCS in the Production Environment WBS 3.3.1.1

Notes: Recommended

Task Description: Install Intel® SCS in the Production Environment


For More Information: Intel SCS documentation

Recommendations: Install the latest version of Intel SCS except when your management software has an integrated solution.

Notes: 1. Intel SCS is the preferred setup and configuration software solution for Intel AMT

clients. However, some management software solutions currently have older

18

versions of Intel SCS or a proprietary solution integrated into the management software. Consult your management software documentation for details.

3.3.3.2.1 Verify Correct Versions of Windows* and .NET Framework WBS 3.3.1.1.1

Notes: Recommended

Task Description: Verify Correct Versions of Windows* and .NET Framework


For More Information: Intel SCS documentation Recommendations: Notes: 1. Check the Intel SCS documentation for the latest list of supported operating

systems and Microsoft* .NET Framework versions.

3.3.3.2.2 Install Intel® SCS Components WBS 3.3.1.1.2

Notes: Recommended

Task Description: Install Intel® SCS Components



Recommendations: Install the latest version of Intel SCS except when your management software has an integrated solution.

Notes: 1. Check the Intel vPro Expert Center for automated integration tools or

documentation on integrating Intel SCS with Microsoft* ConfigMgr 2007 and other third party management software.

3.3.3.3 Install and Configure Third Party Management Software WBS 3.3.1.2

Notes: Recommended

Task Description: Install and Configure Third Party Management Software



19

3.3.3.3.1 Install Updates or OOB Extensions to Existing Management Software

WBS 3.3.1.2.1

Notes: Important

Task Description: Install Updates or OOB Extensions to Existing Management Software



3.3.3.3.2 Install RealVNC* Viewer (or Similar) for KVM Remote Control WBS 3.3.1.2.2

Notes: Optional

Task Description: Install RealVNC* Viewer or similar viewer for KVM Remote Control


For More Information: Real VNC documentation

Recommendations: Install Real VNC Viewer Plus (or similar) viewer on your management console to support KVM Remote Control.

Notes: 1. Intel AMT 6.0 and later PCs, when combined with Intel Core vPro Processors with

integrated graphics, provide the KVM remote control capability using the wired LAN connection. No other hardware is required.

2. The Real VNC Viewer Plus supports KVM Remote Control, power control, and IDER. 3. Real VNC Viewer can be configured to use TLS security. 4. Refer to the Intel SCS documentation for information on the KVM Remote Control

profile settings.

3.3.3.3.3 Install Intel® vPro™ Enabled Gateway Software for Fast Call for Help

WBS 3.3.1.2.3

Notes: Optional

Task Description: (Required only for Fast Call for Help) Install Intel® vPro™ Enabled Gateway for Fast Call for Help


For More Information: Refer to the third party documentation

Recommendations:

Notes: 1. Some management consoles have the Intel vPro enabled gateway integrated into

their solutions. Check with your management console documentation for details.

20

3.3.3.3.4 Purchase and Install Certificates for Setup and Configuration with TLS

WBS 3.3.1.3

Notes: Optional

Task Description: Purchase and install certificates for setup and configuration with TLS

Resource Name: IT technician


Recommendations: Select the certificate vendor that has a built-in hash in the Intel AMT firmware for the versions of Intel AMT that you want to use the certificate with. A list of supported vendors by Intel AMT version is posted on the Intel vPro Expert Center.

Investigate the various certificate options before purchasing the certificate.

Notes: 1. This task is only required for remote setup and configuration using TLS-PKI using

third-party certificate authorities. 2. Subtasks:

a. Choose certificate vendor b. Create certificate signing request (CSR) c. Submit the CSR with the certificate vendor d. Install the certificate on the provisioning server

3. The certificate parameters must be set to identify the certificate as a setup and configuration certificate. Check with the certificate vendor for specific instructions.

4. Intel AMT clients have several certificate hashes included in the firmware. Check the certificate documentation on the Intel vPro Expert Center for details.

3.3.3.4 Setup and Configure the Intel® AMT Clients WBS 3.3.2

Notes: Recommended

Task Description: Setup and Configure the Intel® AMT clients in the pilot deployment




21

3.3.3.4.1 Select Intel® AMT Setup and Configuration Method WBS 3.3.2.1

Notes: Recommended

Task Description: Select Intel® AMT Setup and Configuration Method



Recommendations: Use Host Based Configuration whenever possible.

Notes: 1. For a large enterprise, you have two methods to choose from: remote

configuration or host-based configuration. 2. Remote configuration will allow you the most flexibility for configuration and

security settings, such as being able to disable user consent requirements. Host-based configuration has fewer steps and requirements, but requires user consent for KVM remote control and boot redirection.

3.3.3.4.2 Create Intel® AMT Profile Settings WBS 3.3.2.2

Notes: Recommended

Task Description: Create Intel® AMT Profile Settings




3.3.3.4.3 Setup and Configure Systems WBS 3.3.2.3

Notes: Recommended

Task Description: Setup and Configure Systems



Recommendations: Ensure that you understand the impact of the various configuration options have. Consult the Intel SCS documentation for specific details.

Notes: (None)

22

3.3.4 Setup and Configure Intel® AMT in the Entire Enterprise WBS 3.4

Notes: Important

Task Description: Setup and Configure Intel® AMT in the Entire Enterprise


For More Information: Recommendations: Use an incremental deployment approach.

Notes: 1. It is important to start small and ramp up you numbers when provisioning Intel

vPro clients. If you run into a configuration problem you want to be able to address it with a manageable number of clients.

3.3.4.1 Select Intel® AMT setup and configuration method WBS 3.4.1

Notes: Important

Task Description: Select Intel® AMT setup and configuration method



3.3.4.2 Create or Update Intel® AMT Profile Settings WBS 3.4.2

Notes: Important

Task Description: Create or Update Intel® AMT Profile Settings



3.3.4.3 Setup and Configure Intel® AMT Clients WBS 3.4.3

Notes: Important

Task Description: Setup and Configure Intel® AMT Clients


For More Information: Recommendations:

23

Notes: 1. Using an incremental approach to deployment will ensure that the Intel SCS

Remote Configuration Service (RCS) or other provisioning server is not overloaded with too many requests. The throughput capacity of the RCS is stated in the Intel SCS documentation.

2. You do not need to shut down, reboot, or otherwise interrupt the user when you setup and configure Intel AMT systems remotely. You might, however, need to ask the user for permission if you use Host Based provisioning in Client Control mode. Local configuration using a USB key will require a deskside visit from the IT Technician and a reboot.

3.3.5 Deploy Intel® AMT Use Cases to IT Help Desk WBS 3.5

Notes: Recommended

Task Description: Deploy Intel® AMT Use Cases to IT Help Desk


For More Information: Recommendations: Use an incremental approach.

Notes: (None)

3.3.5.1 Add Intel® AMT Use Case to IT Help Desk WBS 3.5.1

Notes: Recommended

Task Description: Add Intel® AMT Use Case to IT Help Desk



3.3.5.2 Perform Acceptance Testing to Verify Intel® AMT Use Cases WBS 3.5.2

Notes: Recommended

Task Description: Perform Acceptance Testing to Verify Intel® AMT Use Cases



24

3.4 Post Deployment Stabilization Phase The final phase of the project is typically a stabilization phase. The purpose of this phase is to ensure that your Intel AMT capable PCs are setup and configured properly and that your IT help desk can use the selected Intel AMT use cases.

3.4.1 Troubleshoot and Resolve Post Deployment Issues WBS 4.1

Notes: Recommended

Task Description: Troubleshoot and Resolve Post Deployment Issues


For More Information: Intel vPro Expert Center Recommendations: Notes: (None)

3.4.2 Plan for Maintenance Tasks WBS 4.2

Notes: Recommended

Task Description: Plan for post-deployment maintenance tasks.


For More Information: Intel vPro Expert Center and the Intel SCS documentation Recommendations: Notes: 1. Change user passwords periodically. 2. Renew TLS Setup and Configuration certificates before they expire to allow you to

setup and configure new PCs, or modify existing PCs using TLS. 3. Check for updates to the BIOS, firmware and drivers.

25

4 What’s Next?

After you have deployed Intel AMT PCs, what’s next? You might need to plan on doing one or more of the following tasks that involve the Intel AMT setup and configuration settings:

• Add new PCs • Decommission older PCs • Upgrade older PCs with new hard drives • Update the BIOS, firmware, and drivers • Renew TLS Setup and Configuration certificates (if TLS is used) • Update user accounts • Add a “delta” profile to add or remove Intel AMT settings • Change Intel ME passwords • Review the audit log (if used) • Change the network filtering settings (if used) • Merge in new PCs from another domain or from an acquisition • Move PCs into a new corporation

26

5 Work Aids for Planning and Analysis

The following checklists will help you organize and plan the analysis and deployment tasks.

5.1 Checklist of Intel® AMT Features and Capabilities Intel AMT Features:

The Intel AMT firmware runs on a separate processor (the Intel® Management Engine) that is independent of the main processor and operating system

The network solution provides network communications on the wired network between the Intel® Management Engine (Intel® ME) and the remote management console that bypasses the operating system

Supports secure TLS communications between the Intel® ME and the remote management console

Supports remote setup and configuration with secure TLS communications to the remote configuration server

Supports wireless 802.11 networking Supports 802.1x End Point Access Control Supports Kerberos or Digest authentication for network access to the Intel®

ME with each user account limited to selected realms Supports remote management of PCs over VPNs and outside of your

corporate firewall One-click call for help from client PCs (inside or outside your network) Built-in “alarm clock” that is independent of the operating system Redirection of the serial console output for remote access to the System BIOS

over low bandwidth networks or for clients without KVM Remote Control Users consent control for remote access Remote Alert enables desktops and notebooks outside the firewall to be

protected and repaired just as if they were inside the firewall. Remote Scheduled Maintenance enables off-hours patch updates for desktops

and notebooks outside the firewall. Previously, scheduled updates were difficult to impossible for systems outside the firewall or for systems managed by Service Providers (SPs) or Managed Service Providers (MSPs).

Fast Call for Help enables users to quickly connect to the management console whether inside or outside the firewall (after configured and setup) to get help fast through normal Intel® vPro™ technology remote management capabilities. Most OEMs are implementing a Hot Key combination to trigger the call back home and then an "opt-in" (IT configurable privacy measure) acceptance to establish the connection.

Remotely accessible log files Special “auditor” role to control erasing log files SNMP alerts from the Intel ME

Intel® AMT Capabilities:

Remote power control (with or without using Transport Layer Security or TLS) KVM Remote Control

27

Limiting malware outbreaks by automatically shutting down the network interface

Remote hardware and software inventory Remote booting using IDE redirection Scripting of IT help desk solutions using Microsoft* PowerShell

5.2 Checklist of Intel® AMT Use Cases Hardware-based KVM remote control Serial Over LAN remote control Remote boot redirection Fast Call for Help Remote power control Remote encryption management Remote scheduled maintenance Management over Wi-Fi Hardware and software inventory Audit logs License management Network filters End point access control Software agent presence

5.3 Checklist of Management Software Supporting Intel® AMT IBM Tivoli Endpoint Manager BMC BladeLogic Client Automation Big Fix Unified Management Platform Brainware Columbus CA IT Client Manager Checkpoint Intel® vPro™ Enabled Gateway Dell Remote Monitoring Dell ProManage Fractalia Manager GeneralSoft SmartConfig HP Software Client Automation Kaseya IT Automation Framework LANDesk Management Suite Level Platforms Managed Workplace McAfee ePO Microsoft System Center Configuration Manager Microsoft System Center Service Manager N-Able N-central Novell Real VNC Viewer Plus Secuware SOS Secure Operating System Softex SoftLumos CIPMS SpiceWorks IT Desktop StarSoftComm CooCare Enterprise

28

Symantec Altiris Client Management Suite VRV Enterprise Desktop Planning Wave

**Note: Refer to the Intel® Core™ vPro™ Processor Family Software Catalog for the latest list. Some software may only be available in certain geographical regions.

5.4 Checklist of Intel® Use Case Reference Designs and Intel® Solution Reference Designs for Intel® AMT

McAfee Fix

Fix for McAfee .DAT File

Microsoft Products

Host Based Configuration Automatic Remote Firmware Update Automatic Remote Windows 7 Migration Automatic Overnight Patching with Config Mgr Extra Configuration for Intel AMT Windows PowerShell Module for Intel vPro Technology Use VNC Viewer Plus with ConfigMgr

Symantec Altiris

Automatic Overnight Patching with Altiris

LANDesk

Automatic Overnight Patching with LANDesk

Help Desk

Green Power Management Instant Back to Work Easy Reimage Remote Drive Mounting Remote Drive Erase Enhanced Remote Repair with Microsoft* Windows* PE Enhanced Remote Repair with WinRE Use MSDaRT with Intel® vPro™ Technology EZ Help Desk Console Extender EZ Help Desk Permissions Manager Out-of -Box Configuration for KVM Remote Control Enhanced Remote Repair with Drive Sharing Enhanced Remote Repair - Virus Scan Enhanced Remote Repair - Kernel Dump Analysis Enhanced Remote Repair - Registry Edits Enhanced Remote Repair - Outlook Web Access Faster Booting over IDER Trigger a Recovery OS Remotely Remote ISO Launcher (RIL) Help Desk Console for Non-TLS Environments Update BIOS on Type 1 Hypervisor Reimage OS with SOL/IDER and WinPE Find Intel AMT Capable Machines

29

Outlook Web Access with Imaging Use FCFH to ID a Help Desk Caller's PC.

Small Business

Local Setup and Configuration Using a USB Flash Drive

Android* Apps

Intel vPro Power Control App

**Note: refer to the Intel vPro Expert Center for the latest list (link).

5.5 Checklist of Cmdlets in Intel® vPro™ Technology Module for Microsoft* Windows* PowerShell*

For version 3.2:

Invoke-AMTPowerManagement Invoke-AMTForceBoot Invoke-AMTSOL Set-AMTAlarmClock Get-AMTAlarmClock Set-AMTSystemDefense Clear-AMTSystemDefense Set-AMT3PDS Get-AMT3PDS Clear-AMT3PDS Invoke-AMGUI Get-AMTIDER Start-AMTIDER Stop-AMTIDER Get-AMTAccessMonitor Get-AMTEventLog Get-AMTFirmwareVersion Get-AMTHardwareAsset Get-AMTPowerState


30

6 Resources

Intel® vPro™ Expert Center (link)

Intel® vPro™ Developer Community (link)

2nd Generation Intel® Core™ vPro™ Processors (www.intel.com/vpro)

Intel® Core™ vPro™ Processor Family Software Catalog (link)

http://communities.intel.com/community/openportit/vproexpert

http://software.intel.com/en-us/vpro/

http://www.intel.com/vpro

http://www.intelsalestraining.com/vprosoftwareguide/content.htm

31

7 Glossary of Terms

802.1x See: End Point Access Control (EAC)

DASH DASH (Desktop and Mobile Architecture for System Hardware) is a Desktop Management Task Force (DMTF) standard. DASH 1.0 and 1.1 are supported by Intel AMT.

DHCP Dynamic Host Configuration Protocol

DNS Domain Name Service

End Point Access Control (EAC)

Endpoint Access Control (Cisco SDN* and Microsoft NAP*) EAC networks can (with 802.1x) verify that the PC who's attempting to access the network has the authority to do so and can also (with Cisco Self Defending Network* or Microsoft NAP*) verify the "posture" of the PC. The PC's posture includes information about the virus software it's running, the operating service packs installed, etc. If a PC can't authenticate itself or cannot assert its posture to the network, it is not allowed onto the network.

Intel® vPro™ technology is not unique in providing support for Cisco SDN and Microsoft NAP. However, with Intel vPro technology you can exchange authentication and posture information on both Cisco SDN and Microsoft NAP networks even if the OS will not boot, allowing EAC even when the OS or a software agent is not present. This enables more secure management and maintenance of PCs even when the OS is frozen or the machine will not boot.

HECI driver Intel Host Embedded Controller Interface (HECI) driver is now called the Intel Management Engine Interface (Intel MEI) driver.

IDER IDE Redirection will redirect the remote PC to use a virtual IDE device. This allows IT to boot the system to images anywhere on the network.

Intel LMS Intel Local Management Service

KVM Remote Control Keyboard, Video, and Mouse redirection over the network. Hardware based remote control allowing IT to manage the remote computer regardless of its OS or power state. This allows remote control of the PC with full video support on Intel AMT PCs with this feature enabled.

OOB Out-of-band means that the Intel ME can communicate to the management console over the wired network even if the power is off or the operating system has crashed.

PKI Private Key Infrastructure. Refers to TLS security provided by a Certificate Authority in the chain of trust.

PSK Pre-shared Key. Refers to TLS security provided by a key pair generated by the remote configuration service for the purpose of remotely configuring the Intel AMT client. Part of the key pair must be installed on the Intel AMT client.

RCS Intel® SCS Remote Configuration Service

Setup and Configuration

Setup and Configuration is the process by which Intel® vPro™ technology features are made available to management applications.

SOL Serial-Over-LAN exposes a virtual Serial port to IT, allowing I/O

32

communication to the remote computer (send and receive text and remote control capabilities).

TLS Transport Layer Security protocol

User Consent In Intel AMT, the end user must consent to KVM Remote Control, SOL, and IDER (Intel AMT version 6 and later). They must also consent to setup and configuration (in client control mode, Intel AMT 6.2 and later).

WS-MAN Web Services Manageability Protocol. This is a Desktop Management Task Force (DMTF). WS-MAN is the Web Services-based communications protocol which supports DASH. DASH represents a set of profiles (feature interfaces and usages) based on Common Information Model (CIM) schema. (See also: DASH)

it project planning guide for intel(r) amt project planning...it project planning guide for ... 2 it...

Documents