background image

Intel® vPro™ and Intel® Centrino® Pro Processor Technology Quick Start Guide 

10 

 

Step 4:  Configure Intel vPro Client Authentication Settings  

In Enterprise mode, configuring the authentication settings on the Intel vPro clients can be performed in 
either of the following three ways: 

 

Remote Configuration (Intel AMT 3.0 or higher) – Step 4A below 

 

OEM pre-configuration – Step 4B below 

 

One-touch configuration (using a USB thumb drive or manual entry) – Step 4C below 

 

Step 4A:  Remote Configuration (Intel AMT 3.0 or higher) – Factory State to Configured 
State 

Remote Configuration uses matching certificate hashes on the Intel vPro clients and the provisioning 
server to authenticate interaction between the clients and the server.  Once the client and server 
authenticate each other (i.e., the certificate hashes match), the provisioning server automatically 
begins provisioning the client. 

With Remote Configuration, you have two choices: 

 

Use your own root certificate, if you already have one 

 

Use one of the certificate hashes provided with Intel vPro (i.e., already on the client systems) 

Using your own root certificate: If you already have a root certificate on your SCS server, then you 
need to do one of the following: 

 

instruct your Intel vPro client manufacturer (OEM) to place a matching certificate hash on each 
Intel vPro client during manufacture 

 

manually enter the matching certificate hash using the Intel MEBX on each Intel vPro client 
before deployment 

If you instruct your OEM to load the certificate hashes onto your Intel vPro clients, the clients will 
already have a certificate hash that matches the existing root certificate on your provisioning server 
when they arrive.  This will allow Intel vPro clients to establish a secure communication channel to 
exchange the certificate information to ensure the authenticity of the Intel vPro clients. But the 
provisioning process still depends on the Intel vPro Technology Activator to initiate the process.  

The Intel® vPro™ Technology Activator Utility is the next generation of the Remote Configuration tool. 
A Windows executable that runs locally on an Intel AMT enabled platform, the Activator does the 
following: 

 

Simplify the process of configuring the Intel vPro systems via Intel SCS 

 

Facilitate initial Intel AMT configuration or policy change 

 

Address the following scenarios:  

o

 

Intel vPro failure to find the Setup and Configuration server in the network  

o

 

Expiration of Intel vPro 'hello' messages  

 

The configuration server must get the parameters necessary to start the Intel vPro configuration 
process  

Summary of Contents for Centrino2 vPro

Page 1: ...o Technology Intel Core 2 Processor with vPro Technology Intel vPro and Intel Centrino Pro Processor Technology Quick Start Guide Based on Intel Active Management Technology and HP Out of Band Manager...

Page 2: ...etup and Configuration Flow 6 Step 1 Configure Existing IT Infrastructure 7 Step 2 Verify Intel vPro Client Windows Drivers 8 Step 3 Install Intel SCS and HP OOBM Management Console 9 Step 4 Configure...

Page 3: ...anual Intended Audience This Quick Start Guide is intended for Information Technology IT professionals system integrators and other technical specialists with experience deploying computer systems and...

Page 4: ...t Console Installation specifies system requirements and tells you how to install configure and start the OOB Management Console Configure your management console to manage Intel vPro clients Discover...

Page 5: ...ntel vPro Using Enterprise Standard Mode Provisioning Process Flowchart The following picture shows the overall process flow for provisioning Intel vPro client systems in Enterprise Standard and Advan...

Page 6: ...ovisioning Provisioning Factory State An Intel vPro machine comes from the OEM in Factory State In this state Intel AMT is un configured and not available for use by management applications When an op...

Page 7: ...server with its network address information The DHCP server must support Option 81 to register network address information into the DNS server on behalf of the Intel ME Option 15 should also be enabl...

Page 8: ...with Microsoft Windows operating systems including Windows 2000 Windows XP and Windows Vista are required on the Intel vPro client platform Obtain these drivers from your client system manufacturer s...

Page 9: ...fter the SCS and OOBMC are installed a vPro profile needs to be created A profile allows configuration of multiple Intel AMT platforms with certain configuration properties A profile defines the secur...

Page 10: ...do one of the following instruct your Intel vPro client manufacturer OEM to place a matching certificate hash on each Intel vPro client during manufacture manually enter the matching certificate hash...

Page 11: ...ties intel com docs DOC 1916 Once the pending certificate request has been completed with the CER file provided the target website used for this process has been assigned the issued certificate In add...

Page 12: ...in a Configured state ready to be discovered and managed by the management console Skip to Step 5 Discover Intel vPro Clients through the Management Console on page 15 Step 4C One Touch Configuration...

Page 13: ...erated Each record consists of an 8 byte PID a 32 byte PPS and the administrator s password Step 4C 3 Configure Intel vPro Clients Using a USB Thumb Drive In this method the new password and the PID P...

Page 14: ...ired includes Change Intel MEBX password change from factory default The default password is admin The new ME password must meet strong password criteria which include Be between 8 and 32 characters l...

Page 15: ...o systems a If the Intel vPro system is provisioned with the remote configuration method described in the 4A the system status will transition from unprovisioned to provision state automatically using...

Page 16: ...ll of the provisioned OOB devices on your network Remote Boot Manager Power On Off o Remote Boot Manager using Console Redirection Serial over LAN SOL and IDE Redirection For further information on te...

Page 17: ...ou will want to update the process to re image a PC that has blue screened at a remote site using the new Intel AMT features now available in your management console Using Agent Presence AP Agent Pres...

Page 18: ...the Kill All NICs policy when SD is triggered Once the machine is remediated the Kill All NICs policy is removed and the previous policy is re applied The administrator must manually perform the actu...

Page 19: ...he console log The messages actually displayed will be based on the filter selection on the Log page There is a table lists the possible messages causes and a suggested action to remedy the situation...

Page 20: ...Pro Processor Technology Intel processor technology that provides a higher level of security and management to desktop computers ISV Independent Software Vendor LMS Local Management Service driver Pro...

Page 21: ...Intel vPro and Intel Centrino Pro Processor Technology Quick Start Guide...

Page 22: ...IN CONNECTION WITH INTEL PRODUCTS NO LICENSE EXPRESS OR IMPLIED BY ESTOPPEL OR OTHERWISE TO ANY INTELLECTUAL PROPERTY RIGHTS IS GRANTED BY THIS DOCUMENT EXCEPT AS PROVIDED IN INTEL S TERMS AND CONDIT...

Reviews: