Intel® vPro™ and Intel® Centrino® Pro Processor Technology Quick Start Guide
10
Step 4: Configure Intel vPro Client Authentication Settings
In Enterprise mode, configuring the authentication settings on the Intel vPro clients can be performed in
either of the following three ways:
•
Remote Configuration (Intel AMT 3.0 or higher) – Step 4A below
•
OEM pre-configuration – Step 4B below
•
One-touch configuration (using a USB thumb drive or manual entry) – Step 4C below
Step 4A: Remote Configuration (Intel AMT 3.0 or higher) – Factory State to Configured
State
Remote Configuration uses matching certificate hashes on the Intel vPro clients and the provisioning
server to authenticate interaction between the clients and the server. Once the client and server
authenticate each other (i.e., the certificate hashes match), the provisioning server automatically
begins provisioning the client.
With Remote Configuration, you have two choices:
•
Use your own root certificate, if you already have one
•
Use one of the certificate hashes provided with Intel vPro (i.e., already on the client systems)
Using your own root certificate: If you already have a root certificate on your SCS server, then you
need to do one of the following:
•
instruct your Intel vPro client manufacturer (OEM) to place a matching certificate hash on each
Intel vPro client during manufacture
•
manually enter the matching certificate hash using the Intel MEBX on each Intel vPro client
before deployment
If you instruct your OEM to load the certificate hashes onto your Intel vPro clients, the clients will
already have a certificate hash that matches the existing root certificate on your provisioning server
when they arrive. This will allow Intel vPro clients to establish a secure communication channel to
exchange the certificate information to ensure the authenticity of the Intel vPro clients. But the
provisioning process still depends on the Intel vPro Technology Activator to initiate the process.
The Intel® vPro™ Technology Activator Utility is the next generation of the Remote Configuration tool.
A Windows executable that runs locally on an Intel AMT enabled platform, the Activator does the
following:
•
Simplify the process of configuring the Intel vPro systems via Intel SCS
•
Facilitate initial Intel AMT configuration or policy change
•
Address the following scenarios:
o
Intel vPro failure to find the Setup and Configuration server in the network
o
Expiration of Intel vPro 'hello' messages
•
The configuration server must get the parameters necessary to start the Intel vPro configuration
process