Final integration of the two consoles is up to the IT shop that deploys both solutions, but there are certain assumptions made about the final deployment environment (see References for recommendations to IT shops on configuration options with multiple applications).
Assumptions:
1. Both the Manageability and Security ISV consoles can reach all of the Intel® AMT systems.
2. If the Intel AMT systems are configured to use TLS (which is recommended), both consoles (and the Intel AMT systems) are in the same root domain (for example *.intel.com)
3. In the actual deployment, one ISV will be responsible for provisioning the Intel® AMT systems, and will create a user for the other ISV on the Intel AMT systems. The more likely deployment model is that the Manageability ISV would own provisioning Intel AMT systems, but both ISV’s should be prepared to work in either case.
4. The Intel AMT user account that the Security ISV for unlocking drives will have access to the Remote Control and Redirection Realms.
There are also certain use models that are recommended:
1. TLS (Server TLS or Mutual TLS) is recommended instead of unencrypted traffic.
2. Kerberos is recommended instead of digest authentication. Using Kerberos makes it easier to grant permissions to both ISV’s in an enterprise environment.
|
Copyright © 2006-2012, Intel Corporation. All rights reserved. |