Introduction

The solution architecture includes the management of Self-Encrypting Drive (SED) solutions such as Seagate* Secure* drives, Opal* devices and software encryption solutions.  This section is meant to be a reference for development as well as to provide a central authoritative view of the Remote Encryption Management high-level architecture.

Assumptions and Dependencies

   No Intel AMT firmware changes are necessary to implement the solution flows in this section.

   Pre-Boot Authentication (PBA) enablement is necessary in order to execute software encryption flows.

Terminology

Term

Description

ATA

http://en.wikipedia.org/wiki/Advanced_Technology_Attachment

SED

Self-Encrypting Drive (HW Encrypted drives)

FW

Firmware

IDE-R

IDE Redirection. Capability that allows for remote boot of an Intel® AMT client off a remote CD or Floppy image.

ISO

Image file with ATA-over-LAN Bridge Application

ISV

Independent Software Vendor

LBA

Logical Block on a storage device (Logical Block Addressing)

Opal*

https://www.trustedcomputinggroup.org/specs/Storage/Opal_SSC_1.0_rev1.0-Final.pdf

PBA

Pre-Boot Authentication

SATA

http://en.wikipedia.org/wiki/Serial_ATA

SD

Storage Device

SOL

Serial Over LAN. Capability that allows TCP to be redirected to a client based virtual serial port. Available with Intel AMT.

SW

Software

T13* Secure ATA

http://www.t13.org/Documents/UploadedDocuments/docs2009/d2015r1-ATAATAPI_Command_Set_-_2_ACS-2.pdf

TCG*

https://www.trustedcomputinggroup.org/groups/storage/

WS-MAN

WS-Management. Web Services for Management

http://www.dmtf.org/standards/wsman/

Copyright © 2006-2013, Intel Corporation. All rights reserved.