A Setup and Configuration Application (SCA) is required to prepare an Intel AMT platform for remote access. The SCA activity must be performed when the SCA and the Intel AMT platform are on the same intranet. For a SCA to enable Remote Access, it must perform the following:
• Enable environment detection, including with it a list of domain suffixes that define the locations that are “inside the enterprise”. When a trigger occurs, if the Intel AMT device detects that it is outside the enterprise, it will connect to the MPS. Otherwise, Intel AMT sends a local alert directly to its subscriber and does not attempt to connect to an MPS. See Environment Detection
• If there is a policy with a user-initiated trigger, enable either initiation using an application running on the host (IMSS), or via the MEBx/BIOS, or both.
The SCA adds necessary certificates, adds MPS information and remote access policies, and then enables remote access.
The CIRA Fast Call for Help event will be generated by the MPS.
The Intel AMT device requires a trusted root certificate at a minimum and a client certificate if TLS with mutual authentication will be used.
• Trusted root certificate: Used to authenticate the server certificate sent by the tunneling proxy when setting up the TLS tunnel.
• Client Certificate: Sent by the Intel AMT device when mutual authentication is used. The tunneling proxy must have a trusted root certificate corresponding to this certificate.
The following parameters tell the Intel AMT device how to connect to an MPS:
• Address and port where the tunneling proxy listens for Intel AMT connection requests.
• The address is either an IP address or FQDN
• If an IP address is provided, then a Common Name (CN) for the MPS must be provided.
• Intel AMT uses either the CN provided with an IP address or the FQDN to validate the server certificate sent by the MPS.
• A pointer to a trusted root certificate used for TLS authentication of the MPS.
• Either a pointer to a client certificate used for TLS mutual authentication or a user name/password pair used by the MPS for authentication.
Copyright © 2006-2022, Intel Corporation. All rights reserved.