Manualshelf

Intel vPro Processor Technology Setup and Configuration for the HP 8200 Business PC

ManualsBrandsHP ManualsDesktopsHP Compaq 8200 Elite Microtower PC
31323334353637383940
35
Remote Configuration (RCFG)
Remote Configuration (RCFG) is the ability to use a single OEM image to provision
systems securely without the need to manually modify AMT options. RCFG uses a
Public Key Infrastructure with Certificate Hashes (PKI-CH) protocol to maintain
security. A DHCP environment is required.
RCFG relies on several new AMT features:
Embedded Hash Root Certificates
Self Signed Certificate
One-Time Password
Delayed network access
One or more hash root certificates are embedded into the AMT FW. These
certificates are integrated into the Hello messages sent by the AMT system to the
SCS. The SCS must have compatible certificates to authenticate the AMT system.
A self signed certificate can be generated to create a secure connection between
the AMT system and the SCS. This certificate is used for encryption, not
authentication. The SCS will use the public key from the self signed certificate to
encrypt the session key it generates and sends it to the AMT system. The AMT
system can decrypt SCS session key with its private key.
The One-Time Password (OTP) is created during provisioning and is used to improve
security. This password is used with the remote console to initiate RCFG and is sent
to both the AMT system and the SCS.
The network interface used to send Hello messages is functional for a limited
amount of time once remote configuration has been activated which is known as
delayed remote provisioning.
Delayed as the name implies refers to remote configuration at a later time when an
OS has been installed on the AMT system. In this implementation, Setup and
Configuration is started when a remote console application initiates the process by
communicating with the ME through the HECI driver. This requires a functional OS
and agent to be installed on the AMT system. OTP authentication can be used, it is
optional. The remote console provides the OTP to the AMT system and to the SCS.
Consult your ISV management console provider for details on OS agents for
Delayed remote configuration support.
Remote Configuration Timeouts in HP Systems
The HP Compaq 8200 Elite Business PCs are shipped out of the factory with the
Remote Configuration Timer set to 0 (no Hello message broadcasting). In order to
enable ME to broadcast Hello messages, an Intel Activator local agent must be
used.
The Activator local agent will typically set ME to broadcast Hello messages for 6
hours when the ME is active and the system is connected to a network. Consult
your ISV management console provider for exact details concerning delay remote
configuration timeouts.
If no SCS responds to the Hello messages within the timeout period, then the
network interface that sends out the Hello messages will be disabled.