search

HP EliteDesk 800 G1 Base Model Small Form Factor PC User Manual Page 31

  • Download
  • Add to my manuals
  • Print
  • Page
    / 43
  • Table of contents
  • BOOKMARKS
    • Rated. / 5. Based on customer reviews
Page view 30
31
Since the Intel AMT system is already running an OS, provisioning can take place at any time. The local agent contacts the
SCS, which responds by telling the Intel AMT system to provide a one-time password (OTP).
9
Once a TLS connection has
been established, the SCS can begin provisioning the Intel AMT system.
The OTP is created and encrypted by the ME and is then sent to the SCS.
Delayed network access
TLS-PKI provisioning utilizes delayed network access; that is, provisioning does not commence as soon as the Intel AMT
system is first powered up. In this implementation, provisioning can be initiated after an OS has been installed and a local
agent has been pushed over the network to the Intel AMT system.
In this implementation, remote provisioning begins when the SCS is able to communicate with the ME through the Intel Host
Embedded Controller Interface (HECI) driver, which requires a functional OS and agent to be installed on the Intel AMT
system.
Note
Consult the management console ISV for more information on OS agents that provide delayed remote provisioning support.
Enabling TLS-PKI provisioning
For information on enabling TLS-PKI provisioning on an Intel AMT system, refer to Enabling TLS-PKI or TLS-PSK.
Setting the remote configuration timeout
HP EliteDesk 800 G1 Business PCs are shipped with a Remote Configuration Timer that is set to 0, which effectively disables
“hello” message broadcasting. Enabling the ME to broadcast “hello” messages requires the use of an Intel local agent.
Note
The remote configuration timeout was omitted from subsequent HP Compaq Elite 8x00 and EliteDesk 800 Business PCs.
Note
Consult the management console ISV for more information on delayed remote configuration timeouts.
The local agent typically configures ME to broadcast “hello” messages for six hours while the ME is active and the system is
connected to a network. If there no response from an SCS within the timeout period, the network interface that is sending
out “hello messages” is disabled. It can be re-enabled by one of the following methods:
Re-initiating provisioning via the local agent
Partial unprovisioning through the MEBx (for more information, refer to Unprovisioning an Intel AMT system
Prerequisites and caveats for TLS-PKI
TLS-PKI provisioning requires the following prerequisites to be met:
The OS must be present on the Intel AMT system.
Both the Intel AMT system and SCS must be on a DHCP server. The SCS must either be named Provisionserver or must
have an alias in DNS and be on the same domain as the Intel AMT system.
The Intel AMT system must have at least one pre-programmed active root certificate hash.
9
A one-time password is not required with PSK.
Page view 30
1 2 ... 26 27 28 29 30 31 32 33 34 35 36 ... 42 43

Comments to this Manuals

No comments
  • Amba-towel-warmers RSI W&T Deltafan EMIX
  • Cisco Network transceiver modules Leatherman Unknown Amphony Headphones Remington Precision trimmers Sony Digital media players
  • Samsung YP-R1AB Samsung 913BM Memorex MX3905 Samsung GT-E1055T Kyoritsu 2033
  • Harman-kardon DVD-29 User Manual Samsung BD-H6500 User Manual Samsung B2430H User Manual Mira SHOWER FITTINGS User's Guide HP DreamColor Z24x Display User Manual