Intel Confidential Slide 1 Intel vPro Provisioning Process with Microsoft System Center Configuration Manager SP1 These process flows focus on Advanced.

Slides:

Advertisements

Similar presentations

What’s New in Windows Server 2008 AD?

Advertisements

Enabling Secure Internet Access with ISA Server

Chapter Five Users, Groups, Profiles, and Policies.

DSL-2730B, DSL-2740B, DSL-2750B.

Direct Access 2012 Chad Duffey and Tristan Kington Microsoft Premier Field Engineering WSV333.

Welcome This step-by-step training guide is intended to get you familiar with managing Intel® vPro™ systems with Microsoft* System Center Configuration.

Module 6: Configuring Windows XP Professional to Operate in a Microsoft Network.

Managing Computers With Intel AMT Greg Rusu

Data Devices People 6.5B Wireless connections today >42% of global population owns smartphone by end of 2015 >50% User will go to tablet or smartphone.

Chapter 7 HARDENING SERVERS.

Intel Confidential 1 Configure PKI Web Server Certificates for each Management Controller.

Lesson 19: Configuring Windows Firewall

Hands-On Microsoft Windows Server Connecting Through Terminal Services Terminal server – Enables clients to run services and software applications.

TCP/IP Tools Lesson 5. Objectives Skills/ConceptsObjective Domain Description Objective Domain Number Using basic TCP/IP commands Understanding TCP/IP3.6.

Version 1.0 digitaloffice.intel.com Intel ® vPro ™ Technology Intel ® Active Management Technology Setup and Configuration Toshiba Laptop –Tecra A9 Small.

1 Enabling Secure Internet Access with ISA Server.

SIM361. Services Cloud Deployment Fabric Hyper-V Bare Metal Provisioning Hyper-V, VMware, Citrix XenServer Hyper-V, VMware, Citrix XenServer Network Management.

Assisting Enterprise iAMT Activation Infrastructure Specialist EDS, an HP Company.

Wally Mead Senior Program Manager Microsoft Corporation.

Click to edit Master title style TechNet goes virtual ©2009 Microsoft Corporation. All Rights Reserved. TechNet goes virtual System Center Configuration.

April WebEx Intel ® Active Management Technology (AMT) LANDesk Provisioning LANDesk Server Manager.

Course 6421A Module 7: Installing, Configuring, and Troubleshooting the Network Policy Server Role Service Presentation: 60 minutes Lab: 60 minutes Module.

May 30 th – 31 st, 2006 Sheraton Ottawa. Microsoft Certificate Lifecycle Manager Saleem Kanji Technology Solutions Professional - Windows Server Microsoft.

Cisco Confidential © 2010 Cisco and/or its affiliates. All rights reserved. 1 SAN Certificate in Unity Connection Presenter Name: Bhawna Goel.

Version 1.0 digitaloffice.intel.com Intel ® vPro ™ Technology Intel ® Active Management Technology Setup and Configuration Lenovo T61 Laptop Small Business.

September 18, 2002 Introduction to Windows 2000 Server Components Ryan Larson David Greer.

Timothy Heeney| Microsoft Corporation. Discuss the purpose of Identity Federation Explain how to implement Identity Federation Explain how Identity Federation.

Remote Desktop Services Remote Desktop Connection Remote Desktop Protocol Remote Assistance Remote Server Administration T0ols.

Home Media Network Hard Drive Training for Update to 2.0 By Erik Collett Revised for Firmware Update.

Implementing Network Access Protection

Objectives Configure routing in Windows Server 2008 Configure Routing and Remote Access Services in Windows Server 2008 Network Address Translation 1.

20411B 8: Installing, Configuring, and Troubleshooting the Network Policy Server Role Presentation: 60 minutes Lab: 60 minutes After completing this module,

Module 4: Configuring ISA Server as a Firewall. Overview Using ISA Server as a Firewall Examining Perimeter Networks and Templates Configuring System.

Chapter 13 Users, Groups Profiles and Policies. Learning Objectives Understand Windows XP Professional user accounts Understand the different types of.

What’s New in Fireware v11.9.5

Version 1.0 digitaloffice.intel.com Intel ® vPro ™ Technology Intel ® Active Management Technology Setup and Configuration Dell Optiplex 755 tower Small.

Planning a Microsoft Windows 2000 Administrative Structure Designing default administrative group membership Designing custom administrative groups local.

Module 8: Designing Security for Authentication. Overview Creating a Security Plan for Authentication Creating a Design for Security of Authentication.

70-291: MCSE Guide to Managing a Microsoft Windows Server 2003 Network, Enhanced Chapter 11: Internet Authentication Service.

Configuring Network Access Protection

Microsoft Management Seminar Series SMS 2003 Change Management.

Version 1.0 digitaloffice.intel.com Intel ® vPro ™ Technology Intel ® Active Management Technology Setup and Configuration Lenovo M57p Desktop Small Business.

Microsoft Ignite /25/2017 9:57 AM

70-293: MCSE Guide to Planning a Microsoft Windows Server 2003 Network, Enhanced Chapter 10: Planning and Managing IP Security.

Virtualization Technology and Microsoft Virtual PC 2007 YOU ARE WELCOME By : Osama Tamimi.

Module 10: Windows Firewall and Caching Fundamentals.

* Other names and brands may be claimed as the property of others. Slide 1 Intel ® vPro™ Provisioning Process with Microsoft* System Center Configuration.

Client Access – Published applications Control through TEMPLATE.ICA Use SSL Authentication level –Remove: EncRc5-0 EncRc5-40 EncRc5-56.

Service Pack 2 System Center Configuration Manager 2007.

Unit 2 Personal Cyber Security and Social Engineering Part 2.

Network Security. Permission granted to reproduce for educational use only.© Goodheart-Willcox Co., Inc. Remote Authentication Dial-In User Service (RADIUS)

MaaS360 MDM for iOS, Android & Windows Phone 7

VMware ESX and ESXi Module 3.

Module 3: Enabling Access to Internet Resources

The sign of success.

Module Overview Installing and Configuring a Network Policy Server

CWMS Configuration Making our PowerPoint simpler and more distinctive.

Module 10: Managing and Monitoring Network Access

Implementing Network Access Protection

Get the Most Out of GoAnywhere: Agents

100% REAL EXAM QUESTIONS ANSWERS

VoIP Management and Control

1Y0-253 Exam Implementing Citrix NetScaler 10.5 for App and Desktop Solutions

Intel® vPro™ Technology

2018 Valid Cisco Exam Dumps IT-Dumps

Mikael Nystrom Senior Executive Consultant TrueSec

Agenda Create certificates for the GlobalProtect Portal, internal gateway, and external gateway. Attach certificates to a SSL-TLS Service Profile. Configure.

Chapter 10: Advanced Cisco Adaptive Security Appliance

Intel Active Management Technology

Designing IIS Security (IIS – Internet Information Service)

Presentation transcript:

Intel Confidential Slide 1 Intel vPro Provisioning Process with Microsoft System Center Configuration Manager SP1 These process flows focus on Advanced Security by enabling Kerberos Authentication and TLS security

Intel Confidential Slide 2 Purpose of Foils The following foils are intended to show the detailed flow of the Intel vPro Provisioning Process with Microsoft System Center Configuration Manager SP1 –SCCM Agent Based Provisioning (PKI + FW >=3.2.1) –Bare Metal Provisioning (PKI + FW >=3.2.1) –Bare Metal Provisioning (PSK + FW <3.2.1) –Full UnProvision – Reset to Factory Default –Partial UnProvisioning

Intel Confidential Slide 3 Agent Based Provisioning (PKI + FW >=3.2.1) 1.Based on policy, the Configuration Manager Agent will assess if the Client can be provisioned,. If it can, it will create a One Time Password and send the OTP to both the OOB Service and into the AMT Firmware 2.OOB Service Point secures connection with the AMT client through Embedded AMT Self Sign Certificate, Present Provisioning Certificate along with the OTP for initial Authentication 3.OOB Service Point sets the Remote Admin and MEBx password (if not changed) 4.OOB Service Point requests a web server certificate on behalf of the AMT client 5.OOB Service Point created an Object in AD for the vPro Client 6.OOB Service Point pushes web server certificate to AMT client 7.OOB Service Point pushes ACL, power schema, and other configuration data to AMT to finalize provision

Intel Confidential Slide 4 Bare Metal Provisioning (PKI + FW >=3.2.1) 1.Admin imports provisioning data* for Client being provisioned into ConfigMgr 2007 SP1 2.vPro Client sends a PKI hello packet to provisioning server (defined firmware schedule) 3.OOB Service Point secures connection with the AMT client through Embedded AMT Self Sign Certificate and Present Provisioning Certificate for initial Authentication 4.OOB Service Point sets the Remote Admin and MEBx password (if not changed) 5.OOB Service Point requests a web server certificate on behalf of the AMT client 6.OOB Service Point created an Object in AD for the vPro Client 7.OOB Service Point pushes web server certificate to AMT client 8.OOB Service Point pushes ACL, power schema, and other configuration data to AMT to finalize provision * - the collection of client provisioning data can be automated from the vPro client to SCCM, which requires an OS to run the utility but could be done from a WinPE image

Intel Confidential Slide 5 Bare Metal Provisioning (PSK + FW <3.2.1) 1.Admin imports provisioning data* for Client being provisioned into ConfigMgr 2007 SP1 2.vPro Client sends a PSK hello packet to provisioning server (defined firmware schedule) 3.OOB Service Point forwards the provisioning request to the Intel WS-MAN Translator 4.The Intel WS-MAN Translator passes the PSK - PID to establish the Secure Connection 5.OOB Service Point sets Remote Admin and MEBx password routed through the Intel WS-MAN Translator 6.OOB Service Point requests a web server certificate on behalf of the AMT client 7.OOB Service Point created an Object in AD for the vPro Client 8.OOB Service Point pushes web server certificate to AMT client routed through the Intel WS-MAN Translator 9.OOB Service Point pushes ACL, power schema, and other configuration data to AMT to finalize provision routed through the Intel WS-MAN Translator * - the collection of client provisioning data can be automated from the vPro client to SCCM, which requires an OS to run the utility but could be done from a WinPE image

Intel Confidential Slide 6 Full UnProvisioning – Reset to Factory Default* 1.Using TLS-secured connection and Digest Authentication, OOB SP sends a Full Unprovision command to client 2.OOB Service Point requests revocation of web server certificate of the AMT client 3.OOB Service Point deletes corresponding Object in AD for the vPro Client 4.Management Engine does the following: a)resets the Remote Admin and MEBx password and deletes all ACL information b)deletes web server certificate in ME c)clears audit log, deletes audit policy, and disables auditing d)deletes provisioning profile such as power schema, wireless profiles, and other configuration data in ME e)removes HOST Name, Domain Name, Provisioning Server IP and port * - At conclusion of Full Unprovision, client is at Factory Default with the exception of Local Admin password for access through the MEBx

Intel Confidential Slide 7 Partial UnProvisioning 1.Using TLS-secured connection and Digest authentication, OOB SP sends a Partial Unprovision command to client 2.OOB Service Point DOES NOT request revocation of web server certificate of the AMT client 3.OOB Service Point DOES NOT delete corresponding Object in AD for the vPro Client 4.Management Engine DOES NOT reset the Remote Admin and MEBx password and deletes all ACL information 5.Management Engine DOES NOT delete web server certificate in ME 6.Management Engine DOES NOT clear audit log, delete audit policy, or disables auditing 7.Management Engine DOES NOT remove HOST Name, Domain Name, Provisioning Server IP and port 8.Management Engine deletes provisioning profile such as power schema, wireless profiles, and other configuration data in ME

Intel Confidential Slide 8