Defining Management Presence Servers
You can define up to four Management Presence Servers in a configuration profile.
To define a management presence server:
- From the Management Presence Servers section of the Remote Access window, click Add. The Management Presence Server Properties window opens.
- In the Server FQDN or IP Address field, enter the FQDN or IP address of the Management Presence Server.
- In the Port field, enter the Port that the Management Presence Server listens on for connections from Intel AMT systems.
- Click Edit List to define the location of the trusted root certificates that will be used by Intel AMT systems configured with this profile (see Defining Trusted Root Certificates).
- If you entered an IP address in the Server FQDN or IP Address field, you need to enter the FQDN in the Common Name field. (If you entered the FQDN in the Server FQDN or IP Address field, the Common Name field is disabled.)
- Define the required type of authentication:
- To define authentication based on a password, select System authentication is password-based, enter a username and password, and continue from step 9.
- To define authentication based on certificates, select System authentication is certificate-based, and continue from step 7.
- From the Select the method for creating the certificate drop-down list, select the source for the certificate that will be installed in the Intel AMT device:
- Request certificate from Microsoft CA – By default, the settings for this option are displayed. If you are using a Microsoft* CA, continue to step 8.
Use certificate from a file – For information about this method and the necessary file format, see Using Predefined Files Instead of a CA Request. If you select this option, define the file locations and continue from step 9.
- If the certificate will be requested from a Microsoft CA, do these steps:
- From the Certificate Authority drop-down list, select the Enterprise CA that Intel SCS will use to request a certificate that the MPS can authenticate.
- From the Client Certificate Template drop-down list, select the template that will be used to create the client certificate. The templates shown are templates where the Subject Name is supplied in the request and the usage is “Client Authentication”. For information how to create a template, see Defining Enterprise CA Templates.
- Define the Common Names that will be included in the Subject Name of the generated certificate. For more information, see Defining Common Names in the Certificate.
Note: |
---|
- To use this option, Intel SCS must have access to the CA during configuration (see Required Permissions on the CA).
- If you are creating the profile on a computer that does not have access to the CA, the drop-down lists will not display the CA or the templates. If necessary, you can manually supply the CA name (in the format FQDN\CA Name) and the name of the template.
|
- Click OK. The settings are saved and the Management Presence Server window closes.