Recommendations for Secure Deployment
Intel SCS uses XML files for some of the configuration methods. These XML files can include passwords and data that persons without approval must not access. When using the Configurator and XML files, use these standard security precautions:
- Encrypt all the XML files that the Configurator will use. Use a strong password with a minimum of 16 characters (see File Encryption).
- Make sure that deployment packages and the encryption password are stored in a location that only approved personnel can access.
- Send deployment packages to the Intel AMT systems with a communication method that prevents access to persons without approval.
- Always use the default requirement for digital signature authentication when using the Configurator CLI remotely (see Digital Signing of Files).
- If the Configurator will need to communicate with a CA or create an AD object, give permissions only to the specific CA template or the specific Active Directory Organizational Unit.
- XML files created using the Discovery options are not encrypted. Make sure that you delete these files on the Intel AMT systems after collecting the data that they contain.
- When configuration/unconfiguration is complete, delete all files remaining on the Intel AMT system that were used by Intel SCS components.