Altiris Handling of the Intel AMT connection credentials with Out of Band Management (OOBM) and Real-Time System Manager (RTSM)

Article:HOWTO7306  |  Created: 2007-05-07  |  Updated: 2007-05-15  |  Article URL http://www.symantec.com/docs/HOWTO7306
Article Type
How To



Question
Where are the locations you can enter Intel AMT connection credentials with Out of Band Management and Real-Time System Manager?

Answer

Here are the locations you can enter Intel AMT connection credentials:

 

1.      Out of Band Management Solution's Intel AMT Settings located under View > Solutions > Out of Band Management > Configuration > Default Settings > Intel AMT Settings.

2.      Real-Time System Manager Solution’s Intel AMT Settings located under View  > Configuration > Solutions Settings > Real Time Console Infrastructure > ConfigurationIntel AMT Connection Settings tab.

3.      Out of Band Management Solution's Advanced Settings, located under View > Solutions > Out of Band Management > Configuration > Advanced Settings > Connection Settings Database.

4.      Settings: When specified for a single run of a task (via Task Server). This is configured during the Task setup for that Task only.

5.     Intel SCS database (Database name: IntelAMT) is another place where passwords are kept for Intel AMT devices provisioned by Out of Band Management in enterprise mode. You can't adjust the passwords directly.

6.      And here is the place where "good" settings are stored when used successfully. You can see the settings but you cannot change them:

a.      Out of Band Management Solution's Used Connection Settings Database, read-only.

 

One important thing to note is that when Out of Band Management connects to an Intel AMT device, it tries all connection credentials known to the Solution: Connection Credentials found in places 1 to 6. Having the correct credentials stored at one of those locations is sufficient to successfully connect to a device.

 

All connection credentials are prioritized; for example, the settings that worked for the specific computer marked as Excellent and stored in 6. Next time you run a task against the same computer, the settings marked Excellent are tried first. There are six priority levels for connection credentials and credentials' priority may change dynamically every time a task is run depending on what credentials succeed or fail during the execution.

 

Examples:

1.      You have used Out of Band Management to provision an Intel AMT computer without TLS and specified a random password in the provisioning profile: When you run an AMT task, the connection credentials (user:admin password:something random, like rT5#rerT) are taken from Intel SCS database (5). You do not need to specify connection credentials at other locations.

2.      You have used Out of Band Management to provision an Intel AMT computer without TLS and specified the password (e.g. @Altiris1) manually in the provisioning profile: The connection credentials (user:admin password:@Altiris1) are taken from Intel SCS (5). You do not need to specify connection credentials at other locations.

3.      You have a computer, provisioned by another Notification Server, or other third-party utility. You know the "admin" password. You have to enter the username "admin" and the password for "admin" into (1) or (2) or (3) or (4).

4.      You have a computer provisioned by another Notification Server or other third-party utility. A user "Mike" has been added to the Intel AMT device, whether manually through the Web interface or using the ACL when provisioning. Mike has permission to perform remote management only (for example, Mike cannot change settings). You know Mike’s password. You have to enter the username Mike and the password for Mike into (1) or (2) or (3) or (4). You can use Out of Band Management to perform remote management tasks only.

5.      You have used Out of Band Management to provision an Intel AMT computer with TLS. Credentials are taken from (5). You do not need to specify connection credentials at other locations; however, you have to enter trusted domain suffix (e.g. altiris.com) in either (1) or (2).


Legacy ID



34774


Article URL http://www.symantec.com/docs/HOWTO7306


Terms of use for this information are found in Legal Notices