Microsoft SMS Preparation Checklist for vPro Activation

Version 2

    Customer Preparation Checklist for Pro Activation with the Microsoft SMS 2003* Add-on

    The following checklist is for customer infrastructure preparation to ensure the Intel on-site activation team can implement systems with Intel(R) vPro(TM) technology within the customer's corporate production environment.

     

    Click on the following task to see additional details/comments:

     

    These steps need to be completed before Intel's team arrives on-site.

    1. DNS Entry for Provision Server (aka Setup and Configuration Service - SCS)

    2. Platform BIOS

    3. Platform Firmware for Intel(R) AMT

    4. Intel AMT OS Drivers

    5. Firewalls Open

    6. .NET 2.0 Installation

    7. SQL Database, SQL 2005 or SQL Express

    9. IIS Setup and Verification

    9. Central and Primary Site SMS Server

    10. Provisioning Server (aka Setup and Configuration Service - SCS)

    11. Microsoft SMS Add-on

    12. Microsoft SMS Add-on Groups and Service Account

    13. Appropriate Users and Rights to Infrastructure

    14. AD Schema Extensions (optional)

     

    The following tasks will be completed during the on-site activation with the Intel team.

    1. Provisioning Server (aka Setup and Configuration Service - SCS)

    2. Microsoft SMS Add-on

    3. Optional Components

    4. Certificate Services for TLS (optional)

    5. Client Certificate for MTLS (optional)

    6. Remote Configuration Certificates (Optional)

     

     

    Pre-Onsite Preparation Checklist

    DNS Entry for Provision Server (aka Setup and Configuration Service - SCS)

    Create an Alias or Pointer in your DNS environment that directs ProvisionServer.fqdn traffic to your Provisioning Server (SCS) (page 51 of the SCS Installation and User Manual).

    You should be able to resolve both the SCS server's IP address to ProvisionServer.fqdn and be able to resolve ProvsionServer.fqdn to the SCS IP address (forward and reverse resolution).

     

    Platform BIOS

    Install the latest BIOS for your system with vPro technology. Consult your OEM (directly or through their download / support web site) to receive your platform's latest system BIOS.  This system BIOS may contain the Intel ME firmware.

     

    Platform Firmware for Intel AMT

    Install the latest Intel AMT Firmware for your system with vPro technology. Consult your OEM (directly or through their download / support web site) to receive the latest supported Intel AMT firmware (aka Intel ME firmware).  Many OEMs bundle the Intel ME firmware with the release of their latest BIOS.

     

    Intel AMT OS Drivers

    Install the latest Intel AMT OS Drivers for your systems with vPro technology. Consult your OEM to receive the latest supported OS drivers for Intel AMT.

    - MEI (aka HECI) drivers

    - LMS drivers

     

    Firewalls Open

    Ensure that your network and client firewalls are open to allow traffic on ports:

    - 16992 - AMT port for non-TLS communication

    - 16993 - AMT port for TLS communication

    - 16994 - AMT port non-secure SOL/IDER.  Also used for Provisioning from SCS to Intel AMT

    - 16995 - AMT port for secure SOL/IDER

    - 9971 - SCS port for communication from Intel AMT machine during "Hello" packets (port configurable in ME/SCS Server)

    - 56666 - SOL-IDER port for communication between the remote SOL communication console and the Add-on service (port configurable within SMS Add-on)

     

    Microsoft .NET 2.0 Installation

    .NET Framework 2.0 is a prerequisite for the installation of SQL Server or SQL Server Express, the Intel SCS Main Service, and the SCS console. (page 22 of the SCS Installation and User Manual) http://www.microsoft.com/downloads/details.aspx?familyid=0856eacb-4362-4b0d-8edd-aab15c5e04f5&displaylang=en

     

    SQL Database, SQL 2005 or SQL Express

    System Requirements listed on page 18 of the SCS Installation and User Manual

    Requirements for computer Running SQL Server

    PC Processor

    Intel(R) Pentium (R) III processor - 600 MHz minimum

    1GHz or faster is recommended

    Memory

    192MB minimum, >512MB is recommended

    Operating System

    Windows Server 2003 with Service Pack 1

    Hard Disk

    525 MB

    Platform

    .NET Framework 2.0

    Networking

    Minimum Ethernet 10BASE-T

     

    IIS Setup and Verification

    On a Windows 2003 with the Provisioning Server (SCS) installed, add the IIS Windows Component (IIS 6).  Internet Information Services is Microsoft's HTTP server. IIS adds full HTTP capability to the Windows operating system.

    (page 27 of the SCS Installation and User Manual).

     

    A SSL certificate is required on IIS if a secure connection with the SCS is desired (page 34 of the SCS Installation and User Manual).   If a secure connection is not necessary, then uncheck the “Force Secure Connection” (for HTTPS) checkbox during the installation of SCS. The checkbox appears in two places during the install, be sure to clear both.

     

    Central and Primary Site SMS Server

    Ensure you have admin access to your Central and Primary Site Server to install the Intel AMT Add-on for Microsoft SMS. SP1 for SMS is required for the SMS Add-on.  Refer to page 26 of the Intel AMT Add-on for SMS Installation and User’s Guide for the requirements for installation.

     

    Provisioning Server (aka Setup and Configuration Service - SCS)

    Setup a Server (or identify an existing server) to install the Provisioning Server (aka SCS)

    System Requirements listed on page 18 of the SCS Installation and User Manual.

    The Provision Server runs as a service and requires an AD account that has local Admin rights on the server.  Setup a network Service Account to run the SCS service and give local admin rights to the SCS Server.

     

    Requirements for Computer Running the SCS Windows Service, the SOAP API, etc.

    \

    Platform Processor

    Dual Core Intel(R) Xeom(TM) Processor 5XXX series

    Memory

    2 to 4GB RAM

    Operating System

    Windows Server 2003 with Service Pack 1

    Hard Disk

    525 MB

    Platform

    .NET Framework 2.0 Internet Info Services (IIS) 6.0

    Networking

    PCI-X 10/100/1000T

     

    SMS Add-on

    Download the latest SMS Add-on that will be installed once the Intel Account team arrives on site.

    http://softwarecommunity.intel.com/articles/eng/1356.htm

     

    SMS Add-on Groups and Service Account

    The SMS Add-on is shipped with a sample script that will create three AD groups and one SMS Add-on Service Account.  (the ADScript.vbs file).  Modify this script to fit your environment as documented in the comments section of the .vbs file.

    The sample ADScript creates three Domain Groups and one Service Account.  These groups and service account must be named as followed.

    - Intel(R) AMT Collections Managers

    - Intel(R) AMT Redirection Managers

    - Intel(R) AMT System Defense Managers

    - SMSAMTUser_XXX (XXX is the 3-letter site code of the SMS site server)

    You must create one SMSAMTUser_XXX account for each of your Primary site servers as well as Central site servers that you plan to install the SMS Add-on service.

     

    Appropriate Users and rights to Infrastructure

    The changes and additions above will require appropriate rights to your infrastructure.  Please make sure you have the necessary rights, or contacted the appropriate groups with these rights (usually Admin privileges) to the following components.

    - Active Directory (to create account and optionally extend the schema)

    - DNS / DHCP

    - SQL Server

    - SCS Server

    - SMS Server

    - Client OS Build

     

    AD Schema Extensions (optional)

    If the customer plans to leverage Kerberos Authentication, it will be necessary to extend their AD schema to create the necessary object classes for Intel AMT. SCS installation includes a script and definition file to perform an automated extension to your schema – files attached in Active Directory Schema (page 37 of the SCS Installation and User Manual).

     

    Tasks with On-Site Activation with Intel Team

    The following tasks will be completed during the on-site activation with the Intel team.

     

    Provisioning Server (aka Setup and Configuration Service - SCS)

    To setup and configure SCS, refer to page 39 of the SCS Installation and User Manual.

    The SCS installation is included with the download of the Microsoft SMS Add-on listed above

     

    SMS Add-on

    To setup and configure SMS Add-on, refer to page 35 of the Intel AMT Add-on for SMS Installation and User’s Guide.

     

    Optional Components

    These steps will be performed during the on-site activation activities.

     

    Certificate Services for TLS (optional)

    Refer to page 29 of the SCS Installation and User Manual.

     

    Client Certificate for MTLS (optional)

    Refer to page 36 of the SCS Installation and User Manual.

     

    Remote Configuration Certificates (Optional)

    A SSL certificate can be generated or purchased to enable remote configuration.  This certificate has a special characteristic (an OID that supports Intel AMT Client Setup) and that certificate is issued specific to the FQDN of the provision server. Refer to page 64 of the SCS Installation and User Manual for acquiring and configuring a certificate that supports Remote Configuration.