I am in the process of starting a new sccm sp2 deployment and i would like to add out of bound management functionality to it. I have been reading up on the vpro technology and there are several questions that i would really appreciate if someone could help with;
1) As i understand it, to provide zero-touch configuration of the vpro you need 2 certificates, 1 for provisionning which can be either a certificate generated by an internal CA(but then it is no longer zero-touch), or a 3rd party CA (verisign, godaddy, comodo, starfield). The other certificate is for the TLS communication with the AMT. So can someone confirm this is the case, and for the 2nd certificate you need an internal PKI, or in our case we need a Windows Certificate Service running to issue those certs?
2) For the 3rd party CAs mentioned above, i have contacted each one and there is some areas that need some clarification;
2.1) On the godaddy site they say you can use their standard SSL, however i have seen several website stating that you need to use the deluxe or premium cert. Can anyone verify that the standard cert does or does not work with AMT v6.0?
2.2) The verisign webpage that talks about vpro seems to say you need their 'Secure Site Pro' cert which at $1000/year seems a little expensive compared to the $117 for comodo, godaddy at $50 or $100 depending on which works. If anyone can verify these prices and report about which cert they use it will help.
3) In configuring SCCM you have the choice of setting up a native mode configuration which necessitates having a PKI within the network, which we don't have at the moment. So if i need a PKI to run vpro then i suppose it can also be used to run sccm in native mode? Are there any alternatives of running vpro without a PKI?
4) If i need to set up a PKI using Windows 2008 R2 certificate services it seems that the CS needs to issue version 2 type templates? Most of the websites I found skip over the steps of installing a PKI, i would appreciate if someone could relate their setups or point me to a place of the steps and design of a PKI in a Windows network.
Thanks very much