Product guide
Admin Control mode network architecture
This illustration is an overview of a network configuration where your Intel
®
AMT systems support
Admin Control mode.
Each of the server components in this illustration performs an essential function in Admin Control
mode configuration.
• McAfee ePO server — McAfee ePO is the management console where application and
enforcement of Intel
®
AMT policies are configured and distributed. You use the McAfee ePO console
to perform these tasks:
• Modify server settings such as selecting or importing required certificates, providing credentials
to authenticate, and enabling communication between McAfee ePO and Intel
®
AMT systems.
• Install the ePO Deep Command RCS Manager plug-in, then deploy it to the Intel
®
RCS system.
• Create and enforce the configuration policy by selecting the remote configuration options.
• Configuration server — Intel
®
RCS server is used to configure an Intel
®
AMT system. It
automates the process of populating Intel
®
AMT systems with user names, passwords, and network
parameters that enable the system to be administered remotely from ePO Deep Command. Using
the RCS Manager plug-in, McAfee ePO can enforce the Intel
®
AMT configuration policies to the
configuration server.
• Active Directory server — You can use digest user credentials to authenticate your
communication, or Kerberos authentication using an Active Directory (AD) server.
• Certificate authority server — McAfee recommends that you use McAfee ePO Deep Command
Root CA to simplify the configuration process. However, you can also use an external certificate
authority server such as Microsoft CA or a custom root CA. These servers issue certificates to the
correct trusted devices within the network. You can use Transport Layer Security (TLS)
communication by incorporating certificates issued by a CA.
Basics of Intel AMT configuration
Remote configuration
3
McAfee ePO Deep Command 2.1.0 Product Guide
39