Product guide
Remote Access depends on these components:
• McAfee ePO
• Intel
®
AMT systems configured for remote connectivity. (In some environments, these systems are
protected with a firewall. If the Intel
®
AMT system initiates a connection to your server, you can use
this connection to administer it.)
• ePO Deep Command Gateway server.
• The ports used in the ePO Deep Command Gateway services are configurable based on your
environmental requirements.
Port Allows
Internet-to-stunnel port Stunnel to connect to the outside network (Internet). For
example, port 2002.
Stunnel-to-gateway (or Intel
®
AMT listen port)
Stunnel to connect to the Intel
®
AMT platform. The default port
is 11111.
SOCKSv5 proxy-listen port Gateway server to receive the SOCKSv5 proxy connection
requests. The default port is 1080.
HTTP proxy-listen port Gateway server to receive the HTTP proxy connection requests.
Traffic addressed to Intel
®
AMT platforms through this port is
forwarded to the SOCKSv5 port. The default port is 8080.
A Remote Access workflow involves these steps.
• The remote Intel
®
AMT system or user initiates a connection to the ePO Deep Command Gateway
server that acts as a proxy server. The connection is either initiated manually by the user in an
operating system level utility, or the pre-operating system level with a key combination. The
connection can be scheduled to be initiated automatically according at a predetermined time.
• Once the connection reaches the ePO Deep Command Gateway server, a secure encrypted tunnel
back to the Intel
®
AMT system is established.
• McAfee ePO is notified of the incoming Remote Access request from the Intel
®
AMT system.
• You can initiate any Intel
®
AMT system command to the remote Intel
®
AMT system.
See also
Create a Remote Access policy on page 98
Contents
Install the ePO Deep Command Gateway server
Generate certificates for Stunnel
Add DH parameter to the .pem file
Configure Stunnel
Validate certificate
Install the ePO Deep Command Gateway server
To enable communication with the remotely managed Intel
®
AMT system, install the ePO Deep
Command Gateway server on a server in your corporate DMZ where the Agent Handler is installed.
5
Setting up your environment for Remote Access
Install the ePO Deep Command Gateway server
58
McAfee ePO Deep Command 2.1.0 Product Guide