Product guide
Task
For option definitions, click ? in the interface.
1
In the McAfee ePO console, from Policy Catalog, select ePO Deep Command 2.1.0 as the product and AMT
Policies as the category, then click New Policy.
2
Type a name for the policy and any notes, then click OK.
3
Click the policy created, click the Remote Access tab, then select Allow ePO to enforce these settings.
4
In Remote Server, select Enable Client Initiated Remote Access (CIRA).
5
In Home Domain Suffix, type the host name of the Intel
®
AMT systems, then click Add.
Adding home domain suffixes enables the Intel
®
AMT systems to access the home domains. The
home domain refers to the detected DHCP 15 value of the network, that is, Connection Specific
DNS suffix, using which Intel
®
AMT determines if a system is inside or outside the environment. The
Intel
®
AMT system must be outside the enterprise. You must enter at least one home domain suffix.
You can enter a maximum of 5 home domain suffixes.
The DHCP and DNS servers must be configured for successful execution of the Remote Access
policy. The details you specify in this step must match your connection-specific DNS suffixes in your
LAN. Incorrect home domain suffix settings might turn off the access to the Intel
®
AMT systems
unless a Remote Access session is established by the system itself.
6
Select a primary DMZ Agent Handler and specify the stunnel port (as specified in the stunnel
configuration) for the incoming Remote Access requests.
7
In Tunnel Lifetime, specify the time (in seconds) the Remote Access tunnel must be active after it is
established.
The default value is zero, which sets the connection to no timeout.
8
Select these options:
• Allow User Initiated Tunnel — Allows Intel
®
AMT users to initiate a Remote Access request to the
server.
• Periodic Initiated Tunnel every — Specifies a time to establish the connection at regular intervals.
9
In Connection Type, select where the Intel
®
AMT system initiates the call to McAfee ePO. Available
options are BIOS Initiated and OS Initiated.
10
Click Save.
11
In the System Tree, assign the policy to the required systems or group.
• To assign the policy to selected systems, select the systems, click Actions | Agent | Set Policies &
Inheritance, select ePO Deep Command 2.1 as the product, select AMT Policies as the category, select the
modified policy, select Break Inheritance, then save the policy assignment.
• To assign the policy to a system group, select the group, select ePO Deep Command 2.1 as the
product, click Edit Assignment next to AMT Policies, select the modified policy under Assigned policy,
then save the policy assignment.
12
Enforce the policy using one of these methods:
• Wait for the next agent-server communication.
• Send an agent wake-up call.
Managing your Intel AMT systems
Using policies to manage Intel AMT systems
8
McAfee ePO Deep Command 2.1.0 Product Guide
99