共用方式為

Decide Whether You Should Register an Alias for the Out of Band Service Point in DNS

  • 發行項

If you are provisioning computers for AMT in Configuration Manager 2007 SP1 without the Configuration Manager 2007 SP1 client installed (out of band provisioning), you need to decide whether you should register an alias for the out of band service point in DNS.

注意

The information in this topic applies only to Configuration Manager 2007 SP1.

AMT-based computers contact a provisioning server for out of band provisioning using the value specified in the BIOS extensions for the provisioning server. The value can be a short name, a fully qualified domain name (FQDN), or an IP address. Typically, the value is the short name of ProvisionServer. You can change this value on each computer by configuring the BIOS extensions, or you can request the value you want to use as part of a customized firmware image. For more information about customizing the firmware image, see Decide Whether You Need a Customized Firmware Image From Your Computer Manufacturer.

警告

Using the default name of ProvisionServer could present a security risk if a record with this name is configured to resolve to an IP address of the wrong or rogue computer. If an incorrect IP address is given to AMT-based computers, provisioning will not succeed and the AMT-based computers cannot be managed. Configuring the provisioning server value with an alternative name or IP address is more secure than using a well-known name.

If you are using the default name of ProvisionServer, ensure that you have configured the entry in DNS before turning on the AMT-based computers. Additionally, ensure that you secure the DNS record (for example, using DNS secure dynamic updates so that only the owner can modify this record) to safeguard against the record being modified such that it no longer resolves to the out of band service point site system computer.

When a name is used rather than an IP address, the AMT-based computer must be configured with an FQDN and at least one DNS server. This is typically achieved using DHCP configuration options, but these values can also be specified in the BIOS extensions. When an AMT-based computer first starts up, it uses DNS to resolve the name of the provisioning server using one of the following methods:

  • If the short name of ProvisionServer is specified in the BIOS extensions, DNS attempts to resolve this name in the AMT-based computer's domain to the IP address that belongs to the out of band service point in the computer's Configuration Manager site. The computer then contacts this server to begin the provisioning process. Unless the site system server is actually configured with the name of ProvisionServer, this solution requires an alias (CNAME) record in DNS for the out of band service point site system server. You can configure Configuration Manager to automatically register this alias in the out of band service point's configured DNS domain, or you can manually create the alias record. For more information, see How to Register an Alias in DNS for the Out of Band Service Point.

  • If an alternative short name is specified for the provisioning server and this name is not the same as the configured name of the out of band service point site system server, you must manually create the alias record in DNS. For more information, see the second procedure in How to Register an Alias in DNS for the Out of Band Service Point. With the alternative name resolved to the IP address of the out of band service point site system server, the AMT-based computer then contacts this server to begin the provisioning process.

  • If an FQDN is specified for the provisioning server and this value matches the FQDN of the out of band service point site system server in the Configuration Manager site that will manage the AMT-based computer, there is no need for an alias in DNS. DNS resolves the FQDN to the IP address of the out of band service point site system server, and the AMT-based computer then contacts this server to begin the provisioning process.

If an IP address is specified as the provisioning server in the BIOS extensions, there is no need for an alias in DNS. This IP address must be owned by the out of band service point site system server in the Configuration Manager site that will manage the AMT-based computer.

Register an alias for the out of band service point in DNS if both of the following conditions apply:

  • You will provision computers for AMT out of band (without the Configuration Manager 2007 SP1 client installed).

  • The AMT-based computers are configured with either the value of ProvisionServer or an alternative server name (short name or FQDN) that is not already registered in DNS as a host name (an A record).

Do not register an alias for the out of band service point in DNS if any of the following conditions apply:

  • You will provision only computers for AMT in-band. (The Configuration Manager 2007 SP1 client is installed.)

  • The AMT-based computers are configured with the IP address of the out of band service point rather than a name for the provisioning server.

  • The DNS domain for the out of band service point contains out of band service points from other Configuration Manager sites, and all AMT-based computers are configured with the same name for the provisioning server.

See Also

Tasks

How to Register an Alias in DNS for the Out of Band Service Point

Concepts

About AMT Provisioning for Out of Band Management

Other Resources

Planning for Out of Band Management