Decide Whether You Should Register an Alias for the Out of Band Service Point in DNS

Atualizada: Outubro de 2009

Aplica-se a: System Center Configuration Manager 2007 R2, System Center Configuration Manager 2007 R3, System Center Configuration Manager 2007 SP1, System Center Configuration Manager 2007 SP2

If you are provisioning computers for AMT in Configuration Manager 2007 SP1 and later without the corresponding client installed (out of band provisioning), you need to decide whether you should register an alias for the out of band service point in DNS.

noteNota
As informações neste tema aplicam-se apenas ao Configuration Manager 2007 SP1 ou posterior.

AMT-based computers contact a provisioning server for out of band provisioning using the value specified in the BIOS extensions for the provisioning server. The value can be a short name, a fully qualified domain name (FQDN), or an IP address. Typically, the value is the short name of ProvisionServer. You can change this value on each computer by configuring the BIOS extensions, or you can request the value you want to use as part of a customized firmware image. For more information about customizing the firmware image, see Decide Whether You Need a Customized Firmware Image From Your Computer Manufacturer.

CautionAtenção
Using the default name of ProvisionServer could present a security risk if a record with this name is configured to resolve to an IP address of the wrong or rogue computer. If an incorrect IP address is given to AMT-based computers, provisioning will not succeed and the AMT-based computers cannot be managed. Configuring the provisioning server value with an alternative name or IP address is more secure than using a well-known name.

If you are using the default name of ProvisionServer, ensure that you have configured the entry in DNS before turning on the AMT-based computers. Additionally, ensure that you secure the DNS record (for example, using DNS secure dynamic updates so that only the owner can modify this record) to safeguard against the record being modified such that it no longer resolves to the out of band service point site system computer.

When a name is used rather than an IP address, the AMT-based computer must be configured with an FQDN and at least one DNS server. This is typically achieved using DHCP configuration options, but these values can also be specified in the BIOS extensions. When an AMT-based computer first starts up, it uses DNS to resolve the name of the provisioning server using one of the following methods:

  • If the short name of ProvisionServer is specified in the BIOS extensions, DNS attempts to resolve this name in the AMT-based computer's domain to the IP address that belongs to the out of band service point in the computer's Configuration Manager site. The computer then contacts this server to begin the provisioning process. Unless the site system server is actually configured with the name of ProvisionServer, this solution requires an alias (CNAME) record in DNS for the out of band service point site system server. You can configure Configuration Manager to automatically register this alias in the out of band service point's configured DNS domain, or you can manually create the alias record. For more information, see How to Register an Alias in DNS for the Out of Band Service Point.

  • If an alternative short name is specified for the provisioning server and this name is not the same as the configured name of the out of band service point site system server, you must manually create the alias record in DNS. For more information, see the second procedure in How to Register an Alias in DNS for the Out of Band Service Point. With the alternative name resolved to the IP address of the out of band service point site system server, the AMT-based computer then contacts this server to begin the provisioning process.

  • If an FQDN is specified for the provisioning server and this value matches the FQDN of the out of band service point site system server in the Configuration Manager site that will manage the AMT-based computer, there is no need for an alias in DNS. DNS resolves the FQDN to the IP address of the out of band service point site system server, and the AMT-based computer then contacts this server to begin the provisioning process.

If an IP address is specified as the provisioning server in the BIOS extensions, there is no need for an alias in DNS. This IP address must be owned by the out of band service point site system server in the Configuration Manager site that will manage the AMT-based computer.

Register an alias for the out of band service point in DNS if both of the following conditions apply:

  • You will provision computers for AMT out of band (without the client for Configuration Manager 2007 SP1 or later installed).

  • The AMT-based computers are configured with either the value of ProvisionServer or an alternative server name (short name or FQDN) that is not already registered in DNS as a host name (an A record).

Do not register an alias for the out of band service point in DNS if any of the following conditions apply:

  • You will provision computers for AMT in-band only. (The client for Configuration Manager 2007 SP1 or later is installed.)

  • The AMT-based computers are configured with the IP address of the out of band service point rather than a name for the provisioning server.

  • The DNS domain for the out of band service point contains out of band service points from other Configuration Manager sites, and all AMT-based computers are configured with the same name for the provisioning server.

Consulte Também

For additional information, see Configuration Manager 2007 Information and Support.
To contact the documentation team, email SMSdocs@microsoft.com.

Conteúdo da Comunidade

Mostrar: