Secure and automatic provisioning of computer systems having embedded network devices
First Claim
1. A provisioning mechanism for computer systems comprising:
- a computer platform having a controller, a storage media, and a network interface, the storage media having a protected area only accessible to the controller, wherein initially booting-up the computer platform causes the controller to;
automatically connect to a corporate DHCP (Dynamic Host Configuration Protocol) server to obtain an IP (Internet Protocol) address and a domain name;
concatenate the domain name with a pre-defined host name to obtain a FQDN (Fully Qualified Domain Name) for a provisioning server;
establish a TCP connection to the provisioning server using the FQDN to open a secure session;
validate a server certificate chain received from the provisioning server; and
if the server certificate chain is validated,open a secure and encrypted session and attempt to login to the provisioning server, wherein if corporate security policy grants access to the computer platform, receive provisioning configuration data over a secured and encrypted channel.
1 Assignment
0 Petitions
Accused Products
Abstract
A provisioning method and mechanism for computer systems having embedded network devices. After an initial boot-up of a computer platform, an out-of-band (OOB) controller automatically connects to a corporate DHCP (Dynamic Host Configuration Protocol) server to obtain an IP (Internet Protocol) address and a domain name in which the computer platform is running. The domain name is concatenated with a pre-defined host name to obtain a FQDN (Fully Qualified Domain Name) for a provisioning server. The OOB controller then establishes a TCP connection to the provisioning server. A server certificate chain received from the provisioning server is validated. An attempt to login to the provisioning server is made. If corporate security policy dictates granting access to the computer platform, then provisioning configuration data is received over a secure and encrypted channel.
-
Citations
57 Claims
-
1. A provisioning mechanism for computer systems comprising:
a computer platform having a controller, a storage media, and a network interface, the storage media having a protected area only accessible to the controller, wherein initially booting-up the computer platform causes the controller to; automatically connect to a corporate DHCP (Dynamic Host Configuration Protocol) server to obtain an IP (Internet Protocol) address and a domain name; concatenate the domain name with a pre-defined host name to obtain a FQDN (Fully Qualified Domain Name) for a provisioning server; establish a TCP connection to the provisioning server using the FQDN to open a secure session; validate a server certificate chain received from the provisioning server; and if the server certificate chain is validated, open a secure and encrypted session and attempt to login to the provisioning server, wherein if corporate security policy grants access to the computer platform, receive provisioning configuration data over a secured and encrypted channel. - View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 13, 14, 15)
-
16. A provisioning method for computer systems having embedded network devices comprising:
on initial boot-up of a computer platform, connecting, via a controller, to a corporate DHCP (Dynamic Host Configuration Protocol) server to obtain an IP (Internet Protocol) address and a domain name in which the computer platform is running; concatenating the domain name with a pre-defined host name to obtain a FQDN (Fully Qualified Domain Name) for a provisioning server; establishing, via the controller, a TCP connection to the provisioning server; validating a server certificate chain received from the provisioning server; and attempting to login to the provisioning server, wherein if corporate security policy dictates granting access to the computer platform, receiving provisioning configuration data over a secure and encrypted channel. - View Dependent Claims (17, 18, 19, 20, 21, 22, 23, 24, 25, 26, 27, 28, 29, 30)
-
31. A method for provisioning a computer system having an embedded network device comprising:
-
after a TCP connection has been established with an out-of-band controller of a computer platform for provisioning, sending a server certificate chain to be validated; if the server certificate chain is validated, receiving a login request over a secure and encrypted channel from the OOB controller; determining whether to grant access to the OOB controller based on corporate security based policy; and if access is granted, automatically sending provisioning data to the OOB controller over the secure and encrypted channel. - View Dependent Claims (32, 33, 34, 35, 36)
-
-
37. An article comprising:
- a storage medium having a plurality of machine accessible instructions, wherein when the instructions are executed by a processor, the instructions provide for on initial boot-up of a computer platform,
connecting, via a controller, to a corporate DHCP (Dynamic Host Configuration Protocol) server to obtain an IP (Internet Protocol) address and a domain name in which the computer platform is running; concatenating the domain name with a pre-defined host name to obtain a FQDN (Fully Qualified Domain Name) for a provisioning server; establishing, via the controller, a TCP connection to the provisioning server; validating a server certificate chain received from the provisioning server; and attempting to login to the provisioning server, wherein if corporate security policy dictates granting access to the computer platform, receiving provisioning configuration data over a secure and encrypted channel. - View Dependent Claims (38, 39, 40, 41, 42, 43, 44, 45, 46, 47, 48, 49, 50, 51)
- a storage medium having a plurality of machine accessible instructions, wherein when the instructions are executed by a processor, the instructions provide for on initial boot-up of a computer platform,
-
52. An article comprising:
- a storage medium having a plurality of machine accessible instructions, wherein when the instructions are executed by a processor, the instructions provide for after a TCP connection has been established with an out-of-band controller of a computer platform for provisioning, sending a server certificate chain to be validated;
if the server certificate chain is validated, receiving a login request over a secure and encrypted channel from the OOB controller; determining whether to grant access to the OOB controller based on corporate security based policy; and if access is granted, automatically sending provisioning data to the OOB controller over the secure and encrypted channel. - View Dependent Claims (53, 54, 55, 56, 57)
- a storage medium having a plurality of machine accessible instructions, wherein when the instructions are executed by a processor, the instructions provide for after a TCP connection has been established with an out-of-band controller of a computer platform for provisioning, sending a server certificate chain to be validated;
Specification