Intel vPro

Intel vPro technology is computer hardware technology to allow remote access to the PC (including monitoring, maintenance, and management) independent of the state of the operating system (OS) or power state of the PC.[1] It consists of a set of features built into a PC's motherboard and other hardware.[2][1] Intel vPro technology is not the PC itself, nor is it a single set of management features (such as Intel Active Management Technology/Intel AMT) for sys-admins. Intel vPro is a combination of processor technologies, hardware enhancements, management features, and security technologies

Intel vPro technology is intended to help businesses gain certain maintenance and servicing advantages, security improvements, and cost benefits in information technology (IT) areas.[1][3]

Contents

vPro, AMT, Centrino 2, and Core 2 relationships

There are numerous Intel brands. However, the key differences between vPro (a platform), AMT (a technology), Centrino 2 (a package of technologies), and Core 2 (a processor) are as follows:

Intel Core 2 Duo or Quad processors are central processing units (CPUs).[1]

Intel Centrino 2 processor technology is a package of technologies that includes the Intel Core 2 Duo.[4] Intel Centrino 2 is designed for mobile PCs, such as laptops and other small devices. Core 2 and Centrino 2 have evolved to use Intel's latest 45-nm manufacturing processes, have multi-core processing, and are designed for multithreading.

Intel vPro technology is a set of technologies built into the hardware of the laptop or desktop PC.[1] The technology is targeted at businesses, not consumers. A PC with vPro includes Intel AMT, Intel Virtualization Technology (Intel VT), Intel Trusted Execution Technology (Intel TXT), a gigabit network connection, and so on. There may be a PC with a Core 2 processor, without vPro built in. However, vPro features require a PC with at least a Core 2 processor. Current versions of vPro are built into PCs with Core 2 Duo or Core 2 Quad processors and more recently some versions of Core i5 and Core i7 processors.

Intel AMT is part of the Intel Management Engine, which is built into PCs with Intel vPro technology.[1] Intel AMT is a set of remote management and security features designed into the PC’s hardware and which allow a sys-admin with AMT security privileges to access system information and perform specific remote operations on the PC.[5] These operations include remote power up/down (via wake on LAN), remote / redirected boot (via integrated device electronics redirect, or IDE-R), console redirection (via serial over LAN), and other remote management and security features.

vPro features

Intel vPro is a platform or set of PC hardware features. PCs with vPro have three main elements: 1) Core 2 Duo/Quad or Centrino 2 processor for business applications; 2) integrated components (such as 64-bit graphics) to reduce the number of discrete components in the system; and 3) hardware-based management and security technology (such as Intel AMT).[2][1][4][5][6][7][8]

A vPro PC includes:

Remote-management

Intel AMT is the set of management and security features built into vPro PCs and which are intended to make it easier for a sys-admin to monitor, maintain, secure, and service PCs.[1] Intel AMT (the management technology) is sometimes mistaken for being the same as Intel vPro (the PC "platform"), because AMT is one of the most visible technologies of an Intel vPro-based PC.

Intel AMT includes:

Hardware-based management has been available in the past, but it has been limited to auto-configuration using DHCP or BOOTP for dynamic IP allocation and diskless workstations, as well as Wake On LAN for remotely powering on systems.[19]

VNC-based KVM remote control

In vPro 6.0 PCs with i5 or i7 processors and embedded Intel graphics, Intel AMT embeds a proprietary VNC Server, so you can connect out-of-band using dedicated VNC-compatible Viewer technology, and have full KVM (Keyboard, Video, Mouse) capability throughout the power cycle - including uninterrupted control of the desktop when an operating system loads. Clients such as VNC Viewer Plus from RealVNC also provide additional functionality that might make it easier to perform (and watch) certain Intel AMT operations, such as powering the computer off and on, configuring the BIOS, and mounting a remote image (IDER).

Wireless communication

Intel vPro supports encrypted wired and wireless LAN wireless communication for all remote management features for PCs inside the corporate firewall.[1] Intel vPro supports encrypted communication for some remote management features for wired and wireless LAN PCs outside the corporate firewall.[1][20]

vPro laptop wireless communication

Laptops with vPro include a gigabit network connection and support IEEE 802.11 a/g/n wireless protocols.[1][20][21]

AMT wireless communication

Intel vPro PCs support wireless communication to the AMT features.[1][20][21]

For wireless laptops on battery power, communication with AMT features can occur when the system is awake and connected to the corporate network. This communication is available if the OS is down or management agents are missing.[1][20]

AMT out-of-band communication and some AMT features are available for wireless or wired laptops connected to the corporate network over a host OS-based virtual private network (VPN) when laptops are awake and working properly.[1]

Encrypted communication while roaming

Intel vPro PCs support encrypted communication while roaming.[1][21][22]

vPro PCs version 4.0 or higher support security for mobile communications by establishing a secure tunnel for encrypted AMT communication with the managed service provider when roaming (operating on an open, wired LAN outside the corporate firewall).[1] Secure communication with AMT can be established if the laptop is powered down or the OS is disabled.[1] The AMT encrypted communication tunnel is designed to allow sys-admins to access a laptop or desktop PC at satellite offices where there is no on-site proxy server or management server appliance.

Secure communications outside the corporate firewall depends on adding a new element—a management presence server (Intel calls this a “vPro-enabled gateway”) -- to the network infrastructure.[1] This will require integration with network switch manufacturers, firewall vendors, and vendors who design management consoles in order to create an infrastructure that supports encrypted roaming communication. So although encrypted roaming communication is enabled as a feature in vPro PCs version 4.0 and higher, the feature may not be fully useful (except in having a "ready" PC) until the infrastructure is functional.

vPro security

vPro security technologies and methodologies are designed into the PC’s chipset and other system hardware. Because the vPro security technologies are designed into system hardware instead of software, they are less vulnerable to hackers, computer viruses, computer worms, and other threats that typically affect an OS or software applications installed at the OS level (such as virus scan, antispyware, inventory, and other security or management applications).[1]

For example, during deployment of vPro PCs, security credentials, keys, and other critical information are stored in protected memory (not on the hard disk drive), and erased when no longer needed.

Security and privacy concerns

There are still many potential security concerns for PC's with vPro. There is apparently no way to disable vPro on a PC and most users cannot detect outside access to their PC via the vPro hardware based technology.[23] Moreover, Sandy Bridge and most likely future chips will have "the ability to remotely kill and restore a lost or stolen PC via 3G".[24]

Security features

Intel vPro supports industry-standard methodologies and protocols, as well as other vendors’ security features:[1][5][10][25]

Technologies and methodologies

Intel vPro uses several industry-standard security technologies and methodologies to secure the remote vPro communication channel. These technologies and methodologies also improve security for accessing the PC’s critical system data, BIOS settings, Intel AMT management features, and other sensitive features or data; and protect security credentials and other critical information during deployment (setup and configuration of Intel AMT) and vPro use.[1][26]

vPro hardware requirements

The first release of Intel vPro was built with an Intel Core 2 Duo processor.[5] The current versions of Intel vPro are built into systems with 45 nm Intel Core 2 Duo or Quad processors, or Centrino 2 processors.

PCs with Intel vPro require specific chipsets. Intel vPro releases are usually identified by their AMT version.[1][5]

Laptop PC requirements

Laptops with Intel vPro require:

Note that AMT release 2.5 for wired/wireless laptops and AMT release 3.0 for desktop PCs are concurrent releases.

Desktop PC requirements

Desktop PCs with vPro (called “Intel Core 2 with vPro technology”) require:

Note that AMT release 2.5 for wired/wireless laptops and AMT release 3.0 for desktop PCs are concurrent releases.

See also

References

  1. ^ a b c d e f g h i j k l m n o p q r s t u v w x y z aa ab ac ad ae af ag ah ai aj ak al am an ao ap aq ar as at au "Intel Centrino 2 with vPro Technology and Intel Core2 Processor with vPro Technology" (PDF). Intel. ftp://download.intel.com/products/vpro/whitepaper/crossclient.pdf. Retrieved 2008-08-07. 
  2. ^ a b "Remote Pc Management with Intel's vPro". Tom's Hardware Guide. http://www.tomshardware.com/reviews/command-conquer,1591.html. Retrieved 2007-11-21. 
  3. ^ a b "Measuring the Value of Intel Core2 Processor with vPro Technology in the Enterprise". Intel. 2006. http://communities.intel.com/docs/DOC-1129. Retrieved 2008-08-14. 
  4. ^ a b "Intel Centrino 2 Explained". CNET. http://news.cnet.com/8301-17938_105-9991160-1.html?tag=bl. Retrieved 2008-07-15. 
  5. ^ a b c d e f g h i j k l m n o p q r "Architecture Guide: Intel Active Management Technology". Intel. 2008-06-26. http://softwarecommunity.intel.com/articles/eng/1032.htm. Retrieved 2008-08-12. 
  6. ^ a b c "Intel vPro Chipset Lures MSPs, System Builders". ChannelWeb. http://www.crn.com/white-box/201802550. Retrieved August 2007. 
  7. ^ a b c "Intel Mostly Launches Centrino 2 Notebook Platform". ChannelWeb. http://www.crn.com/hardware/209100230?queryText=vPro. Retrieved July 2008. 
  8. ^ "A new dawn for remote management? A first glimpse at Intel's vPro platform". ars technica. http://arstechnica.com/articles/paedia/hardware/vpro.ars/1. Retrieved 2007-11-07. 
  9. ^ "Intel Centrino 2 with vPro Technology". Intel. http://softwarecommunity.intel.com/articles/eng/1477.htm. Retrieved 2008-06-30. 
  10. ^ a b c d e f "New Intel vPro Processor Technology Fortifies Security for Business PCs (news release)". Intel. Archived from the original on 2007-09-12. http://web.archive.org/web/20070912110718/http://www.intel.com/pressroom/archive/releases/20070827comp.htm. Retrieved 2007-08-07. 
  11. ^ a b "Intel Trusted Execution Technology" (PDF). Intel. 2007. http://www.intel.com/technology/security/downloads/TrustedExec_Overview.pdf. Retrieved 2008-07-15. 
  12. ^ a b "Intel Trusted Execution Technology: A Primer". Intel. 2007-12-10. http://softwarecommunity.intel.com/articles/eng/3702.htm. Retrieved 2008-08-17. 
  13. ^ a b "Intel Software Network, engineer / developers forum". Intel. http://softwarecommunity.intel.com/isn/Community/en-US/forums/thread/30235057.aspx. Retrieved 2008-08-09. 
  14. ^ a b "Cisco Security Solutions with Intel Centrino Pro and Intel vPro Processor Technology" (PDF). Intel. http://www.intel.com/business/casestudies/cisco.pdf. 
  15. ^ "The Benefits of Intel Centrino with vPro Technology in the Enterprise" (PDF). Wipro Technologies. http://www.intel.com/business/business-pc/roi/centrinoprowhitepaper.pdf. Retrieved September 2007. 
  16. ^ "Execute Disable Bit and Enterprise Security". Intel. http://www.intel.com/technology/xdbit/?iid=SEARCH. Retrieved 2008-08-10. 
  17. ^ "High Performance, Enhanced Security". Intel. http://www.intel.com/intel/windowsvista/business.htm. Retrieved 2008. 
  18. ^ "Windows Vista on PCs with Intel Centrino Pro or Intel vPro Processor Technology" (PDF). Intel. http://www.intel.com/business/casestudies/windows_vista_solution_brief.pdf. Retrieved 2007. 
  19. ^ "A new dawn for remote management? A first glimpse at Intel's vPro platform". ars technica. http://arstechnica.com/articles/paedia/hardware/vpro.ars/1. Retrieved 2007-07-26. 
  20. ^ a b c d "Understanding Intel AMT over wired vs. wireless (video)". Intel. http://communities.intel.com/docs/DOC-1129. Retrieved 2008-08-14. 
  21. ^ a b c "New Intel-Based Laptops Advance All Facets of Notebook PCs". Intel. Archived from the original on 2008-07-17. http://web.archive.org/web/20080717125337/http://www.intel.com/pressroom/archive/releases/20080715comp_sm.htm#story. Retrieved 2008-07-15. 
  22. ^ "Intel Active Management Technology Setup and Configuration Service, Version 5.0" (PDF). Intel. http://softwarecommunity.intel.com/isn/downloads/Manageability/Intel_AMT_SCS_Console_Guide_5.0.pdf. Retrieved 2008-08-04. (see CIRA configuration discussion)
  23. ^ http://www.tgdaily.com/content/view/39455/128/
  24. ^ http://www.pcmag.com/article2/0,2817,2369110,00.asp
  25. ^ "Intel vPro Technology". Intel. http://www.intel.com/technology/vpro/. Retrieved 2008-07-14. 
  26. ^ "Intel Active Management Technology Setup and Configuration Service Installation and User Manual" (PDF). Intel. http://cache-www.intel.com/cd/00/00/32/09/320963_320963.pdf. Retrieved 2008-07-14. 
  27. ^ "Advanced Encryption Standard (AES) Instructions Set". Intel. http://softwarecommunity.intel.com/articles/eng/3788.htm. Retrieved 2008-08-05. 
  28. ^ a b "Hardening Measures Built into Intel Active Management Technology". Intel. 2007-12-10. http://softwarecommunity.intel.com/articles/eng/3703.htm. Retrieved 2008-08-01. 
  29. ^ "Intel vPro Technology FAQ". Intel. http://softwarecommunity.intel.com/articles/eng/1151.htm. Retrieved 2008-07-12. 
  30. ^ "New Intel Centrino Atom Processor Technology Ushers in 'Best Internet Experience in Your Pocket'". Intel. 2008-04-02. Archived from the original on 2008-04-17. http://web.archive.org/web/20080417181025/http://www.intel.com/pressroom/archive/releases/20080401comp.htm. Retrieved 2008-08-07. 
  31. ^ a b "Intel Centrino Pro and Intel vPro Processor Technology" (PDF). Intel. 2007. http://download.intel.com/pressroom/kits/centrino/CentrinoPro_vPro_whitepaper.pdf. Retrieved 2008-08-07. 
  32. ^ "Gelsinger Speaks To Intel And High-Tech Industry's Rapid Technology Cadence". Intel. 2007-09-18. Archived from the original on 2008-04-17. http://web.archive.org/web/20080417013258/http://www.intel.com/pressroom/archive/releases/20070918corp_b.htm. Retrieved 2008-08-16. 

External links

Platforms

Centrino · Centrino 2 · vPro · Viiv · MID · Skulltrail
Discontinued
Current
Upcoming