This past week, we attended an event where Intel gave us specific detail on the new hardware and features that are part of their vPro platform technology for 2007. If you’re unfamiliar with vPro, it’s not a singular product or chip. Like Centrino for example, vPro is an Intel platform technology that’s comprised of a CPU, chipset, network controller, and proprietary software, that when combined, offer powerful hardware-based security and management capabilities for the enterprise.
vPro itself is not new, but today Intel will be announcing fresh, new vPro certified hardware and will also announce a few new features enabled by them. Intel’s goals with this refresh were to increase security, manageability, and performance, while lowering power consumption requirements. In this effort, the company has certified the Core 2 Duo E6550, E6750 and E6850 processors for vPro, and are releasing the new low-power Q35 Express chipset with a companion ICH9-DO Southbridge, and 82566DM Gigabit Network controller.
With these new chispets and technologies, the vPro platform offers next-generation Intel Active Management Technology, enhanced Intel Virtualization Technology, and Intel Trusted Execution Technology (aka Intel TXT). vPro also offers support for next-generation management standards like WS-MAN and DASH (draft 1.0 spec) and support for v1.2 of the Trusted Platform Module.
vPro has always given users the ability to remotely manage PCs, but with this refresh Intel has further secured the platform and alleviated some previous security concerns. Unlike older hardware-based management tools that have no encryption or weak authentication, like Wake-on-LAN for example, vPro offers a Protected Management Channel with 128-bit TLS encryption and strong authentication to prevent unwanted snooping with its protected remote-wake mechanism.
Other security measures include a hardware-based “chain of trust” that gives IT managers the ability to launch a Virtual Machine Manger (VMM) into a known, expected state. And any changes made to the VMM can be detected via hash-based measurements. Trusted execution policies are managed in the system by the IT professional and specifically, the Q35 chipset has dedicated micro-engines internally to allow processing secure instructions and transactions on the host CPU. Intel Trusted Execution Technology-enabled hardware also removes residual data when the virtual machine is shut down to further protect data from memory snooping software. With this refresh, vPro also offers new Enhanced System Defense filters that screen each outbound packet and logs information about it. The logs can then be analyzed for malicious patterns of activity over time.
We saw some live demonstrations of some vPro enabled systems from Dell, Lenovo, and HP that showed the usefulness of the technology. In our meeting with Dell, an unbootable PC was logged into remotely and the OS was repaired by comparing it to a master disk image. This was possible because the network security credentials are stored in hardware, so even if the machine’s operating system is severely damaged, a technician can still connect to and work on the PC.
Like Centrino, Intel has plans to continually update the vPro platform over time to incorporate new features and technologies. We don’t have details on what will be available with next year’s refresh, but you can be sure Intel will further enhance vPro after the launch of their “Montevina” platform in the first half on 2008.