Intel Enhances Management, Security in vPro Tools

With vPro 2.0, which will be released with the next "Sandy Bridge" PC chips, Intel aims to make security and management better and simpler.

FRAMINGHAM, Mass.-When Intel starts shipping its newest "Sandy Bridge" PC processors later this quarter, the chips will come with the latest generation of the company's vPro on-board management and security capabilities that now will include the ability to lock down lost or stolen PCs via a 3G text message.

Intel officials have put on demonstrations of the upcoming vPro 2.0 features around the United States and Canada, including in this city west of Boston. They showed off the capabilities on a number of notebooks located around a room, including some yet-to-be released ThinkPad T420 systems from Lenovo.

The enhancements touch on everything from security to configuration, with a key goal being ease of use, according to Brian Tucker, director of marketing for the chip maker's Business Client Platform Division.

"We're trying to make it as simple as possible for IT pros," Tucker said in an interview with eWEEK during the demonstrations.

Making life easier for IT technicians can mean saving time and money, and improving employee productivity. With workers increasingly mobile, being able to locate and secure laptops when they're lost or stolen is critical to not only find the system, but also protect the data inside, said Loan Webb, business development director at Intel.

Intel officials were talking about some of the enhancements in vPro 2.0 during the Intel Developer Forum in September 2010, with CEO Paul Otellini talking up the success of the technology and the possibilities open to the company through combining the capabilities of vPro with the security technology acquired in Intel's $6.8 billion purchase of security software maker McAfee.

Now with the launch of the latest 2^nd Generation Core processors nearing, Intel officials are again talking up those capabilities. Among the security features highlighted during the demos was Anti-Theft 3.0, which among other things now lets IT administrators lock down a lost or stolen laptop by sending an SMS text message sent over a 3G network.

Before, the "poison pill" could only be delivered via WiFi or wired connections, according to Jake Gauthier, a vPro technician with Intel. The 3G capability becomes important given the increasing 3G support being built into the newest laptops. After the poison pill is delivered, the PC will not boot up, going only to a screen that can include a message for anyone finding the system saying how and where they can return it. In addition, being hardware-based, the security feature does not offer the sort of backdoors that can found in security software and exploited.

The data in the system is still intact, and once the PC is found, the IT administrator can send another SMS text message to unlock the system.

Another anti-theft feature is a GPS-based location-beaconing capability, enabling IT to locate missing PCs. The beaconing capability can be programmed through policies created by the IT department, Tucker said. In addition, in partnership with Symantec and Vasco, Intel has created a hardware-based one-time password system to defend users against the growing number of phishing Websites.

Having such a capability be put onto the hardware is important, Tucker said. Currently such one-time password data is carried around by IT professionals or users on FOBs, which are easy to lose or have stolen.

On the management side, vPro 2.0 includes a host-based configuration tool that makes it easier for IT administrators to manage the PCs. Using a simple wizard, IT staff can configure hundreds of thousands of PCs through a few simple key strokes. In addition, a feature called KVM (keyboard-mouse-video) Remote Control lets IT administrators establish a secure connection to remotely troubleshoot PCs. The enhancements include support for higher-resolution screens and quad-core (as well as dual-core) systems, Tucker said.

The Intel officials also showed off greater desktop virtualization capabilities, giving IT administrators control over virtual machines on the network. Such management capabilities are important for businesses that use contractors and temporary workers who need occasional access to the company's network. It also is a way for employees to separate the personal data on their machine from the company's network.

Gauthier demonstrated the virtualization tool by clicking out of the company network and then into his personal applications, including a video game running in a virtual machine. Intel uses Citrix Systems' XenClient, a type 1 bare-metal hypervisor that enables virtual machines to run on PCs.

"It offers easy switching in and out of two environments," Tucker said.

With vPro, Intel also supports a wide range of virtualization environments-from streaming to VDI (virtual desktop environments)-and most of the popular virtualization technologies, not only from Citrix but also VMware and Microsoft, he said.