Intel Emphasizes Security with New Platform

By Scott Ferguson  |  Posted 2007-08-25

Intel Emphasizes Security with New Platform

Intel is preparing to release a new version of its vPro platform Aug. 27, which will include an emphasis on security that the chip maker hopes will expand the reach of its desktop management technology.

The new version of vPro platform, which Intel had called "Weybridge," will sport three different Core 2 Duo processors, along with the companys Q35 Express chip set and its 82566DM gigabit network interface connector.

While the first version of vPro, which came to market in April 2006, focused mainly on technology that would make it easier for IT administrators to remotely manage desktops and have better control of a large fleet of corporate PCs, the 2007 update to the platform will add new security features as well as virtualization capabilities.

"We are trying to be a little more innovative and proactive by driving security capabilities right into the platform itself," said Gregory Bryant, vice president for Intels Digital Platform Division.

After the initial introduction, Intel, based in Santa Clara, Calif., and several PC vendors began introducing the first desktop models with vPro technology in Sept. 2006 and then announced that its new Centrino Pro mobile platform would include vPro in May 2007. Since that time, Intel executives have said that the company has shipped more than four million units with more than 350 enterprises deploying vPro-based clients.

Intel and AMD are setting their sites on the high-end of the market. Click here to read more.

Roger Kay, an analyst with Endpoint Technologies, said a company would need to have vPro technology installed in about 25 percent of its PC fleet before it was reasonable to deploy all the management and security features included in the platform.

Kay estimates that most companies are now hitting the 20 percent mark and with the addition of vPro technology in the Centrino platform, he suspects that more companies will now begin deploying the full range of vPro features.

"Right now, it [vPro] is still pretty sparse and its been a slow adoption, but Intel has been pleased with the uptake and some of the IT guys who see the potential really want to get their hands on the vPro stuff," Kay said.

"After Intel added Centrino, a company can have the entire client based management under this heading and that makes for a better justification for investing in it. That is also a recent development and I think its still in its early stages."

One of the most significant updates to the vPro platform is the next generation of Intels AMT (Active Management Technology), which provides a hardware and software management engine that allows a number of on-board capabilities, such as monitoring the PCs hardware and software configuration to give a more holistic view of the system. The latest version of AMT will also feature embedded filtering technology built into the firmware of the silicon itself.

This filter technology will help protect a PC from common malware problems and offer a level of protection to the desktop both before and after third-party security software is installed. The technology also alerts the IT administration of the problems and can isolate a single machine from the network. The filters work by logging all outbound packets. The filter then analyzes these logs for specific, malicious patterns, such as excessive attempts to connect through a single port.

Click here to read more about Intels development of silicon photonics.

Intel is also offering what it calls an embedded trust agent in the platform, which will not only support the IEEE 802.1x standards, but is also certified by Cisco for its Network Admission Control. The agent is not dependent on operating system availability and will continue to work and manage the PC whether the desktop is shutdown or the OS has been disabled, without lowering the network security.

This vPro development will allow for greater out-of-band management abilities, such as remote power control and diagnostic testing, even if the operating system has failed while maintaining network authentication.

The fact that Cisco is now on board with vPro shows what Intel is trying to do with the brand. Specifically, the company is trying to get third-party vendors and ISVs to build on top of its platform instead of Intel trying to develop proprietary standards on its own, Kay said. In addition to Cisco, Symantec is developing security features for vPro, while Altiris was tapped to offer a management agent.

Page 2: Intel Emphasizes Security with New Platform


(Just before the vPro launch this week, a spokesperson for Symantec admitted that its Virtual Security Solution for vPro, which integrates the companys NIPS (Network Intrusion Prevention Security) engine with Intels virtualization technology, does not yet have an official shipping date.)

"From Intels perspective, they dont want to get into the application side of it," Kay said. "They want to get the application vendors to come in and let them work on top of the platform … Security is a layered concept."

In a demonstration for journalists and analysts, Bryant said part of the purpose of vPro is to provide the hardware hooks for third-party vendors and ISVs to build applications for a host of issues, such as security and enterprise-wide PC management.

In addition to the other security features, Intel is offering what it calls TXT or Trusted Execution Technology in the updated vPro platform. Those who have followed Intels technology developments will recognize TXT as the final realization of its "LaGrande" initiative.

TXT works with TPMs (Trusted Platform Modules) 1.2 and performs several different functions. One of these is to allow software to boot into a known, trusted state. With the help of virtualization, TXT can also isolate applications within a memory partition and isolate that application within the hardware.

This feature means that no additional hardware or software can access a particular application. TXT will also remove data from the cache when the virtual machine shuts down, which ensures an additional defense against snooping software.

Besides TXT, Intel has also included a new virtualization feature dubbed Virtualization Technology for Directed I/O, which will help reinforce the isolation between virtual machines on the desktop by restricting memory access.

At the same demonstration where Bryant spoke, representatives with General Dynamics, one of the countrys largest defense contractors, showed off a workstation running the Microsoft Windows operating system in two separate virtual environments within the same machine.

The hardening between the partitions was strong enough for government workers to run applications using classified and unclassified data on the same machine, said Mike Maschino, a security architect with General Dynamics.

In addition to the security features, Intel executives are touting the additional performance of the new vPro platform, specifically a 30 percent boost with the addition of the Core 2 Duo E6550 processor compared to the older Core 2 Duo E6300 chip. The E6550 is clocked at 2.33GHz and has 4MB of L2 cache and a 1333MHz FSB (front side bus). Intel is also offering two other processors with even faster clock speeds, the E6750, which has a clock speed of 2.66GHz and the E6850, which runs at 3GHz.

Click here to read more about Intel and WiMax.

By next year, Intel plans to introduce several quad-core processors for the vPro platform as well.

In terms of power, the processor being used with the vPro platform use the same 65-watt TDP—an Intel term that refers to how much heat a chip has to dissipate—as the older platform.

One of the drawbacks to vPro is that all the new features are hardware-based and users will have to buy new PCs to take advantage of the platform and its updated capabilities.

At least three of the larger PC vendors will be offering new systems that support vPro right away. Dell will roll out a new desktop, the Optiplex 755, which will offer the vPro platform as well as several other Intel-based options, including just the use of Intels latest AMT. The Round Rock, Texas, PC vendor had previously offered the vPro platform in its Optiplex 745c desktop.

In addition, Hewlett-Packard will include the new version of vPro when the company refreshes its Compaq dc7000 line of high-end, enterprise desktops in the next few months. Finally, Lenovo will offer the 2007 version of vPro with its ThinkCenter M57P desktop, which will eventually replace the M55P, a desktop that used the original vPro platform. Lenovo is now also offering the vPro platform with its ThinkPad T61 laptop, which uses the Centrino Platform.

Check out eWEEK.coms for the latest news in desktop and notebook computing.

Rocket Fuel