White Paper: The All New 2010 Intel® Core™ vPro™ Processor Family: Intelligence that Adapts to Your Needs

Communication outside the corporate firewall

Laptops and desktop PCs with a new Intel Core vPro processor support secure communication in an open wired or wireless LAN – outside the corporate firewall. This capability allows the PC to initiate communication with a remote management console through a secured tunnel for inventories, diagnostics, repair, updates, and alert reporting. IT managers now have critical maintenance and management capabilities for PCs in satellite offices, outside the corporate firewall, and in locations that don’t have an onsite proxy server or management appliance, such as at a small business client’s remote location. Now, IT managers can:

Securely update and service PCs, via a prescheduled maintenance time when the PC initiates a secure connection to the IT console. This capa- bility is available even when the system is outside the corporate firewall.

Hotkey auto-connection to IT console, so a user can quickly connect the PC to the IT console for help or system servicing.

The PC-initiated communications capability works through the use of an Intel vPro technology-enabled gateway in the DMZ (demilitarized zone) that exists between the corporate and client firewalls (see Figure 2). System configuration information in the PC includes the name(s) of appropriate management servers for the company. The gateway uses that information to help authenticate the PC. The gateway then mediates communication between the PC and the company’s management servers during the repair or update session.

Communicate remotely with wired or wireless PCs

Once Intel vPro technology is activated, an authorized IT technician can communicate with PCs with a new 2010 Intel Core vPro processor:

Wired AC-powered PC – anytime. Even if hardware (such as a hard drive) has failed, the OS is unresponsive, the PC is powered off, or its management agents are missing, the communication channel is still available. As long as the system is plugged into a wired LAN and connected to an AC power source, the channel is available to autho- rized technicians.

Wireless laptop on battery power – anytime the system is awake and connected to the corporate network, even if the OS is unresponsive.17

Wired, connected to the corporate network over a host OS-based

VPN – anytime the system is awake and working properly.

PC-initiated secure communication

PC-initiated secure communication is a new capability that allows a PC to initiate its own secure communication tunnel back to an authorized server. For example, the PC Alarm Clock feature allows IT to schedule the PC to wake itself – even from a powered down state. The PC can then use other hardware-based capabilities to call “home” to look for updates or initiate other maintenance or service tasks. Because of authentication protocols, this communication capability relies on collaboration with the industry to establish secure gateways for client-initiated communication.

1

Secure tunnel for communication outside corporate firewall

Laptop or desktop PC with a new 2010

2

Intel® vPro™ technology-enabled gateway

Intel® Core™ vPro™ processor initiates

authenticates PC and sends the connection

a remote access connection to the Intel

 

event to the management console.

vPro technology-enabled gateway.

 

 

 

 

Intel vPro technology-

 

 

 

 

 

 

enabled gateway

 

 

 

Management console

 

 

 

 

 

 

 

 

 

 

 

 

 

3

Management console opens secure tunnel,

 

 

 

 

 

 

Firewall

DMZ

Firewall

mediates communication with the PC for

 

 

(demilitarized zone)

 

 

 

updates or diagnositics and repair

Figure 2. Communication to PCs outside the corporate firewall is secured via TLS. An Intel® vPro™ technology-enabled gateway authenticates wired and wireless PCs, opens a secure TLS tunnel between the management console and PC, and mediates communication.

10