Intel I5, I7 Key benefits of virtualization, Intel® VT is compatible with other technologies, Intel® Virtualization Technology (Intel® VT) features

Virtualization can be achieved entirely with software — but this approach has traditionally had several challenges, including too much overhead, poor performance, and unenforced isolation (a security issue).

Intel VT includes hardware enhancements that shift much of the burden of software-based virtualization into the hardware. This simplifies and reduces the overhead of virtualization, making it easier for third-party vendors to build lightweight VMMs. It also helps make virtualization more efficient and secure in general, and significantly improves performance – to near native levels or better, depending on the virtualization model.

Improving isolation and security

Intel VT includes hardware enhancements that virtualize memory, the CPU, and directed I/O. These features provide a significant level of hardware enforcement for the VMM’s memory manager, and significantly improve isolation of the virtual environment. In turn, this helps improve security for critical processes and sensitive data.

Establishing a trusted execution environment

One of the persistent challenges of virtualization is ensuring the integrity of the VMM. Intel TXT addresses this important security issue using a hardware-rooted process that establishes a root of trust, which allows software to build a chain of trust from the “bare-metal” hardware to a fully functional VMM.19 Using hash-based measurements protected by hardware, Intel TXT can detect changes to the VMM during its launch, which helps ensure that virtual machines will run

as expected. The process allows the VMM to be verified earlier than with current software protection mechanisms (such as virus detection software).

Intel TXT also protects secrets (security credentials) during power transitions. With Intel TXT, during OS and application launch, passwords and keys are stored in protected memory. When the PC is rebooted, Intel TXT detects that secrets are still stored in memory, removes the secrets, then allows a normal boot process. (Secrets are not removed by Intel TXT after a normal protected partition tear-down. Removal of secrets under normal shutdown is handled by the VMM.) With Intel TXT, secrets that

Table 5. Virtualization support in laptop and desktop PCs.

have not traditionally been protected before the OS and security applications are launched, are now protected even after improper shut-downs and in the traditionally vulnerable state before the OS and applications load once again.

Intel TXT is available in the latest laptop and desktop PCs with a new Intel Core vPro processor.

Standard memory, storage, and graphics cards work with Intel VT.5 The latest laptop and desktop PCs with a new Intel Core vPro processor can also run most off-the-shelf OSs and applications without IT administrators having to perform special installation steps. The hardware -based virtualization technology is also designed to work with and complement other advanced security and management technologies from Intel, such as Intel AMT.

PCs with hardware-based virtualization offer IT benefits in:

•Flexibility. Support both traditional and alternative compute models on a single standardized PC build.

•Legacy support. Run legacy applications seamlessly in a user environment, and still maintain high security in a separate virtual environment through the use of Intel VT and Intel TXT.

•Hardware-based security. Take advantage of hardware VM isola- tion, VMM launch verification, and memory protection for secrets (via Intel TXT) provide a robust, isolated, tamper-resistant environment for streaming an OS and/or applications into virtual containers on the PC from a centralized management server.

•Productivity. Provide local execution for laptop PCs who are off the network, while streaming applications or OSs to other users who are network connected.

•Performance. Great user experience with local, hardware-level acceleration for local processing and video.

•Leading ISV support from Citrix, VMWare, Microsoft, and Symantec.