White Paper: The All New 2010 Intel® Core™ vPro™ Processor Family: Intelligence that Adapts to Your Needs
Use an existing management console for both laptop and desktop PCsPCs with a new 2010 Intel Core vPro processor can use the same management console and communication mechanisms as other PCs. You can manage both laptop and desktop PCs with a new Intel Core vPro processor from the same IT console.
Leading management software companies such as HP, LANDesk, Microsoft, and Symantec have optimized their software to take advantage of the intelligent capabilities of a new 2010 Intel Core vPro processor. For small businesses with less than 500 PCs, IT administrators can turn to management software such as N-able Technologies’ N-central* to take advantage of a new 2010 Intel Core vPro processor.
These vendors support both previous and current versions of Intel vPro technology. IT administrators who have already deployed PCs with Intel vPro technology do not have to change their management console to use PCs with a new 2010 Intel Core vPro processor. Ask your management -console vendor about specific implementation schedules and support for the new hardware-based security and remote-management capabilities for both laptop and desktop PCs.
Remote communication – virtually anytime
Software-only management applications are usually installed at the same level as the OS (see Figure 1). This leaves their management agents vulnerable to tampering. Communication privacy is also an issue in today’s PCs because the in-band, software-based communication channel they use is not secure.
In contrast, the all new 2010 Intel Core vPro processor family delivers both “readily-available” (out-of-band) remote communication built into the PC, as well as robust security technologies. These security technologies help ensure that the powerful capabilities of Intel vPro technology, as well as your stored information, are better protected.
The communication channel used by Intel vPro technology runs “under” or outside the OS (see Figure 1). This out-of-band (OOB) channel is based on the TCP/IP firmware stack designed into PC hardware, and does not use the software stack in the OS. The channel allows critical system communication (such as alerting) and operations (such as agent presence checking, remote booting, and console redirection) to continue more securely virtually anytime, even if OS, applications, or hard drive have failed.
A new 2010 Intel® Core™ vPro™ processor uses an out-of-band communication channel to communicate with the IT console
PC
In-band communication goes through the software stack in the OS, and Is secured via OS features and software- based security applications
Out-of-band communication tunnel sits “below” the OS and applications, goes through the TCP/IP firmware stack, and is secured with hardware-based TLS encryption
Hard drive and memory with OS and applications – “In-band” communication
| System memory | | | OS and applications |
| | | | | | |
| RAM | | | | Software stack | |
| | |
| | | | | | |
| | | | | | |
Motherboard – Communication below the OS (out-of-band)
| | Isolated, | | | Intel® processor | | | | Intel® chipset |
| | | | | | | | | |
| tamper-resistant memory | | | | | | | | Firmware | |
| | | | Intel® AMT | | | | New 2010 | | | | | | | |
| | | | | | | | | | | TCP/IP | | |
| | | | | | | Intel® Core™ | | | | | | |
| BIOS | | | nonvolatile | | | | vPro™ Processor | | | | | firmware stack | | |
| | | | memory | | | | | | | | | |
| | | | | | | | | | | | | | | |
| | | | | | | | | | | | | | | |
Intel®
network adapter
Internet
IT console
In-band communication
Out-of-band communication
Figure 1. Out-of-band communication. Secure communication channel runs “under” or outside the OS regardless of the health of the operating system or the power state of the PC, even if the PC’s hard drive is removed.
