Intel's vPro

Intel introduced vPro yesterday: http://www.intel.com/vpro/index.htm

There are two parts to Intel's vision for business desktops: management and security. Intel says there are three parts, counting energy management as the third. Oh, OK. Three parts.

All of this comes from virtualization software. Your vPro desktop will be running a virtual machine, and therefore can be protected and managed as such. Somewhere a controlling server tracks the desktop PC's and gives this remote capabilities. All very interesting, Go watch the videos to get the details.

However, the first question in my mind was "What about VMware, Xen, etc.?".

It's not clear to me what's really being done here. Is the user's OS installed under the vPro VM? If I'm reading this right, that's exactly what's being done. If so, that would seem to prevent running another VM inside that OS.

In other words, if Intel is running a hypervisor in hardware, could these machines also run VMware Player, Xen or whatever in the user's OS? I'd think not. True, in a corporate environment that may not be as important for invidual pc's, but it still could be desirable for things like secure browsers and other VMware Player apps. Developers also want VM's for testing on different OSEs or different OS versions, so the usage of machines like this might be limited.

Or perhaps I misunderstood?

Click here to add your comments




Thu Apr 27 11:56:40 2006: Subject:   drag


Na, I don't think it includes a hypervisor per say. In their 'white paper' they mentioned "third party software" several times.

I think they lumped the Vanderpool stuff as part of the 'vPro' solution, but that's only a small part. That 'vPro' is a few different things intel has done that they thought sounded cool if they tried to make it look like some huge new concept.

I beleive a major part of what they are talking about is a on-board management console built into the hardware. Like a more advanced BIOS or whatnot that can be accessed over the network. That way you have some sort of management console that you can do things like find out what 'Vpro'-enabled PCs are attatched to the network and their configuration. Maybe also provide a boot menu or have the ability to restart the computer or some other stuff like that.

Keep in mind that I've haven't looked to far into it, but I've seen little things here and there about network management features when looking up information on Intel's motherboard chipsets.

For example here is a little 2 page PDF advertising Novell Zenwork's ability to do (what it sounds like at least) things like reload a system image over a network automaticly.
http://www.intel.com/technology/manage/downloads/306433.pdf

So say your a unfortunate person in charge of managing dozens of Windows XP machines. You have a system image that you use to install on all the machines. Now those XP machines get rooted by some IE virus or worm. It looks like you can then use Zenworks to pretty much automaticly have those machines wipe the harddrive and load the system image over it remotely over a network.

It'll be interesting to see what sort of security features Intel has to prevent some kid from walking into a building with a notebook and wiping out half the network as a practical joke.



Thu Apr 27 12:22:33 2006: Subject:   TonyLawrence


No, they definitely said that the security and managent software is running in a VM. They touted that as keeping the A/V software more secure, etc.



Sat Apr 29 11:14:10 2006: Subject:   TonyLawrence


Here's a link to an article that discusses the problem of vPro doing its own thing with virtualization: http://blogs.zdnet.com/BTL/?p=2934 (see the last few paragraphs particularly). It confirms what I thought: the user's OS is running in a VM:.

The same goes for the security solutions that Bryant says should be revolutionized by the virtualization technologies found in vPro. As if lack of any hypervisor standards isn't bad enough (Xen, Microsoft, and VMWare all use different hypervisor techs to host virtual machines), Intel is giving away a new (and fourth) hypervisor with a slightly different twist. It supports two partitions (using Intel's VT technology which has been shipping in Intel chips since last year), one of which is for the end users production operating system (eg: Windows) and the other which Bryant says is ideal to be an appliance with an embedded OS. For example a security appliance running intrusion detection software for the whole computer so the production operating system doesn't have to. Cool idea. But again, Intel is just now working with partners like Symantec to build the software that turns that sidecar partition into the appliance that Intel has in mind.

Don't miss responses! Subscribe to Comments by RSS or by Email

Click here to add your comments

If you want a picture to show with your comment, go get a Gravatar

Take Control of Your Domain Names

Jump to Comments

Many of the products and books I review are things I purchased for my own use. Some were given to me specifically for the purpose of reviewing them. I resell or can earn commissions from the sale of some of these items. Links within these pages may be affiliate links that pay me for referring you to them. That's mostly insignificant amounts of money; whenever it is not I have made my relationship plain. I also may own stock in companies mentioned here. If you have any question, please do feel free to contact me.

Specific links that take you to pages that allow you to purchase the item I reviewed are very likely to pay me a commission. Many of the books I review were given to me by the publishers specifically for the purpose of writing a review. These gifts and referral fees do not affect my opinions; I often give bad reviews anyway.

We use Google third-party advertising companies to serve ads when you visit our website. These companies may use information (not including your name, address, email address, or telephone number) about your visits to this and other websites in order to provide advertisements about goods and services of interest to you. If you would like more information about this practice and to know your choices about not having this information used by these companies, click here.