APLawrence.com -  Resources for Unix and Linux Systems, Bloggers and the self-employed

Intel's vPro

Intel introduced vPro yesterday: http://www.intel.com/vpro/index.htm

There are two parts to Intel's vision for business desktops: management and security. Intel says there are three parts, counting energy management as the third. Oh, OK. Three parts.

All of this comes from virtualization software. Your vPro desktop will be running a virtual machine, and therefore can be protected and managed as such. Somewhere a controlling server tracks the desktop PC's and gives this remote capabilities. All very interesting, Go watch the videos to get the details.

However, the first question in my mind was "What about VMware, Xen, etc.?".

It's not clear to me what's really being done here. Is the user's OS installed under the vPro VM? If I'm reading this right, that's exactly what's being done. If so, that would seem to prevent running another VM inside that OS.

In other words, if Intel is running a hypervisor in hardware, could these machines also run VMware Player, Xen or whatever in the user's OS? I'd think not. True, in a corporate environment that may not be as important for invidual pc's, but it still could be desirable for things like secure browsers and other VMware Player apps. Developers also want VM's for testing on different OSEs or different OS versions, so the usage of machines like this might be limited.

Or perhaps I misunderstood?



Got something to add? Send me email.



3 comments



Increase ad revenue 50-250% with Ezoic


More Articles by

Find me on Google+

© Anthony Lawrence







Thu Apr 27 11:56:40 2006: 1969   drag


Na, I don't think it includes a hypervisor per say. In their 'white paper' they mentioned "third party software" several times.

I think they lumped the Vanderpool stuff as part of the 'vPro' solution, but that's only a small part. That 'vPro' is a few different things intel has done that they thought sounded cool if they tried to make it look like some huge new concept.

I beleive a major part of what they are talking about is a on-board management console built into the hardware. Like a more advanced BIOS or whatnot that can be accessed over the network. That way you have some sort of management console that you can do things like find out what 'Vpro'-enabled PCs are attatched to the network and their configuration. Maybe also provide a boot menu or have the ability to restart the computer or some other stuff like that.

Keep in mind that I've haven't looked to far into it, but I've seen little things here and there about network management features when looking up information on Intel's motherboard chipsets.

For example here is a little 2 page PDF advertising Novell Zenwork's ability to do (what it sounds like at least) things like reload a system image over a network automaticly.
(link)

So say your a unfortunate person in charge of managing dozens of Windows XP machines. You have a system image that you use to install on all the machines. Now those XP machines get rooted by some IE virus or worm. It looks like you can then use Zenworks to pretty much automaticly have those machines wipe the harddrive and load the system image over it remotely over a network.

It'll be interesting to see what sort of security features Intel has to prevent some kid from walking into a building with a notebook and wiping out half the network as a practical joke.



Thu Apr 27 12:22:33 2006: 1970   TonyLawrence

gravatar
No, they definitely said that the security and managent software is running in a VM. They touted that as keeping the A/V software more secure, etc.



Sat Apr 29 11:14:10 2006: 1977   TonyLawrence

gravatar
Here's a link to an article that discusses the problem of vPro doing its own thing with virtualization: (link) (see the last few paragraphs particularly). It confirms what I thought: the user's OS is running in a VM:.

The same goes for the security solutions that Bryant says should be revolutionized by the virtualization technologies found in vPro. As if lack of any hypervisor standards isn't bad enough (Xen, Microsoft, and VMWare all use different hypervisor techs to host virtual machines), Intel is giving away a new (and fourth) hypervisor with a slightly different twist. It supports two partitions (using Intel's VT technology which has been shipping in Intel chips since last year), one of which is for the end users production operating system (eg: Windows) and the other which Bryant says is ideal to be an appliance with an embedded OS. For example a security appliance running intrusion detection software for the whole computer so the production operating system doesn't have to. Cool idea. But again, Intel is just now working with partners like Symantec to build the software that turns that sidecar partition into the appliance that Intel has in mind.

------------------------
Kerio Connect Mailserver

Kerio Samepage

Kerio Control Firewall

Have you tried Searching this site?

Unix/Linux/Mac OS X support by phone, email or on-site: Support Rates

This is a Unix/Linux resource website. It contains technical articles about Unix, Linux and general computing related subjects, opinion, news, help files, how-to's, tutorials and more.

Contact us





All of science is nothing more than the refinement of everyday thinking. (Albert Einstein)

I think there is a world market for maybe five computers. (Thomas Watson, Chairman of IBM, 1943)







This post tagged: