Welcome!

Blog Feed Post

Making vPro Work For You

Logo of Intel, Jul 1968 - Dec 2005

Image via Wikipedia

vPro is a suite of high-impact technology that has just begun to make its presence known in mainstream IT organizations.  vPro can help you bring your organization’s security structure into shape with features that make a dramatic positive difference.

vPro technologies are implemented in the hardware and firmware of the Intel chipset in Intel Core 2 Duo computers and above (at the bottom of this post is a link to a list of vPro-enabled processors) which can provide everything from secure remote management to hardware-assisted virtualization.  This suite of technologies holds many computer security advantages for the corporations willing and able to take advantage of them.

When you hear vPro think of Active Management Technology (AMT) and Trusted Execution Technology (TXT).  There are other capabilities in vPro but these are the first two we recommend implementing to dramatically enhance your enterprise security.

Active Management Technology

AMT is the Intel implementation of the open DASH standard (DASH stands for Desktop and Mobile Architecture for System Hardware) of the Distributed Management Task Force (DMTF). Consider an enterprise where computers may need to have a significant amount of reliable up-time through business hours. Most of the machines when they are left for the night are shut off, which means that at 1:00am, the only time that IT has to push security updates, most of the computers are off and only receive updates when turned on the next day by students, causing up-time issues.

By utilizing AMT with vPro-enabled chipsets, the enterprise IT shop could turn on all the computers on the network, allow them to receive the update, and then turn them back off when it is finished. This saves the organization time, money, and vulnerability exposure from the thousands of users browsing the internet from the machines each day.

Other AMT technologies that have security uses/implementations are remote KVM at BIOS and the ability to remotely isolate PC’s from the network at a hardware level

Trusted Execution Technology (TXT):

The Intel Trusted Execution Technology is instrumental in detecting and preventing malware from running on a vPro-enabled computer. At boot-time, the computer checks the validity of the configurations against stored configurations in protected memory in the processor. If the two don’t match, then it can be safely assumed that some tampering has occurred.

The same sort of approach is also taken with encryption key management. The keys are encrypted within hardware, but will only be decrypted when the environment is the same as when the keys were first encrypted. Thus preventing key theft in the event of exploitation.

The TXT system also allows for increased protection with the both the display and the input of data to a system with TXT-developed software. USB keyboards can be configured to have encrypted communications with the system, and software applications can be developed using more secure system calls to the computer display, preventing applications that sniff internal communications from stealing sensitive information.

Theft Protection:

Theft protection is one of the biggest and most-developed areas of the vPro technology suite.  By utilizing the out-of-band communication capabilities built-in the to vPro system, some proprietary Intel technologies, and a 3G wireless connection built into the laptop, fears about stolen laptops and desktops can be alleviated quickly and efficiently using a “poison pill”.

The poison pill is a code that can be sent remotely by system administrators from an asset management console to the device to render it inaccessible and useless by deleting encryption keys and disabling key boot processes. This code can be sent via wireless 3G, wired, WiFi, or SMS to the target device. When the poison pill is sent, the target computer. Different conditions can be set for the computer to activate its theft mode locally as well, such as a specified number of login failures, or failure to check in with the remote server after a designated time interval.

Beyond the Boundaries:

Today’s businesses are more and more often placing people outside of the relative safety of the internal corporate network and into unknown and sometimes even dangerous locales. By setting up a secure method of communications with the corporate network, companies can be more assured of the integrity, confidentiality, and accessibility of their data. But how does a company go about implementing this?

By building a network from the ground-up with compliant hardware, and utilizing a vPro gateway, properly configured clients will be able to establish highly secured and encrypted communications throughout their travels. By combining the security and management features with the roaming security tunnels, a fairly secure system with high accessibility could be achieved by a determined organization.

Comparisons to “Current” Tech:

Most of the issues with current tech is the lack of high-level integration with the hardware, firmware, and software of a computer in the sense that usually a software breach can compromise firmware and sometimes hardware. What the vPro system has done is reduced the available information to be gained from exploiting the operating system, automatically disabled infected and stolen computers, and created a remote viewing and on/off switch that has a high degree of manageability.

Current solutions generally don’t stand up to the same kinds of tasks because the solutions require complex hardware solutions that Intel is offering here in the form of AMT and their Third Party Protected Storage system. Sure, a company could continue to use full disk encryption, VPN’s, and Active Directory, but these solutions lack Out-of-Band communications with hardware, and are all software solutions with their own separate flaws and vulnerabilities that could each be exploited to affect the others (even the full disk encryption has methods for being defeated.  vPro technologies could mitigate or negate many current attacks).

More Resources for vPro technology application:

List of processors supporting vPro: http://www.intel.com/support/vpro/sb/CS-030703.htm#core17m

Intel vPro Whitepaper: http://www.intel.com/technology/vpro/pdf/intelcorevprowhitepaper.pdf

More about AMT and its features: http://cache-www.intel.com/cd/00/00/32/09/320960_320960.pdf

 

Read the original blog entry...

More Stories By Bob Gourley

Bob Gourley writes on enterprise IT. He is a founder and partner at Cognitio Corp and publsher of CTOvision.com

Latest Stories
As many know, the first generation of Cloud Management Platform (CMP) solutions were designed for managing virtual infrastructure (IaaS) and traditional applications. But that's no longer enough to satisfy evolving and complex business requirements. In his session at 21st Cloud Expo, Scott Davis, Embotics CTO, explored how next-generation CMPs ensure organizations can manage cloud-native and microservice-based application architectures, while also facilitating agile DevOps methodology. He expla...
Most technology leaders, contemporary and from the hardware era, are reshaping their businesses to do software. They hope to capture value from emerging technologies such as IoT, SDN, and AI. Ultimately, irrespective of the vertical, it is about deriving value from independent software applications participating in an ecosystem as one comprehensive solution. In his session at @ThingsExpo, Kausik Sridhar, founder and CTO of Pulzze Systems, discussed how given the magnitude of today's application ...
With tough new regulations coming to Europe on data privacy in May 2018, Calligo will explain why in reality the effect is global and transforms how you consider critical data. EU GDPR fundamentally rewrites the rules for cloud, Big Data and IoT. In his session at 21st Cloud Expo, Adam Ryan, Vice President and General Manager EMEA at Calligo, examined the regulations and provided insight on how it affects technology, challenges the established rules and will usher in new levels of diligence arou...
Modern software design has fundamentally changed how we manage applications, causing many to turn to containers as the new virtual machine for resource management. As container adoption grows beyond stateless applications to stateful workloads, the need for persistent storage is foundational - something customers routinely cite as a top pain point. In his session at @DevOpsSummit at 21st Cloud Expo, Bill Borsari, Head of Systems Engineering at Datera, explored how organizations can reap the bene...
You know you need the cloud, but you're hesitant to simply dump everything at Amazon since you know that not all workloads are suitable for cloud. You know that you want the kind of ease of use and scalability that you get with public cloud, but your applications are architected in a way that makes the public cloud a non-starter. You're looking at private cloud solutions based on hyperconverged infrastructure, but you're concerned with the limits inherent in those technologies. What do you do?
Recently, WebRTC has a lot of eyes from market. The use cases of WebRTC are expanding - video chat, online education, online health care etc. Not only for human-to-human communication, but also IoT use cases such as machine to human use cases can be seen recently. One of the typical use-case is remote camera monitoring. With WebRTC, people can have interoperability and flexibility for deploying monitoring service. However, the benefit of WebRTC for IoT is not only its convenience and interopera...
Sanjeev Sharma Joins June 5-7, 2018 @DevOpsSummit at @Cloud Expo New York Faculty. Sanjeev Sharma is an internationally known DevOps and Cloud Transformation thought leader, technology executive, and author. Sanjeev's industry experience includes tenures as CTO, Technical Sales leader, and Cloud Architect leader. As an IBM Distinguished Engineer, Sanjeev is recognized at the highest levels of IBM's core of technical leaders.
In his general session at 21st Cloud Expo, Greg Dumas, Calligo’s Vice President and G.M. of US operations, discussed the new Global Data Protection Regulation and how Calligo can help business stay compliant in digitally globalized world. Greg Dumas is Calligo's Vice President and G.M. of US operations. Calligo is an established service provider that provides an innovative platform for trusted cloud solutions. Calligo’s customers are typically most concerned about GDPR compliance, application p...
Mobile device usage has increased exponentially during the past several years, as consumers rely on handhelds for everything from news and weather to banking and purchases. What can we expect in the next few years? The way in which we interact with our devices will fundamentally change, as businesses leverage Artificial Intelligence. We already see this taking shape as businesses leverage AI for cost savings and customer responsiveness. This trend will continue, as AI is used for more sophistica...
The 22nd International Cloud Expo | 1st DXWorld Expo has announced that its Call for Papers is open. Cloud Expo | DXWorld Expo, to be held June 5-7, 2018, at the Javits Center in New York, NY, brings together Cloud Computing, Digital Transformation, Big Data, Internet of Things, DevOps, Machine Learning and WebRTC to one location. With cloud computing driving a higher percentage of enterprise IT budgets every year, it becomes increasingly important to plant your flag in this fast-expanding busin...
SYS-CON Events announced today that Synametrics Technologies will exhibit at SYS-CON's 22nd International Cloud Expo®, which will take place on June 5-7, 2018, at the Javits Center in New York, NY. Synametrics Technologies is a privately held company based in Plainsboro, New Jersey that has been providing solutions for the developer community since 1997. Based on the success of its initial product offerings such as WinSQL, Xeams, SynaMan and Syncrify, Synametrics continues to create and hone inn...
Smart cities have the potential to change our lives at so many levels for citizens: less pollution, reduced parking obstacles, better health, education and more energy savings. Real-time data streaming and the Internet of Things (IoT) possess the power to turn this vision into a reality. However, most organizations today are building their data infrastructure to focus solely on addressing immediate business needs vs. a platform capable of quickly adapting emerging technologies to address future ...
No hype cycles or predictions of a gazillion things here. IoT is here. You get it. You know your business and have great ideas for a business transformation strategy. What comes next? Time to make it happen. In his session at @ThingsExpo, Jay Mason, an Associate Partner of Analytics, IoT & Cybersecurity at M&S Consulting, presented a step-by-step plan to develop your technology implementation strategy. He also discussed the evaluation of communication standards and IoT messaging protocols, data...
Product connectivity goes hand and hand these days with increased use of personal data. New IoT devices are becoming more personalized than ever before. In his session at 22nd Cloud Expo | DXWorld Expo, Nicolas Fierro, CEO of MIMIR Blockchain Solutions, will discuss how in order to protect your data and privacy, IoT applications need to embrace Blockchain technology for a new level of product security never before seen - or needed.
In his session at 21st Cloud Expo, Raju Shreewastava, founder of Big Data Trunk, provided a fun and simple way to introduce Machine Leaning to anyone and everyone. He solved a machine learning problem and demonstrated an easy way to be able to do machine learning without even coding. Raju Shreewastava is the founder of Big Data Trunk (www.BigDataTrunk.com), a Big Data Training and consulting firm with offices in the United States. He previously led the data warehouse/business intelligence and B...