Welcome!

Blog Feed Post

Making vPro Work For You

Logo of Intel, Jul 1968 - Dec 2005

Image via Wikipedia

vPro is a suite of high-impact technology that has just begun to make its presence known in mainstream IT organizations.  vPro can help you bring your organization’s security structure into shape with features that make a dramatic positive difference.

vPro technologies are implemented in the hardware and firmware of the Intel chipset in Intel Core 2 Duo computers and above (at the bottom of this post is a link to a list of vPro-enabled processors) which can provide everything from secure remote management to hardware-assisted virtualization.  This suite of technologies holds many computer security advantages for the corporations willing and able to take advantage of them.

When you hear vPro think of Active Management Technology (AMT) and Trusted Execution Technology (TXT).  There are other capabilities in vPro but these are the first two we recommend implementing to dramatically enhance your enterprise security.

Active Management Technology

AMT is the Intel implementation of the open DASH standard (DASH stands for Desktop and Mobile Architecture for System Hardware) of the Distributed Management Task Force (DMTF). Consider an enterprise where computers may need to have a significant amount of reliable up-time through business hours. Most of the machines when they are left for the night are shut off, which means that at 1:00am, the only time that IT has to push security updates, most of the computers are off and only receive updates when turned on the next day by students, causing up-time issues.

By utilizing AMT with vPro-enabled chipsets, the enterprise IT shop could turn on all the computers on the network, allow them to receive the update, and then turn them back off when it is finished. This saves the organization time, money, and vulnerability exposure from the thousands of users browsing the internet from the machines each day.

Other AMT technologies that have security uses/implementations are remote KVM at BIOS and the ability to remotely isolate PC’s from the network at a hardware level

Trusted Execution Technology (TXT):

The Intel Trusted Execution Technology is instrumental in detecting and preventing malware from running on a vPro-enabled computer. At boot-time, the computer checks the validity of the configurations against stored configurations in protected memory in the processor. If the two don’t match, then it can be safely assumed that some tampering has occurred.

The same sort of approach is also taken with encryption key management. The keys are encrypted within hardware, but will only be decrypted when the environment is the same as when the keys were first encrypted. Thus preventing key theft in the event of exploitation.

The TXT system also allows for increased protection with the both the display and the input of data to a system with TXT-developed software. USB keyboards can be configured to have encrypted communications with the system, and software applications can be developed using more secure system calls to the computer display, preventing applications that sniff internal communications from stealing sensitive information.

Theft Protection:

Theft protection is one of the biggest and most-developed areas of the vPro technology suite.  By utilizing the out-of-band communication capabilities built-in the to vPro system, some proprietary Intel technologies, and a 3G wireless connection built into the laptop, fears about stolen laptops and desktops can be alleviated quickly and efficiently using a “poison pill”.

The poison pill is a code that can be sent remotely by system administrators from an asset management console to the device to render it inaccessible and useless by deleting encryption keys and disabling key boot processes. This code can be sent via wireless 3G, wired, WiFi, or SMS to the target device. When the poison pill is sent, the target computer. Different conditions can be set for the computer to activate its theft mode locally as well, such as a specified number of login failures, or failure to check in with the remote server after a designated time interval.

Beyond the Boundaries:

Today’s businesses are more and more often placing people outside of the relative safety of the internal corporate network and into unknown and sometimes even dangerous locales. By setting up a secure method of communications with the corporate network, companies can be more assured of the integrity, confidentiality, and accessibility of their data. But how does a company go about implementing this?

By building a network from the ground-up with compliant hardware, and utilizing a vPro gateway, properly configured clients will be able to establish highly secured and encrypted communications throughout their travels. By combining the security and management features with the roaming security tunnels, a fairly secure system with high accessibility could be achieved by a determined organization.

Comparisons to “Current” Tech:

Most of the issues with current tech is the lack of high-level integration with the hardware, firmware, and software of a computer in the sense that usually a software breach can compromise firmware and sometimes hardware. What the vPro system has done is reduced the available information to be gained from exploiting the operating system, automatically disabled infected and stolen computers, and created a remote viewing and on/off switch that has a high degree of manageability.

Current solutions generally don’t stand up to the same kinds of tasks because the solutions require complex hardware solutions that Intel is offering here in the form of AMT and their Third Party Protected Storage system. Sure, a company could continue to use full disk encryption, VPN’s, and Active Directory, but these solutions lack Out-of-Band communications with hardware, and are all software solutions with their own separate flaws and vulnerabilities that could each be exploited to affect the others (even the full disk encryption has methods for being defeated.  vPro technologies could mitigate or negate many current attacks).

More Resources for vPro technology application:

List of processors supporting vPro: http://www.intel.com/support/vpro/sb/CS-030703.htm#core17m

Intel vPro Whitepaper: http://www.intel.com/technology/vpro/pdf/intelcorevprowhitepaper.pdf

More about AMT and its features: http://cache-www.intel.com/cd/00/00/32/09/320960_320960.pdf

 

Read the original blog entry...

More Stories By Bob Gourley

Bob Gourley writes on enterprise IT. He is a founder and partner at Cognitio Corp and publsher of CTOvision.com

Latest Stories
While DevOps most critically and famously fosters collaboration, communication, and integration through cultural change, culture is more of an output than an input. In order to actively drive cultural evolution, organizations must make substantial organizational and process changes, and adopt new technologies, to encourage a DevOps culture. Moderated by Andi Mann, panelists discussed how to balance these three pillars of DevOps, where to focus attention (and resources), where organizations might...
New competitors, disruptive technologies, and growing expectations are pushing every business to both adopt and deliver new digital services. This ‘Digital Transformation’ demands rapid delivery and continuous iteration of new competitive services via multiple channels, which in turn demands new service delivery techniques – including DevOps. In this power panel at @DevOpsSummit 20th Cloud Expo, moderated by DevOps Conference Co-Chair Andi Mann, panelists examined how DevOps helps to meet the de...
When growing capacity and power in the data center, the architectural trade-offs between server scale-up vs. scale-out continue to be debated. Both approaches are valid: scale-out adds multiple, smaller servers running in a distributed computing model, while scale-up adds fewer, more powerful servers that are capable of running larger workloads. It’s worth noting that there are additional, unique advantages that scale-up architectures offer. One big advantage is large memory and compute capacity...
You know you need the cloud, but you’re hesitant to simply dump everything at Amazon since you know that not all workloads are suitable for cloud. You know that you want the kind of ease of use and scalability that you get with public cloud, but your applications are architected in a way that makes the public cloud a non-starter. You’re looking at private cloud solutions based on hyperconverged infrastructure, but you’re concerned with the limits inherent in those technologies.
The taxi industry never saw Uber coming. Startups are a threat to incumbents like never before, and a major enabler for startups is that they are instantly “cloud ready.” If innovation moves at the pace of IT, then your company is in trouble. Why? Because your data center will not keep up with frenetic pace AWS, Microsoft and Google are rolling out new capabilities. In his session at 20th Cloud Expo, Don Browning, VP of Cloud Architecture at Turner, posited that disruption is inevitable for comp...
No hype cycles or predictions of zillions of things here. IoT is big. You get it. You know your business and have great ideas for a business transformation strategy. What comes next? Time to make it happen. In his session at @ThingsExpo, Jay Mason, Associate Partner at M&S Consulting, presented a step-by-step plan to develop your technology implementation strategy. He discussed the evaluation of communication standards and IoT messaging protocols, data analytics considerations, edge-to-cloud tec...
"When we talk about cloud without compromise what we're talking about is that when people think about 'I need the flexibility of the cloud' - it's the ability to create applications and run them in a cloud environment that's far more flexible,” explained Matthew Finnie, CTO of Interoute, in this SYS-CON.tv interview at 20th Cloud Expo, held June 6-8, 2017, at the Javits Center in New York City, NY.
Cloud applications are seeing a deluge of requests to support the exploding advanced analytics market. “Open analytics” is the emerging strategy to deliver that data through an open data access layer, in the cloud, to be directly consumed by external analytics tools and popular programming languages. An increasing number of data engineers and data scientists use a variety of platforms and advanced analytics languages such as SAS, R, Python and Java, as well as frameworks such as Hadoop and Spark...
"We are a monitoring company. We work with Salesforce, BBC, and quite a few other big logos. We basically provide monitoring for them, structure for their cloud services and we fit into the DevOps world" explained David Gildeh, Co-founder and CEO of Outlyer, in this SYS-CON.tv interview at DevOps Summit at 20th Cloud Expo, held June 6-8, 2017, at the Javits Center in New York City, NY.
The Internet giants are fully embracing AI. All the services they offer to their customers are aimed at drawing a map of the world with the data they get. The AIs from these companies are used to build disruptive approaches that cannot be used by established enterprises, which are threatened by these disruptions. However, most leaders underestimate the effect this will have on their businesses. In his session at 21st Cloud Expo, Rene Buest, Director Market Research & Technology Evangelism at Ara...
SYS-CON Events announced today that Silicon India has been named “Media Sponsor” of SYS-CON's 21st International Cloud Expo, which will take place on Oct 31 – Nov 2, 2017, at the Santa Clara Convention Center in Santa Clara, CA. Published in Silicon Valley, Silicon India magazine is the premiere platform for CIOs to discuss their innovative enterprise solutions and allows IT vendors to learn about new solutions that can help grow their business.
Join us at Cloud Expo June 6-8 to find out how to securely connect your cloud app to any cloud or on-premises data source – without complex firewall changes. More users are demanding access to on-premises data from their cloud applications. It’s no longer a “nice-to-have” but an important differentiator that drives competitive advantages. It’s the new “must have” in the hybrid era. Users want capabilities that give them a unified view of the data to get closer to customers and grow business. The...
Amazon started as an online bookseller 20 years ago. Since then, it has evolved into a technology juggernaut that has disrupted multiple markets and industries and touches many aspects of our lives. It is a relentless technology and business model innovator driving disruption throughout numerous ecosystems. Amazon’s AWS revenues alone are approaching $16B a year making it one of the largest IT companies in the world. With dominant offerings in Cloud, IoT, eCommerce, Big Data, AI, Digital Assista...
The current age of digital transformation means that IT organizations must adapt their toolset to cover all digital experiences, beyond just the end users’. Today’s businesses can no longer focus solely on the digital interactions they manage with employees or customers; they must now contend with non-traditional factors. Whether it's the power of brand to make or break a company, the need to monitor across all locations 24/7, or the ability to proactively resolve issues, companies must adapt to...
"Loom is applying artificial intelligence and machine learning into the entire log analysis process, from start to finish and at the end you will get a human touch,” explained Sabo Taylor Diab, Vice President, Marketing at Loom Systems, in this SYS-CON.tv interview at 20th Cloud Expo, held June 6-8, 2017, at the Javits Center in New York City, NY.