Welcome!

Blog Feed Post

Making vPro Work For You

Logo of Intel, Jul 1968 - Dec 2005

Image via Wikipedia

vPro is a suite of high-impact technology that has just begun to make its presence known in mainstream IT organizations.  vPro can help you bring your organization’s security structure into shape with features that make a dramatic positive difference.

vPro technologies are implemented in the hardware and firmware of the Intel chipset in Intel Core 2 Duo computers and above (at the bottom of this post is a link to a list of vPro-enabled processors) which can provide everything from secure remote management to hardware-assisted virtualization.  This suite of technologies holds many computer security advantages for the corporations willing and able to take advantage of them.

When you hear vPro think of Active Management Technology (AMT) and Trusted Execution Technology (TXT).  There are other capabilities in vPro but these are the first two we recommend implementing to dramatically enhance your enterprise security.

Active Management Technology

AMT is the Intel implementation of the open DASH standard (DASH stands for Desktop and Mobile Architecture for System Hardware) of the Distributed Management Task Force (DMTF). Consider an enterprise where computers may need to have a significant amount of reliable up-time through business hours. Most of the machines when they are left for the night are shut off, which means that at 1:00am, the only time that IT has to push security updates, most of the computers are off and only receive updates when turned on the next day by students, causing up-time issues.

By utilizing AMT with vPro-enabled chipsets, the enterprise IT shop could turn on all the computers on the network, allow them to receive the update, and then turn them back off when it is finished. This saves the organization time, money, and vulnerability exposure from the thousands of users browsing the internet from the machines each day.

Other AMT technologies that have security uses/implementations are remote KVM at BIOS and the ability to remotely isolate PC’s from the network at a hardware level

Trusted Execution Technology (TXT):

The Intel Trusted Execution Technology is instrumental in detecting and preventing malware from running on a vPro-enabled computer. At boot-time, the computer checks the validity of the configurations against stored configurations in protected memory in the processor. If the two don’t match, then it can be safely assumed that some tampering has occurred.

The same sort of approach is also taken with encryption key management. The keys are encrypted within hardware, but will only be decrypted when the environment is the same as when the keys were first encrypted. Thus preventing key theft in the event of exploitation.

The TXT system also allows for increased protection with the both the display and the input of data to a system with TXT-developed software. USB keyboards can be configured to have encrypted communications with the system, and software applications can be developed using more secure system calls to the computer display, preventing applications that sniff internal communications from stealing sensitive information.

Theft Protection:

Theft protection is one of the biggest and most-developed areas of the vPro technology suite.  By utilizing the out-of-band communication capabilities built-in the to vPro system, some proprietary Intel technologies, and a 3G wireless connection built into the laptop, fears about stolen laptops and desktops can be alleviated quickly and efficiently using a “poison pill”.

The poison pill is a code that can be sent remotely by system administrators from an asset management console to the device to render it inaccessible and useless by deleting encryption keys and disabling key boot processes. This code can be sent via wireless 3G, wired, WiFi, or SMS to the target device. When the poison pill is sent, the target computer. Different conditions can be set for the computer to activate its theft mode locally as well, such as a specified number of login failures, or failure to check in with the remote server after a designated time interval.

Beyond the Boundaries:

Today’s businesses are more and more often placing people outside of the relative safety of the internal corporate network and into unknown and sometimes even dangerous locales. By setting up a secure method of communications with the corporate network, companies can be more assured of the integrity, confidentiality, and accessibility of their data. But how does a company go about implementing this?

By building a network from the ground-up with compliant hardware, and utilizing a vPro gateway, properly configured clients will be able to establish highly secured and encrypted communications throughout their travels. By combining the security and management features with the roaming security tunnels, a fairly secure system with high accessibility could be achieved by a determined organization.

Comparisons to “Current” Tech:

Most of the issues with current tech is the lack of high-level integration with the hardware, firmware, and software of a computer in the sense that usually a software breach can compromise firmware and sometimes hardware. What the vPro system has done is reduced the available information to be gained from exploiting the operating system, automatically disabled infected and stolen computers, and created a remote viewing and on/off switch that has a high degree of manageability.

Current solutions generally don’t stand up to the same kinds of tasks because the solutions require complex hardware solutions that Intel is offering here in the form of AMT and their Third Party Protected Storage system. Sure, a company could continue to use full disk encryption, VPN’s, and Active Directory, but these solutions lack Out-of-Band communications with hardware, and are all software solutions with their own separate flaws and vulnerabilities that could each be exploited to affect the others (even the full disk encryption has methods for being defeated.  vPro technologies could mitigate or negate many current attacks).

More Resources for vPro technology application:

List of processors supporting vPro: http://www.intel.com/support/vpro/sb/CS-030703.htm#core17m

Intel vPro Whitepaper: http://www.intel.com/technology/vpro/pdf/intelcorevprowhitepaper.pdf

More about AMT and its features: http://cache-www.intel.com/cd/00/00/32/09/320960_320960.pdf

 

Read the original blog entry...

More Stories By Bob Gourley

Bob Gourley writes on enterprise IT. He is a founder of Crucial Point and publisher of CTOvision.com

Latest Stories
As organizations shift towards IT-as-a-service models, the need for managing and protecting data residing across physical, virtual, and now cloud environments grows with it. Commvault can ensure protection, access and E-Discovery of your data – whether in a private cloud, a Service Provider delivered public cloud, or a hybrid cloud environment – across the heterogeneous enterprise. In his general session at 18th Cloud Expo, Randy De Meno, Chief Technologist - Windows Products and Microsoft Part...
Andi Mann, Chief Technology Advocate at Splunk, is an accomplished digital business executive with extensive global expertise as a strategist, technologist, innovator, marketer, and communicator. For over 30 years across five continents, he has built success with Fortune 500 corporations, vendors, governments, and as a leading research analyst and consultant.
To Really Work for Enterprises, MultiCloud Adoption Requires Far Better and Inclusive Cloud Monitoring and Cost Management … But How? Overwhelmingly, even as enterprises have adopted cloud computing and are expanding to multi-cloud computing, IT leaders remain concerned about how to monitor, manage and control costs across hybrid and multi-cloud deployments. It’s clear that traditional IT monitoring and management approaches, designed after all for on-premises data centers, are falling short in ...
Without lifecycle traceability and visibility across the tool chain, stakeholders from Planning-to-Ops have limited insight and answers to who, what, when, why and how across the DevOps lifecycle. This impacts the ability to deliver high quality software at the needed velocity to drive positive business outcomes. In his general session at @DevOpsSummit at 19th Cloud Expo, Eric Robertson, General Manager at CollabNet, will discuss how customers are able to achieve a level of transparency that e...
It is ironic, but perhaps not unexpected, that many organizations who want the benefits of using an Agile approach to deliver software use a waterfall approach to adopting Agile practices: they form plans, they set milestones, and they measure progress by how many teams they have engaged. Old habits die hard, but like most waterfall software projects, most waterfall-style Agile adoption efforts fail to produce the results desired. The problem is that to get the results they want, they have to ch...
Organizations planning enterprise data center consolidation and modernization projects are faced with a challenging, costly reality. Requirements to deploy modern, cloud-native applications simultaneously with traditional client/server applications are almost impossible to achieve with hardware-centric enterprise infrastructure. Compute and network infrastructure are fast moving down a software-defined path, but storage has been a laggard. Until now.
"Venafi has a platform that allows you to manage, centralize and automate the complete life cycle of keys and certificates within the organization," explained Gina Osmond, Sr. Field Marketing Manager at Venafi, in this SYS-CON.tv interview at DevOps at 19th Cloud Expo, held November 1-3, 2016, at the Santa Clara Convention Center in Santa Clara, CA.
"We're focused on how to get some of the attributes that you would expect from an Amazon, Azure, Google, and doing that on-prem. We believe today that you can actually get those types of things done with certain architectures available in the market today," explained Steve Conner, VP of Sales at Cloudistics, in this SYS-CON.tv interview at 21st Cloud Expo, held Oct 31 – Nov 2, 2017, at the Santa Clara Convention Center in Santa Clara, CA.
For far too long technology teams have lived in siloes. Not only physical siloes, but cultural siloes pushed by competing objectives. This includes informational siloes where business users require one set of data and tech teams require different data. DevOps intends to bridge these gaps to make tech driven operations more aligned and efficient.
DXWorldEXPO LLC announced today that the upcoming DXWorldEXPO | CloudEXPO New York event will feature 10 companies from Poland to participate at the "Poland Digital Transformation Pavilion" on November 12-13, 2018.
Without a clear strategy for cost control and an architecture designed with cloud services in mind, costs and operational performance can quickly get out of control. To avoid multiple architectural redesigns requires extensive thought and planning. Boundary (now part of BMC) launched a new public-facing multi-tenant high resolution monitoring service on Amazon AWS two years ago, facing challenges and learning best practices in the early days of the new service.
Digital Transformation is much more than a buzzword. The radical shift to digital mechanisms for almost every process is evident across all industries and verticals. This is often especially true in financial services, where the legacy environment is many times unable to keep up with the rapidly shifting demands of the consumer. The constant pressure to provide complete, omnichannel delivery of customer-facing solutions to meet both regulatory and customer demands is putting enormous pressure on...
The best way to leverage your CloudEXPO | DXWorldEXPO presence as a sponsor and exhibitor is to plan your news announcements around our events. The press covering CloudEXPO | DXWorldEXPO will have access to these releases and will amplify your news announcements. More than two dozen Cloud companies either set deals at our shows or have announced their mergers and acquisitions at CloudEXPO. Product announcements during our show provide your company with the most reach through our targeted audienc...
With 10 simultaneous tracks, keynotes, general sessions and targeted breakout classes, @CloudEXPO and DXWorldEXPO are two of the most important technology events of the year. Since its launch over eight years ago, @CloudEXPO and DXWorldEXPO have presented a rock star faculty as well as showcased hundreds of sponsors and exhibitors!
In an era of historic innovation fueled by unprecedented access to data and technology, the low cost and risk of entering new markets has leveled the playing field for business. Today, any ambitious innovator can easily introduce a new application or product that can reinvent business models and transform the client experience. In their Day 2 Keynote at 19th Cloud Expo, Mercer Rowe, IBM Vice President of Strategic Alliances, and Raejeanne Skillern, Intel Vice President of Data Center Group and ...