Get APLawrence.com by RSSIntel's vPro
Intel introduced vPro yesterday: http://www.intel.com/vpro/index.htm
There are two parts to Intel's vision for business desktops: management and security. Intel says there are three parts, counting energy management as the third. Oh, OK. Three parts.
All of this comes from virtualization software. Your vPro desktop will be running a virtual machine, and therefore can be protected and managed as such. Somewhere a controlling server tracks the desktop PC's and gives this remote capabilities. All very interesting, Go watch the videos to get the details.
However, the first question in my mind was "What about VMware, Xen, etc.?".
It's not clear to me what's really being done here. Is the user's OS installed under the vPro VM? If I'm reading this right, that's exactly what's being done. If so, that would seem to prevent running another VM inside that OS.
In other words, if Intel is running a hypervisor in hardware, could these machines also run VMware Player, Xen or whatever in the user's OS? I'd think not. True, in a corporate environment that may not be as important for invidual pc's, but it still could be desirable for things like secure browsers and other VMware Player apps. Developers also want VM's for testing on different OSEs or different OS versions, so the usage of machines like this might be limited.
Or perhaps I misunderstood?
Technorati tags: Security Virtualization
Many of the products and books I review are things I purchased for my own use. Some were given to me specifically for the purpose of reviewing them.
I resell or can earn commissions from the sale of some of these items. Links within these pages may be affiliate links that pay me for referring you to them. That's mostly insignificant amounts of money; whenever it is not I have made my relationship plain. I also may own stock in companies mentioned here. If you have any question, please do feel free to contact me.
Have you tried Searching this site?
Unix/Linux/Mac OS X support by phone, email or on-site: Support Rates
This is a Unix/Linux resource website. It contains technical articles about Unix, Linux and general computing related subjects, opinion, news, help files, how-to's, tutorials and more. We appreciate comments and article submissions.
Thu Apr 27 11:56:40 2006: Subject: drag
Na, I don't think it includes a hypervisor per say. In their 'white paper' they mentioned "third party software" several times.
I think they lumped the Vanderpool stuff as part of the 'vPro' solution, but that's only a small part. That 'vPro' is a few different things intel has done that they thought sounded cool if they tried to make it look like some huge new concept.
I beleive a major part of what they are talking about is a on-board management console built into the hardware. Like a more advanced BIOS or whatnot that can be accessed over the network. That way you have some sort of management console that you can do things like find out what 'Vpro'-enabled PCs are attatched to the network and their configuration. Maybe also provide a boot menu or have the ability to restart the computer or some other stuff like that.
Keep in mind that I've haven't looked to far into it, but I've seen little things here and there about network management features when looking up information on Intel's motherboard chipsets.
For example here is a little 2 page PDF advertising Novell Zenwork's ability to do (what it sounds like at least) things like reload a system image over a network automaticly.
http://www.intel.com/technology/manage/downloads/306433.pdf
So say your a unfortunate person in charge of managing dozens of Windows XP machines. You have a system image that you use to install on all the machines. Now those XP machines get rooted by some IE virus or worm. It looks like you can then use Zenworks to pretty much automaticly have those machines wipe the harddrive and load the system image over it remotely over a network.
It'll be interesting to see what sort of security features Intel has to prevent some kid from walking into a building with a notebook and wiping out half the network as a practical joke.
Thu Apr 27 12:22:33 2006: Subject: TonyLawrence
No, they definitely said that the security and managent software is running in a VM. They touted that as keeping the A/V software more secure, etc.
Sat Apr 29 11:14:10 2006: Subject: TonyLawrence
Here's a link to an article that discusses the problem of vPro doing its own thing with virtualization: http://blogs.zdnet.com/BTL/?p=2934 (see the last few paragraphs particularly). It confirms what I thought: the user's OS is running in a VM:.
The same goes for the security solutions that Bryant says shouldbe revolutionized by the virtualization technologies found in vPro.As if lack of any hypervisor standards isn't bad enough (Xen,Microsoft, and VMWare all use different hypervisor techs to hostvirtual machines), Intel is giving away a new (and fourth) hypervisorwith a slightly different twist. It supports two partitions (usingIntel's VT technology which has been shipping in Intel chips sincelast year), one of which is for the end users production operatingsystem (eg: Windows) and the other which Bryant says is ideal tobe an appliance with an embedded OS. For example a securityappliance running intrusion detection software for the whole computerso the production operating system doesn't have to. Cool idea.But again, Intel is just now working with partners like Symantecto build the software that turns that sidecar partition into theappliance that Intel has in mind.
Don't miss responses! Subscribe to Comments by RSS or by Email
Click here to add your comments
If you want a picture to show with your comment, go get a Gravatar