1
Stefan Richards
Intel Corporation
Business Client Platform Division
Lenovo ThinkCentre M90z withIntel® vPro™ Technology
2
Legal Information1. INFORMATION IN THIS DOCUMENT IS PROVIDED IN CONNECTION WITH INTEL® PRODUCTS. NO LICENSE, EXPRESS OR IMPLIED, BY ESTOPPEL OR OTHERWISE, TO ANY
INTELLECTUAL PROPERTY RIGHTS IS GRANTED BY THIS DOCUMENT. EXCEPT AS PROVIDED IN INTEL’S TERMS AND CONDITIONS OF SALE FOR SUCH PRODUCTS, INTEL ASSUMES NO LIABILITY WHATSOEVER, AND INTEL DISCLAIMS ANY EXPRESS OR IMPLIED WARRANTY, RELATING TO SALE AND/OR USE OF INTEL® PRODUCTS INCLUDING LIABILITY OR WARRANTIES RELATING TO FITNESS FOR A PARTICULAR PURPOSE, MERCHANTABILITY, OR INFRINGEMENT OF ANY PATENT, COPYRIGHT OR OTHER INTELLECTUAL PROPERTY RIGHT. INTEL PRODUCTS ARE NOT INTENDED FOR USE IN MEDICAL, LIFE SAVING, OR LIFE SUSTAINING APPLICATIONS.
2. Intel may make changes to specifications and product descriptions at any time, without notice.
3. All products, dates, and figures specified are preliminary based on current expectations, and are subject to change without notice.
4. Intel, processors, chipsets, and desktop boards may contain design defects or errors known as errata, which may cause the product to deviate from published specifications. Current characterized errata are available on request.
5. Intel® Active Management Technology requires the platform to have an Intel® AMT-enabled chipset, network hardware and software, as well as connection with a power source and a corporate network connection. With regard to notebooks, Intel AMT may not be available or certain capabilities may be limited over a host OS-based VPN or when connecting wirelessly, on battery power, sleeping, hibernating or powered off. For more information, see http://www.intel.com/technology/manage/iamt.
6. No computer system can provide absolute security under all conditions. Intel® Anti-Theft Technology (Intel® AT) requires the computer system to have an Intel® AT-enabled chipset, BIOS, firmware release, software and an Intel AT-capable Service Provider/ISV application and service subscription. The detection (triggers), response (actions), and recovery mechanisms only work after the Intel® AT functionality has been activated and configured. Certain functionality may not be offered by some ISVs or service providers and may not be available in all countries. Intel assumes no liability for lost or stolen data and/or systems or any other damages resulting thereof.
7. Intel processor numbers are not a measure of performance. Processor numbers differentiate features within each processor family, not across different processor families. See www.intel.com/products/processor_number for details.
8. Enabling Execute Disable Bit functionality requires a PC with a processor with Execute Disable Bit capability and a supporting operating system. Check with your PC manufacturer on whether your system delivers Execute Disable Bit functionality.
9. Intel® Virtualization Technology requires a computer system with an enabled Intel® processor, BIOS, virtual machine monitor (VMM), and for some uses, certain platform software enabled for it. Functionality, performance, or other benefits will vary depending on hardware and software configurations and may require a BIOS update. Software applications may not be compatible with all operating systems. Please check with your application vendor.
10.No computer system can provide absolute security under all conditions. Intel® Trusted Execution Technology (Intel® TXT) requires a computer system with Intel® Virtualization Technology, an Intel TXT-enabled processor, chipset, BIOS, Authenticated Code Modules and an Intel TXT-compatible measured launched environment (MLE). The MLE could consist of a virtual machine monitor, an OS or an application. In addition, Intel TXT requires the system to contain a TPM v1.2, as defined by the Trusted Computing Group and specific software for some uses. For more information, see http://www.intel.com/technology/security
11.ENERGY STAR denotes a system level energy specification, defined by the US Environmental Protection Agency, that relies upon all of the system's components, including processor, chipset, power supply, HDD, graphics controller and memory to meet the specification. For more information, see http://www.energystar.gov/index.cfm?fuseaction=find_a_product.showProductGroup&pgw_code=CO
12.Intel® vPro™ processor technology (2007) DASH implementation is based on the draft DASH 1.0 specification
13.Copyright © 2010 Intel Corporation. All rights reserved. Intel, the Intel logo, Intel. Leap ahead., the Intel. Leap ahead. logo, Intel vPro, the Intel vPro logo, Centrino, the Centrino logo, Intel Core, Core Inside, Intel SpeedStep, Pentium, Pentium Inside and Celeron are trademarks or registered trademarks of Intel Corporation or its subsidiaries in the United States and other countries.
14.* Other names and brands may be claimed as the property of their respective owners.
3
Agenda
What is Intel® vPro™ technology?
Remote Repair & Diagnostics
KVM Remote Control
Fast Call for Help
4
Processor Chipset Network
Intel® Core™ i5 & i7
Processors
Intel® Express
Chipset
Intel® Gigabit Network
Intel® vPro™ TechnologySecurity & Manageability on the Chip
Intel® Anti-Theft
Technology
Intel® Active Management Technology
Intel® Virtualization Technology
Intel® Trusted Execution
Technology
Intel® Core™ vPro™ ProcessorsPlatform is more than the sum of its parts
5
4th Generation Business Platform
AMT 3.0, VT-x, VT-d, TXTRemote configEnhanced system defenseCisco SDN
AMT 2.0Remote diagnosticsRemote repairRemote HW/SW invSystem defense
AMT 2.6, VT-xRemote Config.Cisco SDNWireless support
AMT 4.0, VT-d, TXTMSFT NAPFast Call for HelpRemote Schedule Maint.
2006 2007 2008
Desktop
Mobile
AMT 5.0MSFT NAPFast Call for HelpRemote Schedule MaintenanceRemote PC Assist Technology
2010KVM Remote Control
Intel® Anti-Theft Technology
PC Alarm Clock
Remote Encryption Management
AES-NI
Enterprise
Remote
Management
Security,
Virtualization,
Wireless
Extend beyond firewall,
Remote management
Services
KVM Remote Control,
Data & asset security,
Client convergence
Sustained innovation focused on management and security
6
Intel® vPro™ Technology Client Architecture
Intel® Core™ processor
Intel® TXTIntel® VTAES-NI
Intel® Series 5 Chipset w/ Intel® ME Firmware
Intel® AMTIntel® AT
Intel® GigabitNetwork
Flash
Descriptor BIOSLAN infoME FirmwareME Protected Storage
3rd Party Data Storage
Hardware
SoftwareBIOS
MEBx
Local Setup & Config
HECI Driver
Software APIs to ME
IMSS
Manageability & Security Status Application
Local Mgmt Service
Service for ME to talk to SW
OSV/ISV Software
3rd party software that uses features
7
Intel® Active Management TechnologyHigh-level Capabilities
Setup & Configuration
Remote Diagnosis & Repair (Serial over LAN & IDE redirect)
Remote Power Management
Unattended remote updates
KVM Remote Control
Client-initiated Remote Access (Fast Call for Help, Remote Scheduled Maintenance)
Asset Management - SW/HW inventory
Client Isolation & Recovery
End-point Access Control
Remote Encryption Management
IT Audit
8
• Requirements– Software vendor supporting Intel
®Active Management
Technology
– Client based on Intel®
vPro™ technology with SOL/IDE-R
enabled in BIOS
– Client connected to a power supply and active network
connection, text-based image/diagnostics tool.
• Problem– Platform boot failures can trigger costly, reactive
management processes. Downtime is exacerbated by
time-consuming technician visits to diagnose the issue,
impacting user productivity and pulling IT resources off of
other tasks.
Remote Diagnostics and Repair
ManagementConsole
ServerHelpDeskHelpDesk
Info
DDR2
DDR2
FLASH
NVM
BIOS
Operating System
SW Agents
Intel® Core™ processor
Intel® 5 seriesChipset
= “Out-of-band”
Intel®
Management EngineIntel®
PRO/1000 LAN
Info
• Solution– Step 1: Help desk notified of system problem via
automated alert or phone call
– Step 2a: Help desk uses software diagnostic tools to
remotely redirect the
system’s boot process (IDE-R)
– Step 2b: Simultaneously commands the system
to redirect text and keyboard information (SOL)
– Step 3a: Software issues resolved remotely
Advanced issues require desk-side visit or KVM remote control (if
supported)
9 9
*Requires CPU with Intel® Integrated Graphics capabilities† Steps 1, 3 & 4 constitute user consent which is optional, configurable at provisioning
2
Network
User sees error and calls IT help desk†
1
IT Management Console
Admin initiates remote KVM session(authenticates, encryption setup if desired)
Access code displayed on client PCUser reads code from screen to Admin†
3
4
5Admin controls KVM to fix error
Admin enters code to gain access†
Remotely control client PCs to diagnose & fix issuesFull remote control of client PCs through embedded Keyboard, Video, and Mouse (KVM) redirection provided by Intel® vPro™ technology*
• Skip the desk-side visit, make a “virtual” desk-side visit with KVM
• Fully control & interact with client PC as if physically there, through all OS and power states
10
KVM Screen Flow – User Consent
User’s AMT Machine Management Console
User Consent
Code via Phone
Connected
Synchronized
User Consent
Connection Icon in Corner + 1px red border around screen During Session
11
KVM Remote Control Architecture
Keyboard/Mouse
Video Stream
Video FB
RFB Viewer
LAN
USBrvKeyboard
vMouse
Keyboard
Mouse
ME
LAN
Tile
Compare
Engine
OS
Client System Remote Console
12
Fast Call for Help Outside the Firewall
Internet
Intel® vPro™ Technology
Enabled Gateway
Service Provider Console at
Remote Location or Enterprise IT
Console
Gateway Sends connection events to
Management Console
Firewall
Console runs diagnostic & repair action on the client system
Gateway proxies connection6
User boots PC to BIOS, Enters "heal initiation" screen in BIOS
or presses Help hot-key combination
1
5
Management Console routes SOAP &
Redirection commands to Gateway
Management Console list pre registered in Gateway
3
4
Firewall
2 BIOS/MEBx sends command to Intel®
AMT FW to trigger remote access connection
Quickly Request and Receive Help
DMZ
13
Summary
Intel® vPro™ technology available on select Lenovo ThinkCentre M90z models
Wide set of manageability & security capabilities built right in to the hardware
Great for businesses of all sizes
For more info, please check out these great resources:
Product whitepapers, animations, case studies, etc:
http://www.intel.com/itcenter/products/core/core_vpro/index.htm
Expert community with blogs, expert articles, etc:
http://communities.intel.com/community/openportit/vproexpert