The ability to use out-of-band capability on a processor to let a PC more proactively manage itself could be a...
time saver for IT managers who know they must pay more attention to the health of their clients but have limited resources to do so.
With the recent release of Intel Corp.'s vPro brand and the subsequent incorporation of these chips into desktops made by Hewlett-Packard Co., and with others to come, IT shops are getting a different sort of desktop management support than they have experienced in the past.
The vPro technology is a combination of hardware and software that includes the Core 2 Duo processor, the Q965 Express chipset and the Intel 82566DM Gigabit Network Connection. It also includes the second generation of Intel's Active Management Technology, called AMT. AMT 2.0 can be viewed as an enhancement to systems management software.
"We've looked into [vPro]," said David Driggers, IT asset manager and deployment desktop systems team leader at Alabama Gas Corp. in Birmingham, Ala. "It will help us out a lot. Having one more thing built into a chip is one less thing you have to administer."
A large portion of a company's intellectual property resides on end-user client machines, so it's well worth the effort to monitor their health, said Roger Kay, president of Endpoint Technologies Associates Inc., a Boston-based market research company.
One of the most important aspects of vPro is its ability to wake up and inventory a PC securely, even if the PC is turned off, using a side band channel. There are other technologies that can do this. One of the features promised in the next version of Microsoft's System Management Server, to be called System Center Configuration Manager 2007, is Wake-on LAN. This technology can wake up a computer using a Magic Packet, which is broadcast on a subnet or on the entire network.
But SMS is a software technology, and Kay said he believes it's best to still have something at the hardware level that can, upon initiation, create a secure link at the console, eliminating the possibility of someone sending a rogue packet. "Part of what vPro is trying to do is establish a baseline of security," he said.
Administrators, like Driggers, said that even if the effort is duplicated, it's always good to have fall-back options in place.
One of the advantages of vPro technology is it will be integrated with other management platforms and appliances made by vendors such as Altiris Inc., CA, Cisco Systems Inc., HP, Microsoft and others. Administrators who use management tools made by these vendors don't need to buy another console to view information that feeds into the system from the vPro technology, said Dave Germano, director of Intel Digital Office Platform solutions at Intel.
Some of the advantages of the vPro technology include the ability to let IT managers know the state of a system before the system has to boot up. Used in conjunction with ISV software, the technology runs about 30 different filters, detecting such things as what the IP address of the machine is or whether the machine is being spoofed. A feature called circuit breaker can disconnect a PC infected with a virus from the network and place it in a DMZ.
HP has the first desktop that can use Intel's vPro. The dc7700, which was released last week, is available now and sells for $643, plus a premium for the vPro option.