Intel® vPro™ Technology FAQ
- General Questions on Intel® vPro™ Technology
- Functionality Questions on Intel® vPro™ Technology
- Deployment Questions on Intel® vPro™ Technology
- Support for Intel® vPro™ Technology
- Security of Intel® vPro™ Technology
- System Design and Manufacturing Questions of Intel® vPro™ Technology
- Alternative Compute Models and Intel vPro Technology
General Questions on Intel® vPro™ Technology
Q1: Where can I find desktop and notebook PCs with Intel® vPro™ technology?
A1: Desktop and notebook PCs with Intel® vPro™ technology are available from leading manufacturers worldwide. For a listing of manufacturers who are supporting Intel vPro technology, visit https://www.intel.com/content/www/us/en/products/processors/core/core-vpro.html
Q2: My PC manufacturer charges more for a PC with Intel® vPro™ technology than a PC without Intel vPro technology. How can I justify that cost difference?
A2: You get a lot of benefits by purchasing a PC with Intel® vPro™ technology. The small premium for Intel® vPro™ technology can be recouped through greater security, lower Total Cost of Ownership (TCO) and greater productivity. Intel vPro technology can lower TCO through fewer desk-side visits and reduction in labor-intensive manual processes. Intel vPro technology can also better protect clients from security threats or virus outbreaks that can infect the enterprise if not stopped quickly. Finally, the power management capabilities of Intel vPro technology can allow companies to save money by being able to turn PCs off at night without sacrificing the ability to manage those machines. Visit https://www.intel.com/content/www/us/en/architecture-and-technology/vpro/vpro-platform-general.html to view case studies that show how other companies have saved by adopting Intel vPro technology. If you would like to discover the potential savings from deploying computing endpoints based on the Intel® vPro™ platform, use the Intel vPro technology TCO Estimator at http://estimator.intel.com/vpro/.
Q3: Are the benefits of PCs with Intel® vPro™ technology lost if I don't have this platform in 100% of my installed base?
A3: No. You can receive immediate benefits from the energy-efficient performance of the Intel® Core™2 Duo processor in addition to the benefits you get from the Intel® vPro™ technology features. You can begin immediately managing PCs with Intel vPro technology at a higher level than PCs with earlier management technologies, likely with a simple addition to the management console you use today. As the portion of your installed base containing Intel vPro technology grows, the benefits will accelerate through the potential to further reduce manual processes such as inventories and diagnosing PC problems with multiple desk-side visits. To see real results from companies who have begun deployment, see Case Studies at https://www.intel.com/content/www/us/en/architecture-and-technology/vpro/vpro-platform-general.html.
Q4: What software supports Intel® vPro™ technology?
A4: Intel® vPro™ technology is supported by many of the leading management consoles and other software vendors. For a listing of some of the many software vendors who are supporting Intel vPro technology, click here.
Q5: What IT Service Providers and Outsourcers are working with Intel on Intel® vPro™ technology?
A5: Intel is engaged with industry-leading IT Service Providers and Outsourcers worldwide. For a look at some of the companies Intel is working with on Intel vPro technology, Click Here.
Q6: If I have a mix of PCs with and without Intel® vPro™ technology in my environment, do I have to adopt different procedures to perform the same tasks on each set of clients?
A6: PCs with Intel® vPro™ technology can generally be managed with the same processes and software as PCs without it, provided your management console supports both types of clients. However, additional management capabilities are possible on clients with Intel vPro technology that are not commonly available on PCs without it, such as out-of-band communication, and remote management and asset tracking regardless of power state or operating system health.
Q7: Are the manageability features of Intel® vPro™ technology available on workstations and servers too?
A7: The manageability features of Intel® vPro™ technology are available today on a broad range of both desktop and notebook PCs. Intel is currently working to add the same manageability features to our workstation and server platforms as part of our long-term technology roadmap, but no intercept dates are available publically at this time.
Functionality Questions on Intel® vPro™ Technology
Q1: Does Intel® vPro™ technology support Wake On LAN* (WOL), Pre-boot eXecution Environment* (PXE), Alert Standard Format* (ASF), and Desktop and mobile Architecture for System Hardware* (DASH)?
A1: Yes. A PC with Intel® vPro™ technology is built on top of these standards and can be managed using legacy tools that utilize WOL, PXE, and ASF when the manageability feature is turned off, so existing tools that use these protocols can be used. However, Intel vPro technology provides higher levels of security and functionality and supports DASH as well. Intel vPro technology can provide mutual authentication between client and console along with encrypted communication to guard against unauthorized access to networks and PCs, along with the ability to read hardware and software asset information even from PCs that are turned off or will not boot. Intel vPro technology offers many advanced features over what is available with DASH only, such as system defense filters, agent presence monitoring, the ability to authenticate pre-boot in some protected network configurations, the ability to manage systems outside the corporate firewall, Intel® Virtualization Technology, and Intel® Trusted Execution Technology.
Q2: How is Intel® vPro™ technology different from ASF, Wake-On-LAN, and DASH?
A2: Intel® vPro™ technology provides more security and functionality than ASF, WOL, or DASH. Unlike other technologies, the System Defense feature within Intel vPro technology proactively helps prevent the spread of viruses by blocking transmissions from infected PCs. Intel vPro technology can also provide authentication and encrypted communication of management traffic so the Intel vPro technology features can only be activated by authorized management consoles. Intel vPro technology's out-of-band management capabilities include not only the ability to reboot PCs and send alerts, but also allow remote control and access to event logs and asset information regardless of system state or operating system presence. Alerting is policy based rather than based on preset criteria, allowing additional flexibility in IT processes. Intel vPro technology is also designed to ensure management traffic can pass through network routers, even those that are set up to authenticate and check postures, allowing remote management of a greater portion of your installed base. Intel vPro technology offers many of these features while a PC is in sleep states or wireless. Remote management can now be done even on machines outside the firewall, with Fast Call for Help, Remote Alerts, and Remote Scheduled Maintenance capabilities.
Q3: What is the difference between Intel® vPro™ technology's Basic Mode (previously called Small Business Mode) and Standard and Advanced Modes (previously called Enterprise Mode)?
A3: Advanced Mode supports a higher level of security than Standard or Basic Modes. For organizations that do not have a Setup and Configuration Server (SCS), Basic Mode offers a simplified setup process. However, Basic and Standard Modes do not support encryption or mutual authentication, both of which are supported in Advanced Mode.
Q4: What hardware and software asset information does the Intel® vPro™ technology track?
A4: Intel® vPro™ technology automatically stores certain hardware information, and relies on third-party software agents to track other information. Intel vPro technology will automatically store hardware information such as CPU type, memory size and type, system board make and model, BIOS version, disk drive model and other Field Replaceable Unit information. Independent Software Vendors (ISVs) may choose to track other information through software agents, such as installed software and versions. Check with your ISV to find out what information they track through Intel vPro technology.
Q5: How can I make sure that BIOS, LAN On Motherboard (LOM), and Intel® vPro™ technology firmware are all in sync to prevent any incompatibility?
A5: If you are considering changing any of these Intel® vPro™ technology elements, work with your system manufacturer to ensure you have a validated combination.
Q6: What is the impact of Intel® vPro™ technology and its Manageability Engine on the PC's performance?
A6: The Intel® vPro™ technology impact on PC performance is not noticeable to the end-user.
Q7: Does "Measured AMT" of Intel® vPro™ technology use Intel® Trusted Execution Technology (Intel® TXT) for measurement?
A7: No. The Extended Register in the Intel® Manageability Engine (Intel® ME) stores a SHA-1 hash of the entire Intel® vPro™ technology firmware. During the Intel ME boot, ROM code is used to measure and compare to the hash in the manifest to the module being loaded. If the values match, then the boot process is allowed to continue. Each firmware module running in the Intel ME has its own hash stored in the manifest and is compared before it is allowed to be loaded.
Q8: What is Intel® Standard Manageability and can it run on a non-Intel® vPro™ technology-based CPU?
A8: Some basic management capabilities are available on non-Intel® vPro™ technology-eligible Intel® Core™2 processors as well as Intel® Pentium® dual-core and Intel® Celeron® processor-based CPUs. Intel® Standard Manageability is available only on desktop systems right now (not notebook), and only includes basic capabilities such as hardware and software inventory and remote diagnostics.
Q9: What is "Remote Alert"?
A9: Remote Alert enables desktops and notebooks outside the firewall to be protected and repaired just as if they were inside the firewall. Previously, alerts could trigger Intel® vPro™ technology to disable network access (depending upon configuration and IT policy) to prevent the threat to spread; however, remediation would require a desk-side visit if the PC was outside the firewall.
Finding a system outside the firewall could not happen previously due to the management console not knowing the PC's IP address. With Intel vPro technology, enterprise and SMB PCs can now more securely "call back home" to have threats immediately handled.
Enterprises with multiple field offices (insurance/bank/financial, WW television and radio, national and international magazines/newspapers, retail, Fortune 500, etc.) all face the challenge of preventing threats from bringing down satellite offices and possibly the corporate network. Managed Service Providers (MSPs) face the challenge of keeping their customers running in the wake of a virus outbreak without wasting valuable time on a truck roll. MSPs can save significant money by "cleaning" and repairing their customers remotely. SMBs need to focus on their business and not on fighting virus infections on their desktops and notebooks, and previously using a service provider was costly and took too much time for a site visit to "clean" their PCs. Now, SMBs can feel like corporate customers.
Q10: What is "Remote Scheduled Maintenance"?
A10: Remote Scheduled Maintenance enables off-hours patch updates for desktops and notebooks outside the firewall. Previously, scheduled updates were difficult to impossible for systems outside the firewall or for systems managed by Service Providers (SPs) or Managed Service Providers (MSPs).
Finding a system outside the firewall could not happen previously due to the management console not knowing the system IP address of any specific PC. With Intel® vPro™ technology, enterprise and SMB PCs can now more securely be accessed overnight for routine "remote scheduled maintenance" to help keep all PCs (even those outside the firewall) in compliance with IT policies.
With Intel vPro technology, enterprise and SMB users can now more securely schedule maintenance of al PCs by allowing those outside the firewall to initiate the connection back to management console for scheduled updates. Enterprise with multiple field offices (insurance/bank/financial, WW television and radio, national and international magazines/newspapers, retail, Fortune 500, etc.) all face the problem of keeping satellite offices maintained and virus-free to keep them up and running productively as well as preventing security threats from entering the main corporate network. Enterprise customers have asked for this capability for the last two years. MSPs face the challenge of keeping the latest virus protection and OS patches on their customer's systems without constant truck rolls. MSPs can save significant money by maintaining their customers remotely. SMBs need to focus on their business and not on maintaining their desktops and notebooks, but previously using a service provider required a costly visit. Now, SMBs can feel like corporate customers.
Q11: What is "Fast Call for Help"?
A11: Fast Call for Help enables users to quickly connect to the management console whether inside or outside the firewall (after configured and setup) to get help fast through normal Intel® vPro™ technology remote management capabilities. Most OEMs are implementing a Hot Key combination to trigger the call back home and then an "opt-in" (IT configurable privacy measure) acceptance to establish the connection. Please note that currently the system requires a hard wire connection. Wireless support will be available in future mobile platforms.
Q12: What is Intel® vPro™ technology doing with Endpoint Access Control (Cisco SDN* and Microsoft NAP*)?
A12: Endpoint Access Control (EAC) networks are becoming more prevalent with more and more companies deploying additional security measures. EAC networks can (with 802.1x) verify that the PC who's attempting to access the network has the authority to do so and can also (with Cisco Self Defending Network* or Microsoft NAP*) verify the "posture" of the PC. The PC's posture includes information about the virus software it's running, the operating service packs installed, etc. If a PC can't authenticate itself or cannot assert its posture to the network, it is not allowed onto the network.
Intel® vPro™ technology is not unique in providing support for Cisco SDN and Microsoft NAP. However, with Intel vPro technology you can exchange authentication and posture information on both Cisco SDN and Microsoft NAP networks even if the OS will not boot, allowing EAC even when the OS or a software agent is not present. This enables more secure management and maintenance of PCs even when the OS is frozen or the machine will not boot.
Q13: Does Intel® vPro™ technology support industry-standard protocols for manageability?
A13: Yes. Intel has driven the creation of many leading security and manageability standards - even as far back as the founding of Desktop Management Task Force (DMTF) 1992, and as recently as working to co-author specifications for manageability traffic such as WS-MAN and DASH (Desktop and Mobile Architecture for System Hardware). Intel® vPro™ technology supports both WS-MAN (management console to PC) and the draft 1.0 version of DASH (specification for manageability commands within the PC - e.g., remote boot, power management, hardware/software inventory, and hardware alerting). Intel is actively working with DMTF in the creation of DASH 1.0 and future releases.
Q14: What's the difference between DASH and WSMAN?
A14: DASH represents a set of profiles (feature interfaces and usages) based on Common Information Model (CIM) schema. WSMAN is the Web Services-based communications protocol which supports DASH. There is no WSMAN compliance portion of the DASH Compliance Program - only for the profiles.
Q15: What's the value of DASH compliance?
A15: DASH compliance ensures interoperability between consoles and platforms. However, it does not guarantee interoperability between platforms nor does it ensure a common feature set across platforms. OEMs and ISVs are free to choose which features they support. Intel® vPro™ technology defines a common set of features across desktop and mobile PCs which OEMs enable in their PC, allowing customers to choose from a range of OEM solutions with a common set of underlying capabilities. Intel tests OEM platforms and ISV solutions in our Digital Office lab to verify functionality.
Q16: What OEM platforms are delivering DASH-based products?
A16: OEMs are just beginning to offer PCs with DASH. OEMs will offer DASH on both IA and non-IA platforms. For example, the just-released HP dc7900* is based on Intel® vPro™ technology and identified as supporting DASH 1.0. The Lenovo A62* is an AMD-based PC which is targeted to support DASH via a PCIe* add-in card in Q4 2008. Even though the DASH 1.0 specification is closing, critical issues like compliance testing are still open. So even though an OEM may list DASH 1.0 on a spec sheet, the lack of basic supporting infrastructure such as compliance requirements is an important consideration for customers.
Deployment Questions on Intel® vPro™ Technology
Q1: What is Setup and Configuration?
A1: Setup and Configuration is the process by which Intel® vPro™ technology features are made available to management applications.
Q2: Setup and configuration isn't required for systems managed by ASF. Why do I need to perform setup and configuration for Intel® vPro technology?
A2: The setup and configuration process allows Intel® vPro™ technology to deliver a higher level of security than ASF. It includes installation of software keys necessary for mutual authentication and encrypted communication between the PC and a management console enabled for Intel vPro technology. This allows only authorized IT consoles to use the Intel vPro technology features.
Q3: What are the major steps of setup and configuration for Intel® vPro™ technology?
A3: There are four general setup and configuration steps for deploying PCs with Intel® vPro™ technology:
- Establish the management console, including the Configuration Service (CS).
- Generate unique key pairs for each PC with Intel vPro technology.
- Enter Intel® Active Management Technology networking and security information into the PC.
- Configure Intel Active Management Technology policies. For detailed information refer to the Intel® vPro™ Technology Deployment and Reference Guide.
Q4: Where do I obtain the software keys used for Intel® vPro™ technology setup and configuration, and what software will generate them?
A4: Software keys used for Intel® vPro™ technology setup and configuration are generated by Configuration Service (CS) applications commonly provided with Intel vPro technology-enabled management console applications. Ask your PC supplier and management ISV what options they offer for generating software keys.
Q5: How do I install software keys on Intel® vPro™ technology platforms?
A5: Software keys used for Intel® vPro™ technology setup and configuration can be installed on PCs in three ways:
- They can be manually typed into the Intel vPro technology BIOS extension screen.
- They can be loaded onto a USB flash drive and then installed via the PCs' USB ports.
- They can be pre-installed on PCs by Original Equipment Manufacturers. Ask your PC supplier and ISV which options they offer.
Besides these methods, there are also two automated remote ways to configure Intel vPro technology PCs - delayed configuration and bare metal configuration.
Q6: What new hardware and software do I need to have in my environment to make use of all the capabilities of Intel® vPro™ technology?
A6: To receive the benefits of Intel® vPro™ technology you will need to obtain PCs with Intel vPro technology from your hardware supplier and deploy them with Intel® Active Management Technology enabled. In addition, you will need to obtain an Intel vPro technology-enabled PC management console from your software supplier. (Click Here for a list of ISVs supporting Intel vPro technology). To take advantage of authenticated and encrypted Intel vPro technology communication you will need to configure Intel Active Management Technology for Advanced Mode (previously called Enterprise Mode) and deploy a Setup and Configuration Server and Certificate Authority using software provided by your management console software vendor.
Q7: Does Intel® vPro™ technology work over wireless connections?
A7: Yes, many of the features of Intel® vPro™ technology are available over wireless as well as when the notebook is in sleep states. See the table below for details. Wireless operation is not available on desktops.
Q8: What is the process for setup and configuration of Intel® vPro™ technology?
A8: For additional information on Intel® vPro™ technology setup and configuration please refer to the Intel® vPro™ Expert Center at www.intel.com/go/vproexpert.
Q9: Can I Setup and Configure Intel® vPro™ technology without having to physically handle each PC I deploy?
A9: Yes, provided that it is delivered from the OEM in a state that allows it to be remotely configured. Ask your PC supplier to configure the PC for remote Intel® Active Management Technology Configuration.
Q10: What if I don't want to activate Intel® vPro™ technology when I receive my platforms until I reach critical mass?
A10: We recommend you work with your vendor and have the remote provisioning disabled. There are tools that can be used at a later date to start the provisioning process when you are ready.
Q11: Can I purchase Intel® vPro™ technology today and begin using the manageability features at a later date?
A11: Yes. You may either deploy Intel® vPro™ technology platforms with the Intel® Active Management Technology feature deactivated, and then manually install software keys later, or you may activate the Intel Active Management Technology feature to pre-install the keys and disable ASF communication in the PC. Either choice allows you to perform setup and configuration safely at a later time. You can also set up and configure systems remotely, provided they have been deployed with the Intel Active Management Technology feature turned on. Intel vPro technology platforms allow you to use the Intel Active Management Technology feature (if activated) to remotely upgrade Intel Active Management Technology firmware to the future version when it becomes available. Implementation of these capabilities varies by manufacturer and management console. Check with your hardware and software suppliers regarding their support for this capability.
Q12: If I install PCs with Intel® vPro™ technology but choose not to activate the manageability features right away, are my PCs more vulnerable to attack than a PC without Intel vPro technology?
A12: No. When activated through the setup and configuration process, Intel® vPro™ technology provides greater security versus management solutions today. If Intel vPro technology is not activated, then it is not available for communication in any way. In order to enable Intel vPro technology, proper encryption keys must be installed on the PC during setup, and then Intel vPro technology must be configured through a protected remote console.
Q13: How long does it take to set up an Intel® vPro™ technology machine vs. a non-Intel vPro technology machine?
A13: The time involved to set up and configure an Intel® vPro™ technology machine will depend on several factors. In general, there are added steps to complete the setup and configuration process compared to configuring PCs without Intel vPro technology. The additional configuration time is mitigated by many factors including the potential for reduced need for desk-side visits once the machine is deployed in the environment.
Q14: If I have deployed PCs with different versions of Intel® vPro™ technology in my infrastructure, can they coexist?
A14: Yes. Intel maintains Application Programming Interface (API) compatibility across hardware generations and provides the APIs to Independent Software Vendors (ISVs) who implement Intel® vPro™ technology. This allows ISVs to implement support across multiple generations of Intel vPro technology if they choose. The management console can query the PC to determine what version of Intel vPro technology it supports and then manage that PC based on the capabilities it supports.
Q15: Does having PCs with earlier versions of Intel® vPro™ technology in my infrastructure in any way limit the capabilities of PCs with newer revisions of Intel vPro technology?
A15: No. As long as you have a management console that supports all of the capabilities of the latest version of Intel® vPro™ technology you will be able to take advantage of all of those capabilities on the PCs that have the latest Intel vPro technology firmware. PCs with earlier versions of Intel vPro technology firmware can continue to be managed provided your management console ISV has provided the backward compatibility allowed by Intel's Application Programming Interface (API).
Q16: How can I tell which version of Intel® Active Management Technology is running in my PCs?
A16: There are four methods for authorized personnel to determine the version of Intel® Active Management Technology (Intel® AMT) running on a PC.
- After logging in with the correct username and password to the built-in web page of the Intel® Manageability Engine Interface, the version of Intel Active Management Technology firmware that is running is displayed on the home page.
- The system BIOS (which may be password protected) includes a display of the Intel AMT version that is currently running.
- Third-party management consoles that are enabled for Intel AMT typically allow the console operator to query the version of Intel AMT running on individual PCs.
- The Intel® Manageability and Services Status icon on the PC will also report the version of Intel AMT code available on the PC.
Q17: Will Intel® vPro™ technology work across all of the subnets on my corporate LAN?
A17: Yes, Intel® AMT traffic is capable of spanning subnets.
Q18: Will I need an extra IP address for Intel® AMT?
A18: Intel® AMT only requires its own separate IP address for out-of-band communication in network configurations where static IP addresses are used. In network configurations using Dynamic Host Configuration Protocol (DHCP), out-of-band communication with Intel AMT is conducted through a separate port number at the IP address shared with the capability operating system, and no additional IP addresses are needed.
Q19: If a PC is configured with multiple IP address (for example, when virtualization is used to run multiple operating systems), how does this impact the use of Intel® vPro™ technology?
A19: Intel® vPro™ technology is not affected by the use of multiple IP addresses on a single client. Intel® Active Management Technology communicates only through the onboard network interface of Intel vPro technology. Additional wired network interface cards are not supported and are ignored by Intel® AMT. Wireless network interface cards are supported on mobile PCs and Intel AMT can communicate over them assuming they are an Intel AMT-supported NIC. In a static IP environment, Intel AMT can be assigned a separate IP address from the host operating system(s), and will only respond to Intel AMT commands sent to its assigned IP address.
Q20: Where can I get more information on Intel® vPro™ technology?
A20: General information on deploying Intel® vPro™ technology can be found on the Intel® vPro™ Expert Center web site at www.intel.com/go/vproexpert. For information on implementing Intel vPro technology using specific hardware or software, please contact your hardware and software vendors for information relating to their products.
Q21: Is Intel® vPro™ technology backward compatible with all prior versions of Intel vPro technology?
A21: Yes. Each new generation of Intel® vPro™ technology provides the complete functionality of each previous generation of Intel vPro technology. This allows IT organizations to manage all Intel vPro technology-based PCs in their infrastructure to a consistent baseline capability, while simultaneously delivering higher levels of manageability to newer systems.
Support for Intel® vPro™ Technology
Q1: Who are the ISVs that Intel is working with on Intel® vPro™ technology?
A1: For a listing of software vendors who are supporting Intel® vPro™ technology click here.
Q2: Does Microsoft support Intel® vPro™ technology?
A2: Yes. The Intel® Client Manageability Add-on for Microsoft SMS* 2003 brings Intel® vPro™ technology support to Microsoft SMS. In addition, Microsoft SCCM* 2007 natively supports Intel vPro technology.
Q3: What should I do if my management console vendor doesn't support Intel® vPro™ technology?
A3: Please contact your Management Console Vendor directly to request support of Intel® vPro™ technology in their products. You can find a list of software vendors who are supporting Intel vPro technology by clicking here.
Q4: How do I know that my OEM has validated their PC with Intel® vPro™ technology with an Intel vPro technology-enabled ISV?
A4: Contact your original equipment manufacturer for details on their specific validation plans. In addition, Intel has an extensive interoperability lab that tests hardware and software combinations to attempt to find incompatibility problems before platforms and software are publically available.
Security of Intel® vPro™ Technology
Q1: What prevents malicious software from using Intel® vPro™ technology to exploit a PC?
A1: Access and communications between Intel® vPro™ technology-capable PCs and authorized management consoles can be fully encrypted. Console authentication using shared keys provided during system setup and configuration helps prevent unauthorized consoles from accessing the PC, and TLS-encrypted communication helps prevent eavesdropping to intercept authentication data. In addition, IT administrators' access can be limited to only certain remote features and full privilege can be granted only to those with Admin rights. The newest Intel vPro technology platforms also include an Access Monitor feature that allows only an Auditor to clear out logs to help deter malicious insider attacks.
Q2: What authentication mechanism is used in Intel® vPro™ technology to prevent an unauthorized person from gaining access?
A2: In Advanced Mode (previously called Enterprise Mode), Intel® vPro™ technology uses Transport Layer Security for authentication. A unique key pair must be installed on both the PC under management and the authorized console. Keys are installed during Intel® AMT setup and configuration to prevent an unauthorized console from gaining access to an Intel AMT-enabled machine, and to prevent unauthorized PCs from being installed on a network and being managed. The security provided by the technology is only as good as the security implemented by the user, and therefore relies on a protected chain of custody of keys, system IDs (UUIDs) and other management-related information.
System Design and Manufacturing Questions of Intel® vPro™ Technology
Q1: Are multiple Network Interface Cards (NICs) supported on Intel® vPro™ technology PCs?
A1: Multiple wired NICs are not supported by Intel® vPro™ technology. Intel® Active Management Technology communicates only through the onboard network interface of Intel vPro technology. However, certain wireless NICs are supported in notebook platforms and with these wireless NICs, many of the Intel vPro technology capabilities are available. See the matrix below for features available over wireless in Intel vPro technology notebooks.
Q2: Will adding additional hardware (e.g., additional NIC) nullify Intel® vPro™ technology verification?
A2: No. Adding another NIC will not nullify Intel® vPro™ technology verification, but Intel® Active Management Technology communicates only through the onboard network interface of Intel vPro technology, and it is strongly recommended that an additional wired NIC is not added to the platform as this might cause some of the features of Intel AMT to not operate as expected.
Q3: How can local ISVs, IT shops, and developers enable their management and security applications for Intel® vPro™ technology?
A3: Intel will provide the latest Intel® Manageability Software Development Kit (SDK), technical documentation, sample code, and online support to encourage broad ecosystem adoption of Intel® Manageability features. The SDK and related support collateral will be updated for each new platform launch at the Business Client Developer Community at https://software.intel.com/en-us/business-client.
Q4: In addition to the Intel® Manageability Software Development Kit (SDK), what types of content and support will be available at the Manageability Developer Community?
A4: Users will be able to download the latest SDK, Setup and Configuration Server (SCS), Reference Design Kit (RDK) including sample code, developers guide, and programmer's reference manual. In addition to downloading technical collateral, users can access expert advice by browsing through blogs and Frequently Asked Questions (FAQs), participating in online discussion forums, submitting e-mail questions, perusing the application notes Wiki, or visiting the vPro Expert Center at www.intel.com/go/vproexpert.
Q5: How much will it cost to download the Intel® Manageability SDK and access the online technical collateral and support features?
A5: The SDK, related technical documentation, and online technical support will be provided at no charge via the Manageability Developer Community.
Alternative Compute Models and Intel® vPro™ Technology
Q1: What are Dynamic Virtual Client technologies?
A1: "Dynamic Virtual Client" (DVC) is the Intel name for a family of enhance management and security technologies that centralize software image management, administration and data security, but distribute the computation out to the end-point and still provide the responsiveness of local execution and off-network mobility. The DVC technologies include application virtualization/streaming, OS streaming, Remote OS boot and Virtual containers.
Q2: What is Intel's interest in DVC? Does Intel provide a product for DVC?
A2: Intel believes all computing models, both server-side and client-side, have their merits depending on the business needs and the situation. We believe that the DVC technologies, in general, provide the best balance of centralized management and security on one hand, and high performance and mobility on the other. Intel does not make DVC software, but we are working with ISVs and OEMs to optimize DVC solutions for Intel® vPro™ technology on desktop and mobile platforms.
Q3: Who are the providers of DVC technology?
A3: DVC software is provided by a wide range of ISVs, including Citrix, Microsoft, Symantec, MokaFive, LANDesk and others. System OEMs are also creating tailored hardware/software solutions for DVC, including Dell's On-Demand Desktop Streaming or Lenovo's Secure Managed Client (SMC).
Q4: What is the advantage of DVC technology versus server-based computing models, like terminal services or desktop virtualization (VDI)?
A4: Intel believes all computing models, both server-side and client-side, have their merits depending on the business needs and the situation. DVC models have unique advantages in terms of system responsiveness and mobility. Since the software executes locally on the client, even compute-intensive or rich media applications perform well. And with application caching, you can disconnect the software from the server and still work on a laptop or mobile device. Server-side models rely on shared compute and network resources for execution, limiting application responsiveness, and cannot break connection with the network, so mobility is not possible.
Q5: What does Intel have to show regarding DVC?
A5: Intel and Lenovo have disclosed the Lenovo Secure Managed Client solution, which uses the Remote OS Boot model to load a centrally managed and protected image onto a diskless Intel® vPro™ technology-based PC. SMC is available for customer evaluation now (talk to Lenovo) and takes advantage of Intel vPro technology.
Intel and Citrix presented a technology demonstration of a virtual containers solution expected to be available in mid-2009. This demonstration showed how one or more centrally managed desktop images can be streamed as a virtual machine to an Intel vPro technology PC running a Xen-based hypervisor. This enables new capabilities such as users running an open "personal image" and a locked-down "corporate image" on the same machine, or allow IT to deploy a restricted image to an outside contractor.
Q6: Is DVC technology the same as thin client?
A6: Thin clients, or terminals, are specific devices. DVC is a family of compute models. True thin client terminals are best suited to server-side compute models, where software executes on the server and the client is just for display. DVC models execute on the client, so a PC provides the best experience for DVC.
Q7: I have to reduce hardware and software management costs. Will adopting thin clients help me do this?
A7: Lower-cost, centralized administration and stronger security are the essence of Intel® vPro™ technology. Like thin clients, Intel vPro technology is designed to give IT managers more control and insight into their client installed base, and provide mechanisms for quick repairs, changes and updates. Although thin clients are appropriate for some user segments, they are often too restrictive for the application and mobility requirements of most users. Desktops and notebooks with Intel vPro technology offer greater manageability and security than ordinary PCs, while offering performance and mobility not available with thin clients.
Q8: What is the relationship or advantage of Intel® vPro™ technology to OS streaming or application virtualization?
A8: OS streaming and application virtualization offer centralized software administration and data security, but also deliver the performance of local, client-side execution. PCs with Intel® vPro™ technology provide IT managers additional benefits to complement these models, including reliable mechanisms for accurate hardware and software inventory, remote wake-up and System Defense. Some streaming ISVs are using Intel vPro technology features in their software, such as storing application license and usage information in Intel® Active Management Technology for out-of-band access. The combination of streaming and Intel vPro technology make a powerful hardware/software combination for lower TCO and stronger security.
Q9: What is the relationship or advantage of Intel® vPro™ technology to the emerging "virtual containers" model?
A9: Encapsulating specific applications or whole user environments in virtual machines is a rapidly emerging compute model that eases management and security issues. Intel® vPro™ technology provides hardware-enhanced capabilities to ensure the integrity of the virtual machine manager (Intel® Trusted Execution Technology) and provide greater isolation of virtual machines (Intel® Virtualization Technology). These features add to the security of the virtual containers. Intel is actively working with several software providers to accelerate development of commercial virtual container software.
Q10: More and more of our applications are migrating to Terminal Services or some other centralized model. Why should we pay extra for Intel® vPro™ technology?
A10: Many IT shops use Terminal Services to deliver specific, centralized applications in addition to the locally installed software. In this case, IT can realize all the benefits of Intel® vPro™ technology, including secure remote wake, hardware/software inventory, remote repair and System Defense. Even if the PC is running 100% of its applications using Terminal Services, Intel vPro technology-based PCs can still provide more accurate inventories and reliable, off-hours updates to terminal software.
Q11: Where can I find more information on DVC?
A11: You can find Emerging Compute Model content on the forum at https://communities.intel.com/community/tech/vproexpert.