Sign in with
Sign up | Sign in
Intel vPro In 2012, Small Business Advantage, And Anti-Theft Tech.
By ,
1. Tom's Hardware Revisits vPro, Tests Anti-Theft, And Explores SBA

Intel is already well-known for its hardware, from x86 processing cores, graphics engines (the company still has the highest graphics market share), network controllers, chipsets, solid-state storage, and full server systems.

What many enthusiasts tend to overlook is the fact that Intel continues moving beyond just manufacturing hardware and is now tackling more of the software stack. It's currently putting a big emphasis on management, but is also heavily involved in security, a proposition supported by the McAfee acquisition. On the back of its Ivy Bridge architecture and platforms built with supporting technologies, such as the Ultrabook initiative, we're seeing Intel add more value by enabling new capabilities.

Almost exactly one year ago, we reviewed three consecutive generations of Intel's enterprise-oriented vPro platform in Intel vPro: Three Generations Of Remote Management, covering the hardware used to enable remote management, the software used to control that hardware, and some of the unique features available in vPro-enabled components. We even went so far as to quiz AMD on its plans to combat vPro with its own DASH initiative, discovering that Intel is pretty much on its own in this space, unfortunately.

More recently, the vPro platform was updated, expanded, and then distilled down for a broader audience. So, today we're exploring vPro in 2012, Intel's new Small Business Advantage platform, and Anti-Theft technology, which we've previously discussed, but never really tested.

Small Business Advantage (SBA) is a new development accompanying the third-generation Core CPUs and their complementary core logic. Unlike vPro, SBA isn't meant for organizations with IT staff hanging around to manage technology. Rather, it's for home users and small businesses without anyone responsible for taking care of their PCs. SBA includes a PC Health Center able to perform maintenance tasks after hours, a Software Monitor to ensure critical services don't go down, a Data Backup and Restore feature to schedule regular save points that execute even if a machine was previously shut down, an Energy Saver function to automatically turn systems off and on when they aren't in use, and a USB Blocker that prevents data theft via easily-attachable mass storage devices. 

Moreover, incremental improvements to vPro make the technology more powerful and easier to use. We got our hands on a new processor and motherboard in order to test some of the new things vPro can do this time around.

One of the most notable components of the platform to receive attention is Anti-Theft Technology. The timing here isn't coincidental. With thin and light Ultrabooks getting more of the spotlight, businesses want to do everything they can to avoid losing them. Vendors that choose to support the feature can enable Anti-Theft Technology on their Ultrabooks. In fact, McAfee just introduced a new version of its security software enabling location tracking, file protection, lock-down modes, and reactivation. In addition to exposing Anti-Theft Technology on its Ultrabooks, Intel also makes the feature available on its desktop platforms, and we'll be looking at how that works, too.

Intel vPro Technology for 2012

2. Intel Small Business Advantage: The Software

As we mentioned on the previous page, Small Business Advantage is aimed at individuals and small businesses with no dedicated IT staff. It's a collection of technologies able to help facilitate the automation of basic administrative tasks that someone without much experience might not take care of on their own.

The Components Of SBA

Intel includes a number of application modules with SBA, each of which is designed to serve a purpose you might expect out of an IT person.

Take the PC Health Center as an example. The applet lets you schedule Windows Update checks, disk defragmentation, a purge of temporary Internet files, and a complete wipe of any cookies on a machine. You can pick a time of day for tasks you'd like to run every 24 hours, or a day of the week for tasks that don't need to run as often. The real kicker is that everything can be scheduled to happen in the middle of the night. Even if you're in the habit of turning your system off when it's not in use, the interaction between hardware and software makes it possible for SBA to turn the machine on, execute a workload, and turn back off again, making maintenance virtually transparent.

Intel's Software Monitor is another noteworthy module. The applet detects certain programs and services running on a compatible PC (like Microsoft Security Essentials, for instance) and gives you the option to keep an eye on them. Should a malicious piece of code attempt to kill one of those important processes, usually for the purpose of installing something bad, Software Monitor pops up a warning letting you know your layers of security are being picked off.

Data Backup and Restore is a third component of SBA critical to the maintenance of a healthy work-oriented machine. How often do we remember to save our work? What about a complete backup? Intel's module instantiates the Windows Backup utility, walking you through the setup process and scheduling regular save points that can be triggered after hours. 

Energy Saver is named a little less obviously. If you're in the habit of leaving your machine on when you go home, letting it enter hibernation on its own, and then waiting for it to wake up when you get back to work, this feature could conceivably be convenient. The app facilitates a scheduled shut-down at night and a timed power-up in the morning, keeping IT resources turned off when they're not being used.

Finally, USB Blocker is a security-oriented capability that allows selective use of USB-based devices. You can turn off every type of mass storage, for example, but still allow printers to function. Even within a class of device, it's possible white-list specific devices. The idea, of course, is to prevent the theft of data. If nobody has any business plugging a flash-based thumb drive into a machine with accounting information, simply disable its USB ports, removing all doubt about your vulnerability to loss via USB.

3. Intel Small Business Advantage: The Hardware

The hardware requirements for Small Business Advantage are frankly pretty light. You do need a Q77 or B75 chipset on the desktop, or a QM77-, HM77-, UM77-, or QS77-based mobile platform. If you're using Q77, your accompanying CPU choices are limited to a vPro-capable Core i7 or Core i5. However, the other chipsets accommodate Core i3s, Core i5, and Core i7s. That's good news because it makes the technology suite more accessible than vPro, which doesn't fit into the same mainstream budgets and is less likely to turn up in a cost-conscious small business anyway.

Small Business Advantage Hardware Requirements

Q77 Express
B75 Express
Mobile QM77 Express
Mobile HM77 Express
Mobile UM77 Express
Mobile QS77 Express
Core i7
Not Supported
SupportedSupportedSupportedSupportedSupported
Core i5
Not SupportedSupportedSupportedSupportedSupportedSupported
Core i3
Not SupportedSupportedSupportedSupportedSupportedSupported
Core i7 w/ vPro
Supported
SupportedSupportedSupportedSupportedSupported
Core i5 w/ vPro
SupportedSupportedSupportedSupportedSupportedSupported


Intel sent us a Core i5-3450 and its DB75EN motherboard, part of the company's Executive series, for testing. Combined, the platform supports Small Business Advantage and Anti-Theft Technology. It's a cost-effective match-up that keeps with the theme of enabling PC health and automation without the intervention of a "tech guy." The quad-core processor sells for less than $200 at retail, and Intel's home-grown motherboard costs right around $90. Dip down to a Core i3, though, and you're looking at prices as low as $125 or so for an SBA-capable CPU.

It's easy to see that the microATX-based DB75EN was built with support for legacy devices in mind.

Two PCI slots sit next to a PCI Express x1 and x16 slot. Enthusiasts certainly won't be excited; we want to see lots of PCIe for graphics, after all. In the business world, though, it's probable that those four slots won't even be filled. Remember, Intel is aiming this platform at the low-cost business desktop market likely to use integrated graphics, on-board sound, and value-added I/O.

Legacy connectivity abounds around back, too. The rear I/O panel sports a combination PS/2 connector able to take a mouse or keyboard. That PS/2 connector first surfaced in 1987, around the same time as the DB75EN's VGA output. In essence, these are 25 year-old interfaces that support an infrastructure of gear that used to be popular in enterprises. Another throw-back to days gone by is a parallel port, which dates back to 1970. To be fair, I will admit that I just recycled my HP LaserJet 5, a must-have printer from the '90s that spat out nearly one million pages. It was a great printer, and they're still out there attached to parallel ports.

Not everything about the DB75EN's rear panel is legacy, of course. Four USB 2.0 and two USB 3.0 ports accommodate some of the latest peripherals. DVI display output complements the older VGA connector. And gigabit-class Ethernet serves up completely modern networking performance.

In addition to the on-board USB, the motherboard includes one front-panel USB 3.0 header and two extra USB 2.0 headers.

The boxed Core i5-3450 that Intel sent came with a retail heat sink and fan. We're quite familiar with the combination, which is easy to install via push-pins, quiet, and effective on the 77 W processor.

Aside from chipset and processor compatibility, the only other requirements to support SBA are a 5 MB firmware image and 90 MB of available hard drive space. Drivers need to be installed for the local Manageability Service and Intel's Management Engine Interface too, but that's really part of the install process anyway.

With all of the requisite hardware compiled, take a quick moment to consider supported operating systems. Intel claims that SBA is currently only validated on Windows 7 (the 32- and 64-bit versions), but not Windows 7 Starter Edition. We expect to see Windows 8 support added around Microsoft's upcoming launch, but have no indication from Intel if or when that will happen.

4. Installing Intel Small Business Advantage

Installing the Small Business Advantage software package is very simple. Intel's DB75EN motherboard comes packaged with an installation CD pre-loaded with drivers for the platform's integrated hardware and the Express Installer for SBA.

Once all of the modules are installed, you can launch the SBA application. You're met with a variety of features to configure for the first time (and you can use the arrows to select the next option).

Selecting the first item to configure, regardless of which feature it is, brings up a password and authentication setup screen.

It also brings up a screen to configure email notifications. This could be handy in a number of different situations. If you're in a small business and you walk away for the night, SBA can alert you on your cell phone if a backup fails, for instance. Or, if you're helping a family member with an SBA-equipped PC, and bad browsing habits result in malicious code disabling security software, you can jump in immediately.

The SBA package does have an auto-updater. After installing from the DB75EN's bundled CD and hooking up to the Internet, I was asked to download and install the latest version.

5. Hands-On With Small Business Advantage's Features

The first module we configured was Intel's USB Blocker. Prior to launching it, I was worried this would be an unintelligent feature that'd simply disable USB connectivity altogether. I was wrong, though; it contains USB device categories that grant or revoke access to certain types of hardware. Then, even more granularly, you can create exceptions to those rules.

Once the USB Blocker is configured, its status is pushed to the SBA dashboard.

Next up was the Software Monitor, which keeps tabs on running processes to make sure they aren't quietly circumvented by malicious code. I installed McAfee's anti-virus to test the applet's functionality. You typically want some form of virus protection running, so any application that shuts it off is very likely suspect.

After setting up Software Monitor, we can see its status from the same central dashboard.

When Software Monitor detects that a tracked process is deactivated, it takes a few steps to let you know. First, it records the issue in its event log. Second, you're prompted by a notification in the task bar of the app that shut down. Third, the dashboard is refreshed to alert you of a problem.

6. Hands-On With Small Business Advantage's Features, Continued

Data Backup and Restore makes it easy to schedule backups through Microsoft's Windows Backup utility. In our example here, we used a local Windows Home Server share as our target.

You can quickly check the status of Data Backup and Restore from the SBA dashboard.

The PC Health Center facilitates configuration of Windows Update, disk defragmentation, and the persistence of browser history files. You can have it delete your temporary Internet files and cookies every night, if you so desire, and even if you've already shut the system down.

SBA's dashboard displays the schedule for each PC Health Center task you configure.

As discussed, Energy Saver's function is really pretty simple: the module turns your PC on and off at set intervals, cutting power when you go home for the night and making sure it's ready to go when you arrive in the morning. The schedule is easy to set up and worked as advertised.

Again, the SBA dashboard is your window in to Energy Saver's status.

One other nice feature of SBA is its event viewer. If you do have to troubleshoot a machine, you can diagnose any of the behaviors that SBA monitors through its log.

7. Intel's Update To vPro For 2012

Intel's vPro technology is composed of several features that the company says protects businesses in four ways: threat management, identity and access, data and asset protection, and monitoring and remediation. Although a number of vPro's capabilities are accessed through software, specific hardware hooks are required to enable things like out-of-band management and high-res remote access. 

Satisfying the hardware requirements to enable vPro can be tricky; your processor, chipset, firmware, and network controller all need to be compatible. This is made more challenging by Intel's nomenclature, which doesn't make it particularly clear whether a given CPU supports vPro or not. For example, the flagship enthusiast Core i7-3770K is not vPro-enabled. It's missing Trusted Execution Technology and VT-d, too. 

Beyond limiting compatibility at the high-end, Intel also clips support from its lower-end chips, likely in a move to sell more expensive CPUs into businesses requiring vPro's feature set. The Core i5-3450 we used in our Small Business Advantage-capable machine isn't even on the company's list. Rather, you need at least a Core i5-3470 to get vPro support from Ivy Bridge-based hardware. What follows is a current list of vPro-enabled CPUs from the third-gen Core family:

Intel Third-Gen Desktop Core Processor
Model
Cores / ThreadsClock RateMax. Turbo FrequencyL3 CacheTDPMSRP
Core i7-3770S4/83.1 GHz3.9 GHz8 MB65 W$294
Core i7-3770T4/82.5 GHz3.7 GHz8 MB45 W$294
Core i7-37704/83.4 GHz3.9 GHz8 MB77 W$294
Core i5-3475S4/42.9 GHz3.6 GHz6 MB65 W$201
Core i5-3570S4/43.1 GHz3.8 GHz6 MB65 W$205
Core i5-35704/43.4 GHz3.8 GHz6 MB77 W$213
Core i5-3470T2/42.9 GHz3.6 GHz3 MB35 W$184
Core i5-3470S4/42.9 GHz3.6 GHz6 MB65 W$184
Core i5-34704/43.2 GHz3.6 GHz6 MB77 W$184
Core i5-35504/43.3 GHz3.7 GHz6 MB77 W$205
Core i5-3550S4/43 GHz3.7 GHz6 MB65 W$205
Core i5-3570T4/42.3 GHz3.3 GHz6 MB45 W$205


Intel's standard-voltage processors are 77 W parts. The -S and -T suffixes indicate low-power options, which, remember, include the thermal ceiling for processing and graphics resources (they share the die's TDP). 

Increasingly, mobile platforms are a big focus for vPro, and an additional 13 Ivy Bridge-based mobile CPUs include vPro support, too.

Intel Third-Gen Mobile Core Processor
ModelCores / Threads
Clock RateMax. Turbo FrequencyL3 CacheTDPMSRP
Core i7-3920XM4/82.9 GHz3.8 GHz8 MB55 W$1096
Core i7-3555LE2/42.5 GHz3.2 GHz4 MB25 W$360
Core i7-3517UE2/41.7 GHz2.8 GHz4 MB17 W$330
Core i7-3520M2/42.9 GHz3.6 GHz4 MB35 W$346
Core i7-3667U2/42 GHz3.2 GHz4 MB17 W$346
Core i7-3820QM4/82.7 GHz3.7 GHz8 MB45 W$568
Core i7-3615QE4/82.3 GHz3.3 GHz6 MB45 W$393
Core i7-3612QE4/82.1 GHz3.1 GHz6 MB35 W$426
Core i7-3610QE4/82.3 GHz3.3 GHz6 MB45 W$393
Core i5-3610ME2/42.7 GHz3.3 GHz3 MB35 W$276
Core i5-3360M2/42.8 GHz3.5 GHz3 MB35 W$266
Core i5-3320M2/42.6 GHz3.3 GHz3 MB35 W$225
Core i5-3427U2/41.8 GHz2.8 GHz3 MB17 W$225


Intel also enables vPro on some of its Xeon processors, though many of those chips don't include integrated graphics, which is necessary for Remote KVM support.

If you have a vPro-enabled workstation with Intel's C216 chipset and a Xeon E3-12x5 V2 CPU, you can use a number of the technology suite's features, in addition to more enterprise-oriented hardware like ECC-capable DDR3 DIMMs.

8. Upgrading Our vPro Platform: The Ivy Bridge Generation

In our last look at vPro, we used three generations of the technology to map its evolution over time. This time around, we have a Core i7-3770 processor and DQ77MK motherboard to build on that foundation and demonstrate what has changed in the last year.

The Core i7-3770 is one of Intel's highest-end Ivy Bridge-based processors based on the company's 22 nm manufacturing process. It's very similar to the enthusiast-oriented Core i7-3770K, except that its base frequency is 100 MHz lower and it doesn't have an unlocked ratio multiplier. Also, the non-K-series SKU does include vPro and VT-d support. 

Beyond specific CPU model requirements, vPro support also necessitates a compatible chipset and motherboard. On the desktop, Intel's Q77 is the only 7-series Platform Controller Hub that qualifies. In the mobile space, QM77 gets that distinction. 

Not surprisingly, then, our DQ77MK motherboard comes armed with a Q77 PCH. It lacks a lot of the features we typically look for in our motherboard round-ups, which typically emphasize the feature power users want, but instead leans on integration. Integrated graphics, native USB 3.0, one of Intel's gigabit Ethernet controllers, and PCH-based storage all work together to benefit performance, power, and interoperability.

We see a typical desktop board with a few hard-to-spot (unique) features. First, between the SATA ports and expansion slots, there's a mini-PCIe slot. You'd commonly find a wireless networking adapter or mSATA-based SSD plugged in. And, given Q77's support for Smart Response Technology (essentially, SSD caching), it's most probable that you'd drop a small solid-state repository in that slot and use a larger 3.5" disk drive for user data.

There is a single 16-lane PCI Express slot for discrete graphics upgrades. Depending on whether you use an Ivy or Sandy Bridge-based CPU, that interface runs at either 3.0 or 2.0 transfer rates.

Other expansion slots include a PCI Express x1 slot, a legacy PCI slot, and an open-ended PCI Express x4 slot. The fact that the x4 physical connector doesn't have a back means that larger, more bandwidth-intensive cards can be slid in and still operate at reduced speeds. A storage controller, for instance, might employ a x8 slot. It'll still work in an open-ended x4 interface, though.

The DQ77MK's rear I/O panel hosts a fairly standard array of USB 2.0, USB 3.0, FireWire, eSATA, Ethernet, and audio connectors. Intel exposes two DVI outputs and a DisplayPort connector, too, corresponding to the Ivy Bridge architecture's ability to drive three independent displays concurrently.

A quick look at all four of the vPro generations we've analyzed definitely reveals a handful of trends:

Four Generations of Intel vPro-Capable Motherboards
MotherboardDQ45CBDQ57TMDQ67SWDQ77MK
Processor Interface
LGA 775LGA 1156LGA 1155LGA 1155
Form FactorMicro ATXMicro ATXMicro ATXMicro ATX
Memory TypeDDR2DDR3DDR3DDR3
Graphics OutputsDVI-I, DVI-DDVI-I, DVI-D, Display PortDVI-I, DVI-D, Display PortDVI-I, DVI-D, Display Port
USB 2.0 Ports1214128
USB 3.0 Ports0024
SATA 3Gb/s6523
SATA 6Gb/s Ports0022
eSATA Ports1121
10/100/1000 NICIntel 82567LMIntel 82578DMIntel 82574LMIntel 82579LM and Intel 82574L
Intel AMT Version5.x6.x7.x8.x


The integration of USB 3.0 makes it easier for Intel to expose more of the higher-speed interface on its DQ77MK motherboard, whereas the previous generation needed an add-on controller. Also, the company is, for the first time, arming its business-class motherboard with two gigabit-class network controllers. Intel's 82574L is perhaps the most widely-supported gigabit controller out there, and if you use this platform under an operating environment other than Windows or Linux (say, VMware ESXi, FreeBSD, or even OpenSolaris), the 82574L should be immediately recognized. A second controller also allows more complex networking configurations, such as link aggregation.

9. Hands-On With vPro For 2012

Probably the two biggest feature changes in this generation of vPro happen to the display pipeline.

First, the Ivy Bridge architecture adds support for a third display output. Intel now gives vPro the ability to allow that trio of screens to be accessed through the remote management interface. Second, the company adds support for monitors in portrait mode (instead of the standard landscape orientation), even if only one of the three screens is set up that way. Around the offices where I consult, there really are a notable number of users who rotate their screens into portrait mode for working in Word or on certain websites. Likewise, I increasingly see more multi-monitor arrays, particularly as 1920x1080 panels come down in price. Adding support for these additional video modes makes troubleshooting less cumbersome for IT professionals.

In Intel vPro: Three Generations Of Remote Management, we looked at the interaction between vPro and Active Management Technology. This time around, we went so far as to perform a remote BIOS update on our DQ77MK. To accomplish this, we logged into Windows through RealVNC's VNC Viewer Plus.

As you can see, the picture quality is very good. KVM Remote Control supports resolutions as high as 1920x1200 with 16-bit color, so you don't get the graininess you'd expect from some software-based remote management solutions.

From the Windows desktop, I was able to browse to Intel's support site remotely and download the updated BIOS package I needed. Double-clicking the installation unpacks a number of files and reboots the machine. Because KVM Remote works out-of-band, even when I'm looking at a command prompt (out of Windows), the remote display is still very much accessible.

Generally, if we were using an RDP or traditional VNC solution, it'd be very difficult to monitor a process like this remotely. Instead, we're even able to hop in the client system's BIOS and make changes.

You can see that accessing the DQ77MK's UEFI comes complete with mouse support, making navigation even easier. It's as if we're sitting right in front of the machine.

The board's firmware features several security settings that warrant attention, either upon initial setup or shortly thereafter. Use those options to help lock down sensitive components and help prevent unauthorized changes that could either bring an important system down or lead to compromised data.

Beyond jumping onto a remote client through VNC Viewer Plus, Intel also offers a Web-based GUI to control the features of Active Management Technology. This generation, AMT gets incremented to version 8.0, though most features appear similar for the most part.

Logging in to the interface is pretty easy once you enable remote log-in. With the Web service running, navigate to the client machine's IP address on port 16992.

From there, you have access to the features we introduced in last year's exploration of vPro. One that we really like, and want to mention again, is the ability to specify a boot device when the remote system restarts.

This option lets an administrator remotely boot to a recovery image directly from the Web-based interface, saving time/cost on a desk-side visit.

10. An Introduction To Intel Anti-Theft Technology

Intel's Anti-Theft technology is now in its fourth generation. More than anything, it's intended to prevent unauthorized parties from getting sensitive data by bricking a machine before its contents can be compromised. Sometimes, that might mean the system doesn't get recovered. But more important than the one or two thousand dollars of lost hardware is the potentially-priceless value of financial documents, customer lists, privileged medical records, and other information you simply cannot afford to have fall into the wrong hands.

Particularly as notebooks in general become viable desktop replacements that employees take with them on the road and then dock at home, theft becomes a larger issue. It's just not all that difficult to abscond with a two-pound Ultrabook. Should a thief snag your notebook at an airport, in a coffee shop, or on the subway, you simply call your help desk or Anti-Theft service provider, let them know, and they're able to push a poison pill, disabling the hardware immediately. Should the system be recovered, it's then possible to reverse the process.

Anti-Theft has its own list of requirements. First, you need to have hardware support. Intel pushes this feature aggressively, but not all OEMs enable it. A service subscription is also necessary. Once you pick a vendor for Anti-Theft service, your compatible hardware has to synchronize with the company's servers to activate protection. A quick glance at the Management Engine's Anti-Theft screen on our machine tells us that the feature is available, but not active.

Intel's Anti-Theft information page features four service vendors: Intel, McAfee (now Intel-owned), Symantec, and Absolute Software.

Intel has its own Anti-Theft service, which makes sense when you consider that the company sells hardware but still depends on a reliable software solution. By priming the market with its own offering, Intel enables a baseline service customers can lean on to take advantage of Anti-Theft.

McAffee, now an Intel subsidiary, currently offers a beta implementation. You can sign-up for it and get 90 days of protection under the beta program.

LoJack is probably best known as an automotive brand, but it's now being used to market a service for Intel's Anti-Theft technology. You can sign up for between one and three years of service with different features. All levels allow for location, locking, remote data deletion, and recovery. The premium offerings include an up-to-$1000 guarantee if Absolute doesn't recover the hardware or has to enable Data Delete.

Finally, Symantec has its own Norton Anti-Theft. Most people already know Symantec and its Norton brand for its anti-virus and security suites, so extending the family to include Anti-Theft is pretty logical.

Personally, I have several friends who have located lost phones with various mobile services. One thing they all had in common was never using the recovery interface prior to losing their devices. So, next, we'll look at what remotely locking a machine with Anti-Theft looks like.

11. Intel Anti-Theft Technology, In Practice

Symantec's solution comes with a free eight-day demo. In practice, the other solutions all work similarly (Ed.: I've used Absolute Software's, and it is indeed very much like what's illustrated here). 

First things first. You have to sign up for Norton's Anti-Theft service. This easily integrated with my existing account, which I admittedly had forgotten about. After signing up, you download the Norton Anti-Theft package and install the software. Then, you see the following confirmation message:

From your Anti-Theft account page, you can see the laptop's current location on a map.

As an aside, the device that shows up in Milpitas, California is actually located down the freeway in Mountain View, California, about four city blocks from Symantec's global headquarters. The desktop we're testing doesn't have a GPS receiver or cellular card in it, so the service is likely tracing our machine to a broadband service provider's facility.

With the system protected, and assuming you lose it (or just want to test the service's functionality), you can log in to your Norton account and lock the device remotely.

At this point, you get to create a lock code and type in a personal message, if you want. The default notification assumes your machine is in the hands of a do-gooder; it requests that they turn the machine into police. You can also customize the message a bit, depending on your humor or angst.

You can then use the same map view to track your machine. In the example below, it shows up as Missing and Online.

Within about 45 seconds, my "lost" machine (which I was logged into), suddenly logged out of Windows and displayed the following message:

I verified that this worked locally, and by checking through Windows 7's remote desktop functionality. The lock screen conveys the default message you specified, plus a space to enter a PIN created on the website. Fortunately, I remembered the PIN and removed the Symantec lock myself.

The high-point of Anti-Theft is its ability to lock down potentially vulnerable assets using a Web-based service. Consequently, it's an effective deterrent for any would-be criminal who knows what Anti-Theft does. Hopefully, he or she will move on to the next unprotected notebook without the security feature. Of course, the same smart crook might also know that staying off a network prevents the Anti-Theft service from reaching it. In that case, you're able to set up a trigger whereby the passage of time without a check-in automatically locks the machine.

12. Business-Class Features Evolving In 2012

Lining up the latest incarnation of vPro, the new Small Business Advantage offering, and Anti-Theft technology is enlightening. Already familiar with most of what vPro entails and not particularly impressed with what SBA incorporates (we're enthusiasts, after all, capable of turning our own machines on and off), Anti-Theft technology is perhaps the most interesting development. Intel's decision to include the base functionality in its Ultrabook brand, subsequently allowing customers to use the feature through multiple service providers (or not at all) is a great one.

The company's continued focus on beefing up business-oriented features is different than what we're seeing from AMD right now. Largely focused on the client side, AMD is putting much of its effort into creating an ecosystem of hardware and software designed to accelerate workloads using x86 and graphics resources. In the process, however, initiatives like DASH have falling away completely. When it comes to remote management and enterprise-oriented security enabled through hardware, Intel has no competition.

I'd really like to see Intel do more with its feature-unlocking business. We've seen the company dabble in this before, letting customers access additional performance. But it'd be particularly impressive to open up the door to some or all of SBA's functionality with a simple upgrade. Or, maybe it could turn Anti-Theft technology on where it might not have been accessible before, so long as other platform-based requirements are met. And let's say you're using an Ivy Bridge-based CPU on a Z77-equipped motherboard. Why not make it possible for enthusiasts to access their systems from distance using a form of KVM Remote Control?

A look at Small Business Advantage makes it clear that Intel is trying to create a low-cost solution for home users and small businesses that may not have access to tech-savvy help for simple tasks. I can think of more than a few family members who, over the years, could have benefited from nightly backups. Likewise, the ability to schedule maintenance tasks after hours has the potential to improve productivity during the day quite a bit. And it's certainly cool that a workstation will boot itself up, handle business, and shut itself down afterward to conserve energy. When my work laptop boots up in the morning and I see a critical update pending, requiring a download, install, and reboot, I lose a lot of time. I also have clients who use very restrictive USB blocking programs that ban every device, unlock Intel's USB Blocker and its ability to selectively limit access to certain hardware classes. Intel's decision to limit SBA to B75- and Q77-based platforms does make some sense, since those are business-oriented chipsets. But we hope to see the company expand out to include more mainstream desktops as well.

The additions to vPro in 2012 are decidedly evolutionary, including triple-display support (with support for portrait orientations) and administration enhancements like Setup and Configuration Server 8.0. The new platform represents a solid entry-point for businesses not already vPro-enabled. However, anyone with a Sandy Bridge-based setup should feel comfortable sticking with it for the time being. Obviously, getting into an Ultrabook now will bump you up to the latest version of vPro, though. 

Anti-Theft technology, now in its fourth generation, can be enabled on both SBA and vPro platforms. This was actually my first time using a machine with this feature activated, but I found it to be easy to setup and unobtrusive during everyday tasks. There are, naturally, some constraints associated with it. For example, your protected device should be connected to a network. It's some consolation, though, that a system with its networking hardware disabled can be made to lock automatically after not checking in for a certain number of days. Also, the location services we witnessed from Anti-Theft on the desktop could have certainly been more accurate.

SBA, vPro, and Anti-Theft have no impact on the performance or, really, the power consumption of your machines. However, the convenience, cost-savings, and security they enable are compelling differentiators. Even faced with a lack of competition, we're glad to see Intel evolving its approach to the way we handle and access our business-oriented computing devices.