Intel's vPro technology is composed of several features that the company says protects businesses in four ways: threat management, identity and access, data and asset protection, and monitoring and remediation. Although a number of vPro's capabilities are accessed through software, specific hardware hooks are required to enable things like out-of-band management and high-res remote access.
Satisfying the hardware requirements to enable vPro can be tricky; your processor, chipset, firmware, and network controller all need to be compatible. This is made more challenging by Intel's nomenclature, which doesn't make it particularly clear whether a given CPU supports vPro or not. For example, the flagship enthusiast Core i7-3770K is not vPro-enabled. It's missing Trusted Execution Technology and VT-d, too.
Beyond limiting compatibility at the high-end, Intel also clips support from its lower-end chips, likely in a move to sell more expensive CPUs into businesses requiring vPro's feature set. The Core i5-3450 we used in our Small Business Advantage-capable machine isn't even on the company's list. Rather, you need at least a Core i5-3470 to get vPro support from Ivy Bridge-based hardware. What follows is a current list of vPro-enabled CPUs from the third-gen Core family:
| Intel Third-Gen Desktop Core Processor | ||||||
|---|---|---|---|---|---|---|
| Model | Cores / Threads | Clock Rate | Max. Turbo Frequency | L3 Cache | TDP | MSRP |
| Core i7-3770S | 4/8 | 3.1 GHz | 3.9 GHz | 8 MB | 65 W | $294 |
| Core i7-3770T | 4/8 | 2.5 GHz | 3.7 GHz | 8 MB | 45 W | $294 |
| Core i7-3770 | 4/8 | 3.4 GHz | 3.9 GHz | 8 MB | 77 W | $294 |
| Core i5-3475S | 4/4 | 2.9 GHz | 3.6 GHz | 6 MB | 65 W | $201 |
| Core i5-3570S | 4/4 | 3.1 GHz | 3.8 GHz | 6 MB | 65 W | $205 |
| Core i5-3570 | 4/4 | 3.4 GHz | 3.8 GHz | 6 MB | 77 W | $213 |
| Core i5-3470T | 2/4 | 2.9 GHz | 3.6 GHz | 3 MB | 35 W | $184 |
| Core i5-3470S | 4/4 | 2.9 GHz | 3.6 GHz | 6 MB | 65 W | $184 |
| Core i5-3470 | 4/4 | 3.2 GHz | 3.6 GHz | 6 MB | 77 W | $184 |
| Core i5-3550 | 4/4 | 3.3 GHz | 3.7 GHz | 6 MB | 77 W | $205 |
| Core i5-3550S | 4/4 | 3 GHz | 3.7 GHz | 6 MB | 65 W | $205 |
| Core i5-3570T | 4/4 | 2.3 GHz | 3.3 GHz | 6 MB | 45 W | $205 |
Intel's standard-voltage processors are 77 W parts. The -S and -T suffixes indicate low-power options, which, remember, include the thermal ceiling for processing and graphics resources (they share the die's TDP).
Increasingly, mobile platforms are a big focus for vPro, and an additional 13 Ivy Bridge-based mobile CPUs include vPro support, too.
| Intel Third-Gen Mobile Core Processor | ||||||
|---|---|---|---|---|---|---|
| Model | Cores / Threads | Clock Rate | Max. Turbo Frequency | L3 Cache | TDP | MSRP |
| Core i7-3920XM | 4/8 | 2.9 GHz | 3.8 GHz | 8 MB | 55 W | $1096 |
| Core i7-3555LE | 2/4 | 2.5 GHz | 3.2 GHz | 4 MB | 25 W | $360 |
| Core i7-3517UE | 2/4 | 1.7 GHz | 2.8 GHz | 4 MB | 17 W | $330 |
| Core i7-3520M | 2/4 | 2.9 GHz | 3.6 GHz | 4 MB | 35 W | $346 |
| Core i7-3667U | 2/4 | 2 GHz | 3.2 GHz | 4 MB | 17 W | $346 |
| Core i7-3820QM | 4/8 | 2.7 GHz | 3.7 GHz | 8 MB | 45 W | $568 |
| Core i7-3615QE | 4/8 | 2.3 GHz | 3.3 GHz | 6 MB | 45 W | $393 |
| Core i7-3612QE | 4/8 | 2.1 GHz | 3.1 GHz | 6 MB | 35 W | $426 |
| Core i7-3610QE | 4/8 | 2.3 GHz | 3.3 GHz | 6 MB | 45 W | $393 |
| Core i5-3610ME | 2/4 | 2.7 GHz | 3.3 GHz | 3 MB | 35 W | $276 |
| Core i5-3360M | 2/4 | 2.8 GHz | 3.5 GHz | 3 MB | 35 W | $266 |
| Core i5-3320M | 2/4 | 2.6 GHz | 3.3 GHz | 3 MB | 35 W | $225 |
| Core i5-3427U | 2/4 | 1.8 GHz | 2.8 GHz | 3 MB | 17 W | $225 |
Intel also enables vPro on some of its Xeon processors, though many of those chips don't include integrated graphics, which is necessary for Remote KVM support.
If you have a vPro-enabled workstation with Intel's C216 chipset and a Xeon E3-12x5 V2 CPU, you can use a number of the technology suite's features, in addition to more enterprise-oriented hardware like ECC-capable DDR3 DIMMs.
- Tom's Hardware Revisits vPro, Tests Anti-Theft, And Explores SBA
- Intel Small Business Advantage: The Software
- Intel Small Business Advantage: The Hardware
- Installing Intel Small Business Advantage
- Hands-On With Small Business Advantage's Features
- Hands-On With Small Business Advantage's Features, Continued
- Intel's Update To vPro For 2012
- Upgrading Our vPro Platform: The Ivy Bridge Generation
- Hands-On With vPro For 2012
- An Introduction To Intel Anti-Theft Technology
- Intel Anti-Theft Technology, In Practice
- Business-Class Features Evolving In 2012
Thanks.
http://semiaccurate.com/2012/05/15/intel-small-business-advantage-is-a-security-nightmare/
Maybe the editors will read it before they remove this post. It's not a terribly well-written article. That's where you can help, Tom's.
For laptops you may have to take a bit more time defining your typical usage area of course; you could even let the laptop track your typical usage location patterns so it can make recommendations for the best setup.
If the systems is outside the area either request a special password or some other form of identification to unlock the machine either for one time or for inclusions of the current location into the allowed area.
Damn, I should get that patented :-)
http://semiaccurate.com/2012/05/15/intel-small-business-advantage-is-a-security-nightmare/
Maybe the editors will read it before they remove this post. It's not a terribly well-written article. That's where you can help, Tom's.
Thanks for this. I'd like more information.
Customer has a blue screen? No problem, you can KVM right in and see the issue.
Workstation hung after remotely applying patches - calling the user and saying "Can you go over and hold the power button for me?" is no longer necessary. Simply shutdown the machine via vPro and power it back on. Even remotely re-imagine a machine from backup is possible.
However, my favorite use case is the instant back to work use case. End user hard drive fails - obviously a truck roll is needed, but the most important thing is to get the user productive again. Leverage vPro's ability to redirect IDE (IDEr) to a network Live Linux CD at least gets the user in to Web Outlook, if not 100% back in business.
How about power savings? Schedule machines to auto shutdown at night, and for your patch window, use vPro to power up the workstations, apply the patches, power down (from windows) and if a machine hangs on shutdown use the vPro power off command. Allows for nightly maintenance and keeps costs savings maximized.
Rolling out vPro can be a bit of work using native tools, but there are solutions available (shameless plug) like LabTech Software (http://www.labtechsoftware.com) which can remotely provision and manage vPro along with any other IT management function you can think of.
-Drew
Full disclosure: Having ran an MSP and worked with many enterprises, out of band management tools were critical in every mature organization I worked with. As a co-founder of LabTech Software, I have engaged Intel and we are working closely to build out solutions that vPro truly solves for.