Intel vPro In 2012, Small Business Advantage, And Anti-Theft Tech.

Features
By Patrick Kennedy
published

One year ago, we took a look at three generations of Intel's vPro, charting how its features evolved. Now, we have a new version to explore. Additionally, we're putting Anti-Theft technology to the test, along with the new Small Business Advantage suite.

Intel's Update To vPro For 2012

Intel's vPro technology is composed of several features that the company says protects businesses in four ways: threat management, identity and access, data and asset protection, and monitoring and remediation. Although a number of vPro's capabilities are accessed through software, specific hardware hooks are required to enable things like out-of-band management and high-res remote access. 

Satisfying the hardware requirements to enable vPro can be tricky; your processor, chipset, firmware, and network controller all need to be compatible. This is made more challenging by Intel's nomenclature, which doesn't make it particularly clear whether a given CPU supports vPro or not. For example, the flagship enthusiast Core i7-3770K is not vPro-enabled. It's missing Trusted Execution Technology and VT-d, too. 

Beyond limiting compatibility at the high-end, Intel also clips support from its lower-end chips, likely in a move to sell more expensive CPUs into businesses requiring vPro's feature set. The Core i5-3450 we used in our Small Business Advantage-capable machine isn't even on the company's list. Rather, you need at least a Core i5-3470 to get vPro support from Ivy Bridge-based hardware. What follows is a current list of vPro-enabled CPUs from the third-gen Core family:

Swipe to scroll horizontally
Intel Third-Gen Desktop Core Processor
ModelCores / ThreadsClock RateMax. Turbo FrequencyL3 CacheTDPMSRP
Core i7-3770S4/83.1 GHz3.9 GHz8 MB65 W$294
Core i7-3770T4/82.5 GHz3.7 GHz8 MB45 W$294
Core i7-37704/83.4 GHz3.9 GHz8 MB77 W$294
Core i5-3475S4/42.9 GHz3.6 GHz6 MB65 W$201
Core i5-3570S4/43.1 GHz3.8 GHz6 MB65 W$205
Core i5-35704/43.4 GHz3.8 GHz6 MB77 W$213
Core i5-3470T2/42.9 GHz3.6 GHz3 MB35 W$184
Core i5-3470S4/42.9 GHz3.6 GHz6 MB65 W$184
Core i5-34704/43.2 GHz3.6 GHz6 MB77 W$184
Core i5-35504/43.3 GHz3.7 GHz6 MB77 W$205
Core i5-3550S4/43 GHz3.7 GHz6 MB65 W$205
Core i5-3570T4/42.3 GHz3.3 GHz6 MB45 W$205

Intel's standard-voltage processors are 77 W parts. The -S and -T suffixes indicate low-power options, which, remember, include the thermal ceiling for processing and graphics resources (they share the die's TDP). 

Increasingly, mobile platforms are a big focus for vPro, and an additional 13 Ivy Bridge-based mobile CPUs include vPro support, too.

Swipe to scroll horizontally
Intel Third-Gen Mobile Core Processor
ModelCores / ThreadsClock RateMax. Turbo FrequencyL3 CacheTDPMSRP
Core i7-3920XM4/82.9 GHz3.8 GHz8 MB55 W$1096
Core i7-3555LE2/42.5 GHz3.2 GHz4 MB25 W$360
Core i7-3517UE2/41.7 GHz2.8 GHz4 MB17 W$330
Core i7-3520M2/42.9 GHz3.6 GHz4 MB35 W$346
Core i7-3667U2/42 GHz3.2 GHz4 MB17 W$346
Core i7-3820QM4/82.7 GHz3.7 GHz8 MB45 W$568
Core i7-3615QE4/82.3 GHz3.3 GHz6 MB45 W$393
Core i7-3612QE4/82.1 GHz3.1 GHz6 MB35 W$426
Core i7-3610QE4/82.3 GHz3.3 GHz6 MB45 W$393
Core i5-3610ME2/42.7 GHz3.3 GHz3 MB35 W$276
Core i5-3360M2/42.8 GHz3.5 GHz3 MB35 W$266
Core i5-3320M2/42.6 GHz3.3 GHz3 MB35 W$225
Core i5-3427U2/41.8 GHz2.8 GHz3 MB17 W$225

Intel also enables vPro on some of its Xeon processors, though many of those chips don't include integrated graphics, which is necessary for Remote KVM support.

If you have a vPro-enabled workstation with Intel's C216 chipset and a Xeon E3-12x5 V2 CPU, you can use a number of the technology suite's features, in addition to more enterprise-oriented hardware like ECC-capable DDR3 DIMMs.

Patrick Kennedy
7 Comments Comment from the forums
  • bit_user
    Toms, you really need to blow the lid off the incredibly dangerous security flaws in vPro that can enable undetectable and irremovable rootkits. semiaccurate.com did some reporting on this. Please alert the mainstream. The exploit was already demonstrated some time ago.

    Thanks.
    Reply
  • bit_user
    I don't know if it's allowed, but here's the link:

    http://semiaccurate.com/2012/05/15/intel-small-business-advantage-is-a-security-nightmare/

    Maybe the editors will read it before they remove this post. It's not a terribly well-written article. That's where you can help, Tom's.
    Reply
  • freggo
    Why not integrate a GPS receiver into the motherboard and than have an option to define 'allowed' active areas for the system. For desktops that should be no problem as they do not get moved much.

    For laptops you may have to take a bit more time defining your typical usage area of course; you could even let the laptop track your typical usage location patterns so it can make recommendations for the best setup.

    If the systems is outside the area either request a special password or some other form of identification to unlock the machine either for one time or for inclusions of the current location into the allowed area.

    Damn, I should get that patented :-)

    Reply
  • bigdragon
    I have a hard time reading this lengthy article after all the trouble I've had with Intel's DBS1200KP and DBS1200KPR. Intel keeps promoting virtualization, but they failed to implement VT-d on that product even though there's no reason for it not to be supported.
    Reply
  • StitchExperiment626
    Backup is my complaint! Doing a full backup every night there isn't enough time.
    Reply
  • jkflipflop98
    Keep in mind, all the garbage you read on that site is by Charlie Demerjian. . . who honestly doesn't know much about anything.
    Reply
  • labtech drew
    Having owned an MSP (Managed Service Provider), with hundreds of customers, and thousands of machines under management, vPro add's enormous cost savings when implemented.

    Customer has a blue screen? No problem, you can KVM right in and see the issue.

    Workstation hung after remotely applying patches - calling the user and saying "Can you go over and hold the power button for me?" is no longer necessary. Simply shutdown the machine via vPro and power it back on. Even remotely re-imagine a machine from backup is possible.

    However, my favorite use case is the instant back to work use case. End user hard drive fails - obviously a truck roll is needed, but the most important thing is to get the user productive again. Leverage vPro's ability to redirect IDE (IDEr) to a network Live Linux CD at least gets the user in to Web Outlook, if not 100% back in business.

    How about power savings? Schedule machines to auto shutdown at night, and for your patch window, use vPro to power up the workstations, apply the patches, power down (from windows) and if a machine hangs on shutdown use the vPro power off command. Allows for nightly maintenance and keeps costs savings maximized.

    Rolling out vPro can be a bit of work using native tools, but there are solutions available (shameless plug) like LabTech Software (http://www.labtechsoftware.com) which can remotely provision and manage vPro along with any other IT management function you can think of.

    -Drew

    Full disclosure: Having ran an MSP and worked with many enterprises, out of band management tools were critical in every mature organization I worked with. As a co-founder of LabTech Software, I have engaged Intel and we are working closely to build out solutions that vPro truly solves for.
    Reply