A guide to desktop management
Published: 26 Jun 2007
The software connection
The vPro components provided by Intel are of little value without management software. These tools are needed to read the inventory data, issue the reboot commands, provide the remote diagnostics and generally take advantage of what the new hardware technologies have to offer. To this end, Intel publishes an API and a development toolkit for third-party developers, which most of the big-name software houses are starting to adopt.
Companies such as Altiris (now part of Symantec) for example, whose software supports AMT and other VPro components and is bundled with HP business desktops, many of which are now also vPro-enabled. Microsoft, too, supports AMT in its desktop management products, as does Computer Associates and others, although the level of support varies and integration is still at a fairly embryonic stage even among the top names. You can find a list of vPro-compliant management software on Intel's web site.
A virtual piece of the puzzle
Another key component of the vPro solution is the dual-core Intel Core 2 Duo processor, which provides sufficient processing power to run the management and security features without impacting on the desktop PC's primary uses. More than that, thanks to its Intel VT virtualisation extensions, the Core 2 Duo processor enables custom security appliances to be run in the background in their own secure virtual environments.
These virtual appliances sit between the desktop and the network and so are able to filter in-bound and out-bound traffic for potential threats that might otherwise compromise the PC’s viability. Such virtual appliances will also be able to set rate limits and fully isolate a PC from the network when a potential threat is identified, providing a more secure disconnect than traditional software-based quarantine services, which can be circumvented by hackers, viruses, worms and user tampering.
Here again, implementation will be dependent on third-party developers coming up with code to run in the virtual environment provided through vPro and the Core 2 Duo processor. However, a number of vendors, including Red Hat, have already announced their intention to do just that. Furthermore, in the latest implementation of AMT, Intel has introduced its own filtering tools built into the firmware as standard.
And wireless too
One major hurdle facing any desktop management solution has to be the increasing mobility of the business workforce. Notebooks and Wi-Fi wireless networking are now commonplace, making it even harder to keep a company's PCs properly configured and secure.
Intel’s answer is to enhance its AMT technology to support secure remote management over wireless as well as conventional wired Ethernet networks. This is now possible using Centrino Pro-branded notebooks based on the Mobile Intel 965 Express chipset, which includes the latest AMT 2.5 firmware. Centrino Pro notebooks are now available from from most of the major vendors.
When connected to a corporate network, Centrino Pro notebooks can be managed wirelessly alongside wired vPro-enabled desktops — from the same management consoles using the same secure out-of-band communication channels, remote power up and boot facilities and so on. They can also be managed when outside the corporate firewall over a standard OS-dependent VPN connection, although functionality will be reduced in such circumstances.
Previous
- A guide to desktop management
- Blade PCs: the ultimate managed desktops
- Vista in the enterprise
- Desktop Management : Make The Case (PDF)
Did you find this article useful?
