Intel vPro Processor Technology* is designed to improve management of PC systems and provide proactive security. It is a combination of Intel AMT (Active Management Technology) and Intel VT (Virtualization
Technology).
Intel AMT provides several defense mechanisms against malicious software attacks:
•System Defense to monitor and control network traffic.
•Network Outbreak Containment to isolate a compromised system.
•Agent Presence to detect malfunctioning software.
In addition to the system protection Intel AMT provides, the hardware virtualization capabilities of Intel VT
allows for a “virtualized layer” of protection. This virtualized layer protection is accomplished by what is
known as a Virtual Appliance (VA).
The HP Compaq dc7800p Business PC is Intel vPro Processor Technology compliant.
The HP Compaq dc7700p Business PC is fully Intel vPro Processor Technology compliant and readily supports Virtual Appliances with the appropriate BIOS update. See “BIOS Requirements” on page 3 for
*details.
*The HP dc7800p and dc7700p PCs are enabled for Intel vPro Processor Technology. Some functionality of this technology, such as
Intel Active Management Technology and Intel Virtualization Technology, requires additional 3rd party software to run. Availability
of future “virtual appliance” applications for Intel vPro Processor Technology is dependant on 3rd party software providers. Compatibility of this generation of Intel vPro Processor Technology-based hardware with future “virtual appliances” and Microsoft Windows
Vista operating system is yet to be determined.
What is Virtualization?
Virtualization is an abstraction layer that separates physical system resources from an operating system. It
allows a single processor to run multiple operating systems simultaneously and independently through the
use of a Virtual Machine Monitor (VMM). A VMM is also known as a hypervisor and is software that handles the sharing of system resources between different operating systems running beneath it.
Intel Virtualization Technology (VT) provides hardware support for virtualization. This simplifies the need
for complex VMM software. A Light-weight Virtual Machine Monitor (LVMM) can be used instead of a full
VMM.
What is a Virtual Appliance?
A Virtual Appliance is a virtualized environment that runs independently yet concurrently with the Client
Operating System (COS). It is transparent to the COS and the user. The purpose of a VA is to protect the
COS from malicious software attacks and provide automatic security updates without user intervention.
A VA is composed of several components: an LVMM, a Service OS (SOS), and embedded applications.
The LVMM, along with Intel VT, virtualizes the VA from the COS. The SOS executes the embedded applications within the VA. Using a management console, IT personnel can control a VA. VA packages are
available through third party vendors such as Symantec or Altiris.
2
Virtual Appliance Generations
Virtual Appliance 2.0 features include:
•SOS based on Windows CE 5.0
•COS is Windows XP 32-bit
•Supports AMT 2.1 and later
The HP Compaq dc7700p Business PC shipped in 2006 and will have a VA 2.0 compliant BIOS available in September 2007 (see “BIOS Requirements” on page 3).
The version of VA 2.0 on the HP Compaq dc7700p is VA 2.0.1, which is VA 2.0 with an Intel LVMM hotfix. For the purposes of this white paper, VA 2.0 is listed to avoid confusion. See “Known Limitations” on
page 11.
Virtual Appliance 2.6 features include:
•All features of VA 2.0
•Support for AMT 3.0
VA 2.6 is backwards compatible with VA 2.0 and supports both HP Compaq dc7700p and dc7800p
Business PCs. The HP Compaq dc7800p Business PC shipped in 2007.
BIOS Requirements
The HP Compaq dc7800p Business PC uses the 786F1 BIOS family. Use BIOS version 1.04 or later for
best compatibility and performance with VA 2.6.
The HP Compaq dc7700p Business PC uses the 786E1 BIOS family. Use BIOS version 3.03 or later for
best compatibility and performance with VA 2.0 and VA 2.6.
Intel Virtualization Technology must be enabled in F10 Setup before a VA can be launched. VT is disabled by default in F10 Setup.
A VA can be installed with VT enabled or disabled, although some VA installers may warn users that VT
is disabled during installation. If VT is disabled during installation, enter F10 Setup and enable VT after
the installation is complete.
There are two kinds of Intel Virtualization Technology: VTx and VTd.
Intel Virtualization Technology for IA-32 processors (VTx) deals with virtualization at the processor level.
This must be enabled for a VA to function.
Virtualization Technology Directed I/O (VTd) is an extension of VTx and deals with virtualization at the
chipset level. VTd provides the capability to control DMA accesses and direct them to specific domains
which are regions in physical memory.
All Core 2 Duo processors support VTx. More advanced versions of Core 2 Duo also support VTd in addition to VTx. Depending on which VT is supported by the processor, one or both options may appear in
F10 Setup.
3
The VT options are located in the Security tab in F10 Setup.
For the HP Compaq dc7700p Business PC, go to:
• Security > OS Security > Virtualization Technology (VTx)
For the HP Compaq dc7800p Business PC, go to:
• Security > System Security > Virtualization Technology (VTx)
If the processor supports Intel Trusted Execution Technology (TxT), then that option will also appear under
System Security below the VT options on a HP Compaq dc7800p Business PC. TxT is a processor feature that protects data on the system and verifies that the system is loading from a known safe state. TxT is
not required for VA2.0 or VA2.6.
BIOS Recommendation
HP recommends that administrators set an F10 Setup password and a MEBx password when deploying
Virtual Appliances. HP also recommends that IT administrators disable Removable Media Boot in
F10 Setup, located at: Storage > Storage Options > Removable Media Boot
This prevents malicious users from bypassing the SOS boot.
Hardware Requirements
An Intel vPro processor technology capable system is required to use a VA.
VA 2.0 requires the following hardware:
•Intel Core 2 Duo processor (E6x00)
•Intel Q965 with ICH8-DO chipset
•Intel 82566DM Network Interface Controller
A TPM is needed for VA 2.0 is to hash the VA boot record. It has to be unhidden, but does not have to be
enabled.
VA 2.6 must have the following hardware:
•Intel Core 2 Duo processor (E6x50)
•Intel Q35 with ICH9-DO chipset
•Intel 82566DM Network Interface Controller
•1. 2 TC P c om p l i a nt T P M
The HP Compaq dc7700p Business PC is an Intel vPro processor technology branded system that meets
all Intel vPro processor technology hardware requirements and supports VA 2.0 and VA 2.6 with the
appropriate BIOS update.
4
The HP Compaq dc7800p Business PC is an Intel vPro processor technology branded system that meets
all Intel vPro processor technology hardware requirements and supports VA 2.6.
In addition to the hardware requirements, HP recommends that the system has a minimum of 1-GB RAM.
Virtual Appliance Installation
Currently, VA 2.0 and VA 2.6 must be installed on a system with Windows XP 32-bit. The system must
meet or exceed the hardware and BIOS requirements mentioned in the previous sections.
The following provides an example of a VA 2.6 appliance installation:
1.Run the VA Setup file.
2. Follow the directions from the installer.
3. Reboot the system.
4. If necessary, enable VT in F10 Setup, and then reboot.
5. Go into the MEBx by pressing Ctrl+P during POST.
6. Type the MEBx password.
7.Select Intel AMT Configuration.
The VA Configuration option will now be available at the bottom of the AMT Configuration list.
Figure 1 VA Configuration option in the MEBx
5
Loading...
+ 9 hidden pages
You need points to download manuals.
1 point = 1 manual.
You can buy points or you can get point for every manual you upload.