Intel CORE I7, CORE I5 User Manual

The All New 2010 Intel® Core™ vPro™ Processor Family: Intelligence that Adapts to Your Needs

Secure your PCs. Cut your costs. Achieve more control. Now that’s smart ROI.

White Paper

Intel® Core™ i7 vPro™ Processor

Intel® Core™ i5 vPro™ Processor

PCs powered by a new 2010 Intel® Core™ vPro™ processor can adapt to the needs of your business with smart security, cost-saving manageability, and intelligent, adaptable performance. designed to keep downtime and desk-side visits to a minimum, helping IT reduce costs and improve services through enhanced remote monitoring, KVM Remote Control if the PCs are shut down or the operating system (OS) is unresponsive. Intelligent, energy-efficient performance – including Intel® Turbo Boost Technology to a user’s multitasking demands so the PC consumes only the power it needs. With an all new 2010 Intel Core vPro processor inside, PCs can even disable themselves via Intel® Anti-Theft Technology new Intel Core vPro processor, control meets cost savings while still delivering exceptional business performance.

(keyboard video mouse), and other tools to diagnose and repair PCs – even

The all new 2010 Intel Core vPro processor family is

– adapts

if they get lost or stolen. With a

White Paper: The All New 2010 Intel® Core™ vPro™ Processor Family: Intelligence that Adapts to Your Needs

Table of Contents

Executive Summary .........................................................................................3

All-New 2010 Intel® Core™ vPro™ Processor Family . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 4

The way we do business has changed .....................................................................4

New and proven technologies pair up to deliver intelligent performance,

manageability, and security ...............................................................................4

PCs can now be managed as strategic assets ..............................................................5

Spend wisely and recoup costs rapidly . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 5

New in the all new 2010 Intel Core vPro processor family ..................................................5

Key features of the all new 2010 Intel Core vPro processor family ............................................6

What, exactly, is Intel® vPro™ technology? . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 7

Intelligent features to solve key challenges ................................................................7

Manage PCs regardless of power state ....................................................................8

Use an existing management console for both laptop and desktop PCs . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 9

Remote communication – virtually anytime . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 9

Communication outside the corporate firewall ............................................................10

Communicate remotely with wired or wireless PCs . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 10

PC-initiated secure communication .......................................................................10

Robust security schemes for remote communication . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 11

Better protection through smarter security .................................................................11

Intel® Anti-Theft Technology (Intel® AT) ...................................................................12

Hardware-based acceleration for encryption . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 13

Push updates down the wire — regardless of PC power state . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 13

Filter threats and isolate PCs automatically based on IT policy. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 14

Automated, continual checking for agents ................................................................14

Receive alerts even if a system is off the corporate network ..............................................15

Out-of-band management even with 802 1x, Cisco SDN, and Microsoft NAP . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 15

Intel® Trusted Execution Technology (Intel® TXT) . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 15

Faster, easier remote manageability helps reduce costs . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 15

Remote upgrades save IT and user time ..................................................................15

Resolve more problems remotely . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 15

Accurate, remote discovery and inventory for wired or wireless systems ..................................17

KVM Remote Control lowers support costs . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 17

PC Alarm Alock – local wake from any sleep state .........................................................18

Power down at night and save on power bills .............................................................18

Virtualization enables flexible computing models ............................................................19

Usage models . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 19

Virtualization: Virtual containers .........................................................................20

Virtualization: Multiple OSs (traditional model) ............................................................20

Intel® Virtualization Technology (Intel® VT) features . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 21

Intel® VT is compatible with other technologies ...........................................................21

Key benefits of virtualization . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 21

Go mobile – cut costs and improve productivity ..............................................................22

Wireless mobility . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 22

Responsive, energy-efficient intelligent performance . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 23

Energy Star compliance and energy efficient . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 23

Intel® Turbo Boost Technology . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 23

Intel® Hyper-Threading Technology .......................................................................24

Simplify and speed up activation ............................................................................25

General provisioning process .............................................................................25

Methods to establish security credentials . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 25

Activation models . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 25

Ready for the future . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 25

Stable, standards-based, and with broad industry support ...................................................26

Wired or wireless: The intelligence of security and manageability on every chip . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 26

White Paper: The All New 2010 Intel® Core™ vPro™ Processor Family: Intelligence that Adapts to Your Needs

Executive Summary

The all new 2010 Intel® Core™ vPro™ processor family can help businesses by delivering intelligent security; cost-saving remote manageability; and adaptable performance. Smart security with programmable filters can systematically guard against viruses and malicious attacks. Continuous, intelligent polling for the presence of software agents helps ensure full protection from malware and attacks. Advanced features help prevent tampering or disabling of security software. With built-in Intel® Anti-Theft Technology AT), PCs can even disable themselves if they are lost or stolen. And, because data is protected rather than erased, reactivation can be easy when the PC is recovered. Intel AT must be enabled in order to enjoy the benefits of this advanced security technology.

The all new 2010 Intel Core vPro processor family makes it easier to manage systems from a central location. KVM Remote Control (keyboard video mouse) and other built-in capabilities let you remotely configure, diagnose, isolate, and repair an infected PC – even if the OS is unresponsive.

You can also quickly upgrade to Windows* 7 remotely

(Intel®

and overnight – saving on average about 40 minutes per upgrade per machine.

This helps minimize disruptions to your users and makes it easier to retain access to your legacy applications. In order to enjoy the benefits of these intelligent remote manageability capabilities, Intel® vPro™ technology must be activated (see page 25 of this white paper).

Laptops powered by a new Intel Core vPro processor include Intel® Centrino® wireless technology (either WiFi or WiFi with optional WiMAX), and are more energy efficient. These laptop and desktop PCs also include Intel® Turbo Boost Technology Technology

(Intel® HT Technology), which can automatically adapt to

and Intel® Hyper-Threading

each user’s unique needs so users can move faster when multitasking and get more accomplished in less time.

Studies have shown that return on investment (ROI) can be as little as 19 months for PCs based on the a new 2010 Intel® Core™ i5 processor.

For businesses that implement the remote management and security capabilities of a PC with a new 2010 Intel Core i5 vPro processor, positive ROI can be achieved in as little as 9 months.

Lineup of all new 2010 Intel® Core™ processor family and all new 2010 Intel® Core™ vPro™ processor family.

Choose the Intel® Core™ processor that meets your business needs

Intelligent Performance, Security and Manageability

Hardware-assisted smart security, anti-theft technology and cost-saving manageability

Hardware-based KVM Remote Control

Hardware-assisted remote power management

Intelligent Business Performance

Top-of-the-line performance with biggest cache

Hardware-based acceleration of encryption

Increased processor speeds when performance is needed with Intel® Turbo Boost Technology

2,a,b

Intel® Core™ i7 vPro™

Intel® Core™ i5 vPro™

Intel® Core™ i7

Intel® Core™ i5

Intel® Core™ i3

Hardware-assisted virtualization support for running multiple operating systems, such as Windows* XP with Windows* 7

Intelligent performance with Intel® Hyper-Threading Technology6 and Intel® Smart Cache

Energy Efciency with Intel® Intelligent Power Technology

IT must activate Intel® vPro™ technology in order to take advantage of thes e intelligent sec urity and rem ote manageabi lity technol ogies. For mo re informatio n about activ ating Intel vPro te chnology, whi ch includes Intel® AM T and Intel® AT, see page 25 of this whi te paper.

Hardwa re-based K VM Remote Control wo rks on all new 2010 Intel® Core™ i5 vP ro™ processor-b ased PCs that h ave Intel® HD integr ated graphic s, and select al l new 2010 Intel® Core™ i7 vP ro™ processor-b ased PCs that have I ntel® HD integrate d graphics. H ardware-ba sed KVM Remote Co ntrol will not work o n PCs that use dis crete graphic s.

Not app lica ble

Advan ced capability

White Paper: The All New 2010 Intel® Core™ vPro™ Processor Family: Intelligence that Adapts to Your Needs

All New 2010 Intel® Core™ vPro™ Processor Family

Intelligent security, remote manageability, and adaptable performance to help businesses cut costs and improve efficiencies

The way we do business has changed

In today’s global markets, business is increasingly borderless, and mobility is becoming mandatory. The amount of e-mail that corporate users manage each day has also increased dramatically. Video has become mainstream for corporate

communications – the use of video conferencing alone is expected to double from 2007 to 2012. countries around the world are implementing increasingly stringent energy-compliance regulations for PCs. In addition, security threats continue to grow each year. Along with increased purchasing power in emerging markets, these shifts are driving major changes in business models worldwide.

At the same time,

Today’s business challenges include:

• Critical need to become more efficient, reducing costs while still

reaching new customers

• Increased demand for video tools for mainstream communications,

both internal, such as for sales and marketing, and external, for customers

• Exponential increase in security threats, along with a shift from ego-based attacks to economically focused attacks

• Pressure from governments around the world to use PCs that are more environmentally friendly and consume less power

Information Technology (IT) managers face a corresponding set of challenges in managing PCs as strategic assets:

• Support an increasingly mobile workforce.

• Protect networks and assets both inside and outside the

corporate firewall.

• Reduce operating costs for managing and securing PCs.

• Support new, compute-intensive applications and the transition

to Windows* 7.

New and proven technologies pair up to deliver intelligent security, remote manageability, and adaptable performance

Control meets cost savings in laptop and desktop PCs powered by the all new Intel® Core™ vPro™ processor family.

Laptop and desktop PCs with a new Intel Core vPro processor deliver intelligent performance and unique hardware-assisted features that improve security, remote manageability, and energy management.

• New 2010 Intel® Core™ i5 vPro™ processor-based PCs

• New 2010 Intel® Core™ i7 vPro™ processor-based PCs

New features in this new generation of processors include intelligent

security, such as Intel Anti-Theft Technology, and easier manageability – including KVM Remote Control and PC Alarm Clock. Additional new features for adaptable performance include Intel® Turbo Boost Technology, encryption standard – new instructions), to improve performance for encryption and decryption. For example, using Intel AT, you can remotely disable a PC with a “poison pill” that locks down the system after it has been reported lost or stolen.

(hardware-based keyboard video mouse)

as well as AES-NI8 (advanced

Organizations can no longer wait to capitalize on global integration and advanced technology tools. The challenge for IT is to support business goals, managing PCs as strategic assets. To do so, IT organizations need laptop and desktop PCs that are easier to configure, manage, use, and secure.

Access the PC virtually anytime, anywhere

The hardware-based capabilities of the all new 2010 Intel Core vPro processor family are built directly into the PC’s hardware. The capabilities let authorized technicians remotely access PCs that have traditionally been unavailable to the management console. Technicians can now manage the laptop or desktop PC even if PC power is off, the OS is unresponsive, hardware (such as a hard drive) has failed, or management agents are missing. Best of all, technicians can remotely maintain, update, and repair both laptop and desktop PCs that are outside the corporate firewall on an open wired or wireless connection via a secure, protected tunnel.

White Paper: The All New 2010 Intel® Core™ vPro™ Processor Family: Intelligence that Adapts to Your Needs

PCs can now be managed as strategic assets

With the new 2010 Intel Core vPro processors, businesses can significantly cut IT service costs, reduce power bills, increase efficiency, and improve productivity. For example:

• Experience up to 2x faster multitasking

and up to 3.5x faster encryption/decryption of sensitive data on a new Intel® Core™ i5 processor.

• Cut PC maintenance costs by up to 50%.

• Speed up patch saturation by 56%12 and reduce patch deployment

costs by up to 98%.

• Shift more workers to laptops and gain up to 51 more minutes per

user per day in user productivity.

• Reduce energy costs enabled by secure remote power up/down.

Spend wisely and recoup costs rapidly

Less-capable PCs can get bogged down when trying to support the latest OS, such as Windows 7, or the latest application updates. After 3 years, annual PC support costs can exceed the purchase price for a new PC. support than it did in its first year. more likely per year to experience a security incident. PC out of compliance can create an expensive security incident – up to $300,000 or more in costs – but businesses do not always budget for the full cost of a security breach.

Laptop and desktop PCs with a new Intel Core vPro processor can handle the latest multi-threaded OSs, end-user applications and IT software load – including Windows 7, Office* 2007, encryption software, application streaming, and video conferencing. These PCs can also be more easily secured, via intelligent client-side capabilities, as well as through remote security features, such as PC disable via “poison pill” responses. With better remote troubleshooting and problem resolution – through secure console redirection and KVM Remote Control – IT can reduce user downtime, help improve user productivity, keep desk-side visits to a minimum, and help businesses significantly reduce TCO.

In an environment in which businesses have a critical need to spend wisely, this new generation of PCs makes it easier for organizations to manage systems as strategic assets. In fact, studies show that businesses can recoup their investment in as little as 9 months.

Refreshing wisely means keeping TCO at a minimum. Refreshing with PCs with new Intel Core vPro processors can help you achieve a positive ROI rapidly and continuously for years to come.

On average, a 4-year-old PC can cost 59% more to

In addition, 3-year-old PCs are 53%

Worse, a single

New in the all new 2010 Intel Core vPro processor family

The new 2010 Intel Core vPro processors includes powerful new capabilities built into the hardware:

• Intel Anti-Theft Technology (Intel AT), lock down and “brick” the PC if it fails to check in to the central server, or if it fails preboot login based on local, hardware-level preboot/OS IT-defined rules. As part of the lockdown, delete or disable critical elements of encryption keys in order to prevent access to the keys and stored data. Allow rapid reactivation, integrated with existing software vendor preboot login.

• Manageability of PCs with encrypted hard drives – remotely unlock encrypted drives that require pre-boot authentication, even when the OS is inoperable or software agents are missing. Remotely manage data security settings even when PC is powered down.

• AES-NI instructions (Advanced Encryption Standard New Instruc-

which offload from the processor some of the performance

tions). burden of encryption, and file decryption.

• KVM Remote Control,

for wired and wireless PCs with a new Intel Core vPro processor that have integrated Intel® HD Graphics. This feature helps IT remotely resolve the most complex software failures, and eliminates the need to purchase and maintain costly hardware KVM switches in the production environment. KVM Remote Control works for PCs both inside and outside the corporate firewall.

• Fast call for help for wired or wireless systems, even beyond the fire-

Helps users avoid the costly downtime of shipping PCs back to IT

wall. to be fixed. If a PC crashes, a user can phone IT for help and, during the boot process, press a specific key to securely connect the PC to IT for troubleshooting. IT can then take over via remote console redirection or hardware-based KVM Remote Control.

• PC Alarm Clock,

a PC to wake itself from any idle, powered off, or sleep state without a network connection. tasks, such as initiate a secure call to the service center for automated, off-hour services – even if outside the corporate firewall. As with other features, PC Alarm Clock is configured via a management console. However, once the feature is implemented, businesses do not need a management console to access or use the feature in their production environment. PC Alarm Clock works even if there is no network or communication with the PC. For example, the feature allows independent software vendors (ISVs), such as McAfee, to enable IT-scheduled product updates even for businesses that don’t have an IT console.

a new hardware-based feature that works

a new hardware-based feature that lets IT schedule

The PC can then perform scheduled, IT-defined

White Paper: The All New 2010 Intel® Core™ vPro™ Processor Family: Intelligence that Adapts to Your Needs

Key features of the all new 2010 Intel Core vPro processor family

The all new 2010 Intel Core vPro processor family delivers unique and powerful technologies in security, remote manageability, energy management, mobility, virtualization, and performance improvements. Tables 1 and 2 list some of the key features of laptop and desktop PCs with a new Intel Core vPro processor.

Table 1. Laptop and desktop PCs with a new Intel® Core™ vPro™ processor.

Feature Laptop with Intel® Core™ vPro™ processor Desktop PC with Intel® Core™ vPro™ processor

All new 2010 Intel® Core™ vPro™ processor family

Intel® Active Management Technology

(Intel® AMT), release 6.0

Intel® Gigabit network connection

Support for 802.11agn wireless protocols

WiFi and optional WiMAX support, with either Intel® WiMAX/WiFi 6060 2x2 agn, Intel® Centrino® Ultimate-N/Advanced-N 6000 Series 2x2 or 3x3 agn, or Intel® Centrino® Wireless-N 1000 Series 1x2 bgn

Support for 802.1x

Intel® Stable Image Platform Program (Intel® SIPP)

Intel® Core™ i5 vPro™ processor and Intel® Core™ i7 vPro™ processor with Intel® QM57 or QS57 Express Chipsets

Intel® 82567LM-3 Intel® 82566DM

Intel® Core™ i5 vPro™ processor and Intel® Core™ i7 vPro™ processor with Intel® Q57 Express Chipset

N/A

Table 2. All new 2010 Intel® Core™ processor family and all new 2010 Intel® Core™ vPro™ processor family.

Features for... Description

Intelligent Performance, Security and Manageability

Hardware-assisted smart security, technology and cost-saving manageability

Hardware-assisted remote power management

Hardware-based KVM Remote Control

anti-theft

a,b,2

Intel® Core™ i7 vPro™

Intel® Core™ i5 vPro™ Intel® Core™ i7 Intel® Core™ i5 Intel® Core™ i3

Intel® Virtualization Technology9 (Intel® VT) including Intel® VT for Directed I/O, and support for OS and application streaming

Intel® Trusted Execution Technology19 (Intel® TXT)

Support for Cisco Self-Defending Network* (Cisco SDN*), Microsoft Network Access Protection* (NAP),

and PXE (preexecution environment)

Intelligent Business Performance

Hardware-based acceleration of encryption

Intel® Turbo Boost Technology3

Intel® Smart Cache Technology and new L3 cache Up to

8 MB L3

Up to

4 MB L3

Up to

8 MB L3

Up to

4 MB L3

Number of processor cores 2 to 4 cores 2 cores 2 to 4 cores 2 cores 2 cores

Intel® Hyper-Threading Technology

Support for Operating System Requirements

64-bit enabled

Windows* 7 ready

Hardware-assisted virtualization for Windows* XP in Windows* 7

Intel integrated graphics support of 64-bit graphics, including Windows 7 Aero interface

Execute Disable Bit

IT must activate Intel® vPro™ technology in order to take advantage of thes e intelligent sec urity and rem ote manageabi lity technol ogies. For mo re informatio n about activ ating Intel vPro te chnology, which in cludes Intel® A MT and Intel® AT, see page 25 of this wh ite paper.

Hardware-based KVM Remote Control is available on Intel® Core™ i5 vPro™ and Intel® Core™ i7 vPro™ processors that have Intel integrated graphics.

Hardware-assisted Intel® Virtualization Technology (Intel® VT) can signicantly improve performance for users running a legacy OS (for example, Windows* XP) in Windows 7.

Some new Intel Core processors do not include integrated graphics. Some allow for discrete graphic cards.

4 to 8 threads 4 threads 4 to 8 threads 4 threads 4 threads

Up to

4 MB L3

White Paper: The All New 2010 Intel® Core™ vPro™ Processor Family: Intelligence that Adapts to Your Needs

What, exactly, is Intel® vPro™ technology?

Intel® vPro™ technology is a set of IT capabilities – manageability, security, power management – embedded into the hardware of all new 2010 Intel Core vPro processor family-based PCs. Because the capabilities are built into the hardware, they are available virtually anytime, even if the OS is inoperable, PC power is off, or the hard drive has failed.

• Intelligent security. Disable a PC and/or disable access to the data even if the PC is already lost or stolen. Encrypted PCs are also fully manageable if PC power is off, the OS is unavailable, or the hard drive has failed.

Intel vPro technology takes advantage of an intelligent processor, chipset, and networking silicon features, along with protected flash memory. When combined with existing independent software vendor (ISV) consoles that support Intel vPro technology, Intel vPro technology can deliver a comprehensive, tamper-resistant solution for security and manageability.

A key benefit of being embedded in hardware is that the capabilities are less susceptible to the problems that typically affect an OS, applications or hard drive. For example, because Intel vPro technology is designed into PC hardware, it is resistant to tampering, boot issues, and other problems that can affect an OS and/or security applications.

• Expanded management capabilities. Remotely access, control, and manage client PCs “as if you were there” with hardware-based KVM Remote Control. Save power and keep up with compliance by scheduling PCs to wake from off to run local tasks according to policy.

Intelligent features to solve key challenges

The all new 2010 Intel Core vPro processor family can provide a comprehensive solution to manageability and security challenges.

• Improved power management and rapid ROI. Realize rapid ROI simply by implementing better power management enabled by Intel vPro technology.

Table 3. Key IT challenges and solutions addressed with a new 2010 Intel® Core™ vPro™ processor-based PC.

Challenge Solution

PCs unmanageable when powered down

Unsecured communications with PCs

Spiraling and costly deskside visits

Protect assets from software-based attacks

Thwart thieves – secure assets and data even if the PC is lost or stolen

Lack of conguration compliance

Costly and time-consuming manual inventories

Undiscoverable assets

Reimage systems without a deskside visit

Remotely and securely monitor and manage PCs anytime:

• Access the PC even if PC power is off, the OS is unresponsive, management agents are missing, or hardware (such as a hard drive) has failed.

• Access critical system information (asset information, event logs, BIOS information, etc.) virtually anytime, even if PC power is off, to identify systems that need maintenance or service.

• Remotely and securely power up PCs for maintenance and service, initiated by the service center.

• PC Alarm Clock, in which client-side intelligence performs a scheduled wake from any powered off or sleep states, so

the PC itself can call in and initiate a maintenance, security or other task off-hours.

More securely communicate with laptop and desktop PCs both inside or outside the corporate rewall:

• Secure, remote communication inside the rewall.

• Secure, remote communication outside the rewall, on an open wired or wireless LAN.

Signicantly reduce deskside visits with:

• Remote remediation, even if management agents are missing or the OS is unresponsive.

• Remote problem resolution, even if the OS is unresponsive or hardware (such as a hard drive) has failed.

• KVM Remote Control

more effectively from a remote location.

Protect assets better:

• Remotely power up PCs anytime to help ensure more complete saturation for patching and other updates.

• Built-in, programmable system defense lters and agent-presence checking for automated, hardware-based

protection against viruses and attacks.

Disable or “brick” a PC and/or protect its data virtually anytime:

• Poison-pill to “brick” a lost or stolen PC; data is not destroyed or lost in the process, and reactivation is rapid, simply by entering an authentication token.

• Remote notication via a 3G modem in a cell phone, to ag a system that might be in the process of being stolen.

• Built-in, programmable triggers and responses to protect data and the PC after loss or theft of the system.

• Intelligent, policy-based PC-side timers that trigger a lockdown if the user has not logged in before timer expiry.

Ensure compliance:

• Remote inventory and agent presence checking as a hardware-based, automated, policy-based service.

Eliminate virtually all manual inventories:

• Accurate, remote asset inventories, even if PCs are powered off or management agents are missing.

Discover virtually all PCs:

• Persistent device ID available anytime, even if PC power is off, the OS has been rebuilt, hardware or software conguration has changed, or the hard drive has been reimaged.

Reduce deskside visits, speed up remote deployment, and minimize user interruptions:

• Remotely reimage systems even if PC power is off at the start of the upgrade cycle.

to help resolve complex issues, so you can see exactly what the user sees, and repair the PC

Table 3 provides an overview of some of the features of these new processors. New features and some of the more critical proven technologies are described in detail later in this paper.

White Paper: The All New 2010 Intel® Core™ vPro™ Processor Family: Intelligence that Adapts to Your Needs

Manage PCs regardless of power state

PCs based on the all new 2010 Intel Core vPro processor family are designed to give IT technicians greater remote visibility into and access to the system in both wired and wireless states, as described in Table 4. When managing PCs with the all new 2010 Intel Core vPro processor family, technicians can remotely power up a PC almost anytime. (In order to prevent unexpected battery use in laptops, remote power-up is not applicable to the battery-powered, wireless sleep state.) Technicians can also reboot the PC, use secure console redirection and KVM Remote

Control, and use other critical maintenance and management capabilities of a new 2010 Intel Core vPro processor for wired or wireless PCs. PCs can even perform their own local, scheduled wake from any powered-off state without a network connection. The PC can then call into a central server for updates, maintenance, and other off-hours tasks.

With the ability to remotely manage PCs regardless of power state, IT can streamline more work and implement more automation. In turn, this helps business minimize user downtime, reduce IT service costs, and realize a rapid ROI.

Table 4. Capability matrix for PCs with new 2010 Intel® Core™ vPro™ processors.

Use Cases

Works with wired

PC-initiated secure

Usages

communication outside

corporate rewall

AC-powered wired or wireless

laptop or wired desktop

AWAKE,

OS WORK ING

PROPERLY

AWAKE, BUT OS

UNRESPONSIVE

ASLEEP (Sx)

Battery-powered

wired or wireless laptop

AWAKE,

OS WORKING

PROPERLY

AWAKE, BUT OS

UNRESPONSIVE

ASLEEP (Sx)

IT remotely powers PC down, then

Remote power up/power cycle

up again to reset to clean state (or powers up PC for servicing). Use power management to

YES YES

YES

N/A

reduce energy costs.

Power up PCs during off hours

Remote software update

for software updates. Also clientinitiated scheduled wake for

YES YES

YES

N/A

update.

Agent presence checking and alerting

System isolation and recovery

Ensure critical applications are

running, and be quickly notied

when they miss a check in.

Automated or manual policy-based protection against virus outbreaks.

YES

YES YES

YES

N/A

YES

N/A YES

YES

N/A

Identify and prevent unauthorized access to encrypted data, or disable

Protection for data if a laptop is lost or stolen

the laptop remotely or via client-side intelligence if it is lost or stolen. Upon lock-down, disable or delete

N/A

YES

for laptops

YES

for laptops

N/A

YES

for laptops

YES

for laptops

N/A

access to encryption keys. Rapid reactivation if laptop is returned.

Diagnose and repair problems

Remote diagnosis and repair

remotely via out-of-band event log, remote/redirected boot, console redirection, KVM Remote

Control,

and preboot access to

YES YES

YES

YES YES

YES

N/A

BIOS settings.

Remote hardware and/or software asset tracking

Requires WPA or WPA2/802.11i security and Controller Link 1 for wireless operation when the user OS is down.

Also available when using host OS-based VPN.

Take a hardware or software inventory regardless of OS state or power state.

YES

YES YES

YES

N/A

White Paper: The All New 2010 Intel® Core™ vPro™ Processor Family: Intelligence that Adapts to Your Needs

Intel®

network

adapter

In-band communication

goes th roug h the sof tware stack i n the OS, and Is se cured via OS features a nd sof twar e-

based security applications

A new 2010 Intel® Core™ vPro™ processor uses an out-of-band

communication channel to communicate with the IT console

Out-of-band communication

tunne l sits “ below ” the OS and

appli catio ns, goes thro ugh th e

TCP/IP ﬁr mware stack, and is

secured with hardware-based

TLS en cryption

IT console

Internet

In-band communication Out-of-band communication

System memory

RAM

OS and applications

Software stack

Isolated,

tamper-resistant memory

Firmware

Intel® chipset

Hard dr ive and m emor y with O S and applications – “ In-band” c ommu nicat ion

Mothe rboa rd – Communic ation b elow the OS (out- of-ban d)

Intel® processor

Intel® AMT

nonvolatile

memory

BIOS

New 2010

Intel® Core™

vPro™ Processor

TCP/IP

ﬁrmware stack

Use an existing management console for both laptop and desktop PCs

PCs with a new 2010 Intel Core vPro processor can use the same management console and communication mechanisms as other PCs. You can manage both laptop and desktop PCs with a new Intel Core vPro processor from the same IT console.

Leading management software companies such as HP, LANDesk,

Microsoft, and Symantec have optimized their software to take advantage of the intelligent capabilities of a new 2010 Intel Core vPro processor. For small businesses with less than 500 PCs, IT administrators can turn to

management software such as N-able Technologies’ N-central* to take

advantage of a new 2010 Intel Core vPro processor.

These vendors support both previous and current versions of Intel vPro technology. IT administrators who have already deployed PCs with Intel vPro technology do not have to change their management console to use PCs with a new 2010 Intel Core vPro processor. Ask your management-console vendor about specific implementation schedules and support for the new hardware-based security and remote-management capabilities for both laptop and desktop PCs.

Remote communication – virtually anytime

Software-only management applications are usually installed at the same level as the OS (see Figure 1). This leaves their management agents vulnerable to tampering. Communication privacy is also an issue in today’s PCs because the in-band, software-based communication channel they use is not secure.

In contrast, the all new 2010 Intel Core vPro processor family delivers both “readily-available” (out-of-band) remote communication built into the PC, as well as robust security technologies. These security technologies help ensure that the powerful capabilities of Intel vPro technology, as well as your stored information, are better protected.

The communication channel used by Intel vPro technology runs “under” or outside the OS (see Figure 1). This out-of-band (OOB) channel is based on the TCP/IP firmware stack designed into PC hardware, and does not use the software stack in the OS. The channel allows critical system communication (such as alerting) and operations (such as agent presence checking, remote booting, and console redirection) to continue more securely virtually anytime, even if OS, applications, or hard drive have failed.

Figure 1. Out-of-band communication. Secure communication channel runs “under” or outside the OS regardless of the health of the operating system or the power state of the PC, even if the PC’s hard drive is removed.

+ 19 hidden pages