Sponsored The Intel vPro® platform has been around for over a decade as the company’s official branding for business-grade laptops and desktops, combining specific technologies and enhancements that differentiate vPro platforms from those that may have comparable specifications but are otherwise essentially consumer hardware.
Since its introduction, the vPro platform – tagline ‘Built for Business’ – has evolved from an early focus on helping IT to effectively manage systems into a comprehensive suite that enhances performance and the end user experience, delivers greater manageability, strengthens security and provides greater stability of the platform for corporate buyers.
Today, the vPro platform is addressing the new challenges that organisations face.
As demonstrated by the COVID-19 working from home phenomenon, there's explosive demand for IT services caused by new security threats and changes imposed by an increasingly distributed workforce.
“What we're trying to achieve overall with the Built for Business terminology is, we're trying to look at these competing forces, we're looking at what is required and building those capabilities into the modern vPro® platform that service their needs,” says Jeff Kilford, Client Compute Group UK Director at Intel.
Ensuring a clean start
The vPro platform starts with the threat of systems being compromised somewhere along the supply chain, perhaps with malware or spyware being pre-loaded. This is becoming an issue of concern for more corporate customers, according to Intel.
“We always knew there were going to be BIOS level and firmware level attacks, that we would see a transition from kids with torrent clients to criminal organisations going after what is the new gold, which is data. These criminals are very well funded, and they potentially have access to fabrication capabilities. So a couple of years ago, we put on the roadmap the intention to guarantee authenticity of device delivery,” says Kilford.
The outcome is the Intel® Transparent Supply Chain, which gives customers visibility and traceability of systems and the components and firmware inside, so they can be assured it is genuine and has not been tampered with.
“What this allows the IT professional to do is to purchase a device for delivery to employees at home. When that device arrives, you can run the serial number against our cloud service, and as long as the hardware, firmware and overall system is as expected, the device will get a certificate showing the system has been verified,” Kilford says.
Employees working remotely or from home still need IT support, and this is where Intel® Active Management Technology (Intel® AMT) comes into the frame. This is one of the original vPro platform features, and provides remote management capabilities built into the hardware at the silicon level, so that an IT admin can reach into a system and fix any issues, even if the operating system is missing or will not start.
Intel® AMT was originally designed for wired management on a LAN, but it has been modernised with a new capability dubbed Intel® Endpoint Management Assistant (Intel® EMA) and can now be managed over wireless. This provides a cloud-based point of control for managing endpoint devices wherever they are inside or outside the corporate firewall.
Intel® EMA allows an endpoint device to call home via the cloud-based service, so that it can be reached by the IT team. This means a new device sent to a remote site or an employee’s home can easily be on-boarded and provisioned with applications and new software patches and updates.
The vPro platform incorporates security capabilities built into the hardware to help combat threats, not just by detecting them but also by preventing them from getting a foothold.
This includes Intel® Hardware Shield, which protects against attacks such as the Lojax vulnerability, uncovered a couple of years ago, that target the low-level firmware layer of the system. It achieves this by launching the operating system into a hardware–secured code environment that is inaccessible to the firmware.
“Lojax was really the first widespread BIOS level attack, which is very difficult to gauge the spread of, because unless you've got the vPro platform, you may not be able to detect it, because security software typically sits above the operating system,” explains Kilford.
“Back then, vPro platforms detected something had been compromised at the BIOS level and wouldn't allow it to boot and spread. We didn’t know it was specifically Lojax at the time, but thanks to vPro this insidious attack could be contained” he added.
Since then, the vPro platform has added a suite of security features known as Intel® Threat Detection Technology (Intel® TDT). This includes Accelerated Memory Scanning (AMS), which offloads the work of scanning memory for malware from the Intel CPU to its integrated graphics processor, which is largely idle when users are running everyday productivity applications, so that it does not interrupt or slow the user’s work.
Intel® TDT also includes machine learning heuristics, so it can learn over time what normal behaviour looks like. And when it sees something that's abnormal, it can lock it out so it can't spread.
Better user experience
The latest vPro platform boosts overall performance in other areas, including connectivity. The new vPro platform come with integrated support for Wi-Fi 6, the latest wireless network standard that is faster and provides better performance even in highly congested areas. This which should enable organisations to scale back the number of access points around their sites if they upgrade to Wi-Fi 6.
“What we typically see with Wi-Fi 6 is, you can you can go further away from the access point and have stronger signal strength, there are fewer dead zones by virtue of allowing more devices to connect to each access point,” Kilford says.
Another connectivity feature that Kilford highlights is Thunderbolt, a high-speed interface that delivers data, video, and power through a single cable, making it perfect for mobile workers that need to plug into a dock to connect their keyboard, screen, mouse and wired LAN connection while working at a desk. It may be not be as big a feature as remote management, but the convenience this offers is another area where the vPro platform makes for a better user experience, according to Kilford.
Performance is also given a boost through support for Intel® Optane™ Memory, which can be fitted as an M.2 module into systems. Optane™ Memory can be used to cache an SSD or even a traditional hard drive to improve performance, using Intel® Rapid Storage Technology to automatically move the most frequently used applications and data into Optane™ Memory for speedy access.
“This is where a premium mobile computing experience defined by Project Athena (a vPro platform can also be Project Athena compliant if it meets the specification) comes in, so we specify that when you lift the lid of your laptop device, you must be at the logon prompt in less than a second. Optane™ solution on board can really help with that, says Kilford.
Intel® vPro platform capabilities are all predicated on the four pillars of performance, stability, security and manageability, and designed to work together harmoniously to meet the end user compute requirements of organisations and their workers, and to reduce the total cost of ownership of devices.
This is quantified in a study by Forrester Research, which estimates that a mid-size company with 750 desktops and laptops could expect to see reduced security support and management costs of up to $1.2m from effective use of the vPro platform.
The effect on employee productivity was a saving of an estimated 28,160 hours due to a reduction in workers making support calls, while they also spent less time waiting for issues to be resolved.
Finally, Kilford recommends companies to adopt a pro-active process of modernising their IT equipment, to ensure it is capable of meeting the demands of emerging workloads and the challenges of new security threats.
“If IT organisations are legislating for the workloads of today, it can be a bit of a trap if they are purchasing devices that can only just adequately run it, because you don’t know what the workload is going to be two years hence,” he says.
“If they don't have some way of getting new technology on a rolling refresh cycle, reliably adopting the new technologies, actively retiring older devices because of the risks associated with those from an attack surface perspective, then they're risking falling behind as the pace of change is only going to make it harder and harder to keep up in future.”
Sponsored by Intel