Keeping abreast of the new trends is important for any industry. In the IT space in particular, there is no shortage of new ideas and features that promise to deliver lower costs, competitive advantage, the list goes on. So I guess the trick is to be able to separate the hype from the reality, to look beyond the "coolness" factor and try to understand what the practical application might be.
Strictly speaking, Intel® vPro™ is not new, it's been around for a couple of years and is currently on its third revision. For those not familiar with its benefits, you can get a good overview on the Intel web site. But why am I evangelizing it here? Well let me tell you.
At the heart of Intel® vPro™ technology is Intel® Active Management Technology (Intel® AMT). Intel AMT embeds a Manageability Engine (ME) that provides a robust and reliable protocol for remote manageability regardless of the operating system (with some exceptions such as Mac OS) or of the OS state. Put simply: You can manage vPro systems remotely, even if the OS is shut down or even corrupted.
Naturally though, any technology used to enhance the manageability of a device is useless without a management platform to exercise it to its full potential. Here are some of the features of Intel® vPro™ technology and benefits when combined with a remote monitoring and management platform.
- Platform and Hardware Inventory Discovery – Regardless of power on/off state or OS state, the management platform is able to detect and discover any device that has a power and LAN connection. So in the case where desktops are shutdown by users at night (or on weekends/vacation) it won't leave you as a service provider wondering if the device has mysteriously disappeared when your run your periodic inventory scans. Future support by software/OS vendors will also make software inventory discovery and license management possible by publishing updates to AMT's non-volatile storage (NVRAM).
- System Defense – If malicious/suspicious behavior is detected originating from a vPro-enabled desktop the system can be “isolated” from the local network by cutting off its network connectivity in order to minimize any damage or disruption that the malicious behavior could cause. The exception to the isolation policy would be that inbound access from a remote management platform can be left open as a "back door" which would be used by the service provider in order to take steps to fix the problem. Once the problem is resolved, network connectivity can be restored.
- Remote Console Access – The ability to take remote control of a system is a "must have" in terms of the capabilities that a service provider uses. The problem with current solutions is that they rely on client side applications that run on top of the OS. But what about a situation where the OS is corrupted or doesn't boot at all? AMT's Serial-over-LAN (or what I like to call Serial-over-Internet when used with a remote management platform) can be leveraged to view the console and interact with it as the system boots before the OS attempts to load. In this case, you can access the BIOS, modify settings and troubleshoot the boot sequence as if you were sitting in front of the system. Furthermore, with another feature called IDE-Redirection, the system can be booted to the OS level from a known good image served from a remote system so that additional troubleshooting can occur.
As the head of a development organization that builds a remote management platform, I'm always on the lookout for new technologies that can enhance the remote management features that we provide to our users. In terms of rounding out our platform capabilities, Intel® vPro™ technology goes a long way.