The first generation of vPro-branded PCs -- computers designed to be easy to manage and less susceptible to network attacks -- went on sale in 2006. vPro, along with Centrino for mobile PCs and Viiv for home entertainment PCs, is a "platform" brand Intel uses to cover product bundles including processors, chipsets and network technology.
Not all PCs businesses buy are vPro models, but most corporate pilot projects lead to more widespread use, said Mike Ferron-Jones, director of Intel's digital office platform marketing. "We're positioning vPro as a step above your ordinary business PC," he said.
One major feature in the second-generation vPro, code-named Weybridge, is a security technology code-named LaGrande Technology (LT) and now formally bearing the name Trusted Execution Technology (TXT). Intel began touting LaGrande in 2002.
Security is a major issue for administrators at large corporations who have had to reckon with worms and viruses that would spread like wildfire from one computer to another. Such attacks have died down since the years of LaGrande's inception, though some risk remains. LaGrande can help curtail other security risks as well, Ferron-Jones said.
TXT has three components, Ferron-Jones said. First, it stores the digital fingerprints of software in a protected region called the trusted platform module; every time the software is run, it checks to make sure the software still matches that fingerprint to see that it hasn't been compromised. Second, it walls off an application's memory so that other applications, operating systems or hardware can't change it. And third, if an application crashes or is crashed, TXT scrubs its data from memory and chip caches so attack software can't snoop for residual data.
Another security feature is a new version of Intel Active Management Technology that can nip worm propagation in the bud. The current vPro systems must be programmed by a third party, but Intel will build into the second version some basic abilities to detect suspicious network traffic so that potentially infected PCs can be isolated from corporate networks, Ferron-Jones said.
"Every customer who buys the Weybridge platform will be able to get a baseline of filtering," he said.
Another new feature in the Weybridge version of vPro will be support for two new remote management standards, one called Web Services Management and another from a committee called the Desktop Mobile Working Group.
Weybridge will debut in desktop PCs in the second half of 2007. For mobile PCs, the first-generation vPro will arrive in Intel's "Santa Rosa" version of Centrino in the second quarter of 2007, and the second-generation will arrive in 2008, Ferron-Jones said.
Below is my comment to C/Net of a few days ago - the story is from C/Net.
Intel LaGrande - grand or shrunk?
Reader post by: caelli
Posted on: March 15, 2007, 8:55 PM PDT
Story: Intel touts security with second-gen VPro PCs
The LaGrande article makes some claims as did the original 2002 Intel announcement (See C/Net article referenced in this article). BUT --- and BUT again -- that whole LaGrande technology, was clearly linked at the time with Microsoft's "Palladium" (later NGSCB) scheme for security. What this involved, and IT WAS SEEN AS CRUCIAL AT THE TIME, was a new protection "ring" structure for the Intel Pentium, the so-called "Ring -0". Coupled with what Microsoft then called its "Nexus" trusted sub-operating system scheme, this whole package was to provide high trust in the vital CHANNELS between the parts of the PC, e.g. the keyboard, mouse, smart card reader/writer, screen, etc. And it was to be intimately connected to that Trusted Platform Alliance (now Trusted Platform Group) TPM (Trusted Platform Module) chip and supporting software/firmware.
Of course all this, in principle, just would NOT be needed if the original MULTICS based security design of Intel's IA32, 4-ring, segmented and capability enforcing memory, structure had been used and maintained for a secure/high trust OS base (such as the GEMSOS system!!! It wasn't - and that is history as the riskier RISC 2-state machine philosophy of the late 1980s took hold (MS Windows'NT, LINUX, etc)
So - C/Net News / ZDNetAU - help - just WHAT HAS INTEL ANNOUNCED? Is this the "LaGrande" of 2002/3? Are there now 5 protection rings? Does Intel offer a new "NEXUS" style security enforcing sub-system? How on earth does all this fit with a dual core (32/64bit) structure? How does it all work in a pure 64bit sturcture (Itanium style, etc.)? How does it all work if the segmentation/protection ring structures of the IA32 bit architecture are actually activated as per work done at SUNY, New York USA with high trust for LINUX?
Great article but - wow - what question it raises!!
Intel / ZDNet- give us the full details - "where's the beef?"
Bill Caelli