Intel's vPro biz chips cross Sandy Bridge
Desktops and laptops now, workstations soon
Updated The vPro line of Core chips for business-class desktop PCs launched today, and Intel is working on extending vPro to upcoming laptops and workstations, too.
The vPro iterations of Intel's Core family of processors have extra goodies that businesses will pay a premium for, such as enhanced security features. Intel also hopes that PC makers will adopt vPro versions of its chips to create a common platform on which selected software can be certified to run more easily, such as last year's introduction of the bare-metal XenClient hypervisor created by Citrix Systems, which is only available on vPro machines that have Intel's VT-x virtualization electronics baked in.
The new chips, technically known as the 2nd Generation Intel Core vPro processor family, are variants of the "Sandy Bridge" Core processors that Intel debuted at the Consumer Electronics Show in Las Vegas in early January to kick the new year off.
These Sandy Bridge laptop and desktop chips, which among other things include integrated Intel HD graphics as well as Advanced Vector Extensions (AVX) number-crunching and TurboBoost 2.0 clock scaling, are the ones that were affected by a SATA port bug in the "Cougar Point" chipset, which Intel has subsequently redesigned and re-shipped. The secret sauce that makes a vPro Core chip different from a regular Core chip is woven into both the processor and chipset and activated - for a premium of course - by Intel.
The Intel announcement doesn't actually talk about what vPro 2nd Gen Core chips were announced today, but El Reg has sussed it out. Take a look at this monster vPro desktop processor table on the Intel site. In this table, the first Core i7 desktop processor, the i7-2600, is one of the vPro Sandy Bridge chips. So are the first three in the Core i5 desktop processor family, the i5-2500, i5-2400S, and the i5-2400. So that is four new vPro-capable chips for desktops.
The bottom of the Intel announcement compares the performance of an i5-2520M to an old Core 2 Duo T2750 chip, but the vPro table has not been updated to show that the i5-2520M is vPro enabled or to show any other mobile chips in the Sandy Bridge family being vPro, either. After this story went to press, Intel UK got back to us and helpfully provided this link, which shows the feeds and speeds of the 2nd Generation Core chips, showing which ones support vPro and which ones don't.
With the new vPro Core chips and related chipsets, Intel is cooking in a few more technologies that were not available in prior vPro setups. This includes the Anti-Theft Technology 3.0 "poison pill" and GPS capability, which enforces data encryption software authentication when a PC comes back from a nap and isn't where an end user expects it to be.
With AT 2.0, which was in prior vPro chips, system admins could send a poison pill over an Internet-connected notebook or desktop if it was stolen; once the thief logs onto the Internet, the machine is disabled. With AT 3.0, now that kill command can be sent as an SMS message over an encrypted 3G cell phone network.
Once a machine is retrieved, it can be reanimated with a similar SMS message. The GPS feature allows for admins to see where a missing PC is based on signals from the cell network. (This is not satellite-based GPS.)
The AT 3.0 feature that is part of the new vPro chips can also force a machine that has been stolen to require an encryption login rather than the normal user name and password. The chips also have a little something called Identity Protection Technology, which aims to cut down on phishing attacks on corporate end users who pay the vPro premium.
With the IPT features, the vPro box generates a six-digit numerical password that is used in conjunction with passwords to harden two-factor authentication to access the machine. (You can find out more about IPT here.) All Sandy Bridge Core chips, vPro or not, have the IPT feature.
KVM in a chip.
Nice. Though not very scriptable. Sometimes it really is simpler to glue (electrically, sheesh) a serial port on and make sure the bios is workable over that, perhaps using the old trusty CLI, like how openboot does it. Expect scripts instead of paying a PFY to click on things remotely.
Now that we have that anyway and no longer get serial ports, can I use this the other way around too then, dual-use the laptop as a kvm for servers even if they don't have kvm goodies baked into the chip? No? How disappointing.
Sinds GPS generally stands for a particular satellite based positioning system and is actually global whereas mobile infrastructure based location divining isn't*, could we perhaps not confuse "GPS" with cellular positioning systems? CPS, CNPS, MPS, MNPS, you name it. Just not GPS because it's neither global nor using the GPSystem.
* It doesn't work at sea, for one. Yes, if your laptop gets lost at sea trying to turn it off by SMS message is probably fairly futile anyway. I am nitpicking about the use of the term GPS though, not about texting at sea.
I'm sorry Dave. I can't allow that
I see that you are in Iran.
(Dave has just powered on his laptop and connected it to the Cabin WiFi. He's flying from Germany to India.)
The Microsoft & Intel have decreed that this device cannot be used inside Iran. The CPU, Memory and the Hard Disk will self destruct in 5 seconds.
Thank you for buying Microsoft Windows and Intel. Designed to keep your data out of the hands of those pesky Iranians. Have a nice day.
I couldn't resist this one.