Intel vPro Chipset Lures MSPs, System Builders


Managed service providers, system administrators and system builders have discovered a common interest -- getting Intel's deep-drilling vPro and cPro platforms into the desktops and laptops they manage and sell.

The vPro platform, rolled out last September, was built to allow remote management of systems below the operating system. It includes a Core 2 Duo processor, the business-optimized Q965 chipset, Intel gigabit network processors, and Intel Active Management and Virtualization technology. With a vPro platform installed, authorized administrators can get into a desktop to manage it even if it's powered down. The cPro platform, launched this past May, does the same with Intel Centrino technology for laptops.

The latest version of the vPro board, code-named "Weybridge," was released Monday. It features beefed-up security and new virtualization capabilities in a package that includes a Core 2 Duo processor, the Q35 Express chip set and the 82566DM gigabit network interface connector. On the "Green IT" front, Intel claims improved energy performance for the vPro 2007 to the tune of 30 percent for CPU max power and 60 percent for idle power, and 55 percent for both chipset max and idle power.

Meanwhile, an Intel spokesperson confirmed last Friday that a major rebranding of the chipmaker's products in 2008 will include changing vPro's naming conventions for the laptop edition from "Centrino Pro" or "cPro" to "vPro for Centrino."

The two platforms are tailor-made for MSPs and an opportunity for system builders to add managed services to their offering, says Mike Ferron-Jones, Intel's director of marketing in the Digital Office Platform Division.

"Selling hardware is a tough business for resellers. So the real opportunity is to be able to provide managed services to customers. But rolling trucks kills your business in that managed services space. Until vPro, remote control only worked as long as a box was powered up and the OS was running," he says.

Security concerns with older remote boot-up mechanisms like enabling Wake-on-LAN and AMD's work with Magic Packet are addressed with the vPro and cPro Active Management protocols, Ferron-Jones says.

"All of the older methods suffer from security issues, where a rogue console can use these mechanisms to wake a system. But with Active Management, you're using an encrypted channel to do wake-ups and remote control sessions," he says.

The new vPro board released Monday further tightens security. The remote-wake mechanism for powering up a system still features 128-bit TLS encryption and strong authentication to prevent malicious entry via malware into a system under the OS, while adding stronger network security and protection of virtualized software from rootkit attacks.

Ottawa-based software vendor Level Platforms added vPro-integrated features to its MSP platform, Managed Workplace, last December. Level CEO Peter Sandiford is an evangelist for the technology.

"We see it as a fantastic opportunity to improve managed services. It allows you fundamentally to offer a whole layer of systems management below the OS level. For anyone who's a managed service provider, they will want all of their desktops to be vPro. Even though it costs more money, it'll ROI many times over," Sandiford says.

Like Ferron-Jones, Sandiford thinks the technology should push system builders to develop a managed services profile. But he expects the opposite effect to be visible, too, with so-called "pure-play" MSPs encouraged to start building out vPro-based hardware.

"My view is that all MSPs will want to sell vPro. And for system builders it's also a great opportunity to create significant differentiation by selling vPro systems and to get a jump into managed services themselves," Sandiford says.

System builders like Maple Tronics and US itek have taken advantage of vPro hardware to make the transition to offering managed services, despite some lag time in development of third-party software that takes full advantage of the deep-drilling platform.

"A lot of the feature sets are there and they're great, but we're kind of at the mercy of the third-party software developers. It's looking very promising, we just wish the software vendors and Intel would bridge the gap a little quicker. For business-class machines, we'll continue to sell vPro boards so that we'll be ready for when all the features are supported," says Bret Stahly, COO of Goshen, Ind.-based Maple Tronics.

Stahly looks forward to building the new version of vPro into Maple Tronics product as well.

"Security was tightened down on it. With health care and all the HIPAA compliance, that's going to be pretty valuable," he says.

US itek, a Kenmore, N.Y.-based system builder, is already seeing better efficiency in the recently-built managed services side of the house, says president David Stinner.

"VPro streamlines the way I do remote support," he says.

Brent Goodfellow, a managing partner at One Tech, says the Level Platforms integration of vPro proved itself in a pilot program that the Hillsboro, Ore.-based MSP and systems integrator ran for a networked health care provider with multiple locations.

"The customer was a group of 25 medical doctors and an equal number of administration and support staff at a main location and three branch offices. A good number of their PCs are in call rooms, or otherwise behind very secure areas. So it's difficult for our technicians to get in there. We need to call ahead and schedule access cards," says Goodfellow.

"VPro really helps. If a doctor inadvertently turns a machine off, the Level integration and the chipset gives us the power to power-on remotely. It was awesome. Before, someone had to make a special trip to get that done."

Meanwhile, software vendor LANDesk and notebook maker Lenovo are teaming up with Intel on building a software/hardware mix to take advantage of the cPro platform. The three vendors have combined efforts on creating a mobile IT environment based on building the cPro platform into the Lenovo ThinkPad T61 notebook, with integrated management via LANDesk Management Solutions software.

The vendors demoed the basics of the environment a few weeks ago at Intel's campus in Santa Clara, Calif. LANDesk VP of Product Marketing Steve Workman demonstrated some of the deep core capabilities of the Management Solutions integration to ChannelWeb, including the Remote Boot Manager, which can boot from CD/DVD, the local hard drive, PXE and IDE-redirect. Additionally, with the LANDesk software, a systems administrator can remotely enter the BIOS and do BIOS changes, and under a policy called "KILLNIX," the administrator can manually or automatically stop all traffic on a desktop or notebook except for LANDesk and cPro or vPro traffic.

"So, for example, a denial of service automatically gets isolated and blocked. It hits down at the chip and the chip changes the FTP policy to 'KILLNIX.' The [desktop or notebook] user can't change this, because it's down in the core," says Workman.

"And under the AMT Agent Presence configuration, if a user, say, shuts off the virus checker on their notebook, the administrator is notified in 30 seconds. In LANDesk, we can add a function that automatically isolates the user system from the network when that virus checker is shut off."