Intel ® vPro™ Technology

Download Report

Transcript Intel ® vPro™ Technology

Webinar Calendar for Q3 ’09
Topic
Agenda/Content
Prerequisite
(Click on links in
presentation
mode)
Introduction to Intel®
vPro™ Technology
What is Intel® vPro™
Technology
Use Cases
None
Time &
Registration Link
August 19, 2009
8:00 AM to 9:30 AM
PDT
ROI Benefits/Case Studies
Demo
Register Here
Lower your IT
manageability costs
with Intel® vPro™
Technology and
Symantec* Altiris
CMS
Overview
vPro Overview
September 2, 2009
vPro use cases in Altiris
CMS
Intro of Altiris CMS
8:00 AM to 9:30 AM
PDT
Beyond the Firewall:
Using Fast Call for
Help to manage PCs
with vPro Technology
Overview
vPro Overview
Fast Call For Help Overview
Demo
vPro use cases
Hands on demo with Altiris
CMS/BKMs
1
Register Here
September 16,
2009
8:00 AM to 9:30 AM
PDT
Register Here
GoToWebinar Attendee Interface
Viewer Window
Control Panel
Type your
questions
here
 Enter your Audio PIN when joining the webinar
 Submit your questions via the GoToWebinar Control
Panel
 This session is being recorded for future viewing
 For support, send e-mail during this session to:
– Michele Gartner ([email protected])
– Ramesh Dontha ([email protected])
2
Intel® vPro™ Technology
Jeff Torello
vPro Solution Architect
3
The Problem for CIOs and IT…
CIOs asked to innovate and improve
business processes… all while lowering
costs
But only 11% of costs available to
innovate… the rest goes on maintenance
And maintenance costs explode
with desk-side visits
Need to free up Time and Money for IT to Innovate
4
IT’s Challenges Are Intel’s Motivation
Security
Manageability
• Attacks now very stealthy and
motivated by financial gain
• Time between vulnerability
discovery and exploitation is
shrinking
• Globalization and limited IT
resources demand more
centralized, automated processes
• Regulatory compliance is a key IT
deliverable
Energy
• Rising energy costs make
power a significant IT
expense
• “Green IT” emerging a major
CIO objective
$70+
5
*Other brands may be claimed as the property of others.
Intel® vPro™ Technology
Built-in Management

Reduce your support costs with built-in
management technologies
Proactive Security

Protect your PCs and your data
infrastructure with built-in security
technologies
Energy Efficient Performance

Improved performance with reduced power
consumption with the Core™2 Duo and
Core™2 Quad processors
6
What is Intel® vPro™ Technology?
Processor
Chipset
Network
• Intel® Core™2 Duo processor
Security and Manageability
Independent Network Access
• Intel® Core™2 Quad processor
• Manageability Engine
• Intel® Active Management
Technology
• Non-Volatile Memory
• Intel® Active Management
Technology
Intel® vPro™ Technology: Security and manageability on the chip
7
Intel® vProTM Technology Architecture
SW Agents
Intel® Core™ 2 Duo Processor
GMCH
Manageability
Engine
ICH8-DO
Filters
Sensors
MAC
OOB
Intel®
PRO/1000
LAN
AMT
8
Operating System
AMT
 Manageability Engine in Chipset
– Independent of power state & OS
– Uses 16MB of system memory
 Network Filters in Chipset
– Monitor Ethernet traffic
– Can internally disconnect Ethernet
 Dedicated Flash Storage Area
– Stores ME firmware
– Stores asset inventory information
– Stores ISV data
DDR2
DDR2
FLASH
BIOS
NVM
“In-Band” Client Management
Desktop/Notebook
Client
IT Management
Console
Management
Agent
OS
Hardware
Network
• “In-Band” client management can:
• Inventory systems which are powered up
• Resolve software application problems
• Push software updates whilst system is powered up
• “In-Band” client management cannot:
• Inventory systems which are powered down
• Resolve software problems which prevent system boot (e.g. OS corrupt)
• Update software “Out of Hours” (while system is powered down)
9
Client Management (With vPro) “Out of Band
– OOB”
Desktop/Notebook
Client
IT Management
Console
Management
Agent
OS
Hardware
Network
• Management for vPro systems can:
• Inventory systems which are powered up or down
• Remotely resolve software OS and application problems
• Push software updates while system is powered up or down
10
Intel® Active Management Technology
1
 Intel® Active Management Technology (Intel® AMT):
– Intel AMT is built into Intel® vPro™ technology
– Intel AMT improves managing and securing networked computing
resources
– Inventory assets, even while systems are powered off
– Repair systems using out-of-band (OOB) management capabilities
– Help secure networks by:
– Proactively blocking incoming threats
– Reactively containing the spread of threats
– Ensuring critical software agents are present
– Keeping installed software versions up to date
– Leveraging popular third-party management consoles and security applications
in use today
1
Intel® Active Management Technology requires the platform to have an Intel® AMT-enabled chipset, network
hardware and software, connection with a power source, and a network connection.
11
Intel® vPro™ Technology Incorporates and Builds
upon Industry Standards
• New: Intel vPro
technology offers
support for WS-MAN
and DASH
Advanced Mgmt,
Security,
Virtualization &
Energy-Efficient
Performance
Intel® vPro™
Technology
• Intel is a co-author of
WS-MAN and DASH
• Intel is a co-founder of
DMTF and co-author
of manageability
standard for the last 15
years
Intel® Active
Management
Technology
Advanced
Mgmt &
Security
DASH +
WS-MAN
New
Standard
Mgmt
ASF 2.0
Legacy
Features & Business
Value
12
12
Intel® vPro™ Technology Usage Cases
Examples
Hardware and software inventory
Encrypted, remote power-on and update
Remote diagnostics and repair
Agent presence checking
Hardware-based isolation and recovery
13
Keeping the Business Running Efficiently
Hardware and Software Inventory
Accurately inventory hardware and software assets
IT Management Console
IT console polls PC for hardware IDs and software
versions regardless of power state
1
PC reports hardware IDs
and software versions
2
HARDWARE
SOFTWARE
Hard drive: Make, Model
Virus SW: Version
Memory: Size, Speed
Management SW: Version
CPU: Type, GHz
OS: Version
Network
•
•
•
Faster, more accurate than manual audits
Assist with upgrade planning, lifecycle management and government regulations
Save money on license fees with accurate software inventories
14
Keeping the Business Running Efficiently
Encrypted, Remote Power-On and Update
Push security updates to PCs even if they are powered off
1
IT Management Console reviews agent software
report in management database for client DAT
version to identify clients requiring update
IT Management Console
Unique encrypted power-on command
issued by IT console
2
Virus DAT file on PC updated
and rebooted if necessary
3
Encrypted power-off command sent to PC
4
Network
• Encrypted, remote deployment of patches without user interruption
• Reduced time required to deploy patches, reduced vulnerability
15
Intel® Active Management Technology
Remote Diagnostics and Repair
1
Client PC
PC can’t reboot and user calls IT help
desk
Technician initiates Serial Over LAN
(SOL) session
PC remotely rebooted (IDE-R) from
image on management server;
remotely work in the BIOS
Technician diagnoses problem
and repairs issue as appropriate
(remote SW update, local HW install)
2
IT Management Console
3
4
Network
Remotely diagnose and repair PCs regardless of power state or OS health
16
16
DEMO
17
Risk Management
Agent Presence Checking
Keep agents operating correctly
IT management console repairs
non-working management agent
IT Management Console
4
PC alerts IT console that management agent
is missing or non-functioning
3
Security Agent
Agent Present?

 
YES
NO
Agent Present?
1
Management
or security agent is
continuously
checking in with
Intel® vPro™
technology
YES
NO
Intel
Intel
Intel®®®
AMT
AMT
AMT111
(((
Mgmt. Agent
(((
2
Management agent fails
to check in
Network
Ensure more accurate PC asset inventory
Intel® Active Management Technology requires the platform to have an Intel® AMT-enabled chipset, network hardware
and software, as well as connection with a power source and a corporate network connection. With regard to notebooks,
Intel AMT may not be available or certain capabilities may be limited over a host OS-based VPN or when connecting
wirelessly, on battery power, sleeping, hibernating or powered off. For more information, see
http://www.intel.com/technology/manage/iamt.
Notebooks must be on the wired network and plugged in to a power source to be accessible when off. In a wireless state
you can access via the console the notebooks so long as they are awake and on the corporate network or connected via a
18
healthy VPN connection
Risk Management
802.1x and Cisco NAC Network
No need to lower network security for OS-absent management
Router
Console request OS
absent mgmt. session
2
IT Management Console
1
802.1x & Cisco NAC*
credentials
presented from
nonvolatile memory
Router authenticates credentials,
credentials verified, target PC
admitted to secure network
3
Console proceeds with
mgmt activity
4
Network
Maintain full network security
Notebooks require Intel AMT release v2.6 . Notebooks must be on the wired network and plugged in to a power source to be accessible when off. In a wireless state you can access
via the console the notebooks so long as they are awake and on the corporate network or connected via a healthy VPN connection.
19
Intel® Mobile and Desktop Business PCs
Prevent Infected PCs from Spreading Viruses through HWlevel Security Filters
2
X
Filter
1
When virus is found, filter
quarantines system by isolating
the OS from the network while
keeping remediation channel open
to the console
3
IT Management Console
PC sends alert
IT console traffic allowed
to pass through filters to
remediate PC
Management Console sets
AMT filters thresholds
(time window & IP
connections)
4
Network
Increase overall security of your PC fleet
Filter harmful viruses and isolate infected PCs
1Intel®
Active Management Technology requires the platform to have an Intel® AMT-enabled chipset, network hardware and software, as well as connection with a power source and
a corporate network connection. With regard to notebooks, Intel AMT may not be available or certain capabilities may be limited over a host OS-based VPN or when connecting
wirelessly, on battery power, sleeping, hibernating or powered off. For more information, see http://www.intel.com/technology/manage/iamt.
20
Intel® vPro™ Technology
Customers implementing in volume
Adopted by:
• 60% of Fortune 100
companies
• All leading OEMs and
5000 active channel
partners
• 80+ Software partners
2006
2007
2008
2009
21
• All major verticals
worldwide
ROI with Intel® vProTM Technology
Secure power management without compromising security
Actual Customer Experiences
Up to
$1.4
Up to
42%
Million
Up to
faster
2.7 Million kWh
Up to
25% more
saved over 4 years with
secure, reliable
powering on/off of PCs
that previously were on
24 hours2
patching process and
deskside visits related to
patching reduced by
92%3
energy saved over 4 years,
with a total projected cost
savings of $276,8004
power-efficiency
improvement5
State of Indiana
Telkomsel
Calgary Health
Region
Electronic Data
Systems
Read case study
Read case study
Read case study
Read case study
View video
View video on
YouTube
2- Indiana State Office of Technology ROI case study http://communities.intel.com/docs/DOC-1494
3- Telkomsel ROI case study http://communities.intel.com/docs/DOC-1494
4-Calgary Health ROI case study http://communities.intel.com/docs/DOC-1494
5-EDS ROI case study http://communities.intel.com/docs/DOC-1494
22
ROI with Intel® vProTM Technology
Increase accuracy and speed of inventory audit
Actual Customer Experiences
Eliminate
Virtually
manual inventory and
reduce IT’s concern about
the 1-2% that typically
needed
to be accounted for
physically6
Speed up inventory checks
7
by up to 99%
Reduce up to
671 man
hours by year
Telkomsel
four in researching
lost systems8
Read case study
Cleveland Clinic
State of Indiana
Read case study
Read case study
View Video
6-Indiana State Office of Technology ROI case study http://communities.intel.com/docs/DOC-1494
7-Telkomsel ROI case study http://communities.intel.com/docs/DOC-1494
8-Cleveland Clinic ROI case study http://communities.intel.com/docs/DOC-1494
23
IT@Intel Case Study - Reducing Desk-side Visits9
5% of Helpdesk calls result in desk-side visit,
account for 52% of support costs
Desk-side Visits Required
w/o Intel®
AMT
w/ Intel®
AMT
Repair Method with Intel® Active
Management Technology available
HW Failure (27%)
2+
1 or less
Diagnose problem & replacement part
remotely, Deploy technician to replace failed
HW w/ right part
HDD Failure (8%)
2+
1 or less
Diagnose problem & replacement part
remotely, Deploy technician to replace HDD
w/ right part
OS Failure (19%)
1+
0
Run OS recovery, Run repair tools remotely
BIOS Failure (2%)
1+
0
Update BIOS remotely
OS Update (3%)
1+
0
Run OS recovery, Update OS remotely
Other (41%)
1+
1+
Desk side visit still required
Root cause
Intel IT estimates that Intel® vPro™ technology will save 24M$/yr
expenses through reduction in desk side visits plus an additional
10% reduction in maintenance contracts and software license fees.
9-2003 Intel IT Trouble Tickets
24
Real Results
Actual customer experiences with Intel® vPro™ technology10
Current
Process
With Intel® vPro™
Technology
Percent
Improvement
User downtime, software issue, remote (min.)
982.5
18.75
98%
Deskside visit for software fix (number of visits)
1.64
.14
91%
Manual PC hardware inventory (min.)
27.5
.47
98%
Average number of hours to achieve
patch saturation
278.4
16.8
94%
Customers report significant improvement
10-“Case Studies with Intel® vPro™ Processor Technology – An Analysis of Early Testing of Intel vPro Processor
Technology in Large IT Departments”, C. La Grand & M. Salamasick, 2007
25
Real Results
Actual customer experiences with Intel® vPro™ technology
Current
Process
With Intel vPro
technology
Percent
Improvement
71
0.3
99%
Typical inventory accuracy 5000 PCs
84%
98%
16%
Success rate: automated hardware inventory
81%
99%
22%
Current
Process
With Intel vPro
technology
Percent
Improvement
Average # hours to patch 1000 PCs
64.8
9.2
85%
% of PCs requiring deskside patch
7.5%
2%
73%
Average # hours to achieve saturation
278.4
16.8
94%
Compliance
Time to discover 1000 PCs one site (hrs)
Patch Management
Hardware mitigates more risk than software alone
26
Significant Return On Investment (ROI)
Payback time of 15 mo., $142.75 per PC per year after year 3
Payback in 15 months for average company
with 12,300 notebooks
Assumes $360K implementation cost and cost adder
for new technology
Savings / PC / Yr After Year 3
Minor app / SW update reduction in deployment failure rate
$50.71
Helpdesk cost reduction
$34.44
Manual HW malfunction resolution
$17.18
Manual SW malfunction resolution
$16.14
Major app deployment cost reduction
$12.36
Mobile PC audit failure reduction
$7.00
Other
$4.92
Total
$142.75
• For a firm with 12,300 notebook PCs with a 3-year refresh cycle
• White paper located on intel.com:
http://download.intel.com/products/centrino/pro/centrino_wipro.pdf
27
Estimate Your Own Savings with
Intel® vPro™ Technology ROI Estimator
• Data and modeling based on
41 businesses with 1000 PCs
or more from N. America and
Europe
• Adjustable inputs
• Savings and Cost Difference
output via table and graph
Download the ROI Estimator at
www.intel.com/go/vproestimator
28
Additional Information
 Intel® vPro™ Expert Center
– http://www.intel.com/go/vproexpert
 Getting Started with Intel® vPro™ Technology
– http://communities.intel.com/docs/DOC-3159
 Online Activation Training
– http://download.intel.com/business/vpro/ActivationClass/main.html
 Activation Cheat Sheet
– http://communities.intel.com/docs/DOC-1370
 Solution Providers can activate your PCs for you
– http://communities.intel.com/docs/DOC-3146
29
30