http://en.wikipedia.org/wiki/Intel_Corporation#Naming_strategy
Naming strategy[edit]
In 2006, Intel expanded its promotion of open specification platforms beyond Centrino, to include the Viiv media center PC and the business desktop Intel vPro.
In mid January 2006, Intel announced that they were dropping the long running Pentium name from their processors. The Pentium name was first used to refer to the P5 core Intel processors (Pent refers to the 5 in P5,) and was done to circumvent court rulings that prevent the trademarking of a string of numbers, so competitors could not just call their processor the same name, as had been done with the prior 386 and 486 processors (both of which had copies manufactured by IBM and AMD). They phased out the Pentium names from mobile processors first, when the new Yonah chips, branded Core Solo and Core Duo, were released. The desktop processors changed when the Core 2 line of processors were released. By 2009 Intel was using a good-better-best strategy with Celeron being good, Pentium better, and the Intel Core family representing the best the company has to offer.[179]
According to spokesman Bill Calder, intel has maintained only the Celeron brand, the Atom brand for netbooks and the vPro lineup for businesses. Since late 2009, Intel's mainstream processors have been called Celeron, Pentium, Core i3, Core i5, and Core i7, in order of performance from lowest to highest. The first generation core products carry a 3 digit name, such as i5 750, and the second generation products carry a 4 digit name, such as the i5 2500. In both cases, a K at the end of it shows that it is an unlocked processor, enabling additional overclocking abilities (for instance, 2500K). vPro products will carry the Intel Core i7 vPro processor or the Intel Core i5 vPro processor name.[180] In October 2011, Intel started to sell its Core i7-2700K "Sandy Bridge" chip to customers worldwide.[181]
Beginning in 2010 "Centrino" will only be applied to Intel's WiMAX and Wi-Fi technologies; it won't be a PC brand anymore. This will be an evolutionary process taking place over time, Intel acknowledges that multiple brands will be in the market including older ones throughout the transition.[180]
http://en.wikipedia.org/wiki/Centrino
Centrino
The Centrino brand represents Intel Wi-Fi and WiMAX adapters. It was formerly a platform-marketing initiative from Intel until January 7, 2010.
Previously, the brand covered a particular combination of mainboard chipset, mobile CPU and wireless networkinterface in the design of a laptop. Intel claims systems equipped with these technologies deliver better performance, longer battery life and broad wireless network interoperability.
The new product line name for Intel wireless products is Intel Centrino Wireless.[1]
Contents
[hide]Intel Centrino[edit]
Wireless LAN | Chipset | Centrino | Processor | Codename | Release Date | Process Technology | Microarchitecture |
Intel PRO/Wireless 2100 | 800 Series | Carmel | Intel Pentium M | Banias | 2003 | 130 nm | Intel P6 |
Intel PRO/Wireless 2200 | Dothan | 2004 | 90 nm | ||||
Intel PRO/Wireless 2200 | 900 Series | Sonoma | 2005 | ||||
Intel PRO/Wireless 2915 | |||||||
Intel PRO/Wireless 3945 | Napa | Intel Core Duo/Solo | Yonah | 2006 | 65 nm | ||
Intel PRO/Wireless 4965 | Napa Refresh | Intel Core 2 Duo/Solo | Merom | Intel Core | |||
Intel Wireless WiFi Link 4965 | Santa Rosa | Intel Core 2 Duo | 2007 | ||||
Santa Rosa Refresh | Penryn | 2008 | 45 nm | ||||
Intel WiFi Link 5100 | 4 Series | Montevina | |||||
Intel WiMAX/WiFi Link 5150 | |||||||
Intel Ultimate N WiFi Link 5300 | |||||||
Intel WiMAX/WiFi Link 5350 | |||||||
Intel Centrino Wireless-N 1000 | 5 Series | Calpella | Intel Core i7/i7 Extreme Edition | Clarksfield | 2009 | Intel Nehalem | |
Intel Centrino Advanced-N 6200 | Intel Core i3/i5/i7 | Arrandale | 2010 | 32 nm | |||
Intel Centrino Advanced-N + WiMAX 6250 | |||||||
Intel Centrino Ultimate-N 6300 | |||||||
Intel Centrino Wireless-N 1000 | 6 Series | Huron River | Intel Core i3/i5/i7/i7 Extreme Edition | Sandy Bridge | 2011 | Intel Sandy Bridge | |
Intel Centrino Wireless-N 1030 | |||||||
Intel Centrino Advanced-N + WiMAX 6150 | |||||||
Intel Centrino Advanced-N 6205 | |||||||
Intel Centrino Advanced-N 6230 | |||||||
Intel Centrino Advanced-N + WiMAX 6250 | |||||||
Intel Centrino Ultimate-N 6300 | |||||||
Intel Centrino Ultimate-N 6300 | 7 Series | Chief River | Intel Core i3/i5/i7/i7 Extreme Edition | Ivy Bridge | 2012 | 22 nm | |
Intel Centrino Advanced-N 6235 | |||||||
Intel Centrino Advanced-N 6205 | |||||||
Intel Centrino Wireless-N 2230 | |||||||
Intel Centrino Wireless-N 2200 | |||||||
Intel Centrino Wireless-N 135 | |||||||
Intel Centrino Wireless-N 105 | |||||||
Intel Centrino | 8 Series | Shark Bay | Intel Core i3/i5/i7/i7 Extreme Edition | Haswell | 2013 | Intel Haswell | |
Intel Centrino | 9 Series | ? | Broadwell | 2014 | 14 nm |
Notebook implementations[edit]
Carmel platform (2003)[edit]
Intel used "Carmel" as the codename for the first-generation Centrino platform, introduced in March 2003.
Centrino | Carmel platform |
---|---|
Mobile chipset | an Intel Mobile 855 Express series chipset (codenamed Odem or Montara with Intel Extreme Graphics 2), including ICH4M southbridge. |
Mobile processor | Processors - Socket 479 |
Wireless network | an Intel PRO/Wireless 2100B (codenamed Calexico) or later 2200BG mini-PCI Wi-Fi adapter (codenamed Calexico2). |
Industry-watchers initially criticized the Carmel platform for its lack of an IEEE 802.11g-solution, because many independent Wi-Fi chip-makers like Broadcomand Atheros had already started shipping 802.11g products. Intel responded that the IEEE had not finalized the 802.11g standard at the time of Carmel's launch, and that it only wanted to launch products based on a finalized standard. In early 2004, after the finalization of the 802.11g standard, Intel permitted an Intel PRO/Wireless 2200BG to substitute for the 2100. At the same time, they permitted the new Dothan Pentium M to substitute for the Banias Pentium M. Initially, Intel permitted only the 855GM chipset, which did not support external graphics. Later, Intel allowed the 855GME and 855PM chips, which did support external graphics, in Centrino laptops.
Despite criticisms, the Carmel platform won quick acceptance among OEMs and consumers. Carmel could attain or exceed the performance of older Pentium 4-M platforms, while allowing for laptops to operate for 4 to 5 hours on a 48 W-h battery. Carmel also allowed laptop manufacturers to create thinner and lighter laptops because its components did not dissipate much heat, and thus did not require large cooling systems.
Sonoma platform (2005)[edit]
Intel used Sonoma as the codename for the second-generation Centrino platform, introduced in January 2005.
Centrino | Sonoma platform |
---|---|
Mobile chipset | an Intel Mobile 915 Express series chipset (codenamed Alviso with Intel GMA 900), including ICH6M southbridge. |
Mobile processor | Processors - Socket 479
|
Wireless network | an Intel PRO/Wireless 2200BG or 2915ABG mini-PCI Wi-Fi adapter (both codenamed Calexico2). |
The Mobile 915 Express chipset, like its desktop version, supports many new features such as DDR2, PCI Express, Intel High Definition Audio, and SATA. Unfortunately, the introduction of PCI Express and faster Pentium M processors causes laptops built around the Sonoma platform to have a shorter battery-life than their Carmel counterparts; Sonoma laptops typically achieve between 3.5–4.6 hours of battery-life on a 53 W-h battery.
Napa platform (2006)[edit]
The codename Napa designates the third-generation Centrino platform, introduced in January 2006 at the Winter Consumer Electronics Show. The platform initially supported Intel Core Duo processors but the newer Core 2 Duo processors were launched and supported in this platform from July 27, 2006 onwards.
Centrino | Napa platform |
---|---|
Mobile chipset | an Intel Mobile 945 Express series chipset (codenamed Calistoga with Intel GMA 950), including ICH7M southbridge. |
Mobile processor | Processors - Socket M / Micro-FCBGA
|
Wireless network | an Intel PRO/Wireless 3945ABG mini-PCIe Wi-Fi adapter (codenamed Golan).
|
Intel uses Centrino Duo branding for laptops with dual-core Core Duo processors and retains the Centrino name for laptops with single core (Core Solo) processors. Some of the initial Core Duo laptops are still labeled as Intel Centrino rather than Centrino Duo.
Santa Rosa platform (2007)[edit]
The codename Santa Rosa refers to the fourth-generation Centrino platform, which was released on Thursday May 10, 2007.
Centrino | Santa Rosa platform |
---|---|
Mobilechipset | an Intel Mobile 965 Express series chipset (codenamed Crestline): GM965 with Intel GMA X3100 graphics technology or PM965 with discrete graphics, and ICH8M southbridge, 800 MT/s front side bus with Dynamic Front Side Bus Switching to save power during low utilization.
|
Mobile processor | Processors - Socket P / Socket M / Micro-FCBGA
|
Wireless network | an Intel WiFi Link 4965AGN (a/b/g/draft-n) mini-PCIe Wi-Fi adapter (codenamed Kedron).
|
The Santa Rosa platform comes with dynamic acceleration technology, allowing single threaded applications to execute faster. When a single threaded application is running, the CPU can turn off one of its cores and overclock the active core. In this way the CPU maintains the same Thermal Profile as it would when both cores are active. Santa Rosa performs well as a mobile gaming platform due to its ability to switch between single threaded and multithreaded tasks.[7] Other power savings come from an Enhanced Sleep state where both the CPU cores and the chipset will power down.
The wireless chipset update was originally intended to include WWAN Internet access via HSDPA (3.5G), (codenamed Windigo) co-developed with Nokia.[8][9] After announcing a working partnership, both later retracted the deal citing the lack of a clear business case for the technology. Support for WiMAX (802.16) was originally scheduled for inclusion in Santa Rosa but was later delayed until Montevina in 2008.[8]
It is branded as "Centrino Pro" when combined with the enhanced security technologies Intel introduced with vPro and "Centrino Duo" when they are not used.[10]
Montevina platform (2008)[edit]
The codename Montevina refers to the fifth-generation Centrino platform, now formally named Centrino 2 to avoid confusion with previous Centrino platforms. It was scheduled for release at Computex Taipei 2008, which took place on June 3–7, 2008,[11] but was delayed until July 15, due to problems with integrated graphics and wireless certification.[12]
Centrino | Montevina platform |
---|---|
Mobilechipset | an Intel Mobile Express series 4 chipset (codenamed Cantiga; GL40, GS45, GM45, PM45) with Intel GMA X4500 graphics technology and ICH9M southbridge, 1066 MT/s (667 MT/s for GL40) FSB. The GM45/GS45 graphics core is clocked at 533 MHz and 400 MHz for GL40, which contains ten unified shaders, up from the eight provided by GMA X3100.
|
Mobile processor | Processors - Socket P / Socket M / Micro-FCBGA
|
Wireless network | Wireless Modules
|
It is branded as Centrino 2 vPro when combined with built-in security and manageability features technologies.
Calpella Platform (2009)[edit]
The codename Calpella refers to the sixth-generation Centrino platform. Though originally scheduled to premiere in Q3 2009 with the second iteration of Nehalemprocessors,[14] Intel had stated that due to pressure from computer manufacturers, they would delay the release of the platform until at least October 2009 (Q4 2009) to allow OEM partners to clear excess inventory of existing chips. This was believed to be spurred by the lowered demand due to unfavorable economic conditions throughout 2009.[15]
Centrino | Calpella platform |
---|---|
Mobilechipset | an Intel Mobile Express Series 5 chipset (PCHM codenamed Ibex Peak) with Intel HD Graphics technology that will allow for optimized decoding/encoding and editing/playback of H.264/MPEG-4 AVC video used in Blu-ray Discs and HD 1080p video, optimized for MPEG-2 (DVD) video playback and editing.
|
Mobile processor | Processors, based on Intel Nehalem microarchitecture[16]
|
Wireless network | Wireless Modules[17]
|
Huron River platform (2011)[edit]
The codename Huron River refers to the seventh-generation Centrino platform.
Centrino | Huron River platform |
---|---|
Mobile chipset | an Intel Mobile Express Series 6 chipset (PCHM codenamed Cougar Point[18]).
|
Mobile processor | Processors, based on Intel Sandy Bridge microarchitecture |
Wireless network | Wireless Modules
|
Chief River platform (2012)[edit]
The codename Chief River refers to the eighth-generation Centrino platform.
Centrino | Chief River platform |
---|---|
Mobile chipset | an Intel Mobile Express Series 7 chipset (PCHM codenamed Panther Point )
|
Mobile processor | Processors, based on Intel Ivy Bridge microarchitecture |
Wireless network | Wireless Modules
|
Shark Bay platform (2013)[edit]
The codename Shark Bay refers to the ninth-generation Centrino platform.
Centrino | Shark Bay platform |
---|---|
Mobile chipset | an Intel Mobile Express Series 8 chipset (PCHM codenamed Lynx Point)
|
Mobile processor | Processors, based on Intel Haswell microarchitecture |
Wireless network | Wireless Modules Wilkins Peak |
Mobile Internet Device[edit]
Menlow platform (2008)[edit]
On March 2, 2008, Intel introduced the Intel Atom processor brand[26] for a new family of low-power processor platforms. The components have thin, small designs and work together to "enable the best mobile computing and Internet experience" on mobile and low-power devices.
Intel's second generation MID platform (codenamed Menlow) contains a 45 nm Intel Atom processor (codenamed Silverthorne) which can run up to 2.0 GHz and a System Controller Hub (codenamed Poulsbo) which includes Intel HD Audio (codenamed Azalia).
Centrino | Menlow platform |
---|---|
Mobile chipset | an Intel SCH (codenamed Poulsbo) with integrated GMA 500 graphics (PowerVR SGX 535 based) |
Mobile processor | a 45 nm Intel Atom CPU (codenamed Silverthorne) |
Wireless network | a wireless radio |
This platform was initially branded as Centrino Atom but the logo was dropped in August 2008; the logo had caused confusion between laptop and MID with previous marketing of Centrino stating only Intel chipsets are being used. Hence MIDs will be branded as Atom to allow integration with other OEM chipsets for the low-end market.[27][28]
Intel Centrino Wireless[edit]
Intel Centrino Wireless is the brand for Intel Wi-Fi and WiMAX adapters. The product line includes:
- Intel Centrino Wireless-N 1000
- Intel Centrino Advanced-N 6200
- Intel Centrino Ultimate-N 6300
- Intel Centrino Advanced-N + WiMAX 6250
Centrino with Intel vPro technology[edit]
Laptops with Intel vPro technology have hardware features that allow a system administrator to remotely access wired and wireless laptops for maintenance and servicing if the operating system is unresponsive or crashed and, when a laptop is connected to AC power (not on battery power), allow a sys-admin to remotely access the laptop when the system is asleep or laptop power is off. It is targeted more for businesses than consumers.[29]
- Centrino laptop with Intel vPro technology (Santa Rosa platform)
- Centrino 2 laptop with Intel vPro technology (Montevina platform)
Security technologies[edit]
Laptops with vPro have the typical dual-core or quad-core processor and wireless features of the Centrino family.
- The vPro technology built into the chipset adds management, security, and remote-deployment features for: monitoring laptops (protected event logs, access toBIOS settings, out-of-band alerting, protected data storage), maintaining and updating systems (access to protected system information, remote power up, console redirection), repairing systems (remote boot, console redirection, preboot access to BIOS settings, protected events logs), and securing systems (remote power up, hardware filters for network traffic, agent presence checks/triggers, out-of-band alerting).
- The 45 nm Centrino 2 package is based on the Penryn microprocessor and Q47/Q45 chipset. It includes a better graphics engine (integrated) than Centrino, and three key additional features: Transport Layer Security (TLS) secured communications over an open local area network (LAN) for wired laptops outside the corporate firewall (not supported for wireless states), support for Microsoft Network Access Protection (NAP), and support for out-of-band management and security features in Sx (all sleep states) when the laptop is inside the corporate firewall.
发展
品牌发展
List of Intel codenames
Intel has historically named integrated circuit (IC) development projects after geographical names of towns, rivers or mountains near the location of the Intel facility responsible for the IC. Many of these are in the American West, particularly in Oregon (where most of Intel's CPU projects are designed; see famous codenames). As Intel's development activities have expanded, this nomenclature has expanded to Israel and India. Some older codenames refer to celestial bodies. There is a pattern with recent desktop processors. Since Core 2 all quad-core desktop processors tend to end in "field" (e.g. Kentsfield, Bloomfield, Lynnfield) and most desktop dual-cores end in "dale" (e.g. Wolfdale, Allendale, Clarkdale), with the exception of Arrandale, a mobile processor codename for the mobile i3/i5/i7s. Platforms consisting of a CPU plus a Southbridge end in "trail" (e.g. Bone Trail, Skull Trail, Pine Trail). Server processors for two sockets now end in "town" (e.g. Harpertown, Gainestown, Gulftown, Jaketown), while server processors for four or more sockets end in "ton" (Tigerton, Dunnington, Beckton).
The following table lists known Intel codenames along with a brief explanation of their meaning and their likely namesake, and the year of their earliest known public appearance.
External links[edit]
http://en.wikipedia.org/wiki/Intel_vPro
Intel vPro
Intel vPro technology is an umbrella marketing term used by Intel for a collection of computer hardware technologies that enable management features such as remote access to the PC (including monitoring, maintenance, and management) – independent of the state of the operating system (OS) or power state of the PC – and security features.[1][2]
Contents
[hide]vPro features[edit]
Intel vPro is a brand name for a set of PC hardware features. PCs with vPro have the following main elements: 1) vPro Enabled Processor 2) vPro Enabled Chip set 3)vPro Enabled BIOS.[1][2][3][4][5][6][7]
A vPro PC includes:
- Multi-core, multi-threaded Intel Core i5 or Intel Core i7[8]
- Intel Active Management Technology (Intel AMT), a set of hardware-based features targeted at businesses. / allow remote access to the PC for management and security tasks, when an OS is down or PC power is off.[1][4] Note that AMT is not the same as Intel vPro; AMT is only one element of a vPro PC.
- Remote configuration technology for AMT, with certificate-based security. Remote configuration can be performed on "bare-bones" systems, before the OS and/or software management agents are installed.[1][4][9]
- Wired and wireless (laptop) network connection.[1]
- Intel Trusted Execution Technology (Intel TXT),[1][10][11][12] which verifies a launch environment and establishes the root of trust, which in turn allows software to build a chain of trust for virtualized environments. Intel TXT also protects secrets during power transitions for both orderly and disorderly shutdowns (a traditionally vulnerable period for security credentials).
- Support for IEEE 802.1x, Cisco Self Defending Network (SDN), and Microsoft Network Access Protection (NAP) in laptops, and support for 802.1x and Cisco SDN in desktop PCs.[13][14] Support for these security technologies allows Intel vPro to store the security posture of a PC so that the network can authenticate the system before the OS and applications load, and before the PC is allowed access to the network.[10]
- Intel Virtualization Technology, including Intel VT for memory, CPU, and Directed I/O, to support virtualized environments. Intel VT is hardware-based technology, not software-based virtualization. Intel VT lets you run multiple OSs (traditional virtualization) on the same PC or run a specialized or critical application in a separate space—a virtual PC on the physical system—in order to help protect the application or privacy of sensitive information.[10][15]
- Execute Disable Bit that, when supported by the OS, can help prevent some types of buffer overflow attacks.[16]
- Support for Microsoft Windows Vista, including Microsoft Windows Vista BitLocker with a Trusted Platform Module version 1.2 and Intel graphics support for Windows Vista Aero graphical user interface.[17][18]
Remote management[edit]
Intel AMT is the set of management and security features built into vPro PCs that makes it easier for a sys-admin to monitor, maintain, secure, and service PCs.[1] Intel AMT (the management technology) is sometimes mistaken for being the same as Intel vPro (the PC "platform"), because AMT is one of the most visible technologies of an Intel vPro-based PC.
Intel AMT includes:
- Encrypted remote power up/down/reset (via wake-on-LAN, or WOL)[1][4]
- Remote/redirected boot (via integrated device electronics redirect, or IDE-R)[1][4]
- Console redirection (via serial over LAN, or SOL)[1][4]
- Preboot access to BIOS settings[1][4]
- Programmable filtering for inbound and outbound network traffic[1][4][10]
- Agent presence checking[1][4][10]
- Out-of-band policy-based alerting[1][4]
- Access to system information, such as the PC's universally unique identifier (UUID), hardware asset information, persistent event logs, and other information that is stored in dedicated memory (not on the hard drive) where it is accessible even if the OS is down or the PC is powered off.[1][4]
Hardware-based management has been available in the past, but it has been limited to auto-configuration (of computers that request it) using DHCP or BOOTP fordynamic IP address allocation and diskless workstations, as well as wake-on-LAN for remotely powering on systems.[19]
VNC-based KVM remote control[edit]
Starting with vPro with AMT 6.0, PCs with i5 or i7 processors and embedded Intel graphics, now contains an Intel proprietary embeded VNC Server. You can connect out-of-band using dedicated VNC-compatible Viewer technology, and have full KVM (Keyboard, Video, Mouse) capability throughout the power cycle – including uninterrupted control of the desktop when an operating system loads. Clients such as VNC Viewer Plus from RealVNC also provide additional functionality that might make it easier to perform (and watch) certain Intel AMT operations, such as powering the computer off and on, configuring the BIOS, and mounting a remote image (IDER).
Note: Not all i5 & i7 Processors with vPro may support KVM capability. This depends on the OEM's BIOS settings as well as if a discreet graphics card is present. Only Intel Integrated HD graphics support KVM ability.
Wireless communication[edit]
Intel vPro supports encrypted wired and wireless LAN wireless communication for all remote management features for PCs inside the corporate firewall.[1] Intel vPro supports encrypted communication for some remote management features for wired and wireless LAN PCs outside the corporate firewall.[1][20]
vPro laptop wireless communication[edit]
Laptops with vPro include a gigabit network connection and support IEEE 802.11 a/g/n wireless protocols.[1][20][21]
AMT wireless communication[edit]
Intel vPro PCs support wireless communication to the AMT features.[1][21]
For wireless laptops on battery power, communication with AMT features can occur when the system is awake and connected to the corporate network. This communication is available if the OS is down or management agents are missing.[1][20]
AMT out-of-band communication and some AMT features are available for wireless or wired laptops connected to the corporate network over a host OS-based virtual private network (VPN) when laptops are awake and working properly.[1]
A wireless connection operates at two levels: the wireless network interface (WLAN) and the interface driver executing on the platform host. The network interface manages the RF communications connection.
If the user turns off the wireless transmitter/receiver using either a hardware or software switch, Intel AMT cannot use the wireless interface under any conditions until the user turns on the wireless transmitter/receiver.
Intel AMT Release 2.5/2.6 can send and receive management traffic via the WLAN only when the platform in the S0 power state. It does not receive wireless traffic when the host is asleep or off. If the power state permits it, Intel AMT Release 2.5/2.6 can continue to send and receive out-of-band traffic when the platform is in an Sx state, but only via a wired LAN connection, if one exists.
Release 4.0 and later releases support wireless out-of-band manageability in Sx states, depending on the power setting and other configuration parameters.
Release 7.0 supports wireless manageability on desktop platforms.
When a wireless connection is established on a host platform, it is based on a wireless profile that sets up names, passwords and other security elements used to authenticate the platform to the wireless Access Point. The user or the IT organization defines one or more profiles using a tool such as Intel PROSet/Wireless Software. In release 2.5/6, Intel AMT must have a corresponding wireless profile to receive out-of-band traffic over the same wireless link. The network interface API allows defining one or more wireless profiles using the same parameters as the Intel PROSet/Wireless Software. See Wireless Profile Parameters. On power-up of the host, Intel AMT communicates with the wireless LAN driver on the host. When the driver and Intel AMT find matching profiles, the driver routes traffic addressed to the Intel AMT device for manageability processing. With certain limitations, Intel AMT Release 4.0/1 can send and receive out-of-band traffic without an Intel AMT configured wireless profile, as long as the host driver is active and the platform is inside the enterprise.
In release 4.2, and on release 6.0 wireless platforms, the WLAN is enabled by default both before and after configuration. That means that it is possible to configure Intel AMT over the WLAN, as long as the host WLAN driver has an active connection. Intel AMT synchronizes to the active host profile. It assumes that a configuration server configures a wireless profile that Intel AMT uses in power states other than S0.
When there is a problem with the wireless driver and the host is still powered up (in an S0 power state only), Intel AMT can continue to receive out-of-band manageability traffic directly from the wireless network interface.
For Intel AMT to work with a wireless LAN, it must share IP addresses with the host. This requires the presence of a DHCP server to allocate IP addresses and Intel AMT must be configured to use DHCP.
Encrypted communication while roaming[edit]
Intel vPro PCs support encrypted communication while roaming.[1][21][22]
vPro PCs version 4.0 or higher support security for mobile communications by establishing a secure tunnel for encrypted AMT communication with the managed service provider when roaming (operating on an open, wired LAN outside the corporate firewall).[1] Secure communication with AMT can be established if the laptop is powered down or the OS is disabled.[1] The AMT encrypted communication tunnel is designed to allow sys-admins to access a laptop or desktop PC at satellite offices where there is no on-site proxy server or management server appliance.
Secure communications outside the corporate firewall depend on adding a new element—a management presence server (Intel calls this a "vPro-enabled gateway")—to the network infrastructure.[1] This requires integration with network switch manufacturers, firewall vendors, and vendors who design management consoles to create infrastructure that supports encrypted roaming communication. So although encrypted roaming communication is enabled as a feature in vPro PCs version 4.0 and higher, the feature will not be fully usable until the infrastructure is in place and functional.
vPro security[edit]
vPro security technologies and methodologies are designed into the PC's chipset and other system hardware. Because the vPro security technologies are designed into system hardware instead of software, they are less vulnerable to hackers, computer viruses, computer worms[citation needed], and other threats that typically affect an OS or software applications installed at the OS level (such as virus scan, antispyware, inventory, and other security or management applications).[1]
For example, during deployment of vPro PCs, security credentials, keys, and other critical information are stored in protected memory (not on the hard disk drive), and erased when no longer needed.
Security and privacy concerns[edit]
According to Intel, it is possible to disable AMT through the BIOS settings, however, there is apparently no way for most users to detect outside access to their PC via the vPro hardware-based technology.[23] Moreover, Sandy Bridge and most likely future chips will have, "...the ability to remotely kill and restore a lost or stolen PC via 3G."[24]
Security features[edit]
Intel vPro supports industry-standard methodologies and protocols, as well as other vendors' security features:[1][4][10][25]
- Intel Trusted Execution Technology (Intel TXT).[1][11][12]
- Industry-standard Trusted Platform Module version 1.2 (TPM).[1]
- Support for IEEE 802.1x, Preboot Execution Environment (PXE), and Cisco Self Defending Network (SDN) in desktop PCs, and additionally Microsoft Network Access Protection (NAP) in laptops.[1][13][14]
- Execute Disable Bit.[1]
- Intel Virtualization Technology (Intel VT).[1]
Technologies and methodologies[edit]
Intel vPro uses several industry-standard security technologies and methodologies to secure the remote vPro communication channel. These technologies and methodologies also improve security for accessing the PC's critical system data, BIOS settings, Intel AMT management features, and other sensitive features or data; and protect security credentials and other critical information during deployment (setup and configuration of Intel AMT) and vPro use.[1][26]
- Transport layer security protocol, including pre-shared key TLS (TLS-PSK) to secure communications over the out-of-band network interface. The TLS implementation uses AES 128-bit encryption and RSA keys with modulus lengths of 2048 bits.[27][28][29]
- HTTP digest authentication protocol as defined in RFC 2617. The management console authenticates IT administrators who manage PCs with Intel AMT[28]
- Single sign-on to Intel AMT with Microsoft Windows domain authentication, based on the Microsoft Active Directory and Kerberos protocols.[1]
- A pseudorandom number generator (PRNG) in the firmware of the AMT PC, which generates high-quality session keys for secure communication.[1]
- Only digitally signed firmware images (signed by Intel) are permitted to load and execute.[1]
- Tamper-resistant and access-controlled storage of critical management data, via a protected, persistent (nonvolatile) data store (a memory area not on thehard drive) in the Intel AMT hardware.[1]
- Access control lists for Intel AMT realms and other management functions.[1]
vPro hardware requirements[edit]
The first release of Intel vPro was built with an Intel Core 2 Duo processor.[4] The current versions of Intel vPro are built into systems with 22 nm Intel 4th Generation Core i5 & i7 processors.
PCs with Intel vPro require specific chipsets. Intel vPro releases are usually identified by their AMT version.[1][4]
Laptop PC requirements[edit]
Laptops with Intel vPro require:
- For Intel AMT release 9.0 (4th Generation Intel Core i5 and Core i7):
- For Intel AMT release 8.0 (3rd Generation Intel Core i5 and Core i7):
- For Intel AMT release 4.1 (Intel Centrino 2 with vPro technology):[35]
- 45 nm Intel Core2 Duo processor T, P sequence 8400, 8600, 9400, 9500, 9600; small form factor P, L, U sequence 9300 and 9400, and Quad processor Q9100.
- Mobile 45 nm Intel GS45, GM47, GM45 and PM45 Express Chipsets (Montevina with Intel Anti-Theft Technology) with 1066 FSB, 6 MB L2 cache, ICH10M-enhanced.
- For Intel AMT release 4.0 (Intel Centrino 2 with vPro technology):[1][5]
- 45 nm Intel Core2 Duo processor T, P sequence 8400, 8600, 9400, 9500, 9600; small form factor P, L, U sequence 9300 and 9400, and Quad processor Q9100.
- Mobile 45 nm Intel GS45, GM47, GM45 and PM45 Express Chipsets (Montevina) with 1066 FSB, 6 MB L2 cache, ICH9M-enhanced.
- For Intel AMT release 2.5 and 2.6 (Intel Centrino with vPro technology):[4][6][36]
- Intel Core2 Duo processor T, L, and U 7000 sequence3, 45 nm Intel Core2 Duo processor T8000 and T9000
- Mobile Intel 965 (Broadwater-Q) Express Chipset with ICH8M-enhanced.
Note that AMT release 2.5 for wired/wireless laptops and AMT release 3.0 for desktop PCs are concurrent releases.
Desktop PC requirements[edit]
Desktop PCs with vPro (called "Intel Core 2 with vPro technology") require:
- For AMT release 5.0:[37]
- Intel Core2 Duo processor E8600, E8500, and E8400 ; 45 nm Intel Core2 Quad processor Q9650, Q9550, and Q9400.
- Intel Q45 (Eaglelake-Q) Express Chipset with ICH10DO.
- For AMT release 3.0, 3.1, and 3.2:[1][4][5]
- Intel Core2 Duo processor E6550, E6750, and E6850; 45 nm Intel Core2 Duo processor E8500, E8400, E8300 and E8200; 45 nm Intel Core2 Quad processor Q9550, Q9450 and Q9300.
- Intel Q35 (Bearlake-Q) Express Chipset with ICH9DO.
Note that AMT release 2.5 for wired/wireless laptops and AMT release 3.0 for desktop PCs are concurrent releases.
- For AMT release 2.0, 2.1 and 2.2:[4][6][36]
- Intel Core 2 Duo processor E6300, E6400, E6600, and E6700.
- Intel Q965 (Averill) Express Chipset with ICH8DO.
vPro, AMT, Core i relationships[edit]
There are numerous Intel brands. However, the key differences between vPro (an umbrella marketing term), AMT (a technology under the vPro brand), Intel Core i5 and Intel Core i7 (a branding of a package of technologies), and Core i5 and Core i7 (a processor) are as follows:
The Core i7, the first model of the i series was launched in 2008, and the less-powerful i5 and i3 models were introduced in 2009 and 2010, respectively. The microarchitecture of the Core i series was code-named Nehalem, and the second generation of the line was code-named Sandy Bridge.
Intel Centrino 2 was a branding of a package of technologies that included Wi-Fi and, originally, the Intel Core 2 Duo.[3] The Intel Centrino 2 brand was applied to mobile PCs, such as laptops and other small devices. Core 2 and Centrino 2 have evolved to use Intel's latest 45-nm manufacturing processes, havemulti-core processing, and are designed for multithreading.
Intel vPro is a brand name for a set of Intel technology features that can be built into the hardware of the laptop or desktop PC.[1] The set of technologies are targeted at businesses, not consumers. A PC with the vPro brand often includes Intel AMT, Intel Virtualization Technology (Intel VT), Intel Trusted Execution Technology (Intel TXT), a gigabit network connection, and so on. There may be a PC with a Core 2 processor, without vPro features built in. However, vPro features require a PC with at least a Core 2 processor. The technologies of current versions of vPro are built into PCs with Core 2 Duo or Core 2 Quad processors and more recently some versions of Core i5 and Core i7 processors.
Intel AMT is part of the Intel Management Engine that is built into PCs with the Intel vPro brand. Intel AMT is a set of remote management and security hardware features that let a sys-admin with AMT security privileges access system information and perform specific remote operations on the PC.[4] These operations include remote power up/down (via wake on LAN), remote / redirected boot (via integrated device electronics redirect, or IDE-R), console redirection (via serial over LAN), and other remote management and security features.
Intel® vPro™ Technology
Built-in security for greater protection
An added layer of security for businesses and intelligent systems
Today’s businesses and intelligent systems developers face four critical areas of IT security:
- Threat management, including protection from rootkits, viruses, and malware
- Identity and website access point protection
- Confidential personal and business data protection
- Remote and local monitoring, remediation, and repair of PCs and workstations
Intel® vPro™ technology addresses each of these and other needs through its comprehensive set of security, manageability, and productivity-enhancing capabilities. This technology is built into the new Intel® Core™ vPro™ processor family, the Intel® Xeon® processor E5-2600, E5-1600, and E3-1200 product families, Intel® chipsets, and network adapters that simplify and accelerate these four critical IT functions.1,2
While Intel vPro technology is conveniently built in, some of its unique features require action to deploy them based on the organization’s needs and policies. Thanks to Intel® Setup and Configuration Software 9.0, IT managers can implement Intel vPro processor–based PCs or workstations in a matter of minutes.2
Prevent attacks below the operating system
Intel vPro technology protects against difficult-to-detect, penetrating rootkits and malware that threaten users working in cloud or virtual environments. It combines several hardware-based features, including Intel® Trusted Execution Technology (Intel® TXT)3 and Intel® Virtualization Technology (Intel® VT)4 for centralized image management and administration, secure network storage, and out-of-band protection—all beyond the firewall.
Protect confidential business, employee, and customer information
Traditional forms of account authentication are no longer enough. That’s why Intel vPro technology provides multiple lines of built-in defenses, starting with the online safety features of Intel® Identity Protection Technology (Intel® IPT)5: embedded one-time password, built-in public key infrastructure (PKI), and protected transaction display.
Intel® AES New Instructions6 provides additional protection, and can encrypt data up to four times faster without interfering with user productivity.7 The technology employs Intel® Secure Key,8 a hardware-based encryption technology that generates higher-quality random numbers, making data encryption even more secure for safer online interactions.
Respond to security breaches with speed and agility
Because Intel vPro technology is embedded in hardware, its capabilities are accessed and administered separately from the hard drive, OS, and software applications—in a pre-boot environment. This makes management less susceptible to issues affecting these areas. It also allows remote access to the PC or workstation, regardless of the system’s power state or OS condition. This technology:
- Allows IT technicians to quickly deploy security patches across PCs, remotely unlock encrypted drives, and manage data security settings
- Gives IT help desk personnel complete control over a platform with unique features like KVM Remote Control9 with support for three simultaneous display configurations, 27 additional languages, and enhanced mouse improvements across multiple screens
- Enables IT to remotely diagnose, isolate, and repair infected platforms after a security breach occurs
- Uses Intel® Active Management Technology (Intel® AMT)10 and is complemented by management and security solutions like McAfee Deep Command* or Microsoft System Center* to facilitate remote management of platform applications, even when the platform is turned off, as long as the platform is connected to a power line or network
- Delivers the most advanced security and compute-model flexibility for consumerization with the addition of Intel® Virtual Machine Control Structure Shadowing (Intel® VMCS Shadowing), enabling greater control and separation of IT-managed and your user-owned operating environment partitions
1. No computer system can provide absolute security under all conditions. Built-in security features available on select Intel® processors may require additional software, hardware, services and/or an Internet connection. Results may vary depending upon configuration. Consult your system manufacturer for more details. For more information, see http://www.intel.com/content/www/us/en/security/security-at-home.html.
2. Intel® vPro™ technology is sophisticated and requires setup and activation. Availability of features and results will depend upon the setup and configuration of your hardware, software, and IT environments. To learn more visit: www.intel.com/content/www/us/en/architecture-and-technology/vpro/vpro-technology-general.html.
3. No computer system can provide absolute security under all conditions. Intel® Trusted Execution Technology requires a computer system with Intel® Virtualization Technology, an Intel TXT-enabled processor, chipset, BIOS, Authenticated Code Modules and an Intel TXT-compatible measured launched environment (MLE). The MLE could consist of a virtual machine monitor, an OS or an application. In addition, Intel TXT requires the system to contain a TPM v1.2, as defined by the Trusted Computing Group, and specific software for some uses. For more information, see www.intel.com/content/www/us/en/data-security/security-overview-general-technology.html.
4. Intel® Virtualization Technology (Intel® VT) requires a computer system with an enabled Intel® processor, BIOS, and virtual machine monitor (VMM). Functionality, performance, or other benefits will vary depending on hardware and software configurations. Software applications may not be compatible with all operating systems. Consult your PC manufacturer. For more information, visit www.intel.com/content/www/us/en/virtualization/virtualization-technology/hardware-assist-virtualization-technology.html.
5. No system can provide absolute security under all conditions. Requires an Intel® Identity Protection Technology (Intel® IPT) enabled system, including a 2nd or 3rd generation Intel® Core™ processor or an Intel® Xeon® processor E3-1200 v2 product family, enabled chipset, firmware and software, and participating website. Consult your system manufacturer. Intel assumes no liability for lost or stolen data and/or systems or any resulting damages. For more information, visit http://ipt.intel.com.
6. Intel® AES New Instructions (Intel® AES-NI) requires a computer system with an Intel® AES-NI enabled processor, as well as non-Intel software to execute the instructions in the correct sequence. For availability, consult your reseller or system manufacturer. For more information, see software.intel.com/en-us/articles/intel-advanced-encryption-standard-instructions-aes-ni/.
7. Software and workloads used in performance tests may have been optimized for performance only on Intel microprocessors. Performance tests, such as SYSmark and MobileMark, are measured using specific computer systems, components, software, operations, and functions. Any change to any of those factors may cause the results to vary. You should consult other information and performance tests to assist you in fully evaluating your contemplated purchases, including the performance of that product when combined with other products. For more information go to http://www.intel.com/performance. Results have been measured by Intel based on software, benchmark or other data of third parties and are provided for informational purposes only. Any difference in system hardware or software design or configuration may affect actual performance. Intel does not control or audit the design or implementation of third party data referenced in this document. Intel encourages all of its customers to visit the websites of the referenced third parties or other sources to confirm whether the referenced data is accurate and reflects performance of systems available for purchase.
8. No system can provide absolute security. Intel® Advanced Encryption Standard New Instructions (Intel® AES-NI) requires a computer system with an Intel® AES-NI-enabled processor, as well as software to execute the instructions in the correct sequence. Intel® Secure Key requires an Intel® Secure Key-enabled platform, available on select Intel® processors, and software optimized to support Intel® Secure Key. Consult your system manufacturer for more information and availability.
9. KVM Remote Control (Keyboard Video Mouse) is only available with dual-core Intel® Core™ i5 vPro™ and Core™ i7 vPro™ processors with active integrated graphics. Discrete graphics are not supported.
10. Security features enabled by Intel® Active Management Technology (Intel® AMT) require an enabled chipset, network hardware and software and a corporate network connection. Intel AMT may not be available or certain capabilities may be limited over a host OS-based VPN or when connecting wirelessly, on battery power, sleeping, hibernating, or powered off. Setup requires configuration and may require scripting with the management console or further integration into existing security frameworks, and modifications or implementation of new business processes. For more information, visit http://www.intel.com/content/www/us/en/architecture-and-technology/intel-active-management-technology.html.