Filter
Top Products
21
White Paper: The All New 2010 Intel® Core™ vPro™ Processor Family: Intelligence that Adapts to Your Needs
Intel® Virtualization Technology (Intel® VT) features
Virtualization can be achieved entirely with software — but this approach
has traditionally had several challenges, including too much overhead,
poor performance, and unenforced isolation (a security issue).
Intel VT includes hardware enhancements that shift much of the burden
of software-based virtualization into the hardware. This simplifies and
reduces the overhead of virtualization, making it easier for third-party
vendors to build lightweight VMMs. It also helps make virtualization more
efficient and secure in general, and significantly improves performance –
to near native levels or better, depending on the virtualization model.
Improving isolation and security
Intel VT includes hardware enhancements that virtualize memory,
the CPU, and directed I/O. These features provide a significant level
of hardware enforcement for the VMM’s memory manager, and signifi-
cantly improve isolation of the virtual environment. In turn, this helps
improve security for critical processes and sensitive data.
Establishing a trusted execution environment
One of the persistent challenges of virtualization is ensuring the
integrity of the VMM. Intel TXT addresses this important security
issue using a hardware-rooted process that establishes a root of trust,
which allows software to build a chain of trust from the “bare-metal”
hardware to a fully functional VMM.
19
Using hash-based measurements
protected by hardware, Intel TXT can detect changes to the VMM
during its launch, which helps ensure that virtual machines will run
as expected. The process allows the VMM to be verified earlier than
with current software protection mechanisms (such as virus
detection software).
Intel TXT also protects secrets (security credentials) during power
transitions. With Intel TXT, during OS and application launch, passwords
and keys are stored in protected memory. When the PC is rebooted, Intel
TXT detects that secrets are still stored in memory, removes the secrets,
then allows a normal boot process. (Secrets are not removed by Intel TXT
after a normal protected partition tear-down. Removal of secrets under
normal shutdown is handled by the VMM.) With Intel TXT, secrets that
have not traditionally been protected before the OS and security applica-
tions are launched, are now protected even after improper shut-downs
and in the traditionally vulnerable state before the OS and applications
load once again.
Intel TXT is available in the latest laptop and desktop PCs with a new
Intel Core vPro processor.
Intel® VT is compatible with other technologies
Standard memory, storage, and graphics cards work with Intel VT.
5
The latest laptop and desktop PCs with a new Intel Core vPro proces-
sor can also run most off-the-shelf OSs and applications without IT
administrators having to perform special installation steps. The hard-
ware-based virtualization technology is also designed to work with and
complement other advanced security and management technologies
from Intel, such as Intel AMT.
Key benefits of virtualization
PCs with hardware-based virtualization offer IT benefits in:
• Flexibility. Support both traditional and alternative compute models
on a single standardized PC build.
• Legacy support. Run legacy applications seamlessly in a user
environment, and still maintain high security in a separate virtual
environment through the use of Intel VT and Intel TXT.
• Hardware-based security. Take advantage of hardware VM isola-
tion, VMM launch verification, and memory protection for secrets (via
Intel TXT) provide a robust, isolated, tamper-resistant environment
for streaming an OS and/or applications into virtual containers on
the PC from a centralized management server.
• Productivity. Provide local execution for laptop PCs who are off the
network, while streaming applications or OSs to other users who are
network connected.
• Performance. Great user experience with local, hardware-level
acceleration for local processing and video.
• Leading ISV support from Citrix, VMWare, Microsoft, and Symantec.
Table 5. Virtualization support in laptop and desktop PCs.
Advanced technology Offers All new 2010 Intel® Core™ vPro™ processor family
Intel® VT
9
Traditional client virtualization, which isolates and supports
multiple OSs on a single PC
Yes
Intel® VT for Directed I/O
Virtualization of I/O hardware Yes
Support for virtual containers
Temporary virtual machines (“containers”) that support virtual
user environments and isolate streamed OS and applications
Yes
Intel® TXT
19
Trusted launch of the VMM and protection of secrets
during proper or improper shutdown
Yes