Intel's vPro Reshapes Remote Desktop Support

Chances are good that you have never heard of Intel's vPro technology. If your company relies upon remote support technology, it's time to get acquainted with it.There is nothing new about building remote access enabling technologies directly into a PC BIOS, as opposed to at the operating system level. The most obvious example of this is wake-on-LAN support, although there are others.

A couple of years ago, Intel introduced a set of technologies designed to build upon existing BIOS-level remote access capabilities and to add a number of new features. The company packaged these innovations under the name vPro: Intel's description of vPro is centered on manageability and security. vPro is intended to reduce desk-side visits by administrative staff and to reduce labor-intensive manual processes in IT, and Intel promises seamless integration into existing management infrastructure. Manageability refers to the ability to inventory PCs, including their components, via hardware-based, OS-independent and system status-independent communication. System information can either be collected, or fetched from a small non-volatile memory on vPro-enabled systems. And it refers to minimizing desk side visits to client PCs by enabling remote boot, diagnosis and backup/restore capabilities. Security is offered by filtering network traffic, easy isolation and quarantining infected systems; up-to-date asset information, remote/push updates and the optional creation of a virtual system environment for management services. As IT standards go, vPro is a very low-key player in the business world -- and the term means nothing to the vast majority of consumer PC users. This is partly due to the fact that even today, just a handful of OEM desktop models actually implement the technology, although vPro-enabled systems are now available from HP, Lenovo, and Dell, among others.

Of course, the technology also depends upon a service provider that is prepared to support it. Today, LogMeIn.com is one of the few top-tier remote support tool vendors to support vPro, although that is likely to change as more hardware OEMs get on board.

As CNET's Rafe Needleman noted a few months ago, vPro offers some very powerful remote support capabilities -- and it also raises some security concerns: It's designed for corporate networks so that support personnel can get into a machine--to run a backup, for example--regardless of whether it's running Windows, has crashed into a blue screen, or has been shut down. As long as the PC is plugged into the wall and to an Ethernet connection, the computer, even though in an off state, will continue to draw a small amount of power (about 4 watts) while it monitors the network for control packets.

As the article I cited above states, vPro employs a number of built-in security protocols. Just as important, a desktop user must deliberately enable the technology and grant remote access to an authorized support provider.

Still, Needleman sees the potential to abuse the technology: What I am concerned about are VPro home computers for which remote control is preconfigured by a seller. A machine sold by an unscrupulous builder. A used computer sold via eBay or Craigslist by someone bent on identity theft. The opportunities for crime here are just too great to ignore.

It's a pretty far-out attack scenario, given the almost complete absence of vPro support in the consumer market. And really, any company that fails to perform a soup-to-nuts security check on a secondhand PC is just begging for trouble.

Don't Miss: NEW! Remote Access How-To Center

If your company plans to implement a remote support product, I suggest keeping vPro support in mind when you comparison shop. The same thing applies to buying new desktop hardware, since vPro is definitely a technology that companies will have to seek out if they want to use it.

Finally, ensure that someone on your company's IT staff gets up to speed on the possible uses -- and abuses -- of vPro. In the IT world, there is always a fine line between "tool" and "weapon," and this tool is no exception.