Last Friday, Intel hosted a launch event at San Francisco's Palace Hotel for the upgrade of its vPro technologies (virtualisation, security and remote administration): a platform for business desktop PCs that includes a CPU, a chipset, a firmware, and a gigabit network interface (NIC). The first iteration of vPro launched last Fall and already enabled IT administrator to remotely managed PCs, even when turned off, and install patches/bug fixes, etc.
With vPro 2007, Intel added:
- the Trusted eXecution Technology (TXT) that insures the integrity of virtual machine monitors e.g. VMWare, Parallels, XenSource...;
- improved system defense filters that now has a firewall type of functionality (deep packet inspection, screening for malicious behaviour...) for the integrated Gigabit NIC;
- a capability to allow a PC that does not have its OS active, because it's turned off, to securely come on to an IEEE 802.1x or a Cisco NAC network;
- support for DASH and WS-Man management standards;
- virtualisation for Directed I/O which prevents unauthorised access to the hardware.
But here's the catch. If you are running a Virtual Appliance on a vPro system, you will not be able to run another virtual machine monitor (VMM)/hypervisor from VMWare, Parallels, XenSource/Citrix or any others. And that is because you can only run *one* VMM at a time on a PC. So you will have to choose between running the lightweight VMM that comes with the Virtual Appliance (from Lenovo, Symantec...) and only traps network traffic or a multi-purpose one. And that for me is an serious limitation because I want to be able to have both: a VMM to load several OSes/partitions on my PC and have the monitoring/security features of a Virtual Appliance. "There's technology to allow multiple virtual appliances [...] but that's a problem I need to solve later", said Mike Ferron-Jones, an Intel marketing director (pictured).
Now that could be easily solved if I use VMWare's virtual appliances that would work on VMWare's hypervisor. ...