Intel® vPro™ Technology

Innovating Above and Beyond Standards

The Architecture of Platforms Enabled with Intel® vPro™ Technology

We just gave you a historical perspective on innovation and standards as they relate to Intel® vPro™ technology. We now move on in this section to describe the fundamental building blocks, hardware hooks, and software interfaces that enable platforms running Intel® vPro™ technology to deliver this unique combination of energy-efficient performance, proactive security, and built-in manageability features. As we will see in the next sections, ISVs can innovate using these building blocks and deliver IT solutions that can achieve the desired TCO reduction goals for IT organizations in large and small enterprises.

Figure 2: Components of platform architecture, enabled with Intel® vPro™ technology (circa 2008)
Source: Intel Corporation, 2008

Figure 2 shows the various architecture components of a platform, enabled with Intel® vPro™ technology, circa 2008. For the purposes of this article, we focus on the components that play an active role in providing built-in manageability features, namely the Intel® Management Engine (Intel® ME), the nonvolatile flash memory, BIOS extensions, and the network controller extensions.

Intel® Management Engine

The Intel® ME is an embedded microcontroller (integrated in Intel chipsets) running a lightweight microkernel OS that provides a low-power, OOB execution engine for management services. At system initialization, the Intel® ME loads its code from system flash memory. This allows it to be up and running before the main OS is started. For runtime data storage, the Intel® ME has access to a protected area of system memory at runtime (in addition to a small amount of on-chip cache memory for faster and more efficient processing). A fundamental feature of the Intel® ME is that its power states are independent of the host OS power states. This allows it to be up and running when the CPU and many other components of the system are in deeper sleep states.

As a result, the Intel® ME can be a fully-functioning component as soon as power is applied to the system. This allows it to respond to OOB commands from the IT management console without having to wake up the rest of the system, thereby reducing power consumption significantly. This opens the door for a large number of innovative, low-power, secure OOB usages that result in a significant reduction in TCO.

Network Controller Manageability Extensions

In order for the Intel® ME to access the network while the host OS is absent, the Intel® ME needs direct access to the network interfaces. The current network architecture allows for the Intel® ME manageability services to share the IP address of the host OS, by using specific and dedicated transport level (Level 4) ports to distinguish manageability traffic from regular host traffic.

In addition, network controllers on platforms running Intel® vPro™ technology are equipped with quintuple network filters to facilitate network management functions by redirecting traffic to either the host OS or the Intel® ME, based on port numbers. The quintuple filters also allow for innovative features, such as programmable circuit breakers, which allow an IT administrator to disconnect a PC from the network yet still have secure remote access to it to diagnose it, patch it, and reestablish connectivity, once the PC is ready for general use.

Nonvolatile Flash Memory

A partition of the system flash memory is typically carved out for use by the Intel® ME. This partition is protected and hidden from the host OS to ensure integrity and confidentiality of the information stored in it. At boot time, the Intel® ME loads its firmware image from flash into system memory and starts running, independent of the host OS. The Intel® ME flash partition also provides nonvolatile storage for ISV applications. This allows ISV applications to store critical information (that is, license information, asset inventory, and so on) that can be accessible out of band by the IT console, even if the host OS is in a sleep state.

Intel® Management Engine BIOS Extensions (Intel® MEBX)

The Intel® Management Engine BIOS Extensions (Intel® MEBX) are used for a variety of purposes. For example, Intel® MEBX initialize Intel® Active Management Technology (Intel® AMT) functions, and they can also be used to reset Intel AMT to its initial factory default state. Intel® MEBX also capture platform hardware configuration information and store it in nonvolatile memory so that Intel AMT can make the information available out of band.

With this brief description of the various hardware architecture building blocks for platforms with Intel® vPro™ technology, we describe below the various software interfaces that allow ISV agents and IT consoles to interact with these platforms in various power states.

Back to Top