Wave Systems Corp. (fka WAVXQ)

[Countryboy]

vPro from last year.

Intel Emphasizes Security with New Platform
August 25, 2007

Intel is preparing to release a new version of its vPro platform Aug. 27, which will include an emphasis on security that the chip maker hopes will expand the reach of its desktop management technology.

The new version of vPro platform, which Intel had called "Weybridge," will sport three different Core 2 Duo processors, along with the company's Q35 Express chip set and its 82566DM gigabit network interface connector.

While the first version of vPro, which came to market in April 2006, focused mainly on technology that would make it easier for IT administrators to remotely manage desktops and have better control of a large fleet of corporate PCs, the 2007 update to the platform will add new security features as well as virtualization capabilities.

"We are trying to be a little more innovative and proactive by driving security capabilities right into the platform itself," said Gregory Bryant, vice president for Intel's Digital Platform Division.

After the initial introduction, Intel, based in Santa Clara, Calif., and several PC vendors began introducing the first desktop models with vPro technology in Sept. 2006 and then announced that its new Centrino Pro mobile platform would include vPro in May 2007. Since that time, Intel executives have said that the company has shipped more than four million units with more than 350 enterprises deploying vPro-based clients.

Intel and AMD are setting their sites on the high-end of the market.

Roger Kay, an analyst with Endpoint Technologies, said a company would need to have vPro technology installed in about 25 percent of its PC fleet before it was reasonable to deploy all the management and security features included in the platform.

Kay estimates that most companies are now hitting the 20 percent mark and with the addition of vPro technology in the Centrino platform, he suspects that more companies will now begin deploying the full range of vPro features.

"Right now, it [vPro] is still pretty sparse and it's been a slow adoption, but Intel has been pleased with the uptake and some of the IT guys who see the potential really want to get their hands on the vPro stuff," Kay said.

"After Intel added Centrino, a company can have the entire client based management under this heading and that makes for a better justification for investing in it. That is also a recent development and I think it's still in its early stages."

One of the most significant updates to the vPro platform is the next generation of Intel's AMT (Active Management Technology), which provides a hardware and software management engine that allows a number of on-board capabilities, such as monitoring the PC's hardware and software configuration to give a more holistic view of the system. The latest version of AMT will also feature embedded filtering technology built into the firmware of the silicon itself.

This filter technology will help protect a PC from common malware problems and offer a level of protection to the desktop both before and after third-party security software is installed. The technology also alerts the IT administration of the problems and can isolate a single machine from the network. The filters work by logging all outbound packets. The filter then analyzes these logs for specific, malicious patterns, such as excessive attempts to connect through a single port.

Intel is also offering what it calls an embedded trust agent in the platform, which will not only support the IEEE 802.1x standards, but is also certified by Cisco for its Network Admission Control. The agent is not dependent on operating system availability and will continue to work and manage the PC whether the desktop is shutdown or the OS has been disabled, without lowering the network security.

This vPro development will allow for greater out-of-band management abilities, such as remote power control and diagnostic testing, even if the operating system has failed while maintaining network authentication.

The fact that Cisco is now on board with vPro shows what Intel is trying to do with the brand. Specifically, the company is trying to get third-party vendors and ISVs to build on top of its platform instead of Intel trying to develop proprietary standards on its own, Kay said. In addition to Cisco, Symantec is developing security features for vPro, while Altiris was tapped to offer a management agent.

Page 2: Intel Emphasizes Security with New Platform
(Just before the vPro launch this week, a spokesperson for Symantec admitted that its Virtual Security Solution for vPro, which integrates the company's NIPS (Network Intrusion Prevention Security) engine with Intel's virtualization technology, does not yet have an official shipping date.)
"From Intel's perspective, they don't want to get into the application side of it," Kay said. "They want to get the application vendors to come in and let them work on top of the platform … Security is a layered concept."

In a demonstration for journalists and analysts, Bryant said part of the purpose of vPro is to provide the hardware hooks for third-party vendors and ISVs to build applications for a host of issues, such as security and enterprise-wide PC management.

In addition to the other security features, Intel is offering what it calls TXT or Trusted Execution Technology in the updated vPro platform. Those who have followed Intel's technology developments will recognize TXT as the final realization of its "LaGrande" initiative.

TXT works with TPMs (Trusted Platform Modules) 1.2 and performs several different functions. One of these is to allow software to boot into a known, trusted state. With the help of virtualization, TXT can also isolate applications within a memory partition and isolate that application within the hardware.

This feature means that no additional hardware or software can access a particular application. TXT will also remove data from the cache when the virtual machine shuts down, which ensures an additional defense against snooping software.

Besides TXT, Intel has also included a new virtualization feature dubbed Virtualization Technology for Directed I/O, which will help reinforce the isolation between virtual machines on the desktop by restricting memory access. At the same demonstration where Bryant spoke, representatives with General Dynamics, one of the country's largest defense contractors, showed off a workstation running the Microsoft Windows operating system in two separate virtual environments within the same machine.

The hardening between the partitions was strong enough for government workers to run applications using classified and unclassified data on the same machine, said Mike Maschino, a security architect with General Dynamics.

executives are touting the additional performance of the new vPro platform, specifically a 30 percent boost with the addition of the Core 2 Duo E6550 processor compared to the older Core 2 Duo E6300 chip. The E6550 is clocked at 2.33GHz and has 4MB of L2 cache and a 1333MHz FSB (front side bus). Intel is also offering two other processors with even faster clock speeds, the E6750, which has a clock speed of 2.66GHz and the E6850, which runs at 3GHz.

By next year, Intel plans to introduce several quad-core processors for the vPro platform as well.

In terms of power, the processor being used with the vPro platform use the same 65-watt TDP—an Intel term that refers to how much heat a chip has to dissipate—as the older platform.

One of the drawbacks to vPro is that all the new features are hardware-based and users will have to buy new PCs to take advantage of the platform and its updated capabilities.

At least three of the larger PC vendors will be offering new systems that support vPro right away. Dell will roll out a new desktop, the Optiplex 755, which will offer the vPro platform as well as several other Intel-based options, including just the use of Intel's latest AMT. The Round Rock, Texas, PC vendor had previously offered the vPro platform in its Optiplex 745c desktop.

In addition, Hewlett-Packard will include the new version of vPro when the company refreshes its Compaq dc7000 line of high-end, enterprise desktops in the next few months. Finally, Lenovo will offer the 2007 version of vPro with its ThinkCenter M57P desktop, which will eventually replace the M55P, a desktop that used the original vPro platform. Lenovo is now also offering the vPro platform with its ThinkPad T61 laptop, which uses the Centrino Platform.

Steven on network access control:

I think this will be another very significant sector in the market for Wave in relationship to network access control. In May, at the Interop show, we demonstrated the role of the Trusted platform module in connection with both Microsoft and Juniper's network access control strategies. What this in essence does is there are really two key roles for the Trusted platform module in any network access control solution. One is for the TPM to provide the role of strong machine identity. This would be true not only for Microsoft and Juniper but also for Cisco solutions, where the TPM can store a unique key and before any machine is connected to the network, the network switch will verify that key is present and it's an authorized key before that machine is connected. This is how ultimately you can make the statement that only XYZ Corp.'s machines are on XYZ Corp.'s network, and really can provide a tremendous deterrent to someone stealing user IDs and passwords or other access credentials, gaining access to a corporation.

The second is to use the Trusted platform module to sign and what the industry calls measure the health certificates of the network access control solution. So in the case of a machine connecting to the network, what the Trusted platform module does is it collects any measurement data that's done before the machine connects; it signs it, and it prepares what looks like a health report and submits that health report with a request for connection. If the health report is satisfactory, then the network switch will provide an IP address and the machine will be connected. So this is a great way to ensure that every corporate PC is in compliance with corporate IT policies around anti-virus, certain applications, certain types of software needs, either needing to be or not be installed on specific platforms.

The reason this is important for Wave is that we see these technologies packaged in Windows 2008 server. As the Windows 2008 server rolls out across the market over the course of the next few years, this will be one of the huge driving reasons to turn all enterprise TPMs on. So if you look out a number of years, this is one of the applications that will drive the multiple hundreds of millions of endpoints on the network to end up with their Trusted platform modules turned on. By no means the only application, but demonstrating the capabilities, having Wave's products as part of the solutions being offered, we're in a very unique position today to have built our Embassy Endpoint Enforcer software in a position where we are demonstrating with the market-leading NAC solutions how the TPM properly integrates according to the Trusted Computing Group standards.
http://seekingalpha.com/article/43949-wave-systems-q2-2007-earnings-call-transcript