Blackadder: “Security?”

Gen. Melchett: “Security is not a dirty word, Blackadder.”

Except that it might well be to your average IT professional these days. Security is a buzz topic (a ghastly turn of phrase, I grant you, but too apt to ignore) in the world of IT right now. With workforces increasingly mobile, and data being proliferated to devices that are increasingly likely to be free of the kensington lock – desk leg shackles, communicating securely with these devices and keeping the data they themselves contain secure in the event of loss is right up there on the pain list of any IT professional.

Mind you if they think they have it bad (and they do to be fair), there are examples going back in history where there has been far more at stake than data loss. Take the example of Mary Queen of Scots who, imprisoned on charges of treason having been implicated in a plot to kill her cousin Queen Elizabeth I, relied totally on encryption to communicate with others while in captivity. At stake for her was her life, and thanks to the superior snooping and decryption skills of Sir Francis Walsingham, Mary was convicted of treason and later executed.

The history of encryption goes back even further than Tudor England, to the Gallic Wars and Julius Caesar, after whom arguable the world’s first cipher was named. Prior to this cipher, the only method of communicating securely was a practise known as steganography, which involved using different means to conceal the message by for example, invisible ink. Encryption had obvious advantages over steganography and so became the de-facto means of trying to communicate securely.

Over the years, faster and more devious methods of encryption were devised – shift ciphers, attempts at randomisation, all meant encryption became ever more elaborate. Decryption too, thanks to techniques such as frequency analysis developed by Arab mathematicians, developed apace. It is actually thanks to this sort of elaboration that we get the word ‘secretary’ – someone whose function it was to encode and decode messages for the emissaries and recipients.

Computers came into the picture most notably during World War II and the extraordinary efforts of the codebreakers at Bletchley Park armed with Turing’s “bombes” fighting an absorbing (and sapping) battle against the Germans and their equally ingenious Enigma. It is a pretty intuitive leap from this to the encrypted communications on which we all rely today, whether it’s to protect our identity on social network sites such as Facebook or LinkedIn; our financial details using online banking or; even more prosaically, just making sure that the data on our laptops and phones is secure in the eventuality the device itself is misplaced. Encryption is a vital part of executing transactions securely these days, and as with anything it requires a processing overhead.

Amidst all the talk of intelligent turbo boost, core counts, Hyperthreading and a host of other technologies in Intel’s 2010 Core(tm) and Xeon(r) offerings, spare a thought for seven unsung instructions that go by the collective name of AES-NI. These plucky little instructions are doing their bit in the datacentre and on your laptop (or PC), like Mary’s secretary or Bletchley’s codebreakers and bombes, trying to keep you speedy, safe and secure while go about your business doing  - er – business.

Footnote: if you're interested in this topic, listen to BBC Radio 4's In Our Time on the subject of Cyptography.

A quick look at some comments and stories about the new vPro core family of processors…

Brad Anderson, Microsoft

Anderson claims vPro is key to helping Windows 7 fulfil its potential of helping businesses improve energy efficiency, security and virtualisation. “vPro has enhanced Intel’s reputation as an innovator,” he said.

Steve Morton, Symantec

Symantec has built its new Client Management Suite 7.1 based on the knowledge of vPro. Morton said that vPro has enabled Symantec to “support things like KVM and the idea of a fast call for help.”

The Register http://bit.ly/dizsiZ

“The vPro management capabilities will no doubt appeal to harassed sysadmins…”

ZDNet UK http://bit.ly/cvBz90

“The new KVM functions will let engineers control a PC remotely while seeing what is on the screen, irrespective of which — if any — operating system or application software is running.”

The Inquirer http://bit.ly/ccelih

“Security is further bolstered by Intel's inclusion of six new instructions to speed up AES hardware based encryption and decryption, while remote encryption management allows IT personnel to remotely manage PCs with encrypted hard drives.”

Ken Chan, Toshiba UK http://bit.ly/ambujb

Talking at the launch of Toshiba’s new laptop range, Chan said that the difference in the new machines is the new remote management capabilities provided by Intel's Core vPro update, on which the new Tecras are based, and which "offer up a whole new proposition to the market,” he said, according to news site V3.co.uk . "Suppose I'm a business, and I'm concerned about supporting my laptop users, and I don't want to have to keep them up to date with patches and anti-virus. I can pay some service provider to take care of that for, say, £20 per month."

Rick Echevarria, vice president of Intel’s Architecture Group has outlined some key points in the thinking behind the forthcoming vPro Core family of processors. At last week’s virtual launch, Echevarria repeated the phrase “no compromise” but what does this mean in real terms?

“VPro is the result of meeting users’ wishes for greater freedom,” he said. “The market is demanding a leap in power and performance but IT has rising concerns too about security, manageability, cost efficiency and better ROI.”

Much of the thinking is based on the demands of IT managers. Echevarria claimed that it has been Intel’s intention to remove processor power as one of the barriers to productivity. The built-in Turbo Boost technology adapts to the individual demands of PC users, recognising when the processor is not at capacity and increasing clockspeed where possible to boost performance for active cores. For notebook users this also means extending battery life through improved power management features.

OK, so a processor maker introducing a more powerful and faster range of processors is to be expected but adding built-in security and anti-theft technology as well as massively improving on power management is a leap in chip design. As Brad Anderson at Microsoft suggested, “vPro has enhanced Intel’s reputation as an innovator,” but Echevarria would argue that this innovation has been driven by the demands of users. This is not Intel pushing but the market pulling.

Echevarria pointed to the record number of independent software vendors supporting the vPro as testimony to its achievement. Over 500 ISVs are signed up with Intel to support vPro compared with less than 200 ISVs in 2008. This will create, according to Echevarria, an eco-system that will front the next drive in business computing, enabling moves to virtualisation and giving IOT managers the power and flexibility to cope with increased mobility and the consumerisation of technology.

“Users are doing more than ever with their PC - multitasking with numerous apps, collaborating in realtime with high definition video and VoIP, creating and sharing media rich graphics, mining data rich business apps and increasingly demanding greater mobility and remote access capabilities. With vPro this is possible. No compromise.”

What happened when four of the UK’s leading virtualisation experts sat in a  studio and talked about the impact of virtualisation in business IT? Well, we don’t know yet but pretty soon we will, as we’re organising a webcast to discuss that very subject. And we would like you to come along to help us shape what happens.

We’re always keen to talk about Intel’s virtualisation technology and how it will help our customer’s make the best use of their computing infrastructure. However, we suspect you find our story much more engaging when we are able to provide a full 360˚ of the virtualisation world. That’s why we’ve invited friends, Ian Pratt from Citrix and Guy Lidbetter from Atos Origin to provide the benefit of their experience during one of our webcasts, which we’ve cleverly called, ‘What’s the truth about virtualisation?’

To make sure we combine to answer that question, and to keep things fair, Freeform Dynamics analyst, Martin Atherton (himself, no stranger to virtualisation), has agreed to act as our independent, expert host and question master.

Even with an independent master of ceremonies and industry panel lined up, there’s still one important element missing. We need to make sure the webcast stays grounded in what you, the IT community, needs to know about virtualisation. When you join the webcast you’ll be able to type in questions and Martin will make sure they are answered.

I hope that sounds like a winner and we look forward to meeting you (virtually, at least) on the 9^th February – save the date!

Be the first to have your questions answered by posting them in a comment on this blog.

Regards,

Craig - IT Galaxy Community Manager

Are you enjoying the snow? I didn’t think so. The first day is great, everything looks different, the kids stay home and everyone has a collective sense of hunkering down and making the most or it. The first couple of meetings that get cancelled can be rescheduled, that journey to a customer or supplier will have to wait until the next week but the impact is limited.

Then that first day turns to a few days and the work is starting to pile up. That customer meeting that took three months to arrange really needs to happen, the planning session to agree the next quarters targets is now overdue, the supplier payments need to be reconciled. Now the snow is becoming a bit of a drag.

I’m very lucky not only do I work in a role that is independent of location, but my employer has also provided me with the tools and has a culture to allow me to have flexibility over where and when I work. This type of policy may not be suitable of all types of business or all types of roles but the ability to maintain at least some level of productivity is an important part of the modern workplace.

It’s not just snow that impacts our ability to get into the office, transport disruption, medical emergencies and acts of terror can all create unplanned disruption to the normal flow of the workplace. A small company I work with have had their entire accounts department stuck at home for nearly a week now, they have no ability to remotely access their systems and as a result the pay run for their staff may be delayed, their suppliers aren’t getting paid and they aren’t processing their income either, this can have a real impact on the cash flow of a small business.

The Government have just announced a consultation that relates to next generation broadband infrastructure, we hope that the resulting recommendations will enable the country to take these types of events in our stride, no matter where in the country you live.

Key considerations for working from home:-

• System security
• Access rights
• Infrastructure
• Company policy / HR guidelines
• Laptops and other tools for access

http://news.bbc.co.uk/2/hi/business/8421373.stm

http://www.berr.gov.uk/files/file54154.pdf

https://www2.bt.com/btPortal/application?event=bea.portal.framework.internal.portlet.event&pageid=mb_pns_catalogue&portletid=mb_pns_catalogue&portletns=pns_catalogue&wfevent=link.Category&productCategory=categories/bt_corporate_solutions_workforce.xml&siteArea=mb.corp&origin=content.jsp&PorS=solutions

So, what's your take on working from home? Tell us your thoughts and reasons for or against it!

When Intel decided to pilot Windows 7 internally I was keen to be involved being the Microsoft Alliance manager at Intel in EMEA.  I got a new Centrino 2 with vPro laptop and I was soon running the Beta version of Windows 7.

I was amazed at the responsiveness of the platform and the speed at which I was able to get things done.  All my applications worked straight away with no support required from IT and so far all my hardware peripherals have also worked straight away.  Some of the new features in Windows 7 such as the new Task bar make navigation a lot simpler and the whole operation of Windows 7 seems quicker with fewer clicks to get to the end goal e.g. finding a file and opening it.  The snap feature is great for comparing two documents side by side and the shake feature is nice when I have opened too many Windows and I just want to de-clutter my desktop.  On top of all this the battery life is exceptional and I no longer seem to be looking for seats next to power sockets.

I am now running the 64 bit finished version of Windows 7 and it’s a marked difference to running my old PC with Windows XP.  Work colleagues and family who have seen the new platform are also impressed with the new features and the overall look and feel of the PC.  As Intel starts to roll out Windows 7 across the company it will be great to see how vPro technology will be used to enable the migration and to continue to manage the platform on an ongoing basis through our IT help desk.  I can’t wait to see the new business features in operation e.g. Direct Access, and I know the data I put on to my USB sticks will now be more secure with Bit-Locker-To-Go.  If you want to read more about Intel ITs experience of running a Windows 7 pilot see here: http://www.intelalliance.com/microsoft/download/brief/Win_7_IT_Intel_Brief.pdf

The next step for me is to get Windows 7 installed at home and I know for sure my children will be looking for a new laptop for Christmas.  I have seen the new Windows 7 Home Group feature and this will be great in order to be able to connect up the PCs in my house to share photos and music.  We will be spending much less time hanging around whilst we import music in to iTunes or creating a panoramic photo in Windows Live Photo gallery.  With the new Intel Core family of processors and Windows 7 we’ve just managed to get some time back to do the jobs a PC can’t do  - like walking the dog (see everyone’s happy).

In my blog tomorrow, I’ll summarise why Intel based PCs are the right choice to run Windows 7, and why you should be looking for the Core Processor as the essential element of your new PC.

Throughout the development process of Windows 7, Intel and Microsoft have worked together with a common goal – simplify the PC experience, provide better performance and responsiveness whilst providing better energy efficiency. By both companies working directly throughout Windows 7’s development, we have ensured that the Intel platforms meet all the requirements for Windows 7 and together, our products deliver new ways to improve performance, energy efficiency, security and virtualization. Intel and Microsoft’s collaboration on Windows 7 will be beneficial in several ways:

• Working with Intel, Microsoft implemented support in the Windows 7 kernel for Intel multi-core processors with Hyper-threading Technology, enabling better performance. This will help users get the maximum benefit from multi-tasking.  As well, the Windows Scheduler has improved over time to support both muliticore and Hyperthreaded processors.  Working with Intel, Microsoft implemented a new feature called SMT parking which optimizes the Windows 7 scheduler for Intel Hyper-threading Technology enabling better performance on multi-core, and hyper-threaded Intel processors. Intel and Microsoft developed technology that enables Win 7 scheduler to identify physical vs logical cores, and prioritize physical cores first.  The previous OS could distinguish between logical and physical cores but it scheduled them all in a “greedy” fashion, with the assumption that this would provide the best overall throughput.  This works well for some workloads, but harms others because it may pair up two logical processors on the same physical processor (sharing resources) and leave other physical processors completely idle.

• Intel and Microsoft jointly analyzed the boot/shutdown/sleep/resume times on Intel platforms during the development of Windows 7 to identify opportunities to optimize Intel drivers and BIOS as well as Windows 7. Our mutual goal was to provide the most responsive compute experience possible.

• Another key part of the performance and responsiveness was our collaboration to optimize Intel Solid State Drive technology for Windows 7.

• Our graphics and media teams worked closely to ensure Intel integrated graphics solutions were optimized for the new Windows 7 graphics driver model and enable users to playback high-definition audio and video content on all Intel platforms.  The Intel graphics driver works with the WDDM1.1 model in Windows 7 to reduce its memory footprint using a combination of techniques such as reducing the video memory that is reserved for the driver and moving to a more dynamic memory management scheme.

• Many, many other collaborations across networking, storage, graphics, kernel, server, security, media center and more have resulted in Windows 7 and Intel platforms being designed and tested with each other.

Intel introduced new power management features in the Penryn and Nehalem micro-architectures as Microsoft were developing Windows 7.  Intel and Microsoft worked closely on how to take advantage of these new features.  One of the features is Intel® SpeedStep™ Technology, which allows the operating system to ratchet up and down the performance of the processor at the appropriate times so the workload can execute as efficiently as possible.

Another enhancement was deep power down in the Penryn architecture and they improved on this for the Nehalem microarchitecture. This state allows the processor to go into very deep sleep when idle. Microsoft along with Intel looked at the way that Windows 7 operated to see what was keeping the processor awake. It could be timer ticks being delivered by device drivers that were scheduling timers or it could be background activity. As Microsoft identified these things, they looked at ways to minimize that kind of background activity, in order to enable the processors to get into deep sleeps and stay there. Microsoft added API’s and modified the operating system to try to get idle and stay idle. Microsoft has something called tick skipping where Windows 7 doesn’t actually wake up an idle CPU to deliver a timer tick into it (for example to update the time of day). Microsoft offers something called timer coalescing so that drivers and applications that have timers that have the same period of timer tick but were offset by a slight amount align those two periods and service both of them with just one tick and end up waking up the processor once and not multiple times.  Windows 7 really takes advantage of the deep sleep state when it’s available. If you’re not consuming power on the processor you can enable the battery to last longer because you’re not drawing energy from it. This allows PC OEM vendors to build more energy efficient platforms using Windows 7 on Penryn and Nehalem micro-architecture-based processors.

All of these technical collaborative efforts have resulted in a fantastic operating system taking advantage of key technologies within the Intel processor microarchitecture to produce platforms that are performing up to 6 times faster with certain workloads.  Take a look at my blog tomorrow to see more about the performance figures and to see why you should buy a new PC running with the Windows 7 operating system.