Advanced Technologies

(*T’s)
INTRODUCTION
 Intel’s Advanced Technologies

 Intel has designed a set of technologies to deliver advanced capabilities

on their platform.
 These technologies are referred as the "*T's", or "star T's"
(advanced technologies).
 A premier collection of technologies embedded into microprocessor,
platform silicon and software.
 *T's represent an evolution in the way computer platforms are
designed and used.
 Delivers end-user benefits to platforms in all segments, providing
features that enhance security, multitasking, mobility, manageability,
reliability, flexibility, performance, and more.
 Intel's T's Technology includes

 Hyper-Threading Technology (HT Technology)

 Intel Extended Memory 64 Technology (Intel EM64T)

 Intel Virtualization Technology (Intel VT)

 Intel Active Management Technology (Intel AMT)

 Intel I/O Acceleration Technology (Intel I/OAT)

CPU Specific Technologies

Technology based on processor architecture

HYPER-THREADING
TECHNOLOGY (HT)
 What is HT Technology?

 Intel Hyper-Threading (Intel HT) technology enables one

physical processor to appear and behave as two virtual
processors to the operating system.

 Places two logical processors into a single CPU die.

 Enables multi-threaded software applications to process

threads in parallel within each processor.

 Provides performance boost for today's computing climate,

applications, and operating systems.
 How Hyper-Threading works?

 The processor works on two sets of tasks simultaneously, use

resources that otherwise would sit idle,and get more work done in
the same amount of time.

 Multithreaded software divides its workloads into processes and

threads that can be independently scheduled and dispatched. In a
multiprocessor system, those threads execute on different
processors.

 Allows a single processor to function as two virtual or logical

processors.

contd…
 Greater resource utilization equals greater performance and
responsiveness.

 Enables thread-level parallelism (TLP) by duplicating the architectural

state on each processor while sharing one set of processor execution
resources.
 Benefits

 System performance is maintained.

 Virus checking, e-mail encryption, and file compression runs more

efficiently, making the overall infrastructure more robust,
manageable, and secure.

 End users can enjoy increased system responsiveness.

 Providing greater performance by faster networking and data

throughput.

 Shows solid improvements in servers and high-end workstations.

 Requirements

 Hyper-Threading Technology (HT Technology) requires a

computer system with:

HT Technology enabled

• A processor
• chipset
• system BIOS
• operating system
 Platforms supporting HT Technology
HT Technology is available on laptop, desktop, server, and
workstation systems.

 For Desktops:
• HT Technology helps desktop users to get more performance out of
existing software in multitasking environments.
• Business users can run demanding desktop applications
simultaneously while maintaining system responsiveness.

 For Servers:
• With HT Technology, multithreaded server software applications
can execute threads in parallel within each processor in a server
platform.
• Intel Xeon processor family use HT Technology to increase compute
power and throughput for today's Web-based and enterprise server
applications.
Extended Memory 64-bit
Technology (EM64T)
 What is EM64T?

 Intel EM64T is Intel Extended Memory 64-bit Technology.

 It’s a 64-bit extension to the IA-32 architecture.

 “Intel EM64T improves performance by allowing the system to

address more than 4 GB of both virtual and physical memory.”

 Enables 64-bit computing on the server/workstation and desktop

platforms when combined with supporting software.
 Intel EM64T provides support for

 64-bit pointers

 64-bit flat virtual address space

 64-bit wide general purpose registers

 64-bit integer support

 Up to 1 terabyte (TB) of platform address space

 Operating Mode in EM64T

CPUs with EM64T technology have a new operating mode, called IA32E.

It consists of two sub modes:

 Compatibility Mode enables a 64-bit operating system to run most

existing legacy 32-bit software unmodified.

 64-bit Mode enables a 64-bit operating system to run applications

written specifically to access a 64-bit address space.
 Advantages

 Scalability

 Performance

 Compatibility

 Flexibility

 Multiprocessing Performance

 Application Performance
 Requirements

 Intel EM64T requires a computer system with:

Intel EM64T enabled

• a processor,
• chipset,
• BIOS,
• operating system,
• device drivers and
• Applications

 Processor will not operate (including 32-bit operation) without

an Intel EM64T-enabled BIOS.
 Platforms supporting EM64T

 For Desktops:

• Intel EM64T is a feature to Intel's computing architecture that

enables the desktop processor platform to access larger amounts of
memory.

• Intel EM64T provides flexibility for 32-bit now and future software
that supports 64-bit computing.

• With appropriate 64-bit supporting hardware and software,

platforms based on an Intel processor supporting Intel EM64T can
enable use of extended virtual and physical memory.
 For Servers:

• Intel EM64T is one of a number of innovations added to Intel's

Server/Workstation platforms.

• 64-bit computing is supported on a variety of Intel enterprise

platforms, including:
MP server platforms
DP server/workstation platforms
UP server/workstation platforms

• Intel EM64T represents a natural addition to Intel's computing

architecture, allowing platforms to access larger amounts of
memory.
 Supported Operating System

 Microsoft: Windows Server 2003 x64 Edition and

Windows XP Professional x64 Edition.

 Apple: Apple MAC OS X Tiger, version 10.4.1.

 Red Hat: Redhat version 3.0 (and greater) x64 Edition.

 SuSE: SuSE 8.2 (and greater), SLES 8.0 and SLES 9.0 x64 Edition.

 Sun Solaris: Solaris 10 x64/x86.

 FreeBSD: FreeBSD version 6.0

Memory limitations of 32-bit (x86) and 64-bit (x64) Windows Server 2003
Intel Virtualization
Technology (VT)
 What is Intel VT?

 Intel VT is Intel Virtualization Technology platform to run

multiple operating systems and applications in independent
partitions.
 Offers an option of enhancing security and manageability with a
virtualised enviornment.
 Virtualized enviornment runs outside main OS,invisible to users
and under IT control.
 Includes its own application code and embedded OS.

contd…
 Fully isolated from the production OS, resistant to tampering.
 Offers more secure,stable environment for critical services.
 Single CPU acts as if, there were several CPUs running in parallel,
allowing the system to run several operating systems at the same
time.
 Allows to run, multiple operating systems and applications in
independent partitions.
 Improves performance and robustness of software-only virtual
machine solutions.
 One computer system can function as multiple “virtual” systems.
 In multitasking, there is a single
operating system and several
programs running in parallel.

 HyperThreading simulates
two CPUs where there is just
one physical CPU for
balancing performance using
SMP.
 In virtualization, several operating systems running in parallel,
each one with several programs running. Each operating system
runs on a “virtual CPU” or “virtual machine”.
 How Does Intel VT Works?

 Software-only virtualization solutions—known as virtual

machine monitors (VMMs) handles all virtualization of the
system.

 VMM must create the perception that the hosted OS is

communicating directly with the hardware.

 Two approaches used are:

• Paravirtualization: This technique requires changes to the

source code of the OS, especially the kernel, so that it can be
run on the specific VMM.
• Binary translation: The VMM makes changes to the
binaries of the operating system as they are loaded into the
VM (virtual machine).
 VMMs has to perform 2 tasks:

1. They must completely emulate the hardware environment to the point

that the hosted OS cannot tell it does not own the entire hardware
platform.
2. They must handle all unusual circumstances that can arise either in
the OS (such as hardware malfunctions) or the application (software
errors).

Both tasks must be performed with high levels of reliability and low
performance overhead.

contd…
 Hardware that does not support hardware-based virtualization
makes it difficult for VMMs to meet these goals, because
traditional processors were designed primarily to run a single
instance of a single operating system.

 As a result, VMMs face a number of challenges that are addressed

by Intel Virtualization Technology.

Privilege Levels:
 All modern processors and operating systems implement the
concept of privilege levels, which define what actions can be
performed by specific processes.
contd…
 Intel architecture provides four levels of privilege, called rings, that
are numbered 0-3.
- The highest level, 0, is used by the operating system.
- The lowest level, 3, is employed by applications.
- For various reasons, levels 1 and 2 are rarely, if ever, used.

contd…
 Only operating systems running in ring 0 have unrestricted access to
the hardware.
By limiting this ring to use by a single OS, the processor enables the
OS to have complete knowledge of the state of the hardware.

 For the VMM to work properly,

• It needs to run at ring 0 and create the illusion to the guest OS that the
guest OS is running in ring 0.

• However, since the VMM is itself running in ring 0, no guest OS can run
at this privilege level.
contd…
 In fact, today they typically run at ring 1 or 3—a technique known
as “ring deprivileging” , a technique that runs all guest software at
a privilege level greater than 0.

A VM could deprivilege a guest OS by running it either at privilege

level 1 (the 0/1/3 model) or at privilege level 3 (the 0/3/3 model).

contd…
 This practice creates enormous difficulties for the VMM, which
must constantly monitor the activities of the VMs to trap hardware
accesses and certain system calls, executing them itself and
emulating the results.
contd…
 Intel Virtualization Technology solves this problem by creating
two classes of rings:
• Privileged “root” ring—referred to as ring 0P—
for use by the VMM,
• Deprivileged “non-root” ring—ring 0D—for the operating
systems.

contd…
 VMM can function as the fundamental layer and all OS can run
above it with the necessary benefits of ring 0.

 By this approach, hosted OS’s and applications run within their

expected ring levels and are unaware of the VMM—each hosted OS
thinks it owns the entire machine.
 Requirements

 Intel VT requires a computer system with:

Intel Virtualization Technology enabled

• a processor,
• chipset,
• BIOS,
• virtual machine monitor (VMM) and
• software
Hardware availability of Intel VT

 Intel VT is available on following processors:

• Pentium 4 6x2,

• Pentium D 9xx,

• Xeon 7xxx,

• Core Duo,

• Core 2 Duo processors.

 Software utilizing Intel VT

 The following software uses virtualization technology:

• Microsoft Virtual PC
• Microsoft Virtual Server — a future version which will
support Intel VT.
• Parallels Workstation — lightweight hypervisor with Intel
VT-x support
• TRANGO real-time embedded hypervisor
• VMware — on Intel processors, VMware Workstation 5.5
requires Intel VT to execute 64-bit guests.
• Xen — Xen 3.0 uses Intel VT to execute unmodified guest
operating systems.
 Platform supporting VT
Intel VT is available on:

 For Desktop platform:

In 2005 “Lyndon” – P4 processor and 945G chipset
In 2006 “Averill” – P4 processor and Broadwater chipset

 For Server platform:

In 2005-06 Millington / DP Montvale, Montecito / Montvale processor
– 8870 chipset
In 2006 “Bensley, Glidewell” –Dempsey processor, Blackford and
Green creek chipset

 For mobile platform:

In 2006 “Napa”-Mobile Dual Core Processor “Yonah” and chipset
“Calistoga”
 Benefits

 Partitioning:
• Multiple applications and operating systems can be supported
within a single physical system.
• Computing resources are treated as a uniform pool to be
allocated to virtual machines in a controlled manner.
 Isolation:
• Virtual machines are completely isolated from the host machine
and other virtual machines. If a virtual machine crashes, all
others are unaffected.
• Data does not leak across virtual machines and applications, as
communication is over configured network connections.
 Encapsulation:
• Complete virtual machine environment is saved as a single file;
easy to back up, move and copy.
Platform Specific Technologies

Set of platform architectural enhancements

Intel Active Management
Technology
(Intel AMT)
 What is Intel AMT?
 Intel Active Management Technology (Intel AMT) is a set of
platform architectural enhancements.

 It is the hardware and firmware infrastructure that provides

persistent, nonvolatile memory to store hardware & software
information and a unique machine ID.

 This memory can be remotely accessed even when the machine is

turned off, the OS is ‘locked’ or the machine is broken.

 Third-party IT-management tools work through the uniform

network-connected application programming interface (API)
provided by Intel AMT.

 These tools manage networked assets more effectively by

eliminating much of the need to physically locate and administer
computer assets.
 How does Intel AMT work?

 The only requirement is that the Intel AMT equipped machine

should be plugged into the network and a power supply. The
machine does not have to be switched on or in a fully operational
state.

 Out of Band, or OOB, operation allows remote management of

platforms to perform system management using remote consoles
(such as a Web browser) to communicate with the machines over
the network.

 The OOB method does not need local software agents running on
the target machine making operations independent of the
operating systems involved or the state of the machine.
 What Intel AMT does?


 It allows IT to better

• Discover

• Heal

• Protect

their networked computing assets.

 How does it work?
 Discover:
• Intel AMT stores hardware & software information in
non-volatile memory.
• With built-in manageability,Intel AMT allows to discover
the assets, even while PCs are powered off.
• With Intel AMT, remote consoles do not rely on local
software agents, helping to avoid accidental data loss.
 Heal:
• Intel AMT's built-in manageability,provides out-of-band
management capabilities to allow IT to remotely heal systems after
OS failures.
• The proactive
alerting and
remote-boot
capabilities of
Intel AMT
reduces the
number of
desk-side visits and even eliminate them in some cases by remotely
healing the platform problem.
• Alerting & event logging helps to detect problems quickly to reduce
downtime.
 Protect:
• Protects network
from
threats at the source
with Circuit Breaker
capability.
• Protects network by
making it easier to
keep software and
virus protection
consistent and
up-to-date across
the enterprise.
• Third party software can store version numbers or policy data in
non-volatile memory for off-hours retrieval or updates.
 Key capabilities

 Nonvolatile memory:
• Protected,persistent space where critical system information can be
secured and stored out of reach of users,intruders,virus worms.
• Data can be accessed as long as PC is connected to power source and
plugged into the network.

 Additional hardware based communication channel:

• Runs under OS and allows remotely to control and communicate with
PC even if it is powered off or OS is problematic or unavailable.

 Isolation hardware:
• Disconnects the PCs network data path where an inbound or
outbound threat is recognized.
 Requirements

 Intel Active Management Technology requires a computer system

with:

Intel AMT-enabled

• chipset,
• network hardware and
• software.

 The platform must also be connected to a power source and an

active LAN port.
 Platform supporting AMT

 Intel AMT was first available on:

• "Lyndon" desktop platform and

• "Bensley" server platform.
 Software Support for Intel AMT

 Major Independent Software Vendors (ISVs) around the world are

building in support for Intel AMT features to their products and
major OEMs are implementing Intel AMT on their platforms.

 They provide leading-edge solutions in the areas of asset

management, remote diagnosis/remote repair, and network
security.

 Their integration with Intel AMT allows IT managers to realize

efficiencies and cost savings not possible with previous-generation
hardware and software solutions.

 Intel AMT ISVs and their applications are :

contd…
 ISV Application
Altiris Notification Server
BMC Software Marimba
Cisco Systems Cisco Network Admission Control
CA Unicenter NSM
Check Point Software Integrity
LANDesk Software LANDesk Mgmt Suite
LANDesk System Mgr
Novell ZENworks
StarSoftComm StarCenter
StarNet
Trend Micro OfficeScan
Symantec LiveUpdate
 Applications

 Remotely Discover Computing Assets in Any State.

 Remotely Heal Computing Assets.

 Remotely Protect Computing Assets.

 Manage clients regardless of the system state.

 Retrieve significant diagnostic and inventory information,

regardless of the system state.

 Remotely control, remote (pre)diagnosis, and remote problem

resolution that increases the efficiency of technical staff.
 Features and Benefits

Features Benefits

Out-of-Band (OOB) system access Allows remote management of platforms

regardless of system power or OS state

Remote trouble-shooting and recover Significantly reduces desk-side visits,

increasing the efficiency of IT technical staff

Proactive Alerting Decreases downtime and minimizes time-

to-repair

Remote HW and SW asset tracking Increase speed and accuracy over manual
inventory tracking, reducing asset
accounting costs
Increased speed and accuracy over manual
Third party nonvolatile storage inventory tracking, reducing asset accounting
costs
Intel I/O Acceleration
Technology(I/OAT)
 What is Intel I/OAT ?

 Intel I/OAT is Intel I/O Acceleration Technology.

 Intel I/O Acceleration Technology (Intel I/OAT) moves data more

efficiently through Intel Xeon processor-based servers for fast,
scaleable, and reliable network performance.

 Server platform network I/O accelerator that takes a platform

approach to addressing network traffic problems by breaking up the
data-handling job among all of the components that make up the
platform — the processor, chipset, network controller and software.

 Reduces the workload on the processor while accelerating the flow of

data.
 Intel I/OAT’s Capabilities

 Performance:
• Intel I/OAT has ability to reduces CPU overhead, freeing resources
for more critical tasks.
• Minimizes performance-limiting bottlenecks by using server’s
processors more efficiently by leveraging architectural
improvements within the CPU, chipset, network controller, and
firmware.
• Accelerates TCP/IP processing, delivers data-movement
efficiencies across the entire server platform.
• Intel I/OAT accelerates TCP/IP processing, delivers data-
movement efficiencies across the entire server platform, and
minimizes system overhead.
contd…
 Scalability:
• Provides network acceleration that scales seamlessly across multiple
Ethernet ports.

 Reliability:
• Preserves critical network configurations such as teaming and fail over,
by maintaining control of the network stack processing within the
CPU—where it belongs.
• Avoids support risks associated with third-party hardware vendors for
network stack updates.
• Reduces support risks.
 Features and Benefits

Performance
Enhanced DMA Engine Faster data movement: up to 2x better
maximum data throughput
Up to 40% less CPU overhead to boost
Optimized TCP Stack
application response

Scales seamlessly up to eight Gigabit

Platform Level Acceleration
Ethernet ports

Platform Scalability I/O performance will increase with

CPU improvements

contd…
Reliability
Uses the trusted Windows and Less risk for IT
Linux TCP/IP stacks

•Stateless TCP Offload Preserves existing LAN features such

as VLANs and teaming

Value

Standard feature on Intel $0 LAN on motherboard and

Ethernet Adapters network adapter price premium
 Intel Trusted Execution
Technology (formerly LaGrande
Technology, or LT)
 What is LT?

 Intel Trusted Execution Technology, formerly code-named

LaGrandeTechnology, or LT, is a highly versatile set of hardware
extensions to Intel processors and chipsets that, with appropriate software,
enhance the platform security capabilities.

 Intel Trusted Execution Technology provides hardware-based mechanisms

that help protect against software-based attacks and protects the
confidentiality and integrity of data stored or created on the client PC.

 It does this by enabling an environment where applications can run within

their own space, protected from all other software on the system. In turn,
this helps to protect vital data and processes from being compromised by
malicious software running on the platform.
 Capabilities

Intel Trusted Execution Technology capabilities include:

 Protected execution and memory spaces where sensitive data can be

processed out of view of any other software.

 Sealed storage shields encryption keys and other data from attack while
in use or stored.

 Attestation enables a system to provide assurance that it has correctly

invoked the Intel Trusted Execution Technology environment, as well as
enable a measurement of the software running in the protected space.

Contd…
 Measured launch capability to help:
– Reduce IT support costs with improved services
– Enable decentralized or remote computing
– Verify platform configuration with a higher level of assurance

 Memory protection to help:

– Enhance protection of system resources
– Increase confidentiality and integrity of data
– Improve assurance of data transfers and resources
– Improve protection of sensitive information
 Benefits

Three use models can help to illustrate the flexibility and benefits of
Trusted Execution Technology. The use models are as follows:

 Local verification
• Local verification uses the measurement capability of Trusted Execution
Technology to give the local user confidence that the platform is executing
in a known state and that the state is not changing over time.

• The confidence comes from the hardware ability of Trusted Execution

Technology to properly measure the launched configuration and store the
measurement in the platform Trusted Platform Module (TPM).
 Remote Verification
• Remote verification takes the measurements obtained by Trusted
Execution Technology and stored in the TPM, and uses the TPM to inform
remote (not executing on the platform) entities about the current platform
configuration.

 Multi-level Operation
• Multi-level operation takes advantage of the memory protections provided
by Trusted Execution Technology to run two or more applications or
operating systems that require strict separation and managed
communication between the entities.
Thank You