登録

HOT TOPIC: MANAGEABILITY

Manageability for the ‘Internet of Things’

Suresh Marisetty
Intel Software and Systems Architect

Intel has a depth of experience in developing manageability technologies across platforms ranging from IPMI-based blade server solutions to box devices based on Intel™ Core™ vPro™ processors all the way to small, low power embedded devices based on Intel® Atom™ processors.

These manageability technologies include machine check architecture, designed to maximize reliability, availability and serviceability (RAS) in servers and server-like communications devices; the Intelligent Platform Management Interface (IPMI); and Intel® Active Management Technology, the manageability component built into Intel® Core™ vPro™ processors.

Intel® AMT complies with standards driven by the Trusted Computing Group, an industry consortium whose mission is to develop, and define and promote open industry standards for trusted computing building blocks and software interfaces across multiple platforms. Intel® Core™ vPro™ processors are also designed for compliance with the DASH (Desktop and Mobile Architecture for System Hardware) standard framework of the Desktop Management Taskforce (DMTF). While other standard frameworks exist, like TR-069 the Broadband Forum standard for consumer electronics devices and the Open Mobile Alliance Device Management (OMA-DM) standard for telecommunications, these are not targeted through Intel® vPro™ technology.

What about Intel® Atom™ processors?

Intel® Atom™ processors are being used today to power a tremendous variety of intelligent connected devices in multiple segments, in the so-called ‘Internet of Things,’ ranging from consumer electronics to in-vehicle infotainment, digital security surveillance factory automation, medical devices, intelligent digital signage, smart phones, tablets, and many others.

Remote manageability is important in each of these segments.

Since Intel® AMT is not yet supported in Intel® Atom™ system on a chip (SoC) solutions, the question is: what kinds of remote manageability solutions are available for Intel® Atom™ SoC based devices?

There are two key ways to differentiate manageability:

It is important to note that both in-band and OOB manageability solutions can conform to any of the standard frameworks I have mentioned earlier. Together, in-band and OOB solutions provide two different vectors or mechanisms to access and manage the system.

In talking to embedded OEMs, and when we look at the Intel® Atom™-based segments, we can support alternative mechanisms and without a dependency on Intel® vPro™ technology.

Consequently some customers we have talked with use home-grown solutions that do not conform to industry standards. But if a hardware vendor is already using Intel® Core™ vPro™ processors in one part of a product line and Intel Atom processors in some other products, from a product support standpoint the vendor may want to implement consistent management framework and capabilities. This can provide for interoperability and lower total cost of ownership across their product line.

‘Pseudo-OOB’ manageability

One of our ongoing efforts is to create a manageability solution for Intel® Atom™ SoC solutions that is similar to Intel® AMT, and that complies with the DASH standard. Such a solution should be transparent to a management console that would be managing multiple devices consisting of clients both with and without Intel® vPro™ technology.

We call this a ‘pseudo-out-of-band’ environment, one that uses Intel® Virtualization technology to create a virtual machine to provide a protected and isolated execution environment for the manageability stack.

One advantage of running manageability in a protected virtual partition is that, like Intel® AMT, it will be OS-agnostic, and it will work regardless of whether you are running Linux*, QNX*, VxWorks*, Windows*, or any of a large number of embedded operating systems.

The isolated execution environment also can make the manageability solution much more robust, such as by preventing attacks by malware. This can be accomplished by running a high integrity and secure OS, such as the Integrity* RTOS from Green Hills Software* or Wind River Systems Hypervisor*, to host a manageability framework.

The pseudo OOB solution is not vulnerable to the guest OS crash as it is running in an isolated partition of its own. With a pseudo OOB manageability solution, there is at least some possibility that you can remotely bring the OS back up. And we can use a hardware watchdog timer embedded in silicon to prevent a hung platform condition from occurring in the first place. This essentially increases the availability of the pseudo OOB manageability virtual partition and improves manageability determinism of the system.

Baseline management capabilities

We have analyzed multiple embedded use cases to determine a set of base capabilities for remote manageability common to all of them. We have identified three key baseline capabilities:

Each of these baseline capabilities can be handled with ease by a virtualized manageability solution running on an Intel® Atom™ processor and with no runtime performance overhead. To make the manageability solution practical, the hypervisor solution for virtualization on Intel® Atom™ processors must be engineered to minimize processor and IO latency overhead.

If you have these fundamental capabilities in an OOB partition, you have a secure operating system environment that will allow other remote management capabilities enabled in-band.

As Intel adds new security features, in-band manageability would become quite practical. For example, trusted boot technology, hardware-assisted anti-virus technology, white listing and other security techniques make the system more robust.

One issue with in-band solutions is their OS dependence. This complicates the task of porting, supporting and validating the manageability stack for compliance with the many available embedded operating systems. Approaches like an OS agnostic application framework running on virtual machines like JVM* or Dalvik* might provide partial solution to this problem.

When you take these issues into consideration, using virtualization to enable OS-agnostic manageability can provide practical baseline manageability capabilities for Intel® Atom™ SoC platforms that come near to the manageability enabled by Intel® vPro™ technology.