Intel® vPro™ Technology

Next-Generation Streaming Clients Based on Intel® vPro™ Technology

New Challenges and Solutions for Streaming Clients

With the wide adoption of Wi-Fi (IEEE 802.11) technology in enterprises, many IT organizations are looking for OS streaming solutions in those networks. However, OS streaming (or PXE in Wireless) Wi-Fi networks continue to be a challenge. A wireless PXE solution has never been deployed in enterprises, because of the following significant challenges:

1. Most Wi-Fi network cards do not have sufficient flash memory space to store the PXE OP-ROM and WLAN driver code needed to support wireless PXE. The WLAN driver is relatively large to be part of the BIOS code as well.
2. The secure configuration/provisioning of the Wi-Fi 802.11i Security Profile, to enable a WLAN connection, is not a trivial undertaking.
3. There remain many open issues related to ownership and synchronization of the Wi-Fi communication channel between the host OS and BIOS/firmware in the NIC, similar to the issues described earlier for a wired 802.1x channel (see Figure 2).

We are investigating solutions to these challenges based on Intel vPro technology. Intel® Active Management Technology (Intel® AMT) provides support for a WLAN stack inside its firmware, including the IEEE 802.11i [15] and 802.1x standards (described earlier) as well as methods for secure provisioning of the platform credentials. One of our options is to utilize the IDE-Redirection (IDE-R) protocol capability that is provided as part of Intel® vPro™ brand platforms. IDE-R allows a remote server to boot a client system off a diagnostic OS for troubleshooting or recovery purposes when its local OS is not booting. IDE-R is a secure protocol [22] that can be used over Wi-Fi networks. Thus, it could be used for OS streaming in wireless networks.

The other option is to utilize the WLAN stack and communication capability in the Intel ® Management Engine (Intel® ME) and Intel® AMT firmware from the BIOS/PXE code directly, by using the Host Embedded Controller Interface (HECI) [23], defined for communication between the BIOS/Host and the Intel ME. The PXE specification defines a Universal Network Driver Interface (UNDI) that allows the PXE base code to talk with different kinds of networking devices. We propose using a similar abstraction or proxy for the PXE code to talk with the WLAN NIC, via the Intel ME/AMT firmware. With this approach, the Intel ME would establish an 802.11 session with the wireless AP. It could use the existing Intel® Embedded Trust Agent to provide 802.1x/NAC authentication over wireless as well. Once this wireless channel is set up, the PXE code can use this to download the boot-loader and subsequently the OS over that wireless channel and boot off it (see Figure 5). Please note that this capability is a future consideration, and it is not a part of our current Intel vPro technology products.

Figure 5: 802.1x PXE boot over wireless (802.11) networks

Back to Top