Platform stability: Enterprise PC fleet management’s best-kept secret

vPro Misconceptions stability article mast head image

The Intel® Stable IT Platform Program helps minimize computing disruptions and streamline PC deployment.

By IT Peer Network, Hector Llorens, Intel vPro® platform manager; Julian Braham, Intel IT client domain architect, principle engineer; Laura Warner, Intel IT PC Solutions, firmware configuration manager; Oren Duanias, Intel IT client health monitoring engineer

Enterprise IT departments consume a lot of resources to procure, image, deploy, and maintain their PC fleet. IT decision-makers and thought leaders may not often mention platform stability as a key asset, but it is instrumental in helping to streamline deployments and simplify fleet management. The Intel vPro® platform offers platform stability in the form of the Intel® Stable IT Platform Program (Intel® SIPP), which aims for zero hardware changes for at least 15 months or until the next generational release.[1]

This means that within a given Intel vPro® platform-enabled SKU, or across Intel vPro® platform-enabled SKUs from different OEMs, the underlying hardware components will not change. For example, enterprise IT can expect to receive the same Intel® processor stepping across all Intel vPro® platforms during a purchase cycle of 15 months.

Why platform stability matters

It’s an industry best practice for enterprises to wipe new devices and add their device image to the platform. This ensures a clean and secure platform to help safeguard intellectual property (IP) and help ensure authorized access to enterprise networks through the device endpoint. For a streamlined deployment, IT departments prefer to image devices that have stable hardware components that they’ve already measured, and for which they’ve already configured and optimized the device image.

Once an IT department validates a device SKU in this way, new procurements become a simple matter of “wipe, image, deploy.” However, new hardware components can nullify previous validation and optimization efforts. This is a primary reason why IT departments prefer the reliability of stable hardware. There are no surprises when it comes to adding new devices to the fleet, and IT can depend on stability from day one.

Intensive validation with a wide reach

Intel vPro® platform components are also fine-tuned so users and IT departments can expect consistent functionality under a wide range of operating scenarios. For example, IT can expect all 10th Generation Intel® Core™ vPro® processor-based systems with Intel SIPP to run Windows 10 version 1809 (RS5).

The integrated nature of the Intel vPro platform—seamlessly combining elements such as the CPU, Platform Controller Hub, graphics, Wi-Fi and Ethernet controllers, and associated drivers and firmware—means that Intel SIPP validation impacts common critical components within a system. This means Intel can deliver a comprehensive platform with extensive testing, resulting in a more robust IT computing environment. Chipmakers with limited computing portfolios can’t offer the same level or scope of validation.

Hardware stability and update cycles

Organizations may update their device images for various reasons, including employee productivity improvements or to patch a security vulnerability. However, any deployment requires rigorous testing to ensure the patch won’t cause more problems than what it’s trying to solve. Enterprise IT departments often rely on ring release or staggered release, wherein IT will deploy an update to a small percentage—for example, 50 or 100 machines within a 2,000-machine fleet. IT will then let the update run for a few weeks to observe the effects. Once everything looks good, IT can push the update to the general population.

Variety with the same line of hardware components—for example, different WLAN network interface card versions—complicates the update cycle. The interaction between different driver or firmware versions and different hardware components may increase reliability issues, leading to fatal errors and shutdowns. This puts IT departments in the difficult position of having to tailor an image update for different components. If the IT department accidentally excludes a configuration during the initial ring release, then a whole swath of the PC fleet may be subject to unexpected blue screens. Remediation can devolve into a “needle in a haystack” situation in trying to isolate the root problem across so many different components. By maintaining hardware stability across SKUs within a fleet, IT can simplify image updates and help prevent the occurrence of fatal system errors.

Alignment with business policy: Following a gold standard

Platform stability also helps enterprise IT maintain large-scale fleets when it comes to driver, firmware, or software maintenance. By way of example, Intel IT manages 300 individual drivers across 30 platforms and deploys patches to remediate anywhere from 2,000 to 100,000 machines. By establishing a business policy to determine when and how to apply patches, Intel IT simplifies their overall platform environment, making it easier to maintain devices while limiting downtime. Rocky Tejinder Singh, Laura Warner, and Dan Codorean from Intel IT refer to this policy as their gold standard configuration: “As part of our gold standard configuration, we establish standards for required drivers and firmware, and transition client models to a common, tested, healthy version to reduce the complexity of the environment.”Figure 1: Workflow illustrating the Intel IT approach to ecosystem updates[2]

Unit ring testing (ring release) is a critical juncture in the workflow, allowing Intel IT to validate driver and firmware updates before pushing them to the global environment. Intel SIPP helps ensure consistency in hardware components across and within device SKUs, so Intel IT has fewer configurations to test before deployment. The key takeaway here is that platform validation and hardware stability are essential to maintaining a manageable ecosystem. An effective gold standard business policy combined with platform stability can help you enforce ecosystem simplicity.

Measuring and monitoring the health of the fleet

Stable Intel vPro platform components can also empower IT departments with reliability information and measurements, which are accessible in the OS event logs. For example, Windows 10 devices will collect information on network disconnects, reconnects, and generally monitor for when the device starts roaming because it can’t find a stable wireless connection.

Stable Intel vPro platform components can also empower IT departments with reliability information and measurements, which are accessible in the OS event logs. For example, Windows 10 devices will collect information on network disconnects, reconnects, and generally monitor for when the device starts roaming because it can’t find a stable wireless connection.

IT departments can use Windows Event Forwarding to pass these event logs to a central logging system, and use the aggregate data to understand device behaviors in conjunction with either the business network or at-home networks for remote employees.[3] This wealth of information can help IT departments identify and troubleshoot any connectivity issues within their network or VPN connectivity issues for devices outside the network. With platform stability, IT departments can be assured that patterns and behaviors they discover aren’t a result of different hardware components.

Providing the tools when change is required

When it comes to hardware stability, there are no exceptions in the Intel vPro platform with Intel SIPP. Platform stability aims for components to be locked in for that 15-month buying cycle. However, Intel will work with OEMs to deploy critical security updates to drivers or firmware when needed. Intel may also release firmware or driver updates to help take advantage of new standards or OS features, for example, if a Windows 10 Enterprise OS release from Microsoft requires a new driver to enable certain key features. Whatever the situation may be, Intel SIPP aims to provide the tools to support change when change is required.

The value of stability in the Intel vPro platform

Intel SIPP has been integral to the Intel vPro platform and continues to be a valued asset among IT technicians and decision-makers. They know that platform stability will save them a lot of headaches. Hardware changes can tax IT departments with system requalification, troubleshooting, issue resolution, and possible image changes. In the worst-case scenario, hardware instability might result in a faulty image update that causes a number of PCs to experience blue screens or shutdowns. The Intel vPro platform delivers hardware stability starting on day one. What you see is what you get, which helps reduce computing disruptions throughout the buying cycle.

Learn how the Intel vPro platform delivers a business-class experience at intel.com/vPro.

[1] “Intel® Stable IT Platform Program (Intel® SIPP),” Intel website, 2020. https://www.intel.com/content/www/us/en/architecture-and-technology/stable-it-platform-program.html.

[2] “Developing a Gold Standard for Driver and Firmware Maintenance,” Intel website, 2017. https://www.intel.com/content/www/us/en/it-management/intel-it-best-practices/developing-gold-standard-driver-and-firmware-maintenance-paper.html.

[3] “Configure Computers to Forward and Collect Events,” Microsoft Docs website, 2015. https://docs.microsoft.com/en-us/previous-versions/windows/it-pro/windows-server-2008-R2-and-2008/cc748890(v=ws.11).

Intel technologies may require enabled hardware, software or service activation.
No product or component can be absolutely secure.
Your costs and results may vary.

© Intel Corporation. Intel, the Intel logo, and other Intel marks are trademarks of Intel Corporation or its subsidiaries. Other names and brands may be claimed as the property of others.