As Virtual Desktops become standard components of the entire desktop environment there are increasing demands on the end point devices to provide the performance of legacy desktop computers they are replacing. Devices with more memory, faster processors and expandable peripheral device support are quickly replacing the utility devices most associated with thin clients. On Monday February 13, 2012 HP announced the release a new class of thin client devices that are designed to address the end user performance needs and adds security architecture to combat increasing security threats.
HP introduced their t610 series device that has an impressive list of components. It ships with a dual-core AMD G-series (1.65Ghz ) Fusion processor and AMD HD graphics, integrated WiFi, up to 4GB of RAM, Half-height PCI Express expansion slot and quad-head display capabilities. “The AMD Fusion Accelerated Processing Unit (APU) combines a low-power CPU and a discrete-level GPU into a single integrated unit providing high performance multimedia content delivery at power efficiency”, states HP in the press release. “To enhance reliability in a broad range of operating environments, HP t610 includes HP Active Thermal Management. Even in the harshest of environments, Thermal Management helps prevent the device from shutting down due to over-heating.” Without a fan the t610 can systematically slow down the processor when it detects the environment is reaching the upper limits of its ideal operating temperature (40 deg C)
The AMD Fusion Accelerated Processing Unit (APU) combines a low-power CPU and a discrete-level GPU into a single integrated unit providing high performance multimedia content delivery at power efficiency. The HP t610 also supports DirectX11 for 3D visual effects and accelerated graphics performance. The t610 comes in two form factors with the t610 PLUS model providing additional legacy ports and connectity options for fiber NICs.
The t510 comes with a VIA Eden X2 U4200 1GHz dual core CPU and VIA ChromotionHD 2.0 graphics enable hardware acceleration of streaming multimedia for enhanced Web browsing and remote session multimedia.
Each of the models are available in HP ThinPro, HP Smart Zero Client, Windows Embedded Standard 2009 or Windows Embedded Standard 7. The t510 and t610 series devices provide support for Citrix XenApp, XenDesktop, Microsoft RDP, RemoteFX and VMware View.
Built with security in mind
The t610 is the first thin client we have seen whose BIOS complies with the security recommendations of the National Institute of Standards and Technology (NIST), “providing hard identification security for sensitive computing environments and giving businesses a second layer of protection for company data as well as an on-board Trusted Platform Module (TPM), which is an integrated cryptographic security chip that ensures only authorized access to networks under the certification requirements of the Trusted Computing Group.” Security threats are becoming more sophisticated and the architects of these attacks are looking at every level of the hardware and software stack to exploit vulnerabilities. Compromising the BIOS of the system can provide access to data and hardware before any of the traditional methods of software DLP can intervene.
Below is an excerpt from the NIST BIOS Integrity Measurement Guidelines (DRAFT SP 800-155) publication:
If the BIOS code or configuration is altered from the intended state, either maliciously or accidentally, the desktop or laptop may experience losses of confidentiality, integrity, and availability, including system instability, system failure, and information leakage. These consequences underscore why it is so important to detect changes to the BIOS code and configuration.
Key Requirements under these guidelines are:
1. Provide the hardware support necessary to implement credible Roots of Trust for BIOS integrity measurements.
Roots of Trust are components (software, hardware, or hybrid) and computing engines that constitute a set of unconditionally trusted functions. These Roots of Trust must act in concert and build on each other to enable reliable and trustworthy measurement, reporting, and verification of BIOS integrity measurements.
2. Enable endpoints to measure the integrity of all BIOS executable components and configuration data components at boot time.
A key factor in a meaningful integrity measurement comparison scheme is establishing and maintaining, with confidence, a known baseline of attributes and measurements. Endpoint vendors have various ways to convey attributes to users; regardless of how this is done, the reason for the attributes is to give the user a means of assessing the validity of the BIOS integrity measurements reported by the endpoint and developing a level of confidence in the reports it receives about the overall health status of the endpoint.
3. Securely transmit measurements of BIOS integrity from endpoints to the Measurement Assessment Authority (MAA).
When measurements are reliably and robustly reported, the MAA can accurately determine the state of the security relevant BIOS configuration items on each endpoint. This allows the MAA to report on and act upon the items with which the organization is concerned. Secure transmission of BIOS integrity measurements ensures that measurements are not modified, disclosed, or forged in transit by malicious parties.
The complete publication can be found on the NIST website here.
These guidelines are critical to vendors, such as HP, who are developing computing devices for environments where data security is most critical. Public Sector and Financial sector organizations are looking for solutions that give them complete visibility of the computing stack and enhance their battle against malicous attacks.
Management and Prices
HP provides several native management tools (HP Easy Tools and HP Device Manager) and they have released their HP Imaging plug-in for Microsoft System Center for additional enterprise level management of their Windows 7 devices. The t510 starts at $295 and the t610 series starts at $399. To read the complete press release, go to HP’s Newsroom http://www.hp.com/hpinfo/newsroom/press/2012/120213d.html