Improving Security and Manageability without Increasing TCO

TCO matters in the embedded marketplace; hardware integration is the key.

Interactive terminals based on thin-client technology have been an appealing solution for years, primarily because of their low total cost of ownership (TCO). Because their applications are fairly simple and they do not require personalization, these terminals can operate with minimum features and performance levels.

Some industries need a more robust solution. This is especially true where interactive terminals are used to transmit sensitive financial data in the banking, finance, insurance, and retail industries. Security and manageability are becoming more important, as many more of these devices are connected to the Internet.

What is needed is a platform equipped with PC-like performance and features but priced comparably to the thin client—something that combines hardware-based, robust security and manageability features in a small form factor. The solution must also deliver traditional embedded features, such as low power consumption (for fan-less operation) and a long life cycle.

Thin Clients—Risks and Rewards

Inexpensive thin clients are popular in the embedded terminal marketplace precisely because they use a minimally enabled platform that promises low overall TCO. Many businesses consider them to be disposable devices. Customers are more than willing to sacrifice performance and features in order to save money. That’s the whole point.

Those sacrifices can be significant. For example, thin clients lack the onboard memory and graphics support that power some applications that may be useful to the transaction industry, such as dual-independent display, photo processing, or biometric recognition (used for ID verification). They also lack the headroom to run complex security and management applications that protect networks from outside threats. This can be quite risky given that a growing percentage of embedded devices are connected through the Internet.

IT managers need the ability to exert some level of control and management over their embedded terminal systems, if simply to ensure the integrity and protection of the network and the sensitive financial data that runs through it. Customers, too, need to know that their personal information remains secure.

Finding Alternatives to Thin Clients

Today, the only viable alternatives to thin clients are full-featured computers and embedded devices. While their performance levels are much stronger, these systems also tend to have a higher overall TCO, because such systems are designed to allow for personalization.

Transaction terminals don’t require much customization. Instead, they need more built-in performance and protection to process sensitive data and run complex graphics-based algorithms. The ideal platform allows for easy manageability and robust security, while preserving the traditional features of an embedded design. These terminals are comparably priced to the thin client with a low overall TCO.

A compact form factor with lower power consumption for operation in fan-less enclosures isn’t the only requirement. Multiple ports are needed so that peripheral devices (e.g. scanners) can be attached. Performance must be powerful enough to run graphics applications and support large databases.

The trick is how to achieve such performance gains without driving up cost.

The Solution: Hardware Integration

Integrating important management and security features into the hardware elements of a platform provides the solution. When these functions are built into the chips, space becomes less critical. Hardware-based management and security features are also more intelligent and can be controlled remotely, allowing for off-site maintenance that keeps TCO low.

Several management and security technologies can be integrated into hardware. For example, through a live Internet connection and hardware-based active management and control features, IT managers can perform out-of-band (OOB) system management, remote troubleshooting and recovery, proactive alerting, and remote hardware and software asset tracking. These features can decrease downtime and reduce the need for on-site support. Intel® Active Management Technology is an example of hardware-based management and control technology that can be embedded in a processor. [Editor’s note: the author is an employee of Intel]

Integrated RAID is another important management and support tool. Using two or more ordinary hard disks to create a RAID storage system, IT managers can improve data protection through fault tolerance and redundant system performance. Intel® Matrix Storage Technology is an example of how RAID can be integrated into hardware.

IT managers can also employ virtualization technology to actively control multiple applications and hardware and operating systems as if they were one. Dynamic system crash management and modular performance enhancement are enabled through hands-on management of an entire set of interactive devices through a single console—even if they are distinctly different.

Hardware-based security features are also important. The Trusted Platform Module (TPM) is an emerging industry standard used to establish the root trust framework for a computing platform. When integrated into an embedded platform, the TPM can be used to measure the integrity of all components of the platform—both hardware and software.

Good for Transaction Businesses

The ideal platform for transaction terminals includes all of the features of an embedded system with the robust performance capabilities of a traditional PC. The Intel® Embedded Station Terminal platform, developed in conjunction with Sinosun and ICP Electronics, is one example of how these features can be implemented into a complete solution. The features and performance gains made possible by this kind of platform—versus traditional thin clients—can benefit the transaction industry in several ways:

  • Better Graphics Performance: To illustrate, the Intel Embedded Station Terminal platform uses a robust processor with integrated graphics capabilities. This allows banks and other financial institutions to more quickly process data imaging and biometric recognition—such as photo identification and credit card signatures—to prevent fraud. Growing data bases require that these tasks be performed quickly, requiring a robust processing platform with large on-board memory. Thin clients lack this level of performance.

  • Hardware Security: Ideal security protection today includes both hardware and software security tools. With an onboard TPM chip, a transaction terminal platform will enable financial institutions to encrypt and decrypt confidential files or e-mail to ensure data integrity and better protect sensitive records. These kinds of functions are not possible in software only, or using traditional thin client platforms.

  • Dual Independent Display: Banks, retailers and other transaction industries can find many ways to use a dual independent display, including interactive advertising and promotions that generate add-on sales and extra revenue. Such features require a robust processing platform with strong graphics capabilities, something thin clients cannot support today.

  • Fanless Enclosure: Most of the thin clients in the marketplace still depend on the fan to dissipate heat, which requires electricity. The ideal transaction terminal platform uses a low-voltage/high-performance processor to allow for development of a completely fanless solution which will save on power costs, leading to lower TCO.


Because TCO matters considerably in the embedded marketplace, solutions that improve performance and add features while keeping costs low are worthy of a closer look. Hardware integration is the key.

Banks, financial institutions, retailers, and other transaction-based businesses should look beyond today’s thin clients for new platforms that are optimized for their industry. The important features of those platforms include low TCO, high-performance, low-power consumption, strong graphics capabilities, hardware-based management and security features—including a trusted platform module—and rugged reliability for a long product life cycle.