28 IBM System x3850 X6 and x3950 X6 Planning and Implementation GuideMachine Check Architecture recoveryThe Intel Xeon processor E7 family also features Machine Check Architecture (MCA)recovery, a RAS feature that enables the handling of system errors that otherwise require thatthe operating system be halted. For example, if a dead or corrupted memory location isdiscovered, but it cannot be recovered at the memory subsystem level, and provided it is notin use by the system or an application, an error can be logged and the operation of the servercan continue. If it is in use by a process, the application to which the process belongs can bestopped or informed about the situation.Implementation of the MCA recovery requires hardware support, firmware support (such asfound in the UEFI), and operating system support. Microsoft, SUSE, Red Hat, VMware, andother operating system vendors include or plan to include support for the Intel MCA recoveryfeature on the Intel Xeon processors in their latest operating system versions.The following new MCA recovery features of the Intel Xeon processor E7-4800/8800 v2product family are included:� Execution path recovery: Ability to work with hardware and software to recognize andisolate the errors that were delivered to the execution engine (core).� Enhanced MCA (eMCA) Generation 1: Provides enhanced error log information to theoperating system, hypervisor, or application that can be used to provide better diagnosticand predictive failure analysis for the system. This enables higher levels of uptime andreduced service costs.Security improvementsThe Intel Xeon E7-4800/8800 v2 processor family has several important securityimprovements that help to protect systems from different types of security threats.� Intel OS Guard: Evolution® of Intel Execute Disable Bit technology, which helps to protectfrom escalation of privilege attacks by preventing code execution from userspace memorypages while in kernel-mode. It helps to protect from certain types of malware attacks.� Intel Trusted Execution Technology (Intel TXT), Intel VT-x, and Intel VT-d: Newhardware-based techniques, which allow you to isolate virtual machines and boot VMsonly in a trusted environment. In addition, malware infected VMs cannot affect anotherVMs on the same host.� Intel Secure Key: Provides hardware random numbers generation without storing any datain system memory. It keeps generated random numbers out of sight of malware andtherefore enhances encryption protection.For more information, read the following Intel White Paper:http://www.intel.com/content/dam/www/public/us/en/documents/white-papers/3rd-gen-core-vpro-security-paper.pdf
