The following sections in this topic provide example scenarios of how Wake On LAN in Configuration Manager 2007 can be implemented:

Achieving Compliance Levels by Installing Software Updates on Computers That Are Turned Off

This scenario demonstrates how you can use Wake On LAN in Configuration Manager to help achieve higher success rates for installing software updates within a specified time frame.

Woodgrove Bank has a security policy that requires that all computers on the network running Windows have critical security software updates installed within two weeks of release. The installation of these software updates on servers has a 100% success rate, but only 80% success rate on desktops despite the Configuration Manager administrator deploying them with a deadline one week after release. On investigation, the computers that do not have the software updates installed are turned off for various reasons—for example, because users are on vacation or sick leave or because the computers are not in everyday use and turned on only when needed for a specific application or process.

There is often not enough time to track down each computer, turn it on, and install the required software updates to meet the compliance deadline.

To help achieve the compliance levels in a timely and efficient fashion, Woodgrove Bank decides on the course of action outlined in the following table.

Process Reference

Mary North is the Configuration Manager administrator and is responsible both for hardware inventory and for software updates. She already has a list of network cards in each managed desktop from hardware inventory data.

The inventory data indicates that there is a mixture of network cards from different vendors in existing computers. Replacing these network cards is not a viable option.

About Collecting Hardware Inventory

Mary references the documentation for the various network cards and learns that all of them support the Magic Packet format and should support Wake On LAN.

On her own test network running Configuration Manager 2007, she enables Wake On LAN for a site and configures a software update deployment with a deadline and enables it for Wake on LAN.

For more information, see the following topics:

Mary conducts tests with representative network cards using standard build computers to see whether they will be woken up when turned off and then install the software update deployment.

Of her 10 test computers, only 1 is successfully woken up.

Mary consults the vendor information associated with the network cards and discovers that most of them cannot support wake-up if they are using unicast transmissions, but that all of them support Wake On LAN with subnet-directed broadcasts.

Mary changes the wake-up transmission method for the Configuration Manager site from the default of unicast to subnet-directed broadcast. This time, 8 of the 10 are successfully woken up and then install the software update deployment.

How to Configure Wake On LAN for Unicast or Subnet-Directed Broadcast

Mary investigates the 2 computers that are not woken up and references the specific documentation for those computers and network cards. She discovers that she needs to modify the BIOS setting on one computer and configure a driver option on the other:

  • Following the specific vendor's instructions for her computer, she configures the BIOS by pressing F2 when the computer starts up to enter BIOS Setup, selects the Power menu, changes the Wake on LAN option to Power On, and then presses F10 to save and exit the BIOS Setup.

  • Following the specific vendor's instructions for her network card, she configures the driver option by loading Device Manager, expanding the Network Adapters section, right-clicking the adapter, selecting Properties, clicking the Advanced tab, selecting Wake on LAN Options, clicking Properties, and then enabling the options Enable PME and Wake on Magic Packet for the Wake on Settings.

After these 2 computers are reconfigured, all 10 are successfully woken up.

Manual process that is specific to the computer and network card.

Important
Instructions for how to enable Wake On LAN will be different for different vendors. Check their instructions.

Mary concludes that implementing Wake On LAN for subnet-directed broadcast will be the most effective configuration for Woodgrove's business requirements and that she will need to factor in additional ad-hoc reconfiguration for a small percentage of computers.

Internal process that is company-specific.

Mary discusses her findings with other teams, including security advisors and the network team:

  • The security advisors agree that the business benefits of installing critical security updates in a timely fashion outweigh the security risks involved in implementing subnet-directed broadcasts, providing that a non-default port number is used and routers are configured to mitigate the risk associated with smurf attacks. They would have preferred to use unicast as the wake-up transmission method but understand that replacing all the existing network cards to support this method would not be feasible. The network has additional security controls to ensure that only authorized staff has access to it.

  • The network team validates that the bandwidth requirements are sustainable if the wake-up transmissions are sent outside office hours. They also agree to the security precautions for a non-default port number and for reconfiguring the routers.

For more information, see the following topics:

The following Requests for Change (RFCs) are submitted:

  • Routers will be configured to securely allow subnet-directed broadcasts.

  • All primary sites running Configuration Manager will be configured for Wake On LAN using subnet-directed broadcast and a non-default port number.

  • All critical software update deployments will be enabled for Wake On LAN and configured to install at 3 A.M.

The RFCs are granted, and the in-house security policy is updated.

Internal process that is company-specific.

Mary then talks to the desktop support engineers and build team to explain that implementing Wake On LAN might require reconfiguration of existing computers if they fail to wake up, and that supporting Wake On LAN might require consideration for new builds.

Determine Administrator Roles and Processes for Wake On LAN

When all the infrastructure changes are in place, Mary enables critical software update deployments for Wake On LAN and monitors deployment status closely.

About Software Updates Reports

As a result of this course of action, critical software updates are installed on 97% of computers after one week. This leaves a comfortable margin of one more week to track down and correct the 3% of desktop computers that failed to wake up, perhaps because their network card drivers were not configured for wake-up operation, the BIOS needed reconfiguring, or jumpers or wires needed to be configured correctly on the network card.

Using the combination of software updates with a deadline for the majority of computers, using Wake On LAN for the few computers that were turned off, and manual intervention for the minority of computers that remained non-compliant, Woodgrove Bank can now meet its compliance levels every month.

Installing Large Software Applications Overnight When the Company Policy Mandates That Workstations Must Be Turned Off to Reduce Electricity Costs

This scenario demonstrates how you can use Wake On LAN in Configuration Manager to save electricity costs by turning off computers outside office hours but continue to manage them without interruption to business continuity.

To save money on their electricity costs, A. Datum Corporation has a new company policy to shut down all computers at the end of the working day. Whereas users previously left their computers on for overnight maintenance, such as installing and upgrading software, now they are instructed to turn off their computers running Windows Vista before leaving the office. To enforce this management directive, Active Directory Group Policy is used to configure the power management options so that inactive workstations are automatically shut down after a sustained period of inactivity.

The challenge for the IT department is to continue to manage those computers with minimal interruption to users. An example is the requirement to upgrade to Office 2007 all the workstations running Office 2003. Users rely on Office applications to complete many of their day-to-day tasks, and their productivity would be seriously affected if these applications were not available throughout the day. After the IT department tests the upgrade deployment, they discover that the resulting installation package is several hundred megabytes and takes, on average, between 2 and 3 hours to install.

Because of the length of time to install the application and the impact on the network bandwidth, it is obviously preferable to perform the upgrade outside business hours. With the recent policy to turn off all workstations outside office hours, this deployment problem can be solved by implementing Wake On LAN.

Tommy Hartono is the Configuration Manager administrator responsible for delivering the upgrade package to desktops, and he decides on the course of action described in the following table.

Process Reference

Tommy reads the overview of Wake On LAN in Configuration Manager 2007 and realizes that mandatory software distribution advertisements can be enabled for Wake On LAN.

This would provide a solution to installing Office 2007 overnight without disrupting users or negatively impacting network bandwidth and distribution points during office hours.

Overview of Wake On LAN

He reads about the two different transmission methods that are available to send wake-up packets in Configuration Manager and makes inquiries with the network team about whether the company routers allow subnet-directed broadcasts.

The security team has mandated that routers will not allow the transmission of subnet-directed broadcast packets, even if they are reconfigured to mitigate the security risk.

To adhere to the in-house security policy, Tommy must use unicast as the wake-up transmission method, even if the success rate is lower than if using subnet-directed broadcast.

As a pilot test, Tommy enables a single primary site for Wake On LAN, creates a mandatory software distribution advertisement to install in an hour's time, enables the advertisement for Wake On LAN, and then targets a collection with a selected test computer.

He initiates a policy download for the test computer and then turns the computer off.

The computer wakes up and, a few minutes later, installs the advertisement.

After a successful proof of concept, Tommy widens his pilot test to five computers, configures a mandatory advertisement to install Office 2007 at midnight, and enables the advertisement for Wake On LAN.

For more information, see the following topics:

The following morning, Tommy discovers that one of the computers did not wake up. After conducting some tests, he concludes that the particular network card will not respond to unicast wake-up packets.

Tommy decides that this is an acceptable trade-off for a low percentage of computers and investigates the following alternative plans for the next business day if computers failed to wake up:

  • Targeting these computers to install at the end of business hours and instructing the user of this planned upgrade so that they do not work within this time period and do not turn off their computer.

  • Requesting a Group Policy exemption for these computers and instructing users to leave their computers on before going home on the allocated day.

Internal process that is company-specific.

The pilot and processes prove successful, so Tommy enables Wake On LAN for all his primary sites and installs Office 2007 overnight in a staged approach.

He monitors the success of the installation and follows up with individual computers that were targeted but did not begin the installation.

How to View the Status of an Advertisement

As a result of this course of action, the following objectives are met:

  • The majority of computers are always turned off outside business hours, which saves the company a considerable amount of money in electricity costs.

  • Business continuity is maintained because workstations are upgraded outside business hours.

  • Network bandwidth is not negatively impacted by installing large software packages during business hours.

Waking Up Computers to Install a New Operating System

This scenario demonstrates how you can use Wake On LAN in Configuration Manager to support the installation of an operating system deployment.

Coho Winery takes delivery of a new batch of computers. They have slightly different specifications, depending on which department requires them. However, they come with the company's current build, which is Windows XP Professional and the Configuration Manager client installed. Coho Winery wants to upgrade them to Windows Vista before they go into production, using a known operating system deployment image and task sequence.

Jenni Merriam is the Configuration Manager administrator, and she takes the course of action described in the following table.

Process Reference

Jenni uses the central site to provision new computers using the operating system deployment feature before they are deployed to users.

They are then checked by support engineers and taken to their final location.

Jenni enables Wake on LAN in the central site only and connects the new computers into the same network segment as the site server.

For more information, see the following topics:

The computers are turned on, the Configuration Manager client automatically assigns to the central site, and the client reports its hardware inventory back to the site.

Jenni confirms that all computers are operational and turns them off until they are needed for deployment.

How to Configure Hardware Inventory for a Site

Because there are no routers between the site server and the computers, there are no network devices to configure and the network impact of a subnet-directed broadcast would be contained to the single network segment.

For this reason, Jenni leaves the default transmission method of subnet-directed broadcast.

Choose Between Unicast and Subnet-Directed Broadcast for Wake On LAN

Jenni configures the mandatory task sequence advertisement associated with the operating system deployment to be enabled for Wake On LAN.

When a request comes in to deploy a specific computer, she moves it into the targeted collection.

How to Configure a Task Sequence Mandatory Advertisement for Wake On LAN

Within a few minutes, the targeted computer is woken up and it begins to upgrade using the Windows Vista image.

When the deployment is complete, Jenni checks that everything is operational:

  • If everything is satisfactory, the computer is sent to its final location where, so that it can be assigned to its correct operational site, it runs a script to uninstall the Configuration Manager client and reinstall it.

  • If there are any problems or issues with the upgrade, Jenni resolves these before the computer can be deployed.

Internal processes that are company-specific.

As a result of this course of action, the following objectives are met:

  • Computers are deployed with Windows Vista immediately, instead of waiting for the supplier image to be updated. Deploying Windows Vista early helps to reduce the total cost of ownership because it offers a more reliable and secure operating system than Windows XP.

  • The upgrade method is streamlined and provides a reliable process.

  • The network sustains a minimal increase in traffic that does not negatively impact business continuity.

  • The method of sending wake-up packets results in a high success rate without reconfiguration or incurring security risks.

See Also