If you are deciding whether to use the Wake On LAN feature in Configuration Manager 2007 or the out of band management feature in Configuration Manager 2007 SP1 or later, review the following topics to understand the supported scenarios, options, and prerequisites for each feature:
- Overview of Wake On
- Prerequisites for Wake
- Overview of Out of Band
- Prerequisites for Out of
|The information in this topic applies only to Configuration Manager 2007 SP1 and later.|
If you cannot choose which feature to use based on this information, to best meet your business requirements, you should consider the advantages and disadvantages of both features.
The following table outlines the advantages and disadvantages of Wake On LAN and out of band management to help you choose which feature to use.
Wake On LAN
Does not require that the site is running Configuration Manager 2007 SP1.
Supported by many network adapters.
UDP wake-up packets are quick to send and process.
Does not require a PKI infrastructure.
Does not require any changes to Active Directory Domain Services.
Supported on workgroup computers, computers from another Active Directory forest, and computers in the same Active Directory forest but using a noncontiguous namespace.
Less secure solution than out of band management because it does not use authentication or encryption. If subnet-directed broadcast transmissions are used for the wake-up packets, this has the security risk of smurf attacks. For more information about securing subnet-directed broadcast transmissions with Wake On LAN, see Secure Routers for Subnet-Directed Broadcasts for Wake On LAN.
Might require manual configuration on each computer for BIOS settings and adapter configuration.
No confirmation that computers are woken up.
Wake-up transmissions as multiple UDP packets can unnecessarily saturate available network bandwidth.
Cannot wake up computers interactively.
Cannot return computers to sleep state.
Management features are restricted to waking up computers only.
Out of band management
More secure solution than Wake On LAN because it provides authentication and encryption using standard industry security protocols. It can also integrate with an existing PKI deployment, and the security controls can be managed independently from the product.
Supports automatic centralized setup and configuration (provisioning).
Established transport session for a more reliable connection and auditable connection.
Computers can be woken up interactively (and restarted).
Computers can be powered down interactively.
Additional management capabilities, which include the following:
Requires that the site is running Configuration Manager 2007 SP1 or later.
Supported only on desktop computers that have the Intel vPro chip set and a supported version of Intel Active Management Technology (Intel AMT) firmware. For more information about which AMT versions are supported, see Overview of Out of Band Management.
The transport session requires more time to establish, higher processing on the server, and an increase in data transferred.
Requires a PKI deployment and specific certificates.
Requires an Active Directory container that is created and configured for publishing AMT-based computers.
Cannot support workgroup computers, computers from another Active Directory forest, or computers from the same Active Directory forest but using a noncontiguous namespace.
Might require infrastructure changes to DNS and DHCP if provisioning out of band (the client for Configuration Manager 2007 SP1 or later is not installed).
Both features support waking up computers for the following scheduled activities:
- Software update deployments that are
configured with a deadline.
- Mandatory advertisements for software
distribution or a task sequence.
If you are using Wake On LAN and out of band management in the same site, you must choose how the site will wake up computers for scheduled activities that are configured for Wake On LAN. The following options are located on the Site Properties: Wake On LAN Tab:
- Use power on commands if the computer
supports this technology, otherwise use wake-up packets
- Use power on commands only
- Use wake-up packets only
Make your choice based on which feature you are using and whether the computers assigned to the site support the feature. Also take into consideration the advantages and disadvantages of both features as listed above. For example, wake-up packets are less reliable and are not secured, but power on commands take longer to establish and require more processing on the site system server that is configured with the out of band service point.
|Because of the additional overhead involved in establishing, maintaining, and terminating an out of band management session, conduct your own tests so that you can accurately judge how long it takes to wake up multiple computers using out of band power on commands in your environment (for example, across slow WAN links to computers in secondary sites). This knowledge will help you determine whether waking up multiple computers for scheduled activities using power on commands with out of band communication is practical when you have a high number of computers to wake up within a short period of time.|
After configuring the wake-up option for the site, all software update deployments and mandatory advertisements that are configured for Wake On LAN will use the same setting. You cannot configure which feature to use on an individual basis; for example, you cannot configure all software updates to use wake-up packets only or a specific mandatory advertisements to use power on commands only.