Another way to ensure that sleep settings do not interfere with the distribution of administrative software updates (such as Windows security patches and antivirus definitions) is to utilize Wake-on-LAN features. With Wake-on-LAN activated, a network administrator can wake up sleeping machines at any time in order to perform on-demand software patches or updates.
Wake-on-LAN (WOL) allows a computer to be powered on or awakened from standby, hibernate or shutdown from another device on a network. The process of WOL is the following:
- The target computer is in standby, hibernate or shutdown, with power reserved for the network card.
- The network card listens for a specific packet, called the "Magic Packet."
- The Magic Packet is broadcast on the broadcast address for that particular subnet (or an entire LAN, though this requires special hardware and/or configuration).
- The listening computer receives this packet, checks it for the correct information, and then boots if the Magic Packet is valid and if contains the network card's MAC address.
Enabling WOL on Computers
WOL must be enabled in the both the basic input/output system (BIOS) and the network card. In order to enable WOL in the BIOs quickly and easily, some manufacturers provide methods for managing BIOS settings remotely or through scripts. For example, BIOS settings can be configured remotely on Dell computers using Dell Open Manage and on HP/Compaq computers using Insight Manager. To see if this is available for you computer, please contact your manufacturer. In order to enable on the network card, please take the following steps:
- Click on "Network Connection" (in Control Panel) and then click on "Properties."
- Click on "Configure" next to the network card the connection is using.
- Click on the "Advanced" tab. (The settings in this example are specific to the Marvell Yucon card but should be similar for other network cards.)
- Enable "Wake From Shutdown" (may be different depending on the model of network card) by setting the Value to "On".
- Enable "Wake Up Capabilities" (may be different depending on the model of network card) by setting the Value to "Magic Packet".
- Click on "Power Management" tab. (The settings in this example are specific to the Marvell Yucon card but should be similar for other network cards.)
- Enable "Allow this device to bring the computer out of standby" by checking the box.
- Enable "Only allow management stations to bring the computer out of standby" by checking the box. This will require a Magic Packet to wake up your computer. Not selecting this will allow any traffic directed to your computer to wake it up.
Waking Up a Computer
Once WOL is enabled, the computer can be awakened by sending a Magic Packet. A Magic Packet is a broadcast sent on port 0, 7, or 9 that contains the destination computer's MAC address. All computers on the subnet get the packet. If the MAC Address matches the network card, the computer will wake up.
For use in an enterprise, WOL is usually used in conjunction with a management system that already stores this subnet and MAC address information. If using a management system such as Microsoft Systems Management Server (SMS), Altiris, or LANDesk, WOL capabilities may be built in or add-ons may be available. A few free applications available for waking up computers using WOL are provided below. (Inclusion in this list does not constitute EPA ENERGY STAR program endorsement, approval, or certification of these software packages.)
- For waking up computers on other subnets, the MAC address and subnet for each computer will be needed and must be updated if a computer is moved to another subnet.
- Since WOL uses Directed Broadcasts to send Magic Packets to the destination computer, some network configuration may be to necessary wake up computers on a different subnet. On most routers Directed Broadcasts are disabled by default due to vulnerabilities associated with them. To securely enable Directed Broadcasts, access lists should be created or modified to allow them from one or more IP address or subnets and deny them from all others. This allows Magic Packets to be sent from management computers but keeps the rest of the network secure from Directed Broadcast vulnerabilities. This access list would have to be added to all routers between the source of the WOL Magic Packet and the destination computers that will be woken up.