http://technet.microsoft.com/en-us/library/cc161828.aspx
Feature | Advantage | Disadvantage |
---|---|---|
Wake On LAN | Does not require that the site is running Configuration Manager 2007 SP1. Supported by many network adapters. UDP wake-up packets are quick to send and process. Does not require a PKI infrastructure. Does not require any changes to Active Directory Domain Services. Supported on workgroup computers, computers from another Active Directory forest, and computers in the same Active Directory forest but using a noncontiguous namespace. | Less secure solution than out of band management because it does not use authentication or encryption. If subnet-directed broadcast transmissions are used for the wake-up packets, this has the security risk of smurf attacks. For more information about securing subnet-directed broadcast transmissions with Wake On LAN, see Secure Routers for Subnet-Directed Broadcasts for Wake On LAN. Might require manual configuration on each computer for BIOS settings and adapter configuration. No confirmation that computers are woken up. Wake-up transmissions as multiple UDP packets can unnecessarily saturate available network bandwidth. Cannot wake up computers interactively. Cannot return computers to sleep state. Management features are restricted to waking up computers only. |
Out of band management | More secure solution than Wake On LAN because it provides authentication and encryption using standard industry security protocols. It can also integrate with an existing PKI deployment, and the security controls can be managed independently from the product. Supports automatic centralized setup and configuration (provisioning). Established transport session for a more reliable connection and auditable connection. Computers can be woken up interactively (and restarted). Computers can be powered down interactively. Additional management capabilities, which include the following:
| Requires that the site is running Configuration Manager 2007 SP1 or later. Supported only on desktop computers that have the Intel vPro chip set and a supported version of Intel Active Management Technology (Intel AMT) firmware. For more information about which AMT versions are supported, see Overview of Out of Band Management. The transport session requires more time to establish, higher processing on the server, and an increase in data transferred. Requires a PKI deployment and specific certificates. Requires an Active Directory container that is created and configured for publishing AMT-based computers. Cannot support workgroup computers, computers from another Active Directory forest, or computers from the same Active Directory forest but using a noncontiguous namespace. Might require infrastructure changes to DNS and DHCP if provisioning out of band (the client for Configuration Manager 2007 SP1 or later is not installed). |
Both features support waking up computers for the following scheduled activities:
- Software update deployments that are configured with a deadline.
- Mandatory advertisements for software distribution or a task sequence.
If you are using Wake On LAN and out of band management in the same site, you must choose how the site will wake up computers for scheduled activities that are configured for Wake On LAN. The following options are located on the Site Properties: Wake On LAN Tab:
- Use power on commands if the computer supports this technology, otherwise use wake-up packets
- Use power on commands only
- Use wake-up packets only
Make your choice based on which feature you are using and whether the computers assigned to the site support the feature. Also take into consideration the advantages and disadvantages of both features as listed above. For example, wake-up packets are less reliable and are not secured, but power on commands take longer to establish and require more processing on the site system server that is configured with the out of band service point.
No comments:
Post a Comment