One of the most common myths and misconceptions around power management is wake on lan and it’s shortcomings. IT administrators still mistakenly believe that Wake on Lan is not ‘enabled’ on their network. As a result power management is not an option as they have no ability to wake devices for patching purposes. Security of course is becoming more critical and ensuring zero day patching to alleviate threats needs to be part of every system management strategy
How to get wake on lan to work?
Let us examine the facts. The following statements are true:
- Wake on Lan requires the broadcast of a magic packet (the wake up request)
- Wake on Lan will not work where the network does not allow the broadcast of a magic packet via UDP
- The NIC and the BIOS need to be configured for Wake on Lan to work
- You are also able to wake devices from sleep mode using OS timers.
In the majority of secure networks, UDP broadcasting is rightly disabled as it is a huge security risk and opens up threats around denial of service attacks. THIS HOWEVER DOES NOT MEAN THAT YOU CANNOT GET WAKE ON LAN TO WORK, YOU JUST NEED THE RIGHT TOOLING.
You need the right tools
The correct tooling allows you to overcome these limitations by doing some clever things without any changes to network security whatsoever. Native systems management tools such as SCCM or Altiris typically require network changes.
1E’s NightWatchman for instance has the concept of ‘last man standing’. This dynamic solution ensures that at least 1 device in each subnet remains on constantly. This acts as a proxy for the magic packet request. The solution just does this out of the box and there is no configuration or nomination required. An agent it will either auto reboot or an alternate agent will be used, if it gets powered down by the end user. You can shut down and wake up until your heart is content. This achieves significant cost savings as well as improves patching success rates.
Most modern devices come with the NIC enabled already due to Energy Star compliancy. Configuring the NIC to allow wake ups is also relatively simple. Free tools from the various hardware vendors allow the NIC to be enabled for wake on lan.
So in short, wake on lan, yes you can! Don’t let anyone convince you otherwise! Ensure that whatever tool you deploy, it does not compromise your network security.