Export (0) Print
Expand All

Example Scenarios for Using Out of Band Management

Updated: October 1, 2009

Applies To: System Center Configuration Manager 2007 R2, System Center Configuration Manager 2007 R3, System Center Configuration Manager 2007 SP1, System Center Configuration Manager 2007 SP2

The following sections in this topic provide example scenarios of how out of band management in Configuration Manager 2007 SP1 can be used:

noteNote
The information in this topic applies only to Configuration Manager 2007 SP1 and later.

In all these scenarios for Woodgrove Bank, Mary North, the Configuration Manager administrator, has implemented out of band management throughout the Configuration Manager hierarchy. The desktop computers are AMT-based and meet all the prerequisites for out of band management.

Deploying New Computers

The following scenario demonstrates how you can use out of band management to install an operating system and applications on bare metal computers.

Woodgrove Bank receives a batch of new computers that are delivered to various branch locations. The company's policy does not allow these computers to use PXE installation, and it would be very time-consuming for an engineer to travel to each location and manually install the operating system and required applications. However, there is an image file located on the network that contains the required operating system, custom applications and settings, and the Configuration Manager client.

To ensure that the computers are up and running in an efficient manner that also complies with the company's policies, Mary North decides on the course of action outlined in the following table.

 

Process Reference

The AMT-based computers have a customized firmware image that includes the following settings:

  • The certificate thumbprint of their internal root certification authority.

  • The domain suffix for these computers.

  • The provisioning server is configured for the IP address of the out of band service point site system server.

  • Serial over LAN and IDE redirection are enabled.

Decide Whether You Need a Customized Firmware Image From Your Computer Manufacturer

Mary has a list of the new computer details, including the MAC address and UUID.

She creates a comma-separated values (CSV) file with the computer details, one line for each computer, by using an entry similar to the following:

NEWCOMP1,NEWCOMP1.woodgrovebank.com,55555555-5555-5555-5555-555555555555,05:06:07:08:09:0A

She creates a new collection that has no members.

She right-clicks Collections, and then clicks Import Computer for Out of Band Management Wizard. When running the wizard, she specifies the following:

  • Import computers using a file.

  • The CSV file that she has prepared.

  • The collection that she created.

Mary then creates DHCP reservations for each of the AMT-based computers, specifying the same MAC address in the DHCP reservation that she used in the CSV file.

For more information, see the following topics:

Mary monitors the provisioning status of these computers by adding the AMT Status column to the Configuration Manager console and periodically refreshes the display.

For each computer that displays Provisioned, Mary manually creates a host record in DNS with the following values:

  • The same host name that was specified as part of the FQDN in the CSV file.

  • The same IP address from the DHCP reservation that matches the host name that was specified as part of the FQDN in the CSV file.

How to Identify Computers That Are Provisioned for AMT

Mary connects to each provisioned AMT-based computer by using the out of band management console and then performs the following actions:

  • She clicks Power Control, selects the boot option for IDE redirection, and enters the network path to the image to install the operating system, custom applications and settings, and the Configuration Manager client. Then she clicks Power On.

  • She clicks System Status and refreshes the console to confirm the change in power state, and then she closes the console.

For more information, see the following topics:

How to Run the Out of Band Management Console

How to Power On or Restart a Computer Using Out of Band Management

As a result of the preceding course of action, the new computers are deployed in a way that meets the company's requirements, without requiring local access to the computers.

Powering On Computers to Install Applications

The following scenario demonstrates how you can use out of band management to power on computers to install applications (or perform routine maintenance) without using traditional wake-up packets.

The marketing department at Woodgrove Bank has been approved a request to install a nonstandard application on five computers. Mary North has already created a collection for these five computers and an advertisement to install the application as soon as possible. After establishing a time period when no users will have their computers turned on and will not be unduly inconvenienced, she performs the actions in the following table to power on the computers so that the application can be installed.

 

Process Reference

Mary locates the computers in the Configuration Manager console and then performs the following actions:

  • Multi-selects and right-clicks the five computers.

  • Clicks Out of Band Management, and then clicks Power Control.

  • Selects Power on.

  • Confirms the action by clicking OK.

She then monitors the progress of the application installation.

How to Power On or Restart a Computer Using Out of Band Management

If required, after the installation is complete, she can shut down each computer individually by using the Configuration Manager remote control tools and selecting the shutdown option from within Windows.

noteNote
The out of band management power-off command is not appropriate here because this does not perform a graceful shutdown of the operating system.

How to Remotely Administer a Client Computer

As a result of the preceding course of action, the application is installed outside business hours without sending wake-up packets over the network, without requiring that the computers are left on, or without requiring local access to the computers.

Powering Off Computers to Protect Against a Security Attack

The following scenario demonstrates how you can use out of band management to power off computers when it is imperative that they do not remain running and cannot be shut down by normal means. Powering off computers should always be considered a last resort because it has the same effect as removing the power cable from the computer: the operating system does not shut down properly, unsaved work is lost, and logged-in users are given no notice of the power-off action.

Woodgrove Bank has an intrusion detection system that monitors suspicious activity on servers and the network. In the early hours of the morning, an alert is generated that indicates a security attack has occurred on one of the servers. Although the desktop computers are usually turned off at night, some users leave their computers on. These computers need to be turned off immediately to safeguard them against the security threat.

To help protect the desktop computers from the security threat, a security administrator performs the actions in the following table.

 

Process Reference

The security administrator identifies the desktop computers that are turned on and at risk and locates them in the Configuration Manager console.

She performs the following actions:

  • Multi-selects and right-clicks the computers.

  • Clicks Out of Band Management, and then clicks Power Control.

  • Selects Power off.

  • Confirms the action by clicking OK.

How to Power Off a Computer Using Out of Band Management

As a result of the preceding course of action, the risk of these computers being vulnerable to the security attack is greatly reduced.

Re-imaging a Nonfunctioning Computer

The following scenario demonstrates how you can use out of band management to re-image a nonfunctioning computer when other troubleshooting steps have failed.

Woodgrove Bank has a help desk policy that computer desktop issues that prevent business continuity must be resolved within a set period. There is no data stored locally on the computers, so re-imaging these computers is the most efficient way to resolve these types of reported problems. However, in the past this has meant that a help desk engineer must visit the site or the computer must be transported to and from the help desk location.

To more efficiently re-image a nonfunctioning computer, the help desk engineer proceeds with the course of action outlined in the following table.

 

Process Reference

The help desk engineer locates the computer in question in the Configuration Manager console and confirms that she cannot use Configuration Manager Remote Tools to connect to the client computer.

She connects to it using the out of band management console.

How to Run the Out of Band Management Console

The help desk engineer then performs the following actions:

  • She clicks Power Control, selects the boot option for IDE redirection, and enters the network path to the image to reinstall the operating system, custom applications and settings, and the Configuration Manager client. Then she clicks Restart Computer.

How to Power On or Restart a Computer Using Out of Band Management

Later that day, the engineer checks the status of the computer and confirms that it is working again as required. She closes the help desk ticket within the specified time limit.

Company-specific process.

As a result of the preceding course of action, the computer is efficiently re-imaged without requiring local access, even though the operating system was not responding. This level of control helps to resolve critical issues in a timely manner, ensuring higher levels of business continuity for the company.

Configuring BIOS Settings

The following scenario demonstrates how you can use out of band management to configure BIOS settings for a desktop computer without requiring local access to the computer.

The help desk at Woodgrove Bank receives notification that two newly deployed computers do not boot successfully. This is a custom build, and the engineer suspects that the BIOS settings are not correctly configured.

To check the BIOS settings without local access to the computer, the help desk engineer proceeds with the course of action outlined in the following table.

 

Process Reference

The help desk engineer locates the computer in question in the Configuration Manager console and connects to it using the out of band management console.

How to Run the Out of Band Management Console

The help desk engineer then performs the following actions for each computer in turn:

  • She clicks Power Control, selects the boot option for BIOS setup, and then clicks Power On.

  • She clicks Serial Connection and waits for the BIOS settings to display. When they do, she discovers that the wrong disk is configured for booting the computer. She makes the required change and then saves the new BIOS settings.

The computer automatically reboots and successfully loads the operating system from the correct disk.

How to Configure BIOS Settings for a Computer Using Out of Band Management

The engineer confirms that the two computers are now operational and closes the help desk ticket.

Company-specific process.

As a result of the preceding course of action, the time-to-resolution for these computers is dramatically reduced because local access to the computers is not required.

Troubleshooting a Nonfunctional Computer

The following scenario demonstrates how you can use out of band management to run diagnostic commands and utilities for a desktop computer that is not functioning (for example, the operating system stops responding or will not load) without requiring local access to the computer.

The help desk at Woodgrove Bank receives notification that a computer has stopped responding. To troubleshoot the computer, the help desk engineer proceeds with the course of action outlined in the following table.

 

Process Reference

The help desk engineer locates the computer in question in the Configuration Manager console and connects to it using the out of band management console.

How to Run the Out of Band Management Console

The help desk engineer then performs the following actions:

  • She clicks Power Control, selects the boot option for IDE redirection, specifies the path and file for a diagnostic utility in the IDE redirection path, and then clicks Restart Computer.

  • She clicks Serial Connection and waits for the computer to boot from the image that contains the diagnostic utility. Using the diagnostics, she discovers that the disk has a number of bad sectors. She selects the option to repair the bad sectors and then exits the utility.

  • She clicks Power Control, clicks Restart Computer, and closes the out of band management console.

How to Run Commands, Repair Utilities, and Diagnostic Applications for a Computer Using Out of Band Management

The engineer confirms that the computer reboots and loads the operating system successfully.

Because the computer is operational again, she closes the ticket, but she puts in a request to replace the hard drive to safeguard against the same problem in the future.

Company-specific process.

As a result of the preceding course of action, the time-to-resolution for this computer is dramatically reduced because local access to the computer is not required.

Achieving Compliance for Software Updates by Using Wake On LAN and Power On Commands

The following scenario demonstrates how you can use out of band management with software updates in Configuration Manager to help achieve higher success rates for installing software updates within a specified time frame.

Woodgrove Bank has a security policy that requires that all computers on the network running Windows have critical security software updates installed within two weeks of release. The installation of these software updates on servers has a 100% success rate, but the success rate on desktops is only 80%, despite the Configuration Manager administrator deploying them within one week after release. On investigation, the computers that do not have the software updates installed are turned off for various reasons—for example, because users are on vacation or sick leave or because the computers are not in everyday use and are turned on only when needed for a specific application or process.

The security policy also prohibits sending wake-up packets over the network, but there is often not enough time to track down each computer, turn it on, and install the required software updates to meet the compliance deadline.

To help achieve the compliance levels in a timely and efficient fashion, Mary North decides on the course of action outlined in the following table.

 

Process Reference

Mary enables Wake on LAN for the primary sites in the hierarchy and selects the following option: Use power on commands only.

How to Configure the Site to Send Power-On Commands for Scheduled Wake-Up Activities Using Out of Band Management

She checks the packet transmission settings in the out of band service point properties and makes some minor changes.

How to Configure Power On Transmissions for Scheduled Wake-Up Activities

She reads the information in the documentation about the additional time that might be required to power on multiple computers and plans accordingly by creating different collections of computers so that software update deployments can be configured in batches.

Choose Between Power On Commands with Out of Band Management and Wake-Up Packets for Wake On LAN

Mary closely monitors the installation of the critical software updates. For the computers that haven't yet installed them, she creates a new deployment that contains the software updates, but this time it is also configured for Wake on LAN. She targets this software update deployment in batches to the collections that she created.

How to Configure a Software Update Deployment for Wake On LAN

As a result of the preceding course of action, critical software updates are installed on the majority of computers within one week. This leaves a comfortable margin of one more week to track down and correct the few desktop computers that still require the software update, perhaps because the computer went into sleep mode before it received the software update deployment or because there was no power to the computer.

Using the combination of software updates with a deadline for the majority of computers, Wake On LAN with power-on commands for the few computers that are turned off, and manual intervention for the minority of computers that remain noncompliant, Woodgrove Bank can now meet its compliance levels every month.

See Also

For additional information, see Configuration Manager 2007 Information and Support.
To contact the documentation team, email SMSdocs@microsoft.com.
Was this page helpful?
(1500 characters remaining)
Thank you for your feedback

Community Additions

ADD
Show:
© 2014 Microsoft