Enterprise PC Power Management Methods to maximise energy and cost efficiencies in distributed networks August 2014
1. Introduction This whitepaper was first published in January 2009. Five years on, Enterprise PC Power Management is still as relevant today as it was then. One could argue that with rapidly rising energy costs and a significant focus on sustainability and the triple bottom line, it is even more relevant. Leaving an average PC and CRT monitor constantly switched on, perhaps for convenience or IT administration purposes, conservatively consumes anywhere between 500-700kWh per annum. Depending on your geography, this is around half a tonne of CO2 emissions produced every year. Implementing a PC power management solutions can reduce energy consumption by as much as 60%. In an office of 1000 PCs, annual energy cost savings will soon add up. This document has been written specifically to provide technical background on the 1E NightWatchman solution for consideration within power management design and implementation. It is not attempting to assess one solution over another or provide competitive analysis, rather to indicate why sustainable IT believes that NightWatchman Enterprise from 1E provides the most complete and enterprise ready offering in the marketplace. 2. Power Management Evolution Power management evolution and solution maturity can really be divided into 4 main areas. We loosely categorise these as follows: Level 0 The Laggards There are no power policies or solutions implemented and reliance is placed on users configuring these themselves. Usually this is through campaigns and communication/education. Social engineering works to a degree but unless it is entrenched continually it fails. There is no way to manage or report at this level. Level 1 The Chancers Policies are configured centrally using Active Directory group policy and enforced on workstations. This is generally a one size fits all scenario and does not engage the end users at all. Group policy is inherently flawed and there is no guarantee that the policy is actually enforced and working (this is a legacy Microsoft issue). You also have zero visibility on the success of the solution as well as the saving that are being achieved. Level 2 The Pretenders Systems management tools are implemented to extend group policy functionality as well as provide basic wake up functionality and some rudimentary reporting. It should be noted that Systems Management tools provide a plethora of other services so their power management sustainableit (Pty) Ltd 2014 Page 2 of 14
functions are not extensive and their reporting is very basic. These tools provide you with a basic PC Power Management solution but do not deal with the complexities that you find in large PC environments, hence they don t cater for the exceptions very well. Level 3 The Achievers A PC power management tool is implemented across the enterprise. These tools often integrate with tools like SCCM (eg NightWatchman) but provide extended capabilities to ensure that you are maximising your savings. Functionality includes enterprise ready wakeup, user centric shutdowns, document backup prior to shutdown, dealing with PC insomnia to maximise savings, forced shutdowns etc. These solutions also comes with extensive and accurate reporting. Essentially if you want to maximise your savings opportunities and report from both a business and sustainability perspective with reliable data you need a PC power management tool like NightWatchman that provides you with this information. Level 0 speaks for itself but it is important to unpack the other offerings a bit further to understand benefits and shortcomings. 3. Level 1 - Microsoft Technology On the face of it, implementing a purely Microsoft solution is the obvious choice as many of the technologies involved (such as group policy within Active Directory) are already largely deployed throughout most large scale distributed environments. 3.1 Group Policy Power Management With the advent of Windows Vista, Microsoft introduced a number of group policies to allow the setting of standard Windows power profiles. The implication is that it is possible to set a number of power management attributes centrally for all machines on the Windows platform (Vista/Win 7 and Win 8). It was traditionally difficult to set these values for XP and 2000 machines. Group Policy is an excellent solution for managing general settings across large numbers of computers as it is generally recognised as being both reliable and scalable. However, because of the extensibility of the technology in terms of organisational change and the impact thereof, there is often reluctance and procedural difficulties with making regular changes to these settings. Therefore group policy is ideally suited to remotely configuring global settings such as password policies that are static and set only once, rather than settings that may require monitoring/enforcement and enhancement like power settings. 3.2 Managing Exceptions Another issue with group policy for configuring power management settings is that there is a need to manage exceptions. If a policy is applied to an organisational unit (OU), then it will affect all machines or users within the OU. If there is a requirement to apply a different policy or no policy at all to a subset of machines, then the options are to create lower levels of nested containers (which may not fit in with the Active Directory design) or use group policy filtering. sustainableit (Pty) Ltd 2014 Page 3 of 14
Group Policy filtering is usually implemented by setting permissions on a policy to deny a group of users or machines from applying it and in parallel implementing an alternative policy and granting rights to the exception group. There are a number of downsides with this as an approach: Management Overhead Maintenance of these groups can become complex and expensive as permutations increase Troubleshooting Group Policy filtering can increase the complexity of what is applied where. This adds uncertainty to the faith that is placed in the reliability of group policy as it becomes more complex to ascertain if the policy is actually being applied. Processing Overhead It is commonly accepted that filtering significantly increases the CPU burden on domain controllers and as a result in most environments its use tends to be restricted by architectural policy. 3.3 Standby Based Power Management The group policy templates for Windows are based on the premise of putting a machine into standby after a certain period of inactivity. There is nothing inherently wrong with this paradigm, but it does make the assumption that the machine will go into standby and come out of it successfully. There is also very little feedback that the settings are working as expected: there is of course no implication that group policy will fail to apply the setting, just that the machine may not be able to enter standby as intended. There are a number of things that can cause this: 3.3.1 Incorrect Thread Execution State Applications and processes can request a particular thread execution state which will prevent the machine from applying certain power management. System Required The system is not allowed to go into standby while the process is requesting this state. Display Required Neither the system nor monitor can enter a low power state during this thread execution state. There are many circumstances where it is very beneficial to use this, such as watching a movie in Windows Media Player. However many 3 rd party applications set this value at inappropriate times and therefore prevent the system from entering standby. There is no native mechanism to report which thread is causing this state, only that it has been requested. It is also worth noting that this problem is most prevalent with System Required thread states, meaning that generally monitor power savings can still be enjoyed, but this does mean that users are less likely to notice and therefore report the Sleeplessness of their machine. 3.3.2 Machine can hang when sleeping or resuming When a machine attempts to enter a standby state and hangs while doing so, this is usually caused by a driver issue and can be remedied with basic troubleshooting. Machines can also hang when coming out of standby (resuming), this too is often caused by driver issues, but may be caused by firmware or hardware malfunction. This has significantly improved with the advent of Windows 7 and Windows 8 but still causes issues in older environments. sustainableit (Pty) Ltd 2014 Page 4 of 14
3.3.3 Apparent User Interaction Quite rightly user interaction, such as mouse or keyboard activity, is considered to be reasonable grounds to prevent system standby. However even this can occasionally produce unpredictable results. Faulty mouse hardware can cause minute fluctuations of the cursor that register as input. In some extreme cases 3 rd party applications have been observed to move the mouse pointer one pixel periodically as an alternative to setting the thread execution state. 3.3.4 CPU Thresholds Windows uses idle process counter to measure if CPU is busy. If the idle counter is under 80%, then the machine will not be allowed to enter standby. Some 3 rd party services and applications periodically run internal maintenance tasks causing spikes in CPU activity, but doing no useful work. This has been observed to prevent system standby. 3.4 Updates Windows security updates almost always require the system to be rebooted. If machines only ever go into standby, security updates are never applied and network security is placed at risk. 4. Level 2 Systems management tools You may already know what systems management tools do but sometimes it helps to reiterate this. Generally these tools provide the following functionality: An installation mechanism for all types of software o Applications o Operating System deployments o OS and Application Updates (patching) Software distribution gets the software to where the computers are Portals to allow users to initiate software installation Malware mitigation (endpoint protection) Asset data collection (inventory) hardware and software details in depth, including software usage (metering) Software asset analysis including some license management Configuration policy verification and enforcement settings management, including power settings, firewall policies, and roaming user configuration Wake-on-LAN the ability to powers up computers when needed Network Access Protection Remote control This is a lot for any system, and all of these are done on a wide diversity of devices on almost any scale in often complex environments. Given all that, it shouldn t surprise anyone that there are opportunities for improvement, hence the need for specialised PC power management solutions. sustainableit (Pty) Ltd 2014 Page 5 of 14
4.1 Greater control over power management These solution include the basic power management options required for distributing power management plans to appropriate computers and collecting computer state data for reporting purposes. Often these are an extension of group policy concepts but provide more granularity and ease of administration when it comes to deploying the policies. 4.2 Wake on lan Wake-on-LAN as a feature is most relevant to content distribution and power management. In some cases it can also be used with Operating System deployment in order to upgrade computers that have gone to sleep. You can maximize power management when administrators and users are confident that computers can be woken up when needed. Some systems management tools provide wake on lan (WOL) capbilitities. WOL runs in one of two modes: subnet-directed broadcast or unicast. Often customers find that unicast does not work once routers have aged out their MAC address (typically after four hours). Subnet-directed broadcasts only work if routers are set to propagate subnet-directed broadcasts, which is normally not the case due to security concerns. Therefore these solutions are generally found to not be practical in production. More recent systems management releases have introduced the concept of WOL Proxies to address the unicast weakness by ensuring that at least one client on each subnet has the MAC addresses for all its peers and is ready to send magic packets in response to the unicast packets. It never drops the MAC addresses and therefore should be ready at any time. However, often these solutions will listen for any network requests on any of the protocols that the clients are using. Therefore computers will be frequently woken, counteracting any power management policies you might have in place. 4.3 Reporting Systems management solutions generally differentiate themselves from group policy through reporting on cost, co2 and energy reporting. Many of these solution have been designed with a just enough mentality as power management is merely a subset of what the solution is intended to do. As a result reports are often based on averages (average energy consumption for all devices) and baselining capabilities are limited prior to deploying policies. The result is reporting that cannot realistically be used for management and sustainablilty reporting as it is inaccurate and fraught with errors. sustainableit (Pty) Ltd 2014 Page 6 of 14
5. Level 3 Enterprise PC Power Management (NightWatchman) The functionality described in Level 3 is based on 1E NightWatchman and is largely unavailable in most systems management tools available on the market today. 1E has been the world leader in PC power management solutions for around 14 years, significantly longer than any other organisation that operates within this sector. NightWatchman Enterprise is essentially made up of two components: NightWatchman 1E WakeUp 5.1 NightWatchman NightWatchman offers a number of benefits when considering an enterprise power management solution. 5.1.1 Scheduled Power Events NightWatchman can be used to configure all of the inactivity based power events that come out of the box with Windows, but also provide the capability to use scheduled power events. These can be used to: Power off, Hibernate or Suspend systems at a specified time in the evening Power off machines when no user has logged on in the morning Enforce regular system reboots throughout the organisation Power off or reboot machines after out of hours software deployment NightWatchman also has the capability to manage systems with a logged in user. If a user is logged in and working during a timed shutdown event, the solution will automatically defer the shutdown based on monitored activity. When the user leaves the machine, after a defined period of inactivity a dialog box with a countdown display will pop up allowing a user to manually postpone (if they had left their machine to go on a break as opposed to leaving it for the night). Once the countdown expires any open applications will be shut down. Automation scripts will be employed to automate the protection of unsaved user data. This function is completely extensible, so support can be added for internally developed and 3 rd party applications if required. The overriding premise in the solution is that no user data should ever be lost in doing shutdowns. The solution works on a shutdown schedule. Once the scheduled event occurs and a machine is powered down, a user can manually reboot the machine should they have come into the office to perform tasks out of hours. 5.1.2 User Satisfaction Power management is important, but must always be secondary to user experience. The section above explains the user interaction and benefits of Automation scripts to back up data, clearly important in maintaining user integrity. Another scenario that needs to be catered for is one where a user needs to be able override power management for a legitimate business function. Imagine the scenario where a user wants to leave sustainableit (Pty) Ltd 2014 Page 7 of 14
a large file downloading overnight. NightWatchman provides the capability to allow a user to opt out of power management for the night to be able to achieve this. 5.1.3 Detailed Reporting It stands to reason that any organisation setting targets on energy savings needs to be able to establish where they currently are and measure the improvements that are made. Accurate reporting is used to drive desired behaviours and ensures that the solution is set up for optimum energy and cost savings. NightWatchman provides detailed reporting capabilities via a web based reports console. Distributed machines log their power state every time it changes and periodically post this data via HTTP to a.net web service. This data is combined with hardware model power consumption data to produce accurate reports. 5.1.4 Sleepless Client Detection NightWatchman provides Advanced Sleepless Client Detection which is a feature aimed at identifying which machines are not entering sleep and why often known as PC insomnia. This utiises a proprietary 1E driver that is loaded only when a machine fails to enter sleep and can provide information on the process that is preventing the machine from entering the low power state. This information allows administrators to determine which processes should not be allowed to keep machines awake or enforce a policy to ignore these specific processes. NightWatchman can compare this policy against a detected process list and force machines into sleep if necessary. sustainableit (Pty) Ltd 2014 Page 8 of 14
5.1.5 Exception Handling There are a number of scenarios that an organisation might need to consider in terms of exceptions: Scenario Workstation is serving as a server or concentrator for legacy application Development machines run overnight compilation jobs / Finance machines run batch processing out of hours Want to apply a lighter power policy to certain machines VIP user wants to be excluded from power management Need to prevent shutdown until after certain condition has been met NightWatchman Mitigation Process Exception list: NightWatchman can abort shutdown if a specified process is found to be running & keep retrying until process aborts. The NightWatchman console can be used to easily apply granular power policies to small groups of machines. NightWatchman can be configured on individual remote systems via the command line, so an administrator can override departmental or site policy for the VIP. NightWatchman offers a preflight script that will run prior to shutdown. This will allow an administrator to set any required logic to prevent or allow shutdown. sustainableit (Pty) Ltd 2014 Page 9 of 14
5.1.6 Centralised Administration The NightWatchman console is probably the best method for managing power policy settings in complex environments. It has been load tested up to 400,000 clients, so is certainly scalable enough for almost any conceivable environment. The console provides delegation of control capabilities to allow site managers or designated departmental heads to manage power policy for their department or section. It is also possible to use this console for the following: Construction of location and organisational hierarchy Designing Power Policies Designing Power Schemes Configuring Hardware specific consumption data Configuring location based tariffs sustainableit (Pty) Ltd 2014 Page 10 of 14
5.2 1E WakeUp Availability Management Any organisation attempting a systematic power down of systems needs to consider out of band management. 5.2.1 Reliable & Secure Wake on LAN Many wake-on-lan solutions integrated into software distribution tools rely on Subnet Directed Broadcast technology, which can be difficult to implement and has potential security implications from a networking perspective. 1E WakeUp uses a proxy agent method of waking systems that has proven to be extremely robust in large and complex networks. The WakeUp service relays the WOL request off a local PC running the WakeUp agent, which initiates the broadcast locally. This avoids any of the issues with router reconfiguration or denial of service vulnerabilities. The 1E solution has been successfully implemented in large complex networks to provide highly reliable patch management. sustainableit (Pty) Ltd 2014 Page 11 of 14
5.3 User Satisfaction 5.3.1 WebWakeUp In some environments users wish to remotely connect to their machine from home via VPN or another corporate location. This is of course only possible if the machine is fully powered up. WebWakeUp allows users to remotely power on their machine and connect to it via RDP or some other method. WebWakeUp allows a user to register their user account against a machine using a web interface. They are then able to power it up by connecting to the corporate network by VPN and visiting an intranet page. This interface is completely customisable and intended to be closely integrated with existing intranet systems. 5.4 Out of Band Deployment As soon as an organisation embarks on shutting systems down out of hours, it needs to consider enabling systems with a wake-on-lan capability to enable out of band software distribution. When used in conjunction with 3 rd party Management Solutions such as Microsoft WSUS or Altiris, 1E WakeUp offers a maintenance window feature. This enables IT Departments to schedule deployments to occur at a time out of normal working hours. sustainableit (Pty) Ltd 2014 Page 12 of 14
The NightWatchman console can be used for scheduling these maintenance windows. Once this is enabled, software distributions, such as patches should be configured to be distributed during the wake up window. sustainableit (Pty) Ltd 2014 Page 13 of 14
6. Return on investment Powering off unused workstations not only improves the management and efficiency of distributed computing, but makes sense financially as well. With corporate energy rates increasing significantly, the business case for an effective power management solution builds itself. In environments where the majority of workstations are left on overnight, powering down for 12 hours per day on weekdays and 18 to 24 hours on weekends can make a tremendous impact on the bottom line and cost savings initiatives. When one sees this within the context of the cost of a power management solution such as that provided by 1E, payback periods range between 9 and 12 months, making the decision to invest in an enterprise ready, robust solution all the more attractive. 7. Summary and conclusion Enterprise power management solutions targeted at distributed networks offer businesses a quick win in energy and cost savings initiatives. Organisations must design and implement solutions that overcome the inefficiency that typically lies in this infrastructure, failing to do so is irresponsible when one considers our existing energy crisis. The 1E solution, discussed in this paper provides IT Departments with a comprehensive and holistic solution to both energy and patch management. The speed of deployment and ease of management thereafter sets it apart as the solution of choice in the enterprise power management landscape. sustainableit (Pty) Ltd 2014 Page 14 of 14