Slashdot Mirror
Do Any Companies Power Down at Night?
An anonymous reader writes "My Health Sciences Campus has about 8,000 desktop computers, and on any given night about half of them are left on. I know this because I track all the MAC addresses in case there is a virus outbreak. Aside from the current fad of 'being green', has anyone had any success in encouraging users to power-down at night? You could potentially eliminate running bots, protect yourself from the next virus outbreak, keep your data safe, etc. Do security concerns and power consumption issues matter enough to do this?"
During the week machines are left up to push automatic updates (5 minutes of downtime, times 10k employees, is about $80,000 of billable time). At weekends they get shut off either manually or under remote control.
Beep beep.
On a Windows XP system, you also want to set the CPU performance in the default power profile to "ADAPTIVE". I'd actually think you'd do well to set the hard drives to spin down and the monitor to turn off after 15 or 20 minutes, set the system to suspend after 30 or 45 minutes, and hibernate after an hour and a half to two hours. You might have to exempt some systems from hibernating - some software and drivers don't always react well to hibernate, and it would be a pain in the (*#)(@ to have to restart after lunch or every meeting. Suspend is a good middle ground. With something more disruptive, a company could well look at that and say "it's not worth the few minutes per day of productivity loss, when factored against the employee's salary + benefits cost." Especially if it leads to calls to your internal helpdesk to try to recover documents in progress or some other work. By the way, productivity vs. conservation is one of the reasons organizations need to be given incentives to conserve power if we want them to do it before energy prices actually exceed cost per hour of labor.
Sorry I should have clarified. It took 6 months to implement but we have had the policy for a little over 4 years now.
Do security concerns and power consumption issues matter enough to do this?
Yes and no.
When I first got comfortable in my current job, I made a big push toward "greening" our IT resources. As one obvious (erroneously, as I'll explain in a sec) step in this, I convinced most of my users to shut down at night. If we need to push out updates, WOL works just fine for turning machines on a couple hours before the start of the day, and it doesn't impact anyone during working hours.
Then I learned how electric billing actually works for commercial users - Put simply, your company doesn't care if machines stay on all night, because they pay based on their peak load, which will always occur during normal business hours. I had applied ideas that make perfect sense at home, to an environment where they don't apply.
Now, that doesn't mean we should just leave machines on 24/7 - Using electricity has an an environmental aspect in addition to the monetary cost. But if it inconveniences users by more than a few seconds every day, any conservation efforts will actually cost the company money in the long run.
So, I still encourage my users to shut down, and 95% comply. But if they consider it too much of a hassle, I can't financially justify forcing them to spend the first minute of the work day waiting for their machine to boot (not that anyone really works for the first five to ten minutes of the day, between coffee, hitting the bathroom, and just getting the obligatory morning socializing out of the way).
As for the security aspect of this, the servers must run 24/7, and any attacker would target them rather than some random user's desktop. I don't worry about an attacker using a compromised desktop as an intermediate step to the servers, because the desktops have no more privileges on them than anything else inside the firewall (and even then, not much more than a totally untrusted source, except for nonconfidential shared resources that we could restore in a matter of minutes if necessary).
Me too!
In any cases, I always leave my computer (a laptop) on during the week. I shut it off on weekends, but due to the software inventory tracker and the required anti-virus scans, I always leave the machine on during the week so that I can actually use it during the day.
The real problem is that the anti-virus scan is so slow that it takes a good three hours. The inventory scan is somewhat better, and only takes about an hour. In both cases, the machine drags to near unusable levels while the scan is running. Given that it's a dual-core machine, this is really a testament to just how screwed up Window's I/O scheduling is - both involve lots of file reads, which apparently causes Windows to drag to a crawl.
Not to mention that hibernate and to a lesser degree suspend appear to not work well with certain drivers on my system. Using hibernate kills the wireless drivers, which isn't a horribly big deal when I can physically plug the system in but it does mean that I just shut the thing off when roaming about, since I'll have to reboot anyway.
But it's that three-hour IT required virus scan that keeps me leaving the machine running nights. That's a real productivity killer during the day. Fortunately it's only scheduled to run once a week.
The inventory app, on the other hand, runs daily for some reason.
You are in a maze of twisty little relative jumps, all alike.
I can't help but laugh at those that quote reasons such as 'automatic updates' and 'antivirus scans' as legitimate reasons for leaving a computer on overnight.
With many enterprise management tools, such as Zenworks, it's quite simple to schedule a wake-on-lan task to wake computers up at say, 6am, to perform their daily tasks. It can even be configured to push out an automatic reimage of the machine. Once the updates and scans are done by 7am, people are just beginning to come into the office, yet you've still had a whole 10 hours of downtime. Incidentally, I've not seen a single computer in the past 4 years that doesn't support WoL on the mainboard NIC. Big bucks enterprise manglement apps aren't even required. A simple cron job, and some wakelan/ether-wake/wakeonlan/Net::Wake magic will do it for free. Just gather a list of Mac addresses with ettercap or your friendly ARP table or asset management app/spreadsheet.
May will say that the bandwidth requirements of updates squeezed into the 6am to 7am slot will degrade systems, but that's where a background process such as BITS should be used (as demonstrated by Eve Online, Zenworks, Microsoft and Google). The virus updates are a minor bandwidth requirement if you have suitable leaf services, and the actual scan is only locally intensive.
Being a public sector organisation, we're working towards a greener profile (due to govt policies), and all the tools are there and working. It just needs some effort on the part of the administrators.
The correct plural of virus is viruses.
occultae nullus est respectus musicae - originally a Greek proverb
Why on earth would you need to access your machine to get your data? Are you actually storing important data on the desktop? You really, really need to look into File Redirection in GPO's. We move desktops, Application data, and MY documents to a network drive, that is actually backed up every night. Users don't have to worry about losing data because their drive dies, or whatever.. They can also move to any other computer, and have almost all their apps running on it. (there are a few exceptions for specialized software) On our student network, we setup every desktop to power down at midnight. All run virus scan's updates, etc, between 10pm and midnight. (labs close at 10pm.) The servers stay on, so files can be reached remotely. In the morning, only a few machines will automatically turn on, most wait for someone to push the button. The power saving for us were significant enough to not worry about a student having to wait 30 seconds for a machine to boot.
I'm going to roll this out to our admin network computers as well. We are really saving noticable amounts of money, because not only are the machines not powered, but the AC doesn't have to run to keep the rooms cooled. THe only glitch I have ran into is when I need to push out updates to all computers, and some were not turned on that day. In the late afternoon, I use WOL to wake up all computers on campus.
What are we going to do tonight Brain?
Unfortunately the EPA's EZ GPO page seems to have gone poof or something recently, but you can get it here.
Basically, you push a (simple) msi to the machines (I do this a lot of the time via psexec (props to Mark Russinovich) but there are other methods. Once you have that running on the machine you can configure how you want your machines to behave/re power management:
We also have a script that runs at midnight a few days of the month that does the magic packet thing as has been mentioned so WSUS and/or SMS (or SC:CM) can do their thing and automatic updates run as normal. In a few "why does my machine have to boot up every day this sucks" user groups we have a scheduled job to send magic packets about 15 minutes before they arrive to wake up their machines. With hybernate they hardly know anything happened.
Obligatory disclaimer: This is my opinion, and may not reflect that of my employers. If you have a problem with it, take it up with me, not them.
I work for Dell. I can tell you for a fact that we take the environment seriously. The building I work in houses a 24/7 call center, but certain areas of the building are not 24/7. Corporate sales for the country are here, and take up half of the 3rd floor, for example. I happen to be in the sales department myself, and there's a piece of software installed on every desktop that hibernates the computer at 20:30 EST (with a half-hour countdown to that point). My department shuts down at 19:00, no other sales department is open past 20:00. We all open at 08:00 the next day, and the automatic hibernation sets an alarm to wake up the computer at 07:45. Alternately, if you turn your own system off through the start button and shut down, it'll stay off until you turn it back on.
We've also got computer recycling programs in place, and the "plant a tree" initiative where you can have us plant a tree for every computer you buy.
Sure. Some companies don't take going green seriously. But some do. And the number of companies that are taking it seriously is growing. Besides which, every little bit helps. Do you know the amount of energy that could be saved if everybody unplugged those electronic devices that "sleep" when they're not being used? 2W doesn't sound like much, until you multiply it by half a billion devices.
If you believe everything you read, you'd better not read. - Japanese proverb
At the school I work at, we have an automatic shutdown at 6 PM. It has a five minute timer and is preceeded by a text file in a DOS window reminding people that there is an "ABORT SHUTDOWN" option in their start menu if they are using the PC and the shutdown process begins.
/DELETE ALL (or whatever the syntax is) - to prevent the AT table from getting crowded with dozens of the same command
Two simple batch files for XP, on in the All Users startup directory, one in the All Users\Information Services directory of the start menu.
Startup:
AT
AT 18:00 "shutdown -t 600"
Abort:
Shutdown -a
We reset the AT table every day just in case some know-it-all high school student finds out such a thing exists and starts screwing with it. For the most part, though, not even the techs knew such a thing existed until I proposed using it.
We tried a lot of other ideas, but this is the simplest and most user-friendly. Big signs don't work, teachers and lab aids are no better than the students about following directions. Since implementing it 18 months ago, we've gone from having roughly 900 PCs online at night to about 100...including servers, timeclock systems running thinstation terminal sessions, and technology and admin workstations that are excepted from the shutdown policy.
120 characters for a sig? That's bloody useless.
I know in particle physics we need to leave our computers on overnight quite regularly. We share computing resources and often run simulations for several days (or longer). Shutting down the routers and switches connecting one computer to the rest of the particle computers in the building effectively cancels the simulation since huge datasets might be spread across 7 or 8 computers. At CERN, when the LHC turns on there will be thousands of computers running 24 hours a day for many years. At a university, obtaining your sample set of data may require at least a day (you're expected to pull the data and then work with it rather than using CERN computing resources, although the specifics haven't been worked out yet). Some projects just require that much time and energy. Most days you should be able to shut off large portions of the network, though.
I'm certain there are other sciences that have similar concerns. I think the best way is to send out a friendly e-mail reminding people to turn off their computers when they leave. That should get at least a handful of computers off for the night. Depending on how successful or unsuccessful that strategy is, shutting off computers that are definitely unnecessary (public access terminals for example) would be a fine idea.
so, driving uphill uses the same amount of gasoline that driving downhill?
the power station does throttle down at night. they keep the generator at the same speed (3600RPM I guess, to give you 60Hz). but they don't need the same amount of fuel to keep it going. the usage on the grid acts like a brake on the generator, in the same way that the road conditions affect your bicycle.
if it's steam-based (gas, coal, nuclear), you need more steam to keep a higher pressure, to keep the generator rotating at the same speed, and that means heating more water, and more water needs more energy, and more energy needs more fuel. hydroelectric plants shut down unused turbines.
Or, you could just use the power management features present in every PC and OS since 1994 and have them go into standby or suspend.
Gamingmuseum.com: Give your 3D accelerator a rest.
At one school I administered (400+ PCs on the student network) we used a product called hadguard. It could remotely shut down computers (among many other AMAZING things) and group them how you wanted. You could shutdown, boot up, restart a parrticular classroom. This was only the icing of the cake. HDGuard is completely amazing and I recommend it to everyone. Besides purchasing it once I am in no way affiliated with the product.