A good server naming convention eases IT workload
Thursday, October 15, 2009 11:28 AM
Frisky? DC1? Bozo? Pluto? ESX1? These are all server names. Which ones make the most sense? Scott Lowe discusses server naming in this article.
When it comes time to name servers, every organization has their own way--or lack thereof--of handling the task.
Early on in my IT career, I remember seeing servers in all kinds of places named things like Spock, Kirk, Neptune, Pluto and Venus. It was obvious that these organizations decided to standardize their server names on Star Trek and the planets--back when Pluto was still a planet, of course.
When I was a systems engineer for Thomson Financial, we had two server naming conventions: UNIX servers were named after global currencies, while the servers on the Windows side of the house were named after various presidential pets. In the case of the Windows servers, my boss wanted a server naming convention that was at least somewhat scalable to a few dozen servers while also being somewhat obscure.
There was a day in which "security through obscurity" ruled the roost when it came to naming servers (this is still the case in many places). In these instances, the server name was completely decoupled from the server's role.
As you can tell from my Thomson Financial server naming convention, that organization felt that naming servers with names that had nothing to do with the server's role assisted in helping to secure the environment. At that time and in that environment, this outlook certainly made sense, particularly given the fact that we weren't running a firewall at the front end of the network. (For the record, it was 2001, and the exclusion of a firewall was a decision that was made by people well above my pay grade.)
I understand the security through obscurity argument that's commonly made when it comes to randomizing server names. The general thought is that tying a server name to a function gives an attacker one more bit of information that could be used to refine or target an attack at a specific service.
Although I understand the argument, in the kind of environment I work in now, I don't agree with it. I believe that the additional administrative difficulty that is introduced with random names is not worth the semblance of security that is achieved. I'd much rather see IT not have to refer to a server index when it comes time to do work.
For example, suppose someone is having a problem with Microsoft Exchange. Is her mailbox housed on Frisco, or is it housed on Turtle? Obviously, over time, administrators will learn which servers do what, but this also extends the training period for new administrators.
I much prefer server naming conventions based on the role of the system. Boring? Yes. Functional? Yes. Some of our server names at Westminster include ESX1, ESX2, Mail1, DC1, and so forth. Sure, an argument could be made that we still don't know which server houses a particular user's mailbox, but at least we know where to start looking when we have to track down a problem.
Naming conventions on campus aren't limited to servers. We've recently moved to a new print server and, at the same time, moved to a common convention for our printers. Our next target is desktops. As IT team members have come and gone, we've run the gamut of desktop naming conventions, and every single one of them are in use to this day. Can I tell you how difficult it is to understand what's actually out there when we're using something like four naming conventions? It's time to tighten that up.
This has truly come to light as we've begun to deploy System Center Configuration Manager, which is very client-focused. The goal is to build SCCM collections that include, for example, computers that reside in the Business Office. When you have a bunch of naming conventions (which really means you have no naming convention), it's really difficult to figure out which machines are which.
Good naming conventions aren't just for IT, either. Users benefit from consistency. For example, we seriously simplified the process for connecting to a new printer on campus. Now, the printer directory actually makes sense. It's reduced printer-related support calls to the help desk, too.
As for Westminster, we're making progress on this front and will continue to do so. As we retire servers, the replacements come in with names that match our current naming convention, and life is just easier all around.
Scott Lowe has spent 15 years in the IT world and is currently the CIO for Westminster College in Fulton, Missouri.
Play video
A good server naming convention eases IT workload
Forgive me for my forwardness, but I must disagree. Obscurity is still one of the vital component in the ever growing battle again threats. Although I do agree that it makes life easy for us administrators but like a thief in the night one day it is going to make life even worst. In most case it is at the worst possible time.
It is the little things we take for granted that are being turned against us. One simple thing we are facing are viruses, these things are taking advantage of our "makes life easy" tactics. When we were hit with the Conflicker virus in Jan 2009 it took us weeks to clean up the mess. This could have been avoided if the server administrator(s) had followed the hardening guidelines set by IT Security but due to the rule of "make life easy", certain thing which were "practiced" and has be come a norm. What is stopping a virus coder from making a code to start attacking systems on a network with the server name "DC" or trying to propagate itself via servers named "EX".
At the end of the day the guys with the "high pay grade" are not left with the mop.
Excuse me if I have said anything worng.
Posted by Newton James on Friday, October 16 2009 11:38 AM