Creating a hostname policy
When I started my new job in December, they had an abysmal hostname policy. It's in the process of being changed for the better thanks to a new IT Manager.
The entire point of a hostname is to make a computer more identifiable to humans. How do computers identify each other? IP Addresses. Why? Humans aren't good at remembering numbers. We like names, so we give things names to be more easily identifiable. DO THE SAME THING TO YOUR SERVERS.
In smaller environments, it's not uncommon to find an informal hostname policy. If the SysAdmin likes Disney, there's a good chance s/he'll name servers they build after Disney characters. I've seen servers named after characters in Greek mythology. Hermes for a mail server is common. At my first IT job, when I was just technical support, the naming policy was a mix of Transformers, Greek mythology and Beverly Cleary characters. At least it was easy to remember but it still wasn't good though.
At my new job, the hostnames all look like a 3-letter acronym for the company, followed by a 4-digit number, like xxx0000. Isn't that just terrible? You need a spreadsheet to know which box does what. Legend has it that a security auditing company told them that advertising the role of the server is less secure. They said that if a hacker gets in, having an obfuscated hostname will keep them from knowing which box does what. Don't believe this. It's complete BS. (Nevermind that if someone has already gotten into your network, an obfuscated or vague hostname policy is not a security gate. It's more like a speed-bump. That "hacker" won't just look at your uninteresting server names and go "Welp, nothing I can do here. Guess I should turn back now." No. They'll very likely know how to use NMAP to figure out which ports are open, which will rather quickly spell out which box is what.)
So what should a hostname include? That depends on how you feel and what's best for your environment. You should keep it as simple as possible. Some people like to differentiate between a physical or virtual server. Some people like to differentiate between Windows or Linux for the OS. Some like to differentiate between which site (though if your environment looks like a private cloud rather than multiple datacenters then one could argue that specifying the site in the hostname isn't really necessary.
At a bare minimum, I'd have a 3 or 4-character describing what service it's serving and a 1 or 2-digit number for the instance if that server. For example, a second web server would have a hostname like WEB-02. You can add to that if you'd like. If you want to know what OS you're running, it could be WEB-LIN-02. At my last job, we functioned sort of like an MSP, so we used a different 3-letter acronym differentiating who the server was for. We had some servers for the IT team (like the one serving our ticketing system), some servers for the department (like our VoIP appliances) and other servers that were for the broader division of student affairs (like a domain controller). As you can see, there's no true wrong way to name your server, but you should keep it simple and descriptive.
At a bare minimum, I'd have a 3 or 4-character describing what service it's serving and a 1 or 2-digit number for the instance if that server. For example, a second web server would have a hostname like WEB-02. You can add to that if you'd like. If you want to know what OS you're running, it could be WEB-LIN-02. At my last job, we functioned sort of like an MSP, so we used a different 3-letter acronym differentiating who the server was for. We had some servers for the IT team (like the one serving our ticketing system), some servers for the department (like our VoIP appliances) and other servers that were for the broader division of student affairs (like a domain controller). As you can see, there's no true wrong way to name your server, but you should keep it simple and descriptive.
Comments
Post a Comment