Since I'm starting to deploy new systems, I'm having to come up with names that fit into our naming convention. Our convention is supposed to be cartoon characters. Not all systems follow this convention, but most now do.
I am however, beginning to wonder if such a naming convention is even useful or warranted.
Some people say that you shouldn't name systems after who uses it or what the system does like Ascoble1, ExchangeBridgehead1, etc. This is so that someone can't simply look at system names after gaining entry into your network in order to crack the most important systems. After all if you are a hacker you are much less likely to attack a system named "JoeShmoe1" than "FileServer1".
Balancing the security concerns are always the concerns about usability. How easy is it for a user to remember the name of the server they need to access when they need to access it and does it make sense?
I think that for most companies, the issue of convenience outweighs the issue of security to some degree. If it isn't useful, then what is the point of having it after all. Which is why SSL websites are better than VPNs for applications that can be directly served off of a website. VPNs are more secure, but they are also much harder to set up, maintain and get users to use.
Would be interesting to hear what other IT professionals typically use for their naming conventions, but my guess is that it's usually driven by politics more than anything else. Then again that doesn't explain why a law firm is using cartoon characters as opposed to precedents (how about a system named RoeVWade) or law schools (Stanford, Michigan).
Then again I'm too busy to really start changing everything midstream, so instead I'm trying to be creative about coming up with new cartoon characters...Good thing I watch a lot of Anime, eh?
Then again, when I leave people are going to be saying "Why did he name these computers with Japanese names?"
You still think VPN's are harder to setup and maintain? Newer appliances and software make it practically a snap. Heck, an ISA-based implementation (if you're so 'inclined') can be done in just a couple of hours.
That aside, I'm a firm believer in semi-cryptic purpose-driven naming conventions for nodes.
Mainly, because training of what's happening on nodes becomes very difficult with cartoon characters.
You're right when you mention politics, though. I work in healthcare. Sadly, every decision is political.
The naming convention was decided by the Regional Authority, and enacted into law (LAW!) by the provincial legislature.
It's [4char site name][2char OS][2char purpose][4char ID].
So, HSCXNTDB0001 is an NT-based Database Server housed at the Health Sciences Center (HSC is too short so the X is added). It's the #1 DB (ID's aren't unique, only unique to each combination of OS / purpose).
All of that said, servers are generally referred to in conversation as [purpose][shortID]. In this case: DB1.
Personally I like this naming convention. I hate their old one, which was natural disasters. The transfer of information becomes too difficult between parties.
Posted by: Jeremy C. Wright | Tuesday, March 23, 2004 at 05:40 PM
Yes. Netscreen is probably the industry leader at the moment in hardware firewalls and their VPN quite frankly sucks.
Has big problems with PPPoE software such as Enternet.
An SSL website where all a user needs is a browser, web connection, password and the URL is, in my mind infinitely easier to maintain on the user end than a VPN connection.
Posted by: Alex Scoble | Tuesday, March 23, 2004 at 05:41 PM
Oh and how do you name PCs?
Posted by: Alex Scoble | Tuesday, March 23, 2004 at 05:44 PM
We give all of our servers Hawaiian names (since we are in Hawaii) which usually mean vaguely what they do. I suppose a Hawaiian hacker might be able to figure out which server is the most important. :)
-B-
Posted by: Ben M. Schorr | Tuesday, March 23, 2004 at 06:46 PM
For me, workstation/laptop naming is political. I'm supposed to play the game and name servers according to downtown's spec, but, I don't.
The scheme for workstations is:
[Network][UnitNo][MachineType][9DigitAssetTag] - for example: I1090W000104957 is an instructional computer in unit 1090, of type workstation with assset tag 000104957. Similiar, A1090L000106876 is an admin computer in unit 1090 of type laptop with asset tag 000106876.
I used natural elements for the servers when I initially set things up, and I sort of classified servers on the periodic table (e.g. halogens were all web & database servers), but, that started getting out of hand and difficult for me as the server count increased. So, I'm slowly moving to the semi-cryptic, but descriptive convention. For example, FS-DFSSomeRoot03 is a file server #3 participating in the DFS root SomeRoot. ExWeb01 is Exchange Front End #1, ExMBX17 is Exchange Mailbox #17, ExPF98 is Exchange Public Folders 98.
I've got other conventions on the list I drew up for various server types, but, I can't remember all them offhand.
Posted by: Brian Desmond | Tuesday, March 23, 2004 at 09:48 PM
Our servers are named after capital cities around the world, apart from a few because of having bad geography lessons. Our notebooks are named after the owner with a NB prefix (or original owner much to my annoyance!) and desktops are named after owners but with a PC prefix. Other suggestions I've seen include colours. We used to have relations such as grandad, uncle, sister etc. Where I used to work we called rooms after cities too - one of them used to be called the beirut room as it always looked like a bomb had hit it!
Posted by: Andy | Tuesday, March 23, 2004 at 10:30 PM
Alex: I guess I'm just spoiled in that I prefer CITRIX anyways. Full desktop environment, seamlessly ;-)
Desktops? [2char building][2char department optional][3digit room#][2digit PC number][2char optional]
So, generally if I get a virus alert or something it's LB209-20 type thing. Because we have 32 buildings, 10000 staff and 3000 workstations it's more important to know where the workstation is than what it does or who's using it.
We can track down both other pieces of info through eDirectory if we actually need it. Physical location is infinitely more important for support reasons :)
Posted by: Jeremy C. Wright | Wednesday, March 24, 2004 at 08:10 AM
Our enviroment naming convention used to be site name, department, machine number, and some other random variable. The names were impossibly long and pretty stupid. Yes, they mostly showed the purpose of the machine but it made remembering everything quite complicated.
Now, all desktop/workstations have a randomly picked name from a dictionary with a department number (1xx) and site location as a letter. So, my machine is \\pollen100b. Doesn't makea lot of sense with function but its actually alot easier to remember machine name to person and function. Servers its slightly different but close enough.
Btw, VPN's are my departments curse. Ours has never worked perfectly (as I attempt to access it from home) and is a constant pain to support. It's getting better now that we're starting to ditch the Symantec client and migrating to Safenet.
Posted by: Chris | Wednesday, March 24, 2004 at 10:08 AM
Yes, word based naming conventions work only for small numbers of systems. Anything above 10 I'd say and it becomes too hard to figure out what is what without constantly referring to documentation (and we all know how often that is usually updated). I like how Chris's place does it with a word and then some other coding to give it meaning.
As far as VPNs, don't get me wrong, I think they are great when they work. I use it all the time to do all sorts of things remotely (gotta love terminal services). The problem is that there are too many variables that are beyond the IT staff's control that can make it a nightmare. PPPoE software, slow dial up connections, incompatible home routers, etc.
It's very difficult to support someone when they are on the other end of the US or world and cannot connect. Especially when they are lawyers who can't or won't spend more than 2 minutes with you on the phone to resolve a problem. Usually they only call you when they are in the middle of a big deal and of course need it fixed NOW.
Yes Citrix is great if you can afford it. Pretty expensive to implement in a small business though. I had thought about it but we figured that it would be cheaper and easier all around to just implement the web based modules for the two most important information stores in the firm. Email (Exchange OWA) and Documents (WORLDOX/Web). That's 95% of what is used in the firm which is good enough for most of the users.
The rest still have to use VPNs.
Posted by: Alex Scoble | Wednesday, March 24, 2004 at 12:22 PM
BTW SafeNet's software is used as the VPN software by both Netscreen and Sonicwall.
Posted by: Alex Scoble | Wednesday, March 24, 2004 at 12:26 PM
Cute names work well provided you have a small network. At past jobs we used car names. So the fastest was "ferarri" our fileserver was "hummer" etc...
Now, they are using Disney characters, which is fine. We have a 7 node cluster named after (duh) the seven dwarves. Now what happens when we move to a 9 node cluster? Add in Sleezy dwarf and Stumpy Dwarf? Plus how do you remember that Chip is the SQL server and Dale is the web server? List off all the web servers in the organization.
Not to mention: What happens when Eisner finds out? Are we all going to court because I'm violating their copyright in my connection string?
When you have a network that spans states and even countries, the cutesy naming conventions fall apart really quickly. Where is "Goofy" located?
Posted by: Scott Koon | Sunday, March 28, 2004 at 02:28 PM
Our company names systems by locale, service and service type, then incrementally. As an example, for the Exchange bridgeheads:
atlexbr01, atlexgw02 -- Atlanta, Exchange, bridgehead, system number. Atlanta, Exchange, gateway, system number.
Our switches, routers and other devices follow a similar naming scheme:
nycintx01, nycextx02 -- New York City, Internal device, switch, device number. New York City, external device, router, device number.
Posted by: Colin Grady | Sunday, March 28, 2004 at 04:46 PM