Tags:







Show me your naming convention
November 17, 2009 8:28 AM   RSS feed for this thread Subscribe

After approximately 10 years of using the same equipment naming convention at work we're thinking about changing, I'm curious what other people have used.

Our current convention was decided with much frustration by committee about 10 years ago. Roughly we use this for the FQDN:

[network interface].[device class].[pop].[organization].[domain]

A better example might be:

hme0.sun457.pdx1.acme.domain.tld

This gets used as the reverse pointer for the primary IP on the box, and as a business rule we've never re-used names (so once sun457 is assigned to a piece of equipment it never gets another name and any replacement will have a new name). In addition to that name we create a minimum of two others (as CNAMEs to the A record), a nodename that's essentially the shortened version of the FQDN (eg. sun457.domain.tld) and a friendly name that better describes the function of the piece of equipment (eg. staff.domain.tld).

At the time the convention was put in place we had three geographically separated data centers, no good systems for tracking inventory, and a needed to provide as much information as possible via the reverse pointer on the IP alone.

Fast forward a few months from when the convention was put in place and we'd managed to get a database with a nice web front end in place to track all of the pieces that were part of the name along with a whole lot more. Fast forward a few more years and we managed to get a good tracking system in place for inventory. Fast forward to today and we've got in the neighborhood of 1000 pieces of equipment (servers, routers, switches, load balancers, virtual machines, desktops, etc). We're working to consolidate our various ad-hoc tools into a unified portal, and we're shifting to a new monitoring system for the third time since the convention was put in place.

I'm one of the only folks that remembers the initial arguments over the naming convention, most new people think it's bloated and gives away too much information in the hostname. I tend to agree. The current system works fine for our purposes, and probably always will, it just seems like we could do better and that now is the best time to make a change.

Simply cutting the name down to the nodename (eg. sun457.domain.tld) seems like the easiest thing, but there are a variety of arguments about keeping other pieces. On top of that, after 10 years it seems like if we're going to make a change we might as well either make a drastic one or no change at all.

So, with the caveat that these are going in DNS (so they need to conform to the RFCs) and that cutesy names are out (there aren't enough Simpsons characters to cover the number of devices we have and remembering that itchy and scratchy are DNS servers and that moe, lenny, and carl are border routers simply isn't an option), what have you used?

The sky is the limit, so outside of the DNS/cutesy limits don't try to fit with any of the above.
posted by togdon to computers & internet (8 comments total) 3 users marked this as a favorite
here's the breakdowns we use.

Zone-OS-Location-Organization-Function-Box#.domain (We break our zones into Commercial, Management, & infrastructure.)

So a commercial unix FTP box for our outsourcing group in DC would be: cudcoscftp001.domain

An infrastructure exchange box owned by our help desk team in boston would be: iwdubhlpmsg001.domain, etx.

We also do similar standards for our desktops/laptops: location-OS-hardware model-userid.domain. The hardware model is a 3 character code that matches an entry on a naming standards sheet. (EX: DUBWXL26JDOE.domain, A user in our dublin office, running XP, on a L26 laptop (HP NC6710 in this case), and the user's name is John Doe.)

Hope this helps!
posted by BZArcher at 8:43 AM on November 17, 2009


Work workstations we use a W-Location-Computer Barcode. So WNYC56789BJ
Servers come under a different naming convention - that really doesn't make a lot of sense. :)
posted by jaythebull at 8:53 AM on November 17, 2009


I'm no security expert, but the "sun457" part seems to me like the only thing you might not want to "give away" in the hostname. If I'm an attacker I imagine knowing the specific hardware is useful.

I don't see much risk in the pdx1 part, since it can always be inferred from a trace anyway. It's also convenient I'm sure for at-a-glance identifying location.

I don't see the point in including the network interface, though. hme0? Why?

The one network I use on which I can see enough to understand the pattern uses "classCounter.subnet.domain.dom", as in "ws124.nyc2.domain.dom" for workstation 124 on the second New York network. Again, helpful I suppose, though I'm no troubleshooter.
posted by rokusan at 9:03 AM on November 17, 2009


A typical workstation hostname here is "deptxyzzz".

dept = the department
x = OS (1 = Windows, 2 = Linux, 3 = OSX, etc)
y = Subnet ( 1 = 192.168.1.x, 2 = 10.0.0.x, etc)
zzz= last quad of the IP address

Switches and printers can be named similarly though ours are not. It's fairly short and allows you to communicate a lot of information by saying "psych21250" or "phys31112"
posted by donpardo at 9:25 AM on November 17, 2009


rokusan: I assume because machines will have multiple interfaces, and you'll want to distinguish them somehow.
posted by hattifattener at 10:07 AM on November 17, 2009


hattifattener is right, the network interface was for multihomed machines. We had Sun boxes with 6-8 interfaces, often plugged in to all sorts of different places. At the time it was important to keep the distinction, now probably not so much.

These days we tend to deploy only HP gear (the original scheme refers to them as Compaqs because it predates the merger, and we used HP switches at the time), they tend to have only two interfaces, and the second interface is almost always on a private 10 net, so we know which one is which without needing the interface information. Leaking cpq456 to the world doesn't seem as much of a security risk since the OS isn't included, but at the same time it's completely meaningless outside of the Compaq used to make Proliants before HP bought them history lesson.

I'm liking all of the suggestions so far, please keep them coming. I'm also interested in what your ideal is, so not just what's in use for you but the "If we had it to do over again I'd include/remove this..."

Oh, and for workstations I think we may end up using a different scheme of username##, so my primary workstation would be togdon01, a secondary would be togdon02. We're less worried about reuse here and more worried about tracking down who the responsible party is. It's a mixed workstation environment in terms of both OS and networking (parts are statically assigned from one block and others are assigned from department specific DHCP pools), so attaching a person to a machine by name seems like the most helpful thing to do.
posted by togdon at 10:55 AM on November 17, 2009


When naming workstations, be conscious of all the people-moving requirements:

(1) user changes offices/networks
(2) user gets new computer
(3) user has second computer
(4) new user takes over existing computer
(5) new user, new computer, old office/port
(6) user changes OS on existing computer (Mac running Windows? PC running Linux?)

And probably some more I'm missing. I've worked in offices where the names didn't make sense anymore. (linda38 is actually Sheila, because Linda used to work in that office...)
posted by rokusan at 1:34 PM on November 17, 2009


We generally re-image machines when they switch hands and deploy mostly laptops these days, so I think we have most of the workstation tied to people/places concerns covered.
posted by togdon at 4:08 PM on November 17, 2009


« Older Does "creepy" have s...   |   Is there a good website for ma... Newer »

You are not logged in, either login or create an account to post comments