The Uptime Institute runs a contest each year in which data center managers compete to see who has decommissioned the most physical servers. Barclays, the multinational bank, ranked first last year by retiring 9,124 servers as part of its private cloud initiative.
What did decommissioning those servers do for Barclays?
- Reclaimed rack space equivalent to 588 server racks
- Freed up 20,000 network ports and 3,000 SAN ports
- Saved 2.5 megawatts of power over one year ($4.5 million in electricity usage)
Security Implications of Decommissioning ServersIn addition to cost savings, another reason to decommission unused servers is that those machines are often ripe targets for hackers. Malicious users can probe the network using utilities such as Nmap to discover servers running older, vulnerable versions of operating systems. Decommissioning unneeded servers shrinks the security footprint of an environment and removes machines that hackers could use for DDoS attacks, for sending spam, for click fraud, or as staging points for exfiltrating stolen data.
Trust But Verify with ExtraHopDespite the benefits, decommissioning servers is seldom high-priority. First, the Facilities department pays the expense of power and cooling, not the IT department, so IT executives may not be aware of all the costs. Second, few organizations have visibility into what systems are useful and which ones are just cruft. The ExtraHop platform solves this second problem by providing real-time visibility into which devices are on the network and which systems they are communicating with.
Wait, We Have How Many DNS Servers?!One large enterprise that recently deployed ExtraHop was surprised to find several hundred machines acting as DNS servers. The IT department had expected to see just 12 DNS servers after a consolidation of their DNS infrastructure. Moreover, they could see with the ExtraHop platform that these DNS servers had been subject to attack, with nearly 2 million requests from outside IP addresses over just one week. Hackers frequently attempt to compromise DNS servers so that they can misdirect internal and external traffic to phishing sites through DNS cache poisoning and DNS spoofing.
ExtraHop's auto-discovery capabilities enabled this enterprise IT organization to identify and shut down the extraneous DNS servers and then verify that the job was complete. ExtraHop automatically discovers and classifies network-connected devices based on their communications so that servers responding to DNS requests are classified as DNS servers, for example. Furthermore, ExtraHop enables IT teams to see which systems are making these requests—seeing the dependencies between systems is important because you don't want to break anything when you unplug a server.