There’s something about craftsmanship. It’s personal, its artistry, and it can be incredibly effective in achieving its goals. On the other hand, mass-market production can be effective in other ways, through speed, efficiency, and cost savings.
The story of data centres is one that has gone from handicraft – in which every machine is an individual project and is maintained with great care– to mass production using big server farms, where each unit is completely disposable.
In this article we will examine how data centers’ shape has changed over time. We examine the implications for data center workloads, and for the people that run them – who have now lost their pet systems. The cybersecurity implications of this new landscape will also be discussed.
Pet system with a big purpose
Systems were well-crafted hardware pieces that had to be loved as pets by any Sysadmin before virtualization.
It starts with the 1940s emergence of computer rooms – where big machines manually connected by miles of wires were what could only be called a labor of love. These computer rooms contained the steam engines of the computing age, soon to be replaced with more sophisticated equipment thanks to the silicon revolutions. As for security? A big lock on the door was all that was needed.
Mainframes, the precursors to today’s data centers, were finely crafted solutions too, with a single machine taking up an entire room and needing continuous, expert craftsmanship to continue operating. That involved both hardware skills and coding skills where mainframe operators must code on the fly to keep their workloads running.
From a security perspective, mainframes were reasonably easy to manage. It was (way) before the dawn of the internet age, and IT managers’ pet systems were at reasonably limited risk of breach. The first computer viruses emerged in the 1970s, but these were hardly of risk to mainframe operations.
Prefab computing power with unique management requirements
Bring on the 1990s and the emergence of data centers. Mass-produced, individual machines were much cheaper than mainframes. The data center consisted simply of all of these computers, connected together. Later in the decade, the data center was also connected to the internet.
While individual machines require minimal maintenance, software which drives the machines’ workloads requires constant maintenance. The 1990’s data center was very much composed of pet systems. That counted for every machine, which was an act of server management craftsmanship.
From running backups to maintaining the network and installing software manually, IT administrators had a lot of work to do – not just in maintaining their machines but also in maintaining software that helps them.
This era also saw the first exposure of corporate workloads to security flaws. Attackers could now gain access to data centers by simply connecting them to the internet. It puts IT admin’s pet systems at risk – the risk of data theft, risk of equipment misuse, etc.
So, security became a major concern. IT administrators had to use a variety of security tools to ensure their systems were protected through the new millennium.
Server farms – mass-produced, mass managed
The 2000s saw a major change in the way that workloads were handled in the data center. This change had two main drivers: efficiency and flexibility. Because of the high demand for computing workloads solutions such as virtualization and containerization gained ground quickly.
By loosening the strict link between hardware and operating system, virtualization meant that workloads became relatively speaking independent from the machines that run them. Virtualization brought many benefits. Load balancing, for example, ensures that tough workloads always have access to computing power, without the need for excessive financial investment in computing power. High availability, in turn, is designed to eliminate downtime.
Individual machines are completely disposable. The technologies in use in modern data centers mean that individual machines have essentially no meaning – they’re just cogs in a much larger operation.
These machines no longer had nice individual names and simply became instances – e.g., the webserver service is no longer provided by the incredibly powerful “Aldebaran” server, but rather by a cadre of “webserver-001” to “webserver-032”. Tech teams could no longer afford to spend the time to adjust each one as precisely as before, but the large numbers used and efficiency gained thanks to virtualization meant that the overall computing power in the room would still surpass the results of pet systems.
Limited opportunity for craftsmanship
Container technology like Docker and Kubernetes have made this even easier. It is no longer necessary to have a dedicated system to accomplish a task. You only need the infrastructure that the container provides to operate a service, or an application. It’s even faster and more efficient to have countless containers underpinning a service rather than specific, dedicated systems for each task.
New systems can be deployed without the need to manually install an operating system, or perform labor-intensive configurations and deployments. Everything now resides in “recipe” files, simple text-based documents that describe how a system should behave, using tools like Ansible, Puppet or Chef.
IT administrators could make some adjustments or optimizations to these deployments, but each server is not unique and there are many servers supporting each service. It doesn’t seem practical to put in the time to do this. Admins that need more performance can always reuse the recipe to fire up a few more systems.
While a few core services, like identity management servers or other systems storing critical information would still remain as pets, the majority were now regarded as cattle – sure, you didn’t want any of them to fail, but if one did, it could quickly get replaced with another, equally unremarkable, system performing a specific task.
Take into consideration the fact that many workloads now run on rented computing resources located in large clouds facilities, and you’ll see that servers are no longer considered a pet system. It’s now about mass production – in an almost extreme way. Is that a good thing?
Mass production is great: but there are new risks
Flexibility and efficiency brought along by mass production are good things. In the computing environment, little is lost by no longer needing to “handcraft” and “nurture” computing environments. This is a faster, more efficient way to create workloads and ensure they remain live.
There are many security issues. Although security can be “crafted” to pet systems, security in cattle environments requires a different approach. Security must still be a priority. For example, cattle systems are spawned from the same recipe files, so any intrinsic flaws in the base images used for them will be also deployed at scale. As there are more targets, this means that you have a wider attack area when vulnerabilities surface. It doesn’t matter how fast you are able to fire up new systems – if that happens over thousands of servers simultaneously, your workloads and bottom lines will suffer.
Automation is the key to server farm security. Think about tools like automated penetration scanning, and automated live patching tools. These tools provide more airtight security against an equally automated threat, and reduce the administrative overhead of managing these systems.
A changed computing landscape
The changing IT environment has caused significant changes in the design and approach to data centers. You cannot rely on the old methods and expect the best results. This is why it has been difficult for sysadmins to make the necessary changes in their thinking. It is not the case that vulnerability numbers will decrease – in fact, they are likely to rise.
Rather than opposing it, IT admins should accept that their pet systems are now, for all intents and purposes, gone – replaced by mass production delivery. Accepting that security issues are still present is also a way to accept them.
In making server workloads run efficiently, IT admins rely on a new toolset, with adapted methods that rely on automating tasks that can no longer be performed manually. So, similarly, in running server farm security operations, IT admins need to take a look at patching automation tools like TuxCare’s KernelCare Enterprise, and see how they fit into their new toolset.