Server Decommissioning: Wait, We Have How Many DNS Servers?!

The Uptime Institute runs a contest each year in which data center managers compete to see who has decommissioned the most physical servers. Barclays, the multinational bank, ranked first last year by retiring 9,124 servers as part of its private cloud initiative.

What did decommissioning those servers do for Barclays?

• Reclaimed rack space equivalent to 588 server racks
• Freed up 20,000 network ports and 3,000 SAN ports
• Saved 2.5 megawatts of power over one year ($4.5 million in electricity usage)

As impressive as those numbers are, the real shocker comes when you realize that most IT organizations could reap relatively sized gains if they only knew where to look. The Uptime Institute estimates that one-fifth of racked IT equipment is plugged in and running but not actually being used. That's a tremendous amount of potential savings waiting on the table.

Security Implications of Decommissioning Servers

In addition to cost savings, another reason to decommission unused servers is that those machines are often ripe targets for hackers. Malicious users can probe the network using utilities such as Nmap to discover servers running older, vulnerable versions of operating systems. Decommissioning unneeded servers shrinks the security footprint of an environment and removes machines that hackers could use for DDoS attacks, for sending spam, for click fraud, or as staging points for exfiltrating stolen data.

Trust But Verify with ExtraHop

Despite the benefits, decommissioning servers is seldom high-priority. First, the Facilities department pays the expense of power and cooling, not the IT department, so IT executives may not be aware of all the costs. Second, few organizations have visibility into what systems are useful and which ones are just cruft. The ExtraHop platform solves this second problem by providing real-time visibility into which devices are on the network and which systems they are communicating with.

Wait, We Have How Many DNS Servers?!

One large enterprise that recently deployed ExtraHop was surprised to find several hundred machines acting as DNS servers. The IT department had expected to see just 12 DNS servers after a consolidation of their DNS infrastructure. Moreover, they could see with the ExtraHop platform that these DNS servers had been subject to attack, with nearly 2 million requests from outside IP addresses over just one week. Hackers frequently attempt to compromise DNS servers so that they can misdirect internal and external traffic to phishing sites through DNS cache poisoning and DNS spoofing.

ExtraHop's auto-discovery capabilities enabled this enterprise IT organization to identify and shut down the extraneous DNS servers and then verify that the job was complete. ExtraHop automatically discovers and classifies network-connected devices based on their communications so that servers responding to DNS requests are classified as DNS servers, for example. Furthermore, ExtraHop enables IT teams to see which systems are making these requests—seeing the dependencies between systems is important because you don't want to break anything when you unplug a server.