Not much attention is given to naming convention in the IT environment, especially when starting out small. I remember my first network carried out names of characters from Joseph Heller's novel, Catch-22. At first it was just for fun and it was very easy to remember Yossarian, Milo, Orr, and majorx4 (Major major major major). As my network got bigger, I ran out of funny name to choose, and things started to get complicated. I started using characters from the Greek, Roman and Viking mythology, till it became a nightmare. I had to come up with a method that will help me identify nodes without remembering look-up tables in my head, so I stated looking for some kind of format that later on became very useful when I used an asset management tool.
In large network it is very common to use of some kind of database that holds records. Be it an LDAP (such as Active Directory), Yellow Pages YP/NIS, a DNS, a DHCP or a CMDB. This is why it is necessary to keep in your environment unique values for records such as computer names, usernames, asset tags and email addresses, so you can differentiate between them.
Reasons for using naming conventions:
- The need for standards and uniformity
- The use of logic to quickly identify objects
- Granular differentiation of elements, versions, locating and security reasons
- Uniqueness or records, in databases such as IDM, ITAM and others like those mention above
Physical differentiation – by the location of the object such as:
- Subsidiary city
- Building number
- Floor/Level number
- Room number
- Factory line number
Logical differentiation – by the relation of the object such as:
- Ownership - Owner user, Department, Organization Unit or Cost center
- Type- Printer, Server, Computer, Switch, Filer, Desktop, Laptop, Phone or Tablet
- Function – Email, DB, Web or File Servers
- Permissions – Anonymous, Standard, Administrator user and so
Figure 1: Physical and Logical differentiation in Top to Bottom view
Here are some examples that might clearly the idea. First examples relate to users and employees names. I'll use my domain as an example but it can be any domain. The primary objective is to have uniformity in the convention when selecting computer names, usernames, email addresses or any other identifies, as they may affect the use in an Identity management tool.
Let's take John Doe For example, let's say that John belongs to our Chicago office, his office is in building A, he works in the marketing group, and he has a laptop, a portable projector and a mobile phone.
His employee name – Should be recorded as John Doe, not john doe, John doe, Dow john, J0hN doW! or any other combination. If you have another John Doe in your company, you may use his middle initial or any other distinguishes.
His user name - Can be set by using his Surname and a first letter from this First name such as doej or the other way around johnd or b adding another identifier, Doej01.Notes:
His email address – should be set from his employee name, such as John.Doe@partykof.com.
- You should avoid using his username as the external email address as it can giveaway his username, which makes it easier for hackers to brute force their way in.
- I prefer using the dot (.) to differentiate between first name and Surname and reserve the underscore (_) to differentiate between different names, and the dash (-) for concatenated surnames. For example John_Michael.Doe-Benz@partykof.com
- In cases where the user has a very long name, such as John's it might be wise to shorten the email address, JM.Doe-Benz@partykof.com
His devices might be named as:
His Laptop - chamkt-doej-ltI used the following schema:
His Projector- chamkt-doej-pj
His Mobile Phone - chamkt-doej-mo
Some other devices around John might be:CH for the Chicago branch
A for building A
MKT for marketing
DOEJ for his username
MO for mobile, PJ for projector, LT his laptop.
Other areas in IT where you can use naming conventions in a similar concept are:chamkt-prt1 - his departmental printer
chamkt-plt1 - his departmental plotter
chamkt-fs1 - his departmental file server
cha-sw-core1 - his building network core switches
ch-srv-ex1 - his branch exchange server
- Storage Systems – Filers, Aggregates, Volumes, Luns, Folders
- Storage Networks – Fabrics, Zones, Switches, WWNs, WWPNs
- Networks – WAN and LAN elements, VLAN, VPN, DMZ, firewalls, Routers, Access Points.
- Applications - Databases, Tables,
Basic Rules
- Avoid using non-alphanumeric characters use only letters (A-Z) and numbers (0-9) in your computer names. Underscores and other characters may cause problems with DNS services.
- Use up to 15 characters for computer names, as some services such as NetBIOS and WINS are not compatible with more.
- Avoid using duplicate names, even if they are in different levels which are permitted. In some cases they can cause mix-ups, such as in the case of AD forests and OUs
- Avoid schemes that will lock you in cases of mergers
- Although AD supports it, a user name should not contain a space: for example, user name; as many systems do not support it.
Other Guidelines
- Keep names short and meaningful as possible
- When using usernames within the computer name, remember to change the computer name when you assign it to a different user.
- Build your naming conventions in a top to bottom hierarchy, your prefix should start with the top element.
Some References:
- Naming conventions in Active Directory for computers, domains, sites, and OUs
- Special characters in user ID and passwords
Summary:
Naming records in a consistent and logical way will help distinguish between records in a glance. Naming records according to agreed conventions will make naming records much easier for all IT parties, it will streamline adoption of management application or new systems and allow a simple expansion of your organization.-Partykof
0 comments:
Post a Comment