Zombies. They’re creepy, they’re slow, they’re always trying to eat you. No one likes zombies, not even TEOTWAWKI nerds (The End Of The World As We Know It, for the rest of you).

Zombie servers. They’re equally unlikable. Zombie servers don’t do anything except waste energy – billions of kilowatt-hours in energy every year, actually.

Zombie Servers

It’s not like they look any different, and it’s not particularly easy to spot a zombie server, but they’re there. According to estimates, nearly a third of all servers worldwide are zombie servers.

What are zombie servers exactly?

Most companies are fairly adept at putting together networks and server farms, or having someone do it for them. What most aren’t as adept at, usually, is maximizing the energy usage of those networks and server farms and, as needed, turning off dormant servers.

It makes sense. Rather than risk a system overloading and shutting down, companies put in enough servers so they don’t have to worry about it.

But a lot of those servers don’t end up doing anything. Instead, they sit there, not actively engaged in data management at all, yet draining energy resources. And, in turn, increasing companies’ power bills.

– Kirk Porter, President of Avitus Technologies

Zombie Servers, By the Numbers

In a recent study, Stanford University fellow Jonathan Koomey took a look at the latest numbers on zombie servers.

Koomey found that about 30 percent of all servers are comatose, or functionally dead. Based on existing research numbers, that means about 3.5 million zombie servers in the United States, and a total of about 10 million worldwide.

According to research by the Natural Resources Defense Council (NRDC), data centers in the United States alone used about 91 billion kilowatt-hours of electricity in 2013, and those numbers are expected to grow.

That use is expected to increase 53% by 2020. It is estimated that electrical usage could be reduced by 40% by getting rid of zombie servers and improving energy efficiency. [And] that figure represents only half of the technically possible reduction in energy use.

Computerworld magazine

The NRDC, interestingly, says that the problem is primarily in smaller data centers, not huge ones – meaning the data centers of smaller companies, which typically have fewer resources to devote to information technology.

What To Do

Part of the problem is that the people who set up the server farms aren’t necessarily the same people who manage the server farms’ energy usage.

According to Koomey, there needs to be some overlap in these functions, with a focus on changes to “management practices, information flows and incentives” rather than just technology.

And, again, it’s not easy to detect zombie servers. Network World magazine reports that, while creating zombie servers isn’t hard at all (“You thought it was buried. You forgot. Someone didn’t document it. A ping sweep didn’t find it…”), identifying them is.

What do you need to do?

  1. Actually walk around your infrastructure and inspect it, looking for, yes, zombie hardware and untagged critical assets.
  2. Open up every single hypervised, containerized (e.g. virtualized) host in your entire domain (cloud included), and find out the exact purpose of each and every instance running. And if each host is getting updates, find out what its patch level truly is.
  3. Write down the result as an audit step.
  4. Revisit each of these quarterly. All of the intruder protection and detection software on the planet allows some degree of normalization. Turn off normalization for a week—a week when no one is on vacation. Listen to the traffic. Revalidate detection/inspection rules. It’s OK to automate this process. Just do it. 

At the end of the day, you have The List. Consolidate it. Examine it. Get another pair of eyes (or more) on the list. ACT ON IT. Lock up the list after acting on what you find. Then do it again.

Network World

Apocalypse, Sort Of

The zombie server apocalypse is here. Research estimates that nearly a third of the world’s servers are effectively comatose, serving no real function at all.

But we’re not looking at TEOTWAWKI here. While it’s difficult to detect zombie servers, it’s not impossible – it just takes some legwork. And doing the legwork is worth it because it can reduce your company’s overall energy consumption.

 

By Charlie Smith