Given how important it is to have different passwords for different systems, how does a data centre with thousands of servers manage? I’m only managing a few dozen machines at the moment, but the number tends to grow, especially virtual machines. If you clone a VM, it will have the same password, and if that’s part of an automated workflow, there isn’t much chance to change it. If you automate changing the passwords, that needs to be done securely, and you’re back to a single point of failure. So, what do people do?
I should explain that the problem isn’t thinking of passwords (there are plenty of password generators for that) but having an efficient process for setting and recording them, especially when the machines are created automatically.
Most places uses two sets of passwords: On-line authentication and off-line passwords. On-line authentication is typically done with an authentication/authorization (AA) system like Kerberos. Each administrator user is assigned the proper tokens and access rights on the servers
For off-line administration of critical systems the root passwords are stored separately (in our case in a physically disconnected system). All access to the password list is logged, and the user needs to enter a motivation for retrieving the root password of a server. Previously the off-line password list was a printed list stored in a safe.
When provisioning a VM you can typically settle for not having any root password, and just assign on-line authentication/authorization. It’s very unlikely that you need to administrate VM machines when your AA servers are off-line.
Leave a comment
- Cron expression that runs every 5 minutes from 1:30 am – 6:00 am [duplicate]
- Understanding redundant power supplies
- Is there a way for administrators to disable users from installing Firefox extensions?
- Is there research material on NTP accuracy available?
- How to create a limited “domain admin” that does not have access to domain controllers?