Cattle vs pets in IT security

Cattle vs pets refers to two philosophies of server management. As an IT veteran who’s worked in the field since 1995, I’ve seen the transition. I’m very familiar with the problems of pet servers, and also familiar with the trickiness of replacing them with cattle servers.

Pet servers

cattle vs pets
Cattle vs pets in IT and Devops refers to whether servers should be beloved and immortal, or completely disposable.

Servers used to be special. Ask an IT veteran and they’ll tell you servers were beloved, and even had names. Frequently you could tell what kind of sci-fi or fantasy the server admins were into by looking at the server names. Sometimes server names displayed a warped sense of humor too. That’s how a shop I worked in ended up with servers named Vicious and Barfy. Scout’s honor, both of those stories are true. Actually, there was more than one Barfy. Scout’s honor, both Barfy stories are true, too.

There were upsides and downsides to servers in these days. They got a ton of respect. That was good. We took care of them. But the model didn’t scale.

The problem with keeping servers forever is they tend to deteriorate over time. OS rot is real. But not only that, operating systems go out of support. They go out of support very predictably, after 10 or 11 years, but even after 35 years, many organizations struggle with that lifecycle management. I’m tired of making jokes that if a server is eligible for the COVID vaccine (13 years old or older at the time I’m writing this), it’s time for it to be retired.

Cattle servers

I experimented with a cattle-like approach as early as 2003, and revisited it again around 2006. I observed that patching servers was time consuming and error prone and theorized that slipstreaming updates to the installation media and spinning entirely new servers would be faster and result in fewer failed updates. The problem was, the technology wasn’t quite ready yet. It was more reliable, but it wasn’t faster.

Times have changed, Media is much faster now. The thing about most good ideas is lots of people have similar ones, so as soon as this approach was practical, people started using it. The idea now is that you just replace servers, ideally running as virtual machines, any time they need an update. And an entire security model has grown up around the practice. DIE doesn’t solve everything, but the problems it solves, it solves well.

And the same goes for the whole cattle vs pets argument. Many argue that being tied into decades-old IBM and Unisys mainframes is bad, but buildings last for centuries. There’s something to be said for computer systems that still serve a useful purpose 40 years after they were deployed. Having those systems won’t impress IT executives’ golf buddies, but maybe it should.

If you found this post informative or helpful, please share it!