A Different Diversity

lots of M&M candies

Superficial diversity

Diversity in the workplace isn’t just about people, backgrounds, ideas and knowledge. Nor is it also just about inclusion.

Let’s talk about server operating systems (OS).

We all know that having multiple server operating systems (Windows, Solaris, RedHat, AIX, SCO, Ubuntu, HP-UX, etc.) in your organization is horribly inefficient: you need an army of talent to deploy, support, update and manage all these different OSs in your enterprise. With a single operating system, the organization is able to save on licensing costs, implement a single deployment process, reduce support and administration headcount and utilize a limited toolset to patch, maintain and upgrade that single operating system.

And yet, having only a single OS can be risky.

Why?

If all of your systems are of one type, then a newly-discovered vulnerability in your chosen platform affects all of your systems, not just a portion of your environment. Imagine learning of a zero-day vulnerability in an environment with 1500 identical servers. There had better be some other controls protecting those systems from being exploited. Or perhaps your patching product is lightening fast and can do all 1500 in a day. Or both.

Jeffrey Aside

You may remember the “Dan Kaminsky” DNS bug in July 2008 which affected nearly all server OSs. Vulnerabilities of that width and breadth have been few and far between.

Even this bug came about (in part) because of a lack of diversity: all the affected systems utilized the same design.

This is similar to having lack of diversity in one’s biological gene pool. A single virus can wipe out a monoculture very quickly.

Does that mean you should deploy all the various operating systems? Probably not. There are ways to find balance in the risks and efficiencies.

Example

On Friday, April 1st, one of Southwest’s planes, a Boeing 737-300, suffered a fuselage rupture. Southwest, unable to determine how widespread their risk might be, made the decision to ground 79 planes based on model and age1 until it could be determined what was the cause.

SWA Fleet (models)

SWA Fleet (models)

In an earlier Southwest Airlines fleet, this could have been a bigger problem. Southwest used to have a more uniform fleet. It was one of their competitive advantages for the same reasons corporations like to deploy a single operating system.

  • Mechanics’ skills and training are interchangeable.
  • Parts depots can be kept small and uniform
  • Pilots can operate all of Southwest’s models without additional training

But Southwest has been diversifying certain aspects of their fleet over the years. One aspect has been the models. While retaining focus on the Boeing 737, they have diversified and now have three main models: 171 of the 737-300, 25 of the 737-500 and 352 of the 737-700.2

SWA Fleet (age)

SWA Fleet (age)

Another aspect is the age of their fleet.3
Since the fuselage rupture may be related to age, it’s important to note that they’ve kept some diversity in their fleet as well (see nearby chart), presumably to offset some of that risk.

Manufacturing issues at a single plant fifteen years ago are now being singled out for the primary root cause for this jet’s failure.4

Are there other ways to reduce the chances that a single, unknown flaw might require a similar, large-scale grounding of planes?

Bring on more diversity

Southwest has also started acquiring Boeing’s B737-800, not as similar to their existing 737 “Classic” as the rest of their fleet. And this year’s news brings another bit of diversity for Southwest: the introduction of AirTran’s B717s. With Southwest’s purchase of AirTran, the carrier brings on yet even more diversity by as they incorporate AirTran’s B717s as well as letting the market know of their interest in acquiring Airbus, Bombardier or additional Boeing technology.

But not too much. Or the wrong kind.

I don’t know if adding the B737-800s and the AirTran B717s to the mix is a good idea or not. Their argument for bringing on the B717s seems to make sense: that there are enough of them to cost-justify the added diversity (e.g., there are enough planes to justify the pilots and extra supply depots). But bringing on Airbus or Bombardier? That seems like just too much diversity.5

Time will tell if Southwest can make their efforts work to support their added diversity. All of this will certainly protect them from a single threat (like the fifteen-year-old misshapen rivets). But it will also increase the carrier’s complexity, talent and parts needed to keep them in the air.

 

I think I’ll go back to thinking about servers now!

  1. There may have been other factors in addition to these two, but let’s keep it simple.
  2. From Southwest’s corporate website, 4/8/2011.
  3. Data used here was take from Airfleets.net site on 4/8/2011.
  4. See Southwest Jet Had Misaligned Rivets – WSJ.com and Lapse at Boeing Factory Probed in Rupture of Southwest Airlines Jet – WSJ.com and Manufacturing Issues Suspected in Southwest Jet Rupture – WSJ.com for more details.
  5. Or perhaps it’s a scare tactic with Boeing.
This entry was posted in System Administration and tagged , , . Bookmark the permalink.

One Response to A Different Diversity

  1. CRob says:

    Diversity can be both a blessing and a curse. Yes, multiple standards can make it hard to…. standardize and to gain efficiencies, but….
    Take one look in your tool chest, I bet that you don’t just have a hammer in there. There are situations where different tools are better suited for the job. Do you install a screw with a hammer? I guess you could, but it’s not a great idea nor terribly efficient.

    While diversity of technology or diversity of thought can be a pain at times (“Ug. Do I really have to go talk to those nasty UNIX people?”) it also offers different perspectives, new ways of seeing and doing things and I feel can build far better solutions that monolithic homoginistic groupthink.

Comments are closed.