Composing a CMDB requires new rules for navigating today’s modern enterprise

Rule #1: Start your CMDB project around the business value it brings.
Populating a CMDB with data or Configuration Items (CIs) and relationships has no real value in and of itself. The value comes from the processes it supports or the business decisions that can be made from it. Without understanding what value you want to drive out of the CMDB, it will become a journey with no end in sight.

Consider these starting points:

• IT Asset and Inventory Management driven by compliance or vendor management challenges
• Data Center Consolidation or Cloud Migration to reduce management overhead and costs
• M&A with other organizations to take advantage of more efficiency
• Security Vulnerability to reduce risk to the enterprise
• Enterprise Change Management and Impact Analysis to protect your organization from self-inflicted issues and outages
• Application Rationalization and IT Transformation to give visibility into innovation decisions

Any of these are examples of initiatives to align your CMDB project to—to make sure you have the proper business case and stakeholder support to drive success.

Don’t proceed without nailing Rule #1! Data in the CMDB must be prioritized equal to the financial data in the General Ledger.

CMDB white paper—To review, click here.

eBook: CMDB for Dummies—To review, click here.

Rule #2: Standardize and actively use the Common Services Data Model (CSDM).
To enable service reporting, avoid duplication of tables, data and remove upgrade obstacles, you need to standardize and actively use ServiceNow’s Common Services Data Model.

So what is a Common Services Data Model? The Common Services Data Model is a recommended set of standard service definitions across ServiceNow products and platform that will enable true service level reporting. In addition, the Common Services Data Model is a recommended standard CMDB data model that will enable and support multiple configuration strategies.

Having a common services data model is no longer just a “nice to have”… it’s table stakes for competing today. It answers these critical business questions:

• Do you have a standard way to talk about your digital services?
• If you don’t, then how do you know at any time what IT resources your digital services are dependent on?
• If you don’t and your services start to slow down and become unresponsive, where do you look first to solve the problem?
• If you don’t and you get hit by today’s phishing attack, then how do you know what services are impacted by the attack?
• If you don’t and you get audited, how can you prove that you are compliant?

These are just a few of the questions that having a common way to talk about your digital services answers, but it doesn’t stop there.

Once you have a Common Services Data Model, how do you manage your digital services in a real-time way that ensures you can:

• Make a planned change without impacting your business?
• Address an incident resulting from an unplanned change without one employee ever knowing it occurred?

For more details,refer to the CSDM white paper.

Rule #3: Proactively pay attention to data quality by speaking the same language.
The Configuration Management Database (CMDB) has always been referred to as the heart of the IT environment because—like the heart—it is the one place where IT health can immediately be determined. Beyond health the CMDB is a rich source of value for the entire enterprise and it is the place to view configuration information about your IT resources and the dependencies IT resources have upon each other and your digital services.

There are other systems the CMDB may need to federate with. Be careful not to dump the data from these other systems into the CMDB without making sure you are not duplicating data that is already in the CMDB, or without ‘normalizing’ the data to use the right entity in the CMDB.

ServiceNow has started to enforce the Identification and Reconciliation Engine (IRE) that allows technology partners to start certifying the data that gets entered into the CMDB. By leveraging this more and more, you will maximize the OOTB capabilities and use-cases of both the federated systems and the ServiceNow applications that use the CMDB. In addition, ServiceNow’s OOTB solutions for auto-populating the CMDB natively use the Identification and Reconciliation Engine (IRE).

Blog: CMDB Identification and Reconciliation—To review, click here.

Rule #4: Understanding dependencies and CI relationships is a must to accelerate decision making.

The ability to track, visualize, and report on the relationships between Configuration Items (CI)s and their dependencies to one another starts with automated dependency mapping or ‘Service Mapping’.

Service Mapping is vital for:

IT service management is more efficient with a CMDB. Configuration Items (CIs) mapped to services will improve the service desk readiness and help them resolve issues faster. Your Change Management process will be more efficientbecause stakeholders will be able to make informed decisions by visualizing business impact of a Change at their fingertips. When this mapping is in place, both IT and business partners are on the same page about tracking issues in impacted services. With service maps, you know which business services are affected and can plan accordingly. As a result, IT can launch or resolve incidents rapidly since they have better visibility of the infrastructure changes. 

Manage system outages in a better way. Being proactive in stopping business service outages before they start is key to improving service availability, but it also reduces the run-rate workload for IT operations teams. These teams spend huge amounts of time trying to make sense of events from their monitoring systems. Often, the first time that IT operations knows about a business service outage is when end users complain. By integrating an event management solution with your CMDB, you can tackle this problem head-on. Event manage- ment combined with your service maps make diagnosing service outages much simpler because you can see how issues are propagating across the business service. By linking remediation actions to CIs, you don’t just diagnose service outages faster—you fix them faster.

Save more with software asset management and reduce risk. Asset manage- ment is usually considered a financial function. A configuration management platform can be used to track physical assets, software assets, and consumables. What if you can have software asset data in the same place where you manage IT? This way IT teams can track all the installed assets and their utilization in a single platform. With a service map in place, you can begin to understand total cost of ownership to run a service, and reduce risk by being proactive in up- grading the software that runs your services before it reaches end of life.

Respond to security incidents and vulnerabilities faster. A single source of truth— the CMDB—is also invaluable for security management teams. Having your services mapped in the CMDB helps security teams prioritize the security inci- dents and vulnerabilities faster by identifying what services or applications, and more importantly the information that is used by those applications. It reduces the amount of noise by providing a clear line-of-sight to the services and applications that are affected by that vulnerability.

Meet compliance requirements with ease. Practically every organization in every industry today is subject to various regulatory requirements such as Sarbanes– Oxley (SOX), Health Insurance Portability and Accountability (HIPAA), and Payment Card Industry Data Security Standard (PCI DSS). Additionally, many organizations are subject to federal government regulations and certification programs. Although these various regulations differ in their requirements, they all share the common goal of ensuring that sensitive data and systems are appropriately secured, and proper governance and accountability is established. Understanding the relationships between an organization’s information assets and the applications that use them is an essential tool to help organizations meet their audit and compliance needs by being able to track compliance at the business level.