Executive Summary

In this age of digital transformation, organizations should leverage their configuration management databases (CMDBs) to reduce risk, reduce time to market, and improve the reliability and quality of their products and services.

The CMDB’s Broken Dreams

The CMDB would be considered “sexy” by only the most idiosyncratic and unhinged of IT service management (ITSM) fanatics. CMDBs are certainly neither new nor shiny, having been around since the early days of ITIL in the 1980s.

It’s fair to say that the CMDB has not delivered on the promised improvements in agility and service delivery. Proponents of the CMDB would argue that these failures result from poor implementations, while detractors would deride the CMDB as an ivory tower concept not suited for practical implementation within enterprise IT environments.

The CMDB’s Promise

The CMDB is a database containing information about an organization’s environment, including items such as hardware and software assets, applications, suppliers, internal teams, products, and services. The building block of the CMDB is the configuration item (CI).

The CI can be a very abstract concept. Fundamentally, a CI is “any component that needs to be managed in order to deliver an IT service.” CIs would include not only traditional assets such as servers and switches, but could also include third-party APIs, suppliers, contractors, employees, policy documents, buildings/facilities, and more. The power of the CMDB lies not just in a list of assets, but in the fact that the CI contains information about how the item is configured, and the data model maps the relationships between CIs.

Consider an automobile, for example. A CMDB for an automobile would contain not only a list of the car’s components, but also each component’s manufacturer, date of manufacture, warranty information, and when and by whom each component was last serviced. The relationships captured in the data model would tell us that the brake pads, brake pedal, and brake lines interconnect and together provide the driver the ability to slow or stop the car.

Enterprise IT environments are more complex than cars, but similar principles apply — a multitude of components work together within a complex system, and ensuring the smooth functioning of that system requires managing each of those components.

By serving as the single source of truth about the configuration items for the enterprise, the CMDB can form a very powerful enabler for ITSM. A properly implemented and operationally managed CMDB gives the enterprise a formidable platform that allows teams to see impacted services, along with the relationships between services and CIs.

With this information, teams can detect conflicts when planning changes, enabling them to approve and schedule changes more quickly, and reduce the risk of failed changes. When outages inevitably occur, the information helps teams resolve incidents more quickly. By turbocharging change management and incident management, the CMDB enables significant improvements in the availability and reliability of services.

But simply setting up a CMDB properly is the start of the journey, not the end.

CMDB Challenges

Historically, the main challenge of the CMDB has been keeping it complete, accurate, and up to date. In the past, it was often updated manually when changes were made to IT systems. This naturally led to neglected or incorrect updates, resulting in what is called “drift” between the CMDB and the enterprise’s environment.

Drift is insidious and dangerous because it makes the CMDB’s information unreliable as the basis for effective decision-making. For example, one might query the CMDB to determine what services would be affected if a load balancer were taken offline. If the CMDB contains inaccurate information, it’s possible that the query would not return all the affected services, and engineers might inadvertently bring down unanticipated services when performing a change on the load balancer.

Today, enterprises have access to automated tooling such as auto-discovery and service-mapping, making it easier to keep CMDBs up to date, but there often remains information that is not auto-populated, due to limitations in the tooling, shadow IT, or the fact that for many non-technology components (e.g., facilities, personnel, contractors’ staff) there is no practical mechanism for automatically capturing changes.

Over the last few years, many enterprises have struggled with suboptimal associations between infrastructure CIs and the services they support, leading to a push to extend the CMDB to become more service-aware. When enterprises design CMBDs with a service-aware mindset, their teams can use that data to determine not only what business or application service will be directly impacted by a given change, but also what the downstream impacts will be.

The CMDB and Digital Agility

In today’s digital world, the business runs on IT. To survive, enterprises will rely on digital agility — the ability to rapidly adapt in response to change and challenges through technology innovation.

In order for their enterprises to be agile, business and technology leaders must make informed decisions. They need to be able to answer questions such as the following:

• If a given supplier experiences an interruption in their operations, what will the impact be to our business?
• If a given software provider experiences a supply chain breach, which of our applications and products will be affected?
• If an engineering team launches a service with a certain functionality to support a given product, what applications and services will the new service need to integrate with?
• If a given open source library is found to have a zero-day vulnerability, which applications will we need to patch?
• If a given national or state government passes a certain proposed regulation, which applications and services will we need to update to comply with that regulation?
• If we divest a given part of our business, what applications, services, infrastructure, data, and licenses will need to go along with it?
• If a public cloud provider raises the rates of a given cloud service by a certain amount, how will that affect the profitability of each of our product lines?
• If a given environment experiences a data breach, which employees, customers, and suppliers will we need to notify?

An accurate, up-to-date, and comprehensive CMDB allows business and IT leaders to answer all the above questions — and more — both quickly and accurately. By providing the accurate information required to make effective decisions, the CMDB underpins digital agility for the enterprise.

Unfortunately, many organizations have allowed their CMDBs to languish. The spawl of shadow IT, SaaS, cloud, and the rapidly changing technology and business environments have rendered their CMDBs incomplete, out of date, and useless. This neglect of the CMDB is at once cause and symptom of the sluggishness and technical debt that plague many enterprises.

There will always be business and technology changes, such as M&A and divestitures, the development of new products and services, and the rise and fall of competitors, as well as more tactical events such as SUNBURST, Log4Shell, third-party API breaches, and the continual stream of zero-day vulnerabilities.

Enterprises desperately need the single source of truth to provide real-time, accurate information about the impact of current and future developments on their business and technology environments. If done right, the CMDB can provide this information, and become the foundation of the enterprise’s digital agility.

Want to learn more about CMDB? Speak with a Stratascale Expert