ITIL and the CMDB: Think Small?

by Patrick Moore

The concept of the Configuration Management Database (CMDB) is not exceedingly difficult to comprehend, particularly as it applies to the Information Technology Infrastructure Library (ITIL). However, the actual implementation of a CMDB and clearly demonstrating value can introduce subtle complexities as a result of competing business objectives and internal IT requirements. But as a standard and trusted data source, even the simplest of CMDBs can provide a means for improving internal communications and dialogue with IT customers. Even small-scale CMDB deployments could potentially help IT yield measurable benefits in operational effectiveness, cost efficiencies and improve the overall quality of service. But perhaps most importantly, the CMDB provides an early foundation for changing a reactive IT culture into a proactive service provider.

Establishing an initial IT framework and baseline of data through the deployment of a simple, tactical CMDB tool can help promote a more cohesive IT Service Management culture.

CMDB: Simply Defined In the real world, a banking customer would not write a cheque without first ensuring there is enough money in their account. Additionally, these same customers need to rely on their banks to accurately record their deposits and withdrawals. Each time money is withdrawn or deposited, the customer assumes the transaction was successful and any changes to the account balance were precisely updated. This level of accuracy is required to determine how much money needs to reside in the account at any given time to cover the customers daily expenses. Unfortunately, IT decisions are not always based on a similar level of data integrity, and its common place to see one IT group interfere with another internal group, redundantly performing operational tasks or even making assumptions about who is handling a specific IT support activity. The IT Security Team, for example, may pick a specific time to apply patches to a cluster of servers, inadvertently disrupting automated database backups taking place on those same servers at the same time. From a proactive standpoint, the same IT Security Team can establish an improved process for internal communications, identify the owners of the target server group and

notify them prior to deployment-- alleviating issues with subsequent service support and delivery activities.

A CMDB provides a common repository for IT configuration items (CI), their attributes and relationships, offering a single source of record and a logical model of the IT infrastructure as it related to IT services. As a proactive management tool, the CMDB can provide accountability and ownership of CIs, improving the identification, verification and management of the IT infrastructure.

Why Use a CMDB? This concept of a CMDB serving as single source of data is one of its greatest strengths-without a central repository for configuration information, IT organizations continue to work in silos, and fail to align activities with business objectives. A basic Configuration Management (CM) process and toolset (i.e. CMDB) can enable teams to better communicate and coordinate processes by establishing a common data repository.

The CMDB breaks down barriers between IT and the business, removing IT silos and creating a higher level of synergy between people, processes and supporting technologies.

Put another way, how can you manage and improve IT services if you don't know what equipment you have, where it is, how its connected and the impact of changing it? It is suggested that 80% of critical system outages are the result of people or process failure, with the main proponent being that of changes to the IT environment. This is exacerbated by the fact that planning activities derived from inadequate sources of information drive a path to failure. Additionally, subsequent recovery processes are further hampered by those same inadequate data stores.

Since the CMDB provides the logical model for the IT infrastructure and related services, organizations can more easily manage configuration items and their relationships with other entities and services. Some of the primary benefits a CMDB can provide from the start are related to the areas of proactive change management, security and IT compliance.

Less Reactive, More Proactive Management. A CMDB, coupled with an effective Change Management process, can provide the ability to more effectively manage changes within the IT environment. Since the number of IT changes in an environment will increase as the infrastructure becomes more complex, having a central repository of all configuration information and relationships can help avoid downtime through better planning and understanding of the impact of those changes on the rest of the computing environment. Improved Security Deployment and Assessment of Risk. When assessing a known vulnerability on a server, CMDB information can be used to assess risk based on both the severity of a patch, as well as the business context of the vulnerability. This capability allows IT organizations to prioritize patches that support the business and ensure that critical systems are secured first. More Accurate and Streamlined Compliance. To better facilitate Sarbanes-Oxley and HIPAA initiatives, IT organizations can tap into the CMDB data model to ensure that asset information is accurate and complete. Additionally, the CMDB coupled with the assignment of accountable CI owners and auditors can better enable IT organizations to demonstrate better internal controls. Tracking CIs, relationships and validating their accuracy through continuous monitoring can provide a higher level of assurance that IT systems and related components are controlled and managed in accordance with legislative requirements.

Other advantages of deploying and optimizing a standard CM process and supporting CMDB toolset may include: Centralize storage of physical and logical infrastructure information Establish clear ownership and accountability for IT components Allow more efficient planning and support of the IT infrastructure Highlight technical inefficiencies for correction and/or improvement Provide a foundation for standard ITIL-based service management (ITSM) Compliment regulatory compliance and auditing activities Decrease the cost of patching, repairing and troubleshooting Minimize downtime and improve customer responsiveness Decrease redundancy of IT operational support activities Support proactive Problem Management initiatives Track intangible attributes of IT assets and their relationships

Fine-tune Incident Management and operational support Allow for more efficient handling of data center and/or IT asset migrations Articulate the business context of IT processes and associated activities Proactively assess inherent risk from potential IT service failures Support Business and IT Service Continuity (ITSCM) initiatives Promote IT standards to the broader IT community Provide a service-oriented view of the IT infrastructure Foster an environment of continuous improvement

Implementing a CMDB Deployment of a CMDB can only be accomplished in parallel with a Configuration Management process. Therefore, IT organizations need to establish goals, create a baseline and foster an environment of continuous improvement. In turn, related activities will help IT management and supporting personnel to gain momentum and demonstrate the value of standard policies, processes and supporting procedures. In order to establish an effective Configuration Management process, process

stakeholders need to ensure that any data associated with core IT operational processes is appropriately stored and managed. Guaranteeing the integrity, validity, accuracy and completeness of CM data is no small task, and requires certain levels of accountability and ownership in order to properly manage the data. Therefore, deployment of a CMDB requires careful consideration of who owns and is accountable for the operational components of the repository itself. At a minimum, the following Key Goal Indicators (KGI) should be reviewed, established and/or communicated to all stakeholders prior to commencing any CM strategy or CMDB implementation: Establish process ownership and executive sponsorship for the Configuration Management process Ensure accountability for the setup, ongoing maintenance and support of CMDB related hardware and components Ensure network availability, throughput, capacity and access to CMDB related resources is provided Implement regular, scheduled backup of data and related files required for continuous, reliable CMDB operation Plan for timely audit and validation of CMDB data to ensure ongoing accuracy of IT environment

Establish a continuous improvement program specific to CM that focuses on the people driving the process

Bottom Line: For many organizations, simply establishing a starting point for a CMDB can greatly help facilitate effective awareness and maturity of the Configuration Management process. However, incorporating too much detail during an initial CMDB deployment can add significant cost to the process and exceed the actual (or perceived) value it provides. In the end, early adopters of CMDB tools that take a tactical, realistic approach to deployment will be rewarded with more rapid realization of IT service support and delivery efficiencies.