In this first part of two, we look at the challenges for the Configuration Management DataBase (CMDB).
In the days of the mainframe the CMDB was king. Any changes to hardware and software were logged, all assets were recorded and it provided the information needed for audit management.
Over the last two decades, however, the CMDB has fallen out of favour, even in highly managed environments. To add insult to injury the CMDB Federation Workgroup has stopped updating its website even though its members are actually advancing the federations cause. The latest version of the standard on the website was posted January 2008.
In September 2008, IBM and CA showed interoperability between their solutions based on the work of the CMDBf.org. However, that demonstration is not mentioned by the CMDBf on its website. When we tried to get comment about the CMDBf from its members, there also appears to be complete confusion as to who has the authority to comment. This lack of information only play into the hands of those who believe that the day of the CMDB has long since passed.
Are the days of the CMDB dead?
The answer is an emphatic No. If anything, the complexity of IT today means that we need CMDB more than every before. In february 2007, Peter O’Neill, a Principal Analyst for Forrester Research was one of several analysts and vendors reporting an explosive growth in the CMDB. Six months later at Interop in Las Vegas, a survey showed that people were more interested in Virtualisation than ITIL and CMDB
Since then, there has been sporadic interest in CMDB. One of these is the aforementioned IBM and CA announcement that they were supporting federation between their CMDB products. A more recent interest has come from Microsoft finally announcing a ship date for its own CMDB solution, two years after first announcing it in San Diego.
Let's look at four examples where a CMDB would be useful
Cloud computing requires the ability to track all the assets that comprise a system. At the moment we struggle to know what our Exchange, SharePoint, CRM and ERP systems consist of. We might know what servers we have installed and the software but tracking down where the servers are running in a virtual world is extremely difficult. Knowing which databases are being access and where all the snapshots and backups are is also hard today.
Security and patch management is also enhanced by a system that allows you to identify every instance of a particular application and its patch status. Being able to also ensure that the underlying operating system is also effectively patched is just as important and both can be security risks. IT departments are becoming more structured about this but there is more to be done.