Is a CMDB Required for Effective IT?

Is a CMDB required for effective IT?

Is a CMDB Required for Effective IT?

Welcome to the Allari blog! As owners of Allari, Ravi & I look forward to using this medium to share current information about IT Operations, Cybersecurity, software products & IT Management with our readers. We’ll report, analyze, and provide perspective & recommendations from some of the industry’s leading minds as well as from our direct experiences. We will strive to provide blogs that impart important information. These are the types of blogs that our team members prefer to read, and that’s exactly what we plan to provide.

John Mathieu, Founder
* Allari provides IT Operations & Cybersecurity services to organizations using IBM, Microsoft, Oracle & SAP Products. We provide a True IT as a Service delivery model with Offices in US, Ecuador, Brazil & India. Customers located in 56 countries.

#goallari #allari #ITaaS #ITService #ITasaService #ITSM #ITOperations #ITMaintenance #CyberSecurity

Everyone knows a Configuration Management Database ( CMDB ) is a good idea. We’ve known that for years. And yet, in many years of ITSM practice, I’ve rarely seen a good one.

CMDB and Change Management

There’s a big difference between the ability to automatically scan for devices and a functional CMDB (or the broader Configuration Management System (CMS)) – at least as it’s positioned in ITSM.

In the traditional sense, Change Management authorizes changes to be implemented in the production environment.

One of the results of an approved change is updating of the CMS – to reflect the approved state.

In practice, this works in one of two fundamental ways:

1. When authorized, the CMS is updated to reflected the approved configuration change. Once the CMS is updated, production is updated to match the approved (new) state now reflected in the CMS. This can happen through automation or manually.

2. When a change is authorized, the production environment is updated as approved, and the CMS is updated to reflect the new state of production (which presumably reflects the approved change). This too can happen through automation or manually.

In a more advanced state, either of these two approaches significantly improves practically every other ITSM practice. 

Detecting unauthorized changes of state

With a good system in place, the state of the production environment and the CMS can be compared. Any differences between the two reflects a potential unauthorized change that can range from minor error or a major security breach.

It also serve as a meaningful reflection of the effectiveness of the Change Management process.

This is all good for effective IT Operations, but here’s the challenge:

The World Got Complicated

It may be a solution to a vintage problem.

In other words, this is what we should have had in place many years ago. 

But the world of modern IT operations has changed a lot since CMDB was envisioned.

Here’s some ways the world has changed:

  • Agile/DevOps approaches to application development
  • Rise of product management (as opposed to project management)
  • Widespread adoption of cloud hosting (AWS, Google, etc)
  • Build, test, and deployment automation
  • Containerized application hosting
  • Enterprise implementation of SaaS solutions
  • Cars And Drivers

    There was a day when drivers had to have a tremendous amount of mechanical knowledge to drive an automobile.

    The Model T is hand-crank started, not unlike a lawnmower. The driver had to adjust the ignition timing with the Spark Lever on the steering column.

    It has three pedals, none of which is the gas pedal – that’s adjusted by another lever on the column.

    The point is, most modern drivers would be completely lost trying to drive a model T for lack of detailed understanding of the machinery.

    Modern cars, on the other hand, have easily understood, standardized controls. The average driver can successfully drive most any production car. 

    In other words, you can drive a modern car without knowing much about the underlying mechanics.

    To What End

    What does the Model T have to do with CMDB and IT operations? 

    Simply this: modern IT delivery is increasingly complex. So much so that it takes an ever-increasing amount of effort to fully understand it, let alone keep an accurate configuration inventory. (Yes, I’m WELL aware there are tools that help).

    In practice, though, there’s a point of diminishing returns for the level of effort required to keep such an inventory. We have to ask ourselves – to what end are we maintaining accurate configuration information? The usual answers have to do with understanding how proposed and implemented changes will/have impacted the environment. Add quick and effective resolution of incidents and problems. 

    In fact, nearly every aspect of IT service delivery is aided by effective configuration management, and yet…

    Imagine A World

    It takes a lot of work to maintain a CMDB, begging the question – ‘what if maintaining a CMS became costlier than the value it produced?’ 

    I’m not saying that’s true now, certainly not in every situation.

    But if you stand back and look at the industry overall, we see two opposing trends that relate:

    1. Increased complexity – especially in infrastructure operations, and 

    2. Increased simplicity, isolation and automation – especially in application development

    The modern IT infrastructure is a complex hybrid of on/off premises, cloud and SaaS applications, with decoupled, data-centric interface strategies, increasingly designed around business (or enterprise) architectural principles. 

    Even a cursory reading of Google’s Site Reliability Engineering reveals a modern view of complexity and ‘engineering quality in’ (ala Edwards Deming). Infrastructure that’s managed with this view in mind becomes vastly more resilient; antifragile. And, it’s resilient because it’s designed to be, not (necessarily) because the operations team controls the configuration with an iron grip.

    Add to that the product approach to enterprise applications, and with it, the elements of modern build and test automation, and containerization of applications and suddenly…

    Wait. What was I talking about again?

    Oh, yeah. CMDB.

    See the paradox here? 

    The CMDB approach, one could argue, is focused on the details of the machinery, under the belief that that level of understanding is required for stable, reliable IT services. 

    By contrast, what I’ve described as the modern approach is focused exclusively on the ability to produce desired outcomes.

    Of course, it’s a debatable opinion that is only defensible in certain contexts, but hear me out:

  • If a complex system produces a consistent, reliable level of business outcomes, does it really matter that we don’t fully understand how it works?
  • If the level of effort required to establish and maintain a CMS was instead applied to engineering a resilient, predictable system, would the business be better served?
  • As smaller companies, school districts, government agencies adopt Agile, DevOps, SRE and modern cloud infrastructure, does the need for configuration management change; diminish?
  • Making It Work

    The point of all this is that over time, I see the value of (at least a traditional) CMS diminishing. I’m in no way anti-CMDB, and I’m all in for automation of the practice. 

    The trick, of course, is for organizations to determine the optimal approach to CMS. As IT is increasingly put upon to accelerate and increase the value we bring, we have to challenge everything we do.

    Source: Greg Sanker, itsmtransition

    Related Articles: 

    JDE Installations Attacked by Cyber Criminals

    JDE Installations Held Ransom by RYUK & Sodinokibi

    Coronavirus Used in Spam, Malware, and Malicious Domains

    Cost Calculator Book a Call

    Get Weekly Updates on Key Issues Facing IT Directors

    Subscribe to our Weekly E-zine

    jde installations attacked by cyber criminals

    JDE Installations Attacked by Cyber Criminals

    JDE Installations Attacked by Cyber Criminals The threat is real. In the

    ​Read More
    JDE vulnerability for your business

    60% of Security Breaches are from Known Unpatched Vulnerabilities

    60% of Security Breaches are from Known Unpatched Vulnerabilities  Vulnerabilities are flaws

    ​Read More
    Founded in 1999, Trailblazer Allari is making a bold move towards providing IT Operations and Maintenance, as well as Cost and Efficiency conscious IT Leaders via an Innovative On-demand Consumption-based Service Value Model. IT Leaders gain access to processes and expertise for Scheduled Maintenance, On-Demand IT Tasks and Advanced IT Projects.
    All delivered as IT-As-A-Service (ITaaS) via the Go.Allari Platform for daily support and projects related to ERP, Database, Helpdesk, Security, and Vulnerability Management. Its breadth of Platform Coverage is extensive, covering all Major Platforms including JD Edwards EnterpriseOne, Oracle Database, MS SQL, Microsoft BI, Qualys IT Security and many more.
    Allari supports its customers from locations around the Globe 24/7. To learn more visit: