The Technical Guide to CMDB Best Practices
Configuration management is an important part of effective technology service management. And a configuration management database (CMDB) solution that follows CMDB best practices as defined in standards like ITIL, ISO/IEC 20000, COBIT, VeriSM, and FitSM is a cornerstone of effective configuration management. With the right CMDB tools and practices, organizations can increase visibility, improve the design and deployment of service components, and resolve outages and performance issues faster. Unfortunately, many organizations struggle with their CMDB implementation or simply don’t have a CMDB that meets their requirements. As a result, CMDB return on investment (ROI) can be low, and service management practices remain immature, damaging both business objectives and customer satisfaction. Failure to achieve results from an existing CMDB implementation can also lead to negative feedback loops. Upper management sees little or no value from the CMDB, chooses not to invest further, and overall configuration management remains subpar. In this article, we’ll help you avoid common anti-patterns and get the most out of your configuration management initiative by reviewing 5 key CMDB best practices.
Overview: 5 Essential CMDB Best Practices
A sound approach to CMBD planning, implementation, and maintenance is based on these five best practices:
|CMDB Best Practices|
|CMDB Best Practice 1||Understand and communicate CMDB value.|
|CMDB Best Practice 2||Have a plan for CMDB establishment.|
|CMDB Best Practice 3||Choose an effective CMDB solution.|
|CMDB Best Practice 4||Adopt an agile approach during CMDB rollouts.|
|CMDB Best Practice 5||Tie CMDB maintenance to compliance and performance.|
CMDB Best Practice 1: Understand and Communicate CMDB Value
To get buy-in for the CMDB, organizations need a clear value proposition that defines what business outcomes effective configuration management practice can provide. The organization’s leadership should provide this vision alongside the business goals and objectives. It’s best to focus on business outcomes at this stage, especially when effective change management and faster issue remediation can be directly tied to growth, customer satisfaction, compliance, or cost savings. Leadership commitment is critical in providing the direction that the rest of the organization needs to follow through with the CMDB implementation. To ensure success, upper management should:
- Provide accountability for the establishment and maintenance of the CMDB.
- Regularly monitor and evaluate its performance relative to business goals.
- Make key IT stakeholders responsible for the direction by owning the CMDB jointly and empowering teams to contribute to its success.
CMDB Best Practice 2: Have a Plan for CMDB Establishment
Implementing a CMDB is not enough. Organizations must have a plan for how they will derive business value from the CMDB. A well-defined process is vital in this regard. The process should cover the following requirements as outlined in FitSM:
- A clear definition of configuration item (CI) types, models, and relationships.
- An agreed approach to the level of detail required in the CMDB.
- Responsibility and timelines for entering, updating, and reviewing CMDB records.
The plan should also include user training for the CMDB. When key IT stakeholders are empowered to use the CMDB effectively, organizations derive business value. Organizations should create a formal training program that:
- Shows users how to get the most from the CMDB’s capabilities.
- Reviews practices related to the design, operation, and support of services.
- Includes front-line (service desk) and higher-level support personnel.
The plan should also identify essential services and operational areas. Practices such as change management and business impact analysis are crucial to pinpointing the services and components that gain the most from visible information on usage, dependencies, and risks. This analysis then justifies the priority areas for CMDB establishment and ties directly to business value. For example, if an organization migrates the majority of their workloads to the cloud, the CMDB plan should prioritize these cloud assets, while continuing to pursue the migration of existing on-premise systems.
CMDB Best Practice 3: Choose an Effective CMDB Solution
The right CMDB solution is key to deriving business value from configuration management practices. The solution must effectively support service management activities and meet key functional requirements. As a result, the selection of a CMDB solution should be driven by desired business outcomes. An optimal CMDB can collect and integrate service and component configuration information from various sources, then process and present the information in a reliable, automatic, and cost-efficient manner. Key functions of effective CMDB solutions include:
- Strong agentless discovery capabilities.
- Agents for systems that require agent-based monitoring such as laptops, tablets, or instances air-gapped for security reasons.
- Support for all the technologies an organization operates. Examples include storage arrays in a data center, multiple cloud providers beyond just AWS and Azure, and legacy OSes like old versions of Windows and Solaris.
- Integrated functions such as asset management (for tracking licenses, certificates, and warranties) and cost management to identify underutilized assets.
- Out-of-the-box integrations with third-party tools such as configuration management, systems monitoring, or continuous delivery.
- Support for an open API and other data extraction methods (e.g., ODBC) and a query language to programmatically extract the discovered and mapped data for integration with other tools.
CMDB Best Practice 4: Adopt an Agile Approach During CMDB Rollouts
Because of the focus on value, the need to deliver value quickly is paramount when it comes to the CMDB. Prioritization of configuration information, including the level of detail to be recorded, should be based on risk and business value. Rather than try to get all IT components into the CMDB the first time, it is better to identify critical services and their dependencies, then enter only the level of detail required to support change enablement and incident management processes. An agile approach should start with selecting one or two services, discovering and recording the relevant configuration information, then outlining the service model and dependencies. Entering the service model information in a phased approach, then demonstrating the acquired benefits to stakeholders at the end of each iteration fosters buy-in and commitment to the CMDB. Organizations should only extend the scope to other service components after value is appreciated and ownership is established. Each subsequent iteration should be reviewed similarly, building up the capabilities while justifying usefulness and cost-effectiveness.
CMDB Best Practice 5: Tie CMDB Maintenance to Compliance and Performance
Demonstration of the CMDB’s value has to be directly linked to clearly measuring achieved goals and objectives. As aptly stated by Peter Drucker, “If you can’t measure it, you can’t improve it.” The configuration management practice must regularly report to stakeholders on the status of the CMDB and associated KPIs related to its usage and maintenance and link this to the business goals and objectives. Examples of such metrics gleaned from COBIT guidance include:
- Percent of accuracy and completeness of CIs repository.
- Number of identified unauthorized changes.
- Frequency of changes/updates to the CIs repository.
- User satisfaction with the quality of CMDB information.
From a governance and compliance perspective, organizations should conduct regular audits of CMDB records to validate accuracy and completeness. If the CMDB is the single source of truth for configuration information, there must be a concerted effort to keep its records updated and reliable. An automated approach should see gaps and deviations between the CMDB records and system records identified and remedied quickly and accurately. Human touch is still required to verify that the CMDB information stays relevant in supporting service management practices by sampling configuration records. These activities should be carried out regularly to point out potential improvement areas to be addressed through automation. Taking too long to address gaps in CMDB information leads to a loss of trust and goodwill, resulting in more significant efforts to clean up the data and rebuild commitment. In addition, leadership should publicize the value of the CMDB in supporting governance, compliance, and risk management, as part of organizational goals. Celebrating the success of the configuration management practice goes a long way in fostering higher levels of usage within the organization and anchoring the CMDB’s usefulness in service management. Also, it helps address any emergence of detractors who would derail the gains achieved and maintain the momentum of expanding the CMDB scope to cover more service components.
Adopting the CMDB best practices we’ve reviewed here goes a long way in improving operations within any organization involved in IT service management. Specifically, by selecting, implementing, and managing a CMDB with these best practices in mind, organizations can achieve:
- Optimized service design
- Effective change management
- Faster incident response
- Increased CMDB ROI
To learn more about CMDB, read this guide’s detailed chapters:
Learn about the information that various personas in your organization look for in CMDB visualization to support their individual use cases.
Learn the top CMDB discovery techniques for populating a CMDB ranging from Ping and CMDB to SNMP and Netflow
Learn about the inner workings of the must-have automated techniques used for CMDB application mapping and the best practices for implementing a successful project.