A configuration management database (CMDB) is a file -- usually, in the form of a standardized database -- that contains all relevant information about the hardware and software components used in an organization's IT (information technology) services and the relationships between those components. A CMDB provides an organized view of configuration data and a means of examining that data from any desired perspective.
How CMDBs work and why they're important
As IT infrastructure becomes more complex, the importance of tracking and understanding the information within the IT environment increases. The use of CMDBs is a best practice for IT leaders who need to identify and verify each component of their infrastructure to better manage and improve it.
Within the context of a CMDB, components of an information system are referred to as configuration items (CIs). A CI can be any conceivable IT component, including software, hardware, documentation and personnel, as well as the way in which each CI is configured, and any relationship or dependencies among them. The processes of configuration management seek to specify, control and track CIs and any changes made to them in a comprehensive and systematic fashion.
CMDBs capture attributes of the CIs, including CI importance, CI ownership and CI identification code. A CMDB also provides details about the relationships (dependencies) between CIs, which is a powerful tool if used correctly. As a business enters more CIs into the system, the CMDB becomes a stronger resource to predict changes within the organization. For example, if an outage occurs, IT can understand through the CI data who or which systems will be affected.
Advantages of using a CMDB
CMDBs provide a centralized view of IT data, which, in turn, offers IT leaders more control over their infrastructure. A CMDB user can visualize each individual IT infrastructure component -- for example, a storage device or an application running on a server -- which prevents administrative and management errors, helps to ensure regulatory and process compliance, and increases security. CMDBs can also enable IT leaders to spot ways to save within the organization by eliminating unnecessary or redundant IT resources and their associated costs.
Another benefit of a CMDB is the ability to integrate data from another vendor's software, reconcile that data, identify any inconsistences within the database and then ensure all data is synchronized. A CMDB system can also integrate other configuration-related processes, such as change management and incident management, to better manage the IT environment.
Challenges of using a CMDB
A CMDB can also present a number of challenges. A particularly difficult issue is organizational in nature: to convince the business of the benefits of a CMDB and then to use the system properly once it is implemented.
Once implemented, an initial challenge is to import all relevant data into the CMDB. This can be a tedious task, as admins must input a wealth of information about each IT asset, including financial information, upgrade history and performance profile. Modern CMDB tools offer enhanced discovery capabilities, allowing the tool to find and profile CIs automatically. However, this data doesn't always come from the same source. In theory, a process called data federation brings together data from disparate locations to prevent IT from replacing or eliminating other data systems. In practice, data is dispersed across sources that are not well integrated, which prevents IT managers from federating data.
Over time, IT must maintain and update the CMDB's data. It's common for a CMDB to fail because IT does not update the information and, therefore, it becomes stale and unusable.
Evolution of the CMDB
Essentially, a CMDB is a single source of truth of configuration information for IT assets, so they can be managed in order to deliver services. Visibility and monitoring of assets and dependencies can help smooth upgrades and deployment of new services -- for example, to identify which servers run an older OS (operating system) version, and how patches might alter security and performance. Organizations can track and enforce CMDB information over time, which improves security and compliance and reduces risks. CMDBs also have played a central role in automated failover and disaster recovery.
Recently the term configuration management has bifurcated to reflect the increased use of software-based configurations and interactions: scripting the configuration of a software stack, container management and Kubernetes, automation down to the code level, and cloud resources and provisioning. The DevOps universe of technologies and practices -- containers, microservices, infrastructure as code (IaC), source control, package management and release automation -- has changed what it means to map and track assets' configurations and dependencies. Machine learning (ML) and AI promise to more quickly and accurately predict the impact of undesirable results from configuration changes and their propagation.
The role of configuration management for tracking configuration changes in physical and digital assets hasn't gone away -- organizations still need to understand the landscape of their IT infrastructure resources, and how the interplay of those resources supports business objectives. CMDBs have evolved to more closely align with IT service management (ITSM) and reporting capabilities, as well as the cloud and distributed infrastructure. Many CMDBs integrate with IT asset management (ITAM) platforms, which are similar information repositories about IT assets that support change management, and CMDBs can be used to store such information themselves.
CMDBs and ITIL
The IT Infrastructure Library (ITIL) service management framework includes specifications for configuration management, although adoption of the ITIL framework is not a prerequisite for configuration management. According to ITIL specifications, the four major aspects of configuration management are:
- Discovery. Identify CIs to be included in the CMDB.
- Security. Control data to ensure that it can only be changed by authorized individuals.
- Reporting. Maintain status, which involves ensuring that current status of any CI is consistently recorded and kept updated.
- Auditing. Verify through audits and reviews of the data to ensure that it is accurate.
ITIL v3 introduced the concept of a configuration management system (CMS), a conceptualized system of CMDBs acting in concert, as a replacement for a singular monolithic repository.
CMDBs vs. asset management
There is some functional overlap between CMDBs and ITAM platforms for change management, and their capabilities are increasingly integrated into broader service management frameworks. However, they are different tools used for different purposes.
An ITAM tool tracks hardware and software details across the entire asset lifecycle, and they tend to be more static than what a CMDB tracks: acquisition/procurement, operation, maintenance and disposal. That includes information about its configuration, but it also costs at each stage such as purchasing and licensing, service/support and depreciation. Asset management benefits include better asset utilization and proactive asset and compliance/security auditing. Improved asset visibility also leads to faster and more accurate business decision-making.
ITAM tools typically are used to achieve business-oriented goals, such as to review and make decisions through an infrastructure asset lifecycle. Configuration management tools are better served for service-oriented goals, helping IT staff to understand dependencies so they can plan and maintain IT services.
Note that ITAM and CMDB are not mutually exclusive. An application server, for example, is an IT asset: it has financial value that depreciates over time, requires maintenance, and can incorporate operational information such as service agreements that are not part of a CMDB. That server also is a configuration item, and information about it can be tracked and managed through a CMDB: its installed OS and software, server setup and firmware versions. The CMDB would help reveal how changes to the server's configuration state could affect performance, stability problems and security; this is called impact analysis.
CMDB vendors and tools
General capabilities of a CMDB include:
- discover and assess the current CI of IT assets;
- automatically update CMDB entries when an asset is changed or updated;
- map dependencies between assets and CIs;
- simulate or predict the effect of a change to CIs; and
- audit CMDB records for security and compliance initiatives.
Many configuration management/CMDB tools are available for enterprises of various sizes and needs. Common examples of such tools include:
- BMC Helix CMDB
- Broadcom (CA Technologies) CMDB
- IBM Control Desk
- ManageEngine AssetExplorer CMDB
- Micro Focus (Hewlett Packard Enterprise, or HPE) Universal Discovery and Universal CMDB
- Microsoft System Center Service Manager (SCSM)
- ServiceNow CMDB
- SolarWinds Service Desk
IT can also adopt integrated or third-party tools to supplement its CMDB.
IT service management tools can integrate with CMDBs and often incorporate CMDB capabilities of their own. Many ITSM vendors offer standalone CMDBs as well -- some include BMC Software, ServiceNow, Cherwell Software and Freshworks. Tools from a single vendor may offer integration advantages, but less so for users of third-party CMDBs.
Automated discovery and change management tools automatically generate and update data to capture the state of the current IT environment. However, while discovery tools enable IT to take a more hands-off approach to configuration management, they don't completely eliminate the need for manual entry. For example, admins may need to manually enter some details such as the hardware's purchase date, price and due date of the next renewal of service.
IT operations analytics tools can also integrate with CMDBs. These tools can analyze the established configuration of each server, compare possible changes against an existing benchmark, and alert IT managers to unexpected or disallowed changes to a configuration for examination and remediation.
Data management tools can also be used to address the issue of data federation by taking all IT data from a variety of sources and automatically storing it in a CMDB. Such tools increase the accuracy of an enterprise's CMDB data.
Unified endpoint management and software asset management tools also can be used as data sources for a CMDB to provide visibility for devices within their control.