Getty Images
An IT ops guide to CMDB automation
Automating repetitive tasks like software upgrades, lifecycle management and incident reports with a configuration management database can improve IT efficiency and reduce risk.
IT teams can easily automate routine tasks with the help of a configuration management database. Many systems management tools now integrate CMDB capabilities.
Modern IT environments are complex, with numerous devices connected to the network. This includes servers, storage and network devices at the central level as well as PCs, laptops, tablets, mobile devices and printers at the decentralized level. This complexity makes manual management increasingly challenging.
Using a CMDB for task automation can help admins manage these complex IT environments. Integrating CMDB-based tools enables teams to automate a range of tasks: deploying software, patches and updates; finding devices unsuitable for upgrades; managing aging equipment; creating incident reports; and reducing network risk, among others.
What is a CMDB?
A CMDB contains data about all software and hardware components that make up an organization's IT services. CMDBs create a single source of truth: a place to store all actions related to IT environment maintenance.
Modern CMDBs should be able to fulfill several functions:
- Autodiscovery of devices at a complete and subassembly level, including drivers.
- Live firmware and software updates.
- Analytics, including reporting findings.
- Issue prediction prior to rolling out new software, patch or update.
- Issue management.
- Support for both physical and virtual environments.
- Management of other data, such as data on individuals and their permissions to carry out tasks.
- Automation of tasks in DevOps pipelines.
CMDBs can also map how remote devices attach to and detach from the network in real time. Integrating such data into a security information and event management system can massively strengthen a network's security.
Automating tasks with CMDBs
CMDB automation is particularly effective for repetitive tasks. Once these tasks are scripted, the CMDB can automate them, oversee changes, carry out any rollbacks required, and create a full report detailing the actions taken and their outcomes for auditing purposes.
When using a CMDB for task automation capabilities, teams can develop new software, updates and patches in a controlled environment before rolling them out into the operational environment. Consider an update to a client/server application on the client side. Most large organizations have a diverse collection of clients, each with different levels of operating systems, devices and device drivers.
Teams can create an inventory list of update requirements. When they query the CMDB, it can then generate a report identifying devices that are unsuitable for the upgrade based on those requirements. In many cases, only minor changes are needed to bring the devices up to the right level -- a task that IT ops can create as a script and the CMDB can oversee.
When, for whatever reason, a device cannot receive the update, the CMDB can exclude it from the update and raise an exception flagging the device for replacement. In other cases, the development team might need to modify the update. With a CMDB in place, teams can make these changes without affecting the operational environment.
Task automation using CMDBs can also benefit IT ops teams managing firmware updates across network devices. For example, many organizations attempt to maximize the lifespan of their routers. However, this approach can lead to issues when new firmware updates are incompatible with older devices due to insufficient memory. In such cases, the CMDB can flag all devices facing this issue, giving teams the option to either upgrade the device's memory or replace the device altogether.
IT ops teams can also use a CMDB for equipment lifecycle management. The CMDB can analyze systems data to identify aging equipment not just at the point it becomes obsolete but also as it approaches that state. With targeted queries to the CMDB, teams can identify such devices and proactively replace them, avoiding any impact on the organization's capabilities.
Lastly, problems do happen. For instance, an update might fail on just a few devices. A CMDB should be able to identify which individual devices did not receive the update correctly and then roll those devices back to a known working state. After resolving the issue, the CMDB can create a report with the full list of affected devices and the nature of the problems.
CMDB automation tool options
Vendors such as Atlassian, BMC, Device42, ManageEngine and ServiceNow provide tools that use CMDBs to complete many IT tasks. Such tools have matured rapidly over the years, with many embracing the full DevOps environment, not just IT ops.
Although most tools work in conjunction with the core functions of CMDBs, differences remain among the available options. To choose the right tool for your organization, consider the following:
- Check whether a tool requires installing agents on all or some nodes or whether it is agentless.
- Check to make sure that it supports all the systems your organization uses, particularly if you are a mainframe or Unix user.
- Check what integrations the vendor supports and provides to ensure the CMDB is a well-integrated and functioning member of the IT environment, not just a central store of IT data.
- Check how the tool manages individual roles and permissions. A tool that uses a CMDB must not elevate privileges for users who do not natively have such permissions. Given the potential risks associated with CMDB-based tools, particularly in the hands of a rogue individual, maintaining complete control of permissions is essential.
Clive Longbottom is an independent commentator on the impact of technology on organizations. He was a co-founder and service director at Quocirca as well as an ITC industry analyst for more than 20 years. Trained as a chemical engineer, he worked on anti-cancer drugs, car catalysts and fuel cells before moving to IT.