...
| Page Tree |
|---|
| Table of Contents |
|---|
High Level Proposal
| Attachments |
|---|
Deliverables
Completed | Priority | Link | CreatedDate | CompletedDate | Assignee | Devliverable |
|---|---|---|---|---|---|---|
| M |
|
|
| ww26 | a CMDB design model |
| M |
|
|
| ww26 | a populated CMDB, with items from every ITIL-adopting org, including types: desktops, printers, servers, provider services, ip phones, data center equipment, L2/L3 network equipment |
| M |
|
|
| ww26 | a BSM with paths between all services and components: for every component, you can walk up to a service and for every service, you can walk down to a component |
| M |
|
|
| ww26 | a policy & process document for maintenance of the CMDB |
| M |
|
|
| ww26 | running documentation repo for SN integrations |
High Level Approach
Identify all Yale networks
Status | |
|---|
This is probably best done via bluecat/proteus, manually (OK) or automatically (best).
Identify proper MID & firewall config
Status | |
|---|
This depends on initial round of identifying all Yale networks, but currently we think that all MID machines should be on the 118 so they have a minimal level of network firewall protection.
Identify all asset owner orgs
Status | |
|---|
This isn't strictly necessary, but it ensures completeness. Every org managing assets touched by Incident, Problem, Change, or Asset ITIL processes should have representation in the CMDB. Best to walk down from the top of the Yale ITS organization.
Asset Owner Data
Group | Configuration Coordinator | CMDB Source |
|---|---|---|
Information Security | | can use svn repo for fw rules. other CIs? might be for a later phase |
Student Computing | | any CIs not managed by prod svcs? business services? |
Faculty Computing | | any CIs not managed by prod svcs? business services? |
Desktop Computing | Phil Rinehart | Tivoli Endpoint Manager Integration (BigFix) |
Prod Svcs UNIX | Jessica Greer | SN Discovery |
Prod Svcs DBA | Cheryl Boeher | SN Discovery, migration from YHODA |
Prod Svcs Storage | Steve DeGroat | SN Discovery |
Prod Svcs Windows | Julio Valdez | SN SCCM Integration, SCCM-authoritative, and SN Discovery (printers only) |
Prod Svcs Data Center | Charlie Queiroga | Aperture JDBC integration, CMDB-authoritative |
Medical Library | | |
Academic Computing | | |
Shared Solutions | Pam Miller | |
Network | Dave Galassi/Rick Beebe | netMRI integration |
Credential gathering
Status | |
|---|
Depends on having identified asset owner organizations and PoC. Collect all credentials for discovery and/or integrations.
Discover net, telephony (SNMP)
Status | |
|---|
Feeler sent out for pilot of net/voip discovery. They report using an existing database which they'd like us to treat as authoritative, which implies the need for an integration. Waiting for details on data interface possibilities.
Discover printers (SNMP and/or federated data and/or BigFix)
Status | |
|---|
WINSYS can own these since they own queues. This is not desktop services. Many already open to SNMP & on the Internet. Remediation may be accomplished by level setting the SNMP creds. Non-networked printers are probably going to have to be imported by hand and managed by ITIL processes, unless desktop discovery can lend a hand.
Discover UNIX servers (SNMP)
Status | |
|---|
Two prod services UNIX groups have agreed to use SNMP. A rewrite of SN probes and sensors is needed.
Discovery Storage configuration (SNMP)
Steve DeGroat has been invited to the weekly internal stand-up starting June 6.
Discover Windows servers (WMI and/or federated CMDB)
Status | |
|---|
Prod services Windows group has agreed thus far to go down the Discovery road, though they have been entertaining thoughts of federation with existing data collections. ServiceNow SCCM Plugin
Discover desktops (WMI and/or federated CMDB)
Status | |
|---|
Gap analysis performed to compare Discovery with a BigFix integration, thinking ahead to HIPAA-tracker interfacing/replacement on the horizon. Desktop folks choose to pursue an integration with BigFix/Tivoli Endpoint Manager.
Mac desktops are not equipped for SNMP or SSH Discovery.
There is a risk involved in deliberately opening WMI on machines with no network firewall protection. Opens new attack vector.
Discover data center (SNMP and/or federated CMDB)
Status | |
|---|
Initial efforts to assess scope and integrate with Aperture (data center CMDB) underway.
Design CMDB schema
Status | |
|---|
Based on model CMDB, meeting coming up in mid December. Must include a permissions/ACL model so that people only see what they care about/can't muck up things they don't own.
Rig automatic CI, BSM relationships
Status | |
|---|
Depends on CMDB model design. Wherever possible & within the established CMDB model, build in classification heuristics for connecting service CIs with components.
Make manual BSM connections
Status | |
|---|
...
|