Draft - CMDB Policy

Owned by Allena Kendrick (Unlicensed)
Sept 10, 2019
6 min read






Policy and Procedures - DRAFT

CMDB Process and Procedures















Document Version

Author / Editor

Change

Date

Version

Kendrick

draft

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 




















Table of Contents
1. Introduction
2.1 Purpose and Scope
2.2 Audience
2.3 Definitions, Acronyms, and Abbreviations
2. Policies
2.4 CMDB Classes and Attributes
2.4.1 Baseline Mandatory Attributes
2.5 Discovery
2.5.1 Overview
2.6 Ownership and Permissions
3 Procedures
3.1 Submitting a new Configuration Item
3.2 Updating a Configuration Item
3.3 Deleting a Configuration Item
3.4 Email Subscriptions
4 Compliance and Review
5 Appendix









Introduction


Purpose and Scope

This document describes the required policy and procedures that must be adhered to in order to maintain the Configuration Management Database (CMDB) and all Configuration Items (CIs) managed by IT ITSM within ServiceNow.
A Configuration Item or CI is a component of infrastructure which is (or is to be) under the control of Configuration Management. CIs may vary widely in complexity, size, and type – from an entire system (including all hardware, software, and documentation) to a single module or a minor hardware component. 1
Configuration Management is the process of identifying and defining the Configuration Items in a system, recording and reporting the status of Configuration Items and Requests for Change, and verifying the completeness and correctness of Configuration Items. 1
The Configuration Management Database is a database which contains all relevant details of each CI and details of the important relationships between CIs. 1

Audience

This document should be read by all members of the Company A USA IT team.

Definitions, Acronyms, and Abbreviations

The following terms and abbreviations and used throughout this document.

Term

Meaning

CI

Configuration Item

CMDB

Configuration Management Database

BCP

Business Continuity Planning

Class

Category of Configuration Item (For example: Server, Application, Database etc.)

Attribute

Piece of information about a Configuration Item (For example: Name, Location, Version Number)



Policies

CMDB Classes and Attributes

The Configuration Management Database will include names and corresponding attributes for Production, BCP, lower environment (UAT, DEV) Configuration Items. Configuration Items are grouped into classes including Business Services, Applications, Servers, Databases, Network devices, and TIDAL jobs. For example, all applications are part of the application class and the network device class includes routers, firewalls, and switches.

Baseline Mandatory Attributes

Baseline Mandatory attributes for every class include:

  • Name
  • Owner by
  • Support group
  • Description
  • Functional Contact
  • Relationships


      1. Attributes per Class

Each class has a unique set of attributes that provide information about each CI record within the class.

      1. CMDB Relationships

Relationships between Configuration Items are captured within the CMDB. Each relationship has a parent and child and a correlating association between the two. Relationships illustrate downstream impacts when degrading a service for incident management (see Incident Management Policy and Procedure document) or understanding impacts of a change request (see Change Management Policy and Procedure document). Some examples of relationships are below:

Parent descriptor

Child descriptor

Applicable CI Class

 

Depends on

Used by

Business Service, Application, Server, Database, Network, Job Scheduler,

 

Runs on

Runs

Application, Server, Database, Network

 

Runs secondarily on

Secondarily runs

Application, Server

 


A legacy map is provided for every Configuration Item which illustrates both downstream and upstream related dependencies. For example, clicking on an application's legacy map (as illustrated below) will provide the application with the "runs on" relationship and the "depends on" relationships to other configuration items.

Discovery

Overview

Discovery is a plugin within ServiceNow that finds computers and other devices connected to an enterprise's network. When Discovery finds a computer or device, it explorers the device's configuration, provisioning, and current status and updates the CMDB accordingly. On computer systems, Discovery also identifies the software that is running, and any TCP connections between computer systems – thereby finding all the relationships between computer systems (such as an application on one server that uses a database on another).3 Full information regarding Discovery can be referenced from ServiceNow Wiki's Home Page.4

      1. MID Server

The MID Server is a Java server that runs as a Windows Service and runs Discovery. It serves as the communication and data movement facilitator between Service Now and external applications, data sources and services.6 The MID Server is installed on two production Virtual Machines within Company A's domain. One is located in Chicago and the other is located in the Hoboken data center. Each MID Server is configured to reach all applicable subnets within MSUSA's environment to gather data from applicable Configuration Items.

      1. Credentials

In order for Discovery to gain access to a computer or network device, credentials, such as user names and passwords or certificates, are required.

        1. Unix and Linux Credentials

SSH credentials are required to explore UNIX and Linux devices.

        1. Windows Credentials

Discovery runs remote WMI queries and runs in the context of a Windows user with the required privileges.

        1. SNMP Credentials

Discovery explores Network devices using the SNMP protocol via community strings.

        1. VMware Credentials

For VMware's vCenter, if Discovery detects the vCenter process running on the machine, it will launch the VMware – vCenter probe. This probe logs into the vCenter instance with the provided credentials and provides information about ESX machines and virtual machines.

        1. Credential Order

Discovery will try the credentials on each device randomly until it finds one that works. Once it does, it will log that information and try that credential first the next time it tries to access that device.

      1. Scans and Schedules

Discovery will scan Company A's networks at scheduled intervals on a daily, weekly, and monthly occurrence.

Ownership and Permissions

Fields within the CMDB are configured with Read Only access or IT access.

Procedures


Submitting a new Configuration Item

The initial submission of a new CI is equivalent regardless of environment. The steps are illustrated below.

  1. Navigate to "Configuration" within ServiceNow.

  1. Click on the class of the new Configuration Item. For example, click on Linux under the Servers heading to add a new Linux server to the CMDB. Choose the "new" button to create a new CI record.

  1. Fill out the mandatory fields. Mandatory fields for each class will be distinguished by a red line. CI records cannot be saved until all mandatory fields are filled out. If all mandatory fields are filled out – a draft can be saved. Note, mandatory field are conditional on the 'Status' of the CI. For example, when a server is in 'Build in Progress' the 'Name', 'IT Owner', and 'Purpose' fields are mandatory. However, when it is updated to 'Live', the 'Support Group' and 'Criticality' are also required fields.

  1. Once the CI is ready for review and workflow progression, click the "Submit" button on the new CI record.

Updating a Configuration Item


Configuration Items can be updated in 3 different ways:

  • Through an automated update from Discovery
  • Owner updated fields
  • Fields open to IT for modification


      1. Automated update via Discovery

Discovery is set up to automatically update fields it has access to within each Configuration Item record.

      1. Owner and IT updated fields

Several fields within Service Now need to be populated and updated manually. These fields are either open to all of IT to update or limited to an admin group for editing. As noted, mandatory fields on several CI classes are conditional on the 'Status' of the CI. For all servers and applications, a relationship is required before setting the CI to 'Live.'

Deleting a Configuration Item

Configuration Items should not be deleted from Service Now. The ability to delete a CI has been removed from all users (except for Admin privileges). A CI can be archived by changing the state from "Live" to "Decommissioned".

Email Subscriptions

IT can subscribe to a CI within a CMDB to enable notifications when a change is raised against that particular CI. On every CI record, there is a related link – "Subscribe" to enable the logged in user to subscribe to that particular CI.

      1. Email Notifications

Once subscribed to a CI, email notifications are triggered when changes are requested against the CI directly or indirectly.

        1. Change raised against subscribed CI


        1. Change raised against child or "grandchild" of subscribed CI




        1. Change raised against parent of subscribed CI


Compliance and Review

  1. Data Certification Tasks have been created to check attributes of the CMDB to ensure it remains up to date. Data Certification tasks are in Service Now.

Appendix