Table of Contents
High Level Proposal
Deliverables
Completed |
Priority |
Link |
CreatedDate |
CompletedDate |
Assignee |
Devliverable |
---|---|---|---|---|---|---|
|
M |
|
|
|
ww26 |
a CMDB design model |
|
M |
|
|
|
ww26 |
a populated CMDB, with items from every ITIL-adopting org, including types: desktops, printers, servers, provider services, ip phones, data center equipment, L2/L3 network equipment |
|
M |
|
|
|
ww26 |
a BSM with paths between all services and components: for every component, you can walk up to a service and for every service, you can walk down to a component |
|
M |
|
|
|
ww26 |
a policy & process document for maintenance of the CMDB |
|
M |
|
|
|
ww26 |
running documentation repo for SN integrations |
Overall Steps
Identify asset owner orgs
Status |
|
---|
Every org managing assets touched by Incident, Problem, Change, or Asset ITIL processes should have representation in the CMDB. Best to walk down from the top of the Yale ITS organization. Feeds into next step (collect asset owner data).
Collect Asset Owner Data
Group |
Configuration Coordinator |
CMDB Source |
---|---|---|
Desktop Computing |
Chris Abbott |
Tivoli Endpoint Manager Integration (BigFix), asset scanning |
Prod Svcs UNIX |
Bill West, Jessica Greer |
SN Discovery |
Prod Svcs DBA |
Cheryl Boeher |
SN Discovery, migration from YHODA |
Prod Svcs Storage |
Steve DeGroat |
SN Discovery |
Prod Svcs Windows |
Julio Valdes |
SN SCCM Integration, SCCM-authoritative, and SN Discovery (for network printer assets) |
Prod Svcs Data Center |
Charlie Queiroga |
Aperture JDBC migration |
Shared Solutions |
Ann Brainard Dougan, Pam Miller |
DB integration |
Network |
Dave Galassi, Rick Beebe |
SNMP |
Information Security |
|
can use svn repo for fw rules. other CIs? |
Medical Library |
|
|
Academic Computing |
|
|
Student Computing |
|
any CIs not managed by prod svcs? business services? |
Faculty Computing |
|
any CIs not managed by prod svcs? business services? |
Design CMDB schema
Status |
|
---|
Based on model CMDB, meeting coming up in mid December. Must include a permissions/ACL model so that people only see what they care about/can't muck up things they don't own.
Identify all Yale networks
Status |
|
---|
This is probably best done via bluecat/proteus, manually (OK) or automatically (best).
Identify proper MID & firewall config
Status |
|
---|
- This depends on initial round of identifying all Yale networks
- (Finding) All MID machines should be on the 118 so they have a minimal level of network firewall protection.
Credential gathering
Status |
|
---|
Depends on having identified asset owner organizations and PoC. Collect all credentials for discovery and/or integrations.
Discover net, telephony (SNMP)
Status |
|
---|
Feeler sent out for pilot of net/voip discovery. They report using an existing database which they'd like us to treat as authoritative, which implies the need for an integration. Waiting for details on data interface possibilities.
Discover printers (SNMP and/or federated data and/or BigFix)
Status |
|
---|
WINSYS can own these since they own queues. This is not desktop services. Many already open to SNMP & on the Internet. Remediation may be accomplished by level setting the SNMP creds. Non-networked printers are probably going to have to be imported by hand and managed by ITIL processes, unless desktop discovery can lend a hand.
Discover UNIX servers (SNMP)
Status |
|
---|
Two prod services UNIX groups have agreed to use SNMP. A rewrite of SN probes and sensors is needed.
Discovery Storage configuration (SNMP)
Steve DeGroat has been invited to the weekly internal stand-up starting June 6.
Discover Windows servers (WMI and/or federated CMDB)
Status |
|
---|
Prod services Windows group has agreed thus far to go down the Discovery road, though they have been entertaining thoughts of federation with existing data collections. ServiceNow SCCM Plugin
Discover desktops (WMI and/or federated CMDB)
Status |
|
---|
Gap analysis performed to compare Discovery with a BigFix integration, thinking ahead to HIPAA-tracker interfacing/replacement on the horizon. Desktop folks choose to pursue an integration with BigFix/Tivoli Endpoint Manager.
Mac desktops are not equipped for SNMP or SSH Discovery.
There is a risk involved in deliberately opening WMI on machines with no network firewall protection. Opens new attack vector.
Discover data center (SNMP and/or federated CMDB)
Status |
|
---|
Initial efforts to assess scope and integrate with Aperture (data center CMDB) underway.
Rig automatic CI, BSM relationships
Status |
|
---|
Depends on CMDB model design. Wherever possible & within the established CMDB model, build in classification heuristics for connecting service CIs with components.
Make manual BSM connections
Status |
|
---|
"Last-mile" semantics that can't be reliably automated. Though they could be accomplished through instrumentation. The ideal is to have none of these, but realistically we're going to have them.