What is a CMDB?
A Configuration Management Database (CMDB) is a list of all the machines that reside on and build your technology environment.
Why do you need a CMDB?
A configuration management database is the foundation for automation. You cannot orchestrate changes to something if you do not know about it or are not certain of its attributes.
Cybersecurity requires a consistent application of controls across all machines to be effective, without a CMDB this is an impossible task.
Is a CMDB required for Cloud Infrastructure?
In our opinion yes. If you want to apply consistent controls across your environment you need to know what is there. You either build integration points from each tool directly to each cloud environment to gather the information directly or you centralise the information to a single source and have all your tools refer to that. The latter is much more efficient.
CMDB automation examples
The benefits of a fully synchronised CMDB across key platforms are both economic and technical.
- Automated deployment of cyber controls
- Improved logging leading to better analytics and cybersecurity insight
- Network automation to reduce cost of network management
- Reduced downtime as changes are applied consistently and without manual errors
CMDB synchronisation should be achievable for all tools, it is rare that any tool out there will not present an API for read and write. The issues are generally:
- Very different API models requiring custom code for each integration
- How to match data to avoid repeat instances being created
- Selecting what data to store and what data to push to tools
- Automation of the process over manual discovery and insertion
- Efficiency of the operation
What is ServiceOrchestrate?
ServiceOrchestrate is our utility tool for network and cyber automation that we have built on top of the low-code platform Intrexx. We have been working with Intrexx on digital transformation projects since 2016.
Service Orchestrate – CMDB synchronisation
ServiceOrchestrate, being built on a low-code platform is an excellent tool to overcome the challenges with CMDB synchronisation:
- Custom integration is rapid
- Automation workflow is inherent in the tool and simple to build and adapt
- There is no license fee per item synchronised nor to each integrated platform
- User dashboards, email updates and web-based user interaction is simple and quick to deliver
ServiceOrchestrate acts as the aggregator of CMDB data and the fan-out point of the consolidated and normalised data back-to those tools and pushed to other tools as required.
ServiceOrchestrate gathers the consolidated and full CMDB information, it can be used just as a staging point to your official CMDB repository (possibly using your service management platform) which ServiceOrchestrate can push data to just the same as any other integration.
The automated workflow process will synchronise to the data sources regularly and can either dynamically update the CMDB or present newly identified machines, items etc to the user:
The automated process, triggered to whatever frequency is required can synchronise automatically according to pre-defined and agreed rules or users can be presented with options based on pattern matching algorithms (all customisable):
We have a demo version running matching CMDB data from Azure, Check Point Firewall Manager and Illumio (we use these tools ourselves), here’s a quick clip of the tool in action: