BMC, CA, Fujitsu, HP, IBM and Microsoft promise to play nicely over ITIL CMDB. Yeah, right!

For a revised and expanded version of this article see ITSMWatch.

The major operations software vendors have finally released a white paper describing how they plan to cooperate on ITIL CMDB. Don't hold your breath waiting for anything to come of it.

I saw on Hank Marquis' DITY Newsletter that the vendor consortium has at last released a document describing their cooperation over CMDB.

Given that the original hype release said they would have the white paper out by May 2006 and the draft specification out by the end of 2006, the white paper is only 9 months late and the spec is still nowhere to be seen. Surprise. Getting these vendors to work together is like putting six cats in a suitcase.

The good news is that CA and Microsoft are on board now. But don't put any plans on hold pending a result.

WARNING: vendors will waive this white paper around to overcome buyer resistance to a mixed-vendor solution. For example if you already have availablity monitoring from one of them, one of the other vendors will try to sell you their service desk and use this paper as a promise that the two will play nicely.

Well they may, one day. Look at the timeline. It has taken then the best part of a year to get the gang together and get out an in-principle white paper for comment. I would say it would be optimistic to expect a draft spec in anything less than another year. I am still highly sceptical that their is any real commitment by the parties to a result, as compared to a need to be seen to be doing something. That need has now been filled for a while.

Once the spec is done, and assuming it hasn't all ended in tears first, a standards body needs to be found that will take it on, and then a formal standard must be promulgated. (This is what is needed, and it is the stated intent in the original press release). Standards gestate like elephants. So add another year or two. In the best case, some of the vendors will invest the millions required to support the standard in parallel with its development so they will release the software along with release of the standard. Look forward to that two or three years from now, best case.


Cooperation Between Vendors Over CMDB? I'd like to see that.

For a revised and expanded version of this blog article see ITSMWatch.

some excellent commentary on the CMDB initiative

For some excellent commentary on the CMDB initiative, see Coté at Red Monk

Commentary on the CMDB initiative

Yeah I have to agree the comentary is good, but it now seems as if those that are serious about implementing toolsets to undertake these tasks are becoming more pragmatic about the approach and the adherence to the ITIL model. I personaly fly the flag for the open source community. This is where there is an opportunity to establish standards on the federated data source and systems protocols. Even if this is not achieved, tools exist in the opensource area which will assist many organisations in control many of the key aspects of the CMDB. Check out for an overview of some of these opensource tools. There is also a CMDB Demo which gives a limited overview of the screens. Well worth a look.

how a stand-alone CMDB supports Incident and Problem and Change

This is an area I've not looked into yet. Explain how a stand-alone CMDB (Open source or proprietary) supports Incident and Problem and Change management if it is not integral to the Service Desk. How do incidents and changes get linked to a CI?

In my simplistic little skeptical world it seems to be that you either pay your service desk vendor to provide an integrated solution or you spend a fortune doing the code-level integration yourself

Linking incidents and changes

Yes you would need to code these interfaces but most organizations are operating effectively with their current change and help desk systems. And it would actually be a bit arrogant to think that you could just replace every companies problem and change systems, considering the extensive functionality of the larger problem systems.(ie HP Service Desk / Open view, Clarity, Remedy, Infra) But by having an open source data repository means that its not too difficult or expensive to get all your data into one place. There are also a variety of Service and Problem system tools available under open source which are suitable for smaller organizations. It all depends on how closely you want to align your CMDB system with ITL process. By the way I’m not the greatest fan of ITIL, and much of the practice elements were just standard procedure in the sites where I worked.

One of the biggest challenges facing the vendors of the CMDB offerings is that their products imply enforcing defined process which in turn may require a cultural shift within an organization. Whether it is ITIL or some other yet to be formed industry segment splinter group, they will need to program more functionality than is required for much of the user base for their products to be effective in the market place. This will have the net effect of programmatically getting bogged down in over engineered process. A few other well known products suffer from this when compared to their open source counterparts. It is common for the business to buy into a strategic product that’s very complex for a site, and when it’s all stripped away its based on current open source software.

With gaining an auto discovery engine that reports on every IP stack on your network you can cover the base level of establishing your IT asset register. Monitor for availability, alerts and service levels under nagios, and OCS provides extensive WMI or snmp based data from an installed agent on your devices and gives the ability to push software updates. So it covers some of the required toolset for a complete CMDB.

The key element here is that building the CMDB is not the most difficult part; it’s getting all of the standards agreed, both in process and technical elements.

I have setup in an attempt to educate the general user community on what is available under the open source banner to solve this issue. The CMDB is a lot of things to a lot of people and the fact that your reading this blog you most probably trawled through hours of information. The one thing that I found when I started my research was that all the information was on the problem and not the solution. Now all the information is on “How we can solve your problem with our snakeoil software” without actually showing you anything and the glossy blurb from the spin doctors.

The problem is it’s just not that hard to design a modular software system that can cater for the various process modules. It then leaves it up to the consumer to choose what and how they want to integrate things. The DEMO only shows about 5% – 10% of the functionality available from this open source integration. The content management system is ideal for adding customized content including interfaces to DB’s and its all really well supported in the open source community. Of course if you are on a larger site like 5000 users + you may want to scale out some elements of this solution. Any questions from anyone, please feel free to visit , login and raise something on one of the posts or send me an email

We cant just sit around waiting for the commercial community to carve up their playing fields when we already know what needs to be done and how to do it

a technology solution to a process problem

In the case where an organisation is "operating effectively with their current change and help desk systems" then what do they want new technolgoy for? We reengineer process when the current process is deficient or we want to raise the maturity of the current process. And if they have current change and help desk systems then they almost always have the startings of a CMDB in those systems, so why would they want to introduce an entirely duplicate technology just because it is "better".

It isn't the guy with the best tools who wins, it is the guy who operates with more effectiveness and efficiency than his competitors. Tools never ever deliver that, process does. Tools help process. I think you are pitching a technology solution to a process problem.

Be NICE to the open source community.

Now, now, let's not bite the open source hand that may prove very useful at some point. I for one am very excited to see someone take this on. Wish I had the time to contribute.

Charles T. Betz

that should be the benchmark for a CMDB.

The world is littered with open source efforts that aren't actually useful. I'll be the first to help this along if I can be persuaded that it is a business-pragmatic solution to providing useful data for Incident, CHnage, Config and other Management processes - because that should be the benchmark for a CMDB.

Solving a process problem

Charles, many thanks for the words of support. Not surprised you don’t have the time.

And Skeptic your input into this is highly regarded.

And agreed process is the problem, and process is the primary requirement and should then mapped to a functional specification. The processes require artifacts, and authorizations to undertake a workflow to achieve a planned outcome, a description at the highest level, I know, but any underlying technology sits at a lower level and enables automation and ensures a valid compliant work item has been undertaken. Both need to be assessed as separate entities. The tools and their functionality are irrelevant provided the output and functionality meets the business requirements. I’m not out here trying to flog a bunch of open source tools, I really just want to assist organizations to develop a mature competency in the management and cost control of their IT enviornment. From my experience in the industry less than 40% of organizations know exactly what they have out there in terms of infrastructure and services and what are they managing as a total enterprise. Surely the key process areas must be the automated asset register and the DSL, the source of truth for what’s on the network, otherwise we are applying changes across an unquantified entity. Nmap writing to a MYSQL database is available under GPL and can provide you with the capability to identify all devices on your network and maintain the ongoing capability without the use of agents, OCS will detail your software inventory, agent required, check out at Even if an organization was operating change and incident / problem on spreadsheet, a detailed understanding of devices and software on the network could only serve to gain a better understand the overall environment.

It must be accepted as a given fact that they are operational today, so they must have incident / problem and change management covered in some form. Most organizations have different needs for change and service desk so we need to apply some degree of architectural integrity and model the systems architecture against the business requirements. OOTB (Out of the Box) functionality rarely fits well into any organization so I specifically avoided making any recommendations but there are several open source tools to assist organizations of all sizes for both of these process areas. Full automation of any solution would require an organization to undergo a full requirements analysis, etc, etc, etc

It is clear that change and incident are the prime mature competences. Why, because automated data collection (asset / software), ongoing monitoring capability, service level management, systems document management, license management, IT communications and collaboration management are all areas that are difficult to undertake. Due to cost, complexity or poor management many organizations have neglected these areas.
All of these areas can be addressed with open source tools now. These tools are already industry accepted in there own rights, but collectively they address the data and workflow requirements of the governing processes to support these competency areas. Its up to individual organizations to integrate their current change and incident / systems with the open source toolset or post a requirement for support at Updates are also being applied regularly to the site and this is bound to be a hot topic.

Charles and Skeptic , thanks for the feedback

I'm not sure you address my key questions

I agree with most that you say, but I'm not sure you address my key questions. I decided they make a good new blog post so let's continue the discussion there

Sorry Fujitsu I left you off

Sorry Fujitsu I left you off. Fixed now.

Hmmm Fujitsu: there's a company that leaps front of mind when listing the major ITIL vendors....

Fujitsu and ITIL

Perhaps not well known as a tool vendor, but certainly proponents of the CMDB based approach to their managed services.

I've known Steve for a long time, since we co-founded Quint Wellington UK with Ivor Evans, so I know he knows his stuff.

Hmm, nice deck - some of the slides are mine...


Yes, nice deck!

Just for the record, since I don't seem to have been attributed: slides 13, 14, 16, 17, 18, and 19 are fairly direct copies of my own original material, stuff I've been working on since my Master's capstone project in 2003. Those of you who attended ITSMF USA 2004 can verify this by looking at the reprints of my presentation there. (I notice that I didn't copyright that particular representation; I was younger and more careless then.)

Of course, some (not all) of those slides were my own excerpts in turn from ITIL itself, but the entire selection is a value-added compilation, assembled to make the point that ITIL configuration management and metadata management have tremendous overlaps.

See (login required) for my 2003 "Metadata and ITSM: nailing theses to the door" post, and for my Master's thesis (admittedly immature in a number of places).

For a much improved version of slide 14, see and chapter 4 in my book.

It's always a bit flattering to see my work appear elsewhere. I do like the rest of the deck. Good stuff.

Charles T. Betz

Any number of service

Any number of service organisations could claim a place at the table based on CM IP. I thought it was a tool vendor consortium.

Fujitsu Systemwalker

Actually I note that Fujitsu plan to "provide Fujitsu Systemwalker IT management products incorporating the new CMDB standard". That will be a relief to all those Systemwalker clients. How could I have overlooked the famous Systemwalker?

If cooperation is possible it will happen quickly

I know Marv Waschke and Dale Clark well - and I don't work for CA.

They are focused, motivated and honorable individuals who will get the job done along with their secret weapon - Pam Molennor - if it can be done.

Each of these vendors have enormous turmoil going on inside their organizations - HP has been taken over by Mercury, for instance.

The bigger question is why have a standard at all? The underlying technologies will be moving about, moving forward at the best speed these vendors can afford. The real issue seems to be how easily integration can be achieved.

The other real issue is the rapidly changing definition of CMDB - at the current pace, ITIL will call the CMDB the owner of all the data in the universe. It's a never-ending project with never-ending boundaries.

I am not reflecting on the individuals involved

The backroom boys at these organisations tend to be the decent ones. I worked for one of the companies in question for a long time so I know, though I worked at the sordid pointy end. I am not reflecting on the individuals involved - please be clear about that. When I refer to cynical or machiavellian motivations I am talking about the companies as a whole, the executives who run them, and the games that go on between them.

BTW, I'd love to hear more about "HP has been taken over by Mercury" :-) Out here they were taken over by Compaq too.

And how is this ITIL helpful?

It's nice to hear voices of reason in the ITIL wilderness. I don't get it either. CI's I get. CM I get. CMMi makes sense and for the most part is born out of long standing engineering and manufacturing practices, statistically driven, and therefore verifiably effective.

But ITIL putting the CM responsibility of identifying CI's on individuals throughout an organization who have no perspective on what the data is good for, and feeding a colossal cancerous database, is IT suicide - or maybe martyrdom? The self important snake oil salesmen who tout this as a viable model astound me. Oh wait, but it's not a model. It's not an org change. It's not even a mission. You don’t have to change a thing. Well then what is it? If there were an expert on implementing it, I'd ask them... and ask them... and ask them... because the truth is even they don't know. It can't stand up to a Socratic inquiry. It's good in theory, but when you take the responsibility for providing process related data out of the hands of those who intimately manage the process, and put it into the virtual hands a phantomware database housing a little, little bit about more and more technology, you ultimately get something that can tell you nothing about everything.

Syndicate content