On the surface, change management database systems are gaining traction because of fast-spreading audits to check for compliance with regulations. At the core, however, is IT managers need to track and manage device, operating system and application configurations so that business processes run smoothly with a minimum of hands-on administration.
Deadlines for HIPAA (Health Insurance Portability and Accountability Act) and other regulations are looming this year. This means more probing audits, more documentation of processes and more auditable demonstrations of compliance. All of this is much easier to do, especially in midsize and large enterprises, with the help of products that are designed specifically to report compliance successes and shortcomings.
Configuresofts Enterprise Configuration Manager and a host of similar products have been around for much longer than the current CMDB buzz would imply. Why? CMDB products help IT managers stay abreast of constant changes without the need to build custom applications or hire more staff.
CMDB tools have also played a role for many years in tracking root-cause failures among network infrastructure and server devices. In fact, CMDB tools often cross the silo boundaries between network and systems operations to reveal configuration changes that were the "real problem" during a service outage.
The source of the CMDB hype is similar to and overlaps with the drumbeat around ITIL (IT Infrastructure Library). ITIL has been around formally since the 1990s, when an arm of the British government worked up a set of best-practice guides. ITIL is, in part, the basis of new CMDB tools recently launched or announced by BMC Software, IBMs Tivoli, Hewlett-Packard and Fujitsu.
IT managers should keep in mind that CMDB tools such as ECM dont take the place of knowledgeable system and network IT staff. It is truly the case that implementing a CMDB only augments the ability of highly knowledgeable staffers to work effectively in controlling change in data centers and distributed systems.
CMDBs store all configuration attributes, and good ones can even interpret at a basic level what it means when a particular system drifts out of its proper configuration. However, it still takes a professional who understands the primary business of an organization and who has in-depth knowledge of system configuration to determine which attributes provide the clues needed to know if a system will withstand a compliance audit.
With the growing importance and frequency of compliance audits, one of the most welcome additions to CMDB data collections and reports are templates that address particular regulations. IT managers should look for built-in or add-on compliance modules designed for the specific regulations with which they must comply.
Indeed, one of the things we liked best about ECM 4.8 was its new report modules. During tests, these modules provided fundamental information about the extent to which our systems met (or didnt meet) specific regulatory mandates.
The evolution of CMDB systems isnt limited to compliance packs and announcements from the traditional big names in network and system management tools. The open-source world has chimed in, with Splunk announcing that it will work with the Nagios project. Splunk officials anticipate adding system management and network monitoring tools to the companys log file search and indexing software sometime this year.