Recently I had given Cisco technical study a rest and did some reading about other
logistical aspects of running a complex networks. There are plenty of tools to version
control your software and configuration files (e.g. CVS, RCS, Subversion). However there
seems to be almost a total lack of tools which allow you to track the larger picture about
your systems and devices on the network.
I’m talking about the details of about a device (a Configuration Item in ITIL terms):
- What is it called.
- What IP address(es) does it have.
- Where is it located.
- What model is it and specification details.
- Does it have a support contact, if so; with who, what level, their contact details.
- When was it bought.
- Its PO number and asset tag (for when finance ask those questions).
- What is it connected too.
- What services does it run.
- Has the vendor announced end of life/end of support
- What OS version is it running
- Do you plan to decommission it or renew its support
- The level of change control that applies to it
- Should be be security scanned as part of compliance and how often.
- If it’s part of a chassis system you’ll want to cover a whole pile of details about its line cards and their firmware versions (and possibly even the version of any daughter cards).
Then there is the compliance issues that you may have to deal with, for PCI/DSS you really
should be tracking if the device configuration has changed and is the device up to date for
There is also the change management aspects that is often needed for compliance and there is
the useful information about pending changes on this device and what systems/applications
will a change on a single device/system impact. Much of this are needed to smoothly run a
large network and which is not directly required for compliance, however it can make the
Much of this is enshrined in the UK Information Technology Infrastructure Library and also
in Mike Rothman’s Pragmatic CSO book (I’m thinking of step 2 really). It’s the idea that you
need to know what you have to be able to manage change within it.
So why is it hard to find any open source software to do this, or is it just that there is
nothing out there? There’s many ticket tracking systems out there, many of them are really
good (like Request Tracker). It’s possible that
many people who don’t have the budget for the consultant sold and configured systems just
have some home brewed/internal developed application for this sort of thing or just use a
few Excel spread sheets and lack the tools to do this management well.
Given the above is it possible for a single person (or small team) to change this, how much
effort would be needed to cover the basics and start something that people flock too and
improve? There is a project called OpenCMDB on sourceforge, however there is currently no
code after 3 years.
Maybe having this sort of system free and open source is not meant to be, people will not
have the time/energy or commitment at work to allow this to happen. My head almost starts to
spin at the though of writing something like this outside of work and wanting to make use of
it within, the ownership lines get very blurred. Especially if you end up making changes
within work and want to merge them back into the main code base, let alone the problems of
getting newer code written by others deployed at work. Will you just end up with you systems
that diverge from one another ?
Update: I’ve started writing a CMDB in Ruby on Rails called Rails-CMDB (since retired).