Use Cases : ITIL/CMDB & DCML

February 21, 2005 : Initial entry

Overview

The IT Infrastructure Library (ITIL) was developed in the 1980s, by the Office of Government Commerce (OGC). This effort was initiated by the UK Government, so as to provide a framework for governmental and non-governmental organizations.

The IT Infrastructure Library contains IT related best practices and is a result of collaborative effort between various organizations across a multitude of industries.

It is important to note that ITIL does not enforce a particular process or methodology to achieve a particular task. Instead, it may be viewed as a set of recommendations which when adopted - shall ensure that the IT goals and resources are utilized optimally and deployed. Further, the emphasis on a common terminology ensures that IT users imply and use a common language both within the enterprise and across the participating networks.

ITIL processes and functions are mapped into the following core areas:
1. Configuration Management
2. Incident Management
3. Problem Management
4. Change Management
5. Release Management
6. Service Level Management
7. Financial Management for IT Services
8. Capacity Management
9. IT Service Continuity Management
10. Availability Management and
11. Service Desk

The DCML organization is attempting to standardize management and reporting of all data center equipment.

The ongoing work at DCML and ITIL have similar goals and it may be worthwhile to synchronize the efforts of the two bodies to arrive at a practical implementation.

In this context, this document targets the Configuration Management DataBase (CMDB/CMDb), as a subject of initial integration between DCML and ITIL and contains use cases that may be used as a starting point for the integration activity.
Configuration Management DataBase (CMDB)

The Configuration Management DataBase is an application (with a data store as the backend), that may be used to store the following:

1. Release contents.


2. Configuration Items (CIs) and version numbers in live, staging and test environments.


3. Request For Change (RFC) relating to one or more CIs.


4. CIs that are scheduled to be changed or eliminated.


5. All Configuration Items that are likely to be affected by a common event.


6. Details on IT users, business units, functions and contact information.


7. Inventory/Licensing information.


8. Information on incidents/problems/known errors etc...

Use Cases

The following are some of the use cases for DCML/CMDB integration:

Use Case UC001 : Patch vulnerabilities using CMDB Primary Actor : Chief Security Officer Stakeholders and Interests: Chief Security Officer: Responsible for ensuring that the organizations network and systems are secure and patched immediately in response to any vulnerability alerts. Service User: Any user(s) who consume(s) IT resources and depends on the CSO and his team to ensure that his/her data is protected, safe and available. Preconditions: • The CSO and his team are aware of and subscribe to mailing lists/RSS feeds and other channels that cater to security alerts, their isolation, prevention and mitigation. Success Guarantee (post condition): • None Main Success Scenario (of Basic Flow): Bugtraq of news sources announce that systems on the Internet have been compromised. The CSO, a subscriber to the mailing list receives information on the above mentioned vulnerability. CSO (and his team) investigates the potential list of fixes and workarounds associated with this vulnerability and confirms that the proposed fix works and has no unintended effects. CSO requires a list of all systems within the enterprise that may be vulnerable to attack. CSO checks the CMDB for all systems in the enterprise that have the vulnerable version of the software. CSO instructs that the resultant list of systems be patched immediately. CSO requests that CIs are updated and that the CMDB reflect the status of the work performed on the various applicable systems. Special Requirements: • None Technology and Data variable list: • None Frequency of Occurrence: • As often as required (dependent on vulnerability related announcements and in-house findings) Open Issues: • N/A

Use Case UC002 : Achieve software compliance using CMDB Primary Actor : Audit & Compliance Department Stakeholders and Interests: Audit & Compliance Department (A&CD) : Ensures that the users run licensed software as per the legal requirements (e.g. All copies are accounted for, any usage based royalties are remitted, export/import regulations are complied with, …) Business Software Alliance (BSA): Consortium of software vendors, that promotes use of licensed software and can audit firms for compliance. Users: Users of IT systems, applications, operating systems etc... Preconditions: • Software is installed on various desktops and server and information on software installed on each of the systems is recorded and accessible via the CMDB. Success Guarantee (post condition): • None Main Success Scenario (of Basic Flow): BSA contacts Audit & Compliance Department of an enterprise, requesting that the organization, provide a report proving compliance of all installed software. The Audit & Compliance Department queries the CMDB, for a list of all operating systems, applications etc... in use within the enterprise, over the past year. The Audit & Compliance Department checks the results of the above query with the corresponding licensing information (also available within the CMDB) to arrive at a list of applications that are/not in compliance. The department further navigates the CMDB tree to arrive at a list of owners / assignees of the current systems that may have deployed potentially illegal software. The Audit & Compliance Department, contacts the user(s) and requests for clarification on the potentially unlicensed software, based on the report available within the CMDB. The User provides the requested information, which allows the A&CD to determine, if the systems are within compliance or if the CMDB contains inaccurate information. The A&CD updates the CMDB based on its findings. The A&CD conveys the requested information to the BSA. The A&CD adds RFCs based on internal findings and feedback from the BSA. Special Requirements: • None Technology and Data variable list: • None Frequency of Occurrence: • Annual Open Issues: • N/A

Use Case UC003: Minimize disruptions by conducting root cause analysis and identifying related changes. Primary Actor : Help Desk Specialist Feedback Please provide your input either on this forum or on the DCML mailing list. Stakeholders and Interests: Help Desk Operator (HDO): A tier-1 help desk IT contact, who receives requests for service from users and can either service the request or route the call to a specialist for further assistance. Help Desk Specialist (HDS): A tier-2 operator who is regarded as a subject matter expert in an assigned area. The Help Desk Operator escalates incidents to this individual. The Help Desk Specialist can also correlate commonly occurring incidents and investigate further for patterns or underlying root causes. Users: Personal/consumers of IT services, who may occasionally encounter issues with the offerings and request assistance from IT, by contacting the Help Desk Operator. Preconditions: • A usable & searchable knowledge base (kb) exists within the organization. The HDS adds content to this kb and the HDO is trained to extract information from this repository and guide the end user in resolving the incident. Success Guarantee (post condition): • None Main Success Scenario (of Basic Flow): User A encounters a problem with OS installation. User A contacts the HDO for assistance. HDO searches the internal knowledge base and locates a match in the ‘Known Error’ database. HDO works with User A and provides a workaround. User A follows the instructions provided, applies the workaround and informs HDO of the suitability of the suggested solution. HDO closes the open incident. Users B & C encounter the same problem and contact the HDO. Over time, HDO observes an increase in users requesting resolution of the same problem multiple times, and requests help from the HDS. The HDS queries the CMDB for commonality across the various systems and users that have reported the incidents and concludes that these systems have unsupported hardware. The HDS, on further investigation finds that the newer versions of the Operating System ships with drivers for this previously unsupported hardware. The HDS files an RFC and updates the CIs accordingly. The HDS requests that the DSL be updated with the desired copy of the OS. Special Requirements: • None Technology and Data variable list: • None Frequency of Occurrence: • Annual Open Issues: • N/A

Feedback

Please provide your input either on this forum or on the DCML mailing list.