Recently I had given Cisco technical study a rest and did some reading about other logistical aspects of running a complex networks. There are plenty of tools to version control your software and configuration files (e.g. CVS, RCS, Subversion). However there seems to be almost a total lack of tools which allow you to track the larger picture about your systems and devices on the network.
I’m talking about the details of about a device (a Configuration Item in ITIL terms):
- What is it called.
- What IP address(es) does it have.
- Where is it located.
- What model is it and specification details.
- Does it have a support contact, if so; with who, what level, their contact details.
- When was it bought.
- Its PO number and asset tag (for when finance ask those questions).
- What is it connected too.
- What services does it run.
- Has the vendor announced end of life/end of support
- What OS version is it running
- Do you plan to decommission it or renew its support
- The level of change control that applies to it
- Should be be security scanned as part of compliance and how often.
- If it’s part of a chassis system you’ll want to cover a whole pile of details about its line cards and their firmware versions (and possibly even the version of any daughter cards).
Then there is the compliance issues that you may have to deal with, for PCI/DSS you really should be tracking if the device configuration has changed and is the device up to date for security patches.
There is also the change management aspects that is often needed for compliance and there is the useful information about pending changes on this device and what systems/applications will a change on a single device/system impact. Much of this are needed to smoothly run a large network and which is not directly required for compliance, however it can make the process easier.
Much of this is enshrined in the UK Information Technology Infrastructure Library and also in Mike Rothman’s Pragmatic CSO book (I’m thinking of step 2 really). It’s the idea that you need to know what you have to be able to manage change within it.
So why is it hard to find any open source software to do this, or is it just that there is nothing out there? There’s many ticket tracking systems out there, many of them are really good (like Request Tracker). It’s possible that many people who don’t have the budget for the consultant sold and configured systems just have some home brewed/internal developed application for this sort of thing or just use a few Excel spread sheets and lack the tools to do this management well.
Given the above is it possible for a single person (or small team) to change this, how much effort would be needed to cover the basics and start something that people flock too and improve? There is a project called OpenCMDB on sourceforge, however there is currently no code after 3 years.
Maybe having this sort of system free and open source is not meant to be, people will not have the time/energy or commitment at work to allow this to happen. My head almost starts to spin at the though of writing something like this outside of work and wanting to make use of it within, the ownership lines get very blurred. Especially if you end up making changes within work and want to merge them back into the main code base, let alone the problems of getting newer code written by others deployed at work. Will you just end up with you systems that diverge from one another ?
Update: I’ve started writing a CMDB in Ruby on Rails called Rails-CMDB.