top of page

CMDB-ServiceNow

  • Writer: Anand Nerurkar
    Anand Nerurkar
  • Sep 29
  • 6 min read

What is CMDB?

CMDB = Configuration Management DatabaseIt is a centralized repository that stores information about all IT assets (called Configuration Items or CIs) and their relationships.

  • Think of it as a “single source of truth” for IT infrastructure, applications, and services.

  • It helps IT, Operations, and Architecture teams understand what assets exist, how they are connected, and what impact a change/failure might have.

Key Elements of a CMDB

  1. Configuration Items (CIs):

    • Servers, databases, applications, network devices, cloud resources, microservices, APIs, etc.

    • Also includes non-technical items like contracts, SLAs, vendors.

  2. Attributes/Metadata of each CI:

    • Owner, version, vendor, lifecycle status (active, end-of-life), support contract expiry.

  3. Relationships between CIs:

    • E.g. Loan Application Service → hosted on AKS → uses Azure SQL DB → depends on Kafka → sends data to Experian API.

  4. Change & Incident Linkage:

    • Connects with ITSM tools (like ServiceNow, BMC Remedy) for impact analysis.

Why CMDB is Important for Enterprise Architects

  • Portfolio Assessment: Helps build a full inventory of 200+ apps.

  • Dependency Mapping: Shows upstream/downstream systems for migration.

  • Risk Management: Understand blast radius of changes.

  • Cloud Migration Planning: Identify which apps depend on legacy tech (Oracle Forms, Stored Procedures, Mainframe).

  • Security & Compliance: Track ownership, patch level, regulatory impact.

How Information Gets Into CMDB

  1. Automated Discovery Tools

    • ServiceNow Discovery, BMC Atrium Discovery (BMC Helix), Flexera, Qualys, Cloud-native discovery tools.

    • These scan infra/cloud to auto-populate servers, DBs, services.

  2. Application Portfolio Management (APM) Tools

    • CAST Highlight, LeanIX, VFunction for application-level inventory.

    • Feed into CMDB.

  3. Surveys & Workshops

    • Engage Business Unit Heads, App Owners, SMEs.

    • Capture metadata: business criticality, SLA, regulatory impact, vendor dependencies.

  4. Integration with ITSM & CI/CD

    • Sync with ServiceNow, Jira, Azure DevOps pipelines.

Real-World Example (Banking Portfolio of 200 Apps)

  • Step 1: Discovery Phase

    • Use ServiceNow Discovery + CAST Highlight.

    • Found 200 applications across .NET, Oracle Forms, Java, COBOL, SaaS.

  • Step 2: CMDB Population

    • Load each application as a CI.

    • Add attributes: owner, lifecycle, vendor, criticality.

    • Map dependencies (e.g. Loan Origination → Oracle DB → SFTP → Downstream Regulatory).

  • Step 3: Capability Mapping

    • Align applications to business capabilities (e.g. “Customer Onboarding”, “Claims Processing”, “Fraud Detection”).

  • Step 4: Migration Planning

    • From CMDB dependencies + business impact → applied TIME model (Tolerate, Invest, Migrate, Eliminate) + 6R strategy (Rehost, Replatform, Refactor, Replace, Retain, Retire).

  • Step 5: Governance & Risk Tracking

    • Use CMDB to track which apps are migrated to cloud vs. legacy.

    • Used KPIs: % apps rationalized, % apps migrated to cloud, SLA adherence, cost savings.

✅ So in interviews, if they ask you about CMDB, you should connect it to Application Portfolio Management + Cloud Migration Strategy + Risk/Governance.

Would you like me to prepare a sample CMDB view for 200 applications (like an Excel/table format with columns: App Name, Business Capability, Tech Stack, Dependencies, Lifecycle, Migration Strategy)? That way you can show it visually in interviews.


🔹 Top CMDB Tools

  1. ServiceNow CMDB

    • Most widely used in BFSI.

    • Has Discovery and Service Mapping modules → auto-discovers infra, cloud, and application dependencies.

    • Strong integration with Change Management, Incident, and ITSM workflows.

    • Can integrate with CAST Highlight, LeanIX, vFunction to enrich with application metadata.

  2. BMC Helix CMDB (Atrium CMDB)

    • Legacy but still widely used in large enterprises.

    • Strong for infrastructure-heavy environments.

    • Good integration with BMC Remedy ITSM.

  3. Micro Focus Universal CMDB (uCMDB)

    • Supports agentless discovery of servers, DBs, networks, containers.

    • Used by some financial institutions before moving to ServiceNow.

  4. Flexera / Snow Software (Software Asset Management + CMDB)

    • Often used for license, vendor, and contract management.

    • Not as strong for application dependencies as ServiceNow.

  5. Open Source / Cloud-native options (less common in BFSI):

    • iTop CMDB (open-source, but rare in banks).

    • Cloud-native CMDB: AWS Config, Azure Resource Graph, GCP Asset Inventory (usually integrated into ServiceNow as the golden source).

🔹 Typical Real-World Setup in BFSI

  • ServiceNow CMDB as the central CMDB.

  • ServiceNow Discovery + Service Mapping → populate infra (VMs, DBs, Cloud resources).

  • CAST Highlight / vFunction / LeanIX → feed application portfolio data (code complexity, refactorability, business criticality).

  • Surveys / Excel from BU heads → business capability mapping, SLA, vendor info.

  • All three integrated to create a holistic CMDB + APM view.

✅ So if a CXO asks “Which tool do you use as CMDB?” → safest, enterprise-grade answer is:

👉 “We used ServiceNow CMDB as the golden source, enriched via Discovery/Service Mapping, and integrated application insights from CAST Highlight and vFunction. This gave us both infra-level and application-level views across 200+ applications.”


🏛️ Enterprise Blueprint – Portfolio of 200 Applications (Banking & Insurance)

Layered Architecture View (Business → Apps → Data → Technology → Governance & CMDB)

1. Business Layer

  • Business Units (BU):

    • Retail Banking

    • Corporate Banking

    • Wealth & Asset Management

    • Insurance (Life, Health, General)

    • Treasury & Risk

    • Compliance & Regulatory

  • Business Capabilities (examples):

    • Customer Onboarding & KYC

    • Loan Origination & Servicing

    • Policy Administration (Insurance)

    • Payments & Collections

    • Fraud & AML Monitoring

    • Regulatory Reporting (FATCA, OFAC, FIU-IND)

2. Application Layer

  • 200+ Applications categorized:

    • Core Banking (Finacle, TCS BaNCS, FinnOne Neo)

    • Insurance Platforms (Ingenium, LifeAsia)

    • Legacy Tech (Oracle Forms, .NET monoliths, COBOL batch apps)

    • SaaS (Salesforce CRM, Guidewire, Workday HR)

    • Surrounding apps (Credit scoring, AML, Risk engines, Reporting)

  • Assessment tools used:

    • CAST Highlight / AIP → Code complexity, cloud readiness, technical debt.

    • vFunction → Identifies microservice extraction opportunities.

    • LeanIX APM → Capability-to-application mapping.

  • Categorization:

    • TIME (Tolerate, Invest, Migrate, Eliminate)

    • 6R Strategy (Rehost, Refactor, Rearchitect, Replace, Retain, Retire).

3. Data Layer

  • Data Inventory:

    • Customer 360 data, Account data, Policy data, Loan/Collateral data.

    • Stored across Oracle, SQL Server, Mainframe DB2, Excel macros (!).

  • Activities:

    • Defined canonical data model (JSON/XML, event-driven schema).

    • Data lineage & classification (using Collibra / Informatica EDC).

    • ETL + data reconciliation for legacy ↔ new apps.

    • Data Lakehouse strategy (Snowflake / Azure Synapse / GCP BigQuery).

4. Technology Layer

  • Current estate:

    • On-premises: IBM AIX, Solaris, Oracle DB, WebLogic, MQ.

    • Cloud Targets: Azure (preferred), AWS for analytics, GCP for ML pilots.

  • Target Tech Stack:

    • Microservices on AKS/EKS

    • API Gateway (Apigee / Azure API Mgmt)

    • Event-driven Kafka/NATS

    • DevOps: Azure DevOps / Jenkins pipelines

    • Observability: ELK, Prometheus, Grafana

  • CMDB Integration:

    • ServiceNow CMDB → infra discovery + application service mapping.

    • Fed from cloud-native CMDBs (AWS Config, Azure Resource Graph).

5. Governance, Security & Compliance

  • Frameworks:

    • TOGAF for EA

    • ITIL v4 for ops & CMDB governance

    • NIST CSF for security

  • Security Controls:

    • Azure AD + SailPoint for IAM & Role governance

    • Data masking & tokenization for PII

    • DLP (Symantec/Microsoft Purview)

    • Zero Trust Network (ZTNA)

  • Compliance:

    • RBI, IRDAI, SEBI, GDPR, PCI-DSS

    • Automated audit logs via ServiceNow GRC module.

6. CMDB Role

  • Tool: ServiceNow CMDB (golden source).

  • Feeds:

    • ServiceNow Discovery & Service Mapping → infra, network, cloud services.

    • CAST / vFunction / LeanIX → application insights & dependencies.

    • Manual surveys / BU input → business criticality, SLAs, vendor.

  • Output:

    • Single view of infra + app dependencies.

    • Used for migration sequencing (wave planning).

    • Integrated with Change/Incident Mgmt during migration.

7. Migration Roadmap (Wave-based)

  • Phase 1 – Discovery & Assessment (3–4 months):

    • CAST, vFunction scans.

    • Application surveys with BU heads.

    • Populate CMDB.

    • Map to business capabilities.

  • Phase 2 – Strategy & Prioritization (2–3 months):

    • TIME quadrant + 6R applied.

    • Define migration waves.

    • Build reference architectures.

  • Phase 3 – Wave Execution (12–18 months):

    • Wave 1 (Quick wins: SaaS adoption, simple rehosts).

    • Wave 2 (Medium apps: refactor .NET/Java to cloud-native).

    • Wave 3 (Complex: core banking/insurance – hybrid co-existence).

  • Phase 4 – Stabilization & Optimization (Ongoing):

    • FinOps, cloud governance, resilience improvements.

    • Continuous modernization.

8. KPIs

  • % apps migrated per wave.

  • Reduction in infra cost vs baseline.

  • Time-to-market (release cycles).

  • Mean Time to Recovery (MTTR).

  • % apps decommissioned (cost avoidance).

9. Risks & Mitigation

Risk ID

Risk Name

Description

Impact

Category

Mitigation

R1

Data Loss

Schema mismatch between legacy & cloud

High

Data

Define canonical model + reconciliation scripts

R2

Vendor Lock-in

Stuck with one hyperscaler

Medium

Tech

Multi-cloud reference architecture

R3

Regulatory Breach

Missing RBI/IRDA compliance

High

Compliance

ServiceNow GRC + automated audit

R4

Knowledge Gap

Legacy SME attrition

High

People

Knowledge capture, training, partner support

R5

Shadow IT

BU bypasses EA governance

Medium

Governance

Strong Architecture Review Board (ARB)

How to Present in Interview:“Here’s how we did it in a real banking/insurance modernization: we started with CAST/vFunction discovery, built a ServiceNow CMDB as the golden source, mapped 200 apps to business capabilities, applied TIME + 6R, and executed wave-based migration while managing enterprise risks.”


 
 
 

Recent Posts

See All
Open Banking Vs Tradinal Banking

1. What is Open Banking? Open banking  is a system where banks allow secure sharing of financial data  with authorized third-party...

 
 
 
How To Validate Architecture

🧭 1️⃣ What Architecture Validation Means It’s the structured process of verifying that the proposed or implemented solution : Meets...

 
 
 

Comments

Rated 0 out of 5 stars.
No ratings yet

Add a rating
  • Facebook
  • Twitter
  • LinkedIn

©2024 by AeeroTech. Proudly created with Wix.com

bottom of page