CMDB-ServiceNow
- Anand Nerurkar
- Sep 29
- 6 min read
What is CMDB?
CMDB = Configuration Management DatabaseIt is a centralized repository that stores information about all IT assets (called Configuration Items or CIs) and their relationships.
Think of it as a “single source of truth” for IT infrastructure, applications, and services.
It helps IT, Operations, and Architecture teams understand what assets exist, how they are connected, and what impact a change/failure might have.
Key Elements of a CMDB
Configuration Items (CIs):
Servers, databases, applications, network devices, cloud resources, microservices, APIs, etc.
Also includes non-technical items like contracts, SLAs, vendors.
Attributes/Metadata of each CI:
Owner, version, vendor, lifecycle status (active, end-of-life), support contract expiry.
Relationships between CIs:
E.g. Loan Application Service → hosted on AKS → uses Azure SQL DB → depends on Kafka → sends data to Experian API.
Change & Incident Linkage:
Connects with ITSM tools (like ServiceNow, BMC Remedy) for impact analysis.
Why CMDB is Important for Enterprise Architects
Portfolio Assessment: Helps build a full inventory of 200+ apps.
Dependency Mapping: Shows upstream/downstream systems for migration.
Risk Management: Understand blast radius of changes.
Cloud Migration Planning: Identify which apps depend on legacy tech (Oracle Forms, Stored Procedures, Mainframe).
Security & Compliance: Track ownership, patch level, regulatory impact.
How Information Gets Into CMDB
Automated Discovery Tools
ServiceNow Discovery, BMC Atrium Discovery (BMC Helix), Flexera, Qualys, Cloud-native discovery tools.
These scan infra/cloud to auto-populate servers, DBs, services.
Application Portfolio Management (APM) Tools
CAST Highlight, LeanIX, VFunction for application-level inventory.
Feed into CMDB.
Surveys & Workshops
Engage Business Unit Heads, App Owners, SMEs.
Capture metadata: business criticality, SLA, regulatory impact, vendor dependencies.
Integration with ITSM & CI/CD
Sync with ServiceNow, Jira, Azure DevOps pipelines.
Real-World Example (Banking Portfolio of 200 Apps)
Step 1: Discovery Phase
Use ServiceNow Discovery + CAST Highlight.
Found 200 applications across .NET, Oracle Forms, Java, COBOL, SaaS.
Step 2: CMDB Population
Load each application as a CI.
Add attributes: owner, lifecycle, vendor, criticality.
Map dependencies (e.g. Loan Origination → Oracle DB → SFTP → Downstream Regulatory).
Step 3: Capability Mapping
Align applications to business capabilities (e.g. “Customer Onboarding”, “Claims Processing”, “Fraud Detection”).
Step 4: Migration Planning
From CMDB dependencies + business impact → applied TIME model (Tolerate, Invest, Migrate, Eliminate) + 6R strategy (Rehost, Replatform, Refactor, Replace, Retain, Retire).
Step 5: Governance & Risk Tracking
Use CMDB to track which apps are migrated to cloud vs. legacy.
Used KPIs: % apps rationalized, % apps migrated to cloud, SLA adherence, cost savings.
✅ So in interviews, if they ask you about CMDB, you should connect it to Application Portfolio Management + Cloud Migration Strategy + Risk/Governance.
Would you like me to prepare a sample CMDB view for 200 applications (like an Excel/table format with columns: App Name, Business Capability, Tech Stack, Dependencies, Lifecycle, Migration Strategy)? That way you can show it visually in interviews.
🔹 Top CMDB Tools
ServiceNow CMDB
Most widely used in BFSI.
Has Discovery and Service Mapping modules → auto-discovers infra, cloud, and application dependencies.
Strong integration with Change Management, Incident, and ITSM workflows.
Can integrate with CAST Highlight, LeanIX, vFunction to enrich with application metadata.
BMC Helix CMDB (Atrium CMDB)
Legacy but still widely used in large enterprises.
Strong for infrastructure-heavy environments.
Good integration with BMC Remedy ITSM.
Micro Focus Universal CMDB (uCMDB)
Supports agentless discovery of servers, DBs, networks, containers.
Used by some financial institutions before moving to ServiceNow.
Flexera / Snow Software (Software Asset Management + CMDB)
Often used for license, vendor, and contract management.
Not as strong for application dependencies as ServiceNow.
Open Source / Cloud-native options (less common in BFSI):
iTop CMDB (open-source, but rare in banks).
Cloud-native CMDB: AWS Config, Azure Resource Graph, GCP Asset Inventory (usually integrated into ServiceNow as the golden source).
🔹 Typical Real-World Setup in BFSI
ServiceNow CMDB as the central CMDB.
ServiceNow Discovery + Service Mapping → populate infra (VMs, DBs, Cloud resources).
CAST Highlight / vFunction / LeanIX → feed application portfolio data (code complexity, refactorability, business criticality).
Surveys / Excel from BU heads → business capability mapping, SLA, vendor info.
All three integrated to create a holistic CMDB + APM view.
✅ So if a CXO asks “Which tool do you use as CMDB?” → safest, enterprise-grade answer is:
👉 “We used ServiceNow CMDB as the golden source, enriched via Discovery/Service Mapping, and integrated application insights from CAST Highlight and vFunction. This gave us both infra-level and application-level views across 200+ applications.”
🏛️ Enterprise Blueprint – Portfolio of 200 Applications (Banking & Insurance)
Layered Architecture View (Business → Apps → Data → Technology → Governance & CMDB)
1. Business Layer
Business Units (BU):
Retail Banking
Corporate Banking
Wealth & Asset Management
Insurance (Life, Health, General)
Treasury & Risk
Compliance & Regulatory
Business Capabilities (examples):
Customer Onboarding & KYC
Loan Origination & Servicing
Policy Administration (Insurance)
Payments & Collections
Fraud & AML Monitoring
Regulatory Reporting (FATCA, OFAC, FIU-IND)
2. Application Layer
200+ Applications categorized:
Core Banking (Finacle, TCS BaNCS, FinnOne Neo)
Insurance Platforms (Ingenium, LifeAsia)
Legacy Tech (Oracle Forms, .NET monoliths, COBOL batch apps)
SaaS (Salesforce CRM, Guidewire, Workday HR)
Surrounding apps (Credit scoring, AML, Risk engines, Reporting)
Assessment tools used:
CAST Highlight / AIP → Code complexity, cloud readiness, technical debt.
vFunction → Identifies microservice extraction opportunities.
LeanIX APM → Capability-to-application mapping.
Categorization:
TIME (Tolerate, Invest, Migrate, Eliminate)
6R Strategy (Rehost, Refactor, Rearchitect, Replace, Retain, Retire).
3. Data Layer
Data Inventory:
Customer 360 data, Account data, Policy data, Loan/Collateral data.
Stored across Oracle, SQL Server, Mainframe DB2, Excel macros (!).
Activities:
Defined canonical data model (JSON/XML, event-driven schema).
Data lineage & classification (using Collibra / Informatica EDC).
ETL + data reconciliation for legacy ↔ new apps.
Data Lakehouse strategy (Snowflake / Azure Synapse / GCP BigQuery).
4. Technology Layer
Current estate:
On-premises: IBM AIX, Solaris, Oracle DB, WebLogic, MQ.
Cloud Targets: Azure (preferred), AWS for analytics, GCP for ML pilots.
Target Tech Stack:
Microservices on AKS/EKS
API Gateway (Apigee / Azure API Mgmt)
Event-driven Kafka/NATS
DevOps: Azure DevOps / Jenkins pipelines
Observability: ELK, Prometheus, Grafana
CMDB Integration:
ServiceNow CMDB → infra discovery + application service mapping.
Fed from cloud-native CMDBs (AWS Config, Azure Resource Graph).
5. Governance, Security & Compliance
Frameworks:
TOGAF for EA
ITIL v4 for ops & CMDB governance
NIST CSF for security
Security Controls:
Azure AD + SailPoint for IAM & Role governance
Data masking & tokenization for PII
DLP (Symantec/Microsoft Purview)
Zero Trust Network (ZTNA)
Compliance:
RBI, IRDAI, SEBI, GDPR, PCI-DSS
Automated audit logs via ServiceNow GRC module.
6. CMDB Role
Tool: ServiceNow CMDB (golden source).
Feeds:
ServiceNow Discovery & Service Mapping → infra, network, cloud services.
CAST / vFunction / LeanIX → application insights & dependencies.
Manual surveys / BU input → business criticality, SLAs, vendor.
Output:
Single view of infra + app dependencies.
Used for migration sequencing (wave planning).
Integrated with Change/Incident Mgmt during migration.
7. Migration Roadmap (Wave-based)
Phase 1 – Discovery & Assessment (3–4 months):
CAST, vFunction scans.
Application surveys with BU heads.
Populate CMDB.
Map to business capabilities.
Phase 2 – Strategy & Prioritization (2–3 months):
TIME quadrant + 6R applied.
Define migration waves.
Build reference architectures.
Phase 3 – Wave Execution (12–18 months):
Wave 1 (Quick wins: SaaS adoption, simple rehosts).
Wave 2 (Medium apps: refactor .NET/Java to cloud-native).
Wave 3 (Complex: core banking/insurance – hybrid co-existence).
Phase 4 – Stabilization & Optimization (Ongoing):
FinOps, cloud governance, resilience improvements.
Continuous modernization.
8. KPIs
% apps migrated per wave.
Reduction in infra cost vs baseline.
Time-to-market (release cycles).
Mean Time to Recovery (MTTR).
% apps decommissioned (cost avoidance).
9. Risks & Mitigation
Risk ID | Risk Name | Description | Impact | Category | Mitigation |
R1 | Data Loss | Schema mismatch between legacy & cloud | High | Data | Define canonical model + reconciliation scripts |
R2 | Vendor Lock-in | Stuck with one hyperscaler | Medium | Tech | Multi-cloud reference architecture |
R3 | Regulatory Breach | Missing RBI/IRDA compliance | High | Compliance | ServiceNow GRC + automated audit |
R4 | Knowledge Gap | Legacy SME attrition | High | People | Knowledge capture, training, partner support |
R5 | Shadow IT | BU bypasses EA governance | Medium | Governance | Strong Architecture Review Board (ARB) |
✅ How to Present in Interview:“Here’s how we did it in a real banking/insurance modernization: we started with CAST/vFunction discovery, built a ServiceNow CMDB as the golden source, mapped 200 apps to business capabilities, applied TIME + 6R, and executed wave-based migration while managing enterprise risks.”
Comments