Configured Identities

Here is an interesting post from Glenn O’Donnell of Forrester that argues the CMDB should contain identities (hat tip to Ryan Shopp):

Well, actually vice-versa! The configuration management database (CMDB) is a hot topic these days in IT. With my arrival at Forrester, I am ambitiously building upon the solid foundation of thought leadership my colleagues have built on CMDB. One topic I wish to address is the notion that people (yes, you and me) are configuration items within the whole CMDB discussion.

I find it interesting that nowhere in the article is the word identity used. I wonder if that was intentional? 

The more I work in the CMDB area (the product I currently work on, ChangeGear, has a CMDB) the more similarities I see with the concepts being discussed as an Identity Bus.

It’s a shame there aren’t more people that work on both the IdM and ITSM sides of the fence. Both groups are trying to solve some of the same problems but with different technologies and standards. I think some convergence between these two areas, especially around Identities, would be a very good thing.

Advertisements

5 responses to “Configured Identities

  1. Just after reading few lines I was wondering whether you will use the word “convergence” in this post. And you did 🙂

    Makes a lot of sense. But it looks both IDM and ITSM needs to mature to start converging. And that’s still a long way to go.

  2. That’s a good point. But if I had my druthers I would like to see them mature with knowledge of each others efforts. Then perhaps the convergence could happen over time.

  3. Speaking as someone who has done time in both IAM and ITSM, I can tell you there is one major difference in the CMDB vs. the needs of a IAM central authoritative store – the HR department. On the ITSM side, the bane of the CMDB is keeping things up to date. People bring servers online, add software, remove software, change system properties and do all sorts of things at a departmental level – all exacerbated by virtualization – and the is no way for a CMDB to keep up with it all. However, imagine that happening in AD or the corporate LDAP and wonder how long before the security people would freak out and HR would become the central authority on who does and does not exist. Of course that’s exactly what’s happened in most sophisticated organizations (the chaos of reality creeping in now an then non-withstanding). ITSM is still seeking their HR department, or whatever would play that role. Ironically, virtualization has been both a crisis in this regard (giving departmental folks the ability to spin up and down IT assets as dizzying speeds), but it may also become the middle mad that allows a checkpoint if it gets formalized and controlled well enough. But even then the virtualization layer will never have the regulatory and legal restraints of an HR department that make Identity so singular.

  4. Speaking as someone who has done time in both IAM and ITSM, I can tell you there is one major difference in the CMDB vs. an IAM central authoritative store – the HR department. On the ITSM side, the bane of the CMDB is keeping things up to date. People bring servers online, add software, remove software, change system properties and do all sorts of things at a departmental level – all exacerbated by virtualization – and there is no way for a CMDB to keep up with it all. However, imagine that happening in AD and wonder how long before the security people would freak out and HR would become the central authority on who does and does not exist. Of course that’s exactly what’s happened in most sophisticated organizations (the chaos of reality creeping in now and then non-withstanding). ITSM is still seeking their HR department, or whatever would play that role. Ironically, virtualization has been both a crisis in this regard (giving departmental folks the ability to spin up IT assets at dizzying speeds), but it may also become the middle man that allows a checkpoint if it gets formalized and controlled well enough. But even then the virtualization layer will never have the regulatory and legal restraints of an HR department that make Identity so critical to control for the business.

  5. Hi everyone,

    I’m the analyst from Forrester who wrote the posting referred to here. Thanks for the interest! I was alerted to this blog by a colleague and I’m reading the posts and responses with great interest.

    I do not mention identity explicitly in my Forrester blog post, but you correctly inferred that this was one of my intents. I do point to AAA and HR databases as sources for the information we desire and identity is rolled into the authentication ‘A’ of AAA. These things all need to link together to achieve the goals we are all chasing for unified ITSM.

    I think we are all on the same philosophical page around this need. I share your desires to have the rest of the profession catch up. Sooner or later, they will, but evidence supports the latter. I posted this to articulate my (and Forrester’s) position that we must not forget the human element in the CMDB equation. We focus so heavily on the nuts and bolts of infrastructure that we forget about the meat and bones of the people involved.

    Capturing “us” is critical to ITSM because people produce and maintain the services and people consume the services. Waht is service management without people? 🙂

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s