Schema Forge
Executive Summary
The Enterprise IT CMDB Schema delivers a comprehensive Configuration Management Database designed for organizations with complex multi-cloud environments, microservices architectures, and stringent compliance requirements. This schema provides complete visibility across 21 object types spanning business capabilities, technical services, applications, infrastructure, and operational assets.
Target Organizations
- Enterprises with 500+ servers across hybrid cloud environments
- Organizations running containerized workloads on Kubernetes
- Companies with regulatory compliance requirements (SOC 2, ISO 27001, PCI-DSS, HIPAA)
- IT departments managing 50+ business applications
- Teams adopting DevOps practices with infrastructure-as-code
Business Value Delivered
- 40-60% reduction in Mean Time to Resolution (MTTR) through service dependency mapping
- 30% decrease in failed changes via comprehensive impact analysis
- Complete audit trail for compliance and regulatory requirements
- Real-time visibility into cloud costs and resource utilization
- Automated certificate and contract expiry tracking preventing service disruptions
Schema Capabilities
- Business capability to technical service mapping
- Application-to-infrastructure dependency chains
- Multi-cloud resource management (AWS, Azure, GCP)
- Kubernetes cluster and container image tracking
- API inventory with authentication documentation
- Certificate lifecycle management
- Backup job monitoring and verification
Schema Architecture
ITIL v4 Practice Alignment
The Enterprise IT CMDB Schema aligns with ITIL v4 practices to support modern IT service management:
| ITIL v4 Practice | Schema Support |
|---|---|
| Service Configuration Management | All 21 object types with relationship mapping |
| Change Enablement | Impact analysis via Depends On, Runs On relationships |
| Incident Management | Service-to-infrastructure tracing for root cause |
| Problem Management | Pattern identification across related CIs |
| IT Asset Management | Server, License, Contract tracking |
| Service Continuity | Backup Job verification, DR location mapping |
| Information Security | Certificate management, API authentication tracking |
Three-Tier Architecture
The schema organizes object types into three logical tiers:
TIER 1 - BUSINESS LAYER
βββββββββββββββββββ βββββββββββββββββββ βββββββββββββββββββ
β Business ββββΆβ Business ββββΆβ Technical β
β Capability β β Service β β Service β
βββββββββββββββββββ βββββββββββββββββββ βββββββββββββββββββ
β β
βΌ βΌ
TIER 2 - APPLICATION LAYER
ββββββββββββ ββββββββββββ ββββββββββββ ββββββββββββ
βApplicationβ βMicroserv β βContainer β β API β
ββββββββββββ ββββββββββββ ββββββββββββ ββββββββββββ
β β β
βΌ βΌ βΌ
TIER 3 - INFRASTRUCTURE LAYER
ββββββββββββββββββββββββββββββββββββββββββββββββββββββββ
βServerββCloud ββ K8s ββ DB ββ Cert ββNetworkββContractβ
ββββββββββββββββββββββββββββββββββββββββββββββββββββββββReference Types
The schema defines five relationship types that enable dependency mapping and impact analysis:
| Reference Type | Color | Purpose | Example Usage |
|---|---|---|---|
| Delivered By | Blue (#0052CC) | Service composition | Business Service β Technical Service |
| Depends On | Green (#00875A) | Runtime dependency | Technical Service β Application |
| Runs On | Purple (#6554C0) | Hosting relationship | Microservice β Container Image |
| Managed By | Orange (#FF8B00) | Ownership assignment | Application β Team/Person |
| Located In | Red (#FF5630) | Physical/logical placement | Server β Location, VM β Cloud Account |
Object Type Reference
The Enterprise IT CMDB includes 21 object types. Below are detailed descriptions for each:
Purpose: Physical data centers, offices, colocation facilities, and edge sites where IT infrastructure is deployed. Locations provide critical context for disaster recovery planning, compliance with data residency requirements, and incident response coordination.
Key Attributes: Location Name, Location Type (Data Center, Office, Colocation, Edge Site, DR), Address, City, Country, Tier Rating, Compliance Certs, Status
Why it matters: DR planning, data residency compliance, maintenance windows, capacity planning, emergency response
Purpose: AWS accounts, Azure subscriptions, GCP projects, and other cloud provider accounts. Cloud Account records enable cost allocation, security boundary definition, and multi-cloud visibility.
Key Attributes: Account Name, Account ID, Provider (AWS, Azure, GCP, Oracle Cloud, IBM Cloud), Alias, Owner, Cost Center, Monthly Budget, Environment, Status
Why it matters: Cost management, security boundaries, compliance, resource organization, budget tracking
Purpose: High-level business functions that the organization must perform, independent of how they are implemented. Business Capabilities provide the bridge between business strategy and IT services.
Key Attributes: Capability Name, Description, Owner, Criticality (Mission Critical, Business Critical, Business Operational, Administrative), Strategic Value, Status
Why it matters: Strategic alignment, investment prioritization, redundancy analysis, business continuity
Purpose: Customer-facing services that deliver value directly to customers or stakeholders. Business Services are what the business "sells" or provides, supported by underlying technical services and applications.
Key Attributes: Service Name, Capability (reference), Description, Service Owner, SLA, RPO, RTO, Criticality (Tier 1-4), Compliance Tags, Status
Why it matters: Customer impact analysis, SLA tracking, recovery planning, change impact assessment
Purpose: IT services that support Business Services but are not directly customer-facing. Technical Services bridge the gap between business outcomes and technical implementation.
Key Attributes: Service Name, Business Service (reference), Service Type (Infrastructure, Platform, Application, Data, Security, Integration), Owner, Support Team, Tier, Status
Why it matters: Dependency mapping, incident routing, capacity planning, service catalog
Purpose: Business applications that implement functionality for Technical Services. Applications are the software components that users interact with or that process business logic.
Key Attributes: Application Name, Technical Service (reference), Description, Version, Application Type (Web, Mobile, Desktop, API, Batch, Integration), Tech Stack, SDLC Phase, Compliance, Risk Rating, Owner, Status
Why it matters: Portfolio management, technology tracking, risk assessment, lifecycle planning
Purpose: Individual service components within a distributed application architecture. Microservices enable tracking of independently deployable units with their own repositories and APIs.
Key Attributes: Service Name, Application (reference), Repository (URL), API Endpoint (URL), Owner, Health Check URL, Status
Why it matters: Deployment tracking, API discovery, ownership clarity, health monitoring
Purpose: Docker images and other container images used to deploy microservices. Container Image records enable vulnerability tracking and version management.
Key Attributes: Image Name, Microservice (reference), Registry, Version/Tag, Base Image, Scan Status, Status
Why it matters: Security scanning, version control, deployment tracing, compliance with approved base images
Purpose: K8s clusters that host containerized workloads. Cluster records enable capacity planning, version tracking, and workload placement decisions.
Key Attributes: Cluster Name, Cloud Account (reference), Provider (EKS, AKS, GKE, OpenShift, Rancher, Self-Managed), Version, Node Count, Environment, GitOps Repo, Status
Why it matters: Capacity planning, version management, environment mapping, GitOps tracking
Purpose: Physical servers, virtual machines on-premises, and container hosts. Server records provide the foundation for infrastructure management and capacity planning.
Key Attributes: Hostname, Location (reference), IP Address, FQDN, Server Type (Physical, Virtual, Container Host), Operating System, CPU Cores, RAM (GB), Storage (GB), Serial Number, Asset Tag, Environment, Status
Why it matters: Asset management, capacity planning, lifecycle management, incident response
Purpose: VMs running on hypervisors (VMware, Hyper-V, KVM) or in cloud environments. VM records enable resource tracking and host-to-guest relationship mapping.
Key Attributes: VM Name, Host Server (reference), Cloud Account (reference), Hypervisor, vCPU, vRAM (GB), Storage (GB), Snapshots, Status
Why it matters: Resource allocation, host mapping, snapshot management, cloud correlation
Purpose: Cloud provider compute instances (EC2, Azure VMs, GCE instances). Cloud Instance records enable cost tracking and cloud resource management.
Key Attributes: Instance Name, Instance ID, Cloud Account (reference), Instance Type, Region, Availability Zone, Monthly Cost, Tags, Status
Why it matters: Cost optimization, right-sizing, tagging compliance, regional distribution
Purpose: Database instances including relational databases, NoSQL databases, and caching systems. Database records enable data management and backup verification.
Key Attributes: Database Name, Server (reference), Database Type (PostgreSQL, MySQL, SQL Server, Oracle, MongoDB, Redis, Elasticsearch), Version, Port, Size (GB), Cluster Info, Replication, Backup Status, Encryption, Status
Why it matters: Data protection, compliance, performance monitoring, security
Purpose: Internal and external APIs exposed by applications. API records enable API governance, documentation tracking, and integration management.
Key Attributes: API Name, Application (reference), Endpoint (URL), Version, Auth Type (API Key, OAuth 2.0, JWT, Basic Auth, mTLS), Rate Limits, Documentation URL, Status
Why it matters: API inventory, security, documentation, rate limiting
Purpose: Application and network load balancers distributing traffic to backend services. Load Balancer records enable traffic management and SSL termination tracking.
Key Attributes: LB Name, Cloud Account (reference), LB Type (Application, Network, Classic, Hardware), VIPs, Health Check URL, SSL Termination, Status
Why it matters: Traffic flow, SSL/TLS management, health checks, high availability
Purpose: Routers, switches, firewalls, wireless access points, and other network infrastructure. Network Device records enable network topology documentation.
Key Attributes: Device Name, Location (reference), Device Type (Router, Switch, Firewall, Wireless AP, VPN Gateway), IP Address, Manufacturer, Model, Firmware, Serial Number, Status
Why it matters: Network topology, firmware management, capacity planning, security
Purpose: SSL/TLS certificates used to secure communications. Certificate records enable proactive expiry management and security compliance.
Key Attributes: Certificate Name, Domain, Issuer, Issue Date, Expiry Date, Key Size, Auto-Renew, Status
Why it matters: Expiry prevention, key management, compliance, automation
Purpose: DNS entries that map domain names to infrastructure. DNS Record records enable DNS change management and service discovery documentation.
Key Attributes: Record Name, FQDN, Record Type (A, AAAA, CNAME, MX, TXT, NS, SRV, PTR), Value, TTL, Provider, Status
Why it matters: Service discovery, change management, troubleshooting, TTL management
Purpose: Scheduled backup configurations protecting data and systems. Backup Job records enable backup verification and data protection compliance.
Key Attributes: Job Name, Source System, Schedule, Retention (Days), Target, Last Run, Last Run Status, Success Rate (%), Status
Why it matters: Data protection, recovery testing, retention compliance, capacity planning
Purpose: Software licenses and entitlements. License records enable compliance management and cost optimization.
Key Attributes: License Name, Product, License Type (Perpetual, Subscription, Per User, Per Device, Enterprise), Quantity, Vendor, Annual Cost, Expiry Date, Status
Why it matters: Compliance, cost optimization, renewal planning, audit readiness
Purpose: Vendor contracts for support, licensing, services, and maintenance. Contract records enable renewal management and vendor governance.
Key Attributes: Contract Name, Vendor, Contract Type (Support, License, Service, Maintenance, Consulting), Start Date, End Date, Value, Auto-Renew, Terms, Status
Why it matters: Renewal planning, cost tracking, terms reference, auto-renewal management
Implementation Phases
Objectives: Establish schema and governance structure, populate organizational objects, define naming conventions and data standards
Activities:
- Deploy Enterprise IT CMDB Schema to JSM Assets
- Configure reference types and relationship rules
- Import Location records from facilities inventory
- Import Cloud Account records from cloud provider consoles
- Document naming conventions for all object types
- Assign data owners for each object type category
Deliverables: Deployed schema with all 21 object types, Populated Location and Cloud Account records, Documented naming standards, RACI matrix for data ownership
Objectives: Document business capabilities and services, establish service hierarchy, define criticality and recovery requirements
Activities:
- Workshop with business stakeholders to identify capabilities
- Document Business Capability records
- Map Business Services to capabilities
- Define SLA, RPO, RTO for each service
- Assign service owners
- Create Technical Service records
Deliverables: Complete Business Capability inventory, Business Service catalog with SLAs, Technical Service mapping, Service ownership matrix
Objectives: Document application inventory, map applications to services, capture technology stack details
Activities:
- Import application inventory from existing sources
- Link Applications to Technical Services
- Document Microservices for distributed applications
- Capture API inventory
- Record Container Images for containerized apps
- Document Kubernetes Clusters
Deliverables: Application portfolio in CMDB, Microservice registry, API inventory, Container image catalog
Objectives: Document physical and virtual infrastructure, establish infrastructure-to-application relationships, enable impact analysis
Activities:
- Import Server records from discovery tools
- Create Virtual Machine records
- Import Cloud Instance records from cloud providers
- Document Database instances
- Record Network Devices
- Create Load Balancer records
Deliverables: Complete infrastructure inventory, Application-to-infrastructure mapping, Network topology documentation
Objectives: Document certificates, DNS, and backups, capture licenses and contracts, enable proactive expiry management
Activities:
- Import Certificate inventory
- Document DNS Records
- Create Backup Job records
- Import Software License records
- Document Contract records
- Configure expiry alerting
Deliverables: Certificate inventory with expiry tracking, DNS record documentation, Backup coverage verification, License compliance baseline, Contract renewal calendar
Objectives: Verify data quality, enable automation, train users
Activities:
- Execute data quality audits
- Configure automation rules
- Integrate with discovery tools
- Train service desk on CMDB usage
- Train change managers on impact analysis
- Establish ongoing governance processes
Deliverables: Data quality baseline metrics, Automated data validation, Discovery tool integration, Trained users, Governance operating procedures
Migration Strategies
From Spreadsheet-Based CMDB
Approach:
- Export spreadsheets to CSV format
- Map spreadsheet columns to schema attributes
- Normalize data (standardize values, fix inconsistencies)
- Use JSM Assets CSV import
- Validate imported data
- Establish relationships post-import
Key Considerations: Data normalization is typically 60% of effort. Plan for relationship creation as separate step. Archive spreadsheets after successful migration.
From Legacy CMDB Tools
Approach:
- Export from legacy tool using native export or API
- Map legacy CI types to Enterprise schema object types
- Transform data to match attribute formats
- Import using JSM Assets API or CSV
- Recreate relationships using reference attributes
- Validate data completeness
Tool-Specific Guidance:
- HP UCMDB: Export via Integration Studio, map CIT to object types
- BMC Atrium: Use CMDB Export utility, transform class structure
- ServiceNow: Export via Table API, map tables to object types
From Discovery Tools Only
Approach:
- Deploy discovery tool across infrastructure
- Configure scans for servers, VMs, cloud instances
- Map discovered attributes to schema
- Import discovered data
- Manually enrich with ownership and service mapping
- Establish ongoing sync
Recommended Discovery Tools: Lansweeper (on-premises infrastructure), Qualys Asset Inventory (security-focused), AWS Config/Azure Resource Graph/GCP Asset Inventory (cloud), Kubernetes cluster APIs (container platforms)
Integration Patterns
Discovery Tool Integration
Pattern: Scheduled sync from discovery tools updates infrastructure records
Implementation:
- Configure discovery tool API credentials
- Create sync job mapping discovered assets to CMDB records
- Define conflict resolution rules (discovery wins vs. CMDB wins)
- Schedule regular sync (daily recommended)
- Configure alerting for sync failures
ITSM Integration
Pattern: Bi-directional sync between CMDB and ITSM for incident/change management
Implementation:
- Configure ITSM connector (native JSM or third-party)
- Map CMDB objects to ITSM CI records
- Enable CI attachment to incidents and changes
- Sync status updates back to CMDB
- Enable impact analysis from CMDB relationships
Monitoring Integration
Pattern: Alert enrichment with CMDB context
Implementation:
- Configure monitoring tool webhook to query CMDB
- Map monitoring host identifiers to CMDB records
- Enrich alerts with service ownership, criticality
- Route alerts based on CMDB owner attributes
- Include service dependencies in alert context