We are considering using HP UCMDB and need some feedback/ analyses/ pros and cons - security, performance aspects etc.
UCMDB is best suited for a large enterprise that is already invested in the HP service management suite. I can't really give a recommendation outside that context. Its purpose is to discover network elements and build the relationships between them to support the CM functionality in the other HP tools. It is designed to function in an ISO 20000 environment, but any organization looking onto CMDB is already going down that road. It ability to automagically build the relationships between CIs is a bit overrated, but it does a lot. You will no doubt invest a great deal of effort into configuration and customization. That is to be expected with a product of this sort.
Security - It supports all the common industry standards. It would be one component in a larger service management system and the security approach for the entire system needs to be evaluated. I've seen it used in large financial institutions which are subject to rigid security standards.
If you're already invested into HP, you're rep should be able to provide a detailed list of all the available agents and discovery systems available as well as integration capabilities with the rest of the service management tool suite. If you're not already invested into HP, I don't know how much value this product would have as a stand-alone.
Most of my time is spent enriching the data, like:
· building business relationships that can’t be automatically discovered but can be manually added and related to existing infrastructure
· Implementing Passive discovery for traffic data (who’s talking to who) with NetFlow exported data
· Creating queries and views for the purpose automating policy reporting with UCMDB CM (Configuration Management)
Managing the environment is not time consuming once the discovery requirements are implemented. All in all I spend about 20 man hours a week, the bulk of it doing enrichment. I am the only one in the company (65,000+ employees, 10,000+ servers) working on UCMDB though.
I will be glad to provide any output generated by the product – I’m not sure though what you mean from scanner outcome/files …..we typically don’t look at that data – it is pushed from the UCMDB probes to the UCMDB application server automatically – we do high level reporting on the CIs that are created from the discovery results each night. I can show you dependency reports or application maps (where IP addresses aren’t shown)
Thank you very much for this valuable summary! From a resource point of view - how many man hours per week approximately are needed to keep up and running the UCMDB full functionality (UCMDB, Discovery, Config mng) and to guarantee the data consistency for a number of CIs > 30,000?
Is it possible for someone to send me an extract of UCMDB agents and scanners outcome/files?
Best regards, Donka Raytcheva
Pro's: even with limited scope and limited discovery activity, very fast visibility and insight in IT artefacts living in an organization's IT landscape, especially when making full use of UCMDB Browser and UCMDB Configuration Manager. Cons: requires a heavy sponsor as well as a large amount of politicking and evangelization to make it land succesfully. Steep knowledge learning curve; requires effort/FTEs to keep running. Security: it pays to have the Security Operations and Management departments on the same page from the start of the project, but even then it can be challenging to have access granted to all corners of the corporate network. IT infrastructure scanning takes place using different protocols, it can trigger all kinds of alarms on Network Security side. Plus, scanning operations can lead to network load, especially on thin channels like GPRS or even ISDN links. Performance aspects: discovery and reconciliation operations need properly sized systems and databases, like enterprise sized systems run on 64GB servers with a couple of hundreds of GB for storage and the same for the UCMDB database. But even with these Security and Performance aspects, the success of a UCMDB introduction stands or falls with the engagement of the organization, the embracing of Configuration Management as one of the roads to a mature ITSM organization, the realization that UCMDB is much more than just a CMDB, or a CM discovery tool. It's also a solution for absolute integration of all kinds of organizational data sources, information repositories, on various levels and across various domains.
HI I would highly recommend the HP UCMDB as your Configuration Management platform – it can help in all aspects of Configuration Management, Change Management, Compliance Reporting, Impact Analysis and Asset/Inventory Management. The live discovery helps keep your configuration data current, something that is a fail with products like Remedy, which depends on human input that is error prone and out of date quickly. Our only problem with UCMDB is more political – doing the live discovery requires credentials on the device that some people in the organization have a hard time dealing with. The product can do both agent-less and agent-based discovery. It also comes with an add-on called Configuration Manager (CM) which helps provide a dashboard for Change/Compliance/Configuration reporting and a very nice Browser interface which provides the user with quite a bit of functionality – the multi-tenancy provides a secure mechanism for protecting configurations by owner. There is also a mechanism for distinguishing between authorized and non-authorized devices.