What is a CMDB?
Key takeaways
A CMDB (Configuration Management Database) is a centralised repository storing detailed information about IT Configuration Items (CIs) and the relationships between them
CMDBs enable faster incident resolution, safer change management, and evidence-based service delivery
CMDB differs from ITAM: CMDB focuses on service relationships and dependencies; ITAM focuses on asset lifecycle and financial tracking — they are complementary, not alternatives
CMDBs decay rapidly without a discovery feed — manual data entry cannot keep pace with change
The dominant enterprise CMDB platforms are ServiceNow, BMC Helix, Atlassian Assets (Jira Service Management), TopDesk, and Ivanti Neurons
CerteroX ITAM and CerteroX SAM include a certified ServiceNow connector — populating the CMDB via ServiceNow's Identification and Reconciliation Engine (IRE), no additional cost
What is a CMDB?
A Configuration Management Database (CMDB) is a centralised database that stores information about Configuration Items (CIs) within an IT environment and the relationships between them. Think of a CMDB as the blueprint of your IT infrastructure. It doesn't just list hardware and software — it maps how everything connects, depends on each other, and supports the services the business actually cares about.
CMDBs originated in ITIL's Configuration Management practice and remain a central component of modern IT Service Management (ITSM) tooling.
What are Configuration Items (CIs)?
A CI is anything managed in the CMDB. The level of granularity varies by organization — some CMDBs track individual network ports, others only track the servers they sit in.
CI type | Examples |
|---|
CI type | Examples |
|---|---|
Hardware | Servers, workstations, laptops, network switches, routers, storage arrays |
Software | Applications, operating systems, databases, middleware |
Network | IP addresses, DNS records, load balancers, firewalls |
Business services | Email service, CRM application, payment processing, customer portal |
Cloud resources | EC2 instances, Azure VMs, S3 buckets, Kubernetes clusters |
Documentation | Runbooks, change procedures, architecture diagrams |
CI relationships
Relationships — not CIs — are what makes a CMDB useful. Typical relationship types:
Depends on — the email service depends on Exchange servers, which depend on a database cluster
Runs on — an application runs on a virtual server, which runs on a hypervisor, which runs on a physical server
Hosted in — a resource is hosted in a datacentre, region, or cloud account
Owned by — an asset is owned by a team, cost centre, or business unit
Why a CMDB matters for IT operations
Faster incident resolution
When a user reports "email is down," the service desk can query the CMDB to see which server hosts the service, what it depends on, and what recent changes were made — turning a blind troubleshoot into a targeted investigation.
Safer change management
Before approving a database upgrade, the Change Advisory Board (CAB) can query the CMDB to identify every application and business service that depends on it. Change risk becomes explicit; impact assessment becomes evidence-based.
Better service mapping
Service owners visualise their complete service architecture — single points of failure, redundancy coverage, external dependencies — and plan resilience accordingly.
Audit and compliance
Compliance teams generate reports directly from the CMDB for licence audits, financial reporting (ISO 19770 for software asset data), and regulatory regimes that require authoritative IT records.
Security and vulnerability management
Security teams correlate CVEs to the CIs actually running vulnerable versions — instead of scanning blind or relying on asset lists that drift from reality.
CMDB vs ITAM vs Service Map vs Inventory
The overlap between these four causes confusion. The precise relationship:
Artefact | Primary purpose |
|---|
Artefact | Primary purpose |
|---|---|
CMDB | Service-management record — CIs and their relationships for incident, change, and service delivery |
ITAM record | Asset lifecycle and financial record — who owns it, what it costs, when it refreshes or retires |
Service Map | Visual or logical representation of how CIs compose a business service |
Inventory | Raw list of assets — a flat record, no relationships |
A mature enterprise runs all four, with clear data flow:
Discovery (agents, agentless, network, cloud, SaaS) produces raw inventory
ITAM structures the inventory into a lifecycle record — identity, ownership, contracts, cost, retirement
CMDB consumes ITAM data and adds relationships — what depends on what, what supports which service
Service Map is a view on top of CMDB — filtered to one service at a time
Without ITAM feeding CMDB, the CMDB decays. Without a CMDB, ITAM has no service context.
The CMDB-decay problem
CMDBs that are populated manually — or populated once and not maintained — decay at a predictable rate. Devices get replaced, software is upgraded, applications retire, cloud resources spin up and down. Within weeks of a "clean" CMDB snapshot, the record drifts from reality; within months, service desks stop trusting it.
The solution is continuous, automated discovery feeding the CMDB. This is the specific problem ITAM / asset-discovery tools solve for ITSM platforms. A CMDB without a discovery feed is a museum; a CMDB with a continuous discovery feed is a live source of truth.
CMDB platforms
The dominant enterprise CMDB platforms:
Platform | CMDB positioning |
|---|
Platform | CMDB positioning |
|---|---|
ServiceNow | Market-leading ITSM platform; CMDB is a native module with the Identification and Reconciliation Engine (IRE) |
BMC Helix (Remedy) | Long-established ITSM with BMC Atrium CMDB |
Atlassian Jira Service Management + Assets | Cloud-native ITSM with CMDB-style asset tracking via the Assets feature |
TopDesk | Popular in mid-market and EMEA with a native CMDB |
Ivanti Neurons for ITSM | ITSM platform with integrated CMDB |
Open-source / lightweight | iTop, GLPI — smaller scale, more configurable |
Most enterprises pair their CMDB of choice with a dedicated ITAM / discovery tool that produces the reliable, normalised asset data the CMDB needs.
How ServiceNow's CMDB actually works — the IRE
ServiceNow's CMDB is built around the Identification and Reconciliation Engine (IRE). Rather than accepting whatever data arrives from integrations, IRE enforces identification rules (which fields uniquely identify a CI) and reconciliation rules (which data source is authoritative for which attribute) before any record is created or updated.
This is why "certified" ServiceNow connectors matter — a tool that writes directly to the CMDB without going through IRE can corrupt the data model. A tool that uses IRE correctly keeps the CMDB clean even when multiple discovery sources contribute overlapping data.
How CerteroX populates the CMDB
CerteroX ITAM and CerteroX SAM include a certified ServiceNow connector — not a paid add-on — that populates the ServiceNow CMDB through IRE with always-current asset data.
How it works
Discovery — CerteroX discovers the IT estate using six methods in parallel: agent (Windows, macOS, Linux), agentless (WMI, SSH), network (SNMP), browser (SaaS), IdP (Entra ID, Okta, Google Workspace), and cloud API (AWS, Azure, GCP, OCI)
Normalisation — discovered data is mapped to products, publishers, and ServiceNow CI classes
IRE reconciliation — data flows to the ServiceNow CMDB through the Identification and Reconciliation Engine so existing CIs are updated without duplication
Continuous sync — the feed runs on a schedule, so the CMDB stays current as the estate changes
Bidirectional context — ITAM data enriches the CMDB, and ServiceNow data (ownership, cost centre, assignment group) enriches the ITAM record
What this enables
A CMDB that does not decay — every hardware refresh, software change, SaaS addition, and cloud change flows through automatically
Incident and change processes that run on real data
An ELP (Effective Licence Position) reconciled against the same CIs the service desk uses
Shared ownership of the asset record between the ITAM team and the Service Management team
Frequently asked questions
What is the difference between a CMDB and an asset inventory?
An asset inventory is a flat list of what exists. A CMDB adds relationships — which CI depends on which, which service is supported by which CIs — and is structured around Configuration Items and classes rather than raw records. Inventory is necessary but not sufficient for ITSM; a CMDB is what turns inventory into service context.
What is the difference between a CMDB and ITAM?
ITAM manages the asset lifecycle — procurement, deployment, usage, refresh, retirement — with financial and contractual context. CMDB manages the service-operations view — how CIs relate, how services depend on CIs, what recent changes happened. They are complementary: ITAM data feeds the CMDB; CMDB context enriches the ITAM record.
Why do CMDBs decay?
Because IT environments change continuously and manual maintenance cannot keep pace. Devices are replaced, software is upgraded, applications retire, cloud resources spin up and down, SaaS subscriptions appear and disappear. Without a continuous discovery feed, the CMDB is months out of date within a year of its last clean-up.
How do you keep a CMDB accurate?
Four things: (1) continuous discovery covering the full estate (hardware, software, SaaS, cloud); (2) a certified CMDB connector that uses the CMDB's native reconciliation engine (e.g. ServiceNow IRE) so data flows cleanly; (3) defined CI classes and depth — an agreed scope for what gets tracked and at what granularity; (4) a CMDB-health owner who monitors staleness, duplicates, and gaps.
What is the ServiceNow IRE?
The Identification and Reconciliation Engine (IRE) is ServiceNow's native data-merge engine for CMDB writes. It enforces identification rules (which fields uniquely identify a CI) and reconciliation rules (which source is authoritative for which attribute), preventing the "duplicate CI" problem that plagues CMDBs populated without it. Any integration that writes to the ServiceNow CMDB should use IRE.
Does a CMDB replace asset discovery?
No. A CMDB is a database; discovery is the process that populates it. Most CMDB platforms include some native discovery, but dedicated ITAM / discovery tools typically offer broader coverage (more OS families, SaaS via browser, deep connectors) and better publisher normalisation for software. Using both together — discovery tool feeds CMDB — is standard pattern.
What CI classes should we include?
Start with: Hardware (servers, workstations, network devices), Software (operating systems, installed applications), Business Services (the top 20 services users interact with), Cloud Resources (VMs, databases, storage), and SaaS applications. Add depth iteratively — an early-stage CMDB that tries to track every network port will never ship.
How does CMDB relate to ITIL?
ITIL 4's Service Configuration Management practice defines how CIs are managed and related. The CMDB is the tool that supports that practice. ITIL 4 also has a separate IT Asset Management practice, reinforcing that CMDB and ITAM are distinct but integrated disciplines.
Can an ITSM platform work without a CMDB?
Technically yes — many organizations run ITSM on inventory alone. The cost is evident in change failure rate, incident mean time to resolve, and audit readiness. A usable CMDB is one of the higher-ROI investments in IT operations, provided the data is kept current.
How do SaaS and cloud fit into a CMDB?
As CIs. A modern CMDB records SaaS applications (Salesforce, Microsoft 365, ServiceNow itself, Atlassian, Adobe CC), cloud resources (compute, storage, database, serverless), and their relationships to the business services they support. Keeping this current requires discovery that covers SaaS and cloud natively, not only on-premises hardware.
What's the role of the CMDB in security?
Security teams use the CMDB for vulnerability management (which CIs run the vulnerable software?), incident response (what else touches the affected CI?), and compliance (evidence of controlled change). A weak CMDB leaves security operating on guesswork — which is why discovery-driven CMDB health is a security concern, not only an ITSM concern.
How do we measure CMDB health?
Four standard measures: coverage (percentage of estate represented), accuracy (percentage of CIs matching discovery), completeness (percentage of required attributes populated), and freshness (time since last update). Most mature ITSM organizations publish CMDB-health metrics monthly and treat them as an operational KPI.
About Certero
Certero is an independent software vendor specialising in IT Asset Management, Software Asset Management, SaaS Management, Cloud Management, and AI Management. The CerteroX product family includes a certified ServiceNow connector that populates the CMDB through ServiceNow's Identification and Reconciliation Engine — included at no additional cost. Certero is the only four-time Gartner Customers' Choice for SAM Tools (2019, 2020, 2021, 2024), #1 rated on Gartner Peer Insights, an Oracle Certified Partner, and a FinOps Foundation member with FinOps Certified Platform designation.
Related resources
Last updated: April 2026