CMDB for a manufacturing
plant: IT and OT assets

What is a CMDB?

The Configuration Management Database stores information about every asset in the company - so-called Configuration Items (CIs). Each CI is an infrastructure element: laptop, server, printer, PLC controller, HMI panel, application, license.

The CMDB stores for each CI its properties (type, model, serial number, location, owner), but above all the relationships between CIs. A relationship says: this laptop uses this software license, this label printer is connected to this production line, this router serves this network.

Example: ticket "label printer is not printing". Without a CMDB: the technician calls the shop floor operator, waits to find out which line is affected, looks up service contact numbers. With a CMDB: the technician opens the ticket, scans the QR code, immediately sees: Zebra printer #ZBR-0042, connected to Line 3, responsible: Jan Kowalski, service: Support Plus, last fault: 3 weeks ago (paper), previous: 6 months ago (printhead). Based on history: paper is a quick fix, 30 minutes, the technician walks over with paper instead of calling the service vendor.

CMDB in manufacturing: specific challenges

IT + OT in a single database

IT (Information Technology): laptops, servers, switches, Active Directory, office applications. OT (Operational Technology) covers elements that control the production process: PLC controllers (Siemens S7, Beckhoff), HMI panels (Siemens, Wonderware), SCADA systems (InTouch, AVEVA), CNCs, industrial robots.

The problem: IT and OT have different life cycles, different protocols (Modbus, Profibus, OPC-UA vs TCP/IP), different responsible teams, different security requirements. A proper CMDB for manufacturing puts both worlds in a single database and defines clear relationships: which OT element depends on which IT element (e.g. a PLC connected via the IT network).

Production continuity: passive inventory

On an office server you can install a Discovery Agent that scans the network topology every night. On a PLC running on a 24/7 production line you cannot. OT hardware inventory has to be: manual, passive (agent-less scanning), or scheduled in a service window. That extends CMDB build time, but it is necessary.

Regulatory compliance: asset documentation

ISO/IEC 27001 (IT security), IEC 62443 (OT security), NIS2: all require a documented asset register with firmware versions, last review dates, service vendor contact details. Deploying a CMDB is at the same time deploying a compliance tool.

CMDB structure for manufacturing

Asset hierarchy: from the plant down to the device

A proper CMDB structure for a factory looks like a tree:

The hierarchy enables quick questions:

• How many assets depend on the MES server?
• Which OT devices are on Line 1?
• What is the production impact of a router failure?

Asset types (CI Categories)

For each asset type you define your own fields:

• Server: operating system, RAM, disk, IP, firmware version, service plan
• Network Device: vendor, model, software version, ports, PoE budget
• PLC: vendor (Siemens, Beckhoff), model, firmware version, protocol (Profibus, OPC-UA), supply voltage, last calibration
• HMI Panel: vendor, screen resolution, operating system, application program version, software license
• CNC/Robot: vendor, model, year of manufacture, firmware version, serial number, responsible service vendor, service contract
• License: software, version, number of seats, expiry date, cost

Relationships between assets

You define a network of dependencies:

• Depends on: PLC depends on power, HMI panel depends on PLC
• Serves: MES server serves Production Line 1
• Connected to: label printer connected to Line 1
• License for: AutoCAD license assigned to CAD Workstation #12
• Maintained by: Robot XYZ serviced by Company A Support

These relationships are key. When a PLC goes down, the CMDB system says: this affects Line 1, which is fulfilling a specific customer order - so the ticket gets P0 priority straight away. We cover how to integrate the CMDB with production processes in our article on ITSM for a manufacturing plant.

ManageEngine ServiceDesk Plus: CMDB for manufacturing

Custom asset types

ManageEngine ServiceDesk Plus Enterprise lets you define your own CI categories with any fields you need. For every type of PLC, robot or controller you can define specific attributes. Instead of forcing a PLC into the "Computer" category, you create a "PLC" category with fields for supply voltage, firmware version, communication protocol.

Automatic IT inventory + manual OT inventory

SDP with a Discovery Agent scans the IT network and automatically imports network devices (switches, routers, servers). For OT you use:

• CSV import: prepare a spreadsheet with OT device data (from technical documentation), import into SDP
• QR codes: print QR codes from SDP, stick them on devices, technicians scan and fill in the missing data
• Mobile app: technicians on the shop floor with a tablet/phone update the CMDB on-the-fly

Integration with Change Management

When technicians make a change (firmware swap, device relocation), the change goes through Change Management. After approval the CMDB updates automatically. Change history for every CI is available.

Impact Analysis: outage impact analysis

The most important CMDB feature in manufacturing. When an MES server outage is reported, SDP immediately says: this server serves Lines 1, 2 and 3, so it stops production on all three lines. That translates into P0 priority and immediate escalation.

CMDB deployment step by step

1. Defining scope (what goes into the CMDB?)

Decide what you want to track. Options:

• Minimal: only IT elements (servers, laptops, switches), fast rollout, but no OT visibility
• IT + critical OT: full IT infrastructure + OT devices on production lines (PLCs, HMIs, machines), recommended
• Full: everything (IT + OT + licenses + vendors + service contracts), comprehensive, requires more work

2. Asset classification and CI type definitions

Walk the plant, identify device categories, define your own fields for each category in SDP. Example manufacturing categories:

• Server (IT)
• Workstation (IT)
• Network (IT)
• PLC (OT)
• HMI Panel (OT)
• CNC/Robot (OT)
• Sensor (OT)
• License (IT)
• Service Contract (Business)

3. Collecting asset data

For IT the Discovery Agent does it for you. For OT:

• Collect electrical schematics and technical documentation
• Walk the shop floor with photos and notes
• Prepare a CSV spreadsheet with basic data
• Import into SDP

4. Building relationships between assets

Once CIs are imported, define relationships. E.g.:

• Router X (IT) serves PLC A (OT)
• PLC A (OT) controls Line 1 (Production Line)
• Zebra printer (OT) connected to Line 1
• AutoCAD license (IT) assigned to Workstation #5

5. Impact Map definition

Build an impact map: if this element fails, what happens? E.g.:

• Router outage → no MES-PLC communication → Lines 1, 2, 3 stop → P0 priority
• Label printer outage → Line 1 does not print labels but keeps producing → P1 priority

6. Training and deployment

Train IT and Maintenance technicians:

• How to find a device in the CMDB
• How to update data on the shop floor (mobile app)
• How to use Impact Analysis during incidents

7. Maintenance and updates (never ends)

A CMDB is a living system. It requires a maintenance process:

• After every device replacement: update
• After every change: update in the CMDB
• Who is responsible? (CMDB data owner)
• How often is the audit? (Once a quarter: shop floor verification)

Measurable CMDB benefits in manufacturing

Impact: downtime reduction

When a technician gets a "Router A not responding" alert, the CMDB immediately says: this affects Lines 1-3, so it stops production on several lines simultaneously. P0 priority, escalation to the IT manager. Instead of waiting for someone to notice, the team acts immediately. Impact Analysis clearly shortens reaction time - because information about the scale of the outage is available right away, not after calling around to figure it out.

Compliance: documentation for audits

The NIS2 auditor asks: show all OT devices in your network. With the CMDB: 50 devices, export table, each with last review date, firmware version, service contact. Without the CMDB: six months of administrative work, and even then it will not be complete.

Repair history: a tool for improvement

After a year of CMDB operation the database answers the questions: which machine generates the most incidents? What is the average MTTR for each hardware category? Which faults recur? That is a real basis for board-level conversations about replacing the aging machine park. AI in ITSM can additionally automate categorization of these incidents and suggest corrective actions.

Typical mistakes when deploying a CMDB

1. Scope too broad at the start

Trying to push 500 assets into the CMDB in a week. Result: dirty data, half the information wrong, no one uses it. Instead: start with 50 assets, pilot for a month, then expand.

2. No clear data owner

Who is responsible for keeping the CMDB current? IT manager? Maintenance? If nobody, the data ages in 2 weeks. You need a formal data owner, update SLA, change process.

3. CMDB as a one-off project

The thinking: "we will deploy the CMDB, it will be done, end of story". In reality the CMDB is alive - it requires constant upkeep. Every infrastructure change = a change in the CMDB. Without that process = a dead database in 3 months.

4. Ignoring OT hardware

Focusing on IT (laptops, servers), ignoring OT. The result is a CMDB that describes half the plant infrastructure. For manufacturing that half is OT.

5. No Change Management integration

A CMDB as a "read-only" database that nobody updates, because there is no process. Critical: every infrastructure change → request in Change Management → after approval → CMDB update.

CMDB implementation for manufacturing with Rotech Group

Rotech Group has experience deploying CMDBs in manufacturing plants in metalworking, food, automotive and electronics. We know what shop floor technicians ask, what data is available in documentation, and how to integrate the CMDB with existing MES and ERP systems.

Our CMDB implementations always include:

• Infrastructure mapping workshop: identifying every CI, categorization, relationships
• SDP CI type configuration tailored to the specifics of the plant
• Data import: IT via Discovery Agent, OT manually + CSV + QR codes
• Impact Map for critical alerts
• Integration with Change Management and Incident Management
• IT and Maintenance technician training (mobile app, QR scanning, CMDB use in practice)
• Definition of the maintenance process: who, when, how updates the CMDB
• KPI reporting for management (number of CIs, coverage, compliance metrics)

Typical implementation time: 6-10 weeks for a medium-sized factory (100-300 assets), including 2-3 weeks of pilot (one production line, basic configuration). If you currently manage IT assets in a spreadsheet, also read our guide CMDB instead of Excel; we cover the signals that it is time to switch and how to migrate data quickly.