Building a Multi-Product CMDB for Classified Software Delivery

A government research program operated multiple software products deployed to military installations across classified and unclassified networks.

The schema

I designed and managed the configuration management database that tracked the full delivery lifecycle. The schema was product-centric: each product got its own branch in the type hierarchy, so queries for one product never returned noise from another. Deployment Sites tracked per-product state at each customer location: version, support team, feature configuration, and upgrade schedule.

Media distribution

The hardest part was media distribution. Software delivery to air-gapped sites meant encrypted media with chain-of-custody documentation. I built the tracking for the full lifecycle: media preparation, encryption, shipment, receipt confirmation, installation, and verification. Distribution logs recorded who requested the media, who prepared it, how it was shipped, who received it, and who verified the installation.

Seven iterations

The schema evolved through seven iterations, each forced by a real operational problem. Flat tags broke when products had incompatible component types. Single deployment records broke when the same customer ran multiple products. Requirements traceability was added when auditors demanded proof that every allocated requirement was implemented. Baselines were added when someone asked what the approved configuration looked like six months ago and nobody could answer without two days of archaeology.

This work became the foundation for CMDB-Kit, the open-source product-delivery CMDB schema.