I won’t go into the genesis of this, because I’ve regurgitated the regurgitated regurgitation so many times it make me regurgitate regurgitated regurgitation again. While I’ve blogged and tweeted about the challenges of establishing and maintaining an accurate IT asset inventory, I’ve only “sort of” provided some recommendations on digging yourself out of inventory hell.
NOTE: This subject is scale-dependent. In other words, the more crap you have to manage, the greater the margin of error. Small shops often can’t grasp how a bigger environment can simply “lose things”, but anyone who’s worked in a large environment knows this all too well.
I’ve spent way too many years dealing with this from various angles. Usually splitting time about 80/20 percent, whereby 80% is spent on the technical side and 20% on the dealing with idiotic managerial refusal to accept reality. (I actually had one CTO yell across a room that it was “impossible” that AD, Solarwinds and SCCM did not agree on inventory numbers, and that the products were broken). It’s not even my official role, and never has been, but I seem to get pulled into it every time.
In a Nutshell
I have to regurgitate one more time, sorry… What this is really about is reconciling fact with fiction, and filling in the vacuous gaps with SWAGs (that’s Scientific Wild-Ass Guesses).
Before you huff and puff and scoff and laugh and point, saying things like “is he nuts?!! My inventory is 100% accurate!” – bullshit. Walmart, and Amazon, two of the biggest names associated with this thing we call “inventory” would not claim to have “100% accurate inventory”. Your friendly neighborhood US Department of Defense has never (I repeat: NEVER) had a 100% accurate inventory of their assets either. I’m guessing if these brave souls can’t reach that summit, that your business is probably not able to either.
The problem stems from trying to weave together the various realms of evidence that a device or entity is associated with. I’ve said this before: Humans have birth certificates, driver’s licenses, voter registration cards, social security cards, tax records, insurance cards, credit cards, and eventually: death certificates. All of these are conduits to a vector that establishes “existence” in some respect. Usually, they add a layer of “purpose” or “intent” as well. But think of how difficult it can be to trace down someone when those pieces of evidence don’t align well. The same holds true with IT assets.
Active Directory account objects. Audit logs. Purchase records. Warranty records. Repair records. Assignment records. Disposal records. Financial records. Inventory records (Configuration Manager). and On and On and On… All combine to prove a device was obtained, configured, put to use, and (eventually) disposed of.
Each of these has limits it cannot overcome. Note the word “cannot”. If you read through the previous paragraph, stop on each phrase and think to yourself “how could a device slip through this crack?” I’m sure you can think of at least one, if not many.
Light at the End of each Tunnel
For each bucket of inventory history, there are things you can address to mitigate inaccuracies. But the biggest step any organization can take isn’t in the technical side. It’s the people side.
- Assign a Job Role for monitoring inventory data
- Make it a team, not a single person
- Establish a structure for recommending process improvements
- Follow up on recommended improvements
Audit, Audit, Audit. Then audit again. Don’t do it like someone who knows the environment either. That’s a big mistake. Sniff around like you’re coming from an evil government agency, looking for a reason to haul someone off to jail. That’s when you’ll actually dig deep enough to find problems. Just be careful not to let this mindset go too far (don’t actually abuse anyone). If users operate in fear they won’t cooperate as well as if they are infused with the belief that they’re helping a bigger cause.
As for the technical side of the challenge, I always recommend checking, tightening and re-checking the following things on a frequent basis:
- DNS scavenging
- DHCP / DNS configurations
- Purchase records matched with Disposal records
- AD clean up (a must!!!)
- Define a simple and consistent asset lifecycle process
- Do not (ever) permit reuse of assets after they’ve been recorded for disposal
- Adjust SCCM discovery settings, client inventory settings, site maintenance
- Eliminate redundant asset tracking (duplicate records in different systems, etc.)
- Always: Confer with your legal counsel over what items can and should be classified as depreciable assets, consumables, etc. as it pertains to licensing, tax implications and so on.
I still run into this all the time. It’s 2016 now, and yet, since the 1990’s it hasn’t improved much overall. The tools are better. The processes are better defined, at least on the face. But the biggest problem stems from the misunderstanding about the limitations of the tools with regards to the real environments (multiple/plural). Most companies form their views and processes from limited exposure. The process writers rarely leave the corporate headquarters, particularly in businesses where the remote locations are “messy”, to put it mildly. Without direct immersion into the messiest parts of your business, you can’t gather enough to make a dent. It’s just par for the course (and I have never played golf).
That’s a decent starting point anyway.