Blast Radius Simulator

Last Updated: January 6, 2026 Estimated Reading Time: 5 minutes

Overview

The Blast Radius Simulator shows what would be impacted if a CI fails or changes. Essential for change management, risk assessment, and incident planning.

How It Works

  1. Select source CI - Choose the CI to simulate (e.g., database server)
  2. Set simulation depth - How many relationship levels to traverse (1-10)
  3. Choose direction - Upstream, downstream, or both
  4. Run simulation - AI traverses relationships with criticality weighting
  5. Review results - See all impacted CIs and business services

Configuration Options

Source CI

Select from dropdown or search:

  • Type CI name to filter
  • Shows CI class and environment
  • Only production CIs recommended for change assessment

Simulation Depth

Levels 1-10: How far to traverse relationships

| Depth | Use Case | |-------|----------| | 1-2 | Direct dependencies only | | 3-5 | Recommended for most cases | | 6-8 | Deep analysis, large blast radius | | 9-10 | Comprehensive (may be slow) |

Start with depth 3-5. Increase only if you need more comprehensive analysis.

Direction

Downstream (Default)

  • What depends on this CI?
  • "If this CI fails, what breaks?"
  • Most common for change impact

Upstream

  • What does this CI depend on?
  • "What could cause this CI to fail?"
  • Useful for incident analysis

Both

  • Complete impact picture
  • Takes longer to calculate
  • Most comprehensive

Results

Impact Summary

  • Total CIs impacted: Count of all CIs in blast radius
  • Critical services: Business-critical services at risk
  • High impact CIs: Count by criticality level
  • Risk score: 0-100 score based on criticality weighting

Impacted CIs List

Table showing all affected CIs:

  • CI name and class
  • Relationship path (how connected)
  • Criticality level (Critical/High/Medium/Low)
  • Business services impacted
  • Health score

Visualization

Graph view showing:

  • Source CI (highlighted)
  • All impacted CIs
  • Relationship paths
  • Color-coded by criticality

Business Services

List of business services in blast radius:

  • Service name
  • Number of CIs in path
  • Criticality level
  • Service owner

Using Simulations

For Change Management

Before CAB (Change Advisory Board):

  1. Run simulation on target CI
  2. Export results to PDF
  3. Attach to change request
  4. Present risk score to CAB

Questions to ask:

  • How many critical services impacted?
  • Can we schedule during maintenance window?
  • What's the rollback plan?

For Incident Response

During Major Incident:

  1. Identify failed CI
  2. Run upstream simulation
  3. Find root cause in dependency chain
  4. Run downstream to assess total impact

For Risk Assessment

Quarterly Risk Reviews:

  1. Simulate failure of critical infrastructure
  2. Document blast radius
  3. Plan mitigation strategies
  4. Update disaster recovery plans

Simulation History

View past simulations:

  • Date and time run
  • Source CI
  • Configuration used
  • Results summary
  • Rerun - Execute again with same config
  • Compare - Compare with current results

Simulations are saved automatically. Use history to track how blast radius changes as you improve your CMDB.

Weighting & Criticality

cmdbx uses intelligent weighting:

Relationship Weights

  • Contains (1.5x) - Strong dependency
  • Runs on (1.5x) - Infrastructure dependency
  • Depends on (1.25x) - Logical dependency
  • Connects to (1.0x) - Network connection
  • Managed by (0.5x) - Weak relationship

CI Criticality

  • Critical - Mission-critical systems (2.0x weight)
  • High - Important systems (1.5x weight)
  • Medium - Standard systems (1.0x weight)
  • Low - Non-essential systems (0.5x weight)

Exporting Results

Export to:

  • PDF - Formatted report for change requests
  • CSV - Impacted CI list for analysis
  • PNG - Graph visualization for presentations

Include:

  • Simulation configuration
  • Impact summary
  • Full CI list
  • Business services affected
  • Recommendations

Best Practices

  • Run simulations before every major change

  • Start with depth 3-5 (not 10)

  • Export results for audit trail

  • Review business services impacted

  • Use in change request documentation

  • Compare before/after CMDB improvements

  • Do not simulate on dev/test CIs for prod changes

  • Do not ignore high-impact results

  • Do not run depth 10 on large CMDBs (slow)

Related Articles