Everything changes: the seasons, jobs, fashion, relationships and yes, Information Technology (IT). Changes to IT happen far quicker than most of us would like. Just like the weather changes our external environment, a simple change to an IT infrastructure greatly impacts servers, applications and business processes. Most businesses today rely on sever-based computing to deliver new applications and services to employees, customers and business partners. The dynamic nature of sever-based computing dictates that code, configurations, and content change on a frequent basis. The infrastructure of today’s IT networks is growing more and more complex. This increased change and complexity adds more risk which must be managed. Configuration Management helps to minimize that risk.
Configuration Management is just one component of a broader organizational policy known as “Change Management”. Change Management can be defined as “the making of changes in a planned and managed or systematic fashion”. The goal of a Change Management policy within an organization is to effectively implement new methods and systems into the organization without disrupting the business processes. Perhaps the most familiar component of Change Management is the Systems Development Life Cycle (SDLC).
SDLC focuses mostly on change and version control as it applies to information system software and applications. It is used when enhancements or major changes need to be made to the code of software applications. However, configuration changes can be made to software which does not involve changing the code, such as changing the settings within a configuration file used by the application. These types of software changes are part of configuration management. Configuration Management is the detailed recording and updating of information that describes an enterprise's computer systems and networks, including all hardware and software components. Types of Component Items (CI) include, but are not limited to:
In today’s complex computer networks, all these components can and usually will have a dependency on another CI and that CI’s configuration. The interdependencies between IT components are critical. Because of the reliance one component can have on another, a simple change to one application can have a negative impact on another. Because of these interdependencies, changes in the IT production environment are a leading cause of system downtime. In addition to downtime, changes can lead to security exposures and a decrease in the quality of service that can result in lost customers and revenue. In order to maximize performance and availability and to minimize security risks, enterprises need to efficiently manage changes within their IT infrastructures.
How does an organization prepare for change? Start by establishing a baseline for the IT environment. An organization needs to know how its computing environment is configured presently before an effective on-going configuration management can take place. Next, create a framework for tracking changes across:
Finally, provide a long-term strategy for managing change.
Data collected for configuration management provides a foundation for change management processes. Each component within the IT infrastructure (e.g. hardware, software, documentation, etc), can be referred to as a Configuration Item (CI). Examples of information that should be collected for each CI include:
In addition, another very important piece that needs to be captured is how each CI is related to others. For example; what protocol and port does an application use to communicate with a backend database? How should a router or firewall be configured to properly establish a VPN connection with a customer or business partner? This information, when kept up to date and available will greatly support and enhance other areas of management and administration, such as:
For small, less complex infrastructures, Configuration Management can be handled manually. Using spreadsheets or simple databases, information about each CI could be maintained and periodically reviewed and updated. For large and complex infrastructures, Configuration Management will operate more effectively when supported by a software tool that is capable of maintaining a Configuration Management Database (CMDB) by automatically gathering the configuration and settings of components (hardware and software) within the enterprise. Whether the organization uses a manual spreadsheet or an automated software tool to maintain its CMDB, it should contain details about the attributes and history of each (CI) and details of the important relationships between CIs.
The information in the CMDB should be consulted and reviewed prior to any change to the computing environment. This would include simple changes to a server’s configuration to a large scale implementation of a new enterprise application. Finally, no configuration change should be allowed to the computing environment without authorization from the Change Management team which ideally consists of members of management throughout the enterprise.
In conclusion, as a result of sound Configuration and Change Management policies, an organization can expect:
Please contact a Berry Dunn consultant with any questions or comments about this article at (207) 775-2387, or info@bdmp.com.