Some Pros and Cons about implementing Configuration Management
In order to discuss the Pros and Cons of anything, you must first establish and agree upon the Goals. This will ensure that everyone is on the same page and seeking the same results. It is also important to cover, at a high level, the major activities that should be performed.
This document will cover both these areas very briefly as this is not intended to be an in-depth educational piece on the topic but instead seeks to highlight some of the benefits and challenges of implementing configuration management.
Firstly, it is important to understand that there is a difference between a CMDB project and a configuration management effort. CMDB projects are technology driven exercises to implement a repository to capture asset and inventory data. A configuration management effort, on the other hand, is a business value driven effort that employs a governance process around the operational area, and has a tool, the CMDB, to support its mission.
Without the governance process, the CMDB is just another database. An additional item to note is that there are various audit-type activities embedded in the overarching process. In organizations with low levels of process maturity, audits will become far more important. They will need to be more extensive in their vigilance and executed far more frequently than in an organization with higher levels of maturity. As maturity increases, the audits can decrease in their intensity.
When neither high levels of maturity, nor the desire to perform and follow through on audits exist, broad scale failure should be expected. Under these conditions, efforts to implement configuration management should be reconsidered due to the likelihood that these will fail. This will simply waste resources time and the organization’s money because value will not be realized.
What would we do without it?
Without Configuration Management in place, it is virtually impossible to fully comprehend the impact of changes to an environment. It is also difficult to have any insight into how discrete devices contribute to the delivery of business services, without massive resources being exerted for every event.
It goes without saying that determining causes of incidents, restoring outages and improving mean time to repair (MTTR) is an uphill battle that is unlikely to ever show any significant gains without configuration management in place. Some of the major deficiencies within companies/agencies without configuration management are:
- Difficulty and high cost of determining the actual cost of services being delivered
- Extended outage durations and high cost of outages due to lack of readily available actionable data to the service desk
- Inability to accurately determine the impact of change requests on the full enterprise. Only discrete item impact is possible without configuration management
- Inability to determine which modifications to infrastructure were authorized. No other service management process areas actively validate changes on an audit basis
- Security weaknesses and vulnerabilities can go undetected for extended periods due to unauthorized changes
The major goals of Configuration Management are:
- The knowledge of all IT assets and their relationships amongst themselves and, more importantly, how they work collectively to deliver business services
- Aggregation and validation of configuration item information including documentation, in order to support and enable other service management processes
- Establishing a foundational basis of accurate and readily available information to support effective and efficient decision making activities within incident management, problem management, change management and release management
- Audit and control of configuration records to ensure they match the live infrastructure and set in motion corrective actions should discrepancies be identified
The major groups of activity are below. For more detail on any particular area, it is suggested that you read the ITIL® documentation for a thorough description and purpose of each.
- Configuration management planning
- Configuration identification
- Control of CIs
- Configuration status accounting
- Configuration verification and audit
Benefits of Configuration Management
Ultimately, the reason why IT organizations exist is to deliver or enable the delivery of high quality, cost effective business services. Configuration management is a foundational component in this objective.
Below are ten business drivers/expected results that a successfully implemented configuration management effort will enable. These are not listed in any particular order and are all intended to help with the delivery of better quality services to the end consumer, at a lower cost to business owners.
- Identify software release levels for event handling
- Identify software release levels for event prevention
- Reduce the impact of software changes (proactive change impact assessment)
- Reduce downstream/upstream impact ( hardware and software )
- Improve relationship identification between change, incident and problem management
- Improve communication between units via a common aggregated view into shared data repositories
- Improve software/hardware ownership knowledge and reliability
- Proactively identify high risk failure points
- Execute documentation management solutions for operational systems
- Better understand change windows without the need to research each from scratch
Challenges of Configuration Management
As with any effort, there will be challenges. In some cases these challenges are viewed as negatives for the implementation because of the effort required to achieve it. In other cases, individuals see the configuration management effort as negative because of the impact it may have on them personally, or on their group/department. Groups that are poorly run, or are ineffective and/or inefficient will be exposed, to some degree, by a configuration management effort because of the data sharing and validations that will be required across departments.
Below are eight areas that might be viewed as challenges (not listed in any particular order)
- Process integration with change/incident/problem management is imperative for checks and balances of data
- Building on top of an established and reliable asset and inventory management process is required to ensure quality data for input and update of CI data
- There is no one tool that is capable of delivering full functionality from the logical layer (business model) all the way to physical layer (data center infrastructure) for every CI type across the entire enterprise. Multiple tools will be necessary and their proper integration is vital
- Desktop connectivity/relationship with production applications is a considerably larger scoped effort that requires broader audience participation
- The integration effort is not a simple ‘install tool and run’ type of effort. Initial design will need to be revisited regularly for expansion and contraction of scope and business needs
- Implementation of the other core ITSM processes must be woven into the configuration management solution where data exchanges/process handoffs are required
- Lack of a configuration management team and tool(s), and confusion as to proper usage of terminology
- Ongoing organizational transformation efforts create unstable work environment for process managers
Meet Carlos at itSMF Norway’s Service Management with Superheroes of the World in April 2016
ITIL® is a registered trade mark of AXELOS Limited. All rights reserved.
A configuration management effort, is a business value driven effort that employs a governance process around the operational area, and has a tool, the CMDB, to support its mission. Without Configuration Management in place, it is virtually impossible to fully comprehend the impact of changes to an environment. It is also difficult to have any insight into how discrete devices contribute to the delivery of business services, without massive resources being exerted for every event.The major goals of Configuration Management are: The knowledge of all IT assets and their relationships amongst themselves and, more importantly, how they work collectively to deliver business services, Aggregation and validation of configuration item information including documentation, in order to support and enable other service management processes, Establishing a foundational basis of accurate and readily available information to support effective and efficient decision making activities within incident management, problem management, change management and release management, Audit and control of configuration records to ensure they match the live infrastructure and set in motion corrective actions should discrepancies be identified.
Latest posts by Carlos Casanova (see all)
- Is Blockchain the Missing Link in Securing Internet of Things? - February 21, 2019
- Understanding the Active Cyber Defense Certainty Act – Should Companies Be Allowed to “Hack Back”? - December 7, 2018
- Cybersecurity – We Still Have a Long Way to Go! - July 24, 2018