Without its IT infrastructure a modern organisation will find if difficult if not impossible to conduct its day-to-day business operations. This IT infrastructure consists not only of servers, networks, PCs and software but also related documentation. It is vital that this information is easily available and kept up-to-date as it is the foundation to many IT Service Management disciplines.
ITIL Configuration Management manages the identification, recording, and reporting of IT infrastructure components, including their versions, constituent components and relationships. It is not the same as Asset Management which is a recognised accountancy process that includes depreciation accounting. Configuration Management maintains relationships between assets so that it is possible, say, to identify which users use which service and which service uses which server. This is key to effective impact analysis (for Change and Incident Management, for example). Many organisations already have a form of Asset Management and this is often part of the base data with which to start Configuration Management.
Implementing ITIL Configuration Management ensures that the right level of detail of the IT infrastructure is captured, maintained and is made accessible to authorised personnel. The information includes the present state or version of each component so that replacements or upgrades are easier to control. The key tool that is needed is a repository to store and maintain the information and provide access to those personnel that need it for their work. This is usually called the Configuration Management Database (CMDB). Each component record within the CMDB is called a Configuration Item (CI).
The main activities of ITIL Configuration Management are as follows:
This activity plans and defines Configuration Management's purpose, scope, objectives, policies and procedures with the relevant organisational and technical considerations. It is important to get the right level of detail (too detailed makes it complex and expensive to administer, too little provides little value). It is important to devote sufficient time to this stage as corrections further down the road will be more costly to 'retro-fit'. Defining a data model is key, this will enable the organisation to determine to which level of CI needs to recorded and subsequently managed. If the level is too low, control will be time consuming and adding little value.
This is also the time to evaluate the tools needed to support the function so this is where the CMDB and associated tools should be chosen (once the requirements are understood). Other tools that are associated include those that 'discover' infrastructure components on the organisation's network(s). These are vital in maintaining information about CIs as otherwise a manual approach would be needed and this can be error-prone and expensive. Unfortunately these tools cannot be used automatically for non-networked equipment and so different procedures will need to be considered for this.
As IT becomes more pervasive all sorts of 'non-standard' devices may be considered as part of the IT infrastructure (including PDAs, smart watches, wireless network access points, medical scanners and industrial robots).
This activity selects and identifies the configuration structures for all infrastructure CIs, including their owners, their interrelationships and configuration documentation. It should also include setting up an identification scheme for all items, allocating identifiers and version numbers to CIs, labelling each physical item and recording details in the CMDB.
This activity ensures that only authorised and identifiable CIs are accepted and recorded in the CMDB and that these are managed for their entire lifecycle from receipt to disposal. It ensures that no CI is added, modified, replaced or removed without appropriate controlling documentation (an approved Change Request and updated specification, where appropriate).
This activity provides reporting capabilities for all current and historical data for each CI throughout its lifecycle. This enables changes to CIs and their records to be tracked from 'ordered' through to 'end-of-life'.
Verification and Audit
This activity ensures that reviews and audits to verify the physical existence of CIs are conducted at appropriate intervals. It also ensures that details of these are checked in the CMDB and that corrective measure are triggered should there be missing, out-of-date or erroneous information held therein. An initial audit should be done soon after the first introduction of ITIL Configuration Management. Thereafter audits should be conducted at random and at a frequency based on results (many exceptions, more frequent).
The Configuration Manager will need to assess efficiency and effectiveness of Configuration Management on a regular basis. This should include checks to ensure that all changes to the IT Infrastructure have been properly authorised and details recorded correctly and in a timely manner in the CMDB.
Benefits of ITIL Configuration Management
The main benefits of itil Configuration Management are:
- It provides accurate information on all CIs and their documentation and this supports all other ITIL Service Management processes (especially Change, Incident, Problem, Capacity and IT Service Continuity Management.
- It enables control of valuable CIs. This allows, for example, a server to be replaced in a timely manner should it fail, have been vandalised or stolen. It facilitates adherence to legal obligations so that, for example illegal copies of software can easily be identified for removal or for being made legal (by paying the licence fee or updating licensing agreements).
- It assists with financial and expenditure planning.
- It should be easy to produce a list of expected maintenance costs and licence fees, maintenance contracts, licence renewal dates and CI life expiry dates so that expenditure on these items can be incorporated into IT and business plans during the planning cycles.
- It enables the visibility of software changes. IT management can analyse, for example, the changes that may be needed for data protection, licence management and regulatory compliance and what the impacts of these may be in terms of cost and (possible) disruption to services.
- It contributes to IT Service Continuity planning. The CMDB and Definitive Software Library (DSL) facilitate the restoration of IT services in the event of a disaster, by identifying the required CIs and, if they are software, where definitive versions are stored.
- It supports ITIL release management by providing information to assist roll-out as details of the CIs being released and their relationships to a Release are held within the CMDB.
- It improves security by controlling the versions of CIs in use, which makes it more difficult for these to be changed accidentally, maliciously, or for incorrect versions to be added.
- It enables the organisation to reduce the use of unauthorised software. Unauthorised software increases complexity and support costs so there is an opportunity to reduce both. It allows the organisation to perform impact analysis and schedule changes more effectively and efficiently. This reduces the risk of changes adversely impacting the production environment.
- It provides ITIL Problem Management with data on incident and problem trends. This allows Problem Management to work in its proactive mode and reduce/eliminate recurring incidents and prevent new ones occurring in the first place.
- It improves the productivity of personnel who need information about CIs as all of this is held in the CMDB and, with Configuration Management working effectively, this should be complete and accurate.
The main costs of ITIL Configuration Management are:
- Setting up the function
- Staff, training and accommodation
- Additional hardware for CMDB, DSL, other packages and for Configuration Management personnel
- Tools including CMDB, DSL, discovery and reporting packages. This may include tailoring these to suit processes and organisational needs
- Regular audits and reviews and associated improvement projects
Amongst the potential problems are:
- CIs are defined at the wrong level with too much detail (generating extra work) or too little detail (inadequate control).
o Configuration Management is implemented without having done thorough enough analysis and design. The result is that it cannot achieve its objective without going through the analysis and design properly thus increasing costs and delaying the function.
- Configuration Management may be perceived as a bottleneck if sufficient time is not allowed for when scheduling changes and releases.
o Where possible use past experience of the time taken to complete Configuration Management activities and factor this in otherwise ensure some time for these in the project plans and review in light of experience.
- Commitment to ITIL Configuration Management is lacking.
o Without such commitment to the processes from IT management it will be difficult to introduce the discipline that some staff would want to avoid. Use examples of the impact of poor Change and ITIL Configuration Management in your organisation to convince these managers of the need for better control.
- Configuration Management is perceived to be too bureaucratic, too rigorous or too complex.
o Individuals and groups may use this as an excuse for not following the process.
- Configuration Management is routinely circumvented.
o Some people will try to circumvent to save time, hassle or with malicious intent. Attempts should be made to overcome this problem by making such people aware of the benefits of Configuration Management. Again this will need the commitment of management to overcome and this could take time to resolve satisfactorily Configuration Management processes are inefficient and error-prone. This is often the case where manual processes are in use. In almost all cases it is advisable to choose an automated solution from the outset.
- Expectations of what Configuration Management tools can do are unrealistic.
o Configuration Management tools may be expected to deliver a total solution but these are blamed for poor process or people performance. In reality the tools are not a substitute for Configuration Management. Problems can occur when Configuration Management tools do not allow for new requirements or do not support all types of CI. Again this should have been dealt with at an early stage and tools chosen carefully with a view that they would need to be flexible and be capable of interfacing with tools for other ITIL Service Management disciplines Configuration Management is implemented in isolation without considering the needs of ITIL Change Management and ITIL Release Management. It will be much less effective and all the expected benefits may not be realised.
- Expectations of what ITIL Configuration Management can do are unrealistic.
o It cannot be expected to make up for poor project management or poor acceptance testing. Inadequately managed installations and test environments will affect the quality of releases and result in additional incidents, problems and changes, which will in turn require additional resources. These need to be addressed by the Release, Application and Test Management disciplines.
- Holistic configuration control is not in place.
o Customers or users have the ability to purchase, download and install software from the Internet or to purchase equipment without involving the IT department. This needs to be rectified to gain the benefits of Configuration Management and the other ITIL Service Management disciplines it supports.