IT organizations must implement a comprehensive, IT-wide configuration management strategy. Configuration management enables visibility for auditability, ensures configuration consistency for compliance and intersects with other management disciplines.
Table of Contents
Because configuration management provides a foundation for other management disciplines (such as problem, asset and change management), its value and relative importance has become more central to the maturity of other management disciplines. The Research Notes in this Spotlight issue address the key drivers behind the expansion of configuration management:
Audit readiness and compliance
Configuration Management's Expanding Role
The term "configuration management" frequently refers to the tasks associated with discovering and managing the state of an element of an IT infrastructure. The term is not new and has acquired many connotations:
To a network administrator, configuration elements include routers, switches, telecommunications pipes and the overall fabric of the network topology.
To a desktop administrator, configuration management begins with the deployment of a new PC and lasts throughout its life cycle, including inventorying, updating software and settings, patching and monitoring application usage.
All administrators have some responsibility for configuration management, because the inherent definition of the term can be applied to all elements of an IT infrastructure (including servers, storage, databases, applications and network devices). Consequently, IT organizations face a new challenge: They must be able to tie together all of these elements to provide better service management to the business and a more cohesive view for IT. This responsibility has elevated the need for IT organizations to implement a comprehensive, IT-wide configuration management strategy. Under this strategy, devices and processes will be consolidated, further blurring organizational silos. As IT service management is transformed, configuration management will play an increasingly pivotal role, partly because of its ability to discover and maintain individual systems and software for daily needs. In addition, configuration management enables companies to make better more-predictable changes (so they know the impact of changes because they are making them with a better understanding of the outcome) to their infrastructure to ensure compliance and availability.
Configuration Management Defined
The heightened awareness around configuration has led to some confusion regarding where it begins and ends. Many companies confuse configuration and change management. Others rely on industry definitions — such as those offered by the IT Infrastructure Library (ITIL) and Control Objectives for Information and Related Technology (CobiT) — or vendor interpretations that map mostly (or solely) to the vendor's solution. Companies seeking to understand configuration management and what it entails are challenged to sort through all of the jargon and the "marketecture." "Optimize Change and Configuration Management With People, Processes and Tools" discusses the compelling need for both disciplines and offers practical definitions for each process, as well as the associated roles that will be required and how the tools will map to the processes.
As the number and frequency of changes to configurations increase, it becomes impossible to maintain the efficiency and repeatability of every change using the approaches that worked previously. While many tools can monitor the performance and availability of servers, server management tools that provide provisioning and configuration also:
Offer mechanisms to define standard system and application configurations
Effectively provision new systems to meet the changing needs of a business
Ensure pre-defined systems by enabling expedient remedy of outages when they occur
"Server Provisioning and Configuration Management Vendors Differ in Functional Focus" can help companies understand which vendors address functional requirements for specific short-term needs and which can address the full server configuration life cycle. "Choosing the Right Tools for Server Provisioning and Configuration Management" focuses on the specific functional requirements that IT organizations have begun to address with automated server provisioning and configuration tools.
Desktop configuration management arose partly because of the need to reduce the expense of human intervention. Now, however, it is also required to ensure predictability, so that users have systems that enable them to be productive and avoid being self-destructive. While the technical requirements for managing desktop configurations may not have changed, the environment has. Mobile users and access to the Internet present further complexity for IT organizations to address with configuration management. "Desktop Management Best Practices Focus on Policy, Process and People" outlines the basic and yet critical ingredients needed for successful desktop management.
Audit Readiness and Compliance
Server provisioning and configuration management tools can reduce risk by supporting audits and compliance. IT data centers are under scrutiny from various auditing perspectives. Some data centers have focused on meeting external regulatory guidelines; others are concentrating on improving the rigor with which changes occur to ensure configuration consistency. While most IT organizations have mature processes for making configuration changes across their infrastructure, these processes are often manual or passed on by word of mouth — making it difficult to track the details surrounding modification. "Establish Procedures to Enforce Change Management Compliance" discusses the opportunities and challenges of enforcing change processes as a mechanism for IT organizations to ensure appropriate process workflow for managing configuration activity. "Effective Regulatory Compliance Requires IT Configuration Management" looks at the other side of activity of configuration as it applies to data centers that must adhere to regulatory requirements. We recommend server configuration automation as an effective way to ensure accurate configuration control. "Server Provisioning and Configuration Management Tools Can Support Audit and Compliance to Reduce Risk" offers a step-by-step approach to using server provisioning and configuration management tools to achieve a baseline, which will enable enterprises to avoid "drift" and prepare for audits. "Manufacturer Meets Security Configuration Compliance Challenge With Automation" is a case study that describes how a manufacturing company met the challenge of ensuring worldwide compliance of cross-platform data centers. The company managed this through a successful project to automate audits from one central location, with a focus on security and configuration through policy enforcement.
As IT transforms itself into a service provider, it has gradually assembled islands of infrastructure domains, which offer views that represent business services. Having built these views, IT now must rely on new tools that enable a better understanding of the impact of change. The tools must also provide a more-efficient means of determining root-cause analysis. Many companies are still in the early stage of this process, assessing or re-assessing their internal processes for problem, change and configuration management. Some companies have already established mature processes and are looking for ways to tie the views into other management disciplines. "Functional Requirements of IT Service Desk Tools Are Shifting" discusses how the IT service desk is moving from problem and incident management into a broader set of requirements for IT service management, such as asset, and change. Organizational barriers still represent the most important challenge to attaining greater operational efficiency through expansion of the IT service desk's role. Yet the need for a broader view is becoming increasingly important as IT asset management (ITAM) responsibility shifts to the IT infrastructure. Because of this shift, ITAM vendors are adding the capability to view an in-depth data store, such as the configuration management database (CMDB), in a manner that is not only financially and contractually focused, but also enables the IT organization to monitor the real-time use of infrastructure components.
A common thread in the move to a service management strategy is assimilating all of the components into a common view showing dependencies (which can be peer-to-peer or hierarchical). "Configuration Management Database Projects Require Comprehensive Planning" explores the trend by which IT organizations have begun to investigate CMDBs; the IT organizations face the significant hurdle of designing the CMDB and anticipating how the industry will evolve. Our clients are telling us about other drivers for the plethora of CMDB initiatives. "Benefits Drive Demand for Configuration Management Databases" discusses five additional drivers for CMDBs. Because no standards exist for CMDBs, each vendor offers its own proprietary architecture. This Research Note also offers candid answers to frequently asked questions regarding CMDBs: how many, application development's role, Data Center Markup Language (DCML) and CMDB models, and ITIL certification. "Visualization and Interoperability Drive Rapid Evolution of CMDB Information Models" presents a technical assessment of various approaches to CMDB models.