Configuration Management Plan ITIL
by Marisa Vesel, on Oct 22, 2019 11:15:00 AM
Information Technology Infrastructure Library, ITIL, is a set of detailed practices that focuses on aligning IT services with the business needs. ITIL is a set of best-practices that help guide an organization. These best-practices can be customized and adapted as organizations see fit.
Configuration management seeks to establish and maintain consistency of a product’s performance and its functional and physical attributes. Implementing configuration management ITIL into your existing processes will help make audits easier, ensure Configuration Items (CIs) are properly maintained and tracked, and provide your organization with lower incident response times.
What are the Objectives of Configuration Management?
An important aspect of ITIL is Service Asset and Configuration Management (SACM). SACM aims to address the assets used to deliver IT services and track the configurations and relationships between various components of IT services.
There are five key objectives of configuration management:
- Provide accurate configuration information in order to support efficient and effective service management
- Ensure throughout their lifecycle that assets are properly identified, controlled, and cared for
- Maintain the integrity of configuration items and configurations by requiring access permissions to control services
- Conduct end-to-end management of services and configuration items, and document things such as baselines and constituent components
- Document past, present, and future configuration information in an accurate and thorough manner
What are the Components of Configuration Management?
In order to properly manage configurations, organizations need to come up with configuration management plans to ensure effective implementation of processes. There are several basic components to a configuration management plan.
A configuration management database (CMBD) is made up of configuration items and their relationships. When deciding the scope of your management, it is important to determine which configuration item types and which relationships will be tracked.
While the overall concept of scope is simple, there are several criteria to consider.
First, start simple and choose types and relationships that will be maintainable for your organization.
Additionally, consider the cost. Always run a cost/benefit analysis to ensure that you remain within budget and what your management resources can reliably deliver while ensuring quality. The cost is often driven by relationships between items, so it is important to consider up-front and future costs.
Finally, when determining scope, focus on the future value that can be achieved from having accurately managed configurations. For example, consider what projects will be completed in the future and which information will be needed.
When beginning configuration management, information on CIs will come in from a lot of different people. The data will then be compiled, verified, and reconstructed in a CMDB. To maintain visibility and accountability, configuration management should work to create a section of references, listing the data source against the CI information. This allows questions to be pointed to the right source if necessary.
Each service asset or CI is required to have a unique identification in a CMDB. When naming CI, each name should give the following information: type of CI, location, complexity, and other important attributes (determined on a business-to-business basis). Basically, the name of a CI should easily convey information about the item so that anyone who works with the item can easily understand the information about it.
A baseline in a CMDB helps organizations understand and control changes that have been made to configuration items. A baseline is a snapshot of the configuration items within a CMDB. Multiple baselines can be created to track changes that have been made per baseline. This helps to track changes, as all new changes will be reflected in the new baseline.
Before change can be implemented, organizations must define necessary processes to follow before a change happens to minimize risk and keep changes well-documented. This process varies widely from organization to organization, but no matter what, having a clear process is key to reducing risk—and reduced risk is key to delivering an excellent end-user experience. As DevOps continues to grow, your change control process may change to incorporate more people and provide more transparency. Check out this article on integrating DevOps with ITIL.
What are the Benefits of ITIL Configuration Management?
Configuration Management defines, controls, and maintains infrastructure and service components while maintaining accurate records about how they change over time. Effective configuration management has many benefits.
Accommodate Changes and Reduce Incident Time
Incident resolution time is significantly decreased by utilizing a central repository for critical infrastructure data that can be easily accessed by other applications. Additionally, configuration management can accommodate changes by reusing standards and best practices.
Accurate Information that Minimizes Quality and Compliance Issues
By keeping a log of accurate configuration management, you minimize quality and compliance issues. Accurately tracked information ensures that configurations are properly maintained and that only certain people have access to authorize changes and releases.
Optimize Use of Business Assets
Effective configuration management optimizes the use of service assets, IT configurations, capabilities, and resources, while allowing organizations to meet business and customer requirements and control objectives.
Configuration Management Database (CMDB)
A configuration management database (CMDB) is the location where organizations store their configuration information. In addition to holding the configuration information, the database also stores information such as the physical location, ownership, and the relationship to other CIs.
What Is It?
A CMDB provides a common platform for project teams to edit, change, revise, and review CIs. Additionally, teams are able to ensure all documents and data sheets are properly maintained and updated to include the latest revisions and release formats.
What Is Its Purpose?
The purpose of a well maintained CMDB is to ensure that members of a project team are always working off of the most recent version of software, data, and documentation. Additionally, a CMDB is used to track the history of assets through the project lifestyle to ensure accurate records.
What Do You Need to Use It Effectively?
To ensure effective use of the CMDB, someone must take lead the on updating the status of CIs as the assets are changed. The assets should be changed to reflect the change in an easy-to-understand way for members of the organization.
Configuration audits track changes actually made against those actually authorized, in order to ensure that CIs meet functional requirements and are complying with all company-specific policies, industry standards, and governmental laws.
How to Do Configuration Audits
Audits can be time-consuming and overwhelming for organizations to complete. Luckily, we have compiled a series of tips to make the next audit a breeze:
- Adhere to standards-based compliance requirements. There are several industry-recommended standards that help organizations stay compliant. Choosing standards can be overwhelming, but using preexisting ones makes the process much easier. Additionally, taking the time to document why each standard is included or excluded will make audits smoother in the future.
- Follow internal policies. Every organization is unique, so organizations have internal policies that are not necessarily covered by existing standards-based configuration compliance standards. Internal policies are still important and should be followed for internal auditing.
- Be aware of security vulnerability configurations. If security is not a priority from a start, this can lead to data breaches or attacks. Utilizing tools that automatically detect vulnerabilities and help patch them can prevent consequences down the line.
- Integrate role-based access control. Role-based access ensures that only authorized users have permissions to perform certain activities within a system. Additionally, controls can keep track of who made which changes, creating a more complete audit trail.
- Avoid home-grown scripts. Home-grown scripts are often developed by a single person. When that person leaves, there may be no one who understands the script, and this puts the whole effort at risk. Avoiding home-grown scripts eliminates this problem.
Inedo Helps IT Teams Empower Their Configuration Management Plan
Be sure to subscribe to the Inedo Blog for further information on configuration management, DevOps, ITIL, and more.
Inedo DevOps tools maximize developer time, minimize release risk, and empower stakeholders to bring their vision to life faster. All with the people and technology you have right now. To get help streamlining your CI/CD processes, contact firstname.lastname@example.org