Benefitting from Configuration Management

I had an IT manager ask me to talk to the rest of the department about source code control systems (SCCS) and their value and use by teams in developing software applications in an orderly fashion. I previously had a co-worker overwrite database related code without testing against existing functionality. It took several hours to correct or adopt the changes through discovery, meetings, re-coding, and testing.  Further developments were executed either by single developers or using an SCCS. 

The beauty of an SCCS is that any version of an application can be generated at any time.  This capability is primarily used for building versions of an application for testing and release, and allowing the development of multiple releases concurrently.  It is also valuable for legal investigations and audits. A good means of determining what is stored in an SCCS is not just source code, but configuration information for the operating system, COTS software, and the application, and for licenses and security certificates.  Object files must always be built fresh and not stored in the SCCS.  Operating Systems and COTS software must be stored in a physical library.  It is advised that installation and release instructions also be stored in the SCCS or library.  All the above can then be used to build a complete system, upgrade COTS packages, and install the release of an application.  Two items missing from the code or SCCS are first the version/release available from within the application and second the expiration dates of security certificates and licenses in the system, but both were requested by development managers for systems involving banking and national security, respectively.

The above paragraph describes the basis of Configuration Management (CM).  The last comments on version and expiration dates are generally not stored in CM either.  As the environments for development, testing and production are rarely identical, CM requires that the environments in which a program is tested are as close to a mirror image of the production environment as possible and necessary for the type of testing being conducted, and that the code for the program is the same in each environment.  Another purpose of CM is that it stores and maintains all the information on the systems to enable a complete rebuild of the production, test, and development environments to the same specifications as the original.  This could be for rebuilding a data center following a natural disaster or other Force Majeure. 

The following definitions are for two practices of CM.  The first is technical approach and the second is business (ITIL) approach.

·         Wikipedia: Configuration management (CM) is a systems engineering process for establishing and maintaining consistency of a product's performance, functional, and physical attributes with its requirements, design, and operational information throughout its life.

·         Wikipedia: Configuration Management (CM) is an Information Technology Infrastructure Library (ITIL) version 2 and an IT Service Management (ITSM) process that tracks all of the individual Configuration Items (CI) in an IT system which may be as simple as a single server, or as complex as the entire IT department.

I prefer the former definition for the purpose of this article, as it collects all technical information about all the systems over time, where the latter uses the term Configuration Item which I have found in some businesses refers to a nothing smaller than a server.  I had learned that a Configuration Item is anything that can be changed within the entire system and that fits with the former definition.  There is so much involved with servers that specific criteria may have multiple sources and multiple targets.  Most of the problems that I have had to find and fix have been associated with the relationships between the servers.  When a transaction is not completed, tracking the request and response requires the knowledge of the message, how it is transmitted between servers, how the servers are addressed, and if the request/response is logged.  For the end user or customer, the information presented to them in the case of a failure needs to be more representative of the situation and what their best nest action should be.

A study was performed "Economic Impact Of The BMC Atrium Configuration Management Database (CMDB) Solution" by Forrester Consulting in 2007-8 used by 26 organizations. It refers to the CMDB as described in ITIL. Again, I agree with the capture of information described there, but I feel that capturing more technical information will assist project and operations teams in planning and problem solving. The report mentioned above also states that "A CMDB is not really a database" but also that "the CMDB is a work in progress". Hopefully they will use a relational database soon.

Just from the information presented above, the benefits of CM come from development cooperation, requirements of the testing environments, some release requirements and planning, traceability, and audits.

Next: CM Plan, CMDB and Resource Management.