CMDB
AND
CONFIGURATION
MANAGEMENT PROCESS, SOFTWARE TOOLS CREATION PLANNING
AND
AND
MAINTENANCE,
IMPLEMENTATION GUIDE
Gerard Blokdijk Notice of Rights: Copyright © The Art of Service. All rights reserved. No part of this book may be reproduced or transmitted in any form by any means, electronic, mechanical, photocopying, recording, or otherwise, without the prior written permission of the publisher. Notice of Liability: The information in this book is distributed on an “As Is” basis without warranty. While every precaution has been taken in the preparation of the book, neither the author nor the publisher shall have any liability to any person or entity with respect to any loss or damage caused or alleged to be caused directly or indirectly by the instructions contained in this book or by the products described in it. Trademarks: Many of the designations used by manufacturers and sellers to distinguish their products are claimed as trademarks. Where those designations appear in this book, and the publisher was aware of a trademark claim, the designations appear as requested by the owner of the trademark. All other product names and services identified throughout this book are used in editorial fashion only and for the benefit of such companies with no intention of infringement of the trademark. No such use, or the use of any trade name, is intended to convey endorsement or other affiliation with this book.
WRITE
A
EMEREO TO
REVIEW & RECEIVE E
BOOK
OF
A
BONUS
YOUR CHOICE: UP
$99 RRP FREE!
If you recently bought this book we would love to hear from you! Submit a review of this purchase and you’ll receive an additional free
eBook
of
your
choice
from
our
catalog
at
http://www.emereo.org. How Does it Work? Submit your review of this title via the online store where you purchased it. For example, to post a review on Amazon, just log in to your account and click on the Create Your Own Review button (under Customer Reviews) on the relevant product page (you’ll find plenty of example product reviews on Amazon). If you purchased from a different online store, simply follow their procedures. What Happens When I Submit my Review? Once you have submitted your review, send us an email via
[email protected], and include a link to your review and a link to
the
free
eBook
you’d
like
as
our
thank-you
(from
http://www.emereo.org – choose any book you like from the catalog, up to $99 RRP). You will then receive a reply email back from us, complete with your bonus eBook download link. It's that simple.
The CMDB and Configuration Management Creation and Maintenance Guide
Table of Contents 1
INTRODUCTION ROADMAP....................................................................................................................... 5
2
PRESENTATION ONE.................................................................................................................................. 9
3
PRESENTATION TWO ............................................................................................................................... 31
4
SUPPORTING DOCUMENTS.................................................................................................................... 43
4.1 4.2 4.3 4.4 4.5 4.6 4.7 4.8 4.9 4.10 4.11 4.12 4.13 4.14 4.15 4.16 5
VERIFICATION AND AUDIT PLAN FOR CONFIGURATION MANAGEMENT ................................................. 45 BUSINESS AND IT SERVICE MAPPING FOR CONFIGURATION ITEMS....................................................... 49 BUSINESS JUSTIFICATION ......................................................................................................................... 61 MINDMAPS.................................................................................................................................................. 67 CMDB DESIGN DOCUMENT ...................................................................................................................... 77 ROLES AND RESPONSIBILITIES INVOLVED WITH THE CMDB DATABASE .............................................. 83 COMMUNICATION PLAN ............................................................................................................................. 89 EXAMPLE OF ASSET AND CONFIGURATION MANAGEMENT PLAN CONTENTS ....................................... 97 IDENTIFICATION GUIDELINES ..................................................................................................................... 99 PLANNING AND IMPLEMENTATION FOR CONFIGURATION MANAGEMENT............................................. 105 OBJECTIVES / GOALS .............................................................................................................................. 117 OTHER CMDB MAINTENANCE CONSIDERATIONS ................................................................................. 120 POLICIES, OBJECTIVES AND SCOPE ....................................................................................................... 125 REPORTS AND KPI TARGETS .................................................................................................................. 129 STATUS ACCOUNTING GUIDELINES ........................................................................................................ 135 DESCRIPTION OF ASSET TYPES .............................................................................................................. 139 FURTHER READING ................................................................................................................................ 143
Page 3
The CMDB and Configuration Management Creation and Maintenance Guide
Page 4
The CMDB and Configuration Management Creation and Maintenance Guide
1
INTRODUCTION ROADMAP
Many organizations are looking to implement a CMDB as a way to improve the structure and quality of the business. This section describes the contents of the CMDB and Configuration Management Creation and Maintenance Guide. The information found within the guide is based on the ITIL Version 3 framework, focusing on the process of Service Asset and Configuration Management. There are also valuable insights into managing and maintaining a CMDB within Project Management, for example, the increasingly popular PRINCE 2 and PEMBOK methodologies. The guide is designed to answer a lot of the questions about creating and maintaining a CMDB and provides you with useful guides and user-friendly templates. Presentations can be used to educate or be used as the basis for management presentations or when making business cases for CMDB implementation. The additional information will enable you to improve your organizations knowledge base and provide practical, usable examples and templates for you to use in the creation and maintenance of your CMDB. The book serves to act as a starting point. It will give you a clear path to travel. It is designed to be a valuable source of information and activity.
The CMDB and Configuration Management Creation and Maintenance Guide: Flows logically, Is scalable, Provides presentations, templates and documents, Saves you time.
Page 5
The CMDB and Configuration Management Creation and Maintenance Guide
Step 1 Start by reviewing the presentations in the following order: 1. Service Asset and Configuration Management ITIL V3 2. Configuration Management Project Management These presentations will give you a good knowledge and understanding of all the terms, activities and concepts required within Configuration Management. They can also be used as the basis for management presentations or when making a formal business case for a CMDB implementation. Make sure you pay close attention to the notes pages, as well as the slides, as references to further documents and resources are highlighted here.
Page 6
The CMDB and Configuration Management Creation and Maintenance Guide
Step 2 If you did not look at the supporting documents and resources when prompted during the presentations, do this now. Below is an itemized list of the supporting documents and resources for easy reference. You can use these documents and resources within your own organization or as a template to help you in prepare your own bespoke documentation. Service Asset & Configuration Management ITIL V3: 1. Types of Service Assets – concise description of what constitutes a service asset. 2. Example Configuration Management System – ITIL Version 3 example diagram. 3. Example Service Asset and Configuration Management Plan Contents -a detailed overview of the criteria to be included in the contents of a Service Asset and Configuration Management Plan. 4. CMDB Roles and Responsibilities – this is an extremely useful document that includes suggested position description contents. Configuration Management – Project Management 1. Suggested Contents of the Configuration Management Plan - a detailed overview of the criteria to be included in the contents of a Project Management Configuration Plan. 2. Typical contents of a CI Record - a detailed overview of the criteria to be included in the contents of a Project Management Configuration Record. Alternatively, continue by working through the CMDB MindMaps and the CMDB Design document with the focus on your organization. This will help you ascertain the Configuration Management maturity for your organization. You will able to identify gaps and areas of attention and/or improvement. The supporting documents and resources found within the guide will help you fill these gaps by giving you a focused, practical and user-friendly approach to creating and maintaining your CMDB.
Page 7
The CMDB and Configuration Management Creation and Maintenance Guide
Page 8
The CMDB and Configuration Management Creation and Maintenance Guide
2
PRESENTATION ONE
Service Asset & Configuration Management
GOAL: To support the agreed IT service provision by managing, storing and providing information about Configuration Items (CI’s) and Service Assets throughout their life cycle.
This process manages the Service Assets and Configuration Items in order to support the other Service Management processes.
Page 9
The CMDB and Configuration Management Creation and Maintenance Guide
Service Asset & Configuration
Basic Concepts - Terminology Attribute
CI
configuration baseline
Service Assets CI Level Status Accounting
Configuration Item (CI): ANY component that supports an IT service (except people). IT component or associated items such as Request for Changes, Incident Records, Service Level Agreements Attribute: Specific information about CI’s. Example: Size of RAM, hard drive, bandwidth
Service Assets: Any capability or resource of a service provider. A detailed description of different Types of Service Assets, is available in a separate document within this book.
CI Level: Recording and reporting of CI’s at the level that the business requires.
Status Accounting: Reporting of all current and historical data about each CI throughout its lifecycle. Example: Status = Under Development, being tested, live, withdrawn etc
Configuration Baseline: Configuration established at a specific point in time, captures both the structure and details of a configuration. Used as a reference point for later comparison (e.g. after major changes, disaster recovery etc)
Page 10
The CMDB and Configuration Management Creation and Maintenance Guide
Configuration Management – Terms & Concepts CMDB Configuration Baseline Software & Document Libraries DSL
License Management
The Configuration Management Database (CMDB): is the data store for CI information. Most organizations already have a series of spreadsheets and small databases on infrastructure within the IT department. In larger organizations, the growing size and complexity of the infrastructure has forced the use of technology to manage all the associated information. The CMDB can hold a variety of information including details on users, customers, user groups, business units (Caution: consider privacy legislation at this point). The CMDB is also demonstrable and as an auditable concept it can be used as a compliance mechanism for legal requirements. CI information relating to incidents, problems, known errors, changes, releases; as well as inter CI relationships will be stored in the database.
Configuration Baseline: Configuration of a product or system established at a specific point in time, which captures both the structure and details of that product or system, and enables that product or system to be rebuilt at a later date. A snapshot or a position which is recorded. Although the position may be updated later, the baseline remains unchanged and available as a reference of the original state and as a comparison against the current position.
Continued from page 14…
Page 11
The CMDB and Configuration Management Creation and Maintenance Guide
Configuration Management – Terms & Concepts CMDB Configuration Baseline Software & Document Libraries DSL
License Management
Software and Document Libraries: Consists of; Collection of software and documents of known status. Controlling mechanism for software release.
The Definitive Software Library (DSL): is the logical storage location for master copies of software. The word “definitive” means ‘ultimate’, ‘perfect’, ‘best’.
License management: business people now face harsh financial penalties if they are found to be unable to control and monitor their software usage/licenses. Configuration Management is a crucial process in assisting in the control of software licenses.
Page 12
The CMDB and Configuration Management Creation and Maintenance Guide
Service Asset & Configuration
Scope of IT Infrastructure Configuration Items CI’s
Relationships
Include Software & Documentation!!
CI Attributes • Hard disk space
Scope
• Serial number • Owner • Location
CI Level
• Ram
Service Asset and Configuration Management may cover non-IT assets, work products used to develop the services and configuration items required to support the service that are not formally classified as assets.
The scope covers interfaces to internal and external service providers where there are assets and configuration items that need to be controlled e.g. shared assets.
There is a diagram of an ITIL Version 3 Example Configuration Management System available within this book.
Page 13
The CMDB and Configuration Management Creation and Maintenance Guide
Service Asset & Configuration
Activities Identification
Control Management & Planning
Verification & Audit
Status Accounting
Reporting
Source: the Art of Service
Notice how Management & Planning are the central activities. Good, sound Service Asset & Configuration Management requires thorough planning.
Page 14
The CMDB and Configuration Management Creation and Maintenance Guide
Service Asset & Configuration
Activities - Planning Planning consists of – Defining the strategy, policy, scope, objectives, processes and procedures – Roles and responsibilities – Location of storage areas and libraries used to hold hardware, software and documentation – CMDB Design – CI naming conventions – Housekeeping including license management and archiving of CI’s
Identification
Status Accounting
Control Planning
Verification & Audit
Reporting
There is an ITIL Version 3 Example Asset and Configuration Management Plan Contents available as a separate document within this book.
Page 15
The CMDB and Configuration Management Creation and Maintenance Guide
Service Asset & Configuration
Activities - Identification The selection, identification, labelling and registration of CIs. Identification can take place for: – Hardware and Software – include OS – Business systems – custom built – Packages – off the shelf – Physical databases – Feeds between databases and links – Configuration baselines – Software releases – Documentation Identification
Status Accounting
Control Planning
Verification & Audit
Reporting
Criteria for CI information to be valuable: It facilitates the management of Change The control of Incidents and Problems Or the control of assets that can be independently moved, copied or changed.
Page 16
The CMDB and Configuration Management Creation and Maintenance Guide
Service Asset & Configuration
Activities - Control Ensures that only authorized and identifiable CIs are recorded from receipt to disposal in order to protect the integrity of configurations. Control occurs for: – Registration of all new CI’s and versions – Update of CI records and licence control – Updates in connection with RFC’s and Change Management – Update the CMDB after periodic checking of physical items
Identification
Status Accounting
Control Planning
Verification & Audit
Reporting
Configuration Management needs to understand the CI lifecycle and have procedures in place to ensure proper control over its CI’s, throughout their lifecycle.
Page 17
The CMDB and Configuration Management Creation and Maintenance Guide
Service Asset & Configuration
Activities - Status Accounting Is the reporting of all current and historical data concerned with each CI throughout its lifecycle Provides information on • Configuration baselines • Latest software item versions • The person responsible for status change • CI change history • CI incident / problem history Identification
Status Accounting
Control Planning
Verification & Audit
Reporting
Each asset or CI will have one or more states throughout its lifecycle. The significance of each state is defined by asking the question: What use can be made of the Asset or CI, while in that state?
An example of this lifecycle is:
Development or draft – denoting that the CI is under development and that no particular reliance should be placed on it.
Approved – meaning that the CI may be used as a basis for further work
Under Change – is currently being modified by Change Management, may be unreliable until Change completed.
Withdrawn – meaning withdrawn from use, either because the CI is no longer fit for the purpose or because there is no further use for it.
Page 18
The CMDB and Configuration Management Creation and Maintenance Guide
Service Asset & Configuration
Activities - Verification and Audit Reviews and audits verify the existence of CI’s, checking that they are correctly recorded in the CMDB and that there is conformity between the documented baselines and the actual business to which they refer. Configuration Audits should occur at the following times: – Before and after major changes to the IT infrastructure – Following recovery from disaster – In response to the detection of an unauthorised CI – At regular intervals Identification
Status Accounting
Control Planning
Verification & Audit
Reporting
Key point: Automate audits where possible through software tools
Page 19
The CMDB and Configuration Management Creation and Maintenance Guide
Service Asset & Configuration
Configuration Reviews •
Look to consolidate reporting needs e.g. Efficiency:
Productivity - # changes per period Value add - # of release back outs Effectiveness: Timeliness - Resolution time Accuracy - % correct resolution Quality - % solved within SLA
•
Carry out monitoring reviews – Seek stakeholder feedback – Seek feedback from other ITSM processes – Are the administration procedures effective e.g. archiving
Page 20
The CMDB and Configuration Management Creation and Maintenance Guide
Management Reporting Management reports for Configuration Management should cover the following: • Results of audits • Detected non registered or inaccurately registered CI’s. • # registered CI’s and CI’s versions • Growth and capacity • Rate of change • Backlogs, delays, remedies • Staffing position • # out of hours authorized work • Efficiency/effectiveness review results • Value of CI’s • Location of CI’s
These reports should be designed to support Service Management activities such as progress monitoring, Problem, Change, Release and Configuration Management audits and service planning. These reports should be made available for interrogation and trend analysis by IT Service Management and other groups within the IT services structure.
Page 21
The CMDB and Configuration Management Creation and Maintenance Guide
Activities – Baselining A configuration baseline is the configuration of a product or system established at a specific point in time, which captures both the structure and details of a configuration. It serves as a reference for Further activities. An application or software baseline provides the ability to change or to rebuild a specific version at a later date.
Identification
Status Accounting
Control Planning
Verificati on & Audit
Reporting
A configuration baseline is used to assemble all relevant components in readiness for a Change or Release, and to provide the basis for a configuration audit and regression, e.g. after a Change. The Configuration Management system should be able to save, protect and report on a configuration baseline, its contents and documentation.
Page 22
The CMDB and Configuration Management Creation and Maintenance Guide
Service Asset & Configuration
CI
ment Develop CI
data
Finan
it y
Mg t.
g cial M
ve Le
CMDB
. gt lM
Proble
t.
m Mgt.
M . gt
e ic rv e S
t.
Mg
e ng
CI
nt i de I nc
a Ch
data
System managem ent
ab il
t.
Av a il
IT S erv i Co ntin ce uity M
dat a
Mg
CI
Release Mgt.
SLM
ta da
y cit pa Ca
M CR
gt.
Tools
Automated tools are used to collect and store data in many organizations. Unless there is a central storage of all data, there is potential for this data not being maximized.
In ITIL, most processes collect and use data, and store it in the CMDB. One of the greatest contributors to the CMDB is Change Management.
QUESTIONS: Why might Change Management be the greatest contributor to the CMDB? Changes to CMDB must be assessed and authorized by Change Management first. What are the main benefits of ONE central repository? One tool reduces costs One team reduces costs and improves consistency in CI management. Provides a one stop shop for Configuration Management queries. The data about CIs and methods of controlling CIs is consolidated which reduces auditing effort. Opens opportunities for consolidation in CIs to support services. What are the challenges of such a move? Initial cost Design of CMDB Integration with older legacy systems etc.
Page 23
The CMDB and Configuration Management Creation and Maintenance Guide
Service Asset & Configuration
Roles & Responsibilities Asset Management
The management of service assets across the whole lifecycle including: •Full lifecycle management of IT and service assets from acquisitions to disposal •Maintenance of the asset inventory. Configuration Management
CM provides a logical model of the services, assets and infrastructure by recording the relationships between service assets and configuration items.
Roles related to Service Asset and Configuration Management include: Service Asset Manager Configuration Manager Configuration Analyst Configuration Administrator/Librarian CMS/Tools Administrator
There are detailed CMDB Roles and Responsibilities described in an additional document, within this book.
Page 24
The CMDB and Configuration Management Creation and Maintenance Guide
Service Asset & Configuration
Configuration Management - KPI’s • • • • • •
• •
Number of discovered unauthorized configurations Audit reviews Poor impact assessment that lead to inefficient change Change related incidents/problems Cycle time to approve and implement changes Licenses that have been wasted or not put into use at a particular location Exception reports during configuration audits Unauthorized IT components detected in use.
Measurable targets for objective metrics should be set for the effectiveness of the Configuration Management process. The metrics, included in this slide, can be used to improve the process over a realistic timeframe.
The next page includes ideas for set targets that can be used to identify improvement areas.
Page 25
The CMDB and Configuration Management Creation and Maintenance Guide
Service Asset & Configuration
Configuration Management - Targets •
Change in the proportion of Service Desk calls that are received per month that are resolved while the user is on the line.
•
Change in the number and seriousness of Incidents and Problems
•
Change in the average time and cost of diagnosing and resolving Service Desk calls that require escalation.
•
Change in the number and seriousness of occasions when an SLA is breached and the problem is tracked to errors in the Service Support functions/processes.
•
Number of changes to the CMDB per month because of identified errors in the CMDB.
Page 26
The CMDB and Configuration Management Creation and Maintenance Guide
Service Asset & Configuration
Costs –
Personnel
–
Accommodation
–
Software
¬
¬
–
Management CMDB, audits, clean up poor data
Physical storage of process documents, servers, people
–
In house vs off the shelf
•
tools and equipment for CMDB, audits, reporting, …
Hardware –
Data storage
–
Collection points and collation servers
–
Education
–
Procedures
–
¬
Tools, procedures, how to audit,
Designing & managing Configuration Management, documentation, instruction sets,
Page 27
The CMDB and Configuration Management Creation and Maintenance Guide
Service Asset & Configuration
Challenges Wrong level of CI detail (too high or too low) Sticking to manual system Authorization in case of urgent changes outside business hours Over ambitious planning and too high expectations Lack of management commitment Costs-benefit analysis is difficult Time pressure on implementation Overly bureaucratic process/implemented in isolation Tool lacks flexibility
Source: OGC (Service Delivery),
CMBD Development. The development of an automated CMDB and its associated processes should be treated as per any new system development in an organization. Adequate system specification and design should be undertaken to ensure that what is built meets the desired outputs and outcomes.
Adherence to Configuration Management Processes After implementation, clearly written and supported Configuration Management processes (eg. using the CMDB) should be developed, communicated and disseminated to ensure that the CMDB maintains its accuracy. A loss of accuracy in the CMDB can have long term negative implications for the Configuration Management process and your ITIL implementation.
Page 28
The CMDB and Configuration Management Creation and Maintenance Guide
Service Asset & Configuration
Benefits Management of IT resources Economical, quality services •
Less mistakes, therefore less “double costs”
Effective and efficient problem solution Effective and efficient processing of changes Optimal support on security issues Helps ensure compliance to legal obligations •
Insight in illegal copies, licences, due dates of contracts
Optimal support on issues of budgeting and spending
Page 29
The CMDB and Configuration Management Creation and Maintenance Guide
Components, Tools & Databases SKMS (Service Knowledge Management System) CMS (Configuration Management System) Decisions
CMDB (Configuration Management Database)
KEDB (Known Error Database)
SKMS: Service Knowledge Management System: The complete set of tools and databases that are used to manage knowledge and information. The SKMS includes the CMS as well as other tools and databases. The SKMS stores, manages, updates and presents all information that an IT service provider needs to manage the full lifecycle of it services.
CMS: Configuration Management System: A set of tools and databases that are used to manage an IT service provider’s configuration data. The CMS also includes information about incidents, problems, known errors, changes and releases; and may contain data about employees, suppliers locations, business units, customers and users. Maintained by Configuration Management and is used by all IT service management processes.
CMDB: Configuration Management Database
KEDB: Known Error Database. This database is created by Problem Management and used by Incident and Problem Management.
Page 30
The CMDB and Configuration Management Creation and Maintenance Guide
3
PRESENTATION TWO
Configuration Management and Project Management
Page 31
The CMDB and Configuration Management Creation and Maintenance Guide
Configuration Management Within the context of project Management, the purpose of configuration management is to identify, track and protect the projects products.
Configuration Management may be thought of as asset or product control. It is a discipline that gives precise control over the project’s products by allowing management to: Specify the versions of products in use and in existence and hold information on; •
Their status (e.g. in live use, archived, ready for quality checking)
•
Who owns each product (the individual with prime responsibility for it)
•
The relationships between products
•
Maintain up-to-date records containing these pieces of information.
•
Control changes to the products by ensuring that changes are made only with the agreement of appropriately named authorities.
•
Audit the records to ensure that they contain the authorized products and only these products.
Page 32
The CMDB and Configuration Management Creation and Maintenance Guide
Configuration Management Plays a major part in the quality control of the project. Without it, managers have little or no control over the products being produced e.g. what their status is, where they are, what version it is.
Configuration Management contributes to the economic provision of quality products: •
By making the management of changes and upgrades to a product cheaper and less error prone.
•
By helping to identify products that may be affected by problems in related products.
•
By checking which versions of products the user is using or is connected to, whether products in use are authorized, whether products have been affected by changes and which other related products might be the cause of the problems.
Page 33
The CMDB and Configuration Management Creation and Maintenance Guide
Configuration Management Configuration Management is not optional!
! If more than one version has been created, then configuration management is being performed. It is just a question of how formally it needs to be done.
Configuration Management for management products is of equal importance to configuration management for specialist products. E.g. a Stage Plan will be updated at many times during a stage. Each update will be anew version.
Page 34
The CMDB and Configuration Management Creation and Maintenance Guide
Baseline A baseline is a snapshot of a product and any component products, frozen at a point in time for a particular purpose. It also records a change in product status when the product passes to the configuration library after successful completion of quality control. This changes its status and ‘freezes’ the content. It can now be used as a firm basis from the development of any later product.
If the product is changed at a later date, the baseline version stays unchanged. A new version number must be allocated, a copy of the product is issued bearing this new version number and all the facts are noted in the configuration management records. When this amended version is finally finished, and has been through quality checking, it is passed into the library and a new baseline established for that version. Old baseline versions are never discarded. The configuration management method must always permit the recreation of any version of the released product.
Page 35
The CMDB and Configuration Management Creation and Maintenance Guide
Release A release is a complete and consistent set of products that forms a fixed reference point in the development of the end outcome. Each product in the release must have been baselined so that it is clear which version of the various parts should be included.
The most obvious release is the final outcome to be handed over at the end of the project. It is normal to provide intermediate releases to provide a firm, agreed foundation for later work, preferably a natural breakpoints in the development cycle. This release can be considered as a ‘bill of materials’ – a list of products that make up that release, showing each product’s version number and baseline date.
Page 36
The CMDB and Configuration Management Creation and Maintenance Guide
Managing the configuration Consists of 5 basic functions: Planning Identification Control Status accounting Verification
Planning: deciding what level of configuration management will be required by the project and planning how this level is to be achieved. Identification: specifying and identifying all components of the final product. Control: the ability and baseline products and then to make changes only with the agreement of appropriate named authorities. Once a product has been approved, the motto is’ nothing moves, nothing changes without authorization’ Status accounting: the recording and reporting of all current and historical data concerning each product. Verification: a series of reviews and configurations audits to ensure that the actual status of all products matches the authorized state of products as registered in the configuration management records.
Page 37
The CMDB and Configuration Management Creation and Maintenance Guide
Configuration Librarian Configuration Management gives the project management team precise control over the project’s assets. The title given to the role that operates the configuration management method is Configuration Librarian.
Where a project is part of a program, it may be sensible to perform the function at program level, since products will probably be shared between projects within the program and inter-project product transfers may occur during the life of the project. It is essential that each projects configuration management meets the requirements of the program in addition to the projects internal needs.
Page 38
The CMDB and Configuration Management Creation and Maintenance Guide
Configuration Management Plan The configuration management plan forms part of the Project Quality Plan. It defines: How and where the products will be stored • What filing and retrieval security there will be • How the products and the various versions of these will be identified • Where responsibilities for configuration management lie. •
A full description of the Suggested Contents of the Configuration Management Plan is available in a separate document in this book.
Page 39
The CMDB and Configuration Management Creation and Maintenance Guide
Configuration Identification Each product (and each version of a product) required a unique identifier. As a minimum, the coding scheme should identify: • • • •
The project in which the product is created Type of product e.g. hardware, document etc Product title Latest version number.
According to the type of product, there may be other parts of the unique key, such a variant (for example, what language version).
A description of the typical information that needs to be held for a Configuration Item Record is available in a separate document in this book.
Page 40
The CMDB and Configuration Management Creation and Maintenance Guide
Configuration Audits These audits that actual products against the information held about them in the configuration management records, looking for discrepancies e.g. • difference in version numbers • Incorrect status • Stated person has the item out for change. The audits also check that the configuration management process is being done to a standard. Such audits are normally carried out at the end of each stage.
Normally someone with Project Assurance responsibility is responsible for configuration audits, with help from the Configuration Librarian. If the Project Board is carrying out its own Project Assurance, the Project Manager may appoint someone else to carry out the audit.
Page 41
The CMDB and Configuration Management Creation and Maintenance Guide
Page 42
The CMDB and Configuration Management Creation and Maintenance Guide
4
SUPPORTING DOCUMENTS
Page 43
The CMDB and Configuration Management Creation and Maintenance Guide
Page 44
The CMDB and Configuration Management Creation and Maintenance Guide
4.1
Verification and Audit Plan for Configuration Management IT Services Verification and Audit Plan Process: Service Asset & Configuration Management
Status: Version:
0.1
Release Date:
Page 45
The CMDB and Configuration Management Creation and Maintenance Guide
The document is not to be considered an extensive statement as its topics have to be generic enough to suit any reader for any organization. However, the reader will certainly be reminded of the key topics that have to be considered. This document serves as a guide on the steps required for verification and audit of Configuration Items (CIs) for the Configuration Management process. This document provides a basis for completion within your own organization. This document contains definitions. The document will fuel thoughts about other possible ways to check and verify that the reality matches the expected.
This document was; Prepared by: On:
<
>
And accepted by: On:
<>
Page 46
The CMDB and Configuration Management Creation and Maintenance Guide
Regular configuration audits must be carried out to ensure that the information held in the CMDB is consistent with the physical presence of CIs and vice-versa. Configuration verification and audit Configuration verification and audits are generally a series of reviews to verify the physical existence of CIs and check that the CIs are correctly recorded in the CMDB and controlled libraries. The checks also include the verification of release and configuration documentation before changing the live environment. An initial review is suggested after 3 months after Configuration Management system implementation. However, if a high number of inaccuracies are found then the frequency and intensity of the audits should be increased. Automated configuration audits increases the efficiency and effectiveness of most audits. Audit tools can determine software installed and identify the major items of hardware configuration. This equates to an increased number of CIs that are exposed to an audit. The primary benefit of automation is it will allow staff to focus on exceptions or “rogue” components without the need to check all the “acceptable” components (rules can be built into the audit tools to report on “rogue” components only). A Configuration baseline is a “snapshot” of a component or series of components at a specific point in time. The purpose of the baseline is that it allows us to monitor progress or changes to components more carefully. It also provides us with a rollback point if changes have to be undone at a later stage. Audits should be performed: 1. Once per time period – Full audit 2. Periodic audits on set components or functional or geographic areas. 3. Before a major release or change (definitely to the specific components that will be affected). 4. Post change to verify planned changes reflect the actual 5. After the implementation of any new Configuration Management system (or upgrade) 6. Post recovery from disasters 7. Occasionally at random intervals 8. Following large scale detection of unauthorized CIs
Page 47
The CMDB and Configuration Management Creation and Maintenance Guide
Page 48
The CMDB and Configuration Management Creation and Maintenance Guide
4.2
Business and IT Service Mapping for Configuration Items IT Services Business and IT Service Mapping for Configuration Items Process: Service Asset & Configuration Management
Status: Version:
0.1
Release Date:
Page 49
The CMDB and Configuration Management Creation and Maintenance Guide
Document Control Author Prepared by Document Source This document is located on the LAN under the path: I:/IT Services/Service Support/Business and IT Service Mapping/ Document Approval This document has been approved for use by the following: ♦
, IT Services Manager
♦
, IT Service Delivery Manager
♦
, National IT Help Desk Manager
Amendment History
Issue
Date
Amendments
Completed By
Distribution List When this procedure is updated the following copyholders must be advised through email that an updated copy is available on the intranet site: Business Unit
Stakeholders
IT
Page 50
The CMDB and Configuration Management Creation and Maintenance Guide
Introduction Purpose The purpose of this document is to provide relevant IT departments with an understanding of how the IT Services provided map to the Organizations business processes, to capture all the relevant configuration items that are involved in the delivery of the IT Services. Scope This document describes the following: Summary of the Business Processes and the corresponding IT Services provided by the IT departments within the Organization: Summary of business processes Summary of IT Services Configuration Item Mapping Details of the configuration items that make up the IT Services Note: It is assumed for each Business Process and IT Service described in this document that the supporting back-end technology is already in place and operational. Audience This document is relevant to all staff in Ownership IT Services has ownership of this document in conjunction with nominated Business Representatives. Related Documentation The following documents may help you to complete or understand the purpose of this document: SLM1400 Business and IT Service Mapping Relevant SLA and procedural documents Relevant IT Services Catalogue Relevant Technical Specification documentation Relevant Functional Specification documentation Relevant User Guides and Procedures
Page 51
The CMDB and Configuration Management Creation and Maintenance Guide
Executive Overview In the past organizations IT Services have generally grown and developed into large complex environments. Unfortunately this growth has not always been as structured and pre-planned as it needs to be. This has resulted in the IT department not having a very clear picture of all the services they currently provide with no accurate profile of the actual customers for each of these services. Therefore it has become imperative for the IT department to establish an accurate picture of the services it provides. This document describes an approach for mapping IT Services and their components to the Business Process. Mapping Business Process and IT Service: An approach Most organizations now understand the benefits of having Information Technology (IT) throughout their structure. Few realize the potential of truly aligning the IT department’s objectives with the business objectives. However, more and more organizations are beginning to recognize IT as being a crucial delivery mechanism of services to their customers. When the IT services are so critical, steps must be in place to ensure that the IT group adds value and delivers consistently. In line with this concept, the first step in mapping IT Services to the needs of the business is to understand the Organization. An organization starts with a Mission Statement. The Mission Statement for an Organization defines its reason for being. Once we capture the Mission Statement, the next thing to look at is the Vision Statement. The Vision Statement defines where it is that the organization wants to go. By understanding where the organization wishes to position itself within its market space, then we can start looking at how its short term and long term objectives align with this. At this point we now need to start capturing the “objectives and strategy” of the Organization. By having this information, IT departments are more likely to be aware of the pressing business issues and needs that may impact on the services that they provide. For example, the organization may have an objective of expanding its business into new markets within the next 12 months, requiring additional offices and staff. The direct impact on IT departments would be the successful planning of capacity of new IT Services, the successful planning of how to change our current services to meet the demands of the business, and being flexible enough to meet these demands.
Page 52
The CMDB and Configuration Management Creation and Maintenance Guide
However, an objective is not sufficient enough to determine how IT departments should be delivering its services. The Organization will meet these objectives by changing, enhancing or creating new business processes. For example, Admin staff may need additional resources, a new ordering package may be required, or perhaps a new billing process needs to be implemented to meet these objectives. Therefore, after capturing the Organizational objectives, we need to understand how these map to current business process, if the current business processes are changing or becoming obsolete and if there will be any new business processes. Once the IT departments have a clear view of each of the business units and their business process, we need to capture the fact that the business processes need one or more IT services (e.g. CRM application, e-mail, word processing, financial tools) to function. After having captured the IT Services, the next logical step is to break down the services into the components that exist within the IT Infrastructure so that we can then map them back to the IT Service. The “components” that make up the IT Services are referred to as configuration items or CIs for short. This is generally considered the most difficult part of the process and requires a reasonable amount of planning. The recommended approach is to run this activity as a project in conjunction with the Configuration Management process. A simple model for this approach is illustrated on the next page. • • • •
What are the Objectives of the Organization? What is its Mission and Vision? What Business Processes are in place or will be in place to meet these needs? What IT Services are needed or in place to service the Business Processes? What are the configuration items of the IT Infrastructure that make up the IT Services?
Page 53
The CMDB and Configuration Management Creation and Maintenance Guide
Business Objectives
Business Processes
IT Services
Configuration Items
Benefit of the Approach With the current world client it is becoming increasingly important for organizations to be flexible in the services they deliver to their customers. Customers are becoming more demanding and discerning in their approach to buying service and products. As a result of this organization are under increasing pressure to deliver quality services. This has resulted in the business putting an even greater demand on IT departments while at the same time trying to reduce the cost of IT Service which have generally been seen as an overhead. As such, organizations are paying greater attention to their IT departments and their approach in delivering services. The above approach provides IT departments with a structure in mapping and recording the services that they deliver to the needs of the business. IT departments that have been using this approach are now better positioned to understand the make up of the services that they offer, the service level they need to offer the services at, and the cost of these services. The result of directly mapping IT Services to the business and understanding how the Configuration Items make up the service can highlight where insufficient resources exist, but even more importantly where there has been an over expenditure on resources that may not be needed by the organization anymore. By directly mapping the configuration items to IT Services and how they are aligned to the business, IT departments are better positioned to provide and account for the services they need to deliver. This has resulted in better IT spending in an economy where IT budgets are having greater demands placed on them.
Page 54
The CMDB and Configuration Management Creation and Maintenance Guide
Mission Statement A mission statement describes the reason for the organizations being. Without an understanding of the mission statement of an organization, it becomes hard to define what it is that the organization is trying to achieve. In this section of the document capture the mission statement of the organization. It is important to show that the IT department is aware of the business. Vision Statement In this section, document the Vision statement for the Organization. Below is a text example of what may be included in this section. Listed below is the Vision Statement for : • • • • •
Quality Care Convenient Service Good Experiences Care at Competitive Prices Service You'll Recommend to Friends and Family
These are the major goals of the staff at . With over 150 services and 400 staff, we constantly strive to provide the highest-quality service throughout the Mid-South.
Page 55
The CMDB and Configuration Management Creation and Maintenance Guide
Business Process Summary When trying to map out all the configuration items of the IT infrastructure, you need to first ensure that you have clearly identified all the current business processes that the organization is using to deliver services to their customers. The list of business process will then be supported by IT Services. See next section. The below table is an example of a Business Process Summary Table. Columns and Rows can be added as needed. To find out about mapping Business Process and IT Services please see the following document(s): •
SLM1400 Business and IT Service Mapping
Process Name: The name of the process if available Process Owner: The name of the Department head or Business Representative for the process Description: A brief description of the process Department(s): The Department(s) that is involved or uses this process Parent Process: Any process that may be considered a lead into this process or is seen has having a higher business criticality Triggers: What causes the process to start? This is important as IT can then determine if and how their Services interact with other business process or external organizations.
Process Name
Process Owner
Description
Department(s)
Parent Process
Triggers
Page 56
The CMDB and Configuration Management Creation and Maintenance Guide
IT Service Summary The next step in the process is to ensure that we capture a summary of the all of the IT Services being provided to the business. Once we have a clear picture of this, we can then start to think about breaking down the IT Services down to the component level. IT Service: The name of the IT Service being provided to the organization. Service Version: In some instances there may be Customers or Business Units that are using the same service, for example email, but have in place agreements for different levels of service for that IT Service. In these instances it is advisable to capture the different “Service Versions”. IT Service Owner: The owner or support group that is responsible for delivery and support of the IT Service. Description: A brief description of the IT Service. This is an optional field and may be dropped for more important information. Contract: In some instances IT Services will be provided in conjunction with a contract. For internal IT departments, there may not be a contract for the services they provide and therefore this field can be considered optional. Covering SLA: Capture any Service Level Agreements that apply to the IT Service. Service Hours: List the hours of operation for the IT Service. Customer / Business Unit: List any those customers or business units that use the IT Services. Business Process: To understand the business impact of the IT Service it is important to capture the Business Process that the IT Service supports. Business Impact: If the IT Service is unavailable, how will this impact on the business? This information can be used in conjunction with Service Level Agreements and goes towards IT departments understanding how the service that they provide will impact on the business. This in turn can help engender a better sense of urgency when dealing with errors and incidents within the IT Infrastructure.
Page 57
The CMDB and Configuration Management Creation and Maintenance Guide
IT Infrastructure Component Mapping Once the Business Process and their corresponding IT Services are captured and documented, it is then possible to start the mapping of the configuration items. The below table provides a template for capturing IT Components (Configuration Items) against the IT Services. IT Components (Configuration Items (CI)) SubType Type Hardware Server
CI # Serial # CI Name SER345 15434563 EMERO CISCORT5700 54444443 002 Hardware Router CISCORT4567 76547457 001 Hardware Router MS001 N/A MS Office Software Microsoft
IT Services Service A
Service B
Service C
Service D
This information is critical in providing quality and known services to the organization. For example, if we were to look at the two CISCO routers above, we can see that CISCO-002 is integral to all four services listed above, whilst CISCO-001 is only integral to two of those services. This information will now help in the planning process of Service Level Management and agreeing to levels of service that rely on those particular configuration items. We can also use this information in conjunction with our IT Service Continuity planning. In the above table it would be important to ensure that in the event of CISCO-002 failing, affecting 4 services, that we have appropriate measures in place. After this mapping has occurred, we should be able to discover all those configuration items that exist in our environments that are no longer part
Page 58
The CMDB and Configuration Management Creation and Maintenance Guide
of a larger IT Service. There are reported cases of IT departments discovering large amounts of configuration items existing within the infrastructure that no longer provide a service. In most cases, the IT department was still paying maintenance and licensing fees for those parts of the infrastructure. To get a list of your configuration items, you will need to go to your Configuration Management Database.
Page 59
The CMDB and Configuration Management Creation and Maintenance Guide
Page 60
The CMDB and Configuration Management Creation and Maintenance Guide
4.3
Business Justification IT Services Business Justification Process: Service Asset & Configuration Management
Status: Version:
0.1
Release Date:
Page 61
The CMDB and Configuration Management Creation and Maintenance Guide
Business Justification Document for Configuration Management The document is not to be considered an extensive statement as its topics have to be generic enough to suit any reader for any organization. However, the reader will certainly be reminded of the key topics that have to be considered. This document serves as a reference for how to approach the task of seeking funds for the implementation of the Configuration Management process. This document provides a basis for completion within your own organization.
This document was; Prepared by: On:
<>
And accepted by: On:
<>
Page 62
The CMDB and Configuration Management Creation and Maintenance Guide
Configuration Management Business Justification A strong enough business case will ensure progress and funds are made available for any IT initiative. This may sound like a bold statement but it is true. As IT professionals we have (for too long) assumed that we miss out on funds while other functional areas (eg. Human resources and other shared services) seem to get all that they want. However, the problem is not with them, it’s with US. We are typically poor salespeople when it comes to putting our case forward. We try to impress with technical descriptions, rather than talking in a language that a business person understands. For example: We say
We should say
We have to increase IT security controls, with the implementation of a new firewall.
Two weeks ago our biggest competitor lost information that is now rumoured to be available on the internet.
The network bandwidth is our biggest bottleneck and we have to go to a switched local environment.
The e-mail you send to the other national managers will take 4 to 6 hours to be delivered. It used to be 2 to 3 minutes, but we are now using our computers for many more tasks.
Changes to the environment are scheduled for a period of time when we expect there to be minimal business impact.
We are making the changes on Sunday afternoon. There will be less people working then.
Doesn’t that sound familiar? To help reinforce this point even further, consider the situation of buying a new fridge. What if the technically savvy sales person wants to explain “the intricacies of the tubing structure used to super cool the high pressure gases, which flow in an anti-clockwise direction in the Southern hemisphere”. Wouldn’t you say “too much information, who cares – does it make things cold?” Well IT managers need to stop trying to tell business managers about the tubing structure and just tell them what they are interested in.
Page 63
The CMDB and Configuration Management Creation and Maintenance Guide
So let’s know look at some benefits of Configuration Management. Remember that the comments here are generic, as they have to apply to any organization. If you need assistance in writing business benefits for your organization please e-mail [email protected] for a quotation. Benefits
Notes/Comments/Relevance
The ability to obtain and provide accurate component information. The Configuration Management process is a cornerstone to other ITIL processes. There are clear links between this process and all others. A well run configuration management process will ensure that the best returns on the investment made in implementation of structured processes is achieved. IT components are relatively expensive and constitute a valuable part of the organization’s assets. Good control over these assets is as important as good stock control and overall credibility that comes from knowing what we have and where it is. In many industries there can be a legal requirement to track assets. Implementing a good CMDB with published regular verification audits will meet most legal obligations that may be imposed on organizations. This is most easily discussed when reviewing software licenses and the heavy penalties that can be imposed for illegal use. Configuration Management directly contributes towards the ability of the IT department to keep providing IT service following a major outage. The CMDB combined with the DSL helps in the restoration process, by providing configuration information and location of spares, etc. Providing assistance to the ongoing task of
Page 64
The CMDB and Configuration Management Creation and Maintenance Guide
rolling out new releases, new software, and new applications to the business. Assistance is via information regarding versions, previous changes, location of master copies, etc. Aides in improving the security of the organization with respect to IT. This is because changes to CIs can be verified, checked and controlled (helping to reduce accidental or deliberate changes). Minimizing the amount of “wasted” software, by ensuring maximum use of software purchased. A good Configuration Management process allows us to track our purchases of software against the numbers of users. This information may help to redistribute existing software, rather than simply reacting to a request to purchase. Configuration Management provides accurate information regarding the expected environment that a change will impact. With this information testers are able to more accurately predict the likely impact of a change and therefore work to reduce any adverse impact of a change. Problem Management relies on trending information that will help to identify “repeat component offenders”. With such information, combined with model numbers, user information, etc. we are able to more quickly get to the real root cause of a problem (using scientific methods, not instinct). Welcome to the Configuration Management Database (CMDB) Mind Maps. These cover various topics including an overview of the CMDB, the relationship of the CMDB to the ITIL processes and the steps to undertake when implementing a Configuration Management Database.
Page 65
The CMDB and Configuration Management Creation and Maintenance Guide
Page 66
The CMDB and Configuration Management Creation and Maintenance Guide
4.4
MindMaps
Page 67
The CMDB and Configuration Management Creation and Maintenance Guide
Map 1 – CMDB overview (Map 1 of 2) This Mind Map provides as overview of what a CMDB is and the purpose of having a CMDB. It also highlights what is NOT considered as a CMDB.
Page 68
The CMDB and Configuration Management Creation and Maintenance Guide
Map 2 – CMDB overview (Map 2 of 2) This Mind Map highlights the definition of a CMDB and a CI. It also explains some characteristics that make up a CMDB and the capabilities of the CMDB.
Page 69
The CMDB and Configuration Management Creation and Maintenance Guide
Map 3 – CMDB relationships to Processes (Map 1 of 2) This Mind Map shows the relationships between the CMDB and Incident Management, Problem Management, Change Management, Release Management and Configuration Management. These relationships are vital as the CMDB can be seen as central to the success of these processes.
Page 70
The CMDB and Configuration Management Creation and Maintenance Guide
Map 4 – CMDB relationships to Processes (Map 2 of 2) This Mind Map shows the relationships between the CMDB and Financial Management, Security Management, IT Service Continuity Management, Capacity Management, Service Level Management and Availability Management. These relationships are vital as the CMDB can be seen as central to the success of these processes.
Page 71
The CMDB and Configuration Management Creation and Maintenance Guide
Map 5 – Implementing a CMDB – Defining the Goals and Objectives This is the first step in implementing a CMDB. It is critical that the goals of the CMDB are aligned to a specific business benefit and that they are measurable. It is also important to ask pertinent questions to make sure the reasons behind implementing a CMDB are clear.
Page 72
The CMDB and Configuration Management Creation and Maintenance Guide
Map 6 – Implementing a CMDB – Assigning Responsibilities The relationship between Configuration Management and Change Management is vital for the successful implementation of the CMDB. It is also important to include members and process owners from multiple areas to ensure input and ownership of the CMDB.
Page 73
The CMDB and Configuration Management Creation and Maintenance Guide
Map 7 – Implementing a CMDB – Defining the Content of the CMDB This is a critical step in the implementation of the CMDB. Decisions need to be made about the level of detail that is going to be included in the CMDB. It is often impractical (or not useful) to include all CIs in the CMDB. Of particular importance is to articulate the relationships between CIs and services.
Page 74
The CMDB and Configuration Management Creation and Maintenance Guide
Map 8 – Implementing a CMDB – Adding Data to the CMDB There must be clearly defined processes for adding data to the CMDB to ensure accuracy and integrity of the CIs. This has to be done as collaboration between Configuration Management and Change Management. There must be a balance between the manual input of data (which can be time consuming and error prone) and automated collection and input of data (which is best used for the initial discovery of inventory).
Page 75
The CMDB and Configuration Management Creation and Maintenance Guide
Page 76
The CMDB and Configuration Management Creation and Maintenance Guide
4.5
CMDB Design Document IT Services Configuration Management Data Base (CMDB) Design Document Process: Service Asset & Configuration Management
Status: Version:
0.1
Release Date:
Page 77
The CMDB and Configuration Management Creation and Maintenance Guide
CMDB Design Document for Configuration Management The document is not to be considered an extensive statement as its topics have to be generic enough to suit any reader for any organization. However, the reader will certainly be reminded of the key topics that have to be considered. This document serves as a checklist for topics to consider when looking at the selection of an automated tool for the Configuration Management process. This document provides a basis for completion within your own organization.
This document was; Prepared by: On:
<>
And accepted by: On:
<>
Page 78
The CMDB and Configuration Management Creation and Maintenance Guide
Configuration Management Database Without knowing it there are already many organizations engaged in Configuration Management practices. Most already have some form of crude Configuration Management Data Base (CMDB). These CMDBs are often spreadsheets, local databases or even paper records regarding IT asset location, owner, cost, etc. However the growth in size and complexity of IT environments has dictated the need to adopt sophisticated support tools (including a Configuration Management Database (CMDB). The following checklist will help the reader identify the salient characteristics that are required of a well designed CMDB. Use the list to assess tools being promoted or as a list to put in a tender or request for information when investigating different tools. The Configuration Management system should provide: Characteristic
Notes/Comments/Relevance
Security controls that will restrict access as appropriate. Ability to support and hold information on CI’s that have a varying degree of complexity (from entire stand-alone systems (e.g. Mainframe) to simple, single hardware items or software applications and all the associated relationships that are possible between them. An ability to use heuristics to create automatic relationships between certain components. Ability to easily add, modify or remove components, without undermining the database integrity. Automated validation and duplicate avoidance (e.g. inability to use a unique identifier more than once) When reviewing changes or incidents the ability to easily identify components that share a relationship with the primary CI being reviewed. Tightly coupled link to Problem Management data in the CMDB (if the Problem Management data is held in a separate system the CMDB Page 79
The CMDB and Configuration Management Creation and Maintenance Guide
must be able to hook into that system). Flow through updates on version numbers following releases, etc. History section to allow a review of past events to components (including changes to versions, installation date, RFCs, location changes, etc.) Powerful reporting ability, with both pre-defined reports and the ability to create custom reports. Also the ability to perform trend analysis to help facilitate future requirements. Based on logical divisions of your organization the ability to display component details by geographic location or functional department or network segment, etc. Parent/Child display CMDB back-ups, archives and housekeeping Regular back-ups (combined with secure storage) are an important element of CMDB design. Many databases can grow to an enormous size. The backup of such large databases is in itself a skilled practice that must be well thought out and executed. Normal backup procedures and practices should apply (e.g. full and differential backups, off site storage, testing of recoverability, etc.)
Refer to Configuration Management Implementation and Planning document found within this book
Configuration Management Naming - Attributes The following attributes are examples that could be used in the CMDB. Note that hardware CI types will have different attributes from software CI types.
Attribute
Description
CI Name
The unique name by which this type of CI is known.
Copy or Serial Number
The number that uniquely identifies the particular
Page 80
The CMDB and Configuration Management Creation and Maintenance Guide
instances of this CI - for example, for software the copy number, for hardware the serial number. Category
Classification of a CI (e.g. hardware, software, documentation etc).
Type
Description of CI type, amplifying 'category' information (e.g. hardware configuration, software package, hardware device or program module).
Model Number (hardware)
Model of CI (corresponding, for example, to supplier's model number e.g. Dell model xxx, PC/aa model yyy).
Warranty expiry date
Date when the supplier's warranty expires for the CI.
Version Number
The version number of the CI.
Location
The location of the CI, e.g. the library or media where the software CIs reside, the site/room where a service is located.
Owner Responsible
The name and/or designation of the owner responsible for the CI.
Responsibility Date
Date the above owner became responsible for the CI.
Source/supplier
The source of the CI, e.g. developed in-house, bought in from company xxxxx etc.
License
License number or reference to license agreement
Supply Date
Date when the CI was supplied to the organization.
Accepted Date
Date when the CI was accepted by the organization as satisfactorily tested.
Status (current)
The current status of the CI; e.g. under 'test', 'live', 'archived'.
Status (scheduled)
The next scheduled status of the CI (with the date or indication of the event that will trigger the status change).
Parent CI(s) relationships
The unique CI identifier(s) name/copy/number/model/number/ of the
Page 81
The CMDB and Configuration Management Creation and Maintenance Guide
Child CI(s) relationships
'parent(s)' of this CI. The unique CI identifier(s) of all 'children' of this CI.
Relationships
The relationship of the CI with all CIs other than 'parent' and 'child' (e.g. this CI 'uses' another CI, this CI 'is connected to' another CI, this CI is 'resident on' another CI, this CI 'can access' another CI).
RFC Numbers
The identification number of all RFCs affecting this CI.
Change Numbers
The identification number of all Change records affecting this CI.
Problem Numbers
The identification number of all Problem records affecting this CI.
Incident Numbers
The identification number of all Incident records affecting this CI.
Service
The service that the CI supports.
SLA Number or Name
Any specific SLA’s that this CI forms a part of.
UC Number or Name
Any specific UC that this CI forms a part of.
Value - Initial
Initial value of the CI.
Value - Current
Current Value after depreciation.
Security Level
Minimum staff security level for access.
Comment
A comment field to be used for textual narrative; for example, to provide a description of how this version of the CI is different from the previous version.
For RFC’s, Change records, package Release records, etc, the names, copy numbers, model numbers and version numbers of CIs affected by the Change, and how they are affected, should be recorded in the CMDB. A reversion path, and the consequences of reversion, should also be recorded.
Page 82
The CMDB and Configuration Management Creation and Maintenance Guide
4.6
Roles and Responsibilities involved with the CMDB Database
Service Design is responsible for designing the baselines appropriate for the service and identifying the relevant assets and CIs with input from the business change manager(s) and others who have responsibilities for delivering services and maintaining the business continuity. During the first stages of a project the programme or project office may be responsible for administering the Configuration Management process, maintaining copies of relevant documentation concerning the CIs, and controlling the release of the CIs following appropriate approvals. At defined release points for a service and service package, the programme or project office will pass responsibility to Service Transition who will take responsibility for Configuration Management of the CI documentation. Responsibilities for reviewing and approving assets and CIs across the service lifecycle and during deployment need to be defined and allocated to individuals with appropriate skills and authority. Role specifications for the Change Management, Service Asset and Configuration Management teams need to be developed. Typical roles include: Service Asset Manager Configuration Manager Configuration Analyst Configuration Librarian CMS/Tools Administrator Assign the configuration manager and other key roles as early as possible, because assigned individuals can then be involved in the implementation. For some operational activities, Configuration Management will require staff who will adopt a diligent approach and pay due attention to detail. The Service Asset Manager The service asset manager has the following responsibilities: Works to the overall objectives agreed with the IT services manager; implements the organization’s service Asset Management policy and standards Evaluates existing Asset Management systems and the design, implementation and management of new/improved systems for efficiency and effectiveness, including estimating and planning the work and resources involved, and monitoring and reporting on progress against plan Agrees scope of the Asset Management processes, function, the items that are to be controlled, and the information that is to be recorded; developed Asset Management standards, Asset Management plans and procedures
Page 83
The CMDB and Configuration Management Creation and Maintenance Guide
Mounts an awareness campaign to win support for new Asset Management procedures; ensures that changes to the Asset Management methods and processes are properly approved and communicated to staff before being implemented; plans, publicizes and oversees implementation of the new Asset Management systems Arranges recruitment and training of staff Manages the evaluation of proprietary Asset Management tools and recommends those that best meet the organization’s budget, resource, timescale and technical requirements Manages the Asset Management plan, principles and processes and their implementation Agrees assets to be uniquely identified with naming conventions; ensures that staff comply with identification standards for object types, environments, processes, lifecycles, documentation, versions, formats, baselines, releases and templates Proposes and/or agrees interfaces with Change Management, problem management, network management, release management, computer operations, logistics, finance and administration functions Plans population of the asset DB; manages the asset DB, central libraries and tools; ensures regular housekeeping of the asset DB Provides reports, including management reports (indicating suggested action to deal with current or foreseen shortcomings), impact analysis reports and asset status reports Initiates actions needed to secure funds to enhance the infrastructure and staffing levels in order to cope with growth and change Assists auditors to audit the activities of the Asset Management team for compliance with laid-down procedures; ensures corrective action is carried out. The Configuration Manager The configuration manager has the following responsibilities: Works to the overall objectives agreed with the IT services manager; implements the organization’s Configuration Management policy and standards Evaluates existing Configuration Management Systems and the design, implementation and management of new/improved systems for efficiency and effectiveness, including estimating and planning the work and resources involved, and monitoring and reporting on progress against plan Agrees scope of the Configuration Management processes, function, the items that are to be controlled, and the information that is to be recorded; develops Configuration Management standards, Configuration Management Plans and procedures Mounts an awareness campaign to win support for new Configuration Management procedures; ensures that changes to the Configuration Management methods and processes are properly approved and communication to staff before being implemented; plans, publicizes and oversees implementation of new Configuration Management Systems Page 84
The CMDB and Configuration Management Creation and Maintenance Guide
Arranges recruitment and training of staff Manages the evaluation of proprietary Configuration Management tools and recommends those that best meet the organization’s budget, resource, timescale and technical requirements Manages the Configuration Management Plan, principles and processes and their implementation Agrees CIs to be uniquely identified with naming conventions; ensures that staff comply with identification standards for object types, environments, processes, lifecycles, documentation, versions, formats, baselines, releases and temples Proposes and/or agrees interfaces with Change Management, problem management, network management, release management, computer operations, logistics, finance and administration functions Plans population of the CMS; manages CMS, central libraries, tools, common codes and data; ensures regular housekeeping of the CMS Provides reports, including management reports (indicating suggested action to deal with current or foreseen shortcomings), impact analysis reports and configuration status reports Initiates actions needed to secure funds to enhance the infrastructure and staffing levels in order to cope with growth and change Assists auditors to audit the activities of the Configuration Management team for compliance with laid-down procedures; ensure corrective action is carried out. The Configuration Analyst The Configuration Analyst has the following responsibilities: Proposes scope of the Asset and Configuration Management processes, function, the items that are to be controlled, and the information that is to be recorded; develops Asset and Configuration Management standards, plans and procedures Trains Asset and Configuration Management specialists and other staff in Asset and configuration Management principles, processes and procedures Supports the creation of the Asset and Configuration Management Plans and principles and their implementation Creates Asset and Configuration Management processes and procedures; access controls and privileges; ensures that the correct roles and responsibilities are defined in the Asset and Configuration Management Plans and procedures Proposes and agrees with the Asset and Configuration Manager CIs to be uniquely identified with naming conventions; ensures that developers and configuration system users comply with identification standards for object types, environments, processes, lifecycles, documentation, versions, formats, baselines, releases and templates Liaises with the Configuration Librarian on population of the asset and CMS; manages asset and CMS, central libraries, common codes and data; ensures regular housekeeping of the asset and CMS
Page 85
The CMDB and Configuration Management Creation and Maintenance Guide
Uses or provides the asset and CMS to facilitate impact assessment for RFCs and to ensure that implemented changes are as authorized; creates change records, configuration baselines, and package release records in order to specify the effect on CIs of an authorized change; ensures any changes to change authorization records are themselves subject to Change Management procedures; ensures that the asset and CMS is updated when a change is implemented Uses the asset and CMS to help identify other CIs Performs configuration audits to check that the physical IT inventory is consistent with the asset and CMS and initiates any necessary corrective action Creates and populates project libraries and CM system; checks items and groups of items into the CM tools Accepts baselined products from third parties and distributes products Builds system baselines for promotion and release Maintains project status information and status accounting records and reports Monitors problems (test incidents) and maintains database for collection and reporting of metrics The Configuration Librarian The Configuration Librarian is the custodian and guardian of all master copies of software, assets and documentation CIs registers with Asset and Configuration Management. The major tasks of this role are to: Control the receipt, identification, storage, and the withdrawal of all supported CIs Provide information on the status of CIs Number, record, store and distribute Asset and Configuration Management issues The Configuration Librarian has the following specific responsibilities: Assists Asset and Configuration Management to prepare the Asset and Configuration Management Plan Creates an identification scheme for Configuration Management libraries and the Definitive Media Library (DML) Creates an identification scheme for assets and the Definitive Spares (DS) Creates libraries or other storage areas to hold CIs Assists in the identification of products and CIs Maintains current status information on CIs Accepts and records the receipt of new or revised configurations into the appropriate library Archives superseded CI copies Holds the master copies Administers configuration control process: • Distributes change requests to individual team members for impact assessment Page 86
The CMDB and Configuration Management Creation and Maintenance Guide
• • • • • •
Validates completeness of change requests Routes change requests to appropriate authority for approval Progresses and tracks change requests through to completion Reports on change requests Records decisions about change requests Issues copies of products for review, change, correction or information when authorized to do so • Maintains a record of all copies issued • Notifies holders of any changes to their copies • Collects and retains information that will assist in the assessment of what CIs are impacted by a change to a product Produces configuration status accounting reports Assists in conducting configuration audits Liaises with other configures libraries where CIs are common to other systems The CMS/Tools Administrator The CMS/Tools Administrator has the following responsibilities: Evaluates proprietary Asset and Configuration Management tools and recommends those that best meet the organization’s budget, resource, timescale and technical requirements; directly or indirectly customizes proprietary tools to produce effective Asset and configuration Management environments in terms of databases and software libraries, workflows and report generation Monitors the performance and capacity of existing Asset and Configuration Management systems and recommends improvement opportunities and undertakes standard housekeeping and fine tuning under change control Liaises with the Configuration Analyst and Librarian on population of the asset and CMS; provides technical administration and support for asset and CMS, central libraries, tools’ common codes and data; undertakes regular technical housekeeping of the asset and CMS Ensures the integrity and operational performance of the CM systems. The Configuration Control Board The Configuration Control Board is required to ensure that the overarching intention and policies of Configuration Management are employed throughout the Service Management lifecycle and with specific consideration for every aspect of the complete service. The Board has the following responsibilities: Defines and controls the service configuration baselines in terms of core and support services, applications, information, service, technical, infrastructure – ensure that they meet the requirements established in the Service Design Reviews changes in the service configuration for compliance with standards, contractual and internal requirements
Page 87
The CMDB and Configuration Management Creation and Maintenance Guide
Originates requirement changes for service configuration to comply with contract change requests. In some organizations, the Configuration Control Board will be combined with change, thereby providing a holistic view of the current and proposed services and service models, enabling better control, change evaluation, impact assessment and understanding.1
1
OGC Service Transition
Page 88
The CMDB and Configuration Management Creation and Maintenance Guide
4.7
Communication Plan IT Services Communication Plan Process: Service Asset & Configuration Management
Status: Version:
0.1
Release Date:
Page 89
The CMDB and Configuration Management Creation and Maintenance Guide
Communication Plan for Configuration Management The document is not to be considered an extensive statement as its topics have to be generic enough to suit any reader for any organization. However, the reader will certainly be reminded of the key topics that have to be considered. This document serves as a guide for communications required for the Configuration Management process. This document provides a basis for completion within your own organization. This document contains suggestions regarding information to share with others. The document is deliberately concise and broken into communication modules. This will allow the reader to pick and choose information for e-mails, flyers, etc. from one or more modules if and when appropriate.
This document was; Prepared by: On:
<>
And accepted by: On:
<>
Page 90
The CMDB and Configuration Management Creation and Maintenance Guide
Initial Communication
Sell the Benefits. First steps in communication require the need to answer the question that most people (quite rightly) ask when the IT department suggests a new system, a new way of working. WHY? It is here that we need to promote and sell the benefits. However, be cautious of using generic words. Cite specific examples from your own organization that the reader will be able to relate to (to help develop specific examples contact [email protected] for competitive quotation).
Generic Benefit statements
Specific Organizational example
CM provides accurate information on our IT components. Allows us to more carefully control the valuable IT infrastructure. Helps us to more effectively manage our expenditure on IT. Assists with protecting against illegal or unauthorized software.
This is important because… In recent times our control on IT has… Apart from the obvious benefits, the IT department in recent times has… A recent example of … saw the individual and the company face severed penalties.
The above Communication module (or elements of) was/were distributed; To: On:
<>
By: On:
<>
Page 91
The CMDB and Configuration Management Creation and Maintenance Guide
Configuration Management Goals
The Goals of Configuration Management. The Goals of Configuration Management can be promoted in the following manner. •
Account for all the IT assets and configurations within the organisation and its services
•
Provide accurate information on configurations and their documentation to support all the other Service Management processes
•
Provide a sound basis for Incident Management, Problem Management, Change Management and Release Management
•
Verify the configuration records against the infrastructure and correct any exceptions.
Always bear in mind the “so what” factor when discussing areas like goals and objectives. If you cannot honestly and sensibly answer the question “so what” – then you are not selling the message in a way that is personal to the listener and gets their “buy-in”.
The above Configuration Goals module was distributed; To: On:
<>
By: On:
<>
Page 92
The CMDB and Configuration Management Creation and Maintenance Guide
Configuration Plan
Configuration Management Planning Certain groups of people will need to know in advance the flow of the activities that can be expected with the process.
•
The purpose, scope and objectives of Configuration Management
•
Related policies, standards and processes that are specific to the support group
•
Configuration Management roles and responsibilities
•
CI (Configuration Item) naming conventions
•
The schedule and procedures for performing Configuration Management activities: configuration identification, control, status accounting, configuration audit and verification
•
Interface control with third parties, e.g. Change Management, suppliers
•
Configuration Management systems design, including scope and key interfaces
Remember that any of these individual points can be expanded on as its own point of communication.
Elements relating to the above activities were presented; To: On:
<>
By: On:
<>
Page 93
The CMDB and Configuration Management Creation and Maintenance Guide
Configuration Activities
Intrusive Activities The list of actions in this module may have a direct impact on end users. They will be curious as to why staff have a sudden interest in what they see as their own IT equipment. Explaining these “intrusive activities” will reduce the surprise (and that will reduce the resistance to co-operate).
Configuration identification •
CIs are the components used to deliver a service. The CIs include software, hardware, documentation and SLAs
•
Also identify the relationship between CIs and the attributes for every CI.
Control of CIs •
The objective of configuration control is to ensure that only authorized and identifiable CIs are recorded in the CMDB upon receipt.
Configuration status accounting Status reports should be produced on a regular basis, listing, for all CIs under control, their current version and Change history. Status accounting reports on the current, previous and planned states of the CIs should include: • • • • • •
Unique identifiers of constituent CIs and their current status, e.g. 'under development', 'under test', 'live' Configuration baselines, Releases and their status Latest software item versions and their status for a system baseline/application The person responsible for status change, e.g. from 'under test' to 'live' Change history/audit trail Open Problems/RFCs.
Information regarding intrusive activities was distributed; To: On:
<>
By: On:
<>
Page 94
The CMDB and Configuration Management Creation and Maintenance Guide
Configuration Plan
Verification and Audit Another intrusive activity, but one that must be explained to current and new staff. Audits will be regular. This advice is as much about fore-warning of an audit as it is a chance for certain elements to change behaviors.
Configuration verification and audit Service Desk staff, while registering incidents, can do daily verification. Configuration audits should be considered at the following times: •
Shortly after implementation of a new Configuration Management system
•
Before and after major Changes to the IT infrastructure
•
Before a software Release or installation to ensure that the environment is as expected
•
Following recovery from disasters and after a 'return to normal' (this audit should be included in contingency plans
•
At random intervals
•
In response to the detection of any unauthorized CI
•
At regular intervals
News about the Configuration Audit and Verification was distributed; To: On:
<>
By: On:
<>
Page 95
The CMDB and Configuration Management Creation and Maintenance Guide
Configuration Plan
Costs Information relating to costs may be a topic that would be held back from general communication. Failure to convince people of the benefits will mean total rejection of associated costs. If required, costs fall under several categories: •
Personnel – audit verification staff, database management team (Set-up and ongoing)
•
Accommodation – Physical location (Set-up and ongoing)
•
Software – Tools (Set-up and ongoing)
•
Hardware – Infrastructure (Set-up)
•
Education – Training (Set-up and ongoing)
•
Procedures – external consultants etc. (Set-up)
The costs of implementing Configuration Management will be outweighed by the benefits. For example, many organizations cannot function satisfactorily unless they can handle a high volume of software and hardware Changes without sacrificing quality. Without adequate control, organizations are at risk from such things as computer fraud, inadvertent software corruption, software viruses and other malicious software. The damage caused by these can be enormous.
Details regarding the cost of Configuration management were distributed; To: On:
<>
By: On:
<>
Page 96
The CMDB and Configuration Management Creation and Maintenance Guide
4.8
Presentation Layer
Portal
Example of Asset and Configuration Management Plan Contents
Change and Release View Schedules/plans Change Request Status Change Advisory Board agenda and
Asset Management View Financial Asset Asset Status Reports Asset Statements and Bills License Management Asset performance
Configuration Life Cycle View Project configurations Service Strategy, Design, Transition, Operations configuration baselines and
Technical Configuration View Service Applications Application Environment Test Environment Infrastructure
Quality Management View Asset and Configuration Management Policies, Processes, Procedures, forms, templates, checklists
Service Desk View User assets User configuration, Changes, Releases, Asset and Configuration item and related incidents, problems,
Modelling
Monitoring Scorecards, Dashboards Alerting
Search, Browse, Store, Retrieve, Update, Publish, Subscribe, Collaborate
Knowledge Processing Layer
Information Integration Layer
Query and Analysis
Performance Management Forecasting, Planning, Budgeting
Reporting
Business/Customer/Supplier/User – Service – Application – Infrastructure mapping
Service Portfolio Service Catalogue
Common Process, Data and Information
Service Model
Schema Mapping
Integrated CMDB
Meta Data Management
Data reconciliation
Service Release
Data synchronization
Service Change
Extract, Transform, Load
Mining
Data Integration
Project Documentation Filestore Data and Information Sources and Tools
Definitive Media Library Definitive Document Library
Structured
Project Software
Definitive Multimedia Library 1
Definitive Multimedia Library 2
Physical CMDBs
CMDB1
CMDB2
Platform Configuration Tools E.g. Storage Database Middleware Network Mainframe Distributed Desktop
Software Configuration Management
Discovery, asset Management and audit tools
Enterprise Applications Access Management Human Resources Supply Chain Management Customer Relationship Management
CMDB3
There is no set template for determining the optimum approach for SACM. The management team and Configuration Management should decide what level of Configuration Management is required for the selected service or project that is delivering changes and how this will be achieved. All of these details will be documented in a Configuration Management Plan. Often, there will be a Configuration Management Plan for a project, service or groups of services, e.g. network services. These plans define the specific Configuration Management activities within the context of the overarching strategy. An example of the contents for a plan is detailed below. Context and Purpose Scope: • Applicable services • Environments and Infrastructure • Geographical locations.
Page 97
The CMDB and Configuration Management Creation and Maintenance Guide
Requirements: • Link to policy, strategy • Link to business, Service Management and contractual requirements • Summarize requirements for accountability. traceability, audit ability • Link to requirements for the Configuration Management System (CMS). Applicable policies and standards: • Policies • Industry standards, e.g. ISO/IEC 20000, ISO/IEC 19770-1 • Internal standards relevant to Configuration Management, e.g. hardware standards, desktop standards. Organization for Configuration Management: • Roles and responsibilities • Change and configuration control boards • Authorization – for establishing baseline, changes and releases. Asset and Configuration Management System and tools. Selection and application of processes and procedures to implement Asset and Configuration Management activities, e.g. • Configuration identification • Version Management • Interface Management • Supplier Management • Configuration Change Management • Release and Deployment • Build Management • Establishing and maintaining configuration baselines • Maintaining the CMS • Reviewing the integrity of configurations and the CMS (verification and audit). Reference implementation plan, e.g. data migration and loading, training and knowledge transfer plan.2
2
OGC Service Transition Book
Page 98
The CMDB and Configuration Management Creation and Maintenance Guide
4.9
Identification Guidelines IT Services Identification Guidelines Process: Service Assets & Configuration Management
Status: Version:
0.1
Release Date:
Page 99
The CMDB and Configuration Management Creation and Maintenance Guide
Identification Guidelines for Configuration Management The document is not to be considered an extensive statement as its topics have to be generic enough to suit any reader for any organization. However, the reader will certainly be reminded of the key topics that have to be considered. This document serves as a DATA DICTIONARY for the Configuration Management process. This document provides a basis for completion within your own organization. This document contains suggestions regarding the CIs that can be captured and is the document that will fuel thoughts about other CIs that are specific to your organization or particular need.
This document was; Prepared by: On:
<>
And accepted by: On:
<>
Page 100
The CMDB and Configuration Management Creation and Maintenance Guide
First Word – PLAN THE LEVEL OF DETAIL FIRST Establish what will be the lowest level of detail that will be required. The test is to ask if that level of detail will be usable to assist business managers to make more informed decisions. If the answer is No, then carefully consider the value of maintaining information to that depth. Time taken during this step will pay future rewards. Proper prior planning prevents poor performance. Configuration Item (CI) attributes The following list provides examples of attributes that could be associated with Configuration Items (CIs) in the CMDB. As you would expect the most relevant attribute for a CI is based on its substance (eg. hardware, software, documentation, etc.) (Note the difference between a CI, attribute and value can be explained using this example... A car would be a CI, Color would be an attribute, and Red would be the value)
Attribute
Description
CI Identifier
The unique identifier by which this type of CI is referred to (NAME).
Unique Number
The number that uniquely identifies the CI (e.g. software serial number, hardware serial number).
CI Category
Whether the CI can be categorized as documentation, hardware, software, etc.
(Hardware) Model Number
Model of the component (usually the suppliers model number).
Warranty expiry date
Date when the supplier's warranty expires for the component.
Version Number
The version number of the CI.
Location
The physical location of the component, e.g. floor, cubicle,
Notes/Comments
Page 101
The CMDB and Configuration Management Creation and Maintenance Guide
building number, city, site. Owner Responsible
The name and (preferably) title of the owner responsible for the CI.
Responsibility Date
Date the above owner became responsible for the CI.
CI Source
Was the component developed internally or purchased from an outside supplier.
License
License number or reference to license agreement (usually a paper license document)
Supply Date
Date when the CI was delivered or the organization took official ownership.
Current Status
Is the component currently in production, live, archived, awaiting destruction?
Scheduled Status
Within reason the next expected status for this component.
Parent relationships
The unique identifier of components that this CI forms a component of.
Child relationships
The unique identifier of components that this CI directly supports.
Relationships
The relationship of the CI with other CIs …uses … ….is connected to…….. ….is resident on…. ….can connect to…. …..is able to access….
RFC Numbers
The number of change requests that directly affect this CI.
Problem Record number
Problem record id numbers that are related to the CI.
Incident Record
Incident record id numbers that are
Page 102
The CMDB and Configuration Management Creation and Maintenance Guide
number
related to the CI.
Comment
A comment field (generally free text)
Configuration Items (CIs) will be created from the following categories: Category
Notes/Comments
Change documentation Hardware (including network components where relevant) Business systems (specific applications) – eg. SAP, Oracle Packaged software (“off-the-shelf” packages and products). System software (Operating Systems) Network configuration items Databases Links between databases and applications. Configuration documentation, e.g. system and interface specifications, licences, maintenance agreements, SLAs, decommissioning statement Other documentation (procedures, forms, etc.) Service Management items such as plans and records Final word - When to use “Variants” If a Configuration Item is regarded as “slightly different” from a related CI, and if problems that would affect one are likely to flow through to the other (or changes to one should probably be made to the other) then using a “variant” is most likely acceptable. In all other cases a different CI should be created. Refer to the CMDB Design document, found within this book Page 103
The CMDB and Configuration Management Creation and Maintenance Guide
Page 104
The CMDB and Configuration Management Creation and Maintenance Guide
4.10 Planning and Implementation for Configuration Management IT Services Implementation Plan/Project Plan Skeleton Outline Process: Service Asset & Configuration Management
Status: Version:
0.1
Release Date:
Page 105
The CMDB and Configuration Management Creation and Maintenance Guide
Planning and implementation for Configuration Management This document as described provides guidance for the planning and implementation of the Configuration Management ITIL process. The document is not to be considered an extensive plan as its topics have to be generic enough to suit any reader for any organization. However, the reader will certainly be reminded of the key topics that have to be considered for planning and implementation of this process. Initial planning When beginning the process planning the following items must be completed: CHECK
DESCRIPTION
☺ or 2 or date Get agreement on the objective (use the ITIL definition), purpose, scope, and implementation approach (e.g. Internal, outsourced, hybrid) for the process. Assign a person to the key role of process manager/owner. This person is responsible for the process and all associated systems. Conduct a review of activities that would currently be considered as an activity associated with this process. Make notes and discuss the “re-usability” of that activity. Create and gain agreement on a high-level process plan and a design for any associated process systems. NOTE: the plan need not be detailed. Too many initiatives get caught up in too much detail in the planning phase. KEEP THE MOMENTUM GOING. Review the finances required for the process as a whole and any associated systems (expenditure including people, software, hardware, accommodation). Don’t forget that the initial expenditure may be higher than the ongoing costs. Don’t forget annual allowances for systems maintenance or customizations to systems by development staff. Agree to the policy regarding this process (see CONMGT3300)
Page 106
The CMDB and Configuration Management Creation and Maintenance Guide
Create Strategic statements.
Refer to the Policy, Objective and Scope document for more template information regarding statements.
Policy Statement The policy establishes the “SENSE OF URGENCY” for the process. It helps us to think clearly about and agree on the reasons WHY effort is put into this process. An inability to answer this seemingly simple, but actually complex question is a major stepping stone towards successful implementation The most common mistake made is that reasons regarding IT are given as the WHY we should do this. Reasons like to make our IT department more efficient are far too generic and don’t focus on the real issue behind why this process is needed. The statement must leave the reader in no doubt that the benefits of this process will be far reaching and contribute to the business in a clearly recognizable way.
Page 107
The CMDB and Configuration Management Creation and Maintenance Guide
Objective Statement When you are describing the end or ultimate goal for a unit of activity that is about to be undertaken you are outlining the OBJECTIVE for that unit of activity. Of course the activity may be some actions for just you or a team of people. In either case, writing down the answer to WHERE will this activity lead me/us/the organization is a powerful exercise. There are many studies that indicate the simple act of putting a statement about the end result expected onto a piece of paper, then continually referring to it, makes achieving that end result realistic. As a tip regarding the development of an objective statement; don’t get caught up in spending hours on this. Do it quickly and go with your instincts or first thoughts – BUT THEN, wait a few days and review what you did for another short period of time and THEN commit to the outcome of the second review as your statement.
Page 108
The CMDB and Configuration Management Creation and Maintenance Guide
Scope Statement In defining the scope of this process we are answering what activities and what “information interfaces” does this process have. Don’t get caught up in trying to be too detailed about the information flow into and out of this process. What is important is that others realize that information does in fact flow. For example, with regard to the CONFIGURATION MANAGEMENT process we can create a simple table such as:
Configuration Management Information flows Process
Process
Information
ConMgt
to
ChangeMgt
Details of affected CIs for an RFC
ChangeMgt
to
ConMgt
Request for information on RFC affected CIs
ConMgt
to
ReleaseMgt
Current version numbers of production software
ReleaseMgt
to
ConMgt
New version numbers for production software
ConMgt
to
ProblemMgt
CI attributes for root cause analysis
ProblemMgt
to
ConMgt
Request for CI attributes
Page 109
The CMDB and Configuration Management Creation and Maintenance Guide
Establish Priorities There can be a variety of ways to implement this process. For a lot of organizations a staged implementation may be suitable. For others a “big bang” implementation – due to absolute equality may be appropriate. In reality however, we usually look at implementation according to pre-defined priorities. Consider the following options and then apply a suitable model to your own organization or case study. Geographical
Functional
Technology
Service
Head office
Accounts
Servers
SAP
Branch office
Administration
Laptops
E-mail
Customer site
Production
Printers
Workflow system
etc
etc
etc
etc
etc
etc
etc
etc
The priority selection has to be made with other factors in mind, such as competitive analysis, any legal requirements, and desires of “politically powerful influencers”. Costs The cost of process implementation is something that must be considered before, during and after the implementation initiative. The following points and table helps to frame these considerations: (A variety of symbols have been provided to help you indicate required expenditure, rising or falling expenditure, level of satisfaction regarding costs in a particular area, etc.) Initial Personnel
During Ongoing 0
/
Costs of people for initial design of process, implementation and ongoing support Accommodation
☺
Costs of housing new staff and any associated new equipment and space for documents or process related concepts. Software
Page 110
The CMDB and Configuration Management Creation and Maintenance Guide
New tools required to support the process and/or the costs of migration from an existing tool or system to the new one. Maintenance costs Hardware New hardware required to support the process activities. IT hardware and even new desks for staff. Education Re-education of existing staff to learn new techniques and/or learn to operate new systems. Procedures Development costs associated with filling in the detail of a process activity. The step-by-step recipe guides for all involved and even indirectly involved personnel. In most cases, costs for process implementation have to be budgeted for (or allocated) well in advance of expenditure. Part of this step involves deciding on a charging mechanism (if any) for the new services to be offered. Refer to FINANCIALMGT. Build the team Each process requires a process owner and in most situations a team of people to assist. The Configuration Management process is perhaps the process in the Service Support set that has the largest amount of initial and on-going activity. The team size may or may not reflect this. Of course a lot will be dependant on the timing of the implementation and whether it is to be staged or implemented as one exercise. Refer to CMDB Roles and Responsibilities document for role, responsibilities and tasks of involved personnel.
Page 111
The CMDB and Configuration Management Creation and Maintenance Guide
Analyse current, in-use systems Naturally there are many organizations that have many existing tools and systems that form part of this process. It is critical to identify these systems and consider their future role as part of the new process definition. Examples of areas to review are: Area
Notes
Power teams Current formal procedures Current informal procedures Current role descriptions Existing organizational structure Current infrastructure owners Existing change management and release management processes Spreadsheets, databases and other repositories Other…
Refer to CMDB Design document and template found within this book Configuration Management plans and design Quite often planning and design activities for Configuration Management are spread across an organization. For example, mainframe environments, networks and desktops used in multiple locations. In such distributed cases, or even when infrastructure is centralized, responsibilities can be delegated to groups that have specialist skills in a technology or platform. This is especially true when it is not cost effective to train other staff in these specialist areas. In these cases, the process manager retains responsibility for ensuring that plans and overall process design is aligned and moving in the correct strategic direction.
Page 112
The CMDB and Configuration Management Creation and Maintenance Guide
Relationships between the plans should be visible so that staff can understand how their activities fit in context with other planning and designs of the Configuration Management process. It is important that each plan cross-references and link to other plans. Especially for lower-level (more operational) plans that must link to their upper level strategic “parents”. This ensures that duplication is avoided and plans are aligned and reinforce each other. The Configuration Management plans helps to define the scope of Configuration Management. The plans become the best input for the planning stage. Examples of areas that may require their own Configuration Plan include: Application Maintenance Servers and network Desktop Mainframe Implementation Planning After base decisions regarding the scope of the process and the overall planning activities are complete we need to address the actual implementation of the process. It is unlikely that there will not be some current activity or work being performed that would fit under the banner of this process. However, we can provide a comprehensive checklist of points that must be reviewed and done. Implementation activities for Configuration Management Activity
Notes/Comments/Time Frame/Who
Review current and existing Configuration Management practices in greater detail. Make sure you also review current process connections from these practices to other areas of IT Service Delivery. Review the ability of existing functions and staff. Can we “reuse” some of the skills to minimize training, education and time required for implementation? Establish the accuracy and relevance of current configuration data held in local spreadsheets or databases. As part of this step if any information Page 113
The CMDB and Configuration Management Creation and Maintenance Guide
is credible document the transition from the current system to any new system that is selected. Decide how best to select any vendor that will provide assistance in this process area (including tools, external consultancy or assistance to help with initial high workload during process implementation). Establish a selection guideline for the evaluation and selection of tools required to support this process area (i.e. the CMDB and automated discovery tools). Purchase and install tools required to support this process (i.e. the CMDB and automated discovery tools). Ensure adequate skills transfer and ongoing support is considered if external systems are selected. Document the information flows from Configuration Management to Change Management, Release Management and other ITIL Service Management processes. Establish the CI types, attributes, types of relationships that will be managed in the CMDB. Create any required business processes interfaces for this process that can be provided by the automated tools (e.g. reporting – frequency, content). Conduct a detailed test of the selected tools. Make sure that time is allowed for fixing any detected errors. Test under different circumstances and think laterally about different situations that could occur and then test them. Ensure that known secure storage areas are available and able to accommodate what will be held (consider, fire, theft, heat, humidity, etc.) Document and get agreement on roles, responsibilities and training plans Communicate with and provide necessary education and training for staff that covers the actual importance of the process and the intricacies of being part of the process itself.
Page 114
The CMDB and Configuration Management Creation and Maintenance Guide
Refer to Communication Plan, found within this book Refer to CMDB Roles and Responsibilities document for role, responsibilities and tasks of involved personnel. An important point to remember is that if this process is to be implemented at the same time as other processes that it is crucial that both implementation plans and importantly timing of work is complementary. The CMDB and Definitive Software Library Ideally, we would have no changes to the infrastructure while data is being gathered for entry into the CMDB. After information is gathered there should be a permanent strong link between Configuration Management and Change Management. These two processes, probably more than any share an exceptionally close connection. An important but often overlooked point is that information regarding Requests for Change should be kept in the CMDB data store. This way it is easier to make links from changes to incidents or problems that may arise as a result of the change. The Release Management (RELEASEMGT) oversees the completion of the Definitive Software Library (DSL). This has to happen at the same time as the CMDB is being filled. The following issues make it necessary to develop DSL specific procedures: 1. 2. 3.
Fully authorized and licensed software only is accepted into the DSL Software is protected (security management) in the DSL Software is only removed or copied by authorized staff.
An important phase of the project is the development of contingency plans in the case of procedural or system failure. Even though procedures and systems may have undergone extensive testing and sign-off there should be time allowed for unforeseen “go-live” issues. Cutover to new processes Once in operation, it is essential that no new items are added to the IT infrastructure without proper authority from the Configuration Management process.
Page 115
The CMDB and Configuration Management Creation and Maintenance Guide
This is only possible when communication and interfaces are properly established. This is one of the key benefits of the ITIL framework (the inter-connection of one process area to all others). It may be necessary to develop “penalties” for process breaches. This may be done ahead of go-live or left until the nature and extent of any breach is understood (to ensure that we don’t over-react). Other implementation considerations In most organizations the rate of Configuration Management implementation should be a gradual exercise. It may be best to start with specific CIs that are easily recognizable, but with low business impact. This allows the team to practice and develop skills and confidence in the entire process.
Page 116
The CMDB and Configuration Management Creation and Maintenance Guide
4.11 Objectives / Goals IT Services Detailed Objectives/Goals Process: Service Asset & Configuration Management
Status: Version:
0.1
Release Date:
Page 117
The CMDB and Configuration Management Creation and Maintenance Guide
Detailed Objectives/Goals for Configuration Management The document is not to be considered an extensive statement as its topics have to be generic enough to suit any reader for any organization. However, the reader will certainly be reminded of the key topics that have to be considered. The detailed objectives for Configuration Management should include the following salient points: Objective
Notes
A desire to provide accurate and correct information on present configurations with both the physical (specific attributes about a CI) and functional specifications (part that the CI plays and it’s relationships with other CIs).
Met/Exceeded/Shortfall ☺ Dates/names/role titles
A storage objective related to definitive and trusted copies of documentation, software and other specification documents that have been duly authorized. After they have been agreed upon a specific objective for the process is to continue reporting metrics. This is an activity that is often forgotten over time or simply not done from the out-set. Undertaking logistical activities including the labeling (after identification) and recording of names and versions of the CIs that make up the IT services and the IT infrastructure. Ensuring the large volumes of data from changes or when the process is first set up is accurately entered into the CMDB and that the entry is timely and not too late in order to deliver process benefits. Verification and auditing duties so that we can have an assurance that the actual
Page 118
The CMDB and Configuration Management Creation and Maintenance Guide
state of the IT infrastructure matches the authorized configuration records and data (including exception reporting). Providing on-going awareness, education and training for staff involved with the process and communication to noninvolved, but affected personnel.
Page 119
The CMDB and Configuration Management Creation and Maintenance Guide
4.12 Other CMDB Maintenance Considerations The Configuration Management system should prevent changes from being made to the IT infrastructure or service configuration baseline without valid authorization via Change Management. The authorization record should automatically ‘drive’ the change. As far as possible, all changes should be recorded on the CMS at least by the time that the change is implemented. The status (e.g. ‘live’, ‘archive’, etc.) of each CI affected by a change should be updated automatically if possible. Example ways in which this automatic recording of changes could be implemented include automatic updating of the CMS when software is moved between libraries (e.g. from ‘acceptance test’ to ‘live’, or from ‘live’ to an ‘archive’ library), when the service catalogue is changed, and when a release is distributed. The Configuration Management System should, in addition, provide: Sufficient security controls to limit access on a need-to-know basis Support for CIs of varying complexity, e.g. entire systems, releases, single hardware items, software modules Hierarchic and networked relationships between CIs; by holding information on the relationships between CIs, Configuration Management tools facilitate the impact assessment of RFCs Easy addition of new CIs and deletion of old CIs Automatic validation of input data (e.g. are all CI names unique) Automatic determination of all relationships that can be automatically established, when new CIs are added Support for CIs with different model numbers, version numbers, and copy numbers Automatic identification of other affected CIs when any CI is the subject of an incident report/record, problem record, known error record or RFC Integration of problem management data within the CMS, or at least an interface from the Configuration Management System to any separate problem management databases that may exist. Automatic updating and recording of the version number of a CI if the version number of any component CI is changed Maintenance of a history of all CIs (both a historical record of the current version – such as installation date, records of Changes, previous locations, etc. – and any of previous versions) Support for the management and use of configuration baselines (corresponding to definitive copies, versions etc.), including support for reversion to trusted versions Ease of interrogation of the CMS and good reporting facilities, including trend analysis (e.g. the ability to identify the number of RFCs affecting particular CIs) Ease of reporting of the CI inventory so as to facilitate configuration audits Flexible reporting tools to facilitate impact analyses The ability to show graphically the configuration models and maps of interconnected CIs, and to input information about new CIs via such maps
Page 120
The CMDB and Configuration Management Creation and Maintenance Guide
The ability to show the hierarchy of relationships between ‘parent’ CIs and ‘child’ CIs. For software, support tools should allow control to be maintained, for applications software, from the outset of systems analysis and design right through to live running. Ideally, organizations should use the same tool to control all stages of the lifecycle, although this may not be possible if all the platforms cannot be supported by one software tool. If this is not possible, then the ITSM infrastructure Configuration Management tool should at least allow Configuration Management information to be transferred from a software development Configuration Management System into the CMS without the need for re-keying. These individual tools and solutions may be integrated with the main Service Management system or the Configuration Management System where the effort of integration is beneficial. Otherwise, the integration may be undertaken at the procedural or data level. Automating the initial discovery and configuration audits significantly increases the efficiency and effectiveness of Configuration Management. These tools can determine what hardware and software is installed and how applications are mapped to the infrastructure. This means a greater coverage of audited CIs with the resources available, and staff can focus on handling the exceptions rather than doing the audits. If the DML is not integrated with the CMDB it may be worth automating the comparison of the DML contents with the CMDB.
Project Management Suggested Contents for Configuration Management Plan Purpose To identify how and by whom the project’s products will be controlled and protected. Composition This plan forms part of the Project Quality Plan. It consists of: • An explanation of the purpose of configuration management • A description of (or reference to) the configuration management method to be used. Any variance from corporate or program standards should be highlighted, together with a justification for the variance. • Reference to any configuration management systems or tools to be used with which links will be necessary • How and where the products will be stored (e.g. project filing structure) • What filing and retrieval security there will be • How the products and the various versions of these will be identified • Where responsibility for configuration management lies.
Page 121
The CMDB and Configuration Management Creation and Maintenance Guide
Where does the information come from? Details of the plan might come from: • The customer’s quality management systems (QMS) • The supplier’s QMS • Specific needs of the project’s products and environment • The project organization structure • Any configuration management software in use or mandated by the customer. Quality Criteria • Responsibilities are clear and understood by both customer and supplier • The key identifier for the project products is defined • The method and circumstances of version control are clear • The plan provides the Project Manager with all the product information required. Project Management Typical information found in a Configuration Record Purpose A record of the information required about a product’s status. Composition • Project identifier • Type of product • Product title • Latest version number • Product description • A description of the life cycle steps appropriate to the product • ‘Owner’ of the product • Date allocated • Library or location where the product is kept • Source – for example, in-house, or purchased from a third-party company • Links to related products • Status • Copyholders and potential users • Cross-reference to the Project Issue that caused the change to this product • Cross-references to relevant correspondence. Where does this information come from? • Product breakdown structure • Stage and Team plans • Work Package • Quality log • Issue log.
Page 122
The CMDB and Configuration Management Creation and Maintenance Guide
Quality criteria • It reflects the status of the product accurately • All Configuration Item Records are kept together in a secure location • The version number matches the actual product • The copyholder information is correct • The copies held by the copyholders match the version number.
Page 123
The CMDB and Configuration Management Creation and Maintenance Guide
Page 124
The CMDB and Configuration Management Creation and Maintenance Guide
4.13 Policies, Objectives and Scope IT Services Policies, Objectives and Scope Process: Service Asset & Configuration Management
Status: Version:
0.1
Release Date:
Page 125
The CMDB and Configuration Management Creation and Maintenance Guide
Refer to the Planning and implementation guidelines document (that includes the Policy, Objectives and Scope statements, found within this book.
Policies, Objectives and Scope for Configuration Management The document is not to be considered an extensive statement as its topics have to be generic enough to suit any reader for any organization. However, the reader will certainly be reminded of the key topics that have to be considered. Policy Statement A course of action, guiding principle, or procedure considered expedient, prudent, or advantageous
Use this text box to answer the “SENSE OF URGENCY” question regarding this process. Why is effort being put into this process? Not simply because someone thinks it’s a good idea. That won’t do. The reason has to be based in business benefits. You must be able to concisely document the reason behind starting or improving this process. Is it because of legal requirements or competitive advantage? Perhaps the business has suffered major problems or user satisfaction ratings are at the point where outsourcing is being considered. A policy statement any bigger than this text box, may be too lengthy to read, lose the intended audience with detail, not be clearly focussed on answering the WHY question for this process.
The above Policy Statement was; Prepared by: On:
<>
And accepted by: On:
<>
Page 126
The CMDB and Configuration Management Creation and Maintenance Guide
Objectives Statement
Something worked toward or striven for: A goal. Use this text box to answer the “WHERE ARE WE GOING” question regarding this process. What will be the end result of this process and how will we know when we have reached the end result? Will we know because we will establish a few key metrics or measurements or will it be a more subjective decision, based on instinct? A generic sample statement on the “objective” for Configuration Management is: To create an environment where all IT services and infrastructure components (including relevant documentation) is under control. The Configuration Management process aims to be a provider of information to contribute to an effective and efficient planning, release and implementation of Changes to the IT services. Note the keywords in the statement. For the statement on Configuration Management they are “under control” and “provider of information service”. These are definite areas that we can set metrics for and therefore measure progress. An objective statement any bigger than this text box, may be too lengthy to read, lose the intended audience with detail, not be clearly focussed on answering the WHERE question for this process.
The above Objective Statement was; Prepared by: On:
<>
And accepted by: On:
<>
Refer to Reports KPI's other metrics document, found within this book. Refer to Objectives and Goals document, found within this book.
Page 127
The CMDB and Configuration Management Creation and Maintenance Guide
Scope Statement: The area covered by a given activity or subject
Use this text box to answer the “WHAT” question regarding this process. What are the boundaries for this process? What does the information flow look like into this process and from this process to other processes and functional areas? A generic sample statement on the “scope” for Configuration Management is:
To take responsibility for the control and management of information relating to IT Infrastructure. By taking this responsibility to provide information to both Change Management (CHANGEMGT) and Release Management (RELEASEMGT) so that the impact of change is completely understood and the likelihood of negative impacts from change are minimized. Furthermore, this process will control information relating to personal computers, shared information servers and all peripheral devices. However, the main frame system and all associated services are excluded from the scope. A scope statement any bigger than this text box, may be too lengthy to read, lose the intended audience with detail, not be clearly focussed on answering the WHAT question for this process. The above Scope Statement was; Prepared by: On:
<>
And accepted by: On:
<>
Refer to Identification guidelines for Configuration items (CI’s) document, found within the book.
Page 128
The CMDB and Configuration Management Creation and Maintenance Guide
4.14 Reports and KPI Targets IT Services Reports and KPI Targets Process: Service Asset & Configuration Management
Status: Version:
0.1
Release Date:
Page 129
The CMDB and Configuration Management Creation and Maintenance Guide
Reports and KPI Targets for Configuration Management The document is not to be considered an extensive statement as its topics have to be generic enough to suit any reader for any organization. However, the reader will certainly be reminded of the key topics that have to be considered. This document serves as a guide on suitable key performance indicators (KPIs) and reports for management for the Configuration Management process. This document provides a basis for completion within your own organization. This document contains suggestions regarding the measures that would be meaningful for this process. The metrics demonstrated are intended to show the reader the range of metrics that can be used. The message must also be clear that technology metrics must be heavily supplemented with non-technical and business focused metrics/KPI’s/measures.
This document was; Prepared by: On:
<>
And accepted by: On:
<>
Page 130
The CMDB and Configuration Management Creation and Maintenance Guide
Key performance indicators (KPI’s) Continuous improvement requires that each process needs to have a plan about “how” and “when” to measure its own performance. While there can be no set guidelines presented for the timing of these reviews; the “how” question can be answered with metrics and measurements. With regard to timing of reviews, factors such as resource availability, cost and “nuisance factor” need to be accounted for. Many initiatives begin with good intentions to do regular reviews, but these fall away very rapidly. This is why the process owner must have the conviction to follow through on assessments and meetings and reviews, etc. If the process manager feels that reviews are too seldom or too often then the schedule should be changed to reflect that. Establishing SMART targets is a key part of good process management. SMART is an acronym for: Simple Measurable Achievable Realistic Time Driven
Metrics help to ensure that the process in question is running effectively. With regard to Configuration Management the following metrics and associated targets should be considered: Key Performance Indicator
Simple count on number of times that a configuration does not match held information The amount of elapsed time that passes from the approval of a change to the actual implementation of that change.
The number of components that are
Target Value
Time Frame/Notes/Who
(some examples) 12 per audit 6 per month 3 weeks from date of RFC registration, for minor category changes 0 for Production
Page 131
The CMDB and Configuration Management Creation and Maintenance Guide
identified as “unauthorized”.
The changing amount of serious incidents, reported to the Help Desk
Delta in the average time to assess and resolve Service Desk calls using CMDB information.
control 3 for Accounts 5% reduction on Category 1 calls over First quarter, next financial year Average call resolution time to drop from 3 mins. to 2.5 mins. within next 8 weeks
Breaches to Service Level Agreement that occur as a result of poor or missing information from the closely linked Service Support functions (Configuration, Release, Problem and Service Desk). The number of times that a change results in increased incidents and problems. The number of times that a change was not completed due to insufficient or incorrect information supplied from the CMDB. Absolute value count on the amount of times the CMDB is found to be in error. Others
Page 132
The CMDB and Configuration Management Creation and Maintenance Guide
Reports for Management Management reports help identify future trends and allow review of the “health” of the process. Setting a security level on certain reports may be appropriate, categorizing the report as Strategic, Operational or Tactical. The acid test for a relevant report is to have a sound answer to the question; “What decisions is this report helping management to make?” Management reports for Configuration Management should include: Report
Time Frame/Notes/Who
Expected growth and capacity statistics Details/summaries for non-registered or inaccurately registered IT components (and the steps taken to correct the situation) An ability to list information such as the number of registered Configuration Items, along with their version details and other information such as category, status, security level, location, owner, etc. Backlog details of process activities work outstanding (along with potential negative impact regarding failure to complete the work in a timely manner) – but also provide solutions on how the backlog can be cleared. Simple breakdown of asset categories (e.g. Peripherals (printers, scanners), network equipment (routers, hubs, switches), servers, PC’s, etc.) Analysis and results of audits completed The situation regarding the process staffing levels and any suggestions regarding redistribution, recruitment and training required. Human resource reporting including hours worked against project/activity (including weekend/after hours work). Financial information for components – to be provided in conjunction with Financial Management for IT Services (FINANCIALMGT)
Page 133
The CMDB and Configuration Management Creation and Maintenance Guide
Page 134
The CMDB and Configuration Management Creation and Maintenance Guide
4.15 Status Accounting Guidelines IT Services Status Accounting Guidelines Process: Service Asset & Configuration Management
Status: Version:
0.1
Release Date:
Page 135
The CMDB and Configuration Management Creation and Maintenance Guide
Status Accounting Guidelines for Configuration Management The document is not to be considered an extensive statement as its topics have to be generic enough to suit any reader for any organization. However, the reader will certainly be reminded of the key topics that have to be considered. This document serves as a reference guide on CI status for the Configuration Management process. This document provides a basis for completion within your own organization. This document contains suggestions regarding the status that a particular CI can be categorized as. The document will fuel thoughts about other possible statuses specific to your organization or particular need.
This document was; Prepared by: On:
<>
And accepted by: On:
<>
Page 136
The CMDB and Configuration Management Creation and Maintenance Guide
Status reports on IT infrastructure should be produced on a regular basis. The reports should highlight the current quantity of CIs being controlled and the breakdown of their different status. Such a report can assist management to see the overall health of their IT infrastructure and to be able to make strategic decisions regarding change of supplier, investigation of the management techniques or identification of cyclical status changes (which will allow steps to be taken to smooth out the cycle). Status reports should include the following: 1. Most recent software item versions and their status for a system baseline/application 2. Current problems and change requests 3. Audit trail 4. Responsible person for status change The following list is a useful starting point for the reader to determine what status flags are required in the organization. Status Flag Registered
Comments/Notes/Relevance 2
Accepted Installed Withdrawn Archived Under development Testing Live/Production Misplaced Stolen Sold Donated Scrapped Other Other Many support tools will have a pre-defined list of status flags that can be selected for different categories of CI. Review these lists, but think laterally about your own organization.
Page 137
The CMDB and Configuration Management Creation and Maintenance Guide
Page 138
The CMDB and Configuration Management Creation and Maintenance Guide
4.16 Description of Asset Types Management Management is a system that includes leadership, administration, policies, performance measures and incentives. This layer cultivates, coordinates and controls all other asset types. Management includes idiosyncratic elements such as philosophy, core beliefs, values, decision-making style and perceptions of risk. It is also the most distinctive and inimitable type of asset deeply rooted in the organization. [The term organization is used here to refer to the enterprise or firm rather than the organization asset type. The most likely manner in which management assets can be partially extracted from an organization is by the poaching of key individuals who were instrumental in defining and developing a particular management system.] Service Management itself is a type of specialized management asset like others such as project management, research and development, and manufacturing management. Organization Organization assets are active configurations of people, processes, applications and infrastructure that carry out all organizational activity through the principles of specialization and coordination. This category of assets includes the functional hierarchies, social networks of groups, teams and individuals, and the systems they use to work in alignment towards shared goals and incentives. Organization assets include the patterns in which people, applications, information and infrastructure deploy either by design or by self-adaptive process to maximize the creation of value for stakeholders. Some service organizations are superior to others simply by virtue of organization. For example, networks of wireless access points, storage systems, point-of-sale terminals, databases, hardware stores, and remote backup facilities. Strategic location of assets by itself is a basis for superior performance and competitive advantage. Process Process assets are made of algorithms, methods, procedures, and routines that direct the execution and control of activities and interactions. There is a great diversity in process assets, which are specialized to various degrees from very generic management processes to sophisticated low-level algorithms embedded in software applications and other forms of automation. Process assets are the most dynamic of types. They signify action and transformation. Some of them are also the means by which organization and management assets coordinate and control each other and interact with the business environment. Process people and application assets execute them; knowledge and information assets enrich them; applications and infrastructure assets enable them. Examples of process assets are order fulfillment, accounts receivables, incident management, Change Management and testing.
Page 139
The CMDB and Configuration Management Creation and Maintenance Guide
Knowledge Knowledge assets are accumulations of awareness, experience, information, insight and intellectual property that are associated with actions and context. Management, organization, process and applications assets use and store knowledge assets. People assets store tacit knowledge in the form of experience, skills and talent. Such knowledge is primarily acquired through experience, observation and training. Movement of teams and individuals is an effective way to transfer tacit knowledge within and across organizations (Argote 2000). Knowledge assets in tacit form are hard for rivals to replicate but easy for owners to lose. Organizations seek to protect themselves from loss by codifying tacit knowledge into explicit forms such as knowledge embedded in process, applications and infrastructure assets. Knowledge assets are difficult to manage but can be highly leveraged with increasing returns and virtually zero opportunity costs (Baruch Lev. 2001). Knowledge assets include policies, plans, designs, configurations, architectures, process definitions, analytical methods, service definitions, analyses, reports and surveys. They may be owned as intellectual property and protected by copyrights, patents and trademarks. Knowledge assets can also be rented for use under licensing arrangements and service contracts. People The value of people assets is the capacity for creativity, analysis, perception, learning, judgment, leadership, communication, coordination, empathy and trust. Such capacity is in teams and individuals within the organization, due to knowledge, experience and skills. Skills can be conceptual, technical and social skills. People assets are also the most convenient absorbers and carriers of all forms of knowledge. They are the most versatile and potent of all asset types because of their ability to learn and adapt. People assets represent an organization’s capabilities and resources. If capabilities are capacity for action, people assets are the actors. From the capabilities perspective, people assets are the only type that can create, combine and consume all other asset types. Their tolerance of ambiguity and uncertainty also compensates for the limitations of processes, applications and infrastructure. Because of their enormous potential, people assets are often the most expensive in terms of development, maintenance and motivation. They also are assets that can be hired or rented but cannot be owned. Customers highly value services that enhance the productivity or potential of people assets. People assets are also resources with productive capacity. Units of cost, time and effort measure their capacity as teams and individuals. They are mobile, multipurpose and highly adaptive with the innate ability to learn. Staffing contracts, software agents and customers using self-service options augment the capacity of people assets. Information Information assets are collections, patterns, and meaningful abstractions of data applied in contexts such as customers, contracts, services, events, projects and Page 140
The CMDB and Configuration Management Creation and Maintenance Guide
operations. They are useful for various purposes including communication, coordination and control of business activities. Information assets exist in various forms such as documents, records, messages and graphs. All asset types produce them but management, processes, knowledge, people and applications primarily consume them. The value of information assets can vary with time, location and format, and depreciate very quickly. Some services create value by processing information and making it available as needed by management, processes, people and applications assets. The criteria of effectiveness, efficiency, availability, integrity, confidentiality, reliability and compliance can be used to evaluate the quality of information assets. Applications Applications assets are diverse in type and include artifacts, automation and tools used to support the performance of other asset types. Applications are composed of software, hardware, documents, methods, procedures, routine, scripts and instructions. They automate, codify, enable, enhance, maintain or mimic the properties, functions, and activities of management, organization, processes, knowledge, people and information assets. Applications derive their value in relation to these other assets. Process assets in particular commonly exist inside applications. Applications assets consume, produce and maintain knowledge and information assets. They can be of various types such as general-purpose, multipurpose and special-purpose. Some applications are analogous to industrial tools, machinery and equipment because they enhance the performance of processes. Others are analogous to office equipment and consumer appliances because they enhance the personal productivity of people assets. Examples of applications are accounting software, voice mail, imaging systems, encryption devices, process control, inventory tracking, electronic design automation, mobile phones and bay code scanners. Applications are themselves supported by infrastructure, people and process assets. One of the most powerful attributes of applications is they can be creatively combined and integrated with other asset types, particularly other applications to create valuable new assets. Infrastructure Infrastructure assets have the peculiar property of existing in the form of layers defined in relation to the assets they support, especially people and applications. They include information technology assets such as software applications, computers, storage systems, network devices, telecommunication, equipment, cables, wireless links, access control devices and monitoring systems. This category of assets also includes traditional facilities such as buildings, electricity, Heat, Ventilation, Air Conditioning (HVAC) and water supply without which it would be impossible for people, applications, and other infrastructure assets to operate. Infrastructure assets by themselves may be composed of mostly applications and other infrastructure assets. Assets viewed as applications at one level can be used as infrastructure at another. This is an important principle that allows serviceorientation of assets.
Page 141
The CMDB and Configuration Management Creation and Maintenance Guide
Financial Capital Financial assets are required to support the ownership or use of all types of assets. They also measure the economic value and performance of all types of assets. Financial assets include cash, cash equivalents and other assets such as marketable securities and receivables that convert into cash with degrees of certainty and ease. Adequacy of financial assets is an important concern for all organizations including government agencies and non-profits. The promise and potential of other assets is not realized in full without financial assets.3
3
OGC Service Transition Book
Page 142
The CMDB and Configuration Management Creation and Maintenance Guide
5
FURTHER READING
For more information on other products available from The Art of Service, you can visit our website: http://www.theartofservice.com If you found this guide helpful, you can find more publications from The Art of Service at: http://www.amazon.com
Page 143
