Configuration management and the configuration management database (CMDB) should play a key part in the IT service management (ITSM) ecosystem and in keeping organizations running. But what are the key things that need to be considered when optimizing your configuration management capability and the role of a configuration manager?
Configuration management or, to give it its proper title from the ITIL books, service asset and configuration management, is the process that’s responsible for ensuring that the assets required to deliver IT services are properly controlled, and that accurate and reliable information about those assets is available when and where it’s needed.
What sets configuration management apart from IT asset management (ITAM) is that when you’re dealing with configuration management, not only are you capturing asset details but also the relationships between them as they build up your services.
Configuration management, and configuration managers, help organizations to manage, control, and protect every key item in their IT estates. So here are my seven top tips for being a highly effective configuration manager, from just starting out and on to having the right range of roles, people, and skills.
Tip 1: Make Sure Your Scope is Solid
There’s a huge potential for scope creep when carrying out configuration management activities, especially at the beginning. Want to know how to avoid it? Have a configuration management plan. First things first, set out the scope in a way that’s clear and easy to understand.
What many people miss when starting out with configuration is that there are actually three distinct layers to your IT estate:
- Configuration items (CIs).
You can read more about these in “ITSM Basics: How to Do Configuration Management.”
If you’re not sure where to start, begin by including your most business-critical IT services and build out from there. You can always expand your scope when your configuration management process matures but keep things tight and focused when starting out.
Tip 2: Take a Snapshot
Before you even think about starting to update your CMDB with CI information, carry out a baselining exercise across your production environment. This step is sometimes overlooked but it is so, so important. It’s ultimately a snapshot of everything important at a certain point in time.
So how do you carry out a baselining exercise in real life? As with the scope, start with your most business-critical service. Talk to everyone involved with the service from support teams to the business. If it requires third-party support, consider asking your supplier for their guidance on what data should be captured in a CMDB if/when you ever need to log a support call with them, i.e. what are the top ten things they will most likely ask for?
Tip 3: Share the Load
Work with change management colleagues to establish control around your configuration management process. This control aspect of configuration management goes hand-in-hand with CI identification and baselining. And having controls in place means that there’s appropriate support to ensure that when a CI is updated the CMDB is also updated, i.e. that what you have in the CMDB exactly matches what you have in your real-life production environment.
Also work with change management colleagues to consider putting change freezes in place during key configuration management process points, such as baselining or audit exercises, so you’re not trying to hit a moving target. There’s nothing more stressful in an audit situation than having a last-minute panic about the version information of a CI being up to date following a deployment the previous night. So, work with your change management colleagues to lock things down in times when you’re under pressure.
Tip 4: Take a Good Look at Your Lifecycle
Status accounting is the part of the configuration management process responsible for recording and reporting the lifecycle of each CI – essentially making sure that each CI has a valid status accurately recorded in the CMDB.
Look at the number of available status options you use, or plan to use, because the more you have the more you need to maintain and the higher the potential is for error. Again, my advice would be to start small and then build up over time as your process matures. Some example statuses are:
- In test
- In pre-production
- In repair
- Disposed of
Tip 5: Trust but Verify
A key part of configuration management is ensuring that the information in the CMDB is accurate, and that all CIs have been identified and recorded.
So, build checks into your processes. For example, verifying the serial number of a desktop PC when an end user logs an incident or checking that the version of software updated via a change has been added to the CMDB.
Tip 6: Realize that Honesty Is the Best Policy
Audit is a periodic, formal check. Configuration audits generally include the following activities:
- Defining audit schedule and procedures
- Identifying who will perform the audits
- Performing audits on the established baselines
- Generating audit reports
- Managing exceptions
- Capturing lessons learned
When defining an audit schedule, look to the rest of the business for guidance. Do you have any regulatory requirements such as SOX and BASEL III, or any standards such as ISO/IEC 20000 that need to be adhered to? If so, they’ll come with defined audit cycles.
When preparing for external audits, one of the best things you can do is run an internal audit first so that you can correct any potential issues; or at least come up with a plan to improve in the case of any major findings. Ideally, get someone from outside your department to carry out the audit, as they will have a fresh perspective and there will be no room for bias however unintentional.
Tip 7: Assess Your People
One of the biggest myths of the ITSM industry is that the tool will fix everything.
Let’s take a virtual show of hands. Has anyone ever seen configuration management work just by throwing a tool at it? I didn’t think so. Instead, you need the right people, with the right skills, delivering against particular needs even if the discrete role itself cannot be justified. For example:
- Configuration manager – the person that runs the configuration management process and manages the rest of the team (if there is one).
- Configuration analyst – a member of the team that supports the configuration manager and ensures that the day-to-day tasks are carried out.
- Configuration librarian – the person who ensures that all master copies of CIs are registered with configuration management accurately and securely.
Finally, configuration management doesn’t work in a vacuum, so look for other touch points – for example change and release management, ITAM, financial management, and knowledge management – to ensure that there’s no duplication or overlap. By working with these related teams, you might find new approaches for doing existing things quicker and in a more cost efficient way.
So, that’s my seven tips for being a highly effective configuration manager. What tips would you add? Please let me know in the comments!