Every organization grapples with two dueling concerns: introducing better features while enhancing resilience. As IT teams struggle to meet these competing demands, the complexity within their technology environments balloons exponentially.
This is as the result of trying to support legacy infrastructure, cloud environments, remote working, device sprawl, cybersecurity controls, and numerous integrations, among other concerns. And with this complexity comes additional issues such as:
Why all the issues? Because IT staff have inaccurate information on the current state of IT services and their underlying components. Configuration management can serve as a solution to this conundrum, by providing the mechanisms by which an organization can track the significant components that are used to deliver IT services.
Let’s take a look.
Let’s start with a definition.
Configuration management is a governance function which assures that processes are in place to track IT assets and other service elements, including their attributes and relationships.
This practice is based on systems thinking, where an IT service can be considered a whole system that is the product of the interactions by its constituent elements — that is, configuration items (CI).
In configuration management the primary objective is to efficiently provide useful information to key stakeholders that can support the enhancement and performance of IT services.
At the heart of configuration management is trustworthy data — accurate, reliable, and updated information concerning configuration items that is of value during service design, deployment, and support activities.
Configuration items (CIs) are the elements that need to be controlled to deliver services. CIs exist at various levels depending on:
Examples of CI types include hardware, software, OS, databases, cloud systems, facilities, and IT services.
For each configuration item, certain configuration attributes should be captured to support this practice. Some examples according to the ISO 20000 standard guidance for service management include:
To ensure that configuration information is fit for purpose, organizations carry out continual verification activities to identify and correct gaps and deviations between configuration records and the actual/approved IT environment configurations. This can be either:
Investigations into failed changes or incidents that took long to resolve are additional triggers towards improving configuration information accuracy.
Whenever relationships between configuration items are identified and documented, the result is usually known as service configuration models. These relationships indicate how CIs interact with each other and include interconnections and dependencies, the latter being associations between CIs that require both to work together correctly for an IT service to function effectively.
For example, a license or software version can impact how a piece of hardware or an application works, or a database locks impacting applications querying information. If an upgrade is done on one CI but not on a dependent one, this might result in performance issues.
According to ITIL® 4 guidance, configuration models can be focused on various aspects of the service architecture. These models represent various levels of abstraction — from high-level to detailed mapping of the interconnections and relationships between CIs.
In service management, configuration models serve as useful references for certain key activities including:
Visualization of configuration models can provide useful insights to IT teams during solution design, change planning, or troubleshooting investigations.
For any medium to large-sized organization, configuration management involves a significant amount of data from various sources, including but certainly not limited to on-premises data centers and cloud environments. Managing such configuration records manually via spreadsheets or standalone databases is neither efficient nor effective — you’ll never be able to keep up with the fast- and ever-evolving IT setup.
Instead, use specialized configuration management systems (CMS) to aid in the collection, integration, processing, and presentation of configuration records in a reliable and cost-efficient manner. These systems are usually complex, combining one or more specialized solutions and integrations with configuration data sources. Examples include:
CMS solutions come as a standalone solution or a module within an observability or IT service management solution.
Tracking of configuration item relationships is usually the main differentiator between configuration management systems and other inventory tools. For instance:
Key functionalities of CMS solutions include automation of discovery, updating, modelling, impact assessment, data health checks and verification, and open APIs to support integration with a variety of external data sources.
In DevOps, configuration management tools are used for storing and deploying actual configuration data, and come with features such as version control, dependency management, task automation, and orchestration.
One of the main capabilities of configuration management systems is the visualization of configuration models, which can provide useful insights to IT teams when:
Example of a Configuration Model visualized as a mind map
Effective configuration management is characterized by the capture and provision of relevant, accurate, and timely configuration records when required by stakeholders involved in the service lifecycle.
The actual value is realized when this information is used to better maintain and enhance IT services, such as:
So, selecting the right metrics for this practice comes down to the quality of configuration information provided, and the stakeholders’ satisfaction in fulfilling their objectives using it.
Example metrics suggested by the COBIT 2019 IT governance framework include:
Configuration management is often referred to as the unicorn of service management, due to the few real-world examples of organizations that have complete and comprehensive coverage of all their configuration items.
The danger of capturing and verifying all available IT environment data in a CMDB introduces complexity and requires significant deployment of resources toward this effort. Importantly, the return for such an investment may not be substantive.
Yet, on the flip side, lack of or ineffective configuration management is a pointer to an immature service management practice that will hamper efforts toward IT operational excellence.
Scoping CIs. Scoping of CIs becomes the most important focus, since configuration management is only as valuable as the information it provides — accurate, updated, reliable, understandable, easy to use, and relevant. Successful configuration management is heavily restricted in scope to support the design and management of a limited set of critical business services in production and focused on achieving a specific set of outcomes and benefits related to these services.
Robust processes, tools, and personnel. This is supported by a robust process, quality tools, and dedicated roles in managing the selected CI scope. Choosing the right CMS solution should be informed by this scope and outcomes to prevent wasting resources on bureaucratic control systems, but rather ensuring that the selected tools facilitate efficient and effective configuration record management.
Configuration management should be spearheaded by a dedicated team but supported by the entire cross-section of IT systems administrators who feed into and extract information from the CMS.
See an error or have a suggestion? Please let us know by emailing ssg-blogs@splunk.com.
This posting does not necessarily represent Splunk's position, strategies or opinion.
The Splunk platform removes the barriers between data and action, empowering observability, IT and security teams to ensure their organizations are secure, resilient and innovative.
Founded in 2003, Splunk is a global company — with over 7,500 employees, Splunkers have received over 1,020 patents to date and availability in 21 regions around the world — and offers an open, extensible data platform that supports shared data across any environment so that all teams in an organization can get end-to-end visibility, with context, for every interaction and business process. Build a strong data foundation with Splunk.