ITIL and the Small Business / Medium Business Part 2 Configuration Management

March 21, 2008

As mentioned in part 1 on this site, The ITIL framework is an effective method of reducing the costs of IT service delivery, and improving the quality of IT services.

As can be seen here ITIL is not just for large businesses. Adopting the ITIL framework reduces IT service costs, and increases IT effectiveness for organizations of all sizes. As stated in part 1 of this note, and seconded here the ITIL framework allows you to lift pieces that are specific to your unique environment.

In this post I am going to dive a little deeper into the ITIL Configuration Management process. Larger organizations may find that a blended look at configuration management, incident management and change management together provide the best benefit. If you are at the larger end of the medium business space (i.e. approaching 100 Million revenue) you may be best served by this as well.

Configuration Management – The Benefit

However, I have found that the configuration management process by itself can pay dividends to businesses at the smaller end of the scale. (ie 50 Million and less). The payback comes from reducing the hidden costs of IT services. These hidden costs can include;

– Re-inventing the wheel – hours are spent configuring or building an IT asset, you should not have to waste those hours doing it all over again.

– Efficient and Effective problem solving. your IT resources – either in house or contract. You are paying them to fix something in your environment, not to learn what the environment is first.

– Continuity planing, outages cost money. The difference in the time to recovery can mean the difference between minutes and hours (or days)

– Improve expenditure planning (ie software licensing, and capital expenses)

At the simplest, configuration management is ensuring that accurate documentation exists on all server, and device configurations. Consider it a check list or road map for documenting that asset. This documentation should be of a sufficient level of detail that a person with expected knowlege of that technology can rebuild or recreate that IT assets configuration from the ground up with no other data needed.

Second, configuration management demands that you look at, and document, the end to end configuration of all IT assets and services. For example, you may have an E-mail server that has a fully documented configuration, but the IT “service” of E-mail is not one single server. The “E-Mail service” encompasses every point from someones desktop, through any switches, routers, firewalls or other devices to the email server. (As an analogy, think of an electrical wiring diagram, or the assembly instructions for some piece of assemble it yourself furniture)

Configuration Management – The Example

Consider this all to common scenario; An IT technician has previously modified, but had not documented, the IT infrastructure to allow your web mail, and Blackberry Enterprise Server to work correctly with your E-Mail server. A few months later another technician, not realizing why the changes are there, reverses them, causing interruptions of service. In this case the configuration management process should have documented the relationships of every device and server that produces the “e-mail service”. Whether it is via web mail, or your Blackberry device.

Another example that I ran into a number of years ago, a larger organization had an engineering and testing network dedicated to load and performance testing of network infrastructure hardware. In other words, this network was deliberately designed to push the limits of network devices. An IT technician made a change in the firewall rules that was preventing this testing environment from impacting the regular production network, this change allowed the test data to start flooding the production network with this engineering test data. It took a couple of days for me with the assistance of a skilled network “sniffer” analyst to decipher the problem. Proper documentation of the correct rules and their reasons would not allowed this incident to occur. (or allowed it to quickly reversed)

The Configuration Management “database” is a key component of the ITIL framework for documenting these dependencies. In the larger organizations, there are many vendors willing to sell you these Configuration Management Databases, or “CMDB’s”. In the smaller end of the SMB space this documentation can be contained in any format or tool that you may have. The key is to keep it current and enforce its use.

This Configuration management database should include all relationships associated with the asset or Configuration Item (CI) including any software, procedures service levels and usage. This CMDB documentation will be used for improving the management of all other ITIL processes, and as such must be regularly audited for accuracy. It is not a static piece of information, but a dynamic document that must be immediately updated with any changes to the IT environment. These updates could include new software or tools installed, new security permissions or groups, down to the installation of new IT assets.

UPDATE: Part 3 is now here.

You can subscribe to this blog by clicking the RSS icon on the Home Page!


One Response to “ITIL and the Small Business / Medium Business Part 2 Configuration Management”

  1. […] tie this up with the example I used previously where IT technician number two reversed some device changes that were necessary to allow email to […]

Leave a Reply

Fill in your details below or click an icon to log in: Logo

You are commenting using your account. Log Out /  Change )

Google+ photo

You are commenting using your Google+ account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )


Connecting to %s