ITIL Service Configuration  Management and CMDB Explained

The difference between an IT Asset and a Configuration Item

• An IT Asset has a minimum financial value defined by IT Financial Management:
  1. An IT Asset does not care about the relationships between different assets
  2. An IT Asset may not be necessary for service delivery (i.e., a building)
• A Configuration Item (CI):
  1. Does not care about the financial value
  2. Has relationships with other CIs or services
  3. Is essential for service delivery

The purpose of the Service Configuration Management Practice

1. It is under the control of Change Enablement
2. It can only change with an approved Request for Change (RFC)
3. The CIs are in a Configuration Management Database (CMDB) and under the control of the Configuration Management System (CMS)

The objectives of the Configuration Management Practice⁴

• CM manages CIs throughout their lifecycle (e.g., from purchase to retirement).
• CM defines controls, records, audits, and verifies services and other CIs, including versions, baselines, constituent components, attributes, and relationships.
• CM manages and protects the integrity of CIs through the service lifecycle.
• Uses Change Enablement Practice to review and authorize any changes to CIs.
• Ensures projects only use authorized components.
• The historical, planned, and current states of services and other CIs are accurately configured by CM.
• By supplying precise configuration information to help personnel make the best possible change decisions at the appropriate time, CM supports effective and efficient Service Management operations.
• CM manages all aspects of the Configuration Management System (CMS).

The benefits of Configuration Management⁵

• CM significantly reduces incident resolution time using a central repository for critical infrastructure data:
  • The Service Desk, using the CMS, may increase the number of resolutions without escalating, increasing user productivity and customer satisfaction and reducing support costs.
  • CM may help to standardize the approach to incident resolution.
• The data in the CMS allows for better forecasting and planning of changes.
• CM minimizes quality and compliance issues caused by improper configuration of services and assets using ANSI or ISO 9001 (Quality Management System) protocols.
• CM processes lead to better adherence to standards and legal and regulatory obligations.
• CM helps identify the cost of service delivery.
• CM enables optimizing changes and the reuse of standards and best practices.
• CM significantly helps to reduce the cost and time to discover configuration information when needed.
• CM assists Problem Management in root cause analysis leading to known error resolution and reducing significant loss of productivity.

What are Configuration Item relationships?

• A CI is a part of another CI:
  • A software module is part of a program.
  • A server is part of site infrastructure.
• A CI connects to another CI:
  • A desktop computer connects to a LAN.
• A CI uses another CI:
  • A program uses a module from another.
  • A customer-facing service uses an infrastructure server.
• A location of a CI is on another CI:
  • This desktop PC has MS Project installed.

The risks of not investing in Configuration Management

• A misplaced focus on the technology rather than the service and business focus of successful delivery of services.
• Not understanding or considering the accuracy of configuration information over time.
• Not setting an appropriate scope for Configuration Management.
• Not keeping the data accurate by not following standard procedures (set by CM) for moving hardware assets by non-authorized staff.
• Not conducting regular physical audits to discover, correct discrepancies, and learn through continuous improvement.
• Not believing that practical CM is an all-or-nothing activity. Overlooking just one component can cause a vulnerability to the entire infrastructure.
• Not integrating CM with other Practices, such as Change Enablement, IT Asset Management, and Information Security. A successful CM requires all Practices to support the accuracy of the documentation.

What are the tools used in Configuration Management?

Configuration Management System (CMS)

The four views of the CMS

1. Change and Release view. Change and release personnel responsible for Change Enablement/Project Management, Release Management, and Deployment Management use this view as part of their project responsibility.
2. Technical Configuration view. Used to meet the requirements of staff members doing technical and application management tasks.
3. Service Desk view. For logging and handling issues and service requests, for instance, by the Service Desk.
4. Configuration Lifecycle view. Used by those in charge of controlling the lifecycle of Configuration Items in Configuration Management.⁷

What is the Configuration Management Database (CMDB)?

The Service Knowledge Management System (SKMS)

1. Raw Data (it must be accurate) turns this data into
2. Information (the who, what, when, where?) Then
3. Knowledge (the how) and with user's input
4. Wisdom (the why)

Auto-discovery tools

Additional CM tools

• Inventory
• Audit
• Enterprise systems
• Network management

Terms used in the Configuration Management Practice

Term	Definition
Configuration Baseline	The configuration of a service, product, or infrastructure that has been formally evaluated and accepted serves as the basis for subsequent activities and can only be changed through formal change procedures.
Snapshot	The most recent state of a Configuration Item or environment (e.g., from a discovery tool). The CM keeps the snapshot as a fixed historical record and stores it in the CMS. The image is used by the Deployment Practice to fix a failed release.

The Configuration Management System is an essential part of IT

Configuration Management roles and responsibilities¹⁰

Role	Responsibilities
Practice Manager	The Practice Manager owns the Practice: Carrying out the generic process manager role. Are responsible to the organization for the management of the fixed assets that fall under IT's purview. Defining and agreeing to the service assets treated as CIs. Making sure configuration information is available whenever and wherever it is required to support other Service Management Practices. Planing and managing support for CM tools and processes. Coordinating interfaces between CM and other Practices (i.e., Change Enablement, Release, Deployment, Knowledge Management).
Configuration Analyst	The analyst role: Proposing scope for CM. Supporting the development of principles, processes, and procedures by the process owner and process manager. Defining the structure of the CMS, including CI types, naming conventions, required and optional attributes, and relationships. Training personnel in CM principles, processes, and procedures. Performing configuration audits.
Configuration Librarian	The custodian of CIs registered in the CMS: Controlling the receipt, identification, storage, and withdrawal of all supported CIs. Maintaining the status of CIs and provides this as appropriate. Archiving superseded CIs. Assisting in conducting configuration audits. Detecting, noting, storing, and disseminating CM-related problems.
CM Manager	Each IT department should have a designated CM Manager: Managing CIs for their department. Training and advising strategy to optimize the use of the CMS for their team. Ensuring that all team members follow CM policies and practices.

Critical Success Factors (CSF) and Key Performance Indicators (KPI) for Configuration Management¹¹

• CSF - Accounting for, managing, and protecting the integrity of CIs throughout the service lifecycle.
  • KPI - Increased accuracy of costs and budgets for the assets used by each user or business unit.
  • KPI - Greater redistribution and recycling of underused resources and assets.
   
• CSF - Supporting accurate configuration information delivery at the appropriate moment to support efficient and effective Service Management processes.
  • KPI - Percentage increase in the maintenance plan during the asset's lifetime (lower is better).
  • KPI - Increased efficiency for Incident Management in locating problematic CIs and resuming service.
  • KPI - Decrease in the typical amount of time and money spent diagnosing and addressing incidents and problems, broken down by type of issue.
   
• CSF - Creating and maintaining an accurate and comprehensive CMS.
  • KPI - Reduction in the business impact of outages and incidents caused by poor service CM.
  • KPI - Improved configuration data accuracy and quality.
  • KPI - Better audit compliance.
   

 

How Configuration Management integrates with other ITIL Practices

ITIL Practice	Information Exchanged
Continual Improvement	Continual Improvement is the mantra of all enlightened IT departments. Having a CMS allows all Practices to see the big picture from the four dimensions of Service Management (e.g., Organization & People, Information & Technology, Partners & Suppliers, and Value Streams & Processes). No other tool brings IT together with the common goal of outstanding business support. For Continual Improvement, cost reduction is a priority. Having a thorough understanding of every component of your configuration, preventing unnecessary asset duplication.
Information Security	The CMS shows the relationships of all CIs Each CI is a potential security risk; collectively, they may be a risk.  Using the CMS allows Information Security to strategize and set security policies to protect the business.
Architecture Management	As part of Service Design, having an up-to-date digital representation of the live environment allows Architecture Management to have an up-to-date picture of the infrastructure, making it easier and shortening the time to design safe, effective, and cost-efficient changes.
Knowledge Management	In the diagram above of the Knowledge Management system, it is easy to see how the CMS supports SKMS. The SKMS provides effective and customizable views of how all the different databases and tools fit together. Knowledge Management adds to the CMS and customizes views while the CMS organizes data for KM.
Portfolio Management	The CMS is the central tool Portfolio uses for Service Lifecycle Management. The CMS assists Portfolio in its role for continual re-evaluation and refreshing of services, saving the business money. Portfolio uses CMS reports to determine when the cost of keeping a CI is greater than replacing it.
Project Management	Since Project Management is the Practice that executes changes, the CMS supports risk analysis and baselines before and after the project completion. Project Management uses the CMS for cost reduction analysis by having detailed knowledge of all the configuration elements, avoiding wasteful duplication of the technology assets.
Risk Management	Risk Management uses information in the CMS to evaluate the risks to business infrastructure. Using a CMS reduces the risk of outages and security breaches through visibility and tracking of the changes to the system that might increase risk chances. Traceability helps ensure meeting change standards.
Strategy Management	Strategy Management uses the CMS to visualize the current infrastructure, commission projects, eliminate weaknesses and risks, and build health and profitability. Because of an accurate diagram and the ability to create views by services, Strategy can better make decisions about projects.
Service Level Management	SLM uses the CMS to determine whether service levels are possible, given the current structure. SLM targets are particularly beneficial in the area of warranty (i.e., availability, performance, security, and continuity).
Monitoring & Event Management	When viewing the service architecture in the CMS, Monitoring and Event Management can better plan what to monitor to ensure IT has an early warning that service delivery faults are likely.
Incident Management	Incident Management can supplement its methods by increasing the use of the CMS and, for example, using the CMS to see if there have been any recent changes to a user's system.
Problem Management	Problem Management is a heavy user of the CMS. The CMS is used to help determine the level of impact and pinpoint and diagnose the exact point of failure. In addition, proactive Problem Management can query the CMS for other potential issues (i.e., show me all other laptops with this configuration). Greater agility and faster problem resolution enable you to provide a higher quality of service and reduce software development and management costs.
Service Desk	The Service Desk uses the CMS to help resolve incidents by identifying broken service components. They improve customer experiences when staff can rapidly detect and correct improper configurations.
Service Request Management	Service Request Management is responsible for deploying user-initiated pre-approved Standard changes via a service request + standard RFC. The CMS tracks all service request changes.
Change Enablement	For Change Enablement, the CMS is a powerful tool for determining change request risks.
Release Management	Release Management ensures that releases meet all the standards for adding new versions to the live environment. When ready for deployment, Release Management stores the release in the Definitive Media Library, ready for Deployment Management. The CMS keeps accurate records of deployed versions and locations of approved software.
Availability Management	Reduce the risk of outages through visibility and tracking changes to your systems.
Capacity & Performance Management	Capacity and Performance Management become easier when an accurate visual display for service delivery items is available.
Service Continuity Management	Service Continuity Management's role is to bring systems back after a disaster. The CMS standards and baselines can optimize this Practice because they can count on accuracy. DevOps teams can gain insight into how their most recent changes effect system efficiency and functionality through performance testing.
Service Catalog Management	SCM is an online service where users can request software, hardware, and access. The catalog automates service requests saving IT high costs. Service Requests and Standard changes are user-initiated here. The CMS guides the services requested.
Service Design	The Service Design Practice depends heavily on CMS automation because it is easier to build checks and redundancies, improving the potential for omissions due to human error and the accuracy of keeping assets in the desired state.13
Service Validation & Testing	SVT tests the builds produced by the Design Practice and the transition Practices of Project Management to ensure conformance to Configuration standards.
Deployment Management	The Deployment Management Practice uses the CMS's snapshots when deploying changes. Knowing the official baselines saves Deployment time and money from having to do it themselves. Since the CMS baseline is always available, Deployment can build rollback processes that restore quickly. In addition, Deployment can use changesets instead of single file commits (i.e., packaged commits and environment changes in one easy commit).
Infrastructure & Platform Management	The Infrastructure Management Practice use CMS automation as a reminder to update a piece of software to avoid a known vulnerability. The state of your systems must be accurately recorded, and baselining an attribute can guarantee efficient formal configuration change control procedures.
Software Development & Management	Following the approved guidelines of the Software Development Life Cycle (SDLC) and Configuration Management, companies can decrease costs, decrease time-to-market and minimize errors. CM provides the standards everyone must follow.

Why Service Configuration Management, CMDB and ITSM Matter