ITIL introduced the Service Asset and Configuration Management Practice (SACM) with the 2001 release of ITIL V2. It was simpler then, but so was IT. Now, tracking it all is challenging with virtual systems, cloud computing, cyber security, and much more. ITIL separated the Practice into two with ITIL V4
(Nov. 2018) publication. Now we have Service Configuration Management (CM) and IT Asset Management. Because of all the changes in IT and ITIL rethinking, we wrote this article to help you understand the Practice and why you need CM more than ever.
The difference between an IT Asset and a Configuration Item
An IT Asset has a minimum financial value defined by IT Financial Management:
- An IT Asset does not care about the relationships between different assets
- An IT Asset may not be necessary for service delivery (i.e., a building)
A Configuration Item (CI):
- Does not care about the financial value
- Has relationships with other CIs or services
- Is essential for service delivery
The purpose of the Service Configuration Management Practice
"The purpose of Configuration Management is to ensure that accurate and reliable information about the configuration of services and the CIs that support them is available when and where it is needed. This includes information on how CIs are configured and the relationships between them."1
A Configuration Item (CI) is:
"Any component that needs to be managed in order to deliver an IT service."2
CIs can be hardware, software, networks, buildings, people, supplies, and documentation. If a company designates something as a CI, that means:
- It is under the control of Change Enablement
- It can only change with an approved Request for Change (RFC)
- The CIs are in a Configuration Management Database (CMDB) and under the control of the Configuration Management System (CMS)
Because all CIs relate to other CIs, controls are necessary. A simplified, high-level diagram below demonstrates how everything is related. The blue boxes represent CIs, and the lines are relationships.
Simplified service model for a typical IT service3
The objectives of the Configuration Management Practice4
- CM manages CIs throughout their lifecycle (e.g., from purchase to retirement).
- CM defines controls, records, audits, and verifies services and other CIs, including versions, baselines, constituent components, attributes, and relationships.
- CM manages and protects the integrity of CIs through the service lifecycle.
- Uses Change Enablement Practice to review and authorize any changes to CIs.
- Ensures projects only use authorized components.
- The historical, planned, and current states of services and other CIs are accurately configured by CM.
- By supplying precise configuration information to help personnel make the best possible change decisions at the appropriate time, CM supports effective and efficient Service Management operations.
- CM manages all aspects of the Configuration Management System (CMS).
The benefits of Configuration Management5
Why is CM significant? Because CM supports all the other Practices ensuring they use a standardized approach to change:
CM significantly reduces incident resolution time using a central repository for critical infrastructure data:
- The Service Desk, using the CMS, may increase the number of resolutions without escalating, increasing user productivity and customer satisfaction and reducing support costs.
- CM may help to standardize the approach to incident resolution.
- The data in the CMS allows for better forecasting and planning of changes.
- CM minimizes quality and compliance issues caused by improper configuration of services and assets using ANSI or ISO 9001 (Quality Management System) protocols.
- CM processes lead to better adherence to standards and legal and regulatory obligations.
- CM helps identify the cost of service delivery.
- CM enables optimizing changes and the reuse of standards and best practices.
- CM significantly helps to reduce the cost and time to discover configuration information when needed.
- CM assists Problem Management in root cause analysis leading to known error resolution and reducing significant loss of productivity.
What are Configuration Item relationships?
Earlier, we said that CM documents all CIs essential to delivering a service. CI relationships are important for understanding how it all works. Examples of relationships:
A CI is a part of another CI:
- A software module is part of a program.
- A server is part of site infrastructure.
A CI connects to another CI:
- A desktop computer connects to a LAN.
A CI uses another CI:
- A program uses a module from another.
- A customer-facing service uses an infrastructure server.
A location of a CI is on another CI:
- This desktop PC has MS Project installed.
CI relationships are critical for associating operational actions with CIs. To understand daily events, we associate change records, incident records, problem records, known errors, and release and deployment records with the services and IT infrastructure. These are all CIs.
For example, a user may call the Service Desk to say that their laptop is acting up. Rather than spending significant time troubleshooting at the Service Desk or escalating to Level 2 support, the Service Desk agent can tap into the CMS and see that the user's laptop just received an update from Deployment Management. Now, the Service Desk can send the incident to the right support group with the background information, getting the user back up and running quickly (i.e., decreasing costs and increasing customer satisfaction).
The risks of not investing in Configuration Management
To understand the benefits of CM, it is helpful to look at the risks if you don't invest in Configuration Management:
- A misplaced focus on the technology rather than the service and business focus of successful delivery of services.
- Not understanding or considering the accuracy of configuration information over time.
- Not setting an appropriate scope for Configuration Management.
- Not keeping the data accurate by not following standard procedures (set by CM) for moving hardware assets by non-authorized staff.
- Not conducting regular physical audits to discover, correct discrepancies, and learn through continuous improvement.
- Not believing that practical CM is an all-or-nothing activity. Overlooking just one component can cause a vulnerability to the entire infrastructure.
- Not integrating CM with other Practices, such as Change Enablement, IT Asset Management, and Information Security. A successful CM requires all Practices to support the accuracy of the documentation.
What are the tools used in Configuration Management?
Configuration Management System (CMS)
The CMS is a set of tools, data, and information to support Configuration Management. In addition, the CMS is part of an even more comprehensive support tool called the Service Knowledge Management System (SKMS).
The CMS has capabilities for gathering, managing, storing, updating, analyzing, and presenting information about all configuration data and their connections. Information about incidents, problems, known errors, changes, and releases may also be included in the CMS. CM maintains the CMS, and all IT Service Management Practices use it.6
The four views of the CMS
There are four architectural layers of the CMS. Dashboards typically make it easier for people who need this information daily:
- Change and Release view. Change and release personnel responsible for Change Enablement/Project Management, Release Management, and Deployment Management use this view as part of their project responsibility.
- Technical Configuration view. Used to meet the requirements of staff members doing technical and application management tasks.
- Service Desk view. For logging and handling issues and service requests, for instance, by the Service Desk.
- Configuration Lifecycle view. Used by those in charge of controlling the lifecycle of Configuration Items in Configuration Management.7
What is the Configuration Management Database (CMDB)?
When people think of the Configuration Management Practice, they usually only know of it as the Configuration Management Database, or CMDB. By now, you know the Configuration Management Practice is much more than CMDBs. CMDB is simply a place to store CIs.
ITIL defines the CMDB as:
"A database used to store configuration records throughout their lifecycle."8
The CMS maintains one or more CMDBs, and each database stores attributes of Configuration Items and relationships with other Configuration Items. These CMDBs are federated, making them seem like one giant database.
The CI attribute field distinguishes one CI from another. Name, location, version number, serial number, and cost are examples.
The Service Knowledge Management System (SKMS)
The SKMS takes all the data generated from service operations and makes it available in a user-friendly context. The SKMS starts with:
- Raw Data (it must be accurate) turns this data into
- Information (the who, what, when, where?) Then
- Knowledge (the how) and with user's input
- Wisdom (the why)
People alone cannot possibly populate the CMS and all the CMDBs. It takes a full 360-degree view of applications, cloud, computing, network, and storage using many viewpoints and creating or verifying digital records stored in a CMDB.
The right tool, or tools, should be technically discreet (i.e., not intrusive or impact performance). They are invaluable when starting your CM project as they populate the CMDBs according to your strategic plans.
Regularly, a good strategy is to troll the infrastructure and match what discovery tools find with the CMS. If there is a mismatch, the discovery tool should automatically create a priority one incident.
Change Enablement's cardinal rule is that there should never be a change to the live environment without an approved Request for Change (RFC). To do so decreases the viability of the CMS. Remember, accuracy is everything.
Additional CM tools
In addition to the tools described above, organizations often integrate other tools to help populate, analyze, reduce errors and optimize costs:
- Enterprise systems
- Network management
Terms used in the Configuration Management Practice
||The configuration of a service, product, or infrastructure that has been formally evaluated and accepted serves as the basis for subsequent activities and can only be changed through formal change procedures.
||The most recent state of a Configuration Item or environment (e.g., from a discovery tool). The CM keeps the snapshot as a fixed historical record and stores it in the CMS. The image is used by the Deployment Practice to fix a failed release.
The Configuration Management System is an essential part of IT
The following diagram of the Service Knowledge Management System (SKMS) demonstrates the total value of ITIL, where the many parts must operate as one:9
As you can see, many arrows are leaving the CMS and providing support information and critical data to the rest of IT.
The SKMS is a tool that helps present CMS data in many discrete ways.
The diagram shows the many CMDBs of the CMS. Some CMDBs store incidents, service requests, problems, known errors, changes, and releases. For example, an incident refers to one or more CIs. And the SKMS makes all that information available to other Practices.
Another example comes from the end of a project. The last step is to update the CMS for all the CIs changed, removed, or added. Then the result of the project is available to all.
The SKMS is how enlightened IT organizations maximize the support and value to the business.
Configuration Management roles and responsibilities10
The Practice Manager owns the Practice:
- Carrying out the generic process manager role.
- Are responsible to the organization for the management of the fixed assets that fall under IT's purview.
- Defining and agreeing to the service assets treated as CIs.
- Making sure configuration information is available whenever and wherever it is required to support other Service Management Practices.
- Planing and managing support for CM tools and processes.
- Coordinating interfaces between CM and other Practices (i.e., Change Enablement, Release, Deployment, Knowledge Management).
The analyst role:
- Proposing scope for CM.
- Supporting the development of principles, processes, and procedures by the process owner and process manager.
- Defining the structure of the CMS, including CI types, naming conventions, required and optional attributes, and relationships.
- Training personnel in CM principles, processes, and procedures.
- Performing configuration audits.
The custodian of CIs registered in the CMS:
- Controlling the receipt, identification, storage, and withdrawal of all supported CIs.
- Maintaining the status of CIs and provides this as appropriate.
- Archiving superseded CIs.
- Assisting in conducting configuration audits.
- Detecting, noting, storing, and disseminating CM-related problems.
Each IT department should have a designated CM Manager:
- Managing CIs for their department.
- Training and advising strategy to optimize the use of the CMS for their team.
- Ensuring that all team members follow CM policies and practices.
Critical Success Factors (CSF) and Key Performance Indicators (KPI) for Configuration Management11
CSF - Accounting for, managing, and protecting the integrity of CIs throughout the service lifecycle.
- KPI - Increased accuracy of costs and budgets for the assets used by each user or business unit.
- KPI - Greater redistribution and recycling of underused resources and assets.
CSF - Supporting accurate configuration information delivery at the appropriate moment to support efficient and effective Service Management processes.
- KPI - Percentage increase in the maintenance plan during the asset's lifetime (lower is better).
- KPI - Increased efficiency for Incident Management in locating problematic CIs and resuming service.
- KPI - Decrease in the typical amount of time and money spent diagnosing and addressing incidents and problems, broken down by type of issue.
CSF - Creating and maintaining an accurate and comprehensive CMS.
- KPI - Reduction in the business impact of outages and incidents caused by poor service CM.
- KPI - Improved configuration data accuracy and quality.
- KPI - Better audit compliance.
How Configuration Management integrates with other ITIL Practices
Configuration Management is a tool for all the other Practices. CM provides detailed information on how the IT environment works. The different Practices add content in a controlled manner, expanding the value of the CMS.
Below is a high-level table showing some of these relationships. CM is a systems engineering practice for establishing and maintaining consistency of service performance and functional and physical attributes with its requirements, design, and operational information throughout its life.12
||Continual Improvement is the mantra of all enlightened IT departments. Having a CMS allows all Practices to see the big picture from the four dimensions of Service Management (e.g., Organization & People, Information & Technology, Partners & Suppliers, and Value Streams & Processes). No other tool brings IT together with the common goal of outstanding business support. For Continual Improvement, cost reduction is a priority. Having a thorough understanding of every component of your configuration, preventing unnecessary asset duplication.
The CMS shows the relationships of all CIs
Each CI is a potential security risk; collectively, they may be a risk. Using the CMS allows Information Security to strategize and set security policies to protect the business.
||As part of Service Design, having an up-to-date digital representation of the live environment allows Architecture Management to have an up-to-date picture of the infrastructure, making it easier and shortening the time to design safe, effective, and cost-efficient changes.
||In the diagram above of the Knowledge Management system, it is easy to see how the CMS supports SKMS. The SKMS provides effective and customizable views of how all the different databases and tools fit together. Knowledge Management adds to the CMS and customizes views while the CMS organizes data for KM.
||The CMS is the central tool Portfolio uses for Service Lifecycle Management. The CMS assists Portfolio in its role for continual re-evaluation and refreshing of services, saving the business money. Portfolio uses CMS reports to determine when the cost of keeping a CI is greater than replacing it.
||Since Project Management is the Practice that executes changes, the CMS supports risk analysis and baselines before and after the project completion. Project Management uses the CMS for cost reduction analysis by having detailed knowledge of all the configuration elements, avoiding wasteful duplication of the technology assets.
||Risk Management uses information in the CMS to evaluate the risks to business infrastructure. Using a CMS reduces the risk of outages and security breaches through visibility and tracking of the changes to the system that might increase risk chances. Traceability helps ensure meeting change standards.
||Strategy Management uses the CMS to visualize the current infrastructure, commission projects, eliminate weaknesses and risks, and build health and profitability. Because of an accurate diagram and the ability to create views by services, Strategy can better make decisions about projects.
|Service Level Management
||SLM uses the CMS to determine whether service levels are possible, given the current structure. SLM targets are particularly beneficial in the area of warranty (i.e., availability, performance, security, and continuity).
|Monitoring & Event Management
||When viewing the service architecture in the CMS, Monitoring and Event Management can better plan what to monitor to ensure IT has an early warning that service delivery faults are likely.
||Incident Management can supplement its methods by increasing the use of the CMS and, for example, using the CMS to see if there have been any recent changes to a user's system.
||Problem Management is a heavy user of the CMS. The CMS is used to help determine the level of impact and pinpoint and diagnose the exact point of failure. In addition, proactive Problem Management can query the CMS for other potential issues (i.e., show me all other laptops with this configuration). Greater agility and faster problem resolution enable you to provide a higher quality of service and reduce software development and management costs.
||The Service Desk uses the CMS to help resolve incidents by identifying broken service components. They improve customer experiences when staff can rapidly detect and correct improper configurations.
|Service Request Management
||Service Request Management is responsible for deploying user-initiated pre-approved Standard changes via a service request + standard RFC. The CMS tracks all service request changes.
||For Change Enablement, the CMS is a powerful tool for determining change request risks.
||Release Management ensures that releases meet all the standards for adding new versions to the live environment. When ready for deployment, Release Management stores the release in the Definitive Media Library, ready for Deployment Management. The CMS keeps accurate records of deployed versions and locations of approved software.
||Reduce the risk of outages through visibility and tracking changes to your systems.
|Capacity & Performance Management
||Capacity and Performance Management become easier when an accurate visual display for service delivery items is available.
|Service Continuity Management
Service Continuity Management's role is to bring systems back after a disaster.
The CMS standards and baselines can optimize this Practice because they can count on accuracy. DevOps teams can gain insight into how their most recent changes effect system efficiency and functionality through performance testing.
|Service Catalog Management
||SCM is an online service where users can request software, hardware, and access. The catalog automates service requests saving IT high costs. Service Requests and Standard changes are user-initiated here. The CMS guides the services requested.
||The Service Design Practice depends heavily on CMS automation because it is easier to build checks and redundancies, improving the potential for omissions due to human error and the accuracy of keeping assets in the desired state.13
|Service Validation & Testing
||SVT tests the builds produced by the Design Practice and the transition Practices of Project Management to ensure conformance to Configuration standards.
||The Deployment Management Practice uses the CMS's snapshots when deploying changes. Knowing the official baselines saves Deployment time and money from having to do it themselves. Since the CMS baseline is always available, Deployment can build rollback processes that restore quickly. In addition, Deployment can use changesets instead of single file commits (i.e., packaged commits and environment changes in one easy commit).
|Infrastructure & Platform Management
||The Infrastructure Management Practice use CMS automation as a reminder to update a piece of software to avoid a known vulnerability. The state of your systems must be accurately recorded, and baselining an attribute can guarantee efficient formal configuration change control procedures.
|Software Development & Management
||Following the approved guidelines of the Software Development Life Cycle (SDLC) and Configuration Management, companies can decrease costs, decrease time-to-market and minimize errors. CM provides the standards everyone must follow.
Why Service Configuration Management, CMDB and ITSM Matter
Configuration Management with its CMS tool, CMDBs, and discipline promotes transparency, visibility, and better control of IT Assets. As IT organizations grow in size and complexity, it becomes exponentially more difficult to manually track their assets, deployment locations, and who controls them.
For all businesses, foundational IT change is essential to remain competitive and to protect the company from threats. An investment in Configuration Management, with its centralized data, and comprehensive best-practice controls on changes, reduces risks and outages that could impede the health of an entire organization.
- ITIL® Foundation, ITIL 4 Edition, Axelos Global Best Practices, 2019, p.139
- Ibid, p. 140
- Ibid, p. 140
- ITIL v3 Service Transition, 2011 edition, Axelos Global Best Practice, p. 90
- Microfocus Best Practice Guide
- Ibid, p. 94
- Ibid, p. 95
- Ibid, p. 309
- Ibid, p. 186
- Ibid, p. 229
- TIL v3 Service Transition, 2011 edition, Axelos Global Best Practice, p. 113
- UpGuard, "What is Configuration Management and Why is it Important?" Aug 01, 2022
- Ibid., UpGuard