Validating Configuration Management Uses

Two weeks ago I discussed how the value of Configuration Management activities are derived from the improvements made to other processes.

I want to suggest another way that this can happen, borrowing concepts that recently starting to surface in Project Management communities. That concept is called PRUB and was introduced last year by a professor from New Zealand, Dr. Phil Driver, and published this year in the book “Validating Strategies: Linking Projects and Results to Uses and Benefits“. As a tool it is both simple and somewhat intuitive, but it provides a simple framework for eliminating disconnects between high-level desires of management the practical day-to-day realities of operations. It helps us ensure there exists a clear and understood path from the project charter to through the deliverables to uses and benefits.

PRUB is an acronym for Project, Results, Uses, and Benefits. Originally intended to map the projects that support a particular strategic direction, it is simple and flexible enough that we can map it to improvement initiatives IT Service Management. In this case I am starting to use it as a tool for validating the uses associated with Configuration Management implementations, because it can help eliminate some of the shortcomings common to attempts to improve Configuration Management activities.

I did also want to step through a specific case study from a recent implementation with a government entity. I should note that we did not perform a specific PRUB analysis for this set of use cases of the CMDB, but I mention it because their requirements clearly thought through the each step of the PRUB analysis. They built some novel functionality into their CMDB implementation that I really liked.

I wrote up this and another example in the attachment: PRUB for CMDB. It contains a use case for Configuration Management with the Access Management process that was based loosely on this government entity.

PRUB_for_CMDB_drawing

 

  • Project / Process: Configure the CMDB to improve Access Management (this is a novel usage).
  • Results: Create a Permission Configuration Item for each authorized access request to a system. Link the CI to access request ticket. Create a relationship between the Permission CI and the sytem CI. In addition, import historical Permissions (prior to system implementation) to the CMDB.
  • Uses: When visualizing planned changes to a CI, the relationships can show them who has been granted access. The CI’s can be reported for scheduled reviews or audits of valid accesses. The specific access history can be pulled up from each Permission CI (based on the Access Request ticket). More broadly this use of the CMDB provides a more flexible mechanism to visualize and view the access requests.
  • Benefits: Improved assessment of the impact of planned changes. Improved reporting, controls and auditability for CI’s.

There are other relationships associated with these Permission CI’s, but I just wanted to provide a flavor for how the PRUB tool can demonstrate specific uses and benefits of the Configuration Management process.

Are the benefits measurable? If you can identify measurable benefits you should include them in your analysis. If you come across a CMDB implementation that does not clearly map out the results, how those results will be used, and how those uses will bring benefits to the users or the organization, then that should be a red flag.

IT Asset Management

Introduction

Last week I discussed how organizations with low maturity in the processes that Configuration Management supports will not realize any value from Configuration Management activities.

  • Financial Management of IT Services
  • Availability Management
  • IT Service Continuity Management
  • Change Management
  • Release and Deployment Management
  • Incident Management
  • Problem Management

There is an exception to this observation: IT Asset Management.

Configuration Management

I have experience, both hands-on and consultative, with BMC tools that fit in both market spaces, and I know from experience there is often confusion among potential or actual customers, in how they should use one tool or the other for certain situations.

Let’s start with the ITIL definition anyway. Configuration Management is the process that ensures that assets required to deliver services are controlled, and that accurate information about those assets is available when required. That is a very broad scope, but the focus here is really on how are the assets are configured and the relationships between them.

Versus IT Asset Management

IT Asset Management is a process for tracking and reporting the financial value and ownership of assets throughout their life cycle. Generally IT asset management focuses on hardware and software, while Configuration Management may also track non-physical assets such as virtual servers, virtual containers (research Docker if you have any questions about containers), documentation such as policies or processes or contracts, or other non-physical assets for which the changes do need to be controlled.

The concept of Configuration Management is broad enough that you can think of IT asset management falling within its scope, as a sub-process of Configuration Management.

Most organizations who do not realize any value from Configuration Management activities still need to manage the IT Asset Management life cycle. This has implications on:

  • Utilization of IT Assets
  • Information Security
  • IT Service Continuity Management

Organizations to do not require a CMDB in order to manage the life cycle of IT assets. A CMDB can be used, but specialist tools are available, and these tools are preferred when they automate the discovery and inventory of IT assets.

 

The Value of Configuration Management

Understanding Value

For the purpose of understanding the value of Configuration Management, we have to trace how value is added to transactions. The value transaction is important to the supplier because that is where value to the customer is measured. (Presumably the customers use value exceeds the transaction value, or the transaction is not sustainable.)

Adding Value to Value Transactions

  • Value Transactions are supported by Business Services
  • Business Services are supported by IT Services
  • IT Services are supported by IT Processes

The further down this chain we go, the harder it is to measure value to the customer, and the more care we must take to ensure that the supporting processes are adding value to the customer in the form of improvements to the Business Services or products.

Herein lies the pain point in measuring the value of Configuration Management. Value: Configuration Management

Configuration Management supports and improves IT processes:

  • Financial Management of IT Services
  • Availability Management
  • IT Service Continuity Management
  • Change Management
  • Release and Deployment Management
  • Incident Management
  • Problem Management

And Configuration Management is one more step away from the value transaction. We understand the value of Configuration Management by the improvements it makes to the other processes.

  • Few organizations measure the value of IT processes
  • Few organizations even measure key metrics such as the cost per minute of down time to IT Services, or value of a Problem Resolution.

The Chicken or the Egg

Which came first? Is Configuration Management a prerequisite to other processes its supports? No, it is not a prerequisite, though I know some people would disagree with this. Organizations can execute a Change Management process without relying on Configuration Management activities or a CMDB. In fact I know many organizations doing exactly this.

Could organizations improve their Change Management process with a CMDB in place to help assess the impact of changes? Certainly yes, but organizations who don’t have some maturity in other processes will not realize any value from Configuration Management.

I would say the opposite is true. You cannot have a working Configuration Management process without a mature Change Management process. Unless the data update is entirely automatic, and in my experience this is rare, then the data become stale and the data quality will degrade.

Rethinking the CMS

I first started this post in response to the IT Skeptic’s CMDB is crazy talk post about 2 weeks ago. My own position derives from several observations in the real world:

  1. Few organizations are willing to perform a full spectrum CMDB implementation, due to cost constraints. (In my opinion few organizations actually require this.)
  2. Observation #1 even includes those organizations that have purchased a commercial CMDB software package. They purchased the software to achieve a more specific objective.
  3. And yet most organizations perform some level of configuration management, even if that is as simple as tracking software licenses on a spreadsheet.
  4. Most organizations would benefit from doing a little more than they are currently doing. The “what” depends on the organization.

The ITSM community needs to stop thinking about the CMS / CMDB as a process (which has defined inputs and outputs) or a thing or a database. Instead we can think about it as a broad collection of activities that help maintain information and documentation on the configuration of assets and software inside an organization. This isn’t a black or white implementation where you do it all or you don’t do any–most organizations span the spectrum of gray.

The trouble with ITIL (as if there were only one) is the concept of a CMS is so abstract that most people cannot understand  it. This is by design–it saves the authors the trouble of actually doing anything. I still have trouble describing ITIL’s take on the CMS, and I have done practical implementations in a dozen organizations.

Let’s help practitioners by enumerating and describing the various CM activities that take may take place that are common in the real world. We will explain the benefits and costs associated with each.

For example:

  • Automated discovery of hardware assets
  • Automated discovery of installed software assets
  • Automated discovery of network assets
  • Automated linking of software and hardware assets
  • Automated linking of hardware and network assets
  • Automatic reporting on software compliance and unused licenses
  • Linking Incidents to CI’s
  • Linking Changes to CI’s
  • Linking Problems to CI’s
  • Linking CI’s to end-users
  • Linking CI’s to end-user organizations

This list is VERY incomplete, and there is no out of the box solution for any of the above. There is a wide variety of expression of CI names, CI types, attributes, and statuses of the above items. Each can be automated to different levels.

By making a checklist we can help practitioners and organizations understand what they can do, what other organizations do, and what they should consider in the future. It would be a list of available options, rather than a document of the One True Way dictated high from above. We can expand on Skep’s checklist concept.

A checklist of practical activities could also feed into a maturity assessment.

We can call it the Management of the Configuration of the Configuration Management Database Database. Or we can call it WikiCMDB for short. Stay tuned here for more details.

I am thinking out loud, so everything in this post may be wrong. I welcome your feedback.

OBASHI and the CMDB

In September 2010 APMG unveiled its new OBASHI Certification based on the OBASHI methodology developed in 2001 in the gas & oil industry. I won’t go into detail here, but there is at least one book available at the APMG-Business Books but apparently not on Amazon, and least of all not in Kindle format. There is also a OBASHI Explained white paper. Confession: I haven’t yet read the book.

This is just a first impression, and it was this: this is a lot like the CMDB analysis I have done several times in the past. Here is a CMDB framework which I have commonly seen used in industry.

At the top you can imagine are products that your company offers to its customers. Those products are provided by Users (of Services provided by IT), which may be individual users, departments, divisions, teams, etc. The Users use services which may be provided by other services or by applications. Applications run on servers and computers, which are connected by networks.

That sounds obvious but have found some people find it a bit abstract until they start laying out practical examples. The important thing to remember is the objects (rectangles on a diagram) are connected by arrows. In CMDB parlance, the objects are Configuration Items (CI’s) and the arrows are relationships. I typically label the diagrams.

The OBASHI framework seems to use the same concepts. When modeling a CMDB I usually allowed the customer a little more flexibility of CI Types and Relationships, depending on their requirements. OBASHI seems a little more rigid in the use of components and data flows.

At first I wondered what is the purpose of OBASHI. However, I like it after further thought. Although it describes data flows, it is easy to envision it describing other flows, such as process flows. It is an effective framework for analysis that effectively communicates complex systems. It doesn’t require the full implementation of an expensive CMDB to achieve its benefits, and the information collected will readily be reused in the implementation of a CMDB.