Configuration Management:

From HORSE - Holistic Operational Readiness Security Evaluation.
Revision as of 15:09, 23 March 2007 by Mdpeters (talk | contribs) (→‎Configuration Management Overview)
(diff) ← Older revision | Latest revision (diff) | Newer revision → (diff)
Jump to navigation Jump to search

Configuration Management

The detailed recording and updating of information that describes an enterprise's computer systems and networks, including all hardware and software components. Such information typically includes the versions and updates that have been applied to installed software packages and the locations and network addresses of hardware devices. Special configuration management software is available. When a system needs hardware or software upgrade, a computer technician can access the configuration management program and database to see what is currently installed. The technician can then make a more informed decision about the upgrade needed.

An advantage of a configuration management application is that the entire collection of systems can be reviewed to make sure any changes made to one system do not adversely affect any of the other systems.

Configuration management, when used strictly for software development, is called Software Configuration Management (SCM). Using SCM, software developers can keep track of the source code, documentation, problems, change requests, and changes made.

Configuration Management Overview

The fundamental purpose of Configuration Management is to establish and maintain the integrity and control of software and hardware products (e.g. servers, source code, patches, documents, CPU's etc) throughout a project's life cycle.

Configuration Management is the process of identifying and defining the items in the system, controlling the change of these items throughout their lifecycle, recording and reporting the status of items and change requests, and verifying the completeness and correctness of items.

Effective configuration management can be defined as stabilizing the products artifacts and process (activities) at key points in the life cycle.

The key integrated aspects of CM are:

  • Identification: Required to ensure you have identified (understood) the current state of your products and systems. This can be done in various ways including use of formal configuration documentation, use of version control tools, use of baselining (snapshot) tools etc.
  • Management: To ensure project (product) evolves appropriately, various Management mechanisms, e.g. procedures and quality gates should be employed within the organization’s life cycles. This area is usually supported with workflow, deployment and version control tools.


Areas of attention include:



  • Status Accounting: Needed to ensure we have necessary information to enhance our decision-making capability. Through status accounting, we are able to produce reports based on previously captured data (assuming we have established mature identification and management procedures). The information provided should support all levels of the organization e.g. engineers, developers, project managers, business managers etc.


  • Audit: Review and audit are required to ensure that the organization’s CM process is adhered to and that our configurations are accurate.


Primary forms of audit include:


  • Physical Audit i.e. where we ensure the identified configuration is the same as the actual configuration.
  • Functional Audit i.e. where we ensure the functional description e.g. use-case, maps to the actual functions (primarily done via testing).
  • Process Audit i.e. where we ensure the defined process (as documented in the CMP) is consistently followed.


  • Identification:

Describes the system structure, the nature of its elements, and their identity and gives access to each item version.

  • Control:

Organizes versions and changes to system items while keeping coherency and consistency on the complete system.

One of the five categories of network management of OSI networks, configuration management subsysem is responsible for detecting and determining the state of a network. See also account management, fault management, performance management, and security management.

The process of:

  1. Identifying and defining the Configuration Items of a program, project, or service.
  2. Controlling the release and change of theses items throughout the system or project life cycle.
  3. Recording and reporting the status of Configuration Items and change requests.
  4. Verifying the completeness and correctness of Configuration Items.
  5. Maintaining integrity and trace-ability throughout the program.


The process of identifying, defining, recording and reporting the configuration items in a system and the change requests. Controlling the releases and change of the items throughout the life cycle See also Code Management.

Software Configuration Management

Software Configuration Management includes the creation, installation, deletion and establishment of relationships of the software systems built from the configuration items that compose it. This "movement" of configuration items is documented by SCM and may be considered a configuration meta-item. The goal of SCM is the recreation of software systems, under its direct control, from their human-readable components. SCM also chronicles use of and changes to external software products, not under its direct control, as black boxes supporting or interacting with the software systems it does control.

Hardware Configuration Management


External Links

References

According to ITIL:

Configuration Management covers the identification, recording, and reporting of IT components, including their versions, constituent components and relationships. Items that should be under the control of Configuration Management include hardware, software and associated documentation.

  • Configuration Management:The art of providing systematic and uniform configuration identification, control, and accounting of an equipment and its parts.
  • Configuration Identification:The technical data describing the approved configuration of the product OR the process for identifying these data, the product, and the changes made to them.
  • Configuration Control:The evaluation, coordination, and approval of all changes to the equipment configuration defined by the baseline.
  • Configuration Accounting:The reporting and recording of all changes made to the baseline.
  • Baseline:An approved reference point for control of future changes to a product's performance, construction and design.