Change and Configuration Management (CM) is the most underestimated and least understood development discipline in most companies today. Yet having this discipline in place avoids unplanned outages and pays the largest dividends in cost and time savings. Most companies focus on Development, then Quality Assurance then Business Systems Analysis methodologies but neglect the forth and equally important element - Change and Configuration Management. In fact most organizations back up their data, source code and even have a second set of hardware are still unable to recover the last decade of undocumented configuration data accumulated through all the weekend “tweaks” to the system.
Why is this? There are many reasons:
• Difficultly: Configuration management is very hard to do in a constantly changing landscape of operating systems and tools
• Communication: Management think developers do CM; developers think other developers will do CM
• Education: There is no formal University degree in change and configuration management
• Focus: It is not perceived as exciting a discipline as development. Other disciplines are often perceived as having greater value and have more press coverage
• Resources: It takes a specially skilled engineer to effectively perform enterprise wide CM
What is it?
Change and Configuration Management (CM) is the process of identifying and defining system components, controlling the change of these items throughout their lifecycle, identifying the status of each detailed item and change request, and then verifying the completeness and correctness of each. CM manages changes made to hardware, software, and documentation through a series of controls to minimize risk during testing, deployment, rollback, and recovery.
How do I know if I need it? The following are symptoms of not having a strong CM discipline:
• Unacceptable system downtime. Your system downtime is frequently not due to a system defect, but because of deployment errors such as the build was bad, the environment was not clean, the wrong version was deployed, the rollback didn’t work, it was deployed partially or not to the right destination or the installer failed
• Single threaded development. Your developers cannot work in a parallel fashion allowing safely for changes to multiple branches of code to be merged at a later stage
• Time Delays. Increased time required to promote code from development to other environments. Your developers tell you that the coding is completed, but it still takes a large amount of time to integrate the code, build the product and reproduce a working environment for the Quality Assurance (QA) team
• Environmental Integrity and Complexity. The QA and Development environments never seem to match production realities, resulting in production defects that cannot be found or reproduced by the Developers and Testers. The installation of the system is not automated and takes a long time to set up
• Recurring problems. Defects that were identified and fixed in earlier versions seem to keep creeping back into production
Scorpion has the most experienced experts in Change and Configuration Management. The benefits our clients see from engaging these experts is that the above issues disappear allowing you to:
• Experience overall system uptime increases and deployment risk is mitigated
• Reproduce a production environment from any point in time, reliably from a secured source
• Monitor and reduce the risk in terms of production uptime and system integrity
• Let your developers focus on development tasks as the burden of establishing and maintaining environments is now a dedicated role
• Meet and exceed compliance requirements such as segregation of duties (SOD), secured access to code, version control, rollback planning, etc.
CM is a support and control layer for the SDLC providing the following services to the team during a project:
• Risk Management. CM mitigates risk at the pre-development stage of the SDLC. Configuration management meets with the team to discuss the impact of changes and to think through potential problems. CM recommends steps that reduce the risk of these problems.
• Environment and Version Control. CM is responsible for managing development environments including infrastructure components, capacity planning, access control and migration integrity. When a new project begins, CM gives Development the correct revision of the code base to work on. As Development makes changes, CM is also in charge of source code integrity and version control. CM keeps track of the changes with the new version as well as what versions are currently in QA or Production.
• Build and Release Management. On notification of Development being complete, CM takes the code from the appropriate source control branch and builds the system in a secured build environment. The system is built and packaged in a repeatable, automated manner and then deployed to QA. It is important to have Configuration Management do this step to ensure the QA is testing the correct build in the correct environments. After testing, CM takes the exact same package QA tested and deploys it to a Production staging area. Operations take it from there and places it in Production thus ensuring the same code tested ends up in production!
• Break/Fix or Emergency Release Management. CM plans for emergencies before they happen. This plan helps protect the business by having prepared strategies used in response to unplanned or emergency releases. For example, If something in new code breaks and causes the system to go down, CM will assist by executing pre planned and rehearsed steps that rollback code to an earlier version, allowing the system to work without the new changes.