Configuration Management Explained

Wikipedia defines configuration management, in an IT service management (ITSM) context, as the:

“...process that tracks all of the individual configuration items (CI) in an IT system which may be as simple as a single server, or as complex as the entire IT department. In large organizations a configuration manager may be appointed to oversee and manage the configuration management process.”

https://en.wikipedia.org/wiki/Configuration_Management_(ITSM)

Where a CI is defined as: “Any component that needs to be managed in order to deliver an IT service.”

Source: Axelos, ITIL Foundation: ITIL 4 Edition Glossary

Example configuration items

Configuration management applies to various IT infrastructure elements, not just the technology employed. For example:

• Hardware CIs include servers, client devices, network devices, and storage systems
• Software CIs include operating systems, applications, databases, and middleware
• Network CIs include routers, switches, firewalls, and load balancers
• Documentation CIs include technical documentation, configuration guides, standard operating procedures, and knowledge articles.

Configuration management also applies to virtualized and cloud environments. It involves managing the configurations of virtual machines, containers, cloud services, and orchestration tools.

The earlier configuration management definitions are probably best understood using a configuration management example.

A configuration management example

The easiest configuration management example to understand is that of configuration management data and insight being used to identify the impact of a proposed change.

Suppose a company is planning a major upgrade to its enterprise resource planning (ERP) system. The upgrade is complex and involves deploying a new software version, migrating data, and reconfiguring the integrations with other IT systems. The company has a formal change management capability, but this is facilitated by configuration management.

At a high level, configuration management data will play a crucial change management role throughout the ERP system upgrade, starting with the change request submission. This will detail a high-level view of the change’s impact on configurations and integrations. However, it’s at the impact assessment stage where configuration management data is used to identify dependencies, relationships, and potential conflicts with other CIs. At the change approval stage, the change advisory board (CAB) will rely on the accuracy of the employed configuration management data to make informed decisions about the change’s potential risks and benefits.

The potential use cases for configuration management data continue beyond this as the change, once approved, moves into release and then deployment.

The ITIL perspective of configuration management

While the IT industry has long called configuration management “configuration management,” the ITIL body of service management best practices has called it various things. For example, in ITIL 4 – the latest version of ITIL – the related ITSM practice is called “service configuration management.” In the previous version of ITIL – ITIL v3 2011 Edition – the relevant ITSM process was called “service asset and configuration management.” Ultimately, though, it’s still a body configuration management best practice, no matter the terminology used.

This is demonstrated by the ITIL 4 definition of the service configuration management practice:

“The purpose of the service configuration management practice is to ensure that accurate and reliable information about the configuration of services, and the configuration items that support them, is available when and where it is needed. This includes information on how configuration items are configured and the relationships between them.”

Source: Axelos, “Service configuration management: ITIL 4 Practice Guide” (2023)

The elevator pitch for configuration management’s importance is that it facilitates better ITSM decision-making that improves IT operations and business outcomes (including better customer and employee experiences).

Digging deeper into its importance, configuration management helps IT organizations with:

• Decision-making – configuration management data provides valuable insights into the organization’s IT infrastructure, including CIs, relationships, and dependencies for decision-making processes such as capacity planning, resource allocation, and technology investments.
• Service quality – thanks to accurate and up-to-date information about CIs being available for various ITSM practices or processes.
• Change and risk management – as per the above example.
• Incident and problem management – when incidents or problems arise, the relevant personnel can use accurate configuration management information to diagnose issues, identify root causes, and invoke appropriate solutions.
• Security – with reduced risk of security breaches thanks to change tracking and increased visibility of the IT infrastructure.
• Compliance and auditing – configuration management data helps organizations to meet regulatory requirements, industry standards, and internal policies.
• Continual improvement – configuration management provides data for performance monitoring, trend analysis, and root cause analysis that can identify opportunities for improvement, including cost reduction when needed.

Configuration management process

The ITSM configuration management process has the following four steps:

• Identification – to identify the CIs to be managed, including their attributes. This is usually undertaken using network discovery tools, and a configuration baseline is created within the CMDB.
• Configuration control – to manage changes to CIs and maintain configuration integrity. This will be done via a formal change control or change management process.
• Status accounting – to document and report on the status of CIs and changes. This includes the creation of reports.
• Audit and verification – to verify CIs conform to their documented specifications and requirements. This step also includes identifying and resolving discrepancies.

This is the traditional approach to configuration management, where the CMDB is updated with CI configurations within the IT infrastructure. Modern IT management practices, where automation is heavily leveraged, also allow for an alternative approach called “infrastructure as code.” This uses the CMDB to drive change – so the infrastructure reflects the CMDB rather than the reverse. The CMDB view prevails if there’s a difference between the CMDB data and the IT infrastructure. This infrastructure as code approach is returned to in the next section.

DevOps brings automation to infrastructure management and deployment (along with other approach elements), especially through the infrastructure as code approach outlined earlier. Configuration files and scripts are used to automate environment setup and configuration management helps to ensure that environments are identical across the lifecycle and to detect drift between environments.

Continuous Integration and Continuous Delivery (CI/CD) is a process that facilitates multiple changes to a codebase simultaneously. It uses pull request-based code review workflows to automate the deployment of code changes to the live environment. This same flow applies to configuration changes, so approved configuration changes can be immediately deployed. Configuration management also:

• Helps ensure version control across different pipeline stages
• Maintains consistency between build artifacts and deployment configurations
• Helps ensure test environments match production environments.

The Agile approach focuses on iterative development. Here, configuration management can track changes incrementally, manage the changing requirements and environments, and provide a shared understanding of configurations among Agile team members.

The earlier “Why is configuration management important?” section shared some high-level reasons for using configuration management. This configuration management benefits section further describes the better outcomes of using configuration management.

• Improved visibility of the IT environment, including hardware, software, and network components
• Better cost management and more informed purchasing decisions
• Improved asset utilization and reduced waste by tracking the status and lifecycle of assets
• Better control over the IT infrastructure, tracking changes and their impacts, and reducing unexpected changes or disruptions
• Improved stability, reducing inconsistencies to maintain IT infrastructure stability
• Service consistency and improved service quality
• Better strategic planning thanks to a detailed view of the current state
• Increased compliance with regulatory requirements, internal policies, and standards
• Improved ITSM capabilities that include:
  • Faster incident resolution
  • Improved problem management capabilities thanks to quicker root cause identification
  • Better controlled, assessed, and managed changes.

Some configuration management best practices include:

• Focusing on business value and operations, understanding how configuration management data will help
• Ensuring that the development configuration management practices and the CMDB incorporate the needs of all relevant business stakeholders, i.e. the people who will benefit from configuration management data
• Defining clear objectives for configuration management before starting – this includes the CI types within scope and the attributes to be stored in the CMDB
• Creating configuration management policies, processes and procedures, and roles and responsibilities
• Integrating with other ITSM processes (and the enabling tools), including incident, service request, and change management
• Using fit-for-purpose tools for the automated discovery, identification, and classification of CIs
• Making the CMDB the single source of truth for CI data, including the relationships between CIs
• Standardizing configuration templates and profiles
• Leveraging automation for related tasks, including provisioning, change management, monitoring/tracking, and auditing
• Training everyone involved in the configuration management process
• Conducting regular audits to help ensure the accuracy and completeness of the CMDB
• Using continual improvement practices to improve configuration management practices

When looking to learn more about configuration management using ITSM best practices, you might come across the term “high-integrity CMDB.” (A CMDB definition is included in the FAQs section below.)

What is a high-integrity CMDB?

A high-integrity CMDB is a repository that stores information about all the CIs in an organization’s IT infrastructure. The term “high-integrity” denotes that the CMDB and configuration management practices ensure that the stored CI data is consistently maintained, accurate, up-to-date, and can effectively support ITSM practices.

These are some of the key attributes expected with a high-integrity CMDB:

• Accuracy – that the CI and service data within the CMDB accurately reflect the corporate IT environment
• Completeness – that details of all CIs and their attributes and relationships are sufficiently recorded
• Consistency – that CI information is consistently formatted
• Currency – that configuration management data is kept up-to-date with changes
• Automation – that automated discovery and update tools are used to keep configuration data current and accurate
• Reliability – that the CMDB acts as a trusted source of information
• Integration – that the CMDB integrates seamlessly with other ITSM tools and systems
• Auditability – that a history of changes allows for auditing and the tracking of changes
• Business stakeholder alignment – that the CMDB reflects the needs of various business stakeholders, including those outside of IT operations.

How to build a high-integrity CMDB from scratch

There are many steps required to build a high-integrity CMDB; these include:

• Defining the CMDB’s objectives and scope. What business needs and processes should the CMDB support? The scope also agrees the CIs that will be included.
• Planning and design. Create a data model for the CMDB’s structure, including the various CI types, attributes, and relationships. Plus, the data sources required.
• Establishing governance policies and procedures. This includes for CI data entry, updates, access control, and data quality management.
• Selecting a CMDB solution and CI discovery tools. Not only does the CMDB need to meet scope and data model requirements, but it must also integrate with existing ITSM tools.
• Data collection. Ideally, automated tools should be used to discover and populate the CMDB with CI data. However, manual data entry and importing will be necessary for some systems and data.
• Service mapping. Map IT services to the underlying CIs to understand the dependencies and to support impact analysis.
• Establishing data quality processes. To ensure the CMDB is accurate and up-to-date.
• Performance measurement. Employ key performance indicators (KPIs) to measure and improve the effectiveness and integrity of the CMDB and configuration management practices.

Configuration management is designed to support other ITSM practices and business processes rather than to simply collect and store CI data. Example use cases are:

• Security management, including identifying and managing vulnerabilities (thanks to CI configuration data, including patch levels) and implementing access controls.
• Incident management, including identifying the root cause analysis and assessing the impact of incidents on related services and CIs.
• Change management, including risk assessment for proposed changes and the planning and coordination of changes.
• Service level management, including monitoring the performance of services and service improvement.
• Capacity management, including helping in understanding IT resource utilization and planning for future capacity needs.
• Availability management, including analyzing service availability and implementing proactive measures to improve availability.
• IT governance, including audit and compliance and policy enforcement.
• Business continuity and disaster recovery, including recovery planning and assessing the potential impact of disasters on the IT environment and business operations.

The reality of modern IT operations means there might be a need for a portfolio of configuration management tools rather than simply one. For example, a fit-for-purpose ITSM tool will provide the ability to manage CIs in a CMDB. However, an organization might require additional discovery capabilities or tools designed to manage cloud environments in addition to the CIs in a physical data center. The tool or tools will also need to support various CI types as defined in the earlier CI examples. Configuration management tools will also need to be integrated with third-party solutions, especially when DevOps configuration management use cases are considered. For example:

• Git – a version control system for code change tracking
• Docker – for containerization management
• Terraform – for infrastructure-as-code-based management of cloud infrastructure

Plus, IT automation frameworks such as Ansible, Chef, Puppet, and Salt Stack.

Configuration management practices will continue to evolve, with the following six factors all contributing to the future of configuration management:

• Automation and AI adoption – automation will continue to play a significant role in configuration management, with AI-driven capabilities employed to streamline the configuration management process in areas such as anomaly detection and troubleshooting.
• Additional capabilities for cloud and hybrid environments – this includes the ability to seamlessly manage resources across various cloud service providers and platforms.
• Greater focus on security needs – there will be a greater emphasis on integrating security features directly into configuration management processes so that configurations comply with security policies from the outset.
• Continued DevOps integration – ITSM configuration management practices will continue to integrate more deeply with DevOps (and Agile) practices to support continuous delivery and deployment.
• Infrastructure as code growth – managing and provisioning infrastructure through code will expand further.
• A focus on sustainability – configuring IT environments to minimize energy consumption and carbon footprint.