Configuration management

Last updated

Top level Configuration Management Activity model ConfiurationActivityModel.png
Top level Configuration Management Activity model

Configuration management (CM) is a management process for establishing and maintaining consistency of a product's performance, functional, and physical attributes with its requirements, design, and operational information throughout its life. [1] [2] The CM process is widely used by military engineering organizations to manage changes throughout the system lifecycle of complex systems, such as weapon systems, military vehicles, and information systems. Outside the military, the CM process is also used with IT service management as defined by ITIL, and with other domain models in the civil engineering and other industrial engineering segments such as roads, bridges, canals, dams, and buildings. [3] [4] [5]

Contents

Introduction

CM applied over the life cycle of a system provides visibility and control of its performance, functional, and physical attributes. CM verifies that a system performs as intended, and is identified and documented in sufficient detail to support its projected life cycle. The CM process facilitates orderly management of system information and system changes for such beneficial purposes as to revise capability; improve performance, reliability, or maintainability; extend life; reduce cost; reduce risk and liability; or correct defects. The relatively minimal cost of implementing CM is returned manyfold in cost avoidance. The lack of CM, or its ineffectual implementation, can be very expensive and sometimes can have such catastrophic consequences such as failure of equipment or loss of life.

CM emphasizes the functional relation between parts, subsystems, and systems for effectively controlling system change. It helps to verify that proposed changes are systematically considered to minimize adverse effects. Changes to the system are proposed, evaluated, and implemented using a standardized, systematic approach that ensures consistency, and proposed changes are evaluated in terms of their anticipated impact on the entire system. CM verifies that changes are carried out as prescribed and that documentation of items and systems reflects their true configuration. A complete CM program includes provisions for the storing, tracking, and updating of all system information on a component, subsystem, and system basis. [6]

A structured CM program ensures that documentation (e.g., requirements, design, test, and acceptance documentation) for items is accurate and consistent with the actual physical design of the item. In many cases, without CM, the documentation exists but is not consistent with the item itself. For this reason, engineers, contractors, and management are frequently forced to develop documentation reflecting the actual status of the item before they can proceed with a change. This reverse engineering process is wasteful in terms of human and other resources and can be minimized or eliminated using CM.

History

Configuration Management originated in the United States Department of Defense in the 1950s as a technical management discipline for hardware material items—and it is now a standard practice in virtually every industry. The CM process became its own technical discipline sometime in the late 1960s when the DoD developed a series of military standards called the "480 series" (i.e., MIL-STD-480, MIL-STD-481 and MIL-STD-483) that were subsequently issued in the 1970s. In 1991, the "480 series" was consolidated into a single standard known as the MIL–STD–973 that was then replaced by MIL–HDBK–61 pursuant to a general DoD goal that reduced the number of military standards in favor of industry technical standards supported by standards developing organizations (SDO). [7] This marked the beginning of what has now evolved into the most widely distributed and accepted standard on CM, ANSI–EIA–649–1998. [8] Now widely adopted by numerous organizations and agencies, the CM discipline's concepts include systems engineering (SE), Integrated Logistics Support (ILS), Capability Maturity Model Integration (CMMI), ISO 9000, Prince2 project management method, COBIT, ITIL, product lifecycle management, and Application Lifecycle Management. Many of these functions and models have redefined CM from its traditional holistic approach to technical management. Some treat CM as being similar to a librarian activity, and break out change control or change management as a separate or stand alone discipline.

Overview

CM is the practice of handling changes systematically so that a system maintains its integrity over time. CM implements the policies, procedures, techniques, and tools that manage, evaluate proposed changes, track the status of changes, and maintain an inventory of system and support documents as the system changes. CM programs and plans provide technical and administrative direction to the development and implementation of the procedures, functions, services, tools, processes, and resources required to successfully develop and support a complex system. During system development, CM allows program management to track requirements throughout the life-cycle through acceptance and operations and maintenance. As changes inevitably occur in the requirements and design, they must be approved and documented, creating an accurate record of the system status. Ideally the CM process is applied throughout the system lifecycle. Most professionals mix up or get confused with Asset management (AM, see also ISO/IEC 19770), where it inventories the assets on hand. The key difference between CM and AM is that the former does not manage the financial accounting aspect but on service that the system supports or in other words, that the later (AM) is trying to realize value from an IT asset. [9] [10] [11]

The CM process for both hardware- and software-configuration items comprises five distinct disciplines as established in the MIL–HDBK–61A [12] and in ANSI/EIA-649. Members of an organization interested in applying a standard change-management process will employ these disciplines as policies and procedures for establishing baselines, manage and control change, and monitor and assess the effectiveness and correctness of progress. The IEEE 12207 process IEEE 12207.2 also has these activities and adds "Release management and delivery". The five disciplines are:

  1. CM Planning and Management: a formal document and plan to guide the CM program that includes items such as:
    • Personnel
    • Responsibilities and resources
    • Training requirements
    • Administrative meeting guidelines, including a definition of procedures and tools
    • Baselining processes
    • Configuration control and configuration-status accounting
    • Naming conventions
    • Audits and reviews
    • Subcontractor/vendor CM requirements
  2. Configuration Identification (CI): consists of setting and maintaining baselines, which define the system or subsystem architecture, components, and any developments at any point in time. It is the basis by which changes to any part of a system are identified, documented, and later tracked through design, development, testing, and final delivery. CI incrementally establishes and maintains the definitive current basis for Configuration Status Accounting (CSA) of a system and its configuration items (CIs) throughout their lifecycle (development, production, deployment, and operational support) until disposal.
  3. Configuration Control: includes the evaluation of all change-requests and change-proposals, and their subsequent approval or disapproval. It covers the process of controlling modifications to the system's design, hardware, firmware, software, and documentation.
  4. Configuration Status Accounting: includes the process of recording and reporting configuration item descriptions (e.g., hardware, software, firmware, etc.) and all departures from the baseline during design and production. In the event of suspected problems, the verification of baseline configuration and approved modifications can be quickly determined.
  5. Configuration Verification and Audit: an independent review of hardware and software for the purpose of assessing compliance with established performance requirements, commercial and appropriate military standards, and functional, allocated, and product baselines. Configuration audits verify that the system and subsystem configuration documentation complies with the functional and physical performance characteristics before acceptance into an architectural baseline.

Software

The software configuration management (SCM) process is looked upon by practitioners as the best solution to handling changes in software projects. It identifies the functional and physical attributes of software at various points in time, and performs systematic control of changes to the identified attributes for the purpose of maintaining software integrity and traceability throughout the software development life cycle.

The SCM process further defines the need to trace changes, and the ability to verify that the final delivered software has all of the planned enhancements that are supposed to be included in the release. It identifies four procedures that must be defined for each software project to ensure that a sound SCM process is implemented. They are:

  1. Configuration identification
  2. Configuration control
  3. Configuration status accounting
  4. Configuration audits

These terms and definitions change from standard to standard, but are essentially the same.

Configuration management database

ITIL specifies the use of a configuration management system (CMS) or configuration management database (CMDB) as a means of achieving industry best practices for Configuration Management. CMDBs are used to track Configuration Items (CIs) and the dependencies between them, where CIs represent the things in an enterprise that are worth tracking and managing, such as but not limited to computers, software, software licenses, racks, network devices, storage, and even the components within such items. CMS helps manage a federated collection of CMDBs.

The benefits of a CMS/CMDB includes being able to perform functions like root cause analysis, impact analysis, change management, and current state assessment for future state strategy development.

Configuration Management (CM) is an ITIL-specific ITSM process that tracks all of the individual CIs in an IT system which may be as simple as a single server, or as complex as the entire IT department. In large organizations a configuration manager may be appointed to oversee and manage the CM process. In ITIL version 3, this process has been renamed as Service Asset and Configuration Management.

Information assurance

For information assurance, CM can be defined as the management of security features and assurances through control of changes made to hardware, software, firmware, documentation, test, test fixtures, and test documentation throughout the life cycle of an information system. [13] [ better source needed ] CM for information assurance, sometimes referred to as secure configuration management (SCM), relies upon performance, functional, and physical attributes of IT platforms and products and their environments to determine the appropriate security features and assurances that are used to measure a system configuration state. For example, configuration requirements may be different for a network firewall that functions as part of an organization's Internet boundary versus one that functions as an internal local network firewall.

Maintenance systems

Configuration management is used to maintain an understanding of the status of complex assets with a view to maintaining the highest level of serviceability for the lowest cost. Specifically, it aims to ensure that operations are not disrupted due to the asset (or parts of the asset) overrunning limits of planned lifespan or below quality levels.

In the military, this type of activity is often classed as "mission readiness", and seeks to define which assets are available and for which type of mission; a classic example is whether aircraft on board an aircraft carrier are equipped with bombs for ground support or missiles for defense.

Operating system configuration management

Configuration management can be used to maintain OS configuration files. [14] Many of these systems utilize Infrastructure as Code to define and maintain configuration. [15]

The Promise theory of configuration maintenance was developed by Mark Burgess, [16] [17] [18] with a practical implementation on present day computer systems in the software CFEngine able to perform real time repair as well as preventive maintenance.

Preventive maintenance

Understanding the "as is" state of an asset and its major components is an essential element in preventive maintenance as used in maintenance, repair, and overhaul and enterprise asset management systems.

Complex assets such as aircraft, ships, industrial machinery etc. depend on many different components being serviceable. This serviceability is often defined in terms of the amount of usage the component has had since it was new, since fitted, since repaired, the amount of use it has had over its life and several other limiting factors. Understanding how near the end of their life each of these components is has been a major undertaking involving labor-intensive record keeping until recent developments in software.

Predictive maintenance

Many types of component use electronic sensors to capture data which provides live condition monitoring. This data is analyzed on board or at a remote location by computer to evaluate its current serviceability and increasingly its likely future state using algorithms which predict potential future failures based on previous examples of failure through field experience and modeling. This is the basis for "predictive maintenance".

Availability of accurate and timely data is essential in order for CM to provide operational value and a lack of this can often be a limiting factor. Capturing and disseminating the operating data to the various support organizations is becoming an industry in itself.

The consumers of this data have grown more numerous and complex with the growth of programs offered by original equipment manufacturers (OEMs). These are designed to offer operators guaranteed availability and make the picture more complex with the operator managing the asset but the OEM taking on the liability to ensure its serviceability.

Standards

A number of standards support or include configuration management, [19] including:

Guidelines

Construction

More recently[ when? ] configuration management has been applied to large construction projects which can often be very complex and have a huge number of details and changes that need to be documented. Construction agencies such as the Federal Highway Administration have used configuration management for their infrastructure projects. [32] There are construction-based configuration management tools that aim to document change orders and RFIs in order to ensure a project stays on schedule and on budget. These programs can also store information to aid in the maintenance and modification of the infrastructure when it is completed. One such application, CCSNet, was tested in a case study funded by the Federal Transportation Administration (FTA) in which the efficacy of configuration management was measured through comparing the approximately 80% complete construction of the Los Angeles County Metropolitan Transit Agency (LACMTA) first and second segments of the Red Line, a $5.3 billion rail construction project. This study yielded results indicating a benefit to using configuration management on projects of this nature. [33]

See also

Related Research Articles

<span class="mw-page-title-main">Software architecture</span> High level structures of a software system

Software architecture is the set of structures needed to reason about a software system and the discipline of creating such structures and systems. Each structure comprises software elements, relations among them, and properties of both elements and relations.

Software configuration management (SCM), a.k.a. software change and configuration management (SCCM), is the software engineering practice of tracking and controlling changes to a software system; part of the larger cross-disciplinary field of configuration management (CM). SCM includes version control and the establishment of baselines.

ISO/IEC/IEEE 12207Systems and software engineering – Software life cycle processes is an international standard for software lifecycle processes. First introduced in 1995, it aims to be a primary standard that defines all the processes required for developing and maintaining software systems, including the outcomes and/or activities of each process.

Information technology service management (ITSM) are the activities performed by an organization to design, build, deliver, operate and control IT services offered to customers.

In the context of software engineering, software quality refers to two related but distinct notions:

In configuration management, a baseline is an agreed description of the attributes of a product, at a point in time, which serves as a basis for defining change. A change is a movement from this baseline state to a next state. The identification of significant changes from the baseline state is the central purpose of baseline identification.

The term configuration item (CI) refers to the fundamental structural unit of a configuration management system. Examples of CIs include individual hardware or software components. The configuration-management system oversees the life of the CIs through a combination of processes and tools by implementing and enabling the fundamental elements of identification, change management, status accounting, and audits. This system aims to avoid the introduction of errors related to lack of testing as well as of incompatibilities with other CIs.

A configuration management database (CMDB) is an ITIL term for a database used by an organization to store information about hardware and software assets. It is useful to break down configuration items into logical layers. This database acts as a data warehouse for the organization and also stores information regarding the relationships among its assets. The CMDB provides a means of understanding the organization's critical assets and their relationships, such as information systems, upstream sources or dependencies of assets, and the downstream targets of assets.

Software safety is an engineering discipline that aims to ensure that software, which is used in safety-related systems, does not contribute to any hazards such a system might pose. There are numerous standards that govern the way how safety-related software should be developed and assured in various domains. Most of them classify software according to their criticality and propose techniques and measures that should be employed during the development and assurance:

The ISO/IEC 15288Systems and software engineering — System life cycle processes is a technical standard in systems engineering which covers processes and lifecycle stages, developed by the International Organization for Standardization (ISO) and the International Electrotechnical Commission (IEC). Planning for the ISO/IEC 15288:2002(E) standard started in 1994 when the need for a common systems engineering process framework was recognized.

The change request management process in systems engineering is the process of requesting, determining attainability, planning, implementing, and evaluating of changes to a system. Its main goals are to support the processing and traceability of changes to an interconnected set of factors.

Software asset management (SAM) is a business practice that involves managing and optimizing the purchase, deployment, maintenance, utilization, and disposal of software applications within an organization. According to ITIL, SAM is defined as “…all of the infrastructure and processes necessary for the effective management, control, and protection of the software assets…throughout all stages of their lifecycle.” Fundamentally intended to be part of an organization's information technology business strategy, the goals of SAM are to reduce information technology (IT) costs and limit business and legal risk related to the ownership and use of software, while maximizing IT responsiveness and end-user productivity. SAM is particularly important for large corporations regarding redistribution of licenses and managing legal risks associated with software ownership and expiration. SAM technologies track license expiration, thus allowing the company to function ethically and within software compliance regulations. This can be important for both eliminating legal costs associated with license agreement violations and as part of a company's reputation management strategy. Both are important forms of risk management and are critical for large corporations' long-term business strategies.

Aldon is a business unit of Rocket Software. It develops, manufactures, licenses and supports software change management products for the enterprise application lifecycle management (ALM) and software change management (SCM) markets.

In computer engineering, a physical configuration audit (PCA) is the formal examination of the "as-built" configuration of a configuration item (CI) against its technical documentation to establish or verify the CI's product baseline. The PCA is used to examine the actual configuration of the CI that is representative of the product configuration, in order to verify that the related design documentation matches the design of the deliverable CI. It is also used to validate many of the supporting processes that the contractor uses in the production of the CI. This is also used to verify that any elements of the CI that were redesigned after the completion of the functional configuration audit also meet the requirements of the CI's performance specification. Additional PCAs may be accomplished later during CI production if circumstances such as the following apply:

An ITIL Visual Configuration Management Database is a series of spreadsheet applications that integrates the CMDB with Change Management and Service Level Management. A Visual CMDB provides a unified view of IT infrastructure in a visual representation. This common view is a cornerstone for implementing a successful Configuration Management process.

ISO 26262, titled "Road vehicles – Functional safety", is an international standard for functional safety of electrical and/or electronic systems that are installed in serial production road vehicles, defined by the International Organization for Standardization (ISO) in 2011, and revised in 2018.

<span class="mw-page-title-main">Definitive media library</span>

A definitive media library is a secure information technology repository in which an organisation's definitive, authorised versions of software media are stored and protected. Before an organisation releases any new or changed application software into its operational environment, any such software should be fully tested and quality assured. The definitive media library provides the storage area for software objects ready for deployment and should only contain master copies of controlled software media configuration items (CIs) that have passed appropriate quality assurance checks, typically including both procured and bespoke application and gold build source code and executables. In the context of the ITIL best practice framework, the term definitive media library supersedes the term definitive software library referred to prior to version ITIL v3.

ISO 10007 "Quality management — Guidelines for configuration management" is the ISO standard that gives guidance on the use of configuration management within an organization. "It is applicable to the support of products from concept to disposal." The standard was originally published in 1995, and was updated in 2003 and 2017. Its guidance is specifically recommended for meeting "the product identification and traceability requirements" introduced in ISO 9001:2015 and AS9100 Rev D.

ANSI/EIA-649, "National Consensus Standard for Configuration Management", is an industry standard for configuration management.

Requirements engineering tools are usually software products to ease the requirements engineering (RE) processes and allow for more systematic and formalized handling of requirements, change management and traceability.

References

  1. "MIL-HDBK-61A, ""Military Handbook: Configuration Management Guidance". Department of Defense. 7 February 2001. Archived from the original on 20 March 2012. Retrieved 24 March 2012.
  2. "ANSI/EIA-649B, ""National Consensus Standard for Configuration Management". TechAmerica. 1 April 2011. Archived from the original on 1 August 2012. Retrieved 24 March 2012.
  3. "History and Heritage of Civil Engineering". ASCE . Archived from the original on 16 February 2007. Retrieved 8 August 2007.
  4. "Institution of Civil Engineers What is Civil Engineering" (PDF). ICE . Archived from the original (PDF) on 23 September 2006. Retrieved 22 September 2007.
  5. "Configuration Management and the Federal Transportation Administration (FTA) National Lessons Learned Program". Federal Transportation Administration. Archived from the original on 7 September 2012. Retrieved 22 September 2007.
  6. "Systems Engineering Fundamentals" (PDF). Defense Acquisition University Press. January 2001. Archived from the original (PDF) on 11 February 2006. Retrieved 25 March 2012.
  7. "Memorandum, Specifications and Standards – A New Way of Doing Business". Secretary of Defense. 29 June 1994. Archived from the original on 21 October 2013. Retrieved 23 March 2012.
  8. "Configuration Management Compliance Validation: Critical Review and Technology Assessment(CR/TA)Report" (PDF). Defense Technical Information Center. Archived (PDF) from the original on 9 October 2022. Retrieved 14 May 2001.
  9. Atlassian. "Guide to configuration management databases (CMDBs)". Atlassian. Retrieved 20 July 2021.
  10. Galusha, C. (June 2001). "Getting started with IT asset management". IT Professional. 3 (3): 37–40. doi:10.1109/6294.939973.
  11. "The ISO 19770-1 standard: A guide to implementing IT asset management". The SHI Hub. 30 January 2018. Retrieved 20 July 2021.
  12. "Military Handbook: Configuration Management Guidance" (PDF). Department of Defense: United States of America. p. iii–iv. Retrieved 21 July 2016. 4. CM LIFE CYCLE MANAGEMENT AND PLANNING [...] 5. CONFIGURATION IDENTIFICATION [...] 6. CONFIGURATION CONTROL [...] 7. CONFIGURATION STATUS ACCOUNTING [...] 8. CONFIGURATION VERIFICATION AND AUDIT [...] 9. DATA MANAGEMENT [...]
  13. National Information Systems Security Glossary
  14. C. Lueninghoener. "Getting Started with Configuration Management. ;login: issue: April 2011, Volume 36, Number 2" (PDF). Archived (PDF) from the original on 9 October 2022. Retrieved 23 November 2012.
  15. Loschwitz, Martin (14 November 2014). "Choosing between the leading open source configuration managers". Admin Network & Security. Lawrence, Kansas: Linux New Media USA LLC.
  16. M. Burgess, Cfengine: a site configuration engine, USENIX Computing systems, Vol8, No. 3 1995
  17. M. Burgess, On the theory of system administration, Science of Computer Programming 49, 2003. p1-46 pdf Archived 24 July 2011 at the Wayback Machine
  18. M. Burgess, Configurable immunity for evolving human-computer systems, Science of Computer Programming 51 2004, p197-213 pdf Archived 3 March 2012 at the Wayback Machine
  19. "NISTIR 7339 Analysis of Standards for Lifecycle Management of Systems for US Army" (PDF). National Institute of Standards and Technology. August 2006. Archived from the original (PDF) on 21 December 2016. Retrieved 25 November 2015.
  20. "ASSIST-QuickSearch - Basic Profile". 27 September 2011. Archived from the original on 27 September 2011.
  21. 1 2 [ dead link ]
  22. "Standards for CM | Institute of Configuration Management". 2 May 2012. Archived from the original on 2 May 2012.
  23. "Configuration Management Standards: an extensive list of CM and related industry standards". CMPIC - The Configuration Management Process Improvement Center.
  24. "ECSS-M-ST-40C Rev.1 – Configuration and information management (6 March 2009) | European Cooperation for Space Standardization". ecss.nl.
  25. "IEEE 828-2012 - IEEE Standard for Configuration Management in Systems and Software Engineering". IEEE .
  26. "ISO 10007:2017(en) Quality management — Guidelines for configuration management". iso.org. Retrieved 29 November 2023.
  27. "ASSIST-QuickSearch Document Details". Quicksearch.dla.mil. Retrieved 28 August 2022.
  28. "ASSIST-QuickSearch Document Details". Quicksearch.dla.mil. Retrieved 28 August 2022.
  29. "Defense Acquisition Guidebook [DAG]". 13 February 2013. Archived from the original on 13 February 2013.
  30. "Archived copy" (PDF). www.dau.mil. Archived from the original (PDF) on 31 January 2017. Retrieved 11 January 2022.{{cite web}}: CS1 maint: archived copy as title (link)
  31. "Configuration Management Plan". AcqNotes.
  32. "Configuration Management for Transportation Management Systems Handbook". Federal Highway Administration. Retrieved 28 March 2012.
  33. "Configuration Management Case Study". PACO Technologies, Inc. Archived from the original on 26 August 2016. Retrieved 28 March 2012.
This page is based on this Wikipedia article
Text is available under the CC BY-SA 4.0 license; additional terms may apply.
Images, videos and audio are available under their respective licenses.