The Ultimate Guide to Configuration Management

Configuration Management is the practice that helps you pull all the other IT Service Management (ITSM) processes together. In the days of ITIL v2, we explained it as the foundations of ITIL – something that could be used to base all the other processes on.

To do this, it provides a clear and reliable map of all the elements that operate in your IT landscape. Done well, it can be used to improve the performance of operational practices (like Incident and Change Management), support data-driven decision-making, and drive leaner, more efficient processes. 

In this article, we will go through all the processes that make up a complete Configuration Management strategy. We will also see what it looks like in action, what to look for in a Configuration Management tool, and how to easily implement the practice with InvGate Insight.

Let's get started.

What is Configuration Management?

So, what is Configuration Management? Let's start with the basics. This practice looks to ensure the assets required to deliver services are suitably controlled, and that all reliable and accurate information about them is available when and where needed. Within ITIL 4, it sits in the Service Management Practice section of the Service Value System.

The Configuration Management process has the following objectives:

• Identify, control, and adequately care for assets.
• Identify, control, record, report, audit, and verify services and other Configuration Items (CIs)
• Account for and manage, as well as protect, the integrity of CIs.
• Establish and maintain a Configuration Management System (CMS).
• Maintain accurate configuration information.
• Support efficient and effective Service Management processes.

This process takes the form of a Configuration Management Database or CMDB that contains accurate and up-to-date information about these Configuration Items and their relationships. 

Basically, Configuration Management is responsible for ensuring that all CIs are accounted for, and that accurate and reliable information about them and their CMDB connections is provided.   

Configuration Management vs. Change Management

Change Management (or Change Enablement if you live in an ITIL 4 world) is the process or practice that moves planned changes into the live production environment effectively, efficiently, and safely. 

Configuration Management, on the other hand, manages the CIs that makeup IT services. It can complement the first very well by providing relationship information on how different services fit together to help the Change Management team carry out impact assessments before change approval and scheduling.

Asset Management vs. Configuration Management  

Though they’re connected, IT Asset Management (ITAM) and Configuration Management are not the same.

• ITAM focuses on tracking and managing the entire lifecycle of IT assets, including hardware and software components used within the business. It manages activities such as procurement, deployment, maintenance, and disposal. 
  
  
• Configuration Management primarily focuses on managing and maintaining accurate information about CIs and their CMDB relationships. 

12 benefits of Configuration Management

The benefits of Configuration Management are:

1. Improved ITAM - A robust Configuration Management process contributes to more effective ITAM practices by providing the information, structure, workflows, and automation to help ITAM practitioners make efficiency savings.
   
   
2. Faster incident resolution - An effective CMDB also enables IT support teams to identify the root cause of incidents and resolve them faster.
   
   
3. More effective Change Management - As discussed above, this process is closely integrated with the Change Management practice. The information provided by the CMDB helps assess the impact of proposed changes, reducing the risk of unsuccessful changes, and minimizing service disruptions.
   
   
4. Improved service quality - Configuration Management ensures that all components and configurations required to deliver IT services are properly identified, documented, and controlled. This leads to greater service stability, as IT colleagues know exactly what makes up each service, making support practices quicker and easier.
   
   
5. Enhanced service design - The insights provided by this practice help IT teams understand the relationships between various components, which is crucial for making informed decisions regarding Availability and Capacity Management at the design phase of Service Management.
   
   
6. Support for Governance and Compliance - Configuration Management ensures that all changes are documented and tracked. This helps demonstrate compliance with regulations, standards, and internal policies during audits.
   
   
7. Better Risk Management - By clearly understanding IT assets' configuration, potential risks can be identified and managed proactively.  
   
   
8. Support for Knowledge Management - The CMDB can act as the starting point or a data feed into a knowledge base for IT colleagues, making sharing knowledge and information easier.
   
   
9. Improved automation and self-service - Having accurate configuration information supports automation and self-service capabilities. Automation can be applied more effectively when there is a clear understanding of how different components interact, and self-service can be more efficient when the CI information is already linked to colleague incidents and requests.
   
   
10. Facilitated version control - Configuration Management provides version control capabilities, enabling technicians, developers, and system administrators to manage different versions of configurations, software, and systems. This makes it possible to roll back changes or revert to a previous stable or last known good state if needed.
    
    
11. Support for Release and Deployment Management - Configuration Management can significantly speed up the release and deployment process. Automating the setup and configuration of software and systems reduces the risk of human error, and the deployment process is faster and more efficient.
    
    
12. Support for information security - The practice helps enforce security standards. Configurations can be set to comply with security best practices, which reduces the risk of security breaches and ensures the IT ecosystem is aligned with industry standards or regulations. 

IT Configuration Management plan

An effective Configuration Management practice relies on complete and reliable information, so it’s important to have a structured approach to it. A good plan will include the following steps:

• Purpose/objective - Describe how Configuration Management will be conducted throughout the service lifecycle and what you aim to achieve or improve with it. 
• Scope - Include which IT services will be under its control.
• Naming conventions - Make sure that every CI has a unique name or identifier so that it is easy to identify it quickly when trying to fix an incident or impact assess a change. 
• Baseline - Take a snapshot of the critical services and their key dependencies so that we know exactly what makes up the service. The purpose of a baseline is to take a measurable part of the service so that it can be added to a CMDB and act as a snapshot of the state of a service at a point in time.
• Relationship with Change Management - Reference your Change Management process in your configuration plan means that there are appropriate process steps in place to ensure that when anything is updated, it is reflected in the CMDB so that what you have in the tool matches precisely what you have in your production environment. 
• Status accounting - Ensure that the lifecycle stage of each CI is captured accurately. Status Accounting ensures that all CIs that comprise the service baseline or snapshot have been captured and all changes have been captured by Change Management and reflected in the CMS. 
• Verification activities - Include the routine checks that are part of other processes – for example, verifying the serial number of a desktop PC when a user logs an incident or checking that the version of software updated in a planned change has been added to the CMS. 
• Audit activities - Define a schedule and procedure for performing audits on established baselines, generating reports, and reviewing lessons learned. Ensure that you have a plan for communicating the outcome of audits to key stakeholders in the business, including the senior management team. Audits are vital to your Configuration Management process because they will help you confirm that the information captured in your database matches what is installed in your IT environment(s). 
• Roles and responsibilities - Configuration Management is a very detail-oriented practice, so capturing roles and responsibilities and ideally codifying them using a RACI chart is essential. Examples include configuration manager, analyst, and librarian.

What should Configuration Management tools provide?

Essentially, your Configuration Management tool houses your CMDB. Creating one on InvGate Insight is really simple. The tool includes a robust CMDB feature through its Business Application entity, but we’ll see that in more detail in just a minute. 

First, here are some key functionalities that a Configuration Management tool must include:

• CI Management - The tool should allow you to define and manage various Configuration Items, such as hardware, software, documentation, and services. It should provide a structured way to record and track each CI's attributes, relationships, and dependencies so you can easily visualize your IT environment.
  
  
• A CMDB - Of course, to do this it must include a central repository to store all configuration information, A.K.A. a CMDB. It should be easily searchable to quickly identify and find information.
  
  
• Configuration states - This functionality establishes and enforces desired configuration states for selected IT hardware or software CIs. This is done by using information security policies and automation. Deviations from a desired state are captured, and the appropriate team is alerted, allowing system administrators to investigate and remediate unauthorized change attempts.
  
  
• Version control - The ability to manage and track different versions of CIs, including changes, releases, and updates. This supports the effective lifecycle management of assets and CIs and tracks the evolution of CIs and the services they underpin.
  
  
• Change and Release Management - Change Management processes to ensure that changes to the configuration are appropriately documented, assessed, approved, and controlled. It will also help developers and support teams identify any issues quickly if a release is deployed with defects because everything can be traced back to accurate CI and service information.
  
  
• Incident and Request Management - Incident and request processes will ensure that CI information is automatically linked to user tickets, making it easier for technicians to investigate and resolve incidents or action service requests.
  
  
• Problem Management - Problem Management processes will help support teams diagnose issues, identify and understand root causes, and facilitate faster problem and known error resolution.
  
  
• Dependency mapping - The tool should allow IT support teams to visualize and manage dependencies between configuration items. This helps in understanding the impact of changes, identifying vital business functions when creating availability and capacity and service continuity plans, and identifying potential risks such as single points of failure.
  
  
• Automated discovery - Your Configuration Management tool should be able to automatically discover and gather information about CIs across the IT environment. This could include applications, servers, and network devices.
  
  
• Audit history and compliance - Detailed tracking of changes made to CIs, including which support team and individual made them and when to ensure that compliance with regulations and internal policies is maintained.
  
  
• APIs and Integrations - These allow the tool to integrate with other products and services, such as event monitoring solutions, automation platforms, and orchestration tools.
  
  
• Reporting and analytics - Reporting capabilities will help you generate insights into the state of your IT environment and ensure that your configuration management process adds value.  

How to build a CMDB on InvGate Insight

As we mentioned, you can build your CMDB on InvGate Insight through its Business Application entity. Basically, every Business Application represents a group of CIs and their relationships. 

To incorporate new CIs into the system, you have different options to choose from. 

• Assets: You can either install an Agent on them to report to your system, use the Network Discovery feature to scan your environment, or upload a csv file.
• Users: You can either add them manually or streamline this process with the InvGate Insight-Active Directory integration.
• Contracts: You can add them manually directly from the CMDB section.

To make this process easier, InvGate Insight also provides an intuitive diagram editor that allows users to visually represent the relationships between CIs within a Business Application. 

Then, once you have built your database, in the CMDB section you will find an overview of all Business Applications created. There you will be able to have a quick overview of your IT environment and their relationships, in order to look for information or activity and identify trends. The tool provides a chart that incorporates all the relevant CMDB data.

Finally, this section also displays the history of all changes made in the Business Application. In the realm of Change Management, this is extremely useful, as you can have all the changes documented in one place.

8 Configuration Management best practices

1. Establish a Configuration Management Policy. Create a clear and comprehensive policy outlining the objectives, scope, roles, and responsibilities of Configuration Management within the organization. We listed some of the key aspects to include in the section above, if you need more guidance. Don’t forget to communicate this policy to all relevant stakeholders to ensure alignment and understanding.
   
   
2. Define Configuration Items (CIs) and Relationships. Identify and define the CIs of the services that need to be managed. Establish the relationships between them and map out their dependencies so IT support teams can understand them.
   
   
3. Implement a CMDB. As you’ve probably understood by now, this one can’t be missed. Set up a centralized CMDB for all configuration data. This will act as the single source of the truth for IT colleagues when resolving incidents and assessing changes, so build-in activities to ensure that it is accessible, regularly updated, and maintained with accurate information.
   
   
4. Maintain Accuracy. Ensure your CMDB is accurate by building in the appropriate checks, such as having service desk analysts verify CI information and ensuring audits are carried out so that what is in the CMDB matches what is in the live environment.
   
   
5. Lean into automation. Use automation tools and scripts to streamline and automate configuration data collection, updating, and tracking. 
   
   
6. Use a lifecycle approach. Start Configuration Management from the early stages of development and continue it throughout the entire IT services and components lifecycle.
   
   
7. Protect your CI data. Protect the data housed in your CMDB by establishing data retention policies and implementing regular backups to prevent data loss due to major incidents or business continuity-type events.
   
   
8. Keep moving forward. Regularly review and improve processes based on feedback, lessons learned, and changing business needs.

Conclusion

Configuration Management is the process that helps you to manage the building blocks that make up your whole IT environment. As such, when implemented correctly, it sets the groundwork and supports all other IT operations across organizations. 

Building the CMDB is the basic Configuration Management procedure: it provides a centralized source of information about all CIs and their relationships. The most efficient way to do so is with an ITAM tool since it should provide you with an intuitive way to create the map and a clear way to visualize it and the information it includes. 

If you want to see how to start implementing Configuration Management in your organization with InvGate Insight, don’t hesitate to ask for our 30 day free trial! 

Frequently Asked Questions

Why is Configuration Management important? 

It helps you manage, control, and protect your estate. 

What is Software Configuration Management? 

Software Configuration Management (SCM) is a set of practices, processes, and tools used in software development to manage and control changes to software artifacts throughout their lifecycle. 

How are Change Management and Configuration Management related? 

Change Management enables configuration changes to be delivered into the live environment. Configuration Management supports it by providing the CI and relationship information to drive impact assessments. And, the other way round, Change Management supports Configuration Management by ensuring that the change owner updates the CMDB once the change has occurred to ensure configuration data remains accurate.

What is a Configuration Management database? 

A Configuration Management Database or CMDB is the central source of all Configuration Management information.

What are the basic principles for effective Configuration Management? 

The key principles are planning, identification, change control, status accounting, verification, and audit.

Why are processes needed in Configuration Management? 

Configuration Management needs structure and governance to be effective. Processes give the practice structure and transparency through verification and audit activity.

What is a Configuration Management system? 

A Configuration Management System or CMS is multiple CMDBs feeding into one central repository so that all configuration information from across your organization can be viewed in a single windowpane.

When should Configuration Management procedures be implemented? 

In an ideal world, as soon as possible! In the real world? When you have already implemented your service desk, Incident, Problem, Request, and Change Management practices, and you are looking at improving their performance.