Original post in Brazillian portuguese by Emerson Dorow. He authorized me to post in english language.
http://www.profissionaisti.com.br/2009/04/gestao-de-configuracao-x-gestao-de-mudancas/
Configuration Management without an effective Change Management is not effective, and over time, your database configuration will be “stuck”.
The Configuration Management is responsible for the registration and updating the configuration items base (hardware, software, documentation) and their relationships. Something like the asset base, but the CMDB (Configuration Management Database) contains the relationships between the configuration items. Having a CMDB it is possible to know that the John’s Desktop connects to the Internet, through the HUB XY, which is connected to Switch XYZ which in turn is connected to the firewall (which has the documentation KJ) before going to the router. Would be perceived as easy to determine the “root cause” of John not being able to access the Internet? However, for a CMDB that guarantees any modification of a configuration item is replicated at the base, is extremely important to have a process of Change Management already in operation.
The mission of Change Management is to ensure that any changes that may affect the infrastructure are made in a controlled manner, and also that this change is reflected in the CMDB. A password change, despite it being a change is not necessary to go through an approval, right? And yes to be resolved by the management of incidents.
You may have witnessed or heard something about a software upgrade or hardware replacement that hadn’t the desired success and the company has located stopped? Your boss is not very happy with that, right?
Believe, this is common, even knowing the risks that such maintenance in not appropriate moments may cause some risks.
The process of change management works as follows: for example, you need to replace a hard drive of your server database in this case you would fill a change request and send to the Change Management Committee, which is daily to evaluate and approve or not these changes. This committee would assess the impact (who would be affected) of this exchange of HD, the risks, time, responsible, what procedures would be implemented if the change did not occur as expected and more. Who participates in this committee? Several people may attend: IT Manager, users, people of IT staff and so on.
The important thing is to assess the risks if a change not works and what to do so that the environment returns operating as soon as possible with no impact to the business. In cases of emergency, there is the concept of Change Emergency Committee, where a group of people meets in cases where it can wait 1 day to release something. In large corporations, there are technical staff who only work to implement the changes
Returning to Configuration Management, the information that is relevant to be in a CMDB depend on the needs of your organization. Start by setting the equipment that will be part of the scope, after that set what level of detail you will need. Remember: The more detailed the configuration items are the more you will have to register but it will take longer, and is more difficult to maintain. If the configuration items are few detailed, you will not have much information, but it will be easier to maintain. I suggest maintaining a level of detail where most of the equipment you get the information through a script or automated software, but depending on the amount of equipment, you can take months to register all that hassle, this could be harsh.
Again, prior to implementing the configuration management you must have a robust Change Management, so that to any change in configuration item there is a responsible and prudent to update the CMDB or this can be done automatically. For if at some point you or someone realize that the CMDB is outdated, will cause distrust and every register needs to be checked and/or redone. Periodic audits at CMDB are also important to test the reliability of the base.
Remember, the ITIL is here to organize and manage the IT environment, it sometimes seems next to “bureaucratic” and makes life difficult for IT staff and users. Convincing the board that this is important and necessary is the first step to implement ITIL, second, create a culture among the staff and users. Over time the benefits will appear.
Thanks!
