ENTERPRISE MANAGEMENT ASSOCIATES®
Analyst Corner
July 2007 Analyst’s Corner
Achieving IT Infrastructure Clarity with Systems Change and Configuration Management
IT managers often have blurred vision when it comes to visualizing the details of their existing IT Infrastructure. This is quite understandable given the complexity of today’s system and network topologies, the variety of applications and tools, and the ever increasing demands placed on them through business needs and requirements. Even if they had the time to extensively review their environments—which they don’t—the sheer magnitude of system, network and application configuration files and settings makes even a cursory review impractical, if not impossible. As a result, they lack the control necessary to ensure IT stability and cost effectiveness. Only through utilizing the practices inherent in Systems Change and Configuration Management (Systems CCM) can IT infrastructures be brought into focus and provide effective solutions for today’s IT challenges.
At the core of the problem is the massive amount of configuration data inherent in an IT support stack. Consider the number of settings found in configuration files for the operating system, networking, security, databases, applications, and a myriad of other resources and tools necessary to support business requirements on a single server – then multiply this by the number of servers in an IT infrastructure. Further, each of the individual configuration elements needs to be set specifically for the environment and use for which it is intended. Even default setting are unreliable as vendors intend these for only the broadest of uses, so customization is necessary to ensure viability to a particular utilization. Researching how best to set configuration settings is often difficult and extremely time consuming.
Even after establishing a standard for configurations, the environment must be monitored for any changes to them that may adversely affect performance. How much an environment changes over time in an uncontrolled manner is called “configuration drift.” Enterprise Management Associates (EMA) has determined that, on average, over 60% of critical system and application outages are caused by faulty changes to the environment, so IT implementations that have developed significant configuration drift are greatly at risk for outages and likely experiencing performance degradation.
In an effort to stem the tide of uncontrolled IT environments, businesses and institutions have established corporate, industry, and regulatory compliance mandates to ensure IT reliability. Unfortunately, however, this has added significantly to the IT workload, so it’s no wonder IT professionals that employ traditional methods of IT administration have become frustrated and overworked to the point of needing to provide evening and weekend out-of-hours support just to maintain stability. Worse, the support they provide is often reactive “firefighting” and allows little time for proactive problem identification that could prevent additional failures from occurring.
Fortunately, systems change and configuration management solutions have been developed that specifically address these support issues. Although the wide range of today’s CCM products offer a great deal of variety both in depth and breadth of support, at the core they all provide a common basic set of functionality – collect configuration data for IT components, store them in a centralized location, and generate reports on the status of the environment. Commonly, the data collection and report generation is performed through the use of automation. By utilizing this functionality, IT managers are provided with a simple interface for determining the health of the IT infrastructure, and administrators gain a valuable tool for quickly identifying failures and potential problems.
Many tools take this a step further and can report on any configuration changes, either through scheduled periodic scans of the IT components or by continuously monitoring for change to ensure compliance with an established configuration standard. By promptly identifying when a change occurs, IT managers can quickly determine if it is authorized, appropriate, and consistent with established policies, thus preventing IT failures and gaining control over the environment.
Another advantage to automated reporting is easing the process of regulatory compliance. If a report is customized for a particular business policy (i.e. SOX, HIPAA, CIS, etc.), proof of compliance can easily be provided with little impact on IT support staff. Remediation of components not in compliance is also simplified since identification of the root cause can often be quickly established by identifying incorrect configuration settings or inappropriate changes.
Systems change and configuration management solutions are the key to establishing control over today’s complex IT infrastructures, and automated tools provide the clarity necessary for IT managers to oversee the continual health, viability, and cost-effectiveness of a support stack, ensuring business IT needs and requirements are successfully met.
