• Full Name Full Name Comment goes here.
    Are you sure you want to
    Your message goes here
    Be the first to comment
No Downloads


Total Views
On Slideshare
From Embeds
Number of Embeds



Embeds 0

No embeds

Report content

Flagged as inappropriate Flag as inappropriate
Flag as inappropriate

Select your reason for flagging this presentation as inappropriate.

    No notes for slide


  • 1. Understanding the ITIL Trinity of Configuration, Change and Release Management June 28, 2007 2:00pm EDT, 11:00am PDT George Spafford, Principal Consultant Pepperweed Consulting, LLC “ Optimizing The Business Value of IT” www.pepperweed.com
  • 2. Housekeeping
    • Submitting questions to speaker
      • Submit question at any time by using the “Ask a question” section located on lower left-hand side of your console.
      • Questions about presentation content will be answered during 10 minute Q&A session at end of webcast.
    • Technical difficulties?
      • Click on “Help” button
      • Use “Ask a question” interface
  • 3. Main Presentation
  • 4. Agenda
    • The Trinity
    • Change Management
    • Configuration Management
    • Release Management
    • ITIL v3
    • For a copy of today’s webcast PPT, please email:
      • George at: [email_address]
      • Kendra at: [email_address]
  • 5. The Trinity
    • Change Management Is the set of standardized processes and tools used to handle change requests in order to support the business while managing risks. [Risk Management]
    • Release Management Uses formal controls and processes to ensure requirements are met and safeguard the production environment. [Quality Management]
    • Configuration Management Focuses on tracking and documenting configurations and then providing this information to other areas including Change and Release Management. [A combination of Knowledge Management and Information Broker]
    The three process areas must work together and share information.
  • 6. Change Management
  • 7. Human Error
    • Complexity is increasing, documentation is lacking, training is haphazard and there is an artisan mentality of learning on the job
    • All processes have a degree of inherent variation
    • Total Variation = Systemic + Human Error
    • You can reduce, but not eliminate human error
    • 80% of network availability incidents are caused by human error (IDC)
  • 8. Phase I: Ungoverned Change time Change rate Failed changes and/or Number of unauthorized changes Unplanned work (Unplanned work > 100%) Source: IT Process Institute, 2005 http://www.itpi.org
  • 9. Phase I: Stabilized Patient time Change rate Failed changes or Num of unauth chgs Unplanned work Source: IT Process Institute, 2005 http://www.itpi.org
  • 10. A Basic Change Management Process
    • Identify a potential change
    • Create Request For Change (RFC)
    • Seek Approval to Proceed
    • Plan the Change
      • Plan & Prepare
      • Test
      • Develop Rollback Plan
    • Peer Review
    • Seek Approval to Implement
    • Schedule the implementation
    • Negotiate if additional time is needed beyond defined window
    • Deploy the change
      • Rollback if needed
    • Review the next day to see if it installed as planned
    • Review in three months to determine outcomes
  • 11. Implement a Detective Control
    • To enforce the policy and drive cultural change, implement a detective control
    • At the outset, the rate of changes going through the process is often far smaller than the actual rate of changes going around the process
    • Integrity management systems specialize in monitoring key areas of systems for changes and reporting what is found
  • 12. Further Controls to Reinforce Change Management
    • Segregation of Duties – Protect key processes
      • Ex: Don’t allow developers access to production systems
    • Remove excessive permissions – limit rights to only those that are needed
      • Ex: Limit the number of system administrators and domain administrators to as few as possible and they should all be trusted parties.
    • Periodically audit production systems to the last known good build in order to identify configuration drift
      • Ex: Does the Oracle server still match the last known good state or were changes made that did not follow the defined process?
      • Highlights why an automated detective control can be so powerful
  • 13. Configuration Management
  • 14. Configuration Management Enables Integration
    • ITIL tells us that “Configuration Management provides a logical model of the infrastructure or a service by identifying, controlling, maintaining and verifying the versions of Configuration Items (CIs) in existence.”
    • Configuration Management provides information about CIs and their relationships to all the other processes
      • So Change Management can assess impacts
      • So Incident Management knows where to look next or who to notify
      • Etc.
    • The Configuration Management Database (CMDB) is the nerve center of IT
      • It relates all the data together, provides workflows, access to files, etc.
      • It can be one database or integrations into multiple sources (federated models)
    • The CMDB contains the data and processes that binds the ITSM processes, services and the organization together
  • 15. More Than Technology
    • Configuration Management is not just about technology
    • Need the right people
      • Culture
      • Tone from the Top
      • Training
      • Motivation
    • Need the right processes
      • Designed for the organization
      • Factoring in:
        • Organizational goals
        • Functional area objectives
        • Constraints
    • After you understand processes and requirements, then you need the right technology
    People Processes Technology Outcomes
  • 16. Configuration Items (CIs)
    • These are categories of data that you must track and are modeled using data tables
      • Hardware – PCs, Servers, Network Equipment, etc.
      • Software – Operating Systems, Applications, Tools, etc.
      • People – IT staff, business staff, vendors, etc.
      • Accommodations/Environment/Facilities – Locations, data centers, wiring closets, etc.
      • Data – tables, interfaces, etc.
      • Documentation – Policies, work instructions, SLAs, rollback plans, incident records, problem records, request for change, etc.
      • Services
        • Business Processes – sales, accounts receivable, etc.
        • IT Services – What IT provisions to enable the business
    • An ITIL “secret” is that nearly everything is a CI. The establishment of these CI-types, their attributes and relationships enable a logical model of IT
  • 17. Note – Never do Configuration Management First Either do Change and Configuration together or Change and then Configuration Management. Change Management must be present to control the updating of the CMDB
  • 18. Release Management
  • 19. What Is a Release?
    • A collection of authorized changes to an IT service
      • New services
      • Modifications to an existing service
      • Ending a service – sometimes decommissioning takes a lot of work and needs to be properly managed
    • Can contain new and revised hardware and software in three categories – Major, Minor and Emergency
    • Release Unit – describes the IT infrastructure portion that is released together
      • Hardware, Software, Documentation, Media, etc.
    • Type of Release
      • Full, Delta, Package
  • 20. Why Release Management Matters
    • 29% of projects delivered on-time with expected features, 53% were challenged and 18% outright failed outright 1
    • The majority of the causal factors are non-technical including:
      • Lack of project planning
      • Poor requirements definition
      • Correct stakeholders not involved, or not involved early enough
      • Poor communications
      • Insufficient management oversight
    • The Service Development Life Cycle (SDLC) and Project Management are part of Release Management
    1. “Third Quarter 2004 CHAOS Report”. The Standish Group.
  • 21. Release Management Provides Quality Assurance
    • Are the correct requirements identified?
      • Breadth and depth
    • Are the requirements met when tested?
      • What testing is needed? Unit, Integration, load?
    • Is the organization ready for the deployment?
      • Staffing, training
    • Can the release be deployed successfully?
      • Is there capacity? Is support ready? Is the business ready?
    • What did we just learn? (Post Implementation Reviews)
      • What went good? Bad?
      • What would we do again?
      • What would we change?
    • Plays an important role in regulatory compliance and security
      • All requirements need to be known, tested and deployed with a reasonable assurance of success
      • A great many Incident and Problems can be traced to human error that Change and Release Management can help safeguard against
  • 22. Major Release Mgt Activities
    • Roll-out Planning
    • Communication
    • Awareness
    • Training
    • Distribution
    • Installation
    • Beta Testing
    • Unit Testing
    • Integration Testing
    • Load Testing
    • Security Testing
    • User Acceptance Testing
    • Release Acceptance by Operations
    • Release Policy
    • Release Planning
    • Design, develop and/or buy services
    • Build and Configure the Release
    Preparation and Introduction to Production Testing & Approval Planning & Development
  • 23. Continuous Improvement is Key for All
    • Start and Learn
    • Evolve your processes over time
    • ITIL and process improvement are journeys – not destinations
    • Constantly strive to improve
    • Enable the organization to attain goals
    * Adapted from ITIL Service Support Graphic
  • 24. ITIL v3
    • Version three (ITIL v3) set was released on May 30th as planned
    • The core principles are the same
    • Five core books (11.4 pounds!) arranged as a lifecycle
      • Service Strategy
        • Value nets, adaptive strategies, managing uncertainty, strategy selection
      • Service Design
        • Policies, architecture, models, outsourcing
      • Service Transition
        • Transition Planning and Support
        • Change Management
        • Service Asset and Configuration Management
        • Release and Deployment Management
        • Service Validation and Testing
        • Evaluation
        • Knowledge Management
      • Service Operation
        • Incident and Problem Management, alerting, new functions
      • Continuous Service Improvement
        • Business cases, Portfolio Alignment, Metric selection
  • 25. Process References
    • For a definitive reference, see ITIL’s Service Support Volume http://www.itil.co.uk/
    • Microsoft’s Operations Framework http://www.microsoft.com/technet/itsolutions/cits/mo/smf
    • British Educational Communications and Technology Agency (BECTA) http://www.becta.org.uk/tsas
    • IT Process Institute’s Visible Ops Methodology http://www.itpi.org
    • PMI Project Management Body of Knowledge http://www.pmi.org
    • Projects in Controlled Environments version 2 (PRINCE2) http://www.prince2.org.uk/web/site/home/Home.asp
    • For additional material, use Google and search on keywords such as
      • “ SDLC template”
      • “ Project Management template”
      • “ Release Management template”
      • “ Release Plan”
      • “ Rollout Plan”
      • “ Fallback Plan”
  • 26. Thank you for the privilege of facilitating this webcast George Spafford Principal Consultant Pepperweed Consulting Optimizing the Value of IT [email_address] http://www.pepperweed.com Daily News Archive and Subscription Instructions http://www.spaffordconsulting.com/dailynews.html
  • 27. Questions?
  • 28. Thank you again for attending If you have any further questions, e-mail [email_address] For future ITSM Watch Webcasts, visit www.jupiterwebcasts.com/itsm