Successfully reported this slideshow.
We use your LinkedIn profile and activity data to personalize ads and to show you more relevant ads. You can change your ad preferences anytime.

AWS_asset_configuration_management_whitepaper

903 views

Published on

  • Be the first to comment

AWS_asset_configuration_management_whitepaper

  1. 1. ITIL Asset and Configuration Management in the Cloud An AWS Cloud Adoption Framework Addendum September 2015 A Joint Whitepaper with Minjar Cloud Solutions
  2. 2. ITIL Asset and Configuration Management in the Cloud September 2015 Page 2 of 19 © 2015, Amazon Web Services, Inc. or its affiliates. All rights reserved. Notices This document is provided for informational purposes only. It represents AWS’s current product offerings and practices as of the date of issue of this document, which are subject to change without notice. Customers are responsible for making their own independent assessment of the information in this document and any use of AWS’s products or services, each of which is provided “as is” without warranty of any kind, whether express or implied. This document does not create any warranties, representations, contractual commitments, conditions or assurances from AWS, its affiliates, suppliers or licensors. The responsibilities and liabilities of AWS to its customers are controlled by AWS agreements, and this document is not part of, nor does it modify, any agreement between AWS and its customers.
  3. 3. ITIL Asset and Configuration Management in the Cloud September 2015 Page 3 of 19 Contents Contents....................................................................................................................3 Abstract.....................................................................................................................3 Introduction..............................................................................................................4 What is ITIL? .................................................................................................................. 4 What is the AWS Cloud Adoption Framework? ............................................................. 5 Asset and Configuration Management in ITIL ........................................................7 Value to business of asset and configuration management.................................... 8 Impact of Asset & Configuration Management Processes on Financial Management ............................................................................................................ 9 Best Practice for Asset and Configuration Management .......................................10 Challenges of Establishing CMDB for a Cloud deployment of IT..........................13 AWS Config: The Configuration Management Inventory for the Cloud Resources .................................................................................................................................14 Conclusion ..............................................................................................................18 Contributors............................................................................................................19 Notes .......................................................................................................................19 Abstract Many enterprises have successfully migrated some of their on-premises IT workloads to the cloud. An enterprise must also deploy an IT Service Management (ITSM) framework so it can efficiently and effectively operate those IT capabilities. This whitepaper outlines best practices for asset and configuration management in a hybrid cloud environment using Amazon Web Services (AWS).
  4. 4. ITIL Asset and Configuration Management in the Cloud September 2015 Page 4 of 19 Introduction This whitepaper is for IT Service Management (ITSM) professionals who support a hybrid cloud environment that uses AWS., The focus is on Asset and Configuration Management, a core chapter of the Service Transition volume of the IT Infrastructure Library (ITIL). Many AWS enterprise customers have successfully integrated their cloud strategy with their ITIL-based IT service management practices. This whitepaper provides you with background in the following areas:  Asset and Configuration Management in ITIL  The AWS Cloud Adoption Framework  Cloud-Specific Asset and Configuration Management Best Practices What is ITIL? The IT Infrastructure Library (ITIL) Framework managed by AXELOS Limited, defines a commonly-used, best-practice approach to IT Service Management (ITSM). Building upon ISO/IEC 20000, which provides a, “formal and universal standard for organizations seeking to have their ITSM capabilities audited and certified”1, the ITIL Framework goes one step further to propose operational processes required to deliver the standard. At its core, ITIL is composed of 5 volumes that describe the entire ITSM lifecycle as defined by AXELOS: ITIL Volume Description Service Strategy Describes how to design, develop and implement service management as a strategic asset Service Design Describes how to design and develop services and service management processes
  5. 5. ITIL Asset and Configuration Management in the Cloud September 2015 Page 5 of 19 ITIL Volume Description Service Transition Describes the development and improvement of capabilities for transitioning new and changed services into operations Service Operation Embodies practices in the management of service operation Continual Service Improvement Guidance in creating and maintaining value for customers Each volume addresses the capabilities that enterprises must have in place. The details underlying the 5 ITIL volumes is beyond the scope of this whitepaper, but if you would like more details, you can find them at the following URL: https://www.axelos.com/ What is the AWS Cloud Adoption Framework? The Cloud Adoption Framework (CAF) is used by AWS to help enterprises modernize their ITSM practices so that they can take advantage of the agility, security, and cost benefits afforded by the cloud. Like ITIL, the CAF organizes and describes the activities and processes involved in planning, creating, managing, and supporting a modern IT service. The CAF offers comprehensive guidelines for establishing, developing, and running cloud- based IT capabilities. ITIL and the CAF are compatible. In fact, the CAF provides enterprises with practical operational advice for how to implement and operate ITSM in a cloud- based IT infrastructure. The details of the AWS CAF are beyond the scope of this whitepaper, but if you would like to learn more, you can read the CAF whitepaper at http://d0.awsstatic.com/whitepapers/aws_cloud_adoption_framework.pdf. The CAF examines IT management in the cloud from seven core perspectives, as shown in the following table:
  6. 6. ITIL Asset and Configuration Management in the Cloud September 2015 Page 6 of 19 CAF Perspective Description People Selecting and training IT personnel with appropriate skills, defining and empowering delivery teams with accountabilities and service level agreements Process Managing programs and projects to be on time, on target, and within budget, while keeping risks at acceptable levels Security Applying a comprehensive and rigorous method of describing a structure and behavior for an organization’s security processes, systems and personnel Strategy & Value Identifying, analyzing, and measuring the effectiveness of IT investments that generate the most optimal business value Maturity Analyzing, defining, and anticipating demand for and acceptance of envisioned IT capabilities and services Platform Defining and describing core architectural principles, standards, and patterns that are required for optimal IT capabilities and services Operation Transitioning, operating, and optimizing the hybrid IT environment, enabling efficient and automated IT service management As with most specifications covered in the Service Transition Volume of ITIL, Asset and Configuration Management falls nicely into the Cloud Service Management function of the AWS CAF Operating Perspective. Of course, Cloud initiatives require more than just the right technology. They also must be supported by organizational changes such as people and process change. Such changes should be supported by a Cloud Governance Forum or Center of Excellence, with the role to manage through transition using the AWS CAF. From the perspective of ITSM, your operations should certainly have a seat at the table. This allows the approach to be flexible and cater for a more relevant model, interacting with existent solutions to manage the full ITSM landscape. In 2015 AWS will release its Cloud Adoption Methodology (AWS CAM), which offers practical guidance and comprehensive guidelines for establishing, developing, and running cloud-based IT capabilities.
  7. 7. ITIL Asset and Configuration Management in the Cloud September 2015 Page 7 of 19 ITIL and the AWS CAM are compatible. In fact, the AWS CAM is a needed supplement for almost all Enterprise ITSM frameworks used today, because it provides enterprises with practical operational advice for how to implement and operate ITSM in a cloud-based IT infrastructure. Asset and Configuration Management in ITIL The ITIL specifications define an asset as, “any resource or capability that could contribute to the delivery of a service.” Examples of assets include virtual/physical storage, virtual/physical servers, a software license, or even some knowledge in the head of a senior manager. ITIL defines configuration items as, “an asset that needs to be managed in order to deliver an IT service.” All configuration items are assets, but many assets are not configuration items. Examples of configuration items include a virtual/physical server or a software license. Every configuration item should be under the control of change management. The goals of asset and configuration management are to:  Support many of the ITIL processes by providing accurate configuration information to assist decision making, e.g. the authorization of changes, the planning of releases, and to help resolve incidents and problems faster  Minimize the number of quality and compliance issues caused by incorrect or inaccurate configuration of services and assets  To define and control the components of services and infrastructure and maintain accurate configuration information on the historical, planned and current state of the services and infrastructure
  8. 8. ITIL Asset and Configuration Management in the Cloud September 2015 Page 8 of 19 Value to business of asset and configuration management Optimization of the performance of assets improves the overall service performance, optimizes the costs, and mitigates risks caused by poorly managed assets, e.g. service outages, correct license fees and failed audits. Asset and Configuration Management provides visibility of accurate representation of a service, release, or environment that enables:  Better planning of changes and releases  Improved Incident and problem resolution  Delivery of Service levels and warranties  Better adherence to standards, legal and regulatory obligations (less non-conformances)  Changes to be traceable  The ability to identify the costs for a service In practice, Asset and Configuration Management aligns very closely to other ITIL processes such as Incident Management, Change Management, Problem Management, or Service-Level Management. AXELOS provides the following diagram as an example of the relationship between change management and Asset and Configuration Management.
  9. 9. ITIL Asset and Configuration Management in the Cloud September 2015 Page 9 of 19 AXELOS makes several observations that are relevant here. First, there are numerous elements within Asset and Configuration Management that directly relate to individual elements within change management. What becomes evident in the diagram is that Asset and Configuration Management underpins change management, and without it, the business is subjected to increased risk and uncertainty. The same inter-dependency with Asset and Configuration Management applies to many other areas within ITIL. Impact of Asset & Configuration Management Processes on Financial Management One of the key aspects of asset management is to ensure it feeds relevant asset data to financial management processes. This is required for:  Capitalization and depreciation  Software License management  Other compliance requirements These requirements typically require comprehensive Asset Lifecycle Management processes, which take significant cost and effort. One of the benefits of moving IT
  10. 10. ITIL Asset and Configuration Management in the Cloud September 2015 Page 10 of 19 to the Cloud is the financial nature of the transaction moves from Capex to Opex, and hence some of the financial asset management norms may not be required. Best Practice for Asset and Configuration Management An effective cloud asset and configuration management practice would include concepts like the following:  How will your organization manage server images (AMIs)? Server images must be periodically updated with patches and software updates. AWS provides a number of tools that can be incorporated in your organization’s image management processes to assist in the creation and management of AWS images. For example to help you manage your instances, images and other EC2 resources, you can assign your own metadata to each resource in the form of tags.  Will instances be automatically configured at launch or manually configured later? Automating instance configuration on boot, by passing user-data to the instance on boot or embedding change and configuration management agents in a server image, allows instances and applications to take advantage of instance meta-data, cloud automation, scaling, and high-availability capabilities.  How will OS credentials be instrumented and controlled when instances are launched or terminated? Typically, organizations preconfigure their server images to automatically connect and register with corporate LDAP or Active Directory domains when they are launched to provide centralized OS credentials management and control.
  11. 11. ITIL Asset and Configuration Management in the Cloud September 2015 Page 11 of 19  How will patches and upgrades be applied? Organizations take different patch and upgrade management approaches depending on their application’s characteristics and requirements. Updates can be applied to existing instances using traditional software deployment tools or by replacing outdated software running on older instances with newer, patched, and upgraded server images.  Will applications be managed as homogeneous fleets? Managing applications as homogeneous fleets allows infrastructure to be dynamically and automatically provisioned or released based on predictable utilization patterns.  How will your organization manage changes to OS hardening baselines, configure security groups or OS firewalls, and monitor their instances for intrusions or unauthorized changes? Most organizations already have existing internal IT change and configuration management processes One of the biggest challenges of IT asset and configuration management is centralizing and controlling the lifecycle of each asset. Once an inventory is established and configuration information is compiled, the practices set out below can result in cost-saving opportunities, as well as service continuity and user experience improvements. Ensure senior management alignment: The topic goes beyond stakeholders in IT operations, IT asset and configuration management impacts contracting, sourcing, finance and compliance. As each department is involved in specific elements of the IT asset and configuration management lifecycle, defining cross-departmental processes early on helps to alleviate pain.
  12. 12. ITIL Asset and Configuration Management in the Cloud September 2015 Page 12 of 19 Set measurable financial and operational goals: Most IT organizations implement IT asset and configuration management to gain measurable results in three areas: service level improvement, cost control and risk mitigation. Financial and operational goals can be established to show measurable progress, using metrics around service quality levels, IT budget impact and compliance activity. Internal audits: At regular intervals review asset and configuration management practices, to ensure processes are supported by automation wherever as possible. Document these processes, so that you can show proactive resource control in the event of an audit. Establish frequent reviews of software usage: Set standards for the duration an application remains unused before recalling it. There will typically be different thresholds for different types of applications. As an example, you might set a four-month usage threshold for Autocad or a five- week threshold for an ERP client application. Standardize on software license titles and hardware configurations: Establishing standard practices means selecting fewer software titles and hardware configurations, which enables increased volume sourcing leverage and also lowers the pressure on the service desk. More details on best practice can be found here.
  13. 13. ITIL Asset and Configuration Management in the Cloud September 2015 Page 13 of 19 Challenges of Establishing CMDB for a Cloud deployment of IT A Configuration Management Database (CMDB) provides the system of record for IT to track and manage its resources. A CMDB contains the following at a minimum:  Configuration Item ( CI ) records with all associated attributes captured  A relationship model between different CI’s  A history of all Service Impacts in form of Incident, Change, Problems In a traditional IT setup the goals of establishing a CMDB are met through the process of:  Discovery and recording of existing CI’s leveraging certain tools  A comprehensive Change Management processes to keep track of creation and updates to CI’s  Integration of Incident & Problem management data with impacted CI’s leveraging ITSM Workflow tools like BMC, HP or Service Now. These processes and tools in turn help organizations better understand the IT environment by providing insight into not only the impact of incidents, problems and changes, but also financial resources, service availability and capacity management. The CMDB presents a logical model of the enterprise infrastructure to give IT more control over the environment and to facilitate decision-making. There are multiple challenges of establishing a CMDB system for Cloud resources:  The inherent dynamic nature of cloud resource provisioning, where resources can be created or terminated through predefined business policies or application architecture elements like auto scaling makes tracking CI’s difficult  Capturing Cloud resources CI’s data in a format that can be imported into traditional In-house CMDB’s to maintain a single system of record for all enterprise CI’s is extremely challenging
  14. 14. ITIL Asset and Configuration Management in the Cloud September 2015 Page 14 of 19  Due to a prevalence of Shadow IT organization(s), Information sharing and even manual consolidation of the enterprise IT assets and CI’s is not always achievable AWS Config: The Configuration Management Inventory for the Cloud Resources While these challenges do exist, with the introduction of AWS Config, Customers have a significant opportunity to meet their needs of managing their Configuration Items on Cloud. This is enabled by the significant functionalities offered by AWS Config that allows users to track resources that they are consuming on their AWS accounts and hence help manage them as per their Configuration management processes. AWS Config provides a detailed view of the configuration of AWS resources in a particular AWS account. With AWS Config we can do the following:  Get a snapshot of all the supported resources associated with an AWS account at any point in time.  Retrieve configurations of one or more resources that exist.  Retrieve historical configurations of one or more resources.  Receive a notification whenever a resource is created, modified, or deleted.  View relationships between resources. These resources are typically the lowest level of the components that make up the overall system architecture and meet the requirement of the useful CI’s that IT organizations need to track and monitor system performance. AWS Config supports the following resources:
  15. 15. ITIL Asset and Configuration Management in the Cloud September 2015 Page 15 of 19 This wealth of information is hugely beneficial to any IT organization in CI discovery and recording, Change tracking, Audit & Compliance & Security Incident Analysis. Customers that access this important information set directly on the AWS console or programmatically extract that information into their existing CMDB’s. There are two logical approaches that customers can take to meet their CMDB requirements.
  16. 16. ITIL Asset and Configuration Management in the Cloud September 2015 Page 16 of 19 While the decision to select the right option rests with the customers themselves, the capabilities and functionalities available through AWS Config have significantly helped in meeting one of the most critical needs of the Service Management framework that exists in the enterprises today and was not previously available in the cloud environment. As an example of the potential for integration with legacy systems, IT Service Management tool provider Service Now has integrated with AWS Config functionality and Service Now users can leverage the Option 1 method recommended above. One of the goals of Service Asset & Configuration Management is to manage the entire CI lifecycle and track and record all changes. One of the key aspects of Cloud is a much tighter integration of the Software and Infrastructure configuration lifecycles. In this section we cover various aspects of configuration lifecycle management across instance, stacks and environments:  Instance Creation Templates: Every IT organization has its own security and compliance standards to be met for compute instances introduced into their IT environments. Amazon Machine Images (AMI’s) are a robust way of standardizing compute instance creation. Users can opt for AWS or 3rd party provided predefined AMI’s or can define custom AMI’s. The benefit of creating AMI templates for
  17. 17. ITIL Asset and Configuration Management in the Cloud September 2015 Page 17 of 19 compute provisioning is the ability to define server configuration and environmental add-ins in a predefined and programmatic manner. A typical custom AMI may prescribe the base OS version with its associated security hardening configurations as per the organization policies. These AMI’s become the default standardized compute images that IT organizations use across their environment. Using AMI’s helps in managing the compute environments in an effective manner as it ensures that any new compute instance provisioned follows the IT organization best practices and ensures that the lifecycle management of compute instances is also easy since there is an audit trail of all AMI’s used and whenever changes are made to the base AMI’s a subsequent upgrade process can also be initiated on all compute instances that exist in the environment that had leveraged the base AMI.  Instance Lifecycle Management: For every compute instance created in an IT environment, there are multiple lifecycle management activities that need to be performed. Some of the standard tasks are patch management, hardening policies, version upgrades, environment related variable changes etc. Typically these activities are either performed manually or most IT organizations today have robust configuration management tools like Chef, Puppet, and System Center Configuration Manager etc. which perform these tasks. AWS allows easy integration with these industry standard tools to ensure a consistent enterprise configuration management approach. AWS Config also allows IT administrators to track Configuration change history and ensure that there is an overall governance to IT configuration changes in the environment. As part of Compute instance lifecycle management IT organizations can also ensure standardization by ensuring that it establishes a library of valid AMI’. Whenever the configurations of actual compute instances in the IT environment are not in sync with the standards, it is easier to upgrade them to standardized AMI’s that have already gone through IT organization certification process.  Environment Provisioning Templates: Whenever there is a need for provisioning end to end environments also referred to as “Stacks” in a consistent and repeatable fashion, without needing to actually provision each component individually, AWS CloudFormation is a very useful tool to meet that objective. You don’t need to figure out the order
  18. 18. ITIL Asset and Configuration Management in the Cloud September 2015 Page 18 of 19 for provisioning AWS services or the subtleties of making those dependencies work. CloudFormation takes care of this for you. A template can be used repeatedly to create identical copies of the same stack without effort or errors. Templates are simple JSON-formatted text files that can be held securely leveraging your current source control mechanisms. AWS provides a wealth of standard CloudFormation templates that can be used to kick-start the process here. The benefits of standardization of environment provisioning in form of CloudFormation templates is that IT organizations can create a “Service Catalog” of most important environments that are repeatedly used by IT consumers and offer them on-demand. Some of the examples of such service catalog items that are repeatedly required by IT are: o LAMP stack for Developers o Ruby-on-rails stack for Developers o MS Sharepoint stack for departments o Test environment creation for in Production Applications CloudFormation templates not only simplifies the process of ongoing provisioning of the most used environments but also ensures that the IT security policies and standards are complied to in each of these provisioned environments without needing to manually enforce the same. Conclusion Service Asset & Configuration management processes consist of critical activities that are responsible for proper provisioning and ongoing health of IT systems deployed to meet business requirements. Consistent management of configuration items through their lifecycle leads to efficient and effective system health and performance. AWS enables best practices across every level of resource in an application stack. Due to the tools, automations and integration available on the AWS platform as highlighted in this whitepaper, IT organizations can achieve significant productivity gains. Successful implementation and execution of Service Asset & Configuration management processes should be seen as a “Shared Responsibility” that can be achieved through the right commitment by IT organizations, enabled by the AWS platform.
  19. 19. ITIL Asset and Configuration Management in the Cloud September 2015 Page 19 of 19 Contributors  Anindo Sengupta: Chief Delivery Officer, Minjar Cloud Solutions.  Darren Thayre: Platform, Strategy and Transformation, AWS ProServ  Eric Tachibana: Platform, Strategy and Transformation, AWS ProServ Notes ITIL Service Operation Publication, AXELOS, 2007, Page 5 All references to ITIL and its content are subject to Copyright © AXELOS Limited 2011. All rights reserved. Material is reproduced under license from AXELOS

×