Contributed by Michael Ell, Director of Engineering, Empowered Networks
Do you know how all the stuff in your enterprise fits together to produce business results? Your ability to control Quality of service, compliance with industry regulations, and to ensure that cost of service is optimized is directly driven by configuration and change information and automation.
Configuration management encompasses the capability to understand the current and historical state of the environment across infrastructure and applications whether the state is a function of manual configuration or the result of automation. Change refers to the ability to effect change on the environment in an automated fashion. At its core, Change and Configuration answers the questions of what do I have and how do I change it.
Traditional views on change
In many ways, the main function of operations is the management of change. Traditionally, this change has been viewed as largely negative whether as with unplanned change such as occurs with failures, or as with planned change such as upgrades and new project deployments. In both cases, the responses to the change were seen as “exceptions” which pulled operations out of their regular activities. Statistics showing that the vast majority of operational issues could be (and continue to be) traced to change events only served to enhance the negative perception despite the fact that they were much more indicative of the poor execution and handling of the change than the change itself.
Unplanned change or failure, for example, tended to be handled as a firefighting activity, due in no small part to the lack of strong operational configuration control. Focus was placed most heavily on the prevention of unplanned change with little emphasis on the effective recovery from it. The problem is that excessive focus on avoiding unplanned change is only somewhat effective and always expensive. Everything eventually fails, and can only be measured in the negative. That is, measuring the lack of failures gives no absolute indication that a failure will not occur in the future. Furthermore, it does nothing to address the challenge of recovering from the unplanned change or failure, an activity which, on the other hand, can be positively measured and demonstrably improved.
Planned changes, on the other hand, traditionally tried to place controls on the way in which change was introduced to the environment. However, these same controls restricted the ability of organizations to deploy innovations as they were limited by the ability of IT to deliver as opposed to a schedule defined by the needs of the business. This behaviour was epitomized by the quarterly, biannual, or even annual release schedules that characterized traditional software.
Change in the new world
But the world is changing. A new paradigm is emerging which recognizes the need to embrace change and move it from being the “exception” to the primary mode of operation. Paradigm shifts such the advent of the cloud and SDN combined with the democratization of automation have been leveraged to enable the ever increasing rate of change introduced by the rise of agile development, continuous delivery, and the DevOps movement. A new emphasis on improving change delivery through clear understanding of the state of the environment (configuration) and repetition of the procedure of change is producing operations organizations for whom planned change is delivered on the timelines of the business. Daily or even hourly change deployment rates are now not unheard of even as rates of failure associated with these changes drop. Even unplanned change is responded to quickly and predictably as change, and recovery from failed change, is a regular activity, not an exception to the norm. In addition, the ability to deliver change more quickly and efficiently tends to result in each change being smaller with a proportionately smaller associated risk and easier problem identification and recovery. This is all a function of change and configuration having moved from being a nice to have workforce optimization to a core enablement toolset.
Continuous Delivery, the new poster child
Continuous delivery is a perfect example of automated change management and configuration providing core enablement. Successfully realizing a continuous delivery pipeline requires the coordination of change across not just multiple systems and technologies, but across what are traditionally separate organizations such as development, security, and operations. The friction of communication and manual process between these groups and the lack of available shared configuration data has been largely responsible for the slow rate of deployment and lack of successful change. To alleviate this a number of capabilities are required: strong configuration management (insures that all players have a current and accurate understanding of the environment), orchestration of the software build, environment deployment and configuration (compute, network, and storage using automated change), testing, and, ultimately, automated deployment to eliminate the requirement for manual hand-offs between groups. Of course, there is always the need for job reporting to communicate the status of the various automated changes both inside the teams and to the business as a whole.
A security perspective
As the benefits of change and configuration management are becoming apparent, the scope of the positive effects associated with a strong change and configuration practice are also expanding. One of the emerging areas in which change and configuration management is poised to play a much expanded role is security. Ironically, the same technologies – virtualization, containerization, and the cloud – which are enabling enormous innovation and are in turn enabled by change and configuration management, are also responsible for invalidating the assumptions underlying much of traditional security. The diffuse and transient nature of these new environments makes it increasingly difficult to provide effective perimeter defences. This shifts the security from a focus on strong protective shells to individual components participating in the responsibility for their own security. In this case a detailed understanding and tight control of element configurations provide not only visibility to security concerns but the ability to effect remediation quickly when a problem is discovered.
In the end, whether seeking to optimize their existing environments or leveraging new agile deployment methodologies, success will belong to those organizations who approach change as an enabler, not something to be feared. And for those organizations, it is embracing Change and Configuration Management which will make it possible.