Change and Configuration Management (CM) is the most underestimated and least understood development discipline in most companies today. Yet having this discipline in place avoids unplanned outages and pays the largest dividends in cost and time savings. Most companies focus on Development, then Quality Assurance then Business Systems Analysis methodologies but neglect the forth and equally important element - Change and Configuration Management. In fact most organizations back up their data, source code and even have a second set of hardware are still unable to recover the last decade of undocumented configuration data accumulated through all the weekend “tweaks” to the system.

Why is this? There are many reasons:

   • Difficultly: Configuration management is very hard to do in a       constantly changing landscape of operating systems and tools

   • Communication: Management think developers do CM; developers       think other developers will do CM

   • Education: There is no formal University degree in change and       configuration management

   • Focus: It is not perceived as exciting a discipline as development.       Other disciplines are often perceived as having greater value and have       more press coverage

   • Resources: It takes a specially skilled engineer to effectively perform       enterprise wide CM

What is it?

Change and Configuration Management (CM) is the process of identifying and defining system components, controlling the change of these items throughout their lifecycle, identifying the status of each detailed item and change request, and then verifying the completeness and correctness of each. CM manages changes made to hardware, software, and documentation through a series of controls to minimize risk during testing, deployment, rollback, and recovery.

How do I know if I need it? The following are symptoms of not having a strong CM discipline:

   • Unacceptable system downtime. Your system downtime is frequently       not due to a system defect, but because of deployment errors such as       the build was bad, the environment was not clean, the wrong version was       deployed, the rollback didn’t work, it was deployed partially or not to the       right destination or the installer failed

   • Single threaded development. Your developers cannot work in a       parallel fashion allowing safely for changes to multiple branches of       code to be merged at a later stage

   • Time Delays. Increased time required to promote code from       development to other environments. Your developers tell you that the       coding is completed, but it still takes a large amount of time to integrate       the code, build the product and reproduce a working environment for the       Quality Assurance (QA) team

   • Environmental Integrity and Complexity. The QA and Development       environments never seem to match production realities, resulting in       production defects that cannot be found or reproduced by the       Developers and Testers. The installation of the system is not       automated and takes a long time to set up

   • Recurring problems. Defects that were identified and fixed in earlier       versions seem to keep creeping back into production

Scorpion has the most experienced experts in Change and Configuration Management. The benefits our clients see from engaging these experts is that the above issues disappear allowing you to:

   • Experience overall system uptime increases and deployment risk is       mitigated

   • Reproduce a production environment from any point in time, reliably       from a secured source

   • Monitor and reduce the risk in terms of production uptime and system       integrity

   • Let your developers focus on development tasks as the burden of       establishing and maintaining environments is now a dedicated role

   • Meet and exceed compliance requirements such as segregation of       duties (SOD), secured access to code, version control, rollback       planning, etc.

CM is a support and control layer for the SDLC providing the following services to the team during a project:

   • Risk Management. CM mitigates risk at the pre-development stage of       the SDLC. Configuration management meets with the team to discuss the       impact of changes and to think through potential problems. CM       recommends steps that reduce the risk of these problems.

   • Environment and Version Control. CM is responsible for managing       development environments including infrastructure components,       capacity planning, access control and migration integrity. When a new       project begins, CM gives Development the correct revision of the code       base to work on. As Development makes changes, CM is also in charge of       source code integrity and version control. CM keeps track of the changes       with the new version as well as what versions are currently in QA or       Production.

   • Build and Release Management. On notification of Development       being complete, CM takes the code from the appropriate source       control branch and builds the system in a secured build environment. The       system is built and packaged in a repeatable, automated manner and then       deployed to QA. It is important to have Configuration Management do this       step to ensure the QA is testing the correct build in the correct       environments. After testing, CM takes the exact same package QA tested       and deploys it to a Production staging area. Operations take it from there       and places it in Production thus ensuring the same code tested ends up in       production!

   • Break/Fix or Emergency Release Management. CM plans for       emergencies before they happen. This plan helps protect the business by       having prepared strategies used in response to unplanned or emergency       releases. For example, If something in new code breaks and causes the       system to go down, CM will assist by executing pre planned and rehearsed       steps that rollback code to an earlier version, allowing the system to work       without the new changes.