ITIL Service Configuration  Management and CMDB Explained

What is the purpose of Service Configuration Management, & how does it fit into the ITIL best-practise framework?
ITIL introduced the Service Asset and Configuration Management Practise (SACM) with the 2001 release of ITIL V2. It was simpler then, but so was IT. Now, tracking it all is challenging with virtual systems, cloud computing, cyber security, and much more. ITIL separated the Practise into two with ITIL V4 (Nov. 2018) publication. Now we have Service Configuration Management (CM) and IT Asset Management. Because of all the changes in IT and ITIL rethinking, we wrote this article to help you understand the Practise and why you need CM more than ever.

The difference between an IT Asset and a Configuration Item

  • An IT Asset has a minimum financial value defined by IT Financial Management:
    1. An IT Asset does not care about the relationships between different assets
    2. An IT Asset may not be necessary for service delivery (i.e., a building)
  • A Configuration Item (CI):
    1. Does not care about the financial value
    2. Has relationships with other CIs or services
    3. Is essential for service delivery

The purpose of the Service Configuration Management Practise

ITIL states:
"The purpose of Configuration Management is to ensure that accurate and reliable information about the configuration of services and the CIs that support them is available when and where it is needed. This includes information on how CIs are configured and the relationships between them."1
A Configuration Item (CI) is:
"Any component that needs to be managed in order to deliver an IT service."2
CIs can be hardware, software, networks, buildings, people, supplies, and documentation. If a company designates something as a CI, that means:
  1. It is under the control of Change Enablement
  2. It can only change with an approved Request for Change (RFC)
  3. The CIs are in a Configuration Management Database (CMDB) and under the control of the Configuration Management System (CMS)
Because all CIs relate to other CIs, controls are necessary. A simplified, high-level diagram below demonstrates how everything is related. The blue boxes represent CIs, and the lines are relationships.
IT Service Model
Simplified service model for a typical IT service3

The objectives of the Configuration Management Practise4

  • CM manages CIs throughout their lifecycle (e.g., from purchase to retirement).
  • CM defines controls, records, audits, and verifies services and other CIs, including versions, baselines, constituent components, attributes, and relationships.
  • CM manages and protects the integrity of CIs through the service lifecycle.
  • Uses Change Enablement Practise to review and authorise any changes to CIs.
  • Ensures projects only use authorised components.
  • The historical, planned, and current states of services and other CIs are accurately configured by CM.
  • By supplying precise configuration information to help personnel make the best possible change decisions at the appropriate time, CM supports effective and efficient Service Management operations.
  • CM manages all aspects of the Configuration Management System (CMS).

The benefits of Configuration Management5

Why is CM significant? Because CM supports all the other Practises ensuring they use a standardised approach to change:
  • CM significantly reduces incident resolution time using a central repository for critical infrastructure data:
    • The Service Desk, using the CMS, may increase the number of resolutions without escalating, increasing user productivity and customer satisfaction and reducing support costs.
    • CM may help to standardise the approach to incident resolution.
  • The data in the CMS allows for better forecasting and planning of changes.
  • CM minimises quality and compliance issues caused by improper configuration of services and assets using ANSI or ISO 9001 (Quality Management System) protocols.
  • CM processes lead to better adherence to standards and legal and regulatory obligations.
  • CM helps identify the cost of service delivery.
  • CM enables optimising changes and the reuse of standards and best practises.
  • CM significantly helps to reduce the cost and time to discover configuration information when needed.
  • CM assists Problem Management in root cause analysis leading to known error resolution and reducing significant loss of productivity.

What are Configuration Item relationships?

Earlier, we said that CM documents all CIs essential to delivering a service. CI relationships are important for understanding how it all works. Examples of relationships:
  • A CI is a part of another CI:
    • A software module is part of a program.
    • A server is part of site infrastructure.
  • A CI connects to another CI:
    • A desktop computer connects to a LAN.
  • A CI uses another CI:
    • A program uses a module from another.
    • A customer-facing service uses an infrastructure server.
  • A location of a CI is on another CI:
    • This desktop PC has MS Project installed.
CI relationships are critical for associating operational actions with CIs. To understand daily events, we associate change records, incident records, problem records, known errors, and release and deployment records with the services and IT infrastructure. These are all CIs.
For example, a user may call the Service Desk to say that their laptop is acting up. Rather than spending significant time troubleshooting at the Service Desk or escalating to Level 2 support, the Service Desk agent can tap into the CMS and see that the user's laptop just received an update from Deployment Management. Now, the Service Desk can send the incident to the right support group with the background information, getting the user back up and running quickly (i.e., decreasing costs and increasing customer satisfaction).

The risks of not investing in Configuration Management

To understand the benefits of CM, it is helpful to look at the risks if you don't invest in Configuration Management:
  • A misplaced focus on the technology rather than the service and business focus of successful delivery of services.
  • Not understanding or considering the accuracy of configuration information over time.
  • Not setting an appropriate scope for Configuration Management.
  • Not keeping the data accurate by not following standard procedures (set by CM) for moving hardware assets by non-authorised staff.
  • Not conducting regular physical audits to discover, correct discrepancies, and learn through continuous improvement.
  • Not believing that practical CM is an all-or-nothing activity. Overlooking just one component can cause a vulnerability to the entire infrastructure.
  • Not integrating CM with other Practises, such as Change Enablement, IT Asset Management, and Information Security. A successful CM requires all Practises to support the accuracy of the documentation.

What are the tools used in Configuration Management?

Configuration Management System (CMS)

The CMS is a set of tools, data, and information to support Configuration Management. In addition, the CMS is part of an even more comprehensive support tool called the Service Knowledge Management System (SKMS).
The CMS has capabilities for gathering, managing, storing, updating, analyzing, and presenting information about all configuration data and their connections. Information about incidents, problems, known errors, changes, and releases may also be included in the CMS. CM maintains the CMS, and all IT Service Management Practises use it.6

The four views of the CMS

There are four architectural layers of the CMS. Dashboards typically make it easier for people who need this information daily:
  1. Change and Release view. Change and release personnel responsible for Change Enablement/Project Management, Release Management, and Deployment Management use this view as part of their project responsibility.
  2. Technical Configuration view. Used to meet the requirements of staff members doing technical and application management tasks.
  3. Service Desk view. For logging and handling issues and service requests, for instance, by the Service Desk.
  4. Configuration Lifecycle view. Used by those in charge of controlling the lifecycle of Configuration Items in Configuration Management.7

What is the Configuration Management Database (CMDB)?

When people think of the Configuration Management Practise, they usually only know of it as the Configuration Management Database, or CMDB. By now, you know the Configuration Management Practise is much more than CMDBs. CMDB is simply a place to store CIs.
ITIL defines the CMDB as:
"A database used to store configuration records throughout their lifecycle."8
The CMS maintains one or more CMDBs, and each database stores attributes of Configuration Items and relationships with other Configuration Items. These CMDBs are federated, making them seem like one giant database.
The CI attribute field distinguishes one CI from another. Name, location, version number, serial number, and cost are examples.

The Service Knowledge Management System (SKMS)

The SKMS takes all the data generated from service operations and makes it available in a user-friendly context. The SKMS starts with:
  1. Raw Data (it must be accurate) turns this data into
  2. Information (the who, what, when, where?) Then
  3. Knowledge (the how) and with user's input
  4. Wisdom (the why)
ITIL Service Knowledge Management System (SKMS)

Auto-discovery tools

People alone cannot possibly populate the CMS and all the CMDBs. It takes a full 360-degree view of applications, cloud, computing, network, and storage using many viewpoints and creating or verifying digital records stored in a CMDB.
The right tool, or tools, should be technically discreet (i.e., not intrusive or impact performance). They are invaluable when starting your CM project as they populate the CMDBs according to your strategic plans.
Regularly, a good strategy is to troll the infrastructure and match what discovery tools find with the CMS. If there is a mismatch, the discovery tool should automatically create a priority one incident.
Change Enablement's cardinal rule is that there should never be a change to the live environment without an approved Request for Change (RFC). To do so decreases the viability of the CMS. Remember, accuracy is everything.

Additional CM tools

In addition to the tools described above, organisations often integrate other tools to help populate, analyze, reduce errors and optimise costs:
  • Inventory
  • Audit
  • Enterprise systems
  • Network management

Terms used in the Configuration Management Practise

Term Definition
Configuration Baseline The configuration of a service, product, or infrastructure that has been formally evaluated and accepted serves as the basis for subsequent activities and can only be changed through formal change procedures.
Snapshot The most recent state of a Configuration Item or environment (e.g., from a discovery tool). The CM keeps the snapshot as a fixed historical record and stores it in the CMS. The image is used by the Deployment Practise to fix a failed release.

The Configuration Management System is an essential part of IT

The following diagram of the Service Knowledge Management System (SKMS) demonstrates the total value of ITIL, where the many parts must operate as one:9
ITIL Service Knowledge Management System (SKMS) Flowchart
As you can see, many arrows are leaving the CMS and providing support information and critical data to the rest of IT.
The SKMS is a tool that helps present CMS data in many discrete ways.
The diagram shows the many CMDBs of the CMS. Some CMDBs store incidents, service requests, problems, known errors, changes, and releases. For example, an incident refers to one or more CIs. And the SKMS makes all that information available to other Practises.
Another example comes from the end of a project. The last step is to update the CMS for all the CIs changed, removed, or added. Then the result of the project is available to all.
The SKMS is how enlightened IT organisations maximise the support and value to the business.

Configuration Management roles and responsibilities10

Role Responsibilities
Practise Manager The Practise Manager owns the Practise:
  • Carrying out the generic process manager role.
  • Are responsible to the organisation for the management of the fixed assets that fall under IT's purview.
  • Defining and agreeing to the service assets treated as CIs.
  • Making sure configuration information is available whenever and wherever it is required to support other Service Management Practises.
  • Planing and managing support for CM tools and processes.
  • Coordinating interfaces between CM and other Practises (i.e., Change Enablement, Release, Deployment, Knowledge Management).
Configuration Analyst The analyst role:
  • Proposing scope for CM.
  • Supporting the development of principles, processes, and procedures by the process owner and process manager.
  • Defining the structure of the CMS, including CI types, naming conventions, required and optional attributes, and relationships.
  • Training personnel in CM principles, processes, and procedures.
  • Performing configuration audits.
Configuration Librarian The custodian of CIs registered in the CMS:
  • Controlling the receipt, identification, storage, and withdrawal of all supported CIs.
  • Maintaining the status of CIs and provides this as appropriate.
  • Archiving superseded CIs.
  • Assisting in conducting configuration audits.
  • Detecting, noting, storing, and disseminating CM-related problems.
CM Manager Each IT department should have a designated CM Manager:
  • Managing CIs for their department.
  • Training and advising strategy to optimise the use of the CMS for their team.
  • Ensuring that all team members follow CM policies and practises.

Critical Success Factors (CSF) and Key Performance Indicators (KPI) for Configuration Management11

  • CSF - Accounting for, managing, and protecting the integrity of CIs throughout the service lifecycle.
    • KPI - Increased accuracy of costs and budgets for the assets used by each user or business unit.
    • KPI - Greater redistribution and recycling of underused resources and assets.
     
  • CSF - Supporting accurate configuration information delivery at the appropriate moment to support efficient and effective Service Management processes.
    • KPI - Percentage increase in the maintenance plan during the asset's lifetime (lower is better).
    • KPI - Increased efficiency for Incident Management in locating problematic CIs and resuming service.
    • KPI - Decrease in the typical amount of time and money spent diagnosing and addressing incidents and problems, broken down by type of issue.
     
  • CSF - Creating and maintaining an accurate and comprehensive CMS.
    • KPI - Reduction in the business impact of outages and incidents caused by poor service CM.
    • KPI - Improved configuration data accuracy and quality.
    • KPI - Better audit compliance.
     
 

How Configuration Management integrates with other ITIL Practises

Configuration Management is a tool for all the other Practises. CM provides detailed information on how the IT environment works. The different Practises add content in a controlled manner, expanding the value of the CMS.
Below is a high-level table showing some of these relationships. CM is a systems engineering practise for establishing and maintaining consistency of service performance and functional and physical attributes with its requirements, design, and operational information throughout its life.12
ITIL Practise Information Exchanged
Continual Improvement Continual Improvement is the mantra of all enlightened IT departments. Having a CMS allows all Practises to see the big picture from the four dimensions of Service Management (e.g., Organisation & People, Information & Technology, Partners & Suppliers, and Value Streams & Processes). No other tool brings IT together with the common goal of outstanding business support. For Continual Improvement, cost reduction is a priority. Having a thorough understanding of every component of your configuration, preventing unnecessary asset duplication.
Information Security The CMS shows the relationships of all CIs
Each CI is a potential security risk; collectively, they may be a risk.  Using the CMS allows Information Security to strategise and set security policies to protect the business.
Architecture Management As part of Service Design, having an up-to-date digital representation of the live environment allows Architecture Management to have an up-to-date picture of the infrastructure, making it easier and shortening the time to design safe, effective, and cost-efficient changes.
Knowledge Management In the diagram above of the Knowledge Management system, it is easy to see how the CMS supports SKMS. The SKMS provides effective and customisable views of how all the different databases and tools fit together. Knowledge Management adds to the CMS and customises views while the CMS organises data for KM.
Portfolio Management The CMS is the central tool Portfolio uses for Service Lifecycle Management. The CMS assists Portfolio in its role for continual re-evaluation and refreshing of services, saving the business money. Portfolio uses CMS reports to determine when the cost of keeping a CI is greater than replacing it.
Project Management Since Project Management is the Practise that executes changes, the CMS supports risk analysis and baselines before and after the project completion. Project Management uses the CMS for cost reduction analysis by having detailed knowledge of all the configuration elements, avoiding wasteful duplication of the technology assets.
Risk Management Risk Management uses information in the CMS to evaluate the risks to business infrastructure. Using a CMS reduces the risk of outages and security breaches through visibility and tracking of the changes to the system that might increase risk chances. Traceability helps ensure meeting change standards.
Strategy Management Strategy Management uses the CMS to visualise the current infrastructure, commission projects, eliminate weaknesses and risks, and build health and profitability. Because of an accurate diagram and the ability to create views by services, Strategy can better make decisions about projects.
Service Level Management SLM uses the CMS to determine whether service levels are possible, given the current structure. SLM targets are particularly beneficial in the area of warranty (i.e., availability, performance, security, and continuity).
Monitoring & Event Management When viewing the service architecture in the CMS, Monitoring and Event Management can better plan what to monitor to ensure IT has an early warning that service delivery faults are likely.
Incident Management Incident Management can supplement its methods by increasing the use of the CMS and, for example, using the CMS to see if there have been any recent changes to a user's system.
Problem Management Problem Management is a heavy user of the CMS. The CMS is used to help determine the level of impact and pinpoint and diagnose the exact point of failure. In addition, proactive Problem Management can query the CMS for other potential issues (i.e., show me all other laptops with this configuration). Greater agility and faster problem resolution enable you to provide a higher quality of service and reduce software development and management costs.
Service Desk The Service Desk uses the CMS to help resolve incidents by identifying broken service components. They improve customer experiences when staff can rapidly detect and correct improper configurations.
Service Request Management Service Request Management is responsible for deploying user-initiated pre-approved Standard changes via a service request + standard RFC. The CMS tracks all service request changes.
Change Enablement For Change Enablement, the CMS is a powerful tool for determining change request risks.
Release Management Release Management ensures that releases meet all the standards for adding new versions to the live environment. When ready for deployment, Release Management stores the release in the Definitive Media Library, ready for Deployment Management. The CMS keeps accurate records of deployed versions and locations of approved software.
Availability Management Reduce the risk of outages through visibility and tracking changes to your systems.
Capacity & Performance Management Capacity and Performance Management become easier when an accurate visual display for service delivery items is available.
Service Continuity Management Service Continuity Management's role is to bring systems back after a disaster.
The CMS standards and baselines can optimise this Practise because they can count on accuracy. DevOps teams can gain insight into how their most recent changes effect system efficiency and functionality through performance testing.
Service Catalogue Management SCM is an online service where users can request software, hardware, and access. The catalogue automates service requests saving IT high costs. Service Requests and Standard changes are user-initiated here. The CMS guides the services requested.
Service Design The Service Design Practise depends heavily on CMS automation because it is easier to build checks and redundancies, improving the potential for omissions due to human error and the accuracy of keeping assets in the desired state.13
Service Validation & Testing SVT tests the builds produced by the Design Practise and the transition Practises of Project Management to ensure conformance to Configuration standards.
Deployment Management The Deployment Management Practise uses the CMS's snapshots when deploying changes. Knowing the official baselines saves Deployment time and money from having to do it themselves. Since the CMS baseline is always available, Deployment can build rollback processes that restore quickly. In addition, Deployment can use changesets instead of single file commits (i.e., packaged commits and environment changes in one easy commit).
Infrastructure & Platform Management The Infrastructure Management Practise use CMS automation as a reminder to update a piece of software to avoid a known vulnerability. The state of your systems must be accurately recorded, and baselining an attribute can guarantee efficient formal configuration change control procedures.
Software Development & Management Following the approved guidelines of the Software Development Life Cycle (SDLC) and Configuration Management, companies can decrease costs, decrease time-to-market and minimise errors. CM provides the standards everyone must follow.

Why Service Configuration Management, CMDB and ITSM Matter

Configuration Management with its CMS tool, CMDBs, and discipline promotes transparency, visibility, and better control of IT Assets. As IT organisations grow in size and complexity, it becomes exponentially more difficult to manually track their assets, deployment locations, and who controls them.
For all businesses, foundational IT change is essential to remain competitive and to protect the company from threats. An investment in Configuration Management, with its centralised data, and comprehensive best-practise controls on changes, reduces risks and outages that could impede the health of an entire organisation.
Footnotes:
  1. ITIL® Foundation, ITIL 4 Edition, Axelos Global Best Practices, 2019, p.139
  2. Ibid, p. 140
  3. Ibid, p. 140
  4. ITIL v3 Service Transition, 2011 edition, Axelos Global Best Practice, p. 90
  5. Microfocus Best Practice Guide
  6. Ibid, p. 94
  7. Ibid, p. 95
  8. Ibid, p. 309
  9. Ibid, p. 186
  10. Ibid, p. 229
  11. TIL v3 Service Transition, 2011 edition, Axelos Global Best Practice, p. 113
  12. UpGuard, "What is Configuration Management and Why is it Important?" Aug 01, 2022
  13. Ibid., UpGuard
Request a Live Demo
See It In Action
Assess Your Needs
Download Tool
Try Giva's 30 Day Trial
Sign Up Today