Seven steps to successful change management for the data centre
Date: Sunday 1 October 2006
Author: Kia Behnia, BMC Software
What's the best way to approach change for the data centre? Do you have a formal, documented process supported by automated tools that allow you to implement change without disrupting critical services? Or, do you have a jumble of siloed management tools and manual approaches that too often result in failed changes, major outages, reduced employee productivity, and the risk of a tainted company image and financial loss? 
If your enterprise is like many, you're somewhere in the middle. You've most likely improved your change management processes and implemented some tools to help achieve results. But, chances are that you haven't completely reached the goal of having a highly effective process that lets you expand computing capacity, install upgrades and patches, and roll out new applications and technologies without the slightest glitch in your business services.
Wherever you are on the change management path, there are steps you can take now to accelerate your progress toward achieving the pinnacle of effective change management across the data centre. The steps described below are already helping a number of enterprises make major strides toward successful change management.
Step 1: Assess your Situation
As with any project, you need to know where you are before you can figure out where to go next. So, your starting point should be an assessment of your current change process. An outstanding resource for this step is "Global Technology Audit Guide, Change and Patch Management Controls: Critical for Organisational Success." Published by the Institute of Internal Auditors (IIA), this guide was written to help auditors evaluate compliance with government regulations with respect to change management.
The guide provides insight into symptoms and risk indicators of poor change management processes. By reading it and seeing how your IT organisation stacks up, you can better understand where you are on the road to effective change management.
Step 2: Address Weaknesses
Assessment uncovers the weaknesses in your current process. This area focuses on addressing those weaknesses. The IIA guide comes in handy in this step as well, because it defines actions that immediately improve change processes. Additionally, you must establish process workflows in a variety of areas, including:
• Change request initiation and approval to automate routing of change requests for approvals and keep things moving through the approval cycle
• Change planning, scheduling, and implementation to set priorities and implement processes for distributing patches and upgrades
• Risk assessment to evaluate the impact of change on service levels, operational performance, and availability, and to ensure you have the IT resources to sustain the changes
• Business continuity to ensure rapid recovery when problems occur
Step 3: Automate
There's a delicate balance between responsiveness in making needed changes and controlling change to minimise disruption to the business. Automation helps you achieve this balance. It increases speed and efficiency and eliminates mundane, repetitive tasks. Automation also brings consistency based on standardised, best-practice processes, thereby eliminating change errors that might interrupt critical business services.
Automating the distribution of software updates and patches ensures that they are installed consistently and that all installation attempts are accounted for — even those that fail. Automating the sequencing of new software releases from test to production introduces them in a disciplined way that maintains business continuity. Finally, automating capacity management and resource provisioning brings the right resources online when they are needed to provide optimum efficiency, agility, and service levels.
Step 4: Improve Visibility
You can't anticipate the impact of a change without visibility into the complex IT infrastructure. Visibility means having a consolidated view of all assets, their configurations, and their physical and logical dependencies. Moreover, it means knowing not only which changes are in flight, but also which ones are in the pipeline.
For maximum efficiency, you should prioritise change activities based on business impact. To do that, you need the ability to create models that map infrastructure components the business services they support. If you want to ensure cost efficiency of configuration-related changes, you need visibility into the performance aspects of proposed changes — how much and what type of capacity you need to balance service levels and budgets — before you authorise those changes.
It's important to look at business service levels before, during, and after changes are implemented to facilitate cross-organisational stakeholder alignment and support for change-related activities. This is needed to verify the value/impact and buy in necessary to support change management. Finally, it's important to track and report on change activities to gain insight that enhances change planning, facilitates audits, monitors the effectiveness of change management, and identifies problems.
Step 5: Maintain a Single Source of Data
A key requirement for effective change management is the implementation of a single source of comprehensive, accurate data about the IT infrastructure. A configuration management database (CMDB) that includes all IT assets along with detailed information on locations, configurations, and users comes into play here. A true CMDB differs from other asset stores in its ability to capture not only the physical and logical interrelationships of the assets, but also the relationships of the assets to the business services they support. Automatic discovery is a must to populate the CMDB and keep it up to date as changes occur. The CMDB provides a data source for generating the views of the IT infrastructure that the data centre staff needs for change planning and management.
Step 6: Establish Process Controls
Controls reduce risk of outages due to poorly planned or unauthorized changes, and the risk of regulatory noncompliance. So establishing control over change activities is vital. You can accomplish this by enforcing policies that define processes, such as change requests and approval workflow, authorisation of staff members to implement changes, and deployment of standard configurations. Automation, of course, comes into play here. You need an underlying software solution that maintains control without getting in the way of the data centre staff responding to customer needs. For example, you need strict controls for operating system upgrades or significant patches that require many steps and approvals — especially when they affect systems that support critical business services. Small application patch updates, peripheral hardware changes, and other lesser changes require minimum processing and need less overhead to support responsiveness.
Step 7: Streamline Interaction with Other Disciplines
Change management is one of a number of IT Service Management disciplines. The change management team relies on data from these other disciplines to do an effective job. Likewise, teams responsible for other disciplines need access to change data. By selecting a change management solution that integrates with other IT Service Management solutions, you'll streamline interaction across disciplines.
The CMDB is the ideal point of integration for this interaction because it provides a single source of accurate information for all disciplines. The incident and problem management team, for example, can keep up to date on successful change implementations and directly enter change requests and view their status from the incident and problem management console. Asset managers can stay current on infrastructure changes because the change management solution updates the CMDB when a change takes place. The performance analysis and capacity planning team can tap into the CMDB for current configuration information to subject planned changes to capacity planning for advanced performance and capacity-risk evaluation.
Conclusion
Change is a given in today's IT organisation. Enterprises expect their IT professionals to cope with the steady barrage of new systems, new technologies, and increased capacity requirements while keeping critical systems available and operating at peak performance. To meet these expectations, IT professionals must replace outmoded manual change activities with streamlined, automated processes based on proven best practices. These seven steps should help you make major strides in this direction. As a result, you'll enhance the value that IT brings to the business, bringing greater agility to the enterprise and providing a strong competitive advantage.
Kia Behnia, Chief Technology Officer (CTO) for Change and Configuration Management Solutions (CCM) for BMC Software (www.bmc.com) has over 15 years of experience in designing management solutions for distributed systems. At BMC he has helped develop the company's change and configuration management strategy. Prior to joining BMC Software, Behnia served in a number of senior positions at Marimba Inc. including VP of Products and CTO. Earlier in his career, he was one of the principal technologists for Tivoli Systems, were he led the deployment Tivoli's solutions at several global enterprises.
