Management in the Cloud
An AWS Cloud Adoption Framework Addendum
September 2015Page 2 of 19
© 2015, Amazon Web Services, Inc. or its affiliates. All rights reserved.
Notices
Page 3 of 19
Contents
Contents ... 3 Abstract ... 3 Introduction ...4 What is ITIL? ... 4What is the AWS Cloud Adoption Framework? ... 5
Asset and Configuration Management in ITIL ... 7
Value to business of asset and configuration management ... 8
Impact of Asset & Configuration Management Processes on Financial Management ... 9
Best Practice for Asset and Configuration Management ... 10
Challenges of Establishing CMDB for a Cloud deployment of IT ... 13
AWS Config: The Configuration Management Inventory for the Cloud Resources ... 14
Conclusion ... 18
Contributors ... 19
Notes ... 19
Abstract
Many enterprises have successfully migrated some of their on-premises IT workloads to the cloud. An enterprise must also deploy an IT Service
Management (ITSM) framework so it can efficiently and effectively operate those IT capabilities. This whitepaper outlines best practices for asset and
Page 4 of 19
Introduction
This whitepaper is for IT Service Management (ITSM) professionals who support a hybrid cloud environment that uses AWS., The focus is on Asset and
Configuration Management, a core chapter of the Service Transition volume of the IT Infrastructure Library (ITIL). Many AWS enterprise customers have successfully integrated their cloud strategy with their ITIL-based IT service management practices. This whitepaper provides you with background in the following areas:
Asset and Configuration Management in ITIL
The AWS Cloud Adoption Framework
Cloud-Specific Asset and Configuration Management Best Practices
What is ITIL?
The IT Infrastructure Library (ITIL) Framework managed by AXELOS Limited, defines a commonly-used, best-practice approach to IT Service Management (ITSM). Building upon ISO/IEC 20000, which provides a, “formal and universal standard for organizations seeking to have their ITSM capabilities audited and certified”1, the ITIL Framework goes one step further to propose operational
processes required to deliver the standard.
At its core, ITIL is composed of 5 volumes that describe the entire ITSM lifecycle as defined by AXELOS:
ITIL Volume Description
Service Strategy Describes how to design, develop and implement service management as a strategic asset
Service Design Describes how to design and develop services and service management processes
Page 5 of 19 ITIL Volume Description
Service Transition Describes the development and improvement of capabilities for transitioning new and changed services into operations Service Operation Embodies practices in the management of service operation Continual Service Improvement Guidance in creating and maintaining value for customers
Each volume addresses the capabilities that enterprises must have in place. The details underlying the 5 ITIL volumes is beyond the scope of this whitepaper, but if you would like more details, you can find them at the following URL:
https://www.axelos.com/
What is the AWS Cloud Adoption Framework?
The Cloud Adoption Framework (CAF) is used by AWS to help enterprises modernize their ITSM practices so that they can take advantage of the agility, security, and cost benefits afforded by the cloud.
Like ITIL, the CAF organizes and describes the activities and processes involved in planning, creating, managing, and supporting a modern IT service. The CAF offers comprehensive guidelines for establishing, developing, and running cloud-based IT capabilities.
ITIL and the CAF are compatible. In fact, the CAF provides enterprises with practical operational advice for how to implement and operate ITSM in a cloud-based IT infrastructure.
The details of the AWS CAF are beyond the scope of this whitepaper, but if you would like to learn more, you can read the CAF whitepaper at
Page 6 of 19 CAF Perspective Description
People Selecting and training IT personnel with appropriate skills, defining and empowering delivery teams with accountabilities and service level agreements Process Managing programs and projects to be on time, on target, and within budget, while
keeping risks at acceptable levels
Security Applying a comprehensive and rigorous method of describing a structure and behavior for an organization’s security processes, systems and personnel Strategy & Value Identifying, analyzing, and measuring the effectiveness of IT investments that
generate the most optimal business value
Maturity Analyzing, defining, and anticipating demand for and acceptance of envisioned IT capabilities and services
Platform Defining and describing core architectural principles, standards, and patterns that are required for optimal IT capabilities and services
Operation Transitioning, operating, and optimizing the hybrid IT environment, enabling efficient and automated IT service management
As with most specifications covered in the Service Transition Volume of ITIL, Asset and Configuration Management falls nicely into the Cloud Service Management function of the AWS CAF Operating Perspective.
Of course, Cloud initiatives require more than just the right technology. They also must be supported by organizational changes such as people and process change. Such changes should be supported by a Cloud Governance Forum or Center of Excellence, with the role to manage through transition using the AWS CAF. From the perspective of ITSM, your operations should certainly have a seat at the table.
This allows the approach to be flexible and cater for a more relevant model, interacting with existent solutions to manage the full ITSM landscape.
Page 7 of 19
ITIL and the AWS CAM are compatible. In fact, the AWS CAM is a needed supplement for almost all Enterprise ITSM frameworks used today, because it provides enterprises with practical operational advice for how to implement and operate ITSM in a cloud-based IT infrastructure.
Asset and Configuration Management in
ITIL
The ITIL specifications define an asset as, “any resource or capability that could contribute to the delivery of a service.” Examples of assets include
virtual/physical storage, virtual/physical servers, a software license, or even some knowledge in the head of a senior manager.
ITIL defines configuration items as, “an asset that needs to be managed in order to deliver an IT service.” All configuration items are assets, but many assets are not configuration items. Examples of configuration items include a
virtual/physical server or a software license. Every configuration item should be under the control of change management.
The goals of asset and configuration management are to:
Support many of the ITIL processes by providing accurate configuration information to assist decision making, e.g. the authorization of changes, the planning of releases, and to help resolve incidents and problems faster
Minimize the number of quality and compliance issues caused by incorrect or inaccurate configuration of services and assets
Page 8 of 19
Value to business of asset and configuration
management
Optimization of the performance of assets improves the overall service
performance, optimizes the costs, and mitigates risks caused by poorly managed assets, e.g. service outages, correct license fees and failed audits.
Asset and Configuration Management provides visibility of accurate representation of a service, release, or environment that enables:
Better planning of changes and releases
Improved Incident and problem resolution
Delivery of Service levels and warranties
Better adherence to standards, legal and regulatory obligations (less non-conformances)
Changes to be traceable
The ability to identify the costs for a service
In practice, Asset and Configuration Management aligns very closely to other ITIL processes such as Incident Management, Change Management, Problem Management, or Service-Level Management.
Page 9 of 19
AXELOS makes several observations that are relevant here. First, there are numerous elements within Asset and Configuration Management that directly relate to individual elements within change management.
What becomes evident in the diagram is that Asset and Configuration
Management underpins change management, and without it, the business is subjected to increased risk and uncertainty. The same inter-dependency with Asset and Configuration Management applies to many other areas within ITIL.
Impact of Asset & Configuration
Management Processes on Financial
Management
One of the key aspects of asset management is to ensure it feeds relevant asset data to financial management processes. This is required for:
Capitalization and depreciation
Software License management
Other compliance requirements
Page 10 of 19
to the Cloud is the financial nature of the transaction moves from Capex to Opex, and hence some of the financial asset management norms may not be required.
Best Practice for Asset and Configuration
Management
An effective cloud asset and configuration management practice would include concepts like the following:
How will your organization manage server images (AMIs)? Server images must be periodically updated with patches and software updates. AWS provides a number of tools that can be incorporated in your organization’s image management processes to assist in the creation and management of AWS images. For example to help you manage your instances, images and other EC2 resources, you can assign your own metadata to each resource in the form of tags.
Will instances be automatically configured at launch or manually
configured later? Automating instance configuration on boot, by passing user-data to the instance on boot or embedding change and configuration management agents in a server image, allows instances and applications to take advantage of instance meta-data, cloud automation, scaling, and high-availability capabilities.
Page 11 of 19
How will patches and upgrades be applied? Organizations take different patch and upgrade management approaches depending on their
application’s characteristics and requirements. Updates can be applied to existing instances using traditional software deployment tools or by replacing outdated software running on older instances with newer, patched, and upgraded server images.
Will applications be managed as homogeneous fleets? Managing
applications as homogeneous fleets allows infrastructure to be dynamically and automatically provisioned or released based on predictable utilization patterns.
How will your organization manage changes to OS hardening baselines, configure security groups or OS firewalls, and monitor their instances for intrusions or unauthorized changes? Most organizations already have existing internal IT change and configuration management processes
One of the biggest challenges of IT asset and configuration management is centralizing and controlling the lifecycle of each asset.
Once an inventory is established and configuration information is compiled, the practices set out below can result in cost-saving opportunities, as well as service continuity and user experience improvements.
Ensure senior management alignment:
Page 12 of 19 Set measurable financial and operational goals:
Most IT organizations implement IT asset and configuration management to gain measurable results in three areas: service level improvement, cost control and risk mitigation. Financial and operational goals can be established to show measurable progress, using metrics around service quality levels, IT budget impact and compliance activity.
Internal audits:
At regular intervals review asset and configuration management practices, to ensure processes are supported by automation wherever as possible. Document these processes, so that you can show proactive resource control in the event of an audit.
Establish frequent reviews of software usage:
Set standards for the duration an application remains unused before recalling it. There will typically be different thresholds for different types of applications. As an example, you might set a four-month usage threshold for Autocad or a five-week threshold for an ERP client application.
Standardize on software license titles and hardware configurations:
Establishing standard practices means selecting fewer software titles and
hardware configurations, which enables increased volume sourcing leverage and also lowers the pressure on the service desk.
Page 13 of 19
Challenges of Establishing CMDB for a
Cloud deployment of IT
A Configuration Management Database (CMDB) provides the system of record for IT to track and manage its resources. A CMDB contains the following at a minimum:
Configuration Item ( CI ) records with all associated attributes captured
A relationship model between different CI’s
A history of all Service Impacts in form of Incident, Change, Problems
In a traditional IT setup the goals of establishing a CMDB are met through the process of:
Discovery and recording of existing CI’s leveraging certain tools
A comprehensive Change Management processes to keep track of creation and updates to CI’s
Integration of Incident & Problem management data with impacted CI’s leveraging ITSM Workflow tools like BMC, HP or Service Now. These processes and tools in turn help organizations better understand the IT environment by providing insight into not only the impact of incidents, problems and changes, but also financial resources, service availability and capacity
management. The CMDB presents a logical model of the enterprise infrastructure to give IT more control over the environment and to facilitate decision-making. There are multiple challenges of establishing a CMDB system for Cloud
resources:
The inherent dynamic nature of cloud resource provisioning, where resources can be created or terminated through predefined
business policies or application architecture elements like auto scaling makes tracking CI’s difficult
Page 14 of 19
Due to a prevalence of Shadow IT organization(s), Information sharing and even manual consolidation of the enterprise IT assets and CI’s is not always achievable
AWS Config: The Configuration
Management Inventory for the Cloud
Resources
While these challenges do exist, with the introduction of AWS Config, Customers have a significant opportunity to meet their needs of managing their
Configuration Items on Cloud. This is enabled by the significant functionalities offered by AWS Config that allows users to track resources that they are
consuming on their AWS accounts and hence help manage them as per their Configuration management processes.
AWS Config provides a detailed view of the configuration of AWS resources in a particular AWS account. With AWS Config we can do the following:
Get a snapshot of all the supported resources associated with an AWS account at any point in time.
Retrieve configurations of one or more resources that exist.
Retrieve historical configurations of one or more resources.
Receive a notification whenever a resource is created, modified, or deleted.
View relationships between resources.
Page 15 of 19
Page 16 of 19
While the decision to select the right option rests with the customers themselves, the capabilities and functionalities available through AWS Config have
significantly helped in meeting one of the most critical needs of the Service Management framework that exists in the enterprises today and was not previously available in the cloud environment.
As an example of the potential for integration with legacy systems, IT Service Management tool provider Service Now has integrated with AWS Config functionality and Service Now users can leverage the Option 1 method recommended above.
One of the goals of Service Asset & Configuration Management is to manage the entire CI lifecycle and track and record all changes. One of the key aspects of Cloud is a much tighter integration of the Software and Infrastructure
configuration lifecycles. In this section we cover various aspects of configuration lifecycle management across instance, stacks and environments:
Instance Creation Templates: Every IT organization has its own security and compliance standards to be met for compute instances introduced into their IT environments. Amazon Machine Images (AMI’s) are a robust way of standardizing compute instance creation. Users can opt for AWS or 3rd party provided predefined AMI’s or can
Page 17 of 19
compute provisioning is the ability to define server configuration and environmental add-ins in a predefined and programmatic manner. A typical custom AMI may prescribe the base OS version with its associated security hardening configurations as per the organization policies. These AMI’s become the default standardized compute images that IT organizations use across their environment. Using AMI’s helps in managing the compute environments in an effective manner as it ensures that any new compute instance provisioned follows the IT organization best practices and ensures that the lifecycle management of compute instances is also easy since there is an audit trail of all AMI’s used and whenever changes are made to the base AMI’s a subsequent upgrade process can also be initiated on all compute instances that exist in the environment that had leveraged the base AMI.
Instance Lifecycle Management: For every compute instance created in an IT environment, there are multiple lifecycle management activities that need to be performed. Some of the standard tasks are patch management, hardening policies, version upgrades, environment related variable changes etc. Typically these activities are either performed manually or most IT organizations today have robust configuration management tools like Chef, Puppet, and System Center Configuration Manager etc. which perform these tasks. AWS allows easy integration with these industry standard tools to ensure a consistent enterprise configuration management approach. AWS Config also allows IT administrators to track Configuration change history and ensure that there is an overall governance to IT
configuration changes in the environment. As part of Compute instance lifecycle management IT organizations can also ensure standardization by ensuring that it establishes a library of valid AMI’. Whenever the configurations of actual compute instances in the IT environment are not in sync with the standards, it is easier to upgrade them to
standardized AMI’s that have already gone through IT organization certification process.
Environment Provisioning Templates: Whenever there is a need for provisioning end to end environments also referred to as “Stacks” in a consistent and repeatable fashion, without needing to actually
Page 18 of 19
for provisioning AWS services or the subtleties of making those dependencies work. CloudFormation takes care of this for you. A template can be used repeatedly to create identical copies of the same stack without effort or errors. Templates are simple JSON-formatted text files that can be held securely leveraging your current source control mechanisms. AWS provides a wealth of standard
CloudFormation templates that can be used to kick-start the process here. The benefits of standardization of environment provisioning in form of CloudFormation templates is that IT organizations can create a “Service Catalog” of most important environments that are repeatedly used by IT consumers and offer them on-demand. Some of the
examples of such service catalog items that are repeatedly required by IT are:
o LAMP stack for Developers
o Ruby-on-rails stack for Developers o MS Sharepoint stack for departments
o Test environment creation for in Production Applications CloudFormation templates not only simplifies the process of ongoing
provisioning of the most used environments but also ensures that the IT security policies and standards are complied to in each of these provisioned environments without needing to manually enforce the same.
Conclusion
Service Asset & Configuration management processes consist of critical activities that are responsible for proper provisioning and ongoing health of IT systems deployed to meet business requirements. Consistent management of
configuration items through their lifecycle leads to efficient and effective system health and performance.
AWS enables best practices across every level of resource in an application stack. Due to the tools, automations and integration available on the AWS platform as highlighted in this whitepaper, IT organizations can achieve significant
productivity gains. Successful implementation and execution of Service Asset & Configuration management processes should be seen as a “Shared
Page 19 of 19
Contributors
Anindo Sengupta: Chief Delivery Officer, Minjar Cloud Solutions.
Darren Thayre: Platform, Strategy and Transformation, AWS ProServ Eric Tachibana: Platform, Strategy and Transformation, AWS ProServ
Notes
ITIL Service Operation Publication, AXELOS, 2007, Page 5
