1. ITIL Asset and Configuration
Management in the Cloud
An AWS Cloud Adoption Framework Addendum
September 2015
A Joint Whitepaper with Minjar Cloud Solutions
3. ITIL Asset and Configuration Management in the Cloud September 2015
Page 3 of 19
Contents
Contents....................................................................................................................3
Abstract.....................................................................................................................3
Introduction..............................................................................................................4
What is ITIL? .................................................................................................................. 4
What is the AWS Cloud Adoption Framework? ............................................................. 5
Asset and Configuration Management in ITIL ........................................................7
Value to business of asset and configuration management.................................... 8
Impact of Asset & Configuration Management Processes on Financial
Management ............................................................................................................ 9
Best Practice for Asset and Configuration Management .......................................10
Challenges of Establishing CMDB for a Cloud deployment of IT..........................13
AWS Config: The Configuration Management Inventory for the Cloud Resources
.................................................................................................................................14
Conclusion ..............................................................................................................18
Contributors............................................................................................................19
Notes .......................................................................................................................19
Abstract
Many enterprises have successfully migrated some of their on-premises IT
workloads to the cloud. An enterprise must also deploy an IT Service
Management (ITSM) framework so it can efficiently and effectively operate those
IT capabilities. This whitepaper outlines best practices for asset and
configuration management in a hybrid cloud environment using Amazon Web
Services (AWS).
4. ITIL Asset and Configuration Management in the Cloud September 2015
Page 4 of 19
Introduction
This whitepaper is for IT Service Management (ITSM) professionals who support
a hybrid cloud environment that uses AWS., The focus is on Asset and
Configuration Management, a core chapter of the Service Transition volume of
the IT Infrastructure Library (ITIL). Many AWS enterprise customers have
successfully integrated their cloud strategy with their ITIL-based IT service
management practices. This whitepaper provides you with background in the
following areas:
Asset and Configuration Management in ITIL
The AWS Cloud Adoption Framework
Cloud-Specific Asset and Configuration Management Best Practices
What is ITIL?
The IT Infrastructure Library (ITIL) Framework managed by AXELOS Limited,
defines a commonly-used, best-practice approach to IT Service Management
(ITSM). Building upon ISO/IEC 20000, which provides a, “formal and universal
standard for organizations seeking to have their ITSM capabilities audited and
certified”1, the ITIL Framework goes one step further to propose operational
processes required to deliver the standard.
At its core, ITIL is composed of 5 volumes that describe the entire ITSM lifecycle
as defined by AXELOS:
ITIL Volume Description
Service Strategy Describes how to design, develop and implement service
management as a strategic asset
Service Design Describes how to design and develop services and service
management processes
5. ITIL Asset and Configuration Management in the Cloud September 2015
Page 5 of 19
ITIL Volume Description
Service Transition Describes the development and improvement of capabilities for
transitioning new and changed services into operations
Service Operation Embodies practices in the management of service operation
Continual Service Improvement Guidance in creating and maintaining value for customers
Each volume addresses the capabilities that enterprises must have in place. The
details underlying the 5 ITIL volumes is beyond the scope of this whitepaper, but
if you would like more details, you can find them at the following URL:
https://www.axelos.com/
What is the AWS Cloud Adoption Framework?
The Cloud Adoption Framework (CAF) is used by AWS to help enterprises
modernize their ITSM practices so that they can take advantage of the agility,
security, and cost benefits afforded by the cloud.
Like ITIL, the CAF organizes and describes the activities and processes involved
in planning, creating, managing, and supporting a modern IT service. The CAF
offers comprehensive guidelines for establishing, developing, and running cloud-
based IT capabilities.
ITIL and the CAF are compatible. In fact, the CAF provides enterprises with
practical operational advice for how to implement and operate ITSM in a cloud-
based IT infrastructure.
The details of the AWS CAF are beyond the scope of this whitepaper, but if you
would like to learn more, you can read the CAF whitepaper at
http://d0.awsstatic.com/whitepapers/aws_cloud_adoption_framework.pdf.
The CAF examines IT management in the cloud from seven core perspectives, as
shown in the following table:
6. ITIL Asset and Configuration Management in the Cloud September 2015
Page 6 of 19
CAF Perspective Description
People Selecting and training IT personnel with appropriate skills, defining and
empowering delivery teams with accountabilities and service level agreements
Process Managing programs and projects to be on time, on target, and within budget, while
keeping risks at acceptable levels
Security Applying a comprehensive and rigorous method of describing a structure and
behavior for an organization’s security processes, systems and personnel
Strategy & Value Identifying, analyzing, and measuring the effectiveness of IT investments that
generate the most optimal business value
Maturity Analyzing, defining, and anticipating demand for and acceptance of envisioned IT
capabilities and services
Platform Defining and describing core architectural principles, standards, and patterns that
are required for optimal IT capabilities and services
Operation Transitioning, operating, and optimizing the hybrid IT environment, enabling
efficient and automated IT service management
As with most specifications covered in the Service Transition Volume of ITIL,
Asset and Configuration Management falls nicely into the Cloud Service
Management function of the AWS CAF Operating Perspective.
Of course, Cloud initiatives require more than just the right technology. They
also must be supported by organizational changes such as people and process
change. Such changes should be supported by a Cloud Governance Forum or
Center of Excellence, with the role to manage through transition using the AWS
CAF. From the perspective of ITSM, your operations should certainly have a seat
at the table.
This allows the approach to be flexible and cater for a more relevant model,
interacting with existent solutions to manage the full ITSM landscape.
In 2015 AWS will release its Cloud Adoption Methodology (AWS CAM), which
offers practical guidance and comprehensive guidelines for establishing,
developing, and running cloud-based IT capabilities.
7. ITIL Asset and Configuration Management in the Cloud September 2015
Page 7 of 19
ITIL and the AWS CAM are compatible. In fact, the AWS CAM is a needed
supplement for almost all Enterprise ITSM frameworks used today, because it
provides enterprises with practical operational advice for how to implement and
operate ITSM in a cloud-based IT infrastructure.
Asset and Configuration Management in
ITIL
The ITIL specifications define an asset as, “any resource or capability that could
contribute to the delivery of a service.” Examples of assets include
virtual/physical storage, virtual/physical servers, a software license, or even some
knowledge in the head of a senior manager.
ITIL defines configuration items as, “an asset that needs to be managed in order
to deliver an IT service.” All configuration items are assets, but many assets are
not configuration items. Examples of configuration items include a
virtual/physical server or a software license. Every configuration item should be
under the control of change management.
The goals of asset and configuration management are to:
Support many of the ITIL processes by providing accurate
configuration information to assist decision making, e.g. the
authorization of changes, the planning of releases, and to help
resolve incidents and problems faster
Minimize the number of quality and compliance issues caused by
incorrect or inaccurate configuration of services and assets
To define and control the components of services and infrastructure
and maintain accurate configuration information on the historical,
planned and current state of the services and infrastructure
8. ITIL Asset and Configuration Management in the Cloud September 2015
Page 8 of 19
Value to business of asset and configuration
management
Optimization of the performance of assets improves the overall service
performance, optimizes the costs, and mitigates risks caused by poorly managed
assets, e.g. service outages, correct license fees and failed audits.
Asset and Configuration Management provides visibility of accurate
representation of a service, release, or environment that enables:
Better planning of changes and releases
Improved Incident and problem resolution
Delivery of Service levels and warranties
Better adherence to standards, legal and regulatory obligations (less
non-conformances)
Changes to be traceable
The ability to identify the costs for a service
In practice, Asset and Configuration Management aligns very closely to other
ITIL processes such as Incident Management, Change Management, Problem
Management, or Service-Level Management.
AXELOS provides the following diagram as an example of the relationship
between change management and Asset and Configuration Management.
9. ITIL Asset and Configuration Management in the Cloud September 2015
Page 9 of 19
AXELOS makes several observations that are relevant here. First, there are
numerous elements within Asset and Configuration Management that directly
relate to individual elements within change management.
What becomes evident in the diagram is that Asset and Configuration
Management underpins change management, and without it, the business is
subjected to increased risk and uncertainty. The same inter-dependency with
Asset and Configuration Management applies to many other areas within ITIL.
Impact of Asset & Configuration
Management Processes on Financial
Management
One of the key aspects of asset management is to ensure it feeds relevant asset
data to financial management processes. This is required for:
Capitalization and depreciation
Software License management
Other compliance requirements
These requirements typically require comprehensive Asset Lifecycle Management
processes, which take significant cost and effort. One of the benefits of moving IT
10. ITIL Asset and Configuration Management in the Cloud September 2015
Page 10 of 19
to the Cloud is the financial nature of the transaction moves from Capex to Opex,
and hence some of the financial asset management norms may not be required.
Best Practice for Asset and Configuration
Management
An effective cloud asset and configuration management practice would include
concepts like the following:
How will your organization manage server images (AMIs)? Server images
must be periodically updated with patches and software updates. AWS
provides a number of tools that can be incorporated in your organization’s
image management processes to assist in the creation and management of
AWS images. For example to help you manage your instances, images and
other EC2 resources, you can assign your own metadata to each resource
in the form of tags.
Will instances be automatically configured at launch or manually
configured later? Automating instance configuration on boot, by passing
user-data to the instance on boot or embedding change and configuration
management agents in a server image, allows instances and applications to
take advantage of instance meta-data, cloud automation, scaling, and
high-availability capabilities.
How will OS credentials be instrumented and controlled when instances
are launched or terminated? Typically, organizations preconfigure their
server images to automatically connect and register with corporate LDAP
or Active Directory domains when they are launched to provide centralized
OS credentials management and control.
11. ITIL Asset and Configuration Management in the Cloud September 2015
Page 11 of 19
How will patches and upgrades be applied? Organizations take different
patch and upgrade management approaches depending on their
application’s characteristics and requirements. Updates can be applied to
existing instances using traditional software deployment tools or by
replacing outdated software running on older instances with newer,
patched, and upgraded server images.
Will applications be managed as homogeneous fleets? Managing
applications as homogeneous fleets allows infrastructure to be dynamically
and automatically provisioned or released based on predictable utilization
patterns.
How will your organization manage changes to OS hardening baselines,
configure security groups or OS firewalls, and monitor their instances for
intrusions or unauthorized changes? Most organizations already have
existing internal IT change and configuration management processes
One of the biggest challenges of IT asset and configuration management is
centralizing and controlling the lifecycle of each asset.
Once an inventory is established and configuration information is compiled, the
practices set out below can result in cost-saving opportunities, as well as service
continuity and user experience improvements.
Ensure senior management alignment:
The topic goes beyond stakeholders in IT operations, IT asset and configuration
management impacts contracting, sourcing, finance and compliance. As each
department is involved in specific elements of the IT asset and configuration
management lifecycle, defining cross-departmental processes early on helps to
alleviate pain.
12. ITIL Asset and Configuration Management in the Cloud September 2015
Page 12 of 19
Set measurable financial and operational goals:
Most IT organizations implement IT asset and configuration management to gain
measurable results in three areas: service level improvement, cost control and
risk mitigation. Financial and operational goals can be established to show
measurable progress, using metrics around service quality levels, IT budget
impact and compliance activity.
Internal audits:
At regular intervals review asset and configuration management practices, to
ensure processes are supported by automation wherever as possible. Document
these processes, so that you can show proactive resource control in the event of
an audit.
Establish frequent reviews of software usage:
Set standards for the duration an application remains unused before recalling it.
There will typically be different thresholds for different types of applications. As
an example, you might set a four-month usage threshold for Autocad or a five-
week threshold for an ERP client application.
Standardize on software license titles and hardware configurations:
Establishing standard practices means selecting fewer software titles and
hardware configurations, which enables increased volume sourcing leverage and
also lowers the pressure on the service desk.
More details on best practice can be found here.
13. ITIL Asset and Configuration Management in the Cloud September 2015
Page 13 of 19
Challenges of Establishing CMDB for a
Cloud deployment of IT
A Configuration Management Database (CMDB) provides the system of record
for IT to track and manage its resources. A CMDB contains the following at a
minimum:
Configuration Item ( CI ) records with all associated attributes
captured
A relationship model between different CI’s
A history of all Service Impacts in form of Incident, Change,
Problems
In a traditional IT setup the goals of establishing a CMDB are met through the
process of:
Discovery and recording of existing CI’s leveraging certain tools
A comprehensive Change Management processes to keep track of
creation and updates to CI’s
Integration of Incident & Problem management data with impacted
CI’s leveraging ITSM Workflow tools like BMC, HP or Service Now.
These processes and tools in turn help organizations better understand the IT
environment by providing insight into not only the impact of incidents, problems
and changes, but also financial resources, service availability and capacity
management. The CMDB presents a logical model of the enterprise infrastructure
to give IT more control over the environment and to facilitate decision-making.
There are multiple challenges of establishing a CMDB system for Cloud
resources:
The inherent dynamic nature of cloud resource provisioning, where
resources can be created or terminated through predefined
business policies or application architecture elements like auto
scaling makes tracking CI’s difficult
Capturing Cloud resources CI’s data in a format that can be
imported into traditional In-house CMDB’s to maintain a single
system of record for all enterprise CI’s is extremely challenging
14. ITIL Asset and Configuration Management in the Cloud September 2015
Page 14 of 19
Due to a prevalence of Shadow IT organization(s), Information
sharing and even manual consolidation of the enterprise IT assets
and CI’s is not always achievable
AWS Config: The Configuration
Management Inventory for the Cloud
Resources
While these challenges do exist, with the introduction of AWS Config, Customers
have a significant opportunity to meet their needs of managing their
Configuration Items on Cloud. This is enabled by the significant functionalities
offered by AWS Config that allows users to track resources that they are
consuming on their AWS accounts and hence help manage them as per their
Configuration management processes.
AWS Config provides a detailed view of the configuration of AWS resources in a
particular AWS account. With AWS Config we can do the following:
Get a snapshot of all the supported resources associated with an AWS
account at any point in time.
Retrieve configurations of one or more resources that exist.
Retrieve historical configurations of one or more resources.
Receive a notification whenever a resource is created, modified, or
deleted.
View relationships between resources.
These resources are typically the lowest level of the components that make up the
overall system architecture and meet the requirement of the useful CI’s that IT
organizations need to track and monitor system performance. AWS Config
supports the following resources:
15. ITIL Asset and Configuration Management in the Cloud September 2015
Page 15 of 19
This wealth of information is hugely beneficial to any IT organization in CI
discovery and recording, Change tracking, Audit & Compliance & Security
Incident Analysis. Customers that access this important information set directly
on the AWS console or programmatically extract that information into their
existing CMDB’s. There are two logical approaches that customers can take to
meet their CMDB requirements.
16. ITIL Asset and Configuration Management in the Cloud September 2015
Page 16 of 19
While the decision to select the right option rests with the customers themselves,
the capabilities and functionalities available through AWS Config have
significantly helped in meeting one of the most critical needs of the Service
Management framework that exists in the enterprises today and was not
previously available in the cloud environment.
As an example of the potential for integration with legacy systems, IT Service
Management tool provider Service Now has integrated with AWS Config
functionality and Service Now users can leverage the Option 1 method
recommended above.
One of the goals of Service Asset & Configuration Management is to manage the
entire CI lifecycle and track and record all changes. One of the key aspects of
Cloud is a much tighter integration of the Software and Infrastructure
configuration lifecycles. In this section we cover various aspects of configuration
lifecycle management across instance, stacks and environments:
Instance Creation Templates: Every IT organization has its own
security and compliance standards to be met for compute instances
introduced into their IT environments. Amazon Machine Images
(AMI’s) are a robust way of standardizing compute instance creation.
Users can opt for AWS or 3rd party provided predefined AMI’s or can
define custom AMI’s. The benefit of creating AMI templates for
17. ITIL Asset and Configuration Management in the Cloud September 2015
Page 17 of 19
compute provisioning is the ability to define server configuration and
environmental add-ins in a predefined and programmatic manner. A
typical custom AMI may prescribe the base OS version with its
associated security hardening configurations as per the organization
policies. These AMI’s become the default standardized compute images
that IT organizations use across their environment. Using AMI’s helps
in managing the compute environments in an effective manner as it
ensures that any new compute instance provisioned follows the IT
organization best practices and ensures that the lifecycle management
of compute instances is also easy since there is an audit trail of all
AMI’s used and whenever changes are made to the base AMI’s a
subsequent upgrade process can also be initiated on all compute
instances that exist in the environment that had leveraged the base
AMI.
Instance Lifecycle Management: For every compute instance created in
an IT environment, there are multiple lifecycle management activities
that need to be performed. Some of the standard tasks are patch
management, hardening policies, version upgrades, environment
related variable changes etc. Typically these activities are either
performed manually or most IT organizations today have robust
configuration management tools like Chef, Puppet, and System Center
Configuration Manager etc. which perform these tasks. AWS allows
easy integration with these industry standard tools to ensure a
consistent enterprise configuration management approach. AWS
Config also allows IT administrators to track Configuration change
history and ensure that there is an overall governance to IT
configuration changes in the environment. As part of Compute instance
lifecycle management IT organizations can also ensure standardization
by ensuring that it establishes a library of valid AMI’. Whenever the
configurations of actual compute instances in the IT environment are
not in sync with the standards, it is easier to upgrade them to
standardized AMI’s that have already gone through IT organization
certification process.
Environment Provisioning Templates: Whenever there is a need for
provisioning end to end environments also referred to as “Stacks” in a
consistent and repeatable fashion, without needing to actually
provision each component individually, AWS CloudFormation is a very
useful tool to meet that objective. You don’t need to figure out the order
18. ITIL Asset and Configuration Management in the Cloud September 2015
Page 18 of 19
for provisioning AWS services or the subtleties of making those
dependencies work. CloudFormation takes care of this for you. A
template can be used repeatedly to create identical copies of the same
stack without effort or errors. Templates are simple JSON-formatted
text files that can be held securely leveraging your current source
control mechanisms. AWS provides a wealth of standard
CloudFormation templates that can be used to kick-start the process
here. The benefits of standardization of environment provisioning in
form of CloudFormation templates is that IT organizations can create a
“Service Catalog” of most important environments that are repeatedly
used by IT consumers and offer them on-demand. Some of the
examples of such service catalog items that are repeatedly required by
IT are:
o LAMP stack for Developers
o Ruby-on-rails stack for Developers
o MS Sharepoint stack for departments
o Test environment creation for in Production Applications
CloudFormation templates not only simplifies the process of ongoing
provisioning of the most used environments but also ensures that the IT security
policies and standards are complied to in each of these provisioned environments
without needing to manually enforce the same.
Conclusion
Service Asset & Configuration management processes consist of critical activities
that are responsible for proper provisioning and ongoing health of IT systems
deployed to meet business requirements. Consistent management of
configuration items through their lifecycle leads to efficient and effective system
health and performance.
AWS enables best practices across every level of resource in an application stack.
Due to the tools, automations and integration available on the AWS platform as
highlighted in this whitepaper, IT organizations can achieve significant
productivity gains. Successful implementation and execution of Service Asset &
Configuration management processes should be seen as a “Shared
Responsibility” that can be achieved through the right commitment by IT
organizations, enabled by the AWS platform.