AWS_asset_configuration_management_whitepaper

ITIL Asset and Configuration

Management in the Cloud An AWS Cloud Adoption Framework Addendum

September 2015

A Joint Whitepaper with Minjar Cloud Solutions

ITIL Asset and Configuration Management in the Cloud September 2015

Page 2 of 19

© 2015, Amazon Web Services, Inc. or its affiliates. All rights reserved.

Notices This document is provided for informational purposes only. It represents AWS’s

current product offerings and practices as of the date of issue of this document,

which are subject to change without notice. Customers are responsible for

making their own independent assessment of the information in this document

and any use of AWS’s products or services, each of which is provided “as is”

without warranty of any kind, whether express or implied. This document does

not create any warranties, representations, contractual commitments, conditions

or assurances from AWS, its affiliates, suppliers or licensors. The responsibilities

and liabilities of AWS to its customers are controlled by AWS agreements, and

this document is not part of, nor does it modify, any agreement between AWS

and its customers.


Page 3 of 19

Contents Contents .................................................................................................................... 3

Abstract ..................................................................................................................... 3

Introduction ..............................................................................................................4

What is ITIL? .................................................................................................................. 4

What is the AWS Cloud Adoption Framework? ............................................................. 5

Asset and Configuration Management in ITIL ........................................................ 7

Value to business of asset and configuration management .................................... 8

Impact of Asset & Configuration Management Processes on Financial

Management ............................................................................................................ 9

Best Practice for Asset and Configuration Management ....................................... 10

Challenges of Establishing CMDB for a Cloud deployment of IT .......................... 13

AWS Config: The Configuration Management Inventory for the Cloud Resources

................................................................................................................................. 14

Conclusion .............................................................................................................. 18

Contributors ............................................................................................................ 19

Notes ....................................................................................................................... 19

Abstract Many enterprises have successfully migrated some of their on-premises IT

workloads to the cloud. An enterprise must also deploy an IT Service

Management (ITSM) framework so it can efficiently and effectively operate those

IT capabilities. This whitepaper outlines best practices for asset and

configuration management in a hybrid cloud environment using Amazon Web

Services (AWS).


Page 4 of 19

Introduction This whitepaper is for IT Service Management (ITSM) professionals who support

a hybrid cloud environment that uses AWS., The focus is on Asset and

Configuration Management, a core chapter of the Service Transition volume of

the IT Infrastructure Library (ITIL). Many AWS enterprise customers have

successfully integrated their cloud strategy with their ITIL-based IT service

management practices. This whitepaper provides you with background in the

following areas:

Asset and Configuration Management in ITIL

The AWS Cloud Adoption Framework

Cloud-Specific Asset and Configuration Management Best Practices

What is ITIL? The IT Infrastructure Library (ITIL) Framework managed by AXELOS Limited,

defines a commonly-used, best-practice approach to IT Service Management

(ITSM). Building upon ISO/IEC 20000, which provides a, “formal and universal

standard for organizations seeking to have their ITSM capabilities audited and

certified”1, the ITIL Framework goes one step further to propose operational

processes required to deliver the standard.

At its core, ITIL is composed of 5 volumes that describe the entire ITSM lifecycle

as defined by AXELOS:

ITIL Volume Description

Service Strategy Describes how to design, develop and implement service

management as a strategic asset

Service Design Describes how to design and develop services and service

management processes


Page 5 of 19

ITIL Volume Description

Service Transition Describes the development and improvement of capabilities for

transitioning new and changed services into operations

Service Operation Embodies practices in the management of service operation

Continual Service Improvement Guidance in creating and maintaining value for customers

Each volume addresses the capabilities that enterprises must have in place. The

details underlying the 5 ITIL volumes is beyond the scope of this whitepaper, but

if you would like more details, you can find them at the following URL:

https://www.axelos.com/

What is the AWS Cloud Adoption Framework? The Cloud Adoption Framework (CAF) is used by AWS to help enterprises

modernize their ITSM practices so that they can take advantage of the agility,

security, and cost benefits afforded by the cloud.

Like ITIL, the CAF organizes and describes the activities and processes involved

in planning, creating, managing, and supporting a modern IT service. The CAF

offers comprehensive guidelines for establishing, developing, and running cloud-

based IT capabilities.

ITIL and the CAF are compatible. In fact, the CAF provides enterprises with

practical operational advice for how to implement and operate ITSM in a cloud-

based IT infrastructure.

The details of the AWS CAF are beyond the scope of this whitepaper, but if you

would like to learn more, you can read the CAF whitepaper at

http://d0.awsstatic.com/whitepapers/aws_cloud_adoption_framework.pdf.

The CAF examines IT management in the cloud from seven core perspectives, as

shown in the following table:

https://www.axelos.com/


Page 6 of 19

CAF Perspective Description

People Selecting and training IT personnel with appropriate skills, defining and

empowering delivery teams with accountabilities and service level agreements

Process Managing programs and projects to be on time, on target, and within budget, while

keeping risks at acceptable levels

Security Applying a comprehensive and rigorous method of describing a structure and

behavior for an organization’s security processes, systems and personnel

Strategy & Value Identifying, analyzing, and measuring the effectiveness of IT investments that

generate the most optimal business value

Maturity Analyzing, defining, and anticipating demand for and acceptance of envisioned IT

capabilities and services

Platform Defining and describing core architectural principles, standards, and patterns that

are required for optimal IT capabilities and services

Operation Transitioning, operating, and optimizing the hybrid IT environment, enabling

efficient and automated IT service management

As with most specifications covered in the Service Transition Volume of ITIL,

Asset and Configuration Management falls nicely into the Cloud Service

Management function of the AWS CAF Operating Perspective.

Of course, Cloud initiatives require more than just the right technology. They

also must be supported by organizational changes such as people and process

change. Such changes should be supported by a Cloud Governance Forum or

Center of Excellence, with the role to manage through transition using the AWS

CAF. From the perspective of ITSM, your operations should certainly have a seat

at the table.

This allows the approach to be flexible and cater for a more relevant model,

interacting with existent solutions to manage the full ITSM landscape.

In 2015 AWS will release its Cloud Adoption Methodology (AWS CAM), which

offers practical guidance and comprehensive guidelines for establishing,

developing, and running cloud-based IT capabilities.


Page 7 of 19

ITIL and the AWS CAM are compatible. In fact, the AWS CAM is a needed

supplement for almost all Enterprise ITSM frameworks used today, because it

provides enterprises with practical operational advice for how to implement and

operate ITSM in a cloud-based IT infrastructure.

Asset and Configuration Management in

ITIL The ITIL specifications define an asset as, “any resource or capability that could contribute to the delivery of a service.” Examples of assets include virtual/physical storage, virtual/physical servers, a software license, or even some knowledge in the head of a senior manager.

ITIL defines configuration items as, “an asset that needs to be managed in order to deliver an IT service.” All configuration items are assets, but many assets are not configuration items. Examples of configuration items include a virtual/physical server or a software license. Every configuration item should be under the control of change management.

The goals of asset and configuration management are to:

Support many of the ITIL processes by providing accurate configuration information to assist decision making, e.g. the authorization of changes, the planning of releases, and to help resolve incidents and problems faster

Minimize the number of quality and compliance issues caused by incorrect or inaccurate configuration of services and assets

To define and control the components of services and infrastructure and maintain accurate configuration information on the historical, planned and current state of the services and infrastructure


Page 8 of 19

Value to business of asset and configuration

management

Optimization of the performance of assets improves the overall service performance, optimizes the costs, and mitigates risks caused by poorly managed assets, e.g. service outages, correct license fees and failed audits. Asset and Configuration Management provides visibility of accurate representation of a service, release, or environment that enables:

Better planning of changes and releases

Improved Incident and problem resolution

Delivery of Service levels and warranties

Better adherence to standards, legal and regulatory obligations (less non-conformances)

Changes to be traceable

The ability to identify the costs for a service In practice, Asset and Configuration Management aligns very closely to other ITIL processes such as Incident Management, Change Management, Problem Management, or Service-Level Management. AXELOS provides the following diagram as an example of the relationship between change management and Asset and Configuration Management.


Page 9 of 19

AXELOS makes several observations that are relevant here. First, there are numerous elements within Asset and Configuration Management that directly relate to individual elements within change management. What becomes evident in the diagram is that Asset and Configuration Management underpins change management, and without it, the business is subjected to increased risk and uncertainty. The same inter-dependency with Asset and Configuration Management applies to many other areas within ITIL.

Impact of Asset & Configuration

Management Processes on Financial

Management One of the key aspects of asset management is to ensure it feeds relevant asset data to financial management processes. This is required for:

Capitalization and depreciation

Software License management

Other compliance requirements

These requirements typically require comprehensive Asset Lifecycle Management processes, which take significant cost and effort. One of the benefits of moving IT


Page 10 of 19

to the Cloud is the financial nature of the transaction moves from Capex to Opex, and hence some of the financial asset management norms may not be required.

Best Practice for Asset and Configuration

Management

An effective cloud asset and configuration management practice would include

concepts like the following:

How will your organization manage server images (AMIs)? Server images

must be periodically updated with patches and software updates. AWS

provides a number of tools that can be incorporated in your organization’s

image management processes to assist in the creation and management of

AWS images. For example to help you manage your instances, images and

other EC2 resources, you can assign your own metadata to each resource

in the form of tags.

Will instances be automatically configured at launch or manually

configured later? Automating instance configuration on boot, by passing

user-data to the instance on boot or embedding change and configuration

management agents in a server image, allows instances and applications to

take advantage of instance meta-data, cloud automation, scaling, and

high-availability capabilities.

How will OS credentials be instrumented and controlled when instances

are launched or terminated? Typically, organizations preconfigure their

server images to automatically connect and register with corporate LDAP

or Active Directory domains when they are launched to provide centralized

OS credentials management and control.

http://docs.aws.amazon.com/AWSEC2/latest/UserGuide/Using_Tags.html


Page 11 of 19

How will patches and upgrades be applied? Organizations take different

patch and upgrade management approaches depending on their

application’s characteristics and requirements. Updates can be applied to

existing instances using traditional software deployment tools or by

replacing outdated software running on older instances with newer,

patched, and upgraded server images.

Will applications be managed as homogeneous fleets? Managing

applications as homogeneous fleets allows infrastructure to be dynamically

and automatically provisioned or released based on predictable utilization

patterns.

How will your organization manage changes to OS hardening baselines,

configure security groups or OS firewalls, and monitor their instances for

intrusions or unauthorized changes? Most organizations already have

existing internal IT change and configuration management processes

One of the biggest challenges of IT asset and configuration management is

centralizing and controlling the lifecycle of each asset.

Once an inventory is established and configuration information is compiled, the

practices set out below can result in cost-saving opportunities, as well as service

continuity and user experience improvements.

Ensure senior management alignment:

The topic goes beyond stakeholders in IT operations, IT asset and configuration

management impacts contracting, sourcing, finance and compliance. As each

department is involved in specific elements of the IT asset and configuration

management lifecycle, defining cross-departmental processes early on helps to

alleviate pain.


Page 12 of 19

Set measurable financial and operational goals:

Most IT organizations implement IT asset and configuration management to gain

measurable results in three areas: service level improvement, cost control and

risk mitigation. Financial and operational goals can be established to show

measurable progress, using metrics around service quality levels, IT budget

impact and compliance activity.

Internal audits:

At regular intervals review asset and configuration management practices, to

ensure processes are supported by automation wherever as possible. Document

these processes, so that you can show proactive resource control in the event of

an audit.

Establish frequent reviews of software usage:

Set standards for the duration an application remains unused before recalling it.

There will typically be different thresholds for different types of applications. As

an example, you might set a four-month usage threshold for Autocad or a five-

week threshold for an ERP client application.

Standardize on software license titles and hardware configurations:

Establishing standard practices means selecting fewer software titles and

hardware configurations, which enables increased volume sourcing leverage and

also lowers the pressure on the service desk.

More details on best practice can be found here.

https://media.amazonwebservices.com/AWS_Operational_Checklists.pdf


Page 13 of 19

Challenges of Establishing CMDB for a

Cloud deployment of IT A Configuration Management Database (CMDB) provides the system of record

for IT to track and manage its resources. A CMDB contains the following at a

minimum:

Configuration Item ( CI ) records with all associated attributes

captured

A relationship model between different CI’s

A history of all Service Impacts in form of Incident, Change,

Problems

In a traditional IT setup the goals of establishing a CMDB are met through the

process of:

Discovery and recording of existing CI’s leveraging certain tools

A comprehensive Change Management processes to keep track of

creation and updates to CI’s

Integration of Incident & Problem management data with impacted

CI’s leveraging ITSM Workflow tools like BMC, HP or Service Now.

These processes and tools in turn help organizations better understand the IT

environment by providing insight into not only the impact of incidents, problems

and changes, but also financial resources, service availability and capacity

management. The CMDB presents a logical model of the enterprise infrastructure

to give IT more control over the environment and to facilitate decision-making.

There are multiple challenges of establishing a CMDB system for Cloud

resources:

The inherent dynamic nature of cloud resource provisioning, where

resources can be created or terminated through predefined

business policies or application architecture elements like auto

scaling makes tracking CI’s difficult

Capturing Cloud resources CI’s data in a format that can be

imported into traditional In-house CMDB’s to maintain a single

system of record for all enterprise CI’s is extremely challenging


Page 14 of 19

Due to a prevalence of Shadow IT organization(s), Information

sharing and even manual consolidation of the enterprise IT assets

and CI’s is not always achievable

AWS Config: The Configuration

Management Inventory for the Cloud

Resources While these challenges do exist, with the introduction of AWS Config, Customers

have a significant opportunity to meet their needs of managing their

Configuration Items on Cloud. This is enabled by the significant functionalities

offered by AWS Config that allows users to track resources that they are

consuming on their AWS accounts and hence help manage them as per their

Configuration management processes.

AWS Config provides a detailed view of the configuration of AWS resources in a particular AWS account. With AWS Config we can do the following:

Get a snapshot of all the supported resources associated with an AWS account at any point in time.

Retrieve configurations of one or more resources that exist.

Retrieve historical configurations of one or more resources.

Receive a notification whenever a resource is created, modified, or deleted.

View relationships between resources. These resources are typically the lowest level of the components that make up the overall system architecture and meet the requirement of the useful CI’s that IT organizations need to track and monitor system performance. AWS Config supports the following resources:


Page 15 of 19

This wealth of information is hugely beneficial to any IT organization in CI discovery and recording, Change tracking, Audit & Compliance & Security Incident Analysis. Customers that access this important information set directly on the AWS console or programmatically extract that information into their existing CMDB’s. There are two logical approaches that customers can take to meet their CMDB requirements.


Page 16 of 19

While the decision to select the right option rests with the customers themselves, the capabilities and functionalities available through AWS Config have significantly helped in meeting one of the most critical needs of the Service Management framework that exists in the enterprises today and was not previously available in the cloud environment.

As an example of the potential for integration with legacy systems, IT Service Management tool provider Service Now has integrated with AWS Config functionality and Service Now users can leverage the Option 1 method recommended above.

One of the goals of Service Asset & Configuration Management is to manage the

entire CI lifecycle and track and record all changes. One of the key aspects of

Cloud is a much tighter integration of the Software and Infrastructure

configuration lifecycles. In this section we cover various aspects of configuration

lifecycle management across instance, stacks and environments:

Instance Creation Templates: Every IT organization has its own

security and compliance standards to be met for compute instances

introduced into their IT environments. Amazon Machine Images

(AMI’s) are a robust way of standardizing compute instance creation.

Users can opt for AWS or 3rd party provided predefined AMI’s or can

define custom AMI’s. The benefit of creating AMI templates for


Page 17 of 19

compute provisioning is the ability to define server configuration and

environmental add-ins in a predefined and programmatic manner. A

typical custom AMI may prescribe the base OS version with its

associated security hardening configurations as per the organization

policies. These AMI’s become the default standardized compute images

that IT organizations use across their environment. Using AMI’s helps

in managing the compute environments in an effective manner as it

ensures that any new compute instance provisioned follows the IT

organization best practices and ensures that the lifecycle management

of compute instances is also easy since there is an audit trail of all

AMI’s used and whenever changes are made to the base AMI’s a

subsequent upgrade process can also be initiated on all compute

instances that exist in the environment that had leveraged the base

AMI.

Instance Lifecycle Management: For every compute instance created in

an IT environment, there are multiple lifecycle management activities

that need to be performed. Some of the standard tasks are patch

management, hardening policies, version upgrades, environment

related variable changes etc. Typically these activities are either

performed manually or most IT organizations today have robust

configuration management tools like Chef, Puppet, and System Center

Configuration Manager etc. which perform these tasks. AWS allows

easy integration with these industry standard tools to ensure a

consistent enterprise configuration management approach. AWS

Config also allows IT administrators to track Configuration change

history and ensure that there is an overall governance to IT

configuration changes in the environment. As part of Compute instance

lifecycle management IT organizations can also ensure standardization

by ensuring that it establishes a library of valid AMI’. Whenever the

configurations of actual compute instances in the IT environment are

not in sync with the standards, it is easier to upgrade them to

standardized AMI’s that have already gone through IT organization

certification process.

Environment Provisioning Templates: Whenever there is a need for

provisioning end to end environments also referred to as “Stacks” in a

consistent and repeatable fashion, without needing to actually

provision each component individually, AWS CloudFormation is a very

useful tool to meet that objective. You don’t need to figure out the order


Page 18 of 19

for provisioning AWS services or the subtleties of making those

dependencies work. CloudFormation takes care of this for you. A

template can be used repeatedly to create identical copies of the same

stack without effort or errors. Templates are simple JSON-formatted

text files that can be held securely leveraging your current source

control mechanisms. AWS provides a wealth of standard

CloudFormation templates that can be used to kick-start the process

here. The benefits of standardization of environment provisioning in

form of CloudFormation templates is that IT organizations can create a

“Service Catalog” of most important environments that are repeatedly

used by IT consumers and offer them on-demand. Some of the

examples of such service catalog items that are repeatedly required by

IT are:

o LAMP stack for Developers

o Ruby-on-rails stack for Developers

o MS Sharepoint stack for departments

o Test environment creation for in Production Applications

CloudFormation templates not only simplifies the process of ongoing

provisioning of the most used environments but also ensures that the IT security

policies and standards are complied to in each of these provisioned environments

without needing to manually enforce the same.

Conclusion Service Asset & Configuration management processes consist of critical activities

that are responsible for proper provisioning and ongoing health of IT systems

deployed to meet business requirements. Consistent management of

configuration items through their lifecycle leads to efficient and effective system

health and performance.

AWS enables best practices across every level of resource in an application stack.

Due to the tools, automations and integration available on the AWS platform as

highlighted in this whitepaper, IT organizations can achieve significant

productivity gains. Successful implementation and execution of Service Asset &

Configuration management processes should be seen as a “Shared

Responsibility” that can be achieved through the right commitment by IT

organizations, enabled by the AWS platform.

http://aws.amazon.com/cloudformation/aws-cloudformation-templates/


Page 19 of 19

Contributors Anindo Sengupta: Chief Delivery Officer, Minjar Cloud Solutions.

Darren Thayre: Platform, Strategy and Transformation, AWS ProServ

Eric Tachibana: Platform, Strategy and Transformation, AWS ProServ

Notes ITIL Service Operation Publication, AXELOS, 2007, Page 5

All references to ITIL and its content are subject to Copyright © AXELOS Limited 2011. All rights reserved. Material is reproduced under license from AXELOS

AWS_asset_configuration_management_whitepaper

Documents