The bottom line
Change management is very complex, with potentially significant impacts in terms of availability, costs and data loss.
The supervision can validate a posteriori the correct application of a change, and identify the timestamps of the changes.
What is a change?
The information system is constantly changing, as a result of new projects, corrective actions and configuration modifications. The change management process is one of the most complex IT management processes to master, and potentially the one that most impacts the availability and performance of IT services, as well as the velocity of operations when it is out of control.
For example, a change in a firewall rule can lead to the inaccessibility of a Web application: it can easily be identified by IT Support, and users will notice it relatively quickly. But what about a change in a data exchange, occurring at the beginning of the month, whose impact is revealed at the end of the month, during an accounting closing? Beyond the correction, the data of the consuming application must be taken back, in a restricted time span. It is therefore not uncommon for another change to be made in a hurry, leading to other incidents...
Many actors are making changes, their volume is therefore very high, access to systems remains relatively open despite the security policies in place, action often precedes reflection, it is sometimes difficult to identify a change and the process to be applied: all this contributes to a lack of change management.
ITIL is a valuable aid, and proposes a method based on registration, prioritization, evaluation on the business and technical axes, planning, and implementation in a differentiated manner according to the preceding stages.
Key tools for managing change include the change registration database, the Configuration Management Database (CMDB), the schedule of changes.
The organization emphasizes sharing, collegiality, and at the same time establishes specific roles: change manager, functional or technical experts, user or business service representative, Change Control Board (CWB).
What about supervision?
Supervision is very useful to verify a posteriori the negative impacts of a change, whether a change management process is in place or not. Correlating the time stamp of an alert with that of a change greatly reduces the diagnosis time, and thus contributes to increasing the availability of services.
The monitoring perimeter must be relatively fine-tuned and adapted to the environments being monitored: monitoring of ports from the Internet, Windows services, Linux processes, monitoring of system or application logs, presence, size and/or age of files.
Depending on the technology, supervision can also alert of an access to a system and thus identify the time stamp of a potential change. It thus fully participates in the security management process.
Finally, the supervision must be up to date: a change modifies by nature the information system.
It is therefore mandatory to perform the following actions at the end of the changeover:
#1 - inform the actors of the potential impacts on the use of the service: the users, the Service Centre.
#2 - update the repository, i.e. the CMDB
#3 - update the supervision
Want to know more about ServiceNav supervision? Contact us !