What’s Behind Door Number One: How OCIO is Improving Asset and Configuration Management

How often do you organize your closets? Cupboards? Drawers? If you’re like me, you make the effort about once a year. And, if you’re like me, the neat-as-a-pin, hard-won results only last a few months.

If you’ve experienced this fleeting state of perfect organization, and its subsequent demise, then you have an idea of why we need SACM and why it’s an ongoing process rather than once-and-done.

SACM stands for Service Asset and Configuration Management, and the Office of the Chief Information Officer (OCIO) has spent the past couple years working through the process. Specifically, we’ve cataloged what is on each of our servers, how each one is supported, and what interrelationships it has with other applications and services. The key deliverable of this work is a configuration management database (CMDB) that stores all of this information for easy retrieval and updates.

The process and CMDB helps us answer critical service and security questions:

• What services are impacted if a server is compromised, degraded or completely out of commission? Are there services impacted downstream, even though they are not on this server? How do those dependencies affect the disaster recovery plan?­
• Are the servers being managed appropriately from both an operational and risk perspective and are we compliant with university requirements?
• How much are we billing for the devices we support and who is being charged?

Data, applications and configurations continually change for various reasons, like improving security, adding new features or updating outdated functions. That’s why SACM is an ongoing process and the CMDB is a living entity. We continually reassess what we know about the devices we support and catalog anything that has been changed.

To date, we’ve cataloged infrastructure components, such as servers, network equipment, and client computers and we continue to operationalize and improve the SACM process for servers and related devices.

The latest addition to the SACM process is Business Applications, which multiple users employ on a daily basis to do the critical administrative tasks that keep the university running smoothly.

Business Applications include tools like PeopleSoft, WorkDay, eTravel, eTimesheet and so on. These applications allow us to perform nearly every business function at the university like buying and paying for supplies and services, running payroll, scheduling classes and applying for financial aid.  Similar to our work with servers, we will catalog what components are involved in each of our applications, how each component is configured and what interrelationships it has with other components and services. Next we’ll focus our efforts on software asset management.

We’ve been working on SACM for over two years. We’ve made mistakes and learned lessons that have helped us create effective processes, become more efficient, and just in general get better at the work that needs to be done. We will continue to implement best practices and improve our processes to reduce risk and impact to customers of our services.

For more information or if you would like to learn more about this process so you can apply the lessons we have learned to similar projects within your business unit, contact SACM Process Owner Jason Kruder by email or by phone at 614-292-3087.