IT platforms face constant change, especially at the software level. Just as new functions are added to platforms via new apps and services, the capabilities of IT platforms regularly evolve through updates and patches.
Successfully handling these shifts requires a clear and efficient system for IT change management, or change enablement. An effective change management process can minimize or eliminate downtime while optimizing performance across an organization's IT environment.
Considerations for change management
Before implementing a change management process, organizations must understand what systems and tools they already have in place at a highly granular level. For IT environments, each instance of an app or service must be logged, including the type and layer of the OS on which it is installed, the hardware drivers it uses, and its storage allocation and type.
In an increasingly virtualized world, this type of cataloging is becoming harder to do. Automated systems move service instances from one part of a platform to another, new instances are spun up to meet organizational requirements over time, and old services need to be removed. Fortunately, a variety of tools are available to facilitate change management in complex virtualized environments.
What should a change management process include?
An effective change management process covers the following areas:
- Discovery. Organizations must build a baseline record of the existing IT environment and the operational envelope around resources.
- Dependency management. Most apps and services today depend, to some extent, on other components to operate successfully. Effective change management must account for these software dependencies to ensure changes are made with a full understanding of their effects on dependent services, including whether dependent services will adversely affect a new app or service.
- Prioritization. Not all changes are equal. A change management system understands this and ensures high-priority changes take precedence over less important ones.
- Risk assessment. All changes involve some amount of risk. An effective change management process should involve creating a report that covers possible risks, which IT admins can then use to determine a change's priority level.
- Policy creation. Policies must drive all changes. Most systems come with a comprehensive set of policies out of the box, but they should also include the capability to add specific policies that fit an organization's needs. Visual systems that enable IT teams to build policies without the need for scripting make life easier for all involved.
- Change monitoring. IT change management systems should maintain a live view of automated changes across the platform -- for example, applying additional resources and spinning up new instances. It's also important to include manual changes, such as those made by developers or IT admins outside controlled environments.
- Managed provisioning. Change management tools should integrate with existing DevOps systems to monitor and manage changes that development makes to the operational environment. Change and release management must work together to ensure smooth operations.
- Testing. DevOps tools should provide a full testing environment. However, when it comes to change management, organizations must either ensure the change management system takes ownership of testing or incorporate a testing environment into the system to eliminate confusion about what was done during testing.
- Remediation. The change management process should include the capability to revert to a known position if a change causes problems.
- Intelligence. The change management system must be able to understand a change's effects on the overall platform -- whether beneficial, net zero or negative -- so that IT teams can respond accordingly.
- Reporting. IT teams need insight into changes -- both in real time so that admins can take any steps required, and historically to show trends such as memory leaks or decreasing performance. Change management should also integrate into help desk and DevOps reporting systems to initiate trouble tickets as required.
- Full auditing. Change management systems need to enable IT teams to conduct forensic investigations across a platform to identify the root cause of any problem and determine whether malicious activity -- inside or outside the organization -- is the cause.
Tools for effective change management
Change management processes are put in place to ensure an organization's IT platform provides optimal availability and performance. Choosing the right tools can make change management much easier. Examples of ITIL-based tools for change management include ServiceNow, Atlassian's Jira and SolarWinds' IT Change Management.
Changes have different priority levels that tools and processes must take into account. ITIL defines three levels of changes:
- Standard. These changes are low risk, commonly repeated, preapproved and well understood. Organizations can regard resource changes to an app or service that is running normally as standard.
- Normal. A normal change is a nonemergency change that does not have a preapproved process for application. Most updates to existing software fall under the category of normal changes. Although these changes might not have a fully approved rollout process, they are relatively low risk and follow a process that is generally well understood.
- Emergency. These changes are required due to unexpected errors or failures within the IT platform.
Many systems come with a set of predefined change types in which these levels are already applied. However, organizations should still take the time to decide where change types fit into these levels and create rules to ensure each change is handled accordingly.