Network Computing is part of the Informa Tech Division of Informa PLC

This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them. Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.

Special Issue: IT Automation: Server Configuration Management: Page 4 of 14

Managers should get buy-in from server administrators when planning and deploying an SCM system, which admins may regard as a threat to their "creativity" in "fixing" server problems. Passive--or active--resistance to new tools can undermine the effectiveness of the system. Also, off-the-shelf tools from an SCM system may require customization to address specific needs, which may help spur acceptance of the new system by IT staff.

Step By Step

A successful SCM rollout doesn't start when you fire up agents. Before going live you'll spend significant time with pen and paper identifying standards, processes and requirements for the SCM system. You'll also need a gap analysis to specify how the software will bridge differences between current practices and your requirements.

SCM rollouts require that you first define parameters, in writing. The document should state specific goals, such as reducing patch times, standardizing server configurations, complying with regulations such as Sarbanes-Oxley or following a governance framework like COBIT.

Requirements are derived from several sources: the IT environment to be tamed; standards to be enforced on this environment; the roles and workflow to be integrated into the SCM system; interfaces to complementary technologies; and a plethora of features that fall into buckets, such as reporting, auditing, distribution, change detection and so on. The enterprise should prioritize its requirements so the most critical issues will be addressed in the initial SCM deployment. Organizations with diverse OS versions, for instance, should create templates for those posing the greatest business risk or experiencing the highest volume of deployment or rate of change. Or, priority could be given to control and response measures, such as alarming on detected, unauthorized changes. Subsequent requirements can be phased in over time.