White Paper
© Copyright Quest® Software, Inc. 2007. All rights reserved.
This guide contains proprietary information, which is protected by copyright. The
software described in this guide is furnished under a software license or
nondisclosure agreement. This software may be used or copied only in accordance
with the terms of the applicable agreement. No part of this guide may be reproduced
or transmitted in any form or by any means, electronic or mechanical, including
photocopying and recording for any purpose other than the purchaser's personal use
without the written permission of Quest Software, Inc.
WARRANTY
TRADEMARKS
All trademarks and registered trademarks used in this guide are property of their
respective owners.
World Headquarters
5 Polaris Way
Aliso Viejo, CA 92656
www.quest.com
e-mail: info@quest.com
U.S. and Canada: 949.754.8000
Please refer to our Web site for regional and international office information.
Updated—June, 2007
CONTENTS
INTRODUCTION ................................................................................. 4
PEOPLE COLLABORATE EFFECTIVELY WITH CLEARLY DEFINED ROLES
AND RESPONSIBILITIES.................................................................... 5
COLLABORATE WITH TWO DISTINCT GROUPS – DEVELOPMENT AND OPERATIONS.........5
COORDINATE KEY MEMBERS FROM BOTH DEVELOPMENT AND OPERATIONS ................5
CREATE A SEPARATE RELEASE MANAGEMENT TEAM............................................6
UNIQUE APPROACH FOR EVERY ORGANIZATION................................................6
PROCESSES CREATE EFFICIENCIES THROUGH REPEATABILITY AND
RELIABILITY ..................................................................................... 7
COBIT ..............................................................................................7
ITIL .................................................................................................8
ADOPT A METHODOLOGY FOR RELEASE MANAGEMENT IMPROVEMENT .......................9
COMMUNICATE WITH A CENTRAL REPOSITORY ............................................... 11
ROLLBACK TO A PREVIOUSLY TRUSTED APPLICATION STATE ............................... 11
SECURELY SEPARATE ROLES AND RESPONSIBILITIES ....................................... 12
RECORD CHANGE ACTIVITY ..................................................................... 12
AUTOMATE AND ENFORCE RELEASE PROCESSES ............................................. 13
LINK PEOPLE AND PROCESSES ................................................................. 14
INTRODUCTION
Communication and coordination are vital when introducing any change, but
choosing the right combination of three key elements - people, process and
technology – guarantees the success of application changes and release
management processes.
Today’s IT organizations are rapidly evolving. As they release business-
critical application changes into production environments, they face
additional pressures driven by a competitive business climate, IT must adapt
quickly in order to survive, often a challenging and painful task.
Many teams are instrumental in application release management. For
instance, development plans changes to business applications while
operations deploys the changes into production. Effective communication
between teams is essential for successful application change release. Poor
communication can result in files going to incorrect locations, property files
being wrongly configured or critical steps being missed in the release
process. One or all of these missteps can bring a production application down
and can lead to customer unhappiness, lost revenue and increased
organizational cost.
The Gartner Group estimates that 80% of application downtime is directly
attributed to a combination of operator errors and application failures.i The
inability to effectively manage frequent changes to business critical
applications not only results in lost revenue and increased cost, but also
reduces an organization’s competitive advantage in an ever changing
business world. A McKinsey survey found that “only 34 percent of IT
executives say that they are more effective at introducing new technologies
than their competitors are” 2 in a market of ubiquitous competition.
A single person, process, or technology will not result in consistent
application changes. Organizations need to find the right combination of all
three elements – with clearly defined roles and responsibilities – to better
influence a positive result. Processes need to be established and followed
with management support, and the right technology used to coordinate the
people and support the process. This paper describes how people, process,
and technology can work as a team to create release management success.
4
PEOPLE COLLABORATE EFFECTIVELY WITH
CLEARLY DEFINED ROLES AND
RESPONSIBILITIES
An increasing number of people involved in today’s release management
activities – from technical architects, developers, and operations managers to
business focused application owners, business managers, and auditors – are
driven by critical applications aligned directly with business objectives.
Adding the need for critical applications to the complexity of distributed
applications forces organizations to retain multiple individuals specializing in
different technologies and platforms to successfully manage the applications.
For example, an IT organization may run a Java application on a WebLogic
server with an Oracle database installed on a RedHat Linux operating system
directly communicating through web services with a .NET application running
on an IIS server with a SQL Server database installed on a Windows 2003
Server. Factor in other technologies such as xml schemas or integration
middleware and it’s easy to see there’s a lot to know when competently
managing this type of heterogeneous environment.
Successful coordination of application changes in complex environments
depends on clearly defining each individual’s role and responsibility. Defining
these roles means understanding the relationship between development and
operations.
5
manager will be less focused on providing technical guidance on the next
critical feature set while they are involved in the release management
process.
6
PROCESSES CREATE EFFICIENCIES THROUGH
REPEATABILITY AND RELIABILITY
It’s obvious a reliable and repeatable process is needed to successfully
manage the increased frequency of changes introduced into an already
complex environment. This becomes even more important in interdependent,
service-oriented architected environments where applications operate on a
plethora of technology and platforms. Without a solid process, deploying
changes become unnecessarily chaotic, introducing unnecessary risk into
environments. Analysts estimate that in the overall application lifecycle,
operations account for between 70% and 80% of the overall time and cost of
an application – meaning only a small portion is actually spent on developing
the application. If an IT organization can reduce the cost of operations over
the life of the application, it can improve the business investment return for
building that application.
Process methodologies are designed to cover different aspects of an
organization, but there are a few key methodologies to consider when
implementing application deployment processes into an IT organization.
Although many organizations use a combination of two or more process
methodologies, two of the more popular for IT organizations are COBiT and
ITIL.
COBiT
As IT services began to rely more on IT governance, the Information
Systems and Control Association (ISACA) and the IT Governance
Institute (ITGI) developed a set of metrics for IT management called
the Control Objectives for Information and related Technology
(COBiT). COBiT addresses a broad spectrum of duties in IT
management that aims to be generically complete, but not specific.
The goal of COBiT is to maximize benefits derived from using
information technology and development of IT governance controls.
This methodology primarily focuses on executive business owners and
has recently become popular due to the Sarbanes-Oxley Act. COBiT
was designed to help organizations better understand their IT systems
and enable them to decide on the right level of security and control to
protect their assets.
COBiT is comprised of four main domains, each with its own specific
process objectives. The Acquire and Implement domain addresses the
control objectives for a successful release management process. Many
of the COBit and business drivers are directly aligned for improving a
release management process, and these drivers include IT process
standardization and automation, structure audit approaches and IT
cost-cutting initiatives.
7
Figure 1: COBiT Domains
ITIL
Complementing COBiT’s broad control and metric methodology, the
Information Technology Infrastructure Library (ITIL), originally
developed by the UK government, focuses on improving the IT delivery
and support processes. ITIL offers a common framework, independent
of any particular industry or business, and incorporates all activities
commonly found in an IT organization. ITIL’s goal is to make an
organization’s IT operations more mature. The framework identifies a
number of best practices used in different IT organizations and
suggests the optimal process, coordination between processes, and
formality to the process. ITIL was designed to serve as a common
point of reference, so a changing organization can always refer to ITIL
no matter the organization’s size, type, and complexity.
Analyst data indicates that of all the best practices available for IT
operations, most organizations are planning on ITIL best practices
only. Because of this, analysts and consultants predict a 40% adoption
rate by 2007 and as high as 80% in 2008!
8
ITIL is made up of five main elements, each with a specific subject. IT
Service Support categorizes release management as a main subject.
According to ITIL, the goal of release management is to ensure a
successful rollout of releases into a live environment. By not including
release management processes in the overall IT operations plan and
budget, ITIL warns that organizations introduce the risks of major
interruptions, duplication of work, inefficient use of resources, and loss
of source files. By using the ITIL framework as a guide, implementing
a release management process can achieve process efficiency and help
control the increased frequency of change requests.
9
organization and prevent the acceptance of IT as a critical business
partner. Understanding the problem landscape will help avoid only
tactical fixes to the problem. Traditionally these methodologies have
been implemented at a more tactical project level, but a more long-
term approach is required as IT organizations move from a back-office
service to a strategic partner with the business.
Any of the aforementioned methodologies can be applied to an
organization’s release management process – albeit using a slightly
different approach – but it comes with a cost. Organizations should
expect to incur personnel and time costs if they hope to understand,
implement, and enforce the release management best practices.
However, these costs are minor in comparison to the potential costs
associated with no methodology, poor planning and the lack of control
over release management.
10
TECHNOLOGY COORDINATES PEOPLE AND
AUTOMATES PROCESSES
Once an IT organization clearly defines release management roles and
responsibilities and formally outlines the release management process, it can
use recent advances in technology to coordinate people and automate the
release management processes. Tools are key for successful release roles
and processes since they are defined independent of a complementary tool.
11
discussions and they can figure out what went wrong in the application
change process.
12
be able to track which of the applications they are responsible for
incurred changes and when they were change. Also, auditors will now
be able to track all the changes that are introduced into a production
environment and be confident that deployments can be easily and
quickly reproducible to the respective environment. Finally, auditors
can be confident that the organization has intimate knowledge of all
the application files that are currently running in their production
environments.
13
By automating the simple steps, the release manager can now focus
on standardizing the release process across applications. Automating
the application release process increases a release manager’s
productivity. By standardizing the deployment process across
applications, teams can achieve efficiencies and cost reductions across
all applications involved.
14
PEOPLE, PROCESS AND TECHNOLOGY – A
FORMULA FOR APPLICATION RELEASE SUCCESS
15
NOTES
i
“IT Operations’ Three Tenors: Change, Configuration and Release
Management” April 2007 The Gartner Group
16