ITIL 4 IT Asset Management & Service Configuration Management

Why IT Asset Management and Configuration Management are Important

Maintaining control around our infrastructure and critical (as well as, often times, expensive) technology assets within our organization is important for several reasons. One, it allows us to make good financial and purchasing decisions. Two, it helps us to meet federal government requirements like FITARA. And three, it ensures that we understand how items are connected. The combination of great ITAM and Configuration Management makes onboarding and offboarding, root cause analysis (providing asset intelligence and traceability), as well as planning for changes and understanding impact (thus, avoiding unnecessary risk) in our environment much easier.

IT Asset Management and, in particular, Service Configuration Management can be difficult practices to get right, but they are worth the investment of time and energy to do well. In this article, we will provide an overview of IT Asset Management and Service Configuration Management. We’ll also discuss some of the similarities, touchpoints, and differences between the two, and talk about the new and expanded concepts introduced as part of the ITIL 4 library, including Hardware and Software Asset Management.

The Origins of Configuration Management in ITIL

Configuration Management as a process has been part of the ITIL library since the late 1980s (back when hair was big, and cutoff sweatshirts were cool). In fact, I remember learning about Configuration Management back when it was ITIL v2, which was released in 2001. At the time, the library was somewhat small. There were two key books with details on ten IT processes and a “function” – that of the Service Desk. In 2007, when ITIL v3 was released, the process was expanded; and the name was changed to Service Asset and Configuration Management (SACM).

With the release of ITIL 4, the SACM process was broken into two separate practices, IT Asset Management (ITAM) and Service Configuration Management. The reason for the change? The two practices interface with and support one another; however, they are different disciplines, which we will cover next.

IT Asset Management vs Service Configuration Management

The simplest way to explain the difference between these two practices is as follows:

• IT Asset Management is about content, understanding what we have and making sure we keep track of our very-important stuff, make good purchasing decisions, etc.
• Service Configuration Management is about context, understanding the relationships between our very-important stuff and how it all relates together, so we can understand impact (as shown in this simple example below).

Ah, the 80s. But I digress. Let’s dig into each practice and talk about what the ITIL 4 Practice Guides say about each one.

What is IT Asset Management?

IT Asset Management is a subset of overall Asset Management, which includes loads of assets outside of the IT organization. The figure below, pulled from the ITIL 4 ITAM Practice Guide (I’ve included details at the end of this article on how to download the Practice Guide for free), does a nice job of showing the relationship between Asset Management, ITAM, and Software Asset Management (SAM), which we will describe in more detail later.

Why IT Asset Management is Key

In ITAM, we’re determining what assets we care about tracking (mainly items that have some sort of financial value, say, anything over $500) and managing those assets throughout their life, from planning, ordering, and receiving to retirement and disposal (which may include a security aspect like wiping data from hardware). Good ITAM helps us ensure our IT assets don’t “sprout legs and walk off.” It allows us to properly depreciate said assets, plan when assets should be replaced (e.g., fleet replacement of laptops every three years), and maintain solid information on where and when we bought them, with details on the warranty, terms, and overall contract.

A strong ITAM practice also makes IT Service Costing, procurement, budgeting, accounting, inventory management, supplier management, and auditing much easier. Ultimately, the information we capture about IT assets should help us make good decisions. We don’t need to capture every bit of information about every single asset. This is one of the main issues we see with ITAM (and Configuration Management too). We tend to capture and track a ton of information because we don’t know what’s important. Unfortunately, we end up tracking a lot of irrelevant data; and it takes a lot of time to keep everything up to date. In fact, one of the key messages in the ITIL 4 ITAM Practice Guide is the following:

IT asset information should be relevant to the organization’s needs. There is no benefit in including all available data in an IT asset register or in blindly following examples from publications or other organizations. An ITAM practice is only as valuable as the information it provides is accurate, up-to-date, reliable, comprehensible, easy to use, and relevant. Even high-quality data is useless if it is not relevant to the organization’s needs. The careful selection of relevant data and optimal ways to maintain it are a key component of the organization’s ITAM approach.

It’s also helpful to discuss what won’t be tracked. For example, consumables like mice and cables don’t often make a lot of sense to track (and aren’t worth the time and effort it would take to do so).

Cloud Services and ITAM

Since the time that the ITIL v3 library of books were published (and even more so after the start of the pandemic), organizations have dramatically increased their use and reliance on cloud services. As such, a robust ITAM practice can help organizations make better decisions around cloud, namely, account for trends in usage and spend on cloud providers, manage contract renewals, understand and forecast overall demand and capacity, as well as control used and unused software licenses (which can quickly get out-of-hand if we’re not careful).

IT Asset Registers and ITAM

The above information around cloud services, along with other key information on our IT assets (which we’ll talk about in the next section), will form what’s called our IT asset register, defined here:

A collection of information about IT assets that includes their ownership, cost, and other key characteristics. The IT asset register makes it possible to maintain the stock count of IT assets.

In organizations that are just starting out with ITSM, Asset Registers often take the shape of Excel spreadsheets. However, as the organization grows, there’s benefit in putting this information into a centralized tool that can be viewed, updated, and maintained by multiple groups.

The ITIL 4 Practice Guide does a nice job of giving examples of IT assets you might include in an IT asset register. It walks through the common phases that IT assets go through as part of their lifecycle (shown in the callout box below), details who to involve in each phase or key activity, provides potential metrics to capture to give you a sense of the “health” of the ITAM practice, and includes ideas on how to start or improve your process of capturing asset information (including how to plan and conduct an audit of ones’ IT assets).

One of the phases, in particular, calls out the importance of assigning asset ownership, that of IT Asset Assignment, described here:

The act of delegating responsibility for an IT asset to an IT asset consumer for the period of IT asset consumption/use. For some types of IT assets, they can be combined with the relevant install, move, add, change actions.

The inclusion of this phase in the IT asset lifecycle makes it easier for the organization to know who owns what and ensure information about that asset type is kept up to date. Further, asset owners are often the folks that will be involved with Installs, Adds, Moves, and Changes (IMAC) as part of regular Service Request Management activities.

Doing ITAM Inventory, Discovery, and Validation

The items within an IT asset register should be validated as needed to ensure information around our assets is accurate and up to date. The ITIL 4 Practice Guide recommends conducting periodic inventories and discovery, as defined here:

The ITIL 4 Practice Guide goes onto say that “the IT asset register indicates what should be found, while inventory and discovery reveal what is found.” This process also provides reconciliation of our information.

Software Asset Management and ITAM

Software Asset Management (SAM) is a subset of ITAM specifically concerned with software licensing, compliance, use, contract renewals, and spend (to ensure teams and the overall organization don’t overpay for licenses or end up with a large, wasted pool of unused seats). Someone serving in the role of a Software Asset Manager would manage all software or maintain relationships with specific software vendors (for example, Microsoft). Several SAM activities can also be automated through the use of SAM discovery and management tools.

Hardware Asset Management and ITAM

Hardware Asset Management (or HAM, which is excellent with green eggs, by the way), is also a subset of IT Asset Management; and it tends to deal with more tangible assets (laptops, desktops, peripherals, etc.). Often times, those in charge of ITAM will track hardware-related items in the IT asset register with barcodes and/or QR codes that can be easily affixed, scanned, and tracked within an IT Service Management platform.

Who Should Do ITAM and Service Configuration Management?

ITAM is usually performed by a single person or in part by several people who have it as just one aspect of their overall roles and responsibilities. In large organizations, you may start to see people with the actual title of asset manager. However, there is no hard and fast rule that ITAM needs to be someone’s title.

The ITIL 4 Practice Guide for ITAM details the responsibilities of those with the role of IT asset manager, license manager, IT asset owner, IT asset consumer, and IT asset custodian. Having a solid ITAM policy (or set of policies, like when and how to do an inventory or how to safely and securely dispose of assets) and guidelines can help make everyone’s job easier. In fact, the ITIL 4 Practice Guide states that all ITAM policies and guidelines should be, “clear, useful, easy to apply, and supported by relevant controls, including automation.”

As with ITAM, Service Configuration Management-related activities can be part of the roles and responsibilities of a person or an entire team; and in large organizations, there are usually several different types of roles or titles within this practice, including that of a configuration manager (unlike ITAM, this is often a full-time role), configuration administrator, configuration librarian (who I’m pretty sure also has the task of regularly shushing people), and resource/CI owner. All of these roles and responsibilities are outlined as part of the Service Configuration Management Practice Guide document.

What is Service Configuration Management?

Now that we’ve talked a little bit about Service Configuration Management, let’s dig into how it’s different from ITAM, starting with the purpose:

The beauty of Service Configuration Management, when done well, is that we can see a visual picture of our products and services along with the key components or pieces that comprise them. Mapping these relationships helps us better understand cause-and-effect prior to making changes and helps us more quickly diagnose and resolve issues for our customers. For a deeper dive into each of these areas, check out these articles on how good Configuration Management can make managing incidents easier, how it improves our ability to do better Problem Management, and how it benefits our Change Enablement efforts.

Side note: Change Enablement (what was termed Change Management in ITIL v3) is essentially futile if there is no real Service Configuration Management in place. Without it, understanding risk is largely a guessing game.

The ITIL 4 Practice Guide on Service Configuration Management provides a helpful recommendation to know whether you’re doing it right: “The Service Configuration Management practice is only as valuable as the information it provides is accurate, up to date, reliable, understandable, easy to use, and relevant.” Other things I like that are in the Practice Guide include examples of Configuration Items (CIs) to capture, questions to ask before adding new CIs or information to a CMDB (see the callout box below), recommendations on how to approach building or refining our Service Configuration Management practice using the Guiding Principles as a frame of reference, and ideas on metrics to “check the health” of our practice.

Service Configuration Management and Automation

One of the things that is essential to doing Service Configuration Management well is taking the time to plan out our approach and being thoughtful about the use of automation. The ITIL 4 Practice Guide states that “the Service Configuration Management practice is a highly-automated practice. It relies on the collection, maintenance, and control of large amounts of configuration data and often includes building, maintaining, and presenting complex configuration models. The practice involves gathering data from multiple sources, integrating it and presenting in a meaningful way. Specialized tools are typically used alongside monitoring, discovery, analytical, and record-keeping systems.” Thus, the Service Configuration Management practice often requires the help of experienced configuration administrators.

Capturing What Matters in Configuration Management

As with the IT Asset Management practice, in Service Configuration Management, our goal is not to capture all pieces of information about all items in our environment; but rather, a simplified “model” of what we have. Capturing too much information becomes a ton of unnecessary work and causes organization to often abandon their Configuration Management effort all together, which is what we want to avoid.

Instead, the ITIL 4 Practice Guide provides an alternative approach: “There is no correct answer and no recommended solution for defining which resources should be under the Service Configuration Management practice’s control. These decisions should be driven by key factors: the usefulness of the configuration information to stakeholders and the costs of obtaining and maintaining the information.” So, start with the decisions you’re trying to make or the visibility that you’re trying to achieve.

It’s better to start small, figure out what initial Configuration Item types and attributes that you want to capture (for example, you’ll want to capture that your flux capacitor requires a whopping 1.21 Gigawatts of power to work – “Great Scott!”), and then determine how you’re going to discover and manage the information. You can always expand scope later, rather than try and capture everything upfront and end up creating more work (and frustration) for yourself than needed. What’s most important at this point is to ensure that whatever you’re putting into your system is manageable and can be kept up to date so that you can make good decisions based upon what’s captured.

How do ITAM and Service Configuration Management Work Together?

Service Configuration Management often starts with a good IT asset register and pulls information into a Configuration Management Database or CMDB of some sort, a central place for information about Configuration Items or CIs (defined here).

Configuration item: Any component that needs to be managed in order to deliver an IT service.

Configuration Items are a bit different than regular IT assets in a few key ways:

• CIs may or may not be tangible (CIs can include key documentation like SLAs or knowledge articles, virtual servers or networks, as well as locations, services, and/or people), whereas assets tend to be tangible.
• CIs may or may not have financial value tied to them; whereas assets do.
• CIs have relationships with other CIs in support of an overarching product or service, whereas assets may or may not.

There can be a lot of overlap between CIs and assets. However, not every CI is an asset; and not every asset is necessarily going to be a CI. Again, it’s helpful to talk with your teams about what should be treated as an asset and what will be considered a CI.

How do I build a Configuration Management Database (CMDB)?

Once you’ve figured out your CIs, you’ll want to begin building your CMDB, defined here:

Configuration management database: A database used to store configuration records throughout their lifecycle. It also maintains the relationships between configuration records.

If you’re starting from scratch, this article on Creating a CMDB in 7 Easy Steps is very good as it details how to build logical models, define CI types and attributes, assign ownership, facilitate discovery, and map relationships between assets.

CMDB Baseline, Inventory, and Validation

Similar to an IT asset register, a CMDB should be periodically inventoried and verified to ensure the information is accurate and up to date. This can be achieved by taking periodic baselines (defined here) and verifying or auditing against the information as needed.

Baseline configuration: A configuration of a product, service, or infrastructure that has been formally reviewed and agreed. It serves as the basis for further activities, such as use, development, and planning.

How Beyond20 Put ITAM and Configuration Management Together at DOJ

Here’s a short example of how the two practices can work together in real life. We recently worked with the Department of Justice to plan and execute a wall-to-wall audit of all trackable IT assets for the entire Civil Division. The project involved training a team of auditors to use hand-held scanners and custom asset data barcodes to expedite data collection. The Team conducted physical audit of several facilities, field offices, and remote staff — totaling over 10,000 individual assets and nearly 130,000 points of data for several thousand users.

We then collected, processed, and used the data to create a new and accurate CMDB for the Civil Division. We documented the processes and procedures for accomplishing the audit and how to enhance inventory management to allow the Civil Division to repeat audits on their own and maintain up-to-date data. By the end of the project, DOJ had better information around their assets and Configuration Items and could more easily control costs, manage risks, provide data reporting, support decision-making during procurement, re-use, and retirement of assets. They were able to standardize their ITAM and Configuration Management practices, and ultimately, improve how they operated.

Where can I find the ITIL 4 ITAM and Service Configuration Management Practice Guides?

If you’re new to ITIL 4, taking a 2-day ITIL 4 Foundation course is a great place to start as it covers both the ITAM and Service Configuration Management practices detailed in this article. As a bonus, once you pass the exam, you get a free subscription to MyITIL for one year; and you can download these Practice Guides (along with the 32 others in the ITIL 4 library) for free as part of the MyITIL program. The Practice Guides are a bit lengthy – ITAM is 50 pages; and Service Configuration Management is 35 pages with lots of helpful details throughout. So, grab yourself a cup of tea, dust off your old legwarmers, and give yourself a bit of time to read them. Best of luck on your journey!