Date Published November 2, 2020 - Last Updated October 30, 2020
This is the final part of “Bringing Service Home,” a three-part series focusing on the agility of being able to operate remotely or from home locations in lieu of expensive hot sites or when local issues affect on-site operation. This final installment looks at how changes in scope of Service Asset and Configuration Management (SACM) can support organizations when the next pandemic or disaster strikes.
Know Who Has What
The way an organization’s infrastructure is designed and secured has a lot to do with ease of moving people home. When access tokens or identify management solutions with two-factor authentication are not provided to all staff members routinely, moving workers home can become a tedious effort, and the organization may not be able to afford the time it takes to manage this manually. Additionally, as workers and equipment move out of the workplace, supporting and securing it requires understanding what’s outside, current software levels, and how to reach the people that use the equipment.
A good SACM program ensures both the Configuration Management Database (CMDB) and Asset Management Database (AMDP) provide the data needed to configure workers for remote access and secure equipment remotely. Any company that has more than one location can no longer efficiently manage users and equipment that is outside of the data center without such a program.
Enabling Remote Access and Support
The first effort mentioned was the ability to ensure that all workers can be enabled with the ability to work from home effectively. This starts with understanding what they need:
- A laptop for in-office or home use
- Ability to connect remotely via a hard or soft token (soft preferred due to ease of mobility and installation), virtual desktop when required by the company’s configuration, and/or registration in an automated identity management solution
- Access to a video conference calling solution
- Access to a company-standard IM solution
A SACM program that includes user-level data makes it easier to “go remote” if as a business continuity program for any type of corporate office disaster (weather, fire/flood or other building damage, localized disaster etc.), this level of management is needed. Here’s why:
When an identify management solution offering 2-factor authentication is not available and the company relies on tokens, the CMDB/AMBD can deliver a report of employees who need to be configured for remote support.
The AMDB can be used to find out who doesn’t have a laptop already. A fast survey can be used to find out who already has a computer at home that can be used until a corporate laptop can be deployed – this enables prioritization of the work to supply equipment.
The CMDB can supply information on the corporate-owned hardware, software, and patching levels on laptops, making them easier to secure and support once they leave the corporate environment.
Vulnerability management practices can help secure remote equipment if/when their configuration is known by identifying all items that could cause a problem, regardless of their location.
Getting There
The most important aspect of achieving this is to get serious about configuration management and asset management. Even if the current ITSM solution is weak in this area, there are independent products available that bolt onto ITSM solutions through integration. Effectively, the ability to move people home as a business continuity strategy is a strong business case for expanding the scope of a current asset and configuration practice or for starting one.
Considerations for an effective service asset and configuration management practice that supports the ability to “go-remote” include:
- Ensure the program extends to user-level and remote equipment
- Consider a means of tracking who has their own equipment at home (either as a user-record in the CMDB or on their user-profile)
- Ensure all corporate owned computers have a means to ensure they are discoverable (agent or agent-less discovery needs to be able to reach them when they are in the office or and/or remotely)
- Be sure operating system patch levels and software versioning is included in scope for vulnerability management
- Include software and products that might not have been considered in the past: soft-tokens, virtual desktops, conference calling and corporate IM programs.
This extra scope will prepare the organization for moving to remote work while also leveraging automation as much as possible. Automating the configuration of remote support and marrying the automation with data from the CMDB can turn a time-consuming manual process into an overnight implementation, paying off well when disaster strikes. Combining the approaches in the three articles in this series provide everything an organization needs to consider to be “at-home ready” regardless of the cause.
Phyllis Drucker is an ITIL® expert certified consultant and information leader at Linium. Phyllis has more than 20 years of experience in the disciplines and frameworks of IT service management, as both a practitioner and consultant. She has served HDI since 1997, itSMF USA since 2004 in a variety of capacities including speaker, writer, local group leader, board member, and operations director. Since 1997, Phyllis has helped to advance the profession of ITSM leaders and practitioners worldwide by providing her experience and insight on a wide variety of ITSM topics through presentations, whitepapers, and articles and now her new book on the service request catalog, Online Service Management: Creating a Successful Service Request Catalogue (International Best Practice). Follow Phyllis on Twitter @msitsm.