Software configuration management is one of the necessary activities required to track changes in software requirements and their implementation. With constant changes and increasing complexity of software systems, configuration management helps ensure consistency and reliability, especially in SaaS applications and systems.
As software projects develop using iterative approaches and complex architectures, the need for an effective Software Configuration Management (SCM) system becomes even more pronounced. Modern development approaches that rely on continuous integration, delivery, and various usability and acceptability testing techniques also require precise control over software configurations.
Purpose and Definition of SCM
In response to the demands for rapid software development, companies are using iterative development approaches to enable early evaluation and adaptation of their products. They provide frequent releases of working versions of the product with continuous quality and functionality checks.
This approach reduces the risk of discrepancies between the software requirements and the final product. Iterative approaches also speed up the identification and resolution of problems, improve collaboration between teams and users, and enable faster adaptation to changing requirements and market conditions.
When considering software process in a SaaS environment, several more specific issues arise:
- The long life in which the product is developed, upgraded, and improved while it is in production
- The requirement for high configurability of SaaS products as a result of the different needs of individual tenants further complicates the design and maintenance of the system.
To address such specific issues, the software process in SaaS applications and systems must also include SCM.
The most important facts and reasons for implementing the SCM are:
- A software process with numerous number of iterations and product versions requires continuous updating and monitoring of their statuses.
- Frequent changes in system requirements, budgets, and schedules that must be recorded in order to adapt to them in a timely manner.
- If present, the simultaneous work of multiple independent teams and companies requires coordination of their joint efforts.
Software Configuration Management was originally a discipline intended to monitor and control development and operation of large and complex software systems. However, with arise of agile methods and approaches to software development, it has become a general software engineering discipline for identifying, tracking, and storing all information about any software system. The definition of SCM by the ISO/IEC is as follows:
A formal discipline that applies technical and administrative guidelines and controls to identify and document the functional and physical characteristics of configuration items (CIs), control changes to those characteristics, record and report changes in the status of processing and implementation, and verify and conform to specified requirements.
Technical Outcomes
In terms of the narrow and more technically oriented aspect of SCM, the results and purposes of its application are as follows:
- Baseline security ensures that all new or changed CIs are integrated into the current version of the product and stored securely for availability in future needs
- Overwrite security allows team members to work on a CI simultaneously, and that changes that occur in iterations can be made without the risk of being lost or overwritten by each other.
- Reverting to an earlier version of a CI. This need arises when an error that has occurred proves to be irreparable, that is, when a new version of a CI causes so many problems that it is better to revert to the previous version.
Roles and Responsibilities
One of the main reasons for introducing SCM is to establish synchronized and controlled work on a project by multiple participants that is constantly updated. When SCM is considered as part of the software project, different participants have their own specific roles and responsibilities. Although there are many different roles in a software project, including Project manager, Team leaders, and QA team members, two key roles are Configuration manager and Developer.
Configuration Manager
The primary responsibility of the Configuration Manager is to identify all configuration items that make up a system, including hardware components, software components (methods, classes, modules, applications, libraries), documentation, and other relevant items. This includes:
- Accurately tracking and documenting all components to ensure consistency and control throughout the system
- Planning, monitoring, and controlling changes to system configurations to minimize the risk of errors and ensure compliance with project requirements
- Approving or rejecting change requests.
All decisions made by the Configuration Manager directly affect the stability and functionality of the system, leading to the project’s success.
Developer
The developer is responsible for maintaining the configuration of their code and all related CIs:
- Maintains code configurations, tracks different versions of the code, and manages their branches
- Ensures that all parts of the code are compliant with the current state of the project and technical standards.
Main SCM Activities
Software configuration management involves various activities that ensure the integrity of a system throughout its entire lifecycle.
Configuration Identification
Configuration identification enables the identification of configuration items and objects for which changes are tracked and controlled. Possible candidates for CIs include:
- source and executable code
- test plans and test data
- user documentation, etc.
Each CI is assigned identifying information that tracks the item throughout its lifecycle, including a unique identifier, name, author, revision history, and status. In some implementations, even individual methods of a class can also be CIs.
Change Control
All configuration items change during development due to upgrades and bug fixes. The entire process of these changes must be proactively monitored Change control includes the following activities:
- Identification,
- Analysis and documentation
- Evaluation,
- Approval or rejection,
- Verification and implementation.
The degree of formality applied to change control activities can vary and can be:
- Completely informal, where all changes are performed in an ad hoc manner by a small part of the project team
- Completely formal, where the process begins with the completion of a change request, which must then be approved by the Change Control Board (CCB) before implementation.
Version Control
Version control enables precise tracking of the state of each CI from the moment of its creation throughout the project lifecycle. A configuration management system, also known as a Version Control System (VCS), automates most version control activities and provides a repository for storing different versions of CIs.
Configuration Monitoring
Configuration monitoring defines formal procedures for controlling a software product and its supporting documentation. It ensures the secure archiving and availability for future use of the software and documentation.
These checks are performed by the QA team with several key tasks:
- Verify that the adopted procedures have been properly implemented
- Verify that the implemented configuration management policies are in accordance with the change control rules
- Determine that the baselines contain the correct CIs, which includes checking that all added CIs are present, whether any CIs are missing, and whether the versions of individual CIs are correct.
Implementation and Integration with Other Systems
SCM should be related to other service management processes. ISO/IEC 20000-1 emphasizes the importance of the integration with other processes, such as incident management, problem management, and the capacity management.
This integration is one of the key challenges during implementation. It basically involves integration with other software systems and tools, such as project management tools and systems, bug tracking, and continuous integration. The complexity of this integration can vary depending on the tools and processes that the company already uses.
Most companies start the process of external integration with incident management system, followed by problem management system. Most often, existing customer support or help desk system that support such functionality are used.
This choice is logical, since organizations want to improve problem areas first. These areas allow for faster time to market, as they lead to rapid improvements in customer service. For example, problem resolution priorities are assigned based on CI relationships, and incidents are resolved more quickly due to the visibility of all CI information.
The next priority area is change and release management. They provide the analysis of potential consequences on the production environment. They also have information for planning and deployment, so that any new changes do not have a negative impact on the delivered product.
SCM implementation results in continuous service improvement, providing data to identify areas for improvement. Organizations should regularly review and improve their configuration management practices to adapt to new requirements and technologies.
