DOCSLIB.ORG

Software Configuration Management a Road Map

Total Page:16

File Type:pdf, Size:1020Kb

Download full-text PDF Read full-text
Software Configuration Management a Road Map Software Configuration Management A Road Map Jacky Estublier DassaultSyst•mes / LSR, Grenoble University, Actimart, AllŽe de Roumanie 38610 Gieres France [email protected] location. This is often referred as workspace control. ABSTRACT Compilation and derived object control is a major issue. This paper, in the first chapter summarizes the state of the Process control and support. Later (end 80s), it became art in SCM, showing the evolution along the last 25 years. clear that a, if not the, major issue is related to people. Chapter 2 shows the current issues and current research Traditionally, change control is an integral part of an SCM work under way in the area. In chapter 3, the challenges product; currently the tendency is to extend process support SCM has to take up, as well as SCM future research are capability beyond these aspects. discussed. 1.1 Short History Keywords In the 80s, the first systems were built in house and Software configuration management, Version control, focussed closely on file control. Most of them were built as process support, concurrent engineering, federation, a set of Unix scripts over RCS (a simple version control interoperability, architecture. tool) and Make (for derived object control). From this period we can mention DSEE [29], the only 1 WHAT IS SCM? serious commercial product, which introduced the system Current definition would say that SCM is the control of the model concept, an Architecture Description Language evolution of complex systems. More pragmatically, it is the (ADL) ancestor; NSE [34] which introduced workspace discipline that enable us to keep evolving software products and cooperative work control; Adele which introduced a under control, and thus contributes to satisfying quality and specialized product model with automatic configuration delay constraints. building [15], and Aides de Camp (now TRUE software) which introduced the change set (see later). SCM emerged as a discipline soon after the so called ÇÊsoftware crisisÊÈ was identified, i.e. when it was The first real SCM products appeared in the early 90s. understood that programming does not cover everything in These systems are much better. They often use a relational Software Engineering (SE), and that other issues were database but still rely on file control, they provide hampering SE development, like architecture, building, workspace support, but no or built-in process support. This evolution and so on. generation included Clear Case [30] (DSEE successor) which introduced the virtual file system and Continuus SCM emerged, during the late 70s and early 80s, as an [5][12] which introduced, with Adele, explicit process attempt to address some of these issues; this is why there is support [20]. Continuus and Clear Case are currently the no clear boundary to SCM topic coverage. In the early 80s market leaders. SCM focussed in programming in the large (versioning, rebuilding, composition), in the 90s in programming in the In the second half of the 90s, process support was added many (process support, concurrent engineering), late 90s in and most products matured. This period saw the programming in the wide (web remote engineering). consecration of SCM, as a mature, reliable and essential Currently, a typical SCM system tries to provide services in technology for successful software development; the SCM the following areas: market was over $1 billion sales in 1998. Many observers consider SCM as one of the very few Software Engineering Managing a repository of components. There is a need successes. for storing the different components of a software product and all their versions safely. This topic includes version 1.2 Component repository management, product modeling and complex object management. Most SCM products are based on a tiny core of concepts Help engineers in their usual activities. SE involves and mechanisms. Here is a short summary of these applying tools to objects (files). SCM products try to concepts. provide engineers with the right objects, in the right 1.2.1 Versioning None of these approaches is available in the vast majority of todayÕs systems [9]. In the early 70s, the first version control system appeared [33]. The idea is simple: each time a file is changed a revision is created. A file thus evolves as a succession of 1.3 Engineers support revisions, usually referred to by successive numbers (foo.1, foo.2 .). Then from any revision, a new line of change can Practitioners rejected the early systems because they were be created, leading to a revision tree. Each line is called a helping the configuration manager, and bothering branch (the branch issued from foo.2 is called foo.2.1, everybody else. A major move toward acceptance was to foo.2.2É). consider the software programmer as a major target customer: helping him/her in the usual SE activity became At the same time, 3 services were provided: History, delta, a basic service. multi user management and a bit later, merging facilities. History simply records when and who created a revision 1.3.1 Building and rebuilding along with a comment. The aim of rebuilding is to reduce compilation time after a Deltas were provided because two successive revisions are change, i.e. to recompile, automatically, only what is often very similar (98% similar in average)[22]. The idea is needed. Make [24] is the ancestor of a large family of to store only differences (the 2% that are different). Of systems based on the knowledge of ÒdependenciesÓ course, it vastly reduces the amount of required memory. between files, and their last modification date. Make proved to be extremely successful and versatile, but Multi-user management consists in preventing concurrent difficult to use and inadequate in many respects. All changes from overlapping each other. A user who wants to attempts to do substantially better have so far failed. Most change a file creates a copy and sets a lock on that file systems ÒonlyÓ generate the makefiles. (check-out); only that user can create a new revision for that file (check-in). 1.3.2 Workspace support Despite the fact that all this is 25 years old, it is still the base of the vast majority of today SCM systems. A workspace is simply a part of a file system were the files of interest (w.r.t. a given task like debug, develop etc) are 1.2.2 Product model located. The workspace acts as a sphere where the programmer can work, isolated from the outside world, for From the beginning, the focus was on file control. It is no the task duration. The SCM system is responsible for surprise to see that, even today, the data model proposed by providing the right files (often a configuration), in the right most vendors resemble a file system, plus a few attributes, file system, to let users work (almost) independently, and to often predefined. This is archaic and contrasts with todayÕs save the changes automatically when the job is done. data modeling. 1.1.1 Composition It is this service that really convinced practitioners that SCM was there to help them. A configuration is often defined as a set of files, which 1.3.3 Cooperative work support together constitute a valid software product. The question is twofold: (1) what is the real nature of a configuration, and A workspace is a support for concurrent engineering, since (2) how to build it, prove its properties and so on. many concurrent workspaces may contain and change the Surprisingly, in most systems, a configuration is not an same objects (files). Thus there is a need for (1) object, but ÒsomethingÓ special. It is a consequence of a resynchronizing objects and (2) controlling concurrent weak data model in which complex objects and explicit work. relationships are not available. Resynchronizing, so far, means merging source files. The traditional way to build a configuration is by changing Mergers found in today tools simply compare (on a line by an existing one. No correctness criteria are available. line basis) the two files to merge, and a file that is historically common to both (the common ancestor). If a In the change-set approach, a change, even it involves line is present in a file but not in the common ancestor, it many files, receives a logical name (like ÒFixBug243Ó). was added, and must be kept; if a line is present in the Later on, a configuration can be produced as a set of ancestor and not in the file, it was removed and must be change-sets to add or remove from a base configuration removed. If changes occurred at different places, the (like ÒC2 = C1 + FixBug243 Ð Extention2Ó), C1 being the merger is able to decide automatically what should be the base configuration and C2 the new one [23]. In the Adele merged file. This algorithm is simply a heuristic that system, a configuration is built interpreting a semantic provides in output a set of lines with absolutely no description which looks like a query: the system is in guaranties about correctness. Nevertheless mergers proved charge of finding the needed components based on their to work fine, to be very useful and became almost attributes and their dependencies [16]. unavoidable. See a survey in [4]. Controlling concurrent work means defining who can It is interesting to see that both the most appreciated and perform a change, when, on which attribute of which the most criticized feature concern process support. Almost object. It is one of the topics of process support that, no comments concerned the basic aspects of SCM, like currently, no tool really provides. versioning and merging. Practitioners think tools are good and stable enough but still lack efficiency, scalability and interoperability with the other SE tools.
Load more

Recommended publications
  • Managing the Configuration of Information Systems with a Focus on Security
    MANAGING THE CONFIGURATION OF INFORMATION SYSTEMS WITH A FOCUS ON SECURITY Shirley Radack, Editor Computer Security Division Information Technology Laboratory National Institute of Standards and Technology U.S. Department of Commerce Organizations have to make frequent changes to their information systems in order to implement new and updated hardware and software components, correct software flaws and other errors, address new security threats, and adapt to changing business objectives. These constant changes result in adjustments being made to the configuration of information systems; these activities could have an impact on the security of the systems and operations. In developing information systems, organizations employ many components that can be interconnected in different arrangements to meet the organization’s business, mission, and information security needs. To protect information systems and information, organizations need techniques for the secure configuration, operation, and management of system components, including mainframes, workstations, servers, networks, operating systems, middleware, and applications, and for the management and control of risks to systems and information. The Information Technology Laboratory (ITL) at the National Institute of Standards and Technology (NIST) has issued a new guide to help organizations develop a well-defined process for managing and controlling secure system configurations, and for managing risks in information systems. NIST Special Publication 800-128, Guide to Security- Focused
    [Show full text]
  • Business Rule Based Configuration Management and Software System Implementation Using Decision Tables
    Business Rule Based Configuration Management and Software System Implementation Using Decision Tables Olegas Vasilecas, Aidas Smaizys Vilnius Gediminas Technical University, Sauletekio av. 11, LT-10223 Vilnius, Lithuania [email protected], [email protected] Abstract. Deployment and customization of the software in different information systems of separate organizations challenge large requirement conformity, project and specification management, design and architecture complexity, code integration, compatibility and interoperability issues, frequently causing the need of reengineering through the entire all the system development lifecycle. The paper proposes new business rule based method of information system configuration management and automated way of configuration implementation into the final software system code. 1 Introduction Business systems are functioning according to business rules in specific business domain. Due to dynamic of its nature, business environment is changing frequently according to internal and external influences such as changes in law, new competition etc. [1]. However Business rules (BR) of particular problem domain are similar in several organizations but they are never applied the same way even they depend on the same legal regulations. Production and implementation of such a software system into the large amount of slightly different information systems of separate organizations challenge large requirement conformity, project and specification management, design and architecture complexity,
    [Show full text]
  • ITIL Asset and Configuration Management in the Cloud
    ITIL Asset and Configuration Management in the Cloud January 2017 © 2017, Amazon Web Services, Inc. or its affiliates. All rights reserved. Notices This document is provided for informational purposes only. It represents AWS’s current product offerings and practices as of the date of issue of this document, which are subject to change without notice. Customers are responsible for making their own independent assessment of the information in this document and any use of AWS’s products or services, each of which is provided “as is” without warranty of any kind, whether express or implied. This document does not create any warranties, representations, contractual commitments, conditions or assurances from AWS, its affiliates, suppliers or licensors. The responsibilities and liabilities of AWS to its customers are controlled by AWS agreements, and this document is not part of, nor does it modify, any agreement between AWS and its customers. Contents Introduction 1 What Is ITIL? 1 AWS Cloud Adoption Framework 2 Asset and Configuration Management in the Cloud 3 Asset and Configuration Management and AWS CAF 5 Impact on Financial Management 5 Creating a Configuration Management Database 6 Managing the Configuration Lifecycle in the Cloud 8 Conclusion 9 Contributors 10 Abstract Cloud initiatives require more than just the right technology. They also must be supported by organizational changes, such as people and process changes. This paper is intended for IT service management (ITSM) professionals who are supporting a hybrid cloud environment that leverages AWS. It outlines best practices for asset and configuration management, a key area in the IT Infrastructure Library (ITIL), on the AWS cloud platform.
    [Show full text]
  • Software Project Monitoring and Control
    Module 12 Software Project Monitoring and Control Version 2 CSE IIT, Kharagpur Lesson 31 Risk Management and Software Configuration Management Version 2 CSE IIT, Kharagpur Specific Instructional Objectives At the end of this lesson the student would be able to: • Identify the main categories of risks which can affect a software project. • Explain how to assess a project risk. • Identify the main strategies to plan for risk containment. • Explain what risk leverage is. • Explain how to handle the risk of schedule slippage. • Explain what is meant by configuration of a software product. • Differentiate among release, version and revision of a software product. • Explain the necessity of software configuration management. • Identify the principal activities of software configuration management. • Identify the activities carried out during configuration identification. • Identify the activities carried out during configuration control. • Identify the popular configuration management tools. Risk management A software project can be affected by a large variety of risks. In order to be able to systematically identify the important risks which might affect a software project, it is necessary to categorize risks into different classes. The project manager can then examine which risks from each class are relevant to the project. There are three main categories of risks which can affect a software project: Project risks. Project risks concern varies forms of budgetary, schedule, personnel, resource, and customer-related problems. An important project risk is schedule slippage. Since, software is intangible, it is very difficult to monitor and control a software project. It is very difficult to control something which cannot be seen. For any manufacturing project, such as manufacturing of cars, the project manager can see the product taking shape.
    [Show full text]
  • Quality Assurance and Configuration Management
    Quality Assurance and Configuration Management Energy, Climate, & Sandia National Laboratories implements quality assurance and configuration Infrastructure Security systems essential to the control and traceability of modeling used to demonstrate regulatory compliance. Introduction agencies, including, most significantly, the U.S. Nuclear Regulatory Commission Sandia National Laboratories has a long and the U.S. Environmental Protection history of involvement in significant Agency, as well as various federal, state, national programs directed at solving and other organizations. Among more the national problem of managing the notable successes of this work has been disposal of various forms of nuclear the adaptation of quality assurance wastes. These involvements include to activities sponsored largely by the significant responsibility on the Waste U.S. Department of Energy involved Isolation Pilot Plant (WIPP), the Yucca in the characterization, selection, and Mountain Site Characterization Project performance analyses associated with (YMP), the Hanford Tank Waste programs involving nuclear waste Remediation System (TWRS), and management. Quality assurance the Greater Confinement Disposal requirements originated from a need to (GCD) programs. In addition, control and assure the quality of nuclear Sandia has also played major roles power plant design, construction, and in nuclear waste transportation, operations; modifying these concepts and in several environmental for application to scientific investigation remediation and restoration and characterization activities was a programs, including those at Fernald, necessary and beneficial effort that Ohio, and Hanford, Washington. has proven successful for nuclear waste A key to the success of our activities management. on these programs, particularly for Decades of experience under the WIPP, YMP, TWRS, and GCD, was the scrutiny of independent audits, development and application of quality identifying quality deficiencies, and assurance for program activities.
    [Show full text]
  • Service Asset and Configuration Management (SACM/CMDB) Process
    Service Transition SERVICE ASSET AND CONFIGURATION MANAGEMENT PROCESS VERSION: 4.3 REVISION DATE: February 23, 2017 Service Transition USER GUIDE Service Asset and Configuration Management Process 4.3 | 02/23/2017 Contents Section 1. Introduction ......................................................................................... 1 1.1 Purpose .............................................................................................. 1 1.2 Goal .................................................................................................... 1 1.3 Overview ............................................................................................ 1 1.4 Key Relationships with other processes ........................................ 2 1.5 Definitions .......................................................................................... 2 Section 2. Roles and Responsibilities .................................................................. 4 2.1 Process Owner/Configuration Manager ......................................... 4 2.2 Configuration Item Class Owner ..................................................... 4 2.3 Configuration Item Class Administrator ......................................... 4 2.4 Configuration Item Company Administrator .................................. 5 2.5 IT Service Continuity Management (ITSCM) Role......................... 5 2.6 IT Staff ................................................................................................ 5 2.7 ITSM Product Manager ....................................................................
    [Show full text]
  • 2. Configuration Management
    Computer Science and Software Engineering University of Wisconsin - Platteville 2. Configuration Management Yan Shi SE 3730 / CS 5730 Lecture Notes Outline . What is configuration management? — Identification — Change control — Status accounting — Audit and review . CM techniques and practices — lock-modify-unlock — copy-modify-merge — RCS — branching — deltas . CM tools Why is CM needed? . ``This worked yesterday and doesn't work now.” What happened? . ``The user manual says to do this, but when I do it, something different happens.'' Which is correct, the manual or the code? Why was one changed? . ``The code changes that I made last week are no longer in the code.” What happened to the fix? Who changed the code and Why? . ``The listing doesn't match what the program does!'' Which is correct? . ``Did the bug get fixed in this copy, too?'' Why is CM needed? . Control the changes — Versions of documents need to be combined to form a product, or configuration — With many people working on many files, inconsistencies can occur . Required for testing — We must know and control what source was used to produce a software system in order to know what is being tested — We need to be able to build and rebuild a software system reliably . Reduce the quality cost — https://www.youtube.com/watch?v=Ij1yDpfZI8Q CM CONCEPTS AND COMPONENTS What is Configuration Management? . Software CM is a discipline for managing the evolution of software systems throughout all stages of the software life cycle. SCM is a component of SQA system. — Infrastructure component — Organizational framework . SQA teams are often required to take the responsibility of managing the CM system.
    [Show full text]
  • A Guide to Configuration Management for Intelligent Transportation Systems
    A Guide to Configuration Management for Intelligent Transportation Systems April 2002 Prepared for Intelligent Transportation Systems Joint Program Office US Department of Transportation By Mitretek Systems, Inc. FHWA-OP-02-048 EDL #13622 Technical Report Documentation Page 1. Report No. 2. Government Accession No. 3. Recipient's Catalog No. FHWA-OP-02-048 4. Title and Subtitle 5. Report Date April 2002 A Guide to Configuration Management for Intelligent Transportation 6. Performing Organization Code Systems 7. Author(s) 8. Performing Organization Report No. Paul J. Gonzalez 9. Performing Organization Name and Address 10. Work Unit No. (TRAIS) Mitretek Systems, Inc. 11. Contract or Grant No. 600 Maryland Avenue, SW, Suite 755 DTFH61-00-C-00001 Washington, DC 20024 12. Sponsoring Agency Name and Address 13. Type of Report and Period Covered Department of Transportation Intelligent Transportation Systems Joint Program Office 400 Seventh Street, SW – Room 3416 Washington, DC 20590 14. Sponsoring Agency Code HOIT 15. Supplementary Notes William S. Jones – Task Manager 16. Abstract This monograph is one of a series intended to introduce the topic of systems engineering to managers and staff working on transportation systems projects, with particular emphasis on Intelligent Transportation Systems (ITS) projects. Systems engineering is a discipline that has been used for over 50 years and has its roots in the building of large, complex systems for the Department of Defense. Systems engineering is an approach to building systems that enhances the quality of the end result and the expectation is that its application to transportation systems projects will make those projects more effective in developing and implementing the systems they are intended to build.
    [Show full text]
  • Configuration Management Process Map
    Configuration Management Process Asset Library Office of Information and Technology Table of Contents Configuration Management Process Map ............................................... 1 Configuration Management Description and Goals................................................ 2 Description................................................................................................................. 2 Goals........................................................................................................................... 2 Configuration Management RACI Information ........................................................ 3 Configuration Management Associated Artifacts Information .............................. 5 Configuration Management Tools and Web Sites Information ............................. 5 Configuration Management Standards Information ............................................... 5 Configuration Management Process ........................................................................ 6 Process Activity Name: CFG-01 Identify Configuration Items ........................... 6 Process Activity Name: CFG-02 Place Configuration Items Under Configuration Control .............................................................................................. 7 Process Activity Name: CFG-03 Adopt Change Management Procedures ...... 8 Process Activity Name: CFG-04 Verify and Audit Configuration Items ............ 9 Process Activity Name: CFG-05 Generate Reports ........................................... 11 Configuration
    [Show full text]
  • Configuration Management Basics
    Configuration Management Basics Enchantment Chapter of INCOSE October 12, 2011 Ann Hodges, CSEP [email protected] 505-844-6284 Topics • What is CM? • CMII Summary • Practical Suggestions for Applying CM Practices What is Configuration Management (CM)? A process that establishes and maintains consistency of a product's attributes with its requirements and product configuration information throughout the product's life cycle [EIA] Why CM? • CM ensures the effective management of the evolving configuration of a system, including all of its work products, during its life cycle [SE: pg 5.11] • Change is inevitable, and managing the impact of change is the focus of CM – It is important to maintain enough of and the right information to ensure that deliverables can be related and are controlled based on engineering and management trade-off decisions Systems engineering activities rely on product configurations being known and controlled When Does CM Occur? • CM activities occur throughout the life cycle of both the project and the product – CM begins at the initial determination of mission need and continues until project closeout or product retirement (from “lust to dust”) Industry Standard CM Activities* Quality Product Configuration Audit Identification Configuration Change Control Configuration Status Accounting Status Configuration CM Planning and Management * Adapted from [EIA] Figure 1 CM Planning and Management • Identify needs/requirements – Factors that might impact CM activities (e.g., team co- location, partners/subcontractors/suppliers,
    [Show full text]
  • Best Practices in Cyber Supply Chain Risk Management
    National Institute of Standards and Technology Best Practices in Cyber Supply Chain Risk Management Conference Materials Cyber Supply Chain Best Practices In a Nutshell: Cybersecurity in the supply chain cannot be viewed as an IT problem only. Cyber supply chain risks touch sourcing, vendor management, supply chain continuity and quality, transportation security and many other functions across the enterprise and require a coordinated effort to address. Cyber Supply Chain Security Principles: 1. Develop your defenses based on the principle that your systems will be breached. When one starts from the premise that a breach is inevitable, it changes the decision matrix on next steps. The question becomes not just how to prevent a breach, but how to mitigate an attacker’s ability to exploit the information they have accessed and how to recover from the breach. 2. Cybersecurity is never just a technology problem, it’s a people, processes and knowledge problem. Breaches tend to be less about a technology failure and more about human error. IT security systems won’t secure critical information and intellectual property unless employees throughout the supply chain use secure cybersecurity practices. 3. Security is Security. There should be no gap between physical and cybersecurity. Sometimes the bad guys exploit lapses in physical security in order to launch a cyber attack. By the same token, an attacker looking for ways into a physical location might exploit cyber vulnerabilities to get access. Key Cyber Supply Chain Risks: Cyber supply chain risks covers a lot of territory. Some of the concerns include risks from: • Third party service providers or vendors – from janitorial services to software engineering -- with physical or virtual access to information systems, software code, or IP.
    [Show full text]
  • Configuration Management Guidelines
    Configuration Management Guidelines Date: April 2014 www.iaqg.org/scmh Section 7.5 Forward . The guideline describes Configuration Management functions and principles and defines Configuration Management terminology for use with Aerospace and Defense AS&D product line. It is targeted at Small and Medium size companies acting as subcontractors/suppliers either in a Build to Print or a Build to Spec relationship. The intention of these guidelines is to assist organizations with understanding the concept and process of Configuration Management and is not intended to be a requirement, nor auditable. 2 Introduction . The Aerospace Standards (e.g. IAQG 9100) call for the implementation of Configuration Management and documents control throughout the entire life cycle of product realization. Configuration Management establishes a language of understanding between the customer and the supplier both in predefined relationship (such as Built to Print) and those in which the supplier is given some freedom (such as Built to Spec). 3 Introduction . When Configuration Management principles are applied using effective practices, return on investment is maximized, product life cycle costs are reduced and the small investment in resources necessary for effective Configuration Management is returned many fold in cost avoidance. These Guidelines provide the reader with the basic ideas of the industry needs, the benefits to the implementing organization and describes Configuration Management functions and principles. 4 List of Topics 1. What is “Configuration”? 2. Why it is important to manage and control configuration in AS&D 3. Applicable Terms and Definitions 4. The objectives of Configuration Management 5. Benefits for an enterprise gained through application of CM 6.
    [Show full text]