Software Configuration Management (SCM)

You may recall that software configuration management (SCM) is one of the five KPA required for an organization to e at CMM level !" #hat means$ according to S%&$ effective 'ro(ect management is not 'ossi le without having a 'ro'er SCM function in 'lace" #he asic idea ehind SCM is to manage and control change" As mentioned y )ersoff$ no matter where you are in the system life cycle$ the system will change$ and the desire to change it will 'ersist throughout the life cycle" &t is therefore essential that we manage and control it in a fashion that this continuous change does not convert into chaos" #his has ecome more im'ortant in the conte*t of contem'orary software develo'ment as we are getting more and more com'le* software 'ro(ects in terms of size$ so'histication$ and technology" &n addition$ these software systems are used y millions of users all over the world" #hese systems need multilingual and multi+'latform su''ort (hardware$ software) and have to o'erate in a distri uted environment" #hat means that a software system may come in many configuration flavors including des,to'$ standard$ 'rofessional$ and enter'rise versions" #here is a rutal com'etition out there and any com'lacency may result in losing a ig mar,et share" #he huge maintenance frequency - corrective and ada'tive - ma,es life even more difficult" More com'le* develo'ment environment with shorter reaction time results in confusion and chaos. Change Chaos #his frequent change$ if not managed 'ro'erly$ results in chaos" /irst of all there would e 'ro lems of identification and trac,ing which would result in questions li,e the following0 1#his 'rogram wor,ed yesterday" 2hat ha''ened34 1& fi*ed this error last wee," 2hy is it ac,34 12here are all my changes from last wee,34 1#his seems li,e an o vious fi*" 5as it een tried efore34 12ho is res'onsi le for this change34 #hen there are 'ro lems of version selection" #he ty'ical 'ro lems faced are0 15as everything een com'iled3 #ested34 15ow do & configure for test$ with my u'dates and no others34 15ow do & e*clude this incom'lete6faulty change34 1& can7t re'roduce the error in this co'y.4 1%*actly which fi*es went into this configuration34 18h my 9od." & need to merge !:; files.4 <o ody ,nows which versions of 'rograms are final o 2here is the latest version3 o 2hich version is the right one3 & have so many o & have lost my latest changes =atest versions of code overwritten y old versions #here was a minor 'ro lem$ & fi*ed it ut it is no longer wor,ing >

o & can7t figure+out the changes made to the 'revious version" o & can7t go ac, #hen there are software delivery 'ro lems" 12hich configuration does this customer have34 1?id we deliver a consistent configuration34 1?id the customer modify the code34 1#he customer s,i''ed the 'revious two releases" 2hat ha''ens if we send him the new one34 Shi''ed the wrong version to the client"

#his is not all" #here may e more chaos in the following sha'es and forms0 #he design document is out of sync with 'rograms & don7t ,now if all the changes that were suggested have een incor'orated 2hich code was sent to testing3

SCM is a function that$ if im'lemented$ will reduce these 'ro lems to a minimal level" Configuration management As defined y CMM$ the 'ur'ose of SCM is to esta lish and maintain the integrity or software 'roducts through the 'ro(ect7s life cycle" Configuration management is concerned with managing evolving software systems" &t ac,nowledges that system change is a team activity and thus it aims to control the costs and effort involved in ma,ing changes to a system" SCM involves the develo'ment and a''lication of 'rocedures and standards to manage an evolving software 'roduct and is 'art of a more general quality management 'rocess" Baseline 2hen released to CM$ software systems are called baselines and serve as the starting 'oint for further develo'ment"A aseline is a software configuration management conce't that hel's us to control change without seriously im'eding (ustifia le change" &t is defined y &%%% as0 A specification or a product that has been formally reviewed and agreed upon, that thereafter serves as the basis for further development, and that can be changed only through formal change control procedures. Software Configuration Item (SCI) A Software Configuration &tem is the information that is created as 'art of the software engineering 'rocess" #y'ical SC&s include requirement s'ecifications$ design s'ecification$ source code$ test cases and recorded results$ user guides and installation manuals$ e*ecuta le 'rograms$ and standards and 'rocedures (for e*am'le C@@ design guidelines)" Software Configuration Management Tasks

Software configuration management tas,s include0 &dentification Aersion Control Change Control Configuration Auditing Be'orting

&dentification addresses how does an organization identify and manage the many e*isting versions of a 'rogram in a manner that will ena le changes to e accommodated efficiently3 Aersion Control tal,s a out how does an organization control changes efore and after software is released to a customer3 &t is actually a com ination of 'rocedures and tools to manage different versions of the software configuration" Clemm states that Configuration management allows the user to specify alternative configurations of the software system through the selection of the appropriate versions. This is supported by associating with each software version, and then allowing configuration to be specified and constructed by describing the set of desired attributes. A version has many different attri utes" &n the sim'lest form a s'ecific version num er that is attached to each o (ect and in the com'le* form it may have a string of )oolean varia les (switches) that indicate s'ecific ty'es of functional changes that have een a''lied to the system" #he Change Control 'rocess addresses the im'ortant question of who has the res'onsi ility for a''roving and ran,ing changes" Configuration Auditing deals with ensuring that the changes have een made 'ro'erly and finally Be'orting tal,s a out the mechanism used to a''rise others of changes that are made" Configuration &dentification involves identification of a tool for SCM" #hen a aseline is esta lished and identified which is then used to identify configura le software items" At the minimum$ all delivera les must e identified as configura le items" #his includes design$ software$ test cases$ tutorials$ and user guides"

Product Release Version Num ering S!stem

Product release is the act of ma,ing a 'roduct availa le to its intended customers" After a 'roduct has had its first release$ it enters a 'roduct release cycle" <ew versions of the 'roduct are made availa le that may fi* defects or add features that were not in 'revious releases" #hese changes are categorized as u'dates or u'grades" An u'date fi*es 'roduct defects" An u'grade enhances the 'roduct feature set and will include u'dates"

Release Num ering

%ach individual 'roduct release is viewed as eing in a unique state which is the total set of functionality 'ossessed y the 'roduct release" Belease num ering is a mechanism to identify the C

'roduct7s functionality state" %ach release will have a different 'roduct state and hence will have a different release num er" Although there is no industry standard$ ty'ically$ a three field com'ound num er of the format 1D"Y"E4 is used" #he different fields communicate functionality information a out the 'roduct release" #he first digit$ D$ is used for the ma(or release num er which is used to identify a ma(or increase in the 'roduct functionality" #he ma(or release num er is usually incremented to indicate a significant change in the 'roduct functionality or a new 'roduct ase+line" #he second digit$ Y$ stands for feature release num er" #he feature release num er is iterated to identify when a set of 'roduct features have een added or significantly modified from their originally documented ehaviour" #he third digit$ E$ is called the defect re'air num er and is incremented when a set of defects is re'aired" ?efect re'air6maintenance is considered to e any activity that su''orts the release functionality s'ecification and it may a fi* for some ugs or some maintenance to enhance the 'erformance of the a''lication" Conventionally$ a release num er starts with a ma(or num er of one$ followed y zero for its feature and maintenance num ers" #his results in a release num er >";";" &f the first new release that is needed is a defect re'air release$ the last digit would e iterated to one$ resulting in >";">" &f two additional defect re'air releases are needed$ we would eventually have a release num er of >";"C" Assume that an u'grade feature release is now needed" 2e will need to iterate the second field and will roll ac, the defect re'air num er to ;$ resulting in a release num er of >">";" 2hen we iterate the ma(or release identifier$ oth the feature and defect num ers would e reset ac, to zero"

Internal Release Num ering

A s'ecial ty'e of release is internal release" &nternal releases are used y the develo'ment organization as a staging mechanism for functionality" #he most common internal releases are the regular uilds" A common way to num er internal uilds is to use the same release num er that would e used for final release with some additional information added to it to identify the uilt" &t is suggested that we add an e*tra (fourth) field to identify and ,ee' trac, of internal uilds" #he following diagram de'icts the a ove mentioned version num ering system"

1.0.0

1.0.1

1.0.2

1.1.0

1.1.1

1.2.0

First Release

Update release to fix defects. Based on 1.0.0

Update release to fix defects. Can be based on 1.0.0 or 1.0.1

Upgrade release to add features and fix defects. can be based on 1.0.0, 1.0.1, or 1.0.2

Update release to fix defects. Based on 1.1.0

Upgrade release to add features and fix defects. can be based on 1.1.0 or 1.1.1

Change control Fames )ac, 'oints out the difficulties related to change control as follows0

Change control is vital. But the forces that make it necessary also make it annoying. We worry about change because a tiny perturbation in the code can cause a big failure in the product. But it can also fix a big failure or enable wonderful new capabilities. We worry about change because a single rogue developer could sink the pro ect! yet brilliant ideas originate in the minds of those rogues, and a burdensome change control process could discourage them from doing creative work. #hat is$ li,e all engineering activities$ change control is the name of a alancing act" #oo much or too little change control creates different ty'es of 'ro lems as uncontrolled change ra'idly leads to chaos" #he change control 'rocess is ela orated in the following su +section"

Change Control Process

#he first com'onent of the change control 'rocess is the Change Control Authority (CCA) or a Change Control )oard (CC))" A CCA or CC) includes 'eo'le from oth develo'er and client side" 2henever a change is required$ the CC) decides whether to allow this change to ha''en or deny it" &f it is decided that a change is needed$ an %ngineering Change 8rder or %C8 is generated" An %C8 defines the change to e made$ the constraints that must e res'ected$ and the criteria for review and audit" #he change control 'rocess thus involves the following ste's" >) !) C) G) :) H) need for change is recognized change request from user develo'er evaluates change re'ort is generated change control authority (CCA) decides %ither ste' Ha or H is 'erformed" Ste's num ers I to >I are 'erformed only if ste' H is 'erformed" a) i) change request is denied ii) user is informed iii) no further action is ta,en" ) assign 'eo'le to SC&s I) chec,+out SC&s J) ma,e the change K) review6audit the change >;) chec,+in SC&s >>) esta lish a 1 aseline4 for testing >!) 'erform SLA and testing activities >C) chec,+in the changed SC&s >G) 'romote SC& for inclusion in ne*t release >:) re uild a''ro'riate version >H) review6audit the change

>I) include all changes in release #hus$ a change is incor'orated in a controlled and strict manner" Check"in and check"out &n SCM$ the 'rocesses of Chec,+in and Chec,+out ta,e a central stage" #hese are two im'ortant elements of change control and 'rovide access and synchronization control" Access control manages who has the authority to chec,+out the o (ect and synchronization control ensures that 'arallel changes y two different 'eo'le do not overwrite one another" Synchronization control im'lements a control on u'dates" 2hen a co'y is chec,ed+out$ other co'ies can e chec,ed out for use only ut they cannot e modified" &n essence$ it im'lements a single+writer multi'le+readers 'rotocol" #his 'rocess is de'icted in the following diagram"

ct #e b o & n on tio rsi a ur %e fig fied n i t Co od di $( "u fo in

Chec ! in
unloc

Configuration ob#ect $baseline %ersion&

Software engineer

C $e onf xt ig r a ur c t at R e ed io C )u loc on e %e n o fig st rs b#e f io c ur o n& t at r io n ob Chec ! #e ct out

"ccess control

'wnership info

*ro#ect +B

Configuration ob#ect $baseline %ersion&

Configuration #udit Configuration audit ensures that a change has een 'ro'erly im'lemented" &t involves formal technical reviews and software configuration audit" Configuration audit assess a configuration o (ect for characteristics that are generally not considered during audit" &t is conducted y the SLA grou'" &t loo,s into the following as'ects of the change0 5as the change s'ecified in the %C8 een made3 5ave any additional modifications een incor'orated3 5as a /#B een conducted to assess technical correctness3

5as the software 'rocess een followed3 5ave the S% standards een 'ro'erly a''lied3 5as the change een highlighted in the SC&3 o Change date and author o 5ave the attri utes of the configuration o (ect een u'dated3 5ave the SCM 'rocedures for noting the change$ recording it$ and re'orting it followed3 5ave all related SC&7s een 'ro'erly u'dated3

een

An audit re'ort is finally generated and any non+com'liances are highlighted so that they may e corrected" Configuration Status re$orting (CSR) Configuration Status Be'orting (CSB) is also ,nown as status accounting" &t re'orts on the following items0 2hat ha''ened3 2ho did it3 2hen did it ha''en3 2hat else will e affected3

&f it is not done then the organization faces the left hand not ,nowing what the right hand is doing syndrome" 2ithout it$ if a 'erson res'onsi le for the change leaves for whatever reason$ it would e difficult to understand the whole scenario" CSB re'orts are generated on regular asis" %ach time an SC& is assigned a new identification$ a CSB entry is made" %ach time a change is a''roved y CCA$ a CSB entry is made" Also$ each time configuration audit is conducted$ the results are re'orted as 'art of CSB tas,"