====== Main Steps and Tools of Configuration Management ======

Configuration management (CM) is not a single activity but a cyclic process integrated into the entire software lifecycle. The ISO/IEC/IEEE 828:2012 standard identifies four principal activities:
  * Configuration Identification
  * Configuration Control
  * Configuration Status Accounting
  * Configuration Audit
In modern practice, a fifth step — Configuration Verification and Review — is also added for continuous improvement and compliance.

<figure The Configuration Management Cycle >
{{ :en:safeav:as:as:rtu_ch4_figure7.png?400| The Configuration Management Cycle }}
<caption>The Configuration Management Cycle (Adapted from ((IEEE. (2012). ISO/IEC/IEEE 828: Configuration Management in Systems and Software Engineering. IEEE Standards Association)) ((NASA. (2021). Configuration Management Procedural Requirements (NPR 7120.5E). National Aeronautics and Space Administration)))</caption>
</figure>

**Configuration Identification**
The first step in CM defines what needs to be managed. It involves:
  * Listing all Configuration Items (CIs) (e.g., code, documents, libraries, binaries).
  * Assigning each CI a unique identifier (e.g., version tag, build ID).
  * Structuring these items into a configuration hierarchy.
Example hierarchy:

<figure Example hierarchy >
{{ :en:safeav:as:as:rtu_ch4_figure8.png?400| Example hierarchy }}
<caption>Example hierarchy</caption>
</figure>

Tools & Techniques:
  * Version Control Systems: Git, SVN, Mercurial.
  * Artefact Repositories: JFrog Artifactory, Nexus.
  * Configuration Databases (CMDBs): ServiceNow CMDB, BMC Helix.
Goal: Create a clear inventory of every managed artefact and its dependencies.

<figure Change Control Workflow >
{{ :en:safeav:as:as:rtu_ch4_figure9.png?400| Change Control Workflow }}
<caption>Change Control Workflow</caption>
</figure>

Tools and Techniques:
  * Issue & Change Tracking: Jira, Redmine, Azure DevOps, Bugzilla.
  * Code Review Systems: GitHub Pull Requests, Gerrit, GitLab Merge Requests.
  * Workflow Automation: Jenkins, GitHub Actions, Bamboo.
Goal: Ensure that every change is reviewed, justified, and properly recorded before being implemented.

**Configuration Status Accounting (CSA)**
CSA provides visibility into the current state of configurations across the project. It records which versions of CIs exist, where they are stored, and what changes have occurred. Typical outputs include:
  * Version histories and change logs.
  * Baseline status reports.
  * Release documentation and distribution tracking.


<figure Configuration Status Flow >
{{ :en:safeav:as:as:rtu_ch4_figure10.png?400| Configuration Status Flow }}
<caption>Configuration Status Flow</caption>
</figure>

Tools & Techniques:
  * Version Reporting Tools: Git log, Git tag, or custom CI/CD reports.
  * Automated Dashboards: Grafana, Kibana, Jenkins build monitor.
  * ALM Suites: IBM Rational Team Concert, Siemens Polarion.
Goal: Provide transparency and traceability, so project managers and auditors can reconstruct the exact configuration of any product version at any point in time.

**Configuration Audit**
A Configuration Audit ensures the product conforms to its baseline and that all changes were properly implemented and documented. It verifies:
  * Each configuration item matches its specification.
  * All documentation is updated.
  * No unauthorised modifications exist.
There are two types:
  - Functional Configuration Audit (FCA): Confirms the system performs as intended.
  - Physical Configuration Audit (PCA): Confirms that the physical implementation matches the design documentation.
Tools & Techniques:
  * Automated Compliance Tools: Chef InSpec, OpenSCAP, AWS Config.
  * Manual Audits: Checklists and review boards.
  * Digital Twin Validation: Comparing digital models with deployed assets ((Wang, L., Xu, X., & Nee, A. Y. C. (2022). Digital twin-enabled integration in manufacturing. CIRP Annals, 71(1), 105–128.)).
Goal: Ensure integrity, consistency, and compliance across the entire configuration baseline.

**Configuration Review and Verification**
This optional step closes the CM loop. It assesses whether CM processes are effective and aligned with project objectives. Activities include:
  * Reviewing CM documentation and records.
  * Evaluating tool performance and automation coverage.
  * Identifying gaps or inefficiencies for improvement.
Tools:
  * CM maturity models (CMMI, ISO/IEC 15504).
  * Quality management platforms (e.g., Atlassian Confluence for audit documentation).
Goal: Support continuous improvement and process optimisation.

===== Main Tools for Configuration Management =====

Modern CM relies heavily on automation and integration tools to manage complexity and enforce discipline across teams. These tools can be categorized by function.

**Version Control Systems (VCS)**

^ Tool ^ Description ^ Example Use ^
| Git | Distributed version control system; supports branching and merging. | Used for nearly all modern software projects. |
| Subversion (SVN) | Centralised version control with strict change policies. | Preferred in regulated environments (aerospace, defence). |
| Mercurial | Similar to Git, optimised for scalability and ease of use. | Used in research or large repositories. |


**Build and Continuous Integration Tools**

^ Tool ^ Purpose ^ Example Use ^
| Jenkins / GitLab CI | Automate building, testing, and deploying changes. | Trigger builds after commits or merge requests. |
| Maven / Gradle / CMake | Manage project dependencies and build processes. | Ensure reproducible builds. |
| Docker / Podman | Containerise environments for consistency. | Package applications with dependencies for testing and deployment. |

**Infrastructure and Environment Management**

^ Tool ^ Function ^ Application ^
| Ansible / Puppet / Chef | Automate configuration and provisioning. | Keep server environments synchronised. |
| Terraform | Infrastructure as Code (IaC) for cloud platforms. | Manage cloud resources with version control. |
| Kubernetes Helm | Manages container-based deployments. | Controls configurations in microservice architectures. |

**Artifact and Release Management**

^ Tool ^ Purpose ^ Example Use ^
| JFrog Artifactory / Nexus Repository | Store and version compiled binaries, libraries, and Docker images. | Maintain reproducibility of releases. |
| Spinnaker / Argo CD | Manage continuous deployment to production environments. | Implement automated rollouts and rollbacks. |

**Configuration Tracking and Documentation**

^ Tool ^ Purpose ^ Use Case ^
| ServiceNow CMDB | Tracks configuration items, dependencies, and incidents. | Enterprise-scale CM. |
| Atlassian Confluence | Maintains documentation and process records. | Collaboration and change documentation. |
| Polarion / IBM DOORS | Links requirements to configuration items and test results. | Traceability in regulated environments. |

Example – An integrated  CM Workflow:

<figure An integrated  CM Workflow >
{{:en:safeav:softsys:rtu_ch4_figure11.png?400| An integrated  CM Workflow }}
<caption>An integrated  CM Workflow (Adapted from GitLab, Atlassian, and IEEE 828 integration frameworks)</caption>
</figure>


Toolchain Integration for Autonomous Systems
In autonomous platforms (e.g., UAVs, vehicles), CM tools are often integrated with:
  * Simulation tools (Gazebo, CARLA) for versioned testing.
  * Digital twins for validation of real-world behaviour.
  * Edge deployment systems for over-the-air (OTA) updates.
This hybrid approach ensures consistent software across all nodes — from cloud services to embedded controllers ((Raj, A., & Saxena, P. (2022). Software architectures for autonomous vehicle development: Trends and challenges. IEEE Access, 10, 54321–54345)).

===== Common Pitfalls and Lessons Learned =====

Even mature organisations often encounter challenges in lifecycle and configuration management:

^ Pitfall ^ Effect ^ Mitigation ^
| Poor version control discipline | Loss of traceability | Enforce the branching strategy and pull request reviews. |
| Incomplete configuration audits | Undetected inconsistencies | Automate audit workflows and compliance scanning. |
| Manual deployment processes | Environment drift | Use CI/CD and Infrastructure as Code. |
| Siloed documentation | Lack of visibility | Centralise records using CMDB or ALM platforms. |
| Lack of cultural adoption | Resistance to process discipline | Provide training, incentives, and leadership support. |

Organisations that succeed in embedding CM practices view them not as bureaucracy, but as enablers of reliability and trust.