Configuration Management

•It is the stream systematically controlling the changes that take place during development•IEEE defines SCM as the process of identifying and defining the items in the system, controlling the change of these items throughout their life cycle, recording and reporting the status of the items change requests, verifying the completeness and correctness of items•Changes may occur due to –•Evolution of the work products as proj proceeds•Changes due to the defects(bugs) being found and then fixed•Changes due to requirements changes•All these are reflected in files containing source,data or documentation

Configuration Mgmt• SCM directly controls the products of the process

and only directly influences the activities producing the product

• It is essential to satisfy one of the basic objective of the project– delivery of a high quality s/w product to the client

• Software which is delivered to the client contains various source or object files and associated documentation

• During the course of the project,the files change, leading to diff.versions

CM functionality• Requirements of project from its config.mgmt process depends on

nature of the project—– Give latest version of pgm:- suppose the program has to be

modified,modification has to be carried out in the latest copy of that program otherwise changes made earlier may be lost

– Undo a change or revert back to a specified version:- a change is made to a pgm, but later it would be a need to undo change request

– Prevent unauthorized changes or deletions:-a programmer may decide to change some pgms, only to discover that change has adverse side effects. The CM must allow this to happen smoothly

– Prevent unauthorized changes/deletions:- a programmer may decide to change some programs,only to discover that the change has adverse side effects. The CM process ensures that unapproved changes are not permitted

– Gather all sources,docs,and other info from current system:-all sources and related files are needed for releasing the product. The CM process must provide this functionality. All sources and related files of a working system are needed for reinstallation

CM mechanism• The mechanism used to provide necessary functionality include:-

– Config.identification and baselining– Version control or version mgmt– Access control– A s/w config.item(SCI) or item is a document or an artifact that

is placed under configuration control and can be regarded as a basic unit for modification

– Configuration management (CM) is a field of management that focuses on establishing and maintaining consistency of a system's or product's performance

– its functional and physical attributes with its requirements, design, and operational information throughout its life

– SCM defined by Pressman is—– “set of activities designed to control change by identifying the work products

that are likely to change, establishing relationships among them, defining mechanisms for managing different versions of these work products, controlling the changes imposed, and auditing and reporting on the changes made.”

SCI• As the proj proceeds hundreds of changes are made to these

config.items hence baselines are established• A baseline once established,captures logical state of the

system and forms the basis of change thereafter• A baseline also forms a reference pt. in the development of a

system• SCIs(s/w config item) are being managed by SCM are not

independent of one another• An SCI x is said to depend on another SCI y, if a change to y

might require a change to be made to x for x to remain correct or for the baselines to remain consistent

• A change request might require the changes to be made to some SCIs, the dependency of other SCIs on the ones being changed might require that other SCIs also need to be changed

• Dependency among SCIs is to be properly understood and documented

Version Control• Key issue for CM• Many tools are available to help manage the

various versions of programs• Without such a mechanism,many of the reqd CM

functions cannot be supported• Version control helps preserve older versions of

the programs whenever pgms are changed• Commonly used CM systems are :- Source Code

Control System, a method of controlling software versions

• Others are CVS,VSS

Access control• Life cycle of SCI

– While an SCI is under development, is not visible to other SCIs, it is in the working state

– An SCI in working state can’t be changed freely – Once developer is satisfied with the SCI is stable enough

to be used by others, the SCI is given for review and the item enters the state “under review”

– Once an item is in this state, it is “frozen”– Any changes made to a pvt.copy that the developer

may have made are not recognized– After a review the SCI is entered into library after which

the item is formally under SCM– The purpose of this review is to make sure that item is

of satisfactory quality

CM process• CM process defines the set of activities need to be performed

to control change• 1st stage in CM process is planning• Then process has to be executed,using some tools• CM plan requires discipline from project personnel in terms of

storing items in proper locations, making changes properly, monitoring the status of config.items and performing CM audits

• Planning for config mgmt involves identifying the config items and specifying the procedures to be used for controlling and implementing changes to these config items

• Examples of config items include requirement specification,design docs, source code,test plans, test scripts, test procedures,test data,stds used in the project, acceptance plan,docs such as CM plan and project plan, user documentation such as user manual, training material, contract docs,quality records(review and test records) and CM records(release records,status tracking records)

• Any customer supplied products or purchased items that will be the part of the delivery are also config items

CM process contd…• To facilitate proper naming of configuration items, the naming

convention for CM items are decided during the CM planning stages

• In addition to naming std,version numbering must be planned. When a config item is changed,the old item is not replaced with the new copy instead the old copy is maintained and a new one is created

• This approach results in multiple versions of an item• If CM tool is used , it handles the version numbering otherwise has

to be done explicitly in the project• The config controller/project manager do the CM planning, it is

begun only when the project is been initiated and the operating environment and requirements specifications are clearly documented. The o/p of this is CM plan

• The config controller is responsible for implementation of CM planning

• For CM to work well,to avoid mistake in SCI(s/w config item), auditing and regular checking of SCI is done

• The audit may also check that changes to SCIs due to change requests have been done

• Refer http://ptgmedia.pearsoncmg.com/images/0321117662/samplechapter/hassch01.pdf

CMM• CMM provides roadmap for process improvement• Software process capability describes the range of

expected results that can be achieved• The process capability of an organization determines what

can be expected from the organization in terms of quality and productivity. The goal of process improvement is to improve the process capability

• A maturity is a well defined evolutionary plateau towards achieving a matured s/w process

• CMM (Capability Maturity Model) is a model of process maturity for software development - an evolutionary model of the progress of a company’s abilities to develop software.Development of this model was necessary so that the U.S. federal government could objectively evaluate software providers and their abilities to manage large projects. 

CMM contd…• Many companies had been completing their projects with

significant overruns in schedule and budget. The development and application of CMM helps to solve this problem. 

• The key concept of the standard is organizational maturity. A mature organization has clearly defined procedures for software development and project management.

• These procedures are adjusted and perfected as required. • In any software development company there

are standards for processes of development, testing, and software application; and rules for appearance of final program code, components, interfaces, etc.(refer diag.next slide)

• CMM – 5 levels (refer the doc sent)

Risk management• Risk mgmt is an attempt to minimize the chances of failure

caused by unplanned events• The aim of risk mgmt is not to avoid doing such projects

where there is a risk but to minimize the impact of risks in the projects which are undertaken

• Risk is defined as an exposure to the chance of injury/loss• In the context of s/w project, risk may have an adverse effect

on cost, quality and schedule• Risk mgmt is the area to ensure that the impact of risks on

cost, quality and schedule is minimal• Risk management has to deal with identifying the undesirable

events that can occur,the probability of their occurring and the loss if an undesirable event occurs

• Once this is known, the strategies for either reducing the probability of risk or reducing the effect of risk materializing are formulated

• Risk assessment and risk control are two imp aspects

Risk assessment• Risk assessment is undertaken at the time of project planning• This involves identifying the risks, analyzing them and

prioritizing them on the basis of analysis• Risk identification is the first step,identifies all different risks

for a particular project. These risks are project dependents• Methods that can aid risk identification include checklists of

possible risks,surveys, meetings and brainstorming and reviews of plans, processes and work products

• Based on surveys of experienced project managers, Boehm has produced a list of 10 risk items likely to compromise the success of s/w project

• 1) personal shortfalls—having good knowledge in specific skills in specific areas;adequate training may reduce the risk

• 2)unrealistic schedules and budget—high level mgmt imposes the schedule, may not be based on the characteristics of project and hence may be unrealistic

• 3)developing wrong s/w functions- due to lack of correct SRS

Risk items/factors• 4)Developing wrong user interface• 5)Gold plating– adding features to s/w which are marginally

useful,adds unnecessary risk to the project as it consumes resources and indirectly the time

• 6)Continuing the stream of requirement changes – incremental development or info hiding

• 7)Shortfalls in externally furnished components• 8)Shortfalls in externally performed tasks• 9)Real time performance shortfalls• 10)Straining computer science capabilities– if a project relies

on technology that is not well developed, then project may fail

• Risk identification identifies undesirable events that might take place during the project i.e. enumerates “unforeseen” events that might occur

• Hence the next tasks are risk analysis and prioritization

Risk analysis• In risk analysis, the probability of occurrence of risk has to be

estimated, along with the loss that will occur if the risk does materialize

• If the cost models are used for cost and schedule estimation, the same can be used to assess the cost and schedule risk

• In COCOMO cost model,the cost estimate depends on rating of diff cost drivers,

• Risk analysis can be done by estimating the worst case value of size and all the cost drivers and then estimating the project cost from these values

• The other approaches for risk analysis include studying the probability and the outcome of possible decisions(decision analysis),understanding task dependencies to decide critical activities and probability and cost of their not being completed on time(n/w analysis),risks on various quality factors like reliability and usability(quality factor analysis) and evaluating the performance(performance analysis)

Risk exposure• Once the probabilities of risks materializing and losses due

to the same have been analyzed,they can be prioritized. • RE=Prob(UO) * Loss(UO) undesirable outcome• Prob(UO)– is the probability of risk materializing• Loss(UO)- total loss incurred due to unsatisfactory outcome• The loss is not only direct financial loss but in terms of

credibility,future business and loss of property/life• RE is an expected value of loss due to particular risk• The higher the RE the higher the priority of the risk item

Risk control• The main objective of risk mgmt is to identify top few risk

items and focus on them• Knowing the risks of value, then one can prepare the plan

so that their consequences are minimal– basic goal of risk mgmt

• For most risks, risk mitigation steps are performed• They are either reducing probability of risk materializing or

reduce the loss due to risk materializing• the commonly occurring risks are maintained in a table• Even risk monitoring is also carried out,which monitors the

status of various risks and their control activities• One simple approach of risk monitoring is to analyze the

risks afresh at each major milestone and change the plans as needed