Change For The Sake Of Change Management

As businesses feel pressures of distributed development and regulatory compliance, they need more visibility into and control of changes from development to deployment

By David Rubinstein

March 1, 2005 —

There has been a sea change in the change management market, as many providers of point solutions now embrace an “application life cycle” approach to managing enterprise applications, from inception to implementation.

The change has been evolutionary, so it’s impossible to pinpoint the exact moment the market shifted. However, most of the software vendors interviewed for this article agree there were three forces that came into play to drive them from their place in the source code control market into a broader field: the complexity of distributed development, regulatory compliance and CIO accountability to the business.

And as various vertical industries cope with those forces and their effect on application development, companies are finding that more than ever, they need the ability to trace, audit and control actions through the life cycle.

“The life cycle has become a continuous loop of patches and changes to deployed applications,” said James Rogers, vice president of product marketing at Serena Software, which several application life cycle management and software configuration management tools. “In the evolution from SCM to ALM, the secret sauce is process.”

It’s About Process
Companies need mastery and control over their development processes, and they must be able to demonstrate they are complying with those processes, according to Dominic Tavassoli, product marketing manager for change management applications at Telelogic. “We’re getting to a point, kind of a Darwinian reaction, where the boards of directors realize it’s survival of the fittest. They need a process improvement initiative to stay competitive.”

Change Mgmt

The move to automating processes with computers has resulted in more productivity, but another result has been the heightened pace of changes, which also now impact the broad business. “It used to be that changes were compartmentalized,” said Ed Roberto, president of Newmerix, which sells change management tools for packaged applications. “Now the changes have become more complex, and that has ripple effects throughout the system.”

According to Bill Phelan, vice president in charge of the Rational team products at IBM, process was something companies historically did not want to speak about. “For years, process has been a four-letter word,” he said. “When you talk about it as automation, or life cycle guidance—moving things from one stage to another—then it has a strong place.” But he noted that process has got to come with the benefit of integration and automation, otherwise you’re simply imposing a new way to work on organizations and you’ll face resistance.

One thing that will help with buy-in is the fact that this is the first generation of software development managers who have grown up with CM tools, said Rick Riccetti, CEO of Seapine, another player in the market. “If you’re used to using it as a programmer, you’ll use it as a manager.”

With the advent of service-oriented architectures, the need for control has become even greater, said Ken Barrette, product manager at Quest Software. “With more and more applications being created as a composite, you might not have direct control over some of the components. The need to be aware of changes to those assets and assess the impact is fundamentally different from creating the entire application in-house.”

Yet code management is simply one part of the development process, according to Carl Theobold, a vice president at Serena. “SCM tools solve some problems, but don’t scale from requirements to production. You need a coordinated effort in the life cycle. The quality bar is rising. There is a frustration with customers over software that isn’t high quality.” To serve that, more things in the life cycle need to be done in a repeatable, predictable way, with less ad hoc efforts under way. Traditionally, Theobold said, businesses had a lot of trust in their software developers. “That,” he said, “is going away.”

Newmerix’s Roberto sees a marriage of professional disciplines—a view also taken by IBM’s Philbin, who said his company also is addressing the life cycle in terms of roles, not job positions. “The person who used to be called a programmer/analyst now does development, testing and perhaps even training,” Philbin said. “When customers purchase products, they’re really purchasing roles. And the roles are getting blurred.”

Distributed Development
With people in different parts of the country or even around the world working on the same projects with increasing regularity, the need to control the development process has increased. “A developer wants to check out a file, change it, and fix it,” said Perforce founder and CTO Chris Seiwald. “The SCM system is right in the middle of your work, between the editor and compiler. People are getting to be more religious about their SCM systems than their operating system.”

Companies need to be able to give their developers, no matter where they are located, a little documentation and guidance from their development managers, and then they can do their job the right way, he said.

What distributed development has created a requirement for is traceability, according to Serena’s Rogers. “Change management was really asset management of the code, and coordination of changes with developers and QA. It was for small teams. Now, almost every individual needs traceability, auditability and control.”

Serena’s Theobold added that with more work being done in a distributed manner, “the demands on visibility are greater” for development managers. “It can be difficult to gain that visibility.” Telelogic’s Andy Gurd noted that tool suites can provide visibility for the various stakeholders in a project without requiring them to toggle between tools to get what they need. “That’s what makes these suites more enterprise-centric than the point solutions aimed at developers.”

As software projects get larger and teams are more spread out, control is essential, said Seapine’s Riccetti. This control is what is helping software engineering as a discipline mature beyond some crazy art. “All these people are trying to share files and manage change,” he said. “To manage this, you need a complete history of what occurred beyond version control. Why did it change, who changed it, and who reported the issue? You need to track it back, to get a history of the issue and the change all linked together to flow the information through the organization.”

Regulatory Compliance
With Sarbanes-Oxley, HIPAA and other federal or industry-wide rules come the need for traceability and accountability. Companies not only have to respond to changes in the organization, but now must document the steps they took to ensure privacy or that they are meeting the new imposed standards.

“People are being asked to prove they have control of their environments,” said Rob Warmack, senior director of product strategy for Tripwire, a company that sells solutions to manage change in deployed applications. “A control framework is where a lot of these tools are driving. You need change auditing standards built in.

“Compliance is here to say and will only increase,” he added. “Process integration will have to be automated and inherent in any framework. This way, you inspect the counting machines and not the beans.”

MKS, which has built out its own life-cycle management solution, also is looking at the area of dealing with changes to deployed applications. “We’ll be supporting the [IT Infrastructure Library] processes for system failures,” said Dave Martin, vice president of product management. “There’s a whole industry springing up around it. This will help ensure a consistent set of practices for managing the system infrastructure, and this is a good fit with the software life cycle.”

Compliance also is driving the need for managing change in the production environment. “People are being asked to prove they have control” of the environment, said Rob Warmack, senior director of product strategy at Tripwire. “Once a change is approved, tested and released, how do you know the state of the application is in the right place?”

Warmack said this will lead to the notion of third-party validation as a complement to SCM tools. “They don’t touch the infrastructure,” he said of the application change management tools, “and we can’t show exactly what changed. We can say the infrastructure is intact, and there is no variation in the application. The question is, ‘Should the application have changed? Was it affected by change or not?’ That’s where third-party validation comes in.”

Further, Warmack believes process integration will have to be automated and inherent in any application management framework. “You must have controls in place,” he said. “This way, you inspect the counting machines and not the beans. You should be able to check the controls and not the changes. Change management is driving from efficiency toward excellence.”

View from C-Level
Enterprise development shops are notorious for having multiple silos that have formed over time, each holding bits of data that are difficult to access and share between roles and departments. But the need for business executives to gain visibility into and control over the development process as one of several business processes has led to the creation of these life cycle platforms, according to Susan Emery, product manager for Borland’s StarTeam tools. “In a development environment, you need to trace items from the requirements stage and manage the change across the silos of roles,” she said. Allowing automatic communication between roles in the tools lowers the walls that build up between them, she added.

“Change management always inherently involved source code control,” said Eric Lee, a product manager for Microsoft’s Visual Studio Team System. “Now we’re [seeing companies] trying to involve the business decision-makers. Change management is becoming more encompassing.”

The company, Lee said, is hoping to see the same sort of cottage industry spring up around Team System that was created around Visual Basic. “We’ve spent a lot of time developing the low-level infrastructure and engines so partners can build on it.”

This will help build out the broader life cycle management solutions, according to Borland’s Rob Cheng, director of product marketing. “In the past, there was nowhere to put a lot of capability for portfolio management, for example, because it wasn’t specific to one tool in a point product. Just as the J2EE servlet containers and app servers have given way to broader platforms, with such things as portals now added in, we’re seeing the same economies of scale in the application life cycle management market, and the same advantages to integration.”

Share this link: http://www.sdtimes.com/link/28466

Preflight builds spread wings for smoother projects Developers are increasingly turning to preflight builds, allowing them to experiment with code before moving on to the full production build cycle. Electric Cloud and Urbancode already use them in their build management products.

Guest View: Lowdown on virtualization hype Everybody loves virtualization nowadays, but a lot of the supposed benefits of virtualization come from misunderstandings as to what it can do. Don MacVittie lays out the limitations to the technology.

Add comment

Name*
Email*
Country

Comment
Preview

News on Monday
more>>
SharePoint Tech Report
more>>

Download Current Issue
ISSUE 3/15/2010 PDF

Need Back Issues?
DOWNLOAD HERE

Receive the print Edition?

Google Code turns 5
Google Code Turns 5, and adds a Paxos Algorithm to make the system more stable and reliable.
03/17/2010 11:16 AM EST

Test your Visual Studio 2010 know-how
Microsoft is offering free beta certification exams for Visual Studio 2010.
03/17/2010 11:08 AM EST

Microsoft lifts the hood on IE9
Microsoft is previewing IE9.
03/16/2010 01:10 PM EST