JOURNAL OF INFORMATION TECHNOLOGY AND ENGINEERING Volume 2 Number 2 July-December 2011 pp. 47-56 J I T E

International Science PressISSN: 2229-7421

ABS

TRA

CT

Best Practices to Achieve CMMI Level 2 Configuration ManagementProcess Area Through VSS Tool

PRERNA GUPTA1, AND D.S. RAO2

1E-mail: prernagupta2k7@gmail.com2E-mail: Dr.dsrao@yahoo.in

Over the past years, the capability maturity model (CMM) and capability maturity model integration (CMMI) havebeen broadly used for assessing organizational maturity and process capability throughout the world. However, therapid pace of change in information technology has caused increasing frustration to the heavyweight plans,specifications, and other documentation imposed by contractual inertia and maturity model compliance criteria. Inlight of that, configuration management methodologies have been adopted to tackle this challenge. The aim of ourpaper is to present mapping between CMMI and one of the SCM tool VSS. It shows how VSS addresses theConfiguration Management Process Areas of CMMI and help in achieving all the goals which are defined at CMMIlevel 2 Configuration process areas. This is useful for organizations that have their plan-driven process based on theCMMI model and are planning to improve its processes toward agility or to help organizations to define a newproject management framework based on both CMMI and configuration practices

1. INTRODUCTION

Process improvement is a series of actions taken toidentify, analyze and improve existing processes withinan organization to meet new goals and objective. Theseactions follow a specific methodology or strategy.

When developing software, you need to have amanageable team development effort, track and maintainthe history of your projects, sustain parallel developmenton multiple product versions, fix bugs, and releaseservice packs while further developing the application.This is where the concepts of Software ConfigurationManagement come into play.

Software Configuration Management (SCM) is thecollection of processes and tools that are used toeffectively manage the development, maintenance, andbuild processes of software. Tools alone will never getthe job done. It is important to note that processes or"best practices" are a critical element in the total successof SCM for your organization.

Using good software configuration managementtools will help you ensure that you maintain all theartifacts for the project in one location.

2. OBJECTIVE

The aim of our paper is to present mapping betweenCMMI Configuration management Process area and oneof the SCM tool VSS. This CM paper will describe how acompany, organization, or project can leverage theProcesses and tools provided by Microsoft for achieving

CMMI ML 2. At a high level, it describes how the CMMIviews Configuration Management, and discusses howVSS tool solutions satisfy the Configuration ManagementProcess Area’s specific and generic goals and practices.The scope of this paper is the Capability Maturity ModelIntegration (CMMI) Configuration Management processarea maturity level 2 (CMMI ML 2) Requirements. Incases where Microsoft VSS solutions do not fully addressa practice, recommendations are made on how theorganization might satisfy the practices to attain CMMIML 2 compliance. At the end of this paper a matrix isprovided listing each CMMI CM goal/practice, its description,the VSS tool role that might be responsible for satisfyingthe practice, what VSS process, procedure, template, orVSS tool might help satisfy the practice and any otherobservations and recommendations that might be relevant.

3. ASSUMPTIONS

The CMMI appraisal model is a verification-based auditthat essentially follows the “Say what you do, do whatyou say, prove it” concept. This means that organizationsthat wish to achieve a CMMI maturity level 2 rating mustdocument various management and engineeringpractices, execute them as documented, and be able toprove it by the existence of quality records and/or projectartifacts. During an appraisal, an SEI Authorized LeadAppraiser and qualified appraisal team members lookfor objective evidence that the organization hasimplemented and institutionalized the practices.Objective evidence consists of direct artifacts, indirectartifacts, and affirmations.

JOURNAL OF INFORMATION TECHNOLOGY AND ENGINEERING (AN INTERNATIONAL JOURNALS)48

Direct artifacts are tangible work products directlycreated as a result of implementing a practice (e.g. aproject plan or CM plan). Indirect artifacts are a sideeffect of implementing the practice or otherwise indicatethe practice was performed (e.g., meeting minutes,reviews, logs). Affirmations are oral or written statementsconfirming or supporting the practice was implemented.

This paper makes the following organizationalassumptions to show how VSS solutions are utilized:

1. Adoption and implementation of the VSS

2. Use of the VSS as documented

3. Creation of the artifacts as defined by the VSS

This paper will identify the various VSS roles,disciplines, templates and activities that would apply insatisfying the various CMMI maturity level 2 CM keypractices.

The process area (PA) matrix attached to this paperlists each CMMI CM practice by goal (both specific andgeneric), its description, the VSS role that might beresponsible for satisfying the key practice, what VSSprocess and procedure/template might help satisfy thekey practice, and any notes that might be relevant. Insituations where VSS does not fully address a keypractice; suggestions are made in the notes column ofthe matrices on how the project might address the keypractice to attain compliance.

4. DESCRIPTION OF CMMI CONFIGURATIONMANAGEMENT PROCESS AREA’S SPECIFIC GOALS

The purpose of Configuration Management (CM) is toestablish and maintain the integrity of work productsusing configuration identification, configuration control,configuration status accounting, and configurationaudits.

The Configuration Management process areainvolves the following specific goals:

• Identifying the configuration of selected workproducts that compose the baselines at givenpoints in time

• Controlling changes to configuration items

• Building or providing specifications to buildwork products from the configurationmanagement system

• Maintaining the integrity of baselines

SG 1 ESTABLISH BASELINE

Baseline is an object that typically represents a stableconfiguration of a component. A baseline is a set ofspecifications or work products that has been formallyreviewed and agreed on, that thereafter serves as the

basis for further development or delivery, and that canbe changed only through change control procedure. Abaseline identifies activities and one version of everyelement in a component, in effect, acting as a version ofa component.

For System Engineering, Baseline can be viewedas: The system-level requirements, system-element-leveldesign requirements, and the product definition at theend of development/beginning of production. These aretypically referred to as the “functional baseline”,“allocated baseline”, and “product baseline”.

For Software Engineering, Baseline can be viewedas: A Software Baseline can be a set of requirements,design, source code files and the associated executablecode, build files, and user documentation (associatedentities) that have been assigned a unique identifier.

Below are the Practices which can be followed toachieve this goal:

4.1. Identify Configuration ItemsConfiguration identification is the selection, creation, andspecification of the following:

• Products that are delivered to the customer.

• Designated internal work products.

• Acquired products.

• Tools and other capital assets of the project’swork environment.

Other items that are used in creatin and describingthese work products.

Implementation Approach: When any member ofthe project team creates any new item of projectdocumentation that requires distribution to a variety ofother project staff, they should submit it to theconfiguration administrator, or whoever is designatedas being responsible for administering the configurationmanagement procedures - in order that they can decidewhether or not it constitutes a configuration item (CI).Once the item is designated as the configuration item-itcan be uploaded through VSS tool in its database. Aconfiguration item may have a number of versionsrelating to the continuing development of thatconfiguration item. Initially the first version of theapproved baseline will be uploaded by the configurationmanager. The configuration item may then undergo anumber of modifications as it is tested and errorscorrected, or as changes are requested. As changesrequire an initial state and next state, the marking ofsignificant states within a series of several changesbecomes important. So, with the help of VSS theidentification of significant states within the revisionhistory of a configuration item can be done which is thecentral purpose of baseline identification.

BEST PRACTICES TO ACHIEVE CMMI LEVEL 2 CONFIGURATION MANAGEMENT PROCESS AREA THROUGH VSS TOOL 49

History of a configuration item identifies theversions of that particular item. A new version will becreated whenever a change is made to an existing item.

4.1.1. Sub PracticeSelect the configuration items and the work products thatcompose them based on documented criteria.

Implementation Approach: To relate with the realIT world, here is an example:

In an organization where there exists a testingproject we maintain the below artifacts in the mentionedsub-folders within the main project folder:

Deliverables: In this folder, we put all thosedocuments which are sent to the client after the testexecution.

1. Test Plan and Test set

2. Test Summary

3. Requirement Traceability Matrix

4. Lesson Learnt

Receivables: In this folder, we put all thosedocuments which are received from the client before thetest execution.

1. Base lined BR, SRS, HLD, wireframe docs.

2. Scope Change Documents

VSS has the functionality of retrieving the documentsbasis on their LABELS which also helps in identifyingthe baseline.

Naming Convention: Project number_Team Name_Document name

Below are the following documents which we usedwithin an organization for a testing project.

RTM-184113a_ DMDR Dashboard _RTM

Test Plan-184113a_ DMDR Dashboard _Test Plan

Data Request-184113a_ DMDR Dashboard _DataRequest

The following screenshot represents how we cancreate the different folders in VSS so that documents canbe maintained, stored and accessed whenever required.

JOURNAL OF INFORMATION TECHNOLOGY AND ENGINEERING (AN INTERNATIONAL JOURNALS)50

BEST PRACTICES TO ACHIEVE CMMI LEVEL 2 CONFIGURATION MANAGEMENT PROCESS AREA THROUGH VSS TOOL 51

4.1.2. Sub PracticeAssign unique identifiers to configuration items.

Implementation Approach: The entity must beuniquely identified so that it can be distinguished fromall other configuration items i.e. unique identifiers areassigned to the configuration items so that we candifferentiate among the different versions of the samedocuments as well as to differentiate among the differentdocuments.

The following naming convention can be used toidentify the different documents which will act as thelabel for them. VSS has the functionality of retrievingthe documents basis on their LABELS.

Naming Convention: Project number _TeamName_Document name

Below are the following documents which we usedwithin an organization for a testing project.

RTM-184113a_ DMDR Dashboard _RTM

4.1.3. Sub PracticeSpecify the important characteristics of eachconfiguration item.

Implementation Approach: Through the VSS we canspecify the important attributes of a configuration itemlike who checked out or checked in the document andthe date which tells about when the user check out andcheck in again .The new and the old versions of adocuments are available for the user.

4.1.4. Sub PracticeSpecify when each configuration item is placed underconfiguration management.

Implementation Approach: With the help of VSSwe can label the documents in such a way that canrepresent the stage in which we create the document.

The following convention can be used:

The identifier consists of three parts separated byhyphens in the format 123-45-67:

The first part of the identifier is the project number;the second part identifies the stage in which the itemwas originally created; the third part is simply anascending order for items generated during the stage.

217-02- 02 ↑ ↑

Project Stage Sequential Number Stage numbers canbe assigned as follows:

Configuration Items:

1. Reference items, such as the SDLC and glossary

2. Planning stage items

3. Requirement Stage Items

4. Design stage Items

4. Development stage items

5. Test and Acceptance stage Items

These stage numbers are already communicatedthrough mail through the whole team working on theproject. Either we can directly use the description of thestage in which the document is uploaded on the VSS.

For example: The requirement traceability matrix isfirst created during the requirement stage and isgenerally created second after the requirementdocuments. For project 217 the requirement traceabilitywould carry an identifier of 217-02-02 or 217-Planning-02.This is known as item's identifier.

1.1.5: Sub PracticeIdentify the owner responsible for each configurationitem.

Implementation Approach Through VSS we canrepresent the Owner who checks in the document or whohas made the changes in the document.

4.2. Establish a Configuration Management System

4.2.1. Sub Practice 1.2.1 Establish a mechanism to manage multiple control levelsof configuration management.

The level of control is typically selected based onproject objectives, risk, and/or resources. Control levelsmay vary in relation to the project lifecycle, type ofsystem under development, and specific projectrequirements.

1.2.2. Sub PracticeStore and retrieve configuration items in a configurationmanagement system.

Implementation Approach: Through VSS, we canretrieve the configuration item through Check outCommand. To make changes to a file you must first checkit out of the VSS database. When you Check Out an item,VSS retrieve the latest copy of the file to your workingfolder and make it writable.

There are exclusive check out and non-exclusivecheck out. If a file is checked out exclusively, it cannotbe checked out by other users.

JOURNAL OF INFORMATION TECHNOLOGY AND ENGINEERING (AN INTERNATIONAL JOURNALS)52

A working folder is the specified correspondingfolders on a user’s local computer used to store files whenworking with VSS projects. By default, the files areretrieved to the corresponding working folder when auser does get or Check Out. A working folder is basedon per project, per user and per machine. A user canmake changes to files in the working folder and thencheck the modified files back into the VSS database forversion tracking. Check-in Command enables the userto store the configuration item in the VSS database. Afteryou have finished the changes, you need to Check In theupdated file back into VSS. When we say VSS keeps allyour previous changes, we are not saying that VSS keepsevery change you make, we are saying that VSS keepsall the versions you checked in. If you do not check inyour file, there is no way that VSS knows that you havechanged the file and it should keep it.

4.2.3. Sub PracticeShare and transfer configuration items between controllevels within the configuration management system.

Implementation Approach: In VSS, Share commandenables files to be shared among multiple projects. Itcreates share links among these projects, so that the itemcan be viewed in all projects. If an item is modified inone project, the changes will be reflected in other projectssimultaneously

4.2.4. Sub PracticeStore and recover archived versions of configurationitems.

Implementation Approach: Visual SourceSafeprovides an Archive utility, with which we canperiodically backup our VSS database or projects andtransport files/projects between SourceSafe databases.SourceSafe also provides a Restore tool which allows usto restore the data from an archive.

4.2.5. Sub PracticeStore, update, and retrieve configuration managementrecords.

Implementation Approach: A history is maintainedwhenever we check out and check in the configurationitems.In history we can determine who retrieve theconfiguration item and when ?What modifications hasben performed?So in ths way we manage theconfiguration management records about theconfiguration tem.

4.2.6. Sub PracticePreserve the contents of the configuration managementsystem.

Examples of preservation functions of theconfiguration management system include the following:

• Backups and restoration of configurationmanagement files.

• Archiving of configuration management files.

• Recovery from configuration managementerrors.

Implementation Approach: As already mentionedabove we have determined how to use the archivecommand in VSS which will be useful for providing thebackups of the project.

4.3. Create or Release BaselinesFor this particular goal to be achieved there is no role ofVSS particularly rather it's the duty of Configurationmanger and the team to ensure that the latest documentsare uploaded n VSS which can be shared among the teammembers working on that same project so that noconfusion would creep up among the team members andall of will do the work on the same documents.

4.3.1 Sub PracticeObtain authorization from the configuration controlboard (CCB) before creating or releasing baselines ofconfiguration items.

Implementation Approach: When any member ofthe project team creates any new item of projectdocumentation that requires distribution to a variety ofother project staff, they should submit it to theconfiguration administrator, or whoever is designatedas being responsible for administering the configurationmanagement procedures - in order that they can decidewhether or not it constitutes a configuration item (CI).Once the item is designated as the configuration item-itcan be uploaded through VSS tool in its database. Aconfiguration item may have a number of versionsrelating to the continuing development of thatconfiguration item. Configuration manager must ensurethat whenever any document is uploaded in the VSS, itmust be approved by the authorized approvers or theclient. The configuration item may then undergo anumber of modifications as it is tested and errorscorrected, or as changes are requested.

4.3.2. Sub PracticeCreate or release baselines only from configuration itemsin the configuration management system.

Implementation Approach: Lets suppose there is anIT organization with the testing project then the teamcan ensure while testing all the requirements it shouldhave all the latest versions of configuration item

BEST PRACTICES TO ACHIEVE CMMI LEVEL 2 CONFIGURATION MANAGEMENT PROCESS AREA THROUGH VSS TOOL 53

uploaded in VSS database .All the documents like SRS(Software Requirement Specification), BR(BusinessRequirements)received from the client are uploadedin VSS.

4.3.3. Sub PracticeDocument the set of configuration items that arecontained in a baseline.

Implementation Approach: Before starting thetesting any project we should ensure that all the latestdocuments (BR, SRS, SA, HLD) are received from theclient and uploaded in VSS.

4.4.4. Sub PracticeMake the current set of baselines readily available.

Implementation Approach: When we received thedocuments from the client we can check in thosedocuments in the VSS database. Once the documents areuploaded in the VSS database, they are accessible to allthe team members working on the project by providingthem the appropriate access.

SG 2 TRACK AND CONTROL CHANGES

In this goal we keep the tack of change request from theirinitiation to their closure.

A change request is a proposal from a stakeholderin the software development process to changesomething in a product or in a product process. Commonchange requests include requests for productenhancements or new features. A change request can bereferred as a scope change. Change requests are analyzedto determine the impact that the change will have on thework product, related work products, budget, andschedule.

In practice, the basic details of a change request fromthe business are recorded to initiate the change process,including references to documents that describe andauthorize the change.

Implementation Approach: VSS is a centralrepository which can be used by the change manager aswell. They can update and maintain their records in thedatabase. Whenever there is a request of a scope change,the RFC (request change form) can be filled by therequester. RFC is a form which is used to maintain thescope changes of all the documents.

Change manager can upload the RFC form in a foldernamed as a Scope change in the VSS database .Changemanager and the other team members working on theproject have access to that folder. However the writeaccess is given only to Change Manager for thatparticular folder.

The Label can be used while uploading the RFCdocument which will describe about the status of scopechange. Initially the status can be put as Change Request.

The business owner of a configuration item (i.e., aCI in the Configuration Management Database whichrecords the exact state of the IT infrastructure) to bechanged (e.g., IT for infrastructure, Finance for a Billingapplication, etc.) and all affected groups (e.g., users,management, IT, etc.) are identified and asked tocontribute to an assessment of the risk and impact of arequested change.

Once the Change manger get the analyze impactfrom the business owner they can update the status ofRFC form in the database. Now the label which is usedfor describing the status of the RFC form can be put as“PENDING”.

A change should normally be made by a changeowner within the group responsible for the componentsbeing changed. A release or implementation plan shouldbe provided for all but the simplest of changes and itshould document how to back-out or reverse the changeshould it fail. On completion of the change the resultsshould be reported back for assessment to thoseresponsible for managing changes, and then presentedas a completed change for customer agreement. Oncethe change manager gets the approval from the customerfor the scope change, the label can be changed fromPending to Approved state. If the scope change is notapproved by the customer, the status can be changed to“Not approved” state.

The change request and configuration managementdatabase should be updated, so that the person whoinitiated the change is aware of its status. Actualresources used and the costs incurred are recorded aspart of the record. A post-implementation review shouldbe done to check that the completed change has met itsobjectives, that customers are happy with the results; andthat there have been no unexpected side-effects. Lessonslearned are fed back into future changes as an elementof continuous process improvement.

Once the approval has been obtained, the Changerequester can close the request and changed the statusof request as to a “Closed state”.

The person who initiated the change request shouldconsistently check the status of the RFC document .Oncethe status of the Request has reached to the closed statethe document can be provided to the whole team .andupload in the Project's folder. From where it is accessibleto every team member.

Control Configuration Items: Control is maintainedover the configuration of the work product baseline. Thiscontrol includes tracking the configuration of each of theconfiguration items, approving a new configuration ifnecessary, and updating the baseline.

JOURNAL OF INFORMATION TECHNOLOGY AND ENGINEERING (AN INTERNATIONAL JOURNALS)54

Change management should also work closely withconfiguration management to ensure that all changes toIT components are properly documented in theconfiguration management database, which is arepository used to track the status of all components ofthe IT environment. Configuration manager ensures thatthe latest version of the document has been uploaded inthe VSS .The configuration management database acts

as a historical record of changes to the environment andmaintains a “picture” of the existing IT environment. Allthe versions of the document can be found by checkingtheir history in the VSS.

The following screenshot represents how the historyis maintained in order to track the changes made in thedocument.

SG 3 ESTABLISH INTEGRITY

Integrity means ensuring the correctness of the document.

Implementation Approach: VSS helps in Establishand maintain records by describing configuration items.VSS records configuration management actions insufficient detail so the content and status of eachconfiguration item is known and previous versions canbe recovered.

Within the VSS we have the option to provide accesspermissions to authorized end users. VSS saves thedocument in Encrypted form. So in this way we canmaintain the integrity of documents. As there is theprovision of username and password only authorizedusers can modify the documents. We provide thedifferent levels of control level access to different users.

Configuration audits consist of cross checking theCI description records with the current version of the CIas held in its development folder. These audits arenormally carried out ahead of each project review,although they can be requested at any time by the projectmanager or the project owner. Configuration auditsshould establish that: the current physical representationof each CI matches its current specification, that there isconsistency in design between each CI and its parent, ifthere is a parent. Finally it also establishes that thedocumentation is up to date and all relevant standardsare being adhered to. The configuration administratorshould be responsible for producing all scheduled andad hoc reports on the status of the CIs at any givenpoint in time. The status of the document can be viewedin VSS.

BEST PRACTICES TO ACHIEVE CMMI LEVEL 2 CONFIGURATION MANAGEMENT PROCESS AREA THROUGH VSS TOOL 55

The following screenshot represents how we canprovide the different levels of control level access todifferent users.

5. CONCLUSION

By using all the Best practices specified above in thepaper, VSS can achieve the CMMI level 2 Configurationmanagement Goals in a very cost effective manner. Thereare many SCM tools on the market today and theircapabilities and prices range significantly. Whilechoosing a SCM tool make ensure what are yourrequirements?

• Is it laid out in your company’s process?

• Does the customer require a certain product?

• Reliability and support of the product

• Appearance

• (GUI front end)

• Integration with specific development environment

• Platform (operating system)

• Cost

• Other functionality version control.

VSS, is the Superior Choice Because, it Provides

• Flexibility within a single product family, onethat offers ease-of-use and powerful features formore advanced teams as well as small teams.

• Easy to set up, easy to use, integrates with VisualStudio.

• A company can achieve the CMMI level 2configuration Process area if used VSS.

By using VSS organization can deliver a more bugfee product, automate repetitive development taskscreate a more predictable software development andrelease cycle manage concurrent development ofmultiple source files/projects which contributesto increased productivity create the distributeddevelopment teams regardless of the location.

REFERENCES[1] Roger S Pressman, “Software Engineering McGraw-Hill”;

6th Edition (April 2, 2004).[2] Jonathan B. Steele, “Software Configuration Management

Tools Dec 7, 2002 University of Maryland University”,College MSIT 630, section 1131.

JOURNAL OF INFORMATION TECHNOLOGY AND ENGINEERING (AN INTERNATIONAL JOURNALS)56

[3] Dennis R. Golden Son, “Demonstrating the Impact andBenefits of CMMI October”, 2003.

[4] Introducing CMMI for Development Produced by DetNorske Veritas October, 2009.

[5] University of Carnegie Mellon, Pittsburgh. “SoftwareEngineering Institute. CMMI for Systems Engineering”,Software Engineering, Integrated Product and ProcessDevelopment, and supplier Sourcing (CMMI-SE/SW/IPPD/SS, V1.1.

[6] Herve Rochecouste, “CMMI-Use the Body of Knowledgeto Create and Improve your System IntegrationCapability”, December 2001.

[7] J. Cooper and M. Fisher. “Software Acquisition CapabilityMaturity Model”. Technical Report CMU/SEI-2002-TR-010,Software Engineering Institute, 2002.

[8] Stephen R. Palmer and John M. Felsing. “A PracticalGuide to Feature-Driven Development”.Prentice Hall, 2002.

[9] Mark C. Paulk. “Extreme Programming from a CMMPerspective”. IEEE Software, 18(6): pp. 19-26, December 2001.

[10] Mark C. Paulk, Bill Curtis, Mary Beth Chrissis, andCharles Weber. “Capability Maturity Model”. TechnicalReport CMU/SEI-93-TR-24, DTIC Number ADA263403,Software Engineering Institute, 2003.

[11] Ken Schwaber. “The Scrum Development Process”. InOOPSLA '95 Workshop on Business Object Design andImplementation, Austin, Texas, USA, October 1995. ACMPress’s. IPD-CMM-Integrated Product Development.Technical Report CMU/SEI-MM-97-001, SoftwareEngineering Institute, 1997.

[12] SEI. “CMMI for Systems Engineering, SoftwareE n g i n e e r i n g ” , Integrated Product and Process Development, andSupplier Sourcing (CMMI-SE/SW/IPPD/SS, V1.1)Staged Representation. Technical Report CMU/SEI-2002-TR-012 ESC-TR-2002-012, Software EngineeringInstitute, 2002.

[13] SEI. Standard CMMISM Appraisal Method for ProcessImprovement (SCAMPISM), “Version 1.1: MethodDefinition Document”. Technical Report CMU/SEI-2001-HB-001, Software Engineering Institute, 2002.