Change Management Methodology

Similar documents
Operational Level Agreement: SQL Server Database Incidents and Requests

White Paper. Veritas Configuration Manager by Symantec. Removing the Risks of Change Management and Impact to Application Availability

Incident Management Process

Incident Management Process

OpenText Prime Protect

SPOK e.notify. Enabling Sophisticated, Efficient Incident Management

Integrating Configuration Management Into Your Release Automation Strategy

Here are the snapshots of the changes recorded in the three-month period

SESSION 408 Tuesday, November 3, 10:00am - 11:00am Track: Service Support and Operations

Position Description. Job Summary: Campus Job Scope:

CA Network Automation

AGILENT SPECIFICATIONS INFORMATICS SOFTWARE SUPPORT AND SERVICES SILVER-LEVEL

ITSM Process/Change Management

MAINTENANCE AGREEMENT FOR RSA PRODUCTS ***IMPORTANT***

IBM Service Management solutions To support your business objectives. Increase your service availability and performance with IBM Service Management.

Improving Service Availability via Low-Outage Upgrades

Service management solutions White paper. Six steps toward assuring service availability and performance.

You might not realize it yet, but every time you log in to Salesforce,

SUPPORT POLICY AND CLOUD SERVICE LEVEL AGREEMENT

OpenText Protect. 1. Introduction. Software Maintenance Program Handbook

IT Event Alerting and Response

Database Services - Standard

Comparing Cost of Ownership: Symantec Managed PKI Service vs. On- Premise Software

Achieving Application Readiness Maturity The key to accelerated service delivery and faster adoption of new application technologies

Carahsoft End-User Computing Solutions Services

This topic focuses on how to prepare a customer for support, and how to use the SAP support processes to solve your customer s problems.

ITS Change Management Process

Kaseya Traverse Predictive SLA Management and Monitoring

BMC FootPrints. Service Management Solution Overview.

Expert Reference Series of White Papers. Microsoft Service Manager Simplified

Epicor Cloud ERP Services Specification Single Tenant SaaS and Single Tenant Hosting Services (Updated July 31, 2017)

QUMU CLOUD PLATFORM CUSTOMER SUPPORT AGREEMENT

IBM Tivoli OMEGAMON XE for. WebSphere Business Integration. Optimize management of your messaging infrastructure. Highlights

Microsoft Dynamics 365 for Finance and Operations. Microsoft Dynamics AX. Service description. Version 4 July 2017

EX0-114_Wins_Exam. Number: Passing Score: 800 Time Limit: 120 min File Version: 1.0

IT Service Management Foundation based on ISO/IEC20000

One Identity Support Guide

Comparing Cost of Ownership: Symantec Managed PKI Service vs. On-Premise Software

An Enterprise-Grade Architecture for Salesforce Native Applications

Central Management Server (CMS) for SMA

Leading Practice: Test Strategy and Approach in Agile Projects

Field Service Lightning Managed Package Guide

MASTER SERVICE LEVEL AGREEMENT (MSLA)

Liquidware Customer Support Policy

WHITE PAPER MARCH Improve ROI of PeopleSoft Enterprise With Business Automation

Proposed Service Level Agreement For Medium SaaS Projects

Disaster Recovery Strategies for the BlackBerry Enterprise Solution

Contents. Change Management Departmental Procedures

Oracle Systems Optimization Support

Data Protection Management (DPM)

Field Service Lightning Mobile User Guide

Central Management Server (CMS) for SMA

Oracle Systems Optimization Support

ISTQB Certified Tester. Foundation Level. Sample Exam 1

Operating Level Agreement (OLA) Template

IBM storage solutions: Evolving to an on demand operating environment

Implementing ITIL Best Practices

TURN VIRTUAL MANAGEMENT INTO AUTOMATED BEST PRACTICES

05/15/2018 Scott Baron Added UCF IT definition as of May 2018 Added Section I. Document Control

HP Data Replication Solution Service for HP 3PAR Remote Copy

IBM Emptoris Supplier Lifecycle Management on Cloud

IBM ICE (Innovation Centre for Education) Welcome to: Unit 1 Overview of delivery models in Cloud Computing. Copyright IBM Corporation

IBM Infrastructure Security Services - Managed Security Information and Event Management (Managed SIEM)

Hitachi Solutions. Ground to Cloud Dynamics AX 2012 Migration to D365

DEVELOPING APPLICATIONS USING MICROSERVICES AND MICROSOFT AZURE SERVICE FABRIC 1

IBM SmartCloud Control Desk: High Availability and Disaster Recovery Configurations IBM Redbooks Solution Guide

Exhibit E LeanSight SLA. LeanSight SERVICE LEVEL AGREEMENT (SLA)

AUTOMATED TESTING: THE GLUE THAT HOLDS DEVOPS TOGETHER

ServiceNow Change Management Guide

HP Support Plus Service HP Care Pack Services

CLIENT SUPPORT SERVICES

Windchill System Validation Technical Brief

IBM Tivoli Workload Automation View, Control and Automate Composite Workloads

Achieve Your Business and IT Goals with Help from CA Services

Gain strategic insight into business services to help optimize IT.

White Paper. Managed IT Services as a Business Solution

Become a truly service-oriented organization

Data Center Infrastructure Scorecard Governance, RAM, and Cost-to-Serve Assessment

Cambium Care Services Guide

Stat Production Services for Oracle E-Business Suite (Onsite and Remote)

Contents About This Guide... 5 Upgrade Overview... 5 Examining Your Upgrade Criteria... 7 Upgrade Best Practices... 8

ORACLE SYSTEMS MIGRATION SERVICES FOR IBM ENVIRONMENTS

TECHNOLOGY brief: Event Management. Event Management. Nancy Hinich-Gualda

Mediaocean Global Support Policy

SAP s Quality & Testing Platform Complete Solution of Products and Professional Services

Consequences of Poorly Performing Software Systems

SERVICE LEVEL AGREEMENT

USE CASES FOR CONNECTED SYSTEMS

Get Proactive With Oracle Support. Denis Jaume Senior Director Software Support

CLIENT SUPPORT SERVICES

Charles River Software as a Service (SaaS)

Training for Database & Technology with Solution Manager em SAP Application Lifecycle Management (ALM)

May

Are Your Cloud Applications Performance-Ready?

Moogsoft Inc. Support Addendum

Realizing the Value of Cloud

Relationship based, customizable, proactive enterprise support.

The Optanix Platform. Service Predictability. Delivered. Optanix Platform Overview. Overview. 95% 91% proactive incidents first-time fix rate

Address system-on-chip development challenges with enterprise verification management.

ACS ANNUAL SERVICES EXHIBIT ORACLE FUNCTIONAL HELP DESK SERVICES

Transcription:

Change Management Methodology Salesforce, Summer 15 @salesforcedocs Last updated: June 22, 2015

Copyright 2000 2015 salesforce.com, inc. All rights reserved. Salesforce is a registered trademark of salesforce.com, inc., as are other names and marks. Other marks appearing herein may be trademarks of their respective owners.

CONTENTS CHANGE MANAGEMENT METHODOLOGY........................... 1 Introduction.......................................................... 1 Overview............................................................ 1 Types of Change Policies................................................. 3 Release Change Policies................................................. 3 Infrastructure Change Policies............................................. 6 Common Change Policies................................................ 7 Best Practices and Related Resources........................................ 9

CHANGE MANAGEMENT METHODOLOGY Introduction At Salesforce, we re passionate about continually improving our services and their supporting infrastructure for our customers around the world. We work hard behind the scenes to make Salesforce updates seamless, and we follow a proven change management methodology, which this document makes transparent, to minimize the impact of changes to our services. This document gives all Salesforce users from CEOs to CRM consultants, salespeople to software developers a high-level overview of that formal methodology for planning and making Salesforce changes. In addition, it outlines some best practices for technical architects and IT managers, who can help your organization prepare for and benefit from Salesforce changes. Note: This document is for informational purposes only, and is not part of any legal or otherwise binding agreement. The policies and practices described in this document are subject to change at Salesforce s sole discretion. Overview Founded in 1999, Salesforce is the enterprise cloud computing company. Using Salesforce s social and mobile technologies, companies can connect with customers, partners, and employees in entirely new ways. Based on Salesforce s real-time, multitenant architecture, the company s platform and apps give customers the tools to create a social front office and revolutionize the way they sell, service, market, collaborate, work, and innovate. This paper outlines the Salesforce change management methodology policies, which go hand in hand with that commitment to innovation, for our: Cloud-based service and the Salesforce Web content that users can access without logging in Underlying network of servers in multiple data centers around the globe that deliver the Salesforce service and its Web content Region Table 1: Geographic Regions of Salesforce s Servers and Instances Description Instance Names North America Europe Asia/Pacific Customer Sandbox Servers for North American organizations, including the Salesforce internal organization Servers for European organizations Servers for organizations in the Asia/Pacific region Servers for all customer sandbox organizations NA0, NA1, NAx,... EU0, EU1, EUx,... AP0, AP1, APx,... CS0, CS1, CSx,... Salesforce Updates We are committed to communicating planned service updates and infrastructure updates to impacted customers. 1

Our Fundamental Change Principle Service updates include the addition of new features, enhancements to existing features, and bug fixes. Salesforce deploys these updates during releases, which typically occur three times a year. Infrastructure updates include device operating system upgrades, configuration changes, system patches, and hardware maintenance activities. Salesforce deploys these updates as necessary. Releases and infrastructure updates have separate, formal change management methodologies that govern the planning, communication, documentation, coordination, scheduling, and execution of every change in the Salesforce environment. The methodologies comply with SOX and SSAE 16, meet the ISO/IEC 27001 certification, and align with ITSM and ITIL, all of which exist to protect customers from potentially disruptive or unacceptably risky changes. Ultimately, these standards, certifications, and best practices help us address your issues quickly and plan changes carefully to minimize their impact on your organization. Our Fundamental Change Principle Salesforce bases its change management methodology on one main, fundamental principle: trust. At Salesforce, building trust with customers means pursuing the following three goals. Maximizing innovation Minimizing impact Communicating changes Maximizing Innovation Provide administrators the ability to enable new features, and significant changes to features and functionality. Ensure, whenever possible, that customers can evaluate and test changes in sandbox environments before deploying the changes to production organizations. Minimizing Impact Consider how each change impacts Salesforce s diverse customer base, especially customers who want to carefully manage risk and need more time to absorb change. Stagger all releases. Ensure that infrastructure updates and service updates don t conflict. Fix critical bugs quickly. Communicating Changes Be transparent. Communicate impactful changes in advance. Ensure that customers understand the benefits of changes. Roles and Responsibilities The following teams drive changes, and their processes and policies strictly adhere to the fundamental principles of the Salesforce change management methodology. Scrum teams are cross-functional teams with members from the Product, Development, Quality Engineering, Documentation, and User Assistance departments. The teams collaborate to design, develop, test, and document new features, enhancements to existing features, and bug fixes. 2

Types of Change Policies Technical Operations (TechOps) consists of several subgroups that plan and implement changes to the Salesforce infrastructure. The subgroups include the Site Reliability (SR) team, which handles most routine changes, as well as specialized teams that handle other tasks, including system, network, storage, database, and data center engineering. Release Management plans, schedules, coordinates, and oversees releases and infrastructure changes. This group drives the definition, evolution, compliance, and automation of release processes to optimize their efficiency and quality while meeting the demands of rapid growth. Members of these teams complete Salesforce s change management training, which involves building employees skills sets to facilitate smooth and responsible changes, and developing and reinforcing their knowledge of our most current change management methodology. Types of Change Policies In this document, we divide the polices that guide our teams through changes into three categories. Release change policies help us schedule, test, and implement quality release changes. Infrastructure change policies help us improve the overall stability of the hardware and software that deliver Salesforce services. Common change policies, which apply to both release and infrastructure change policies, help us avoid change-related problems, and they enable us to roll back and investigate problems if they occur. Release Change Policies Salesforce has three types of releases. Major releases Patch releases Emergency releases (e-releases) Each release type adheres to our change management methodology, which helps us expedite the release, reduce human error, and test the changes. The methodology consists of automated release processes and tools that efficiently release code to each instance. Major Releases Major releases include the addition of several new features to the service, enhancements to existing features, and updates to Web content related to the service updates. Not all instances get a major release at the same time. Instead, Salesforce staggers the major release rollout, gradually making the release available to instances over several weeks. Staggering releases adds extra layers of testing and verification to ensure the quality of the release. Week Table 2: Staggered Rollout of a Major Release Release Name Description 1 4 5 6 Internal release Sandbox Release 0 Release to an internal Salesforce instance Release to customer preview sandbox (CSx) instances Beginning with the Winter 13 release, a release to NA1 instance, where the internal Salesforce organization resides 3

Patch Releases Week 7 8 Release Name Release 1 Release 2 Description Release to some of the North American (NA6, NA7, NA8, NA9) instances Release to remaining staggered sandbox (CSx), North American (NAx), European (EUx), and Asia/Pacific (APx) instances Salesforce has three major releases a year, which generally meet the following release schedule. Release Table 3: Approximate Schedule of Major Releases Sandbox Release, Release 0 Release 1, Release 2 Spring Summer Winter January May September February June October A four-month development cycle precedes each major release. During the development cycle, Salesforce conducts rigorous tests to ensure the quality of new features. The tests fall into the following five categories. Determining Criteria and Strategy The product manager writes user-focused feature acceptance criteria, and the quality engineers and developers agree on the implementation and test strategy. Defining and Reviewing Tests The scrum team writes and reviews test plans and test cases, which check the functionality, security, and performance of each of the features components. Coding and Testing Features As developers implement features, quality engineers automate written test cases and verify the test code coverage. These automated tests become part of the regression test suite for future releases. Verifying User Experience The scrum team performs exploratory testing, using the feature not only as it s intended, but also as a user might misuse it or try to break it. System Testing After development completes, the scrum team tests for overall performance and scalability. Salesforce encourages customers to run regression tests immediately after every sandbox and production release. Discovering integration issues early allows more time to address the issue, mitigate end-user confusion, and ensure business continuity. This strategy aligns with ITIL Change and Release Management and is a common practice for large systems. Patch Releases Salesforce releases a weekly patch that includes fixes for bugs that impact customers or the system as a whole. For every fix, the product team: Evaluates code changes for correctness and risk 4

Emergency Releases Writes and automates additional test cases Performs exploratory testing Applies comprehensive test suites Note: Salesforce does not release patches during change moratoriums, when Salesforce releases and infrastructure changes stop. Patches typically do not include fixes for non-impactful bugs. Instead, Salesforce fixes such bugs in major releases to minimize the number of changes included in patches and to ensure that customer-impacting issues receive top priority. Distributed applications that run on a separate infrastructure from the instances might have their own release cycles, and patches occasionally include new features or enhancements built by off-cycle scrum teams. New features and enhancements in patches are tested similar to major releases. Patch managers and Quality Engineering managers review each patch before its release. When a patch goes live, product teams that are releasing bug fixes, features, or enhancements in the patch monitor feedback loops and run automated production tests to confirm that there are no issues. Salesforce verifies patches first on an internal instance, then on a sandbox instance during off-peak hours, and then finally on a production instance. After Salesforce verifies the success of the patch, it becomes available on the remaining European and North American instances on Wednesdays and on Asia/Pacific instances on Thursdays (PST). When releasing patches, Salesforce removes the application server nodes from the server pool in groups and allows 30 seconds for in-flight jobs to complete the transactions before shutting down the nodes. The patch application process restarts the service with the new code, and each node returns to the pool. Patch releases are typically transparent, but server restarts sometimes interrupt long-running transactions. Although the 30-second window is long enough for most transactions to complete, Salesforce recommends that customers design their code and tune each transaction to complete within 30 seconds, and adopt a retry mechanism in the custom logic or consider utilizing asynchronous methods. Emergency Releases If we discover that an immediate patch is necessary, we will perform an emergency release (e-release). Similar to patch releases, e-releases are verified first on an internal instance, then on a sandbox instance during off-peak hours, and then finally on a production instance. After Salesforce verifies the success of the e-release, it becomes available on the remaining instances. Customer Impact and Communication for Releases Patches and emergency releases are generally transparent to users, and they do not require interruptions to service. Major releases will be delivered during a predetermined, five-minute window. To minimize the potential impacts of service disruptions, Salesforce deploys major releases in scheduled maintenance windows that occur during off-peak hours. We notify administrators with maintenance window schedules one month prior to a major release and again one week before the release. Note: If you want to access the schedules on your own, you can also visit trust.salesforce.com/trust/instances one month prior to each release, or you can log in to Salesforce and look at the splash pages one week prior to each release. Additionally, organizations that subscribe to the Premier Success Plan receive Premier Alert email notifications with the schedules. See Salesforce Maintenance Schedule. 5

Infrastructure Change Policies Infrastructure Change Policies Salesforce periodically changes the hardware and software that compose the infrastructure delivering its services and Web content. These changes improve the performance, reliability, and stability of the service, and can include server configuration changes, firmware and OS upgrades, network device changes, and even the addition of new data centers. The infrastructure has a high-availability (HA) architecture with redundant hardware, failover capabilities, clustering technology, and ample capacity to withhold the load, even after Salesforce takes out a device for maintenance. The infrastructure allows Salesforce to hot-fix without interrupting service for most types of hardware and software changes. Salesforce evaluates all proposed infrastructure changes and assesses their potential impact to customers. When we determine that changes are low risk, we schedule them to run during off-peak business hour windows. While many infrastructure changes are seamless, interruptions to service are necessary for some, such as instance migrations, instance splits, and database upgrades. We schedule these changes during off-peak periods in existing maintenance windows and notify you in advance. During a maintenance window, the expected status of the service is one of the following. Generally Available Users can log in and use the service as usual, but they might experience transient interruptions during a specified period within the maintenance window. Unavailable Users can t log in, and a maintenance message displays if a user attempts to log in or requests a transaction. Some major events, such as instance migrations and database upgrades, require Salesforce to exceed the duration of standard maintenance windows. Interruptions to service typically don t occur outside of maintenance windows, unless common infrastructure changes that impact multiple instances are necessary. Changes that do not require interruptions to service might occur outside of maintenance windows and business hours in the data center s geographic region. For every infrastructure change, we provide as much lead time as possible for customer communication, and we track and analyze change requests in our internal ticketing organization. Note: Salesforce reserves the right to schedule maintenance windows whenever needed. If you want to access the schedules on your own, you can also visit trust.salesforce.com/trust/instances, or log in to Salesforce and look at the splash pages one week prior to each infrastructure change. Additionally, organizations that subscribe to the Premier Success Plan receive Premier Alert email notifications with the schedules. See Salesforce Maintenance Schedule. Planned Infrastructure Changes To promote thoughtful decisions and avoid adverse consequences, Salesforce completes testing, automation, implementation, verification, and rollback plans prior to scheduling infrastructure changes. Plans for changes to test environments require the review and approval of subject matter experts (SMEs) and SR managers. Plans for other infrastructure changes require additional approvals and two levels of management review. The final review is by Salesforce s operations team, which ensures that no other changes or incidents will conflict with planned work. For emergency change requests and fixes, Salesforce expedites these plans and approvals. Unplanned Infrastructure Changes If the service experiences unexpected service degradations, Salesforce will work to isolate the problem. When an unplanned infrastructure change is required, we will notify customers as we do for planned infrastructure changes, except we might do so with less lead time before making the change or soon after having already made that change. 6

Common Change Policies Note: Some issues might require Salesforce to take the service offline for emergency maintenance. Common Change Policies Salesforce follows these change policies both for releases of Salesforce services and for Salesforce infrastructure changes. Customer readiness time frames Contingency and rollback strategies Root cause analyses Moratoriums Customer Readiness Time Frames Salesforce intends to communicate its planned release and infrastructure changes within its customer readiness time frames to help customers prepare for upcoming Salesforce changes. Type of Change New Features and Feature Enhancements Infrastructure Changes Feature Retirements Data Center Moves Customer Readiness Time Frame (minimum) 1 month 2 months 12 months 6 months Contingency and Rollback Strategies Salesforce only approves infrastructure changes and releases that have a rollback plan. The rollback plan ensures system stability if the change fails to achieve its objective or unexpectedly causes issues. Salesforce defines the following general rollback process for its non-major releases.* If severe issues occur when deploying a release, Salesforce rolls back the release immediately, unless doing so might cause a more serious issue. If the impact of an issue is unclear, Salesforce performs a 10-minute investigation before deciding to roll back. If the impact is still unclear after the investigation, Salesforce rolls back the release. For instance splits, data center migrations, and similar events that involve many large changes, the rollback could take hours. In such cases, a Disaster Recovery Process allows Salesforce to decide whether to redirect customers to a stable copy of the instance until the primary instance is working correctly. Before major releases are deployed, Salesforce performs extensive testing and verification on internal instances to reduce the risk of regressions. In the unlikely event of a problem, a rollback is impractical because a major release involves database schema changes that are potentially incompatible with the previous release schema. Instead of a rollback, Salesforce uses a major release contingency plan that employs specialized data recovery plans, database scripts, and emergency releases, if necessary. *Quoted time frames are approximate. Salesforce intends to communicate the actual time frames. 7

Root Cause Analyses Root Cause Analyses To ensure the quality and improvement of our change management process, we perform a root cause analysis (RCA) to ensure that previously discovered problems do not happen again. Three types of incidents failed changes, emergency changes, and process violations trigger the RCA process. Failed Changes A failed change is a change that does any one of the following. Fails to achieve its objective Achieves its objective but doesn t do so within the target maintenance window Unexpectedly creates a new issue Emergency Changes An emergency change is a change that must be implemented as soon as possible to: Fix or restore customer services Correct or prevent the imminent disruption or degradation of customer services Patch or correct a confirmed security vulnerability We investigate emergency changes to: Thoroughly understand the problems they addressed Institute an action plan to ensure that those problems don t happen again Process Violations Salesforce takes process violations seriously, and breaches are unacceptable at any time. We fully investigate and document all process violations to benefit our customers, our employees, and our business. We handle process violations according to a well-defined course of action, which includes: 1. Giving employees verbal warnings 2. Assigning mandatory change management training 3. Temporarily suspending employees production access 4. Ramping up our monitoring and retraining efforts If an employee continues to make process violations, we terminate his or her employment, pending a full debrief on the incident. RCA Process After a failed change, emergency change, or process violation triggers the RCA process, Salesforce: 1. Analyzes the incident s impact on the customer 2. Investigates what caused the incident 3. Addresses the root cause of the incident 4. Closes the RCA Salesforce management further analyzes closed RCAs at a higher level to find and address issues in change processes, roles, and responsibilities. In addition, Salesforce makes continuous efforts to improve the accuracy and quality of attributes in the RCAs, which allow us to quickly report on impacted areas and detect multiple occurrences of similar issues. 8

Moratoriums Moratoriums Salesforce has change moratoriums, which are cessations of releases and infrastructure changes, to avoid introducing code defects, unintended changes, regressions, and other problems during critical periods. Note: Changes made during moratoriums must be approved by SR senior management. Moratoriums typically happen during: End of Calendar Month The second-to-last calendar day of the month through the first calendar day of the following month. End of Calendar Year The last two full weeks of December through the first business day of the new year. Thanksgiving Holiday The day before Thanksgiving through the following Monday. Days Surrounding Major Release The Thursday before the major release through the following Monday. Best Practices and Related Resources Best Practices We are committed to making Salesforce updates and changes as seamless and easy as possible, and you can do a few additional things to further enhance your Salesforce experience. Follow the Salesforce change management best practices by: Running regression tests immediately after every sandbox and production release Discover integration issues early to allow more time to address the issue, mitigate end-user confusion, and ensure business continuity. This practice aligns with ITIL Change and Release Management, a practice generally adopted by large systems. Planning critical development activities outside of the declared scheduled maintenance windows Schedule activities outside of the planned maintenance windows to mitigate the risk of project delays and rescheduling overheads. Implementing retry logic or recovery processes for integration applications Automate recovery logic to: Ensure business continuity when long-running jobs fail because of patches and maintenance windows Reduce manual recovery intervention Related Resources For related information, see: Salesforce Maintenance Schedule Development Lifecycle Guide Feature Retirement Philosophy 9

2024 © businessdocbox.com Privacy Policy | Terms of Service | Feedback