IT Services Management Foundation Course

Introduction

What will this course give me?

An introduction to IT Service Management Familiarity with
The key processes and responsibilities
BS 15000 standard ITIL Service Support and Service Delivery books

An understanding of the relevance of Service Management to an Organization

A common language to describe Service Management processes

Service Management Philosophy

IT is the Business The Business is IT Neglect IT Services and the Business will suffer

Why do we need to Manage Change?

Distributed world-wide systems Ensure clear boundaries of responsibility between providers, their suppliers and their customers Manage and track component dependencies Faster & Clearer risk analysis (speed to market)

E-commerce changes - monthly, weekly, daily, hourly ...

Change causes, incidents and problems

& IT affects the Business

Busy Customers

1st Line Support 2nd Line Support

Request for Change

Benefits of Good Control

Cost of Incidents & Problems

Time Good control decreases costs & fire-fighting

Mountains ...

Speed to market Constant change Focus on the business Contribute to solving business challenges

Throughout the planning cycle Demonstrable IT contribution

Change the mind-set from product to service

Consistent and stable services Maintaining security

Adding value in the supply chain

Infrastructure complexity

Pebbles ...

Uncontrolled and disruptive change Unknown service costs, high peer support costs

& Total Cost of Ownership (TCO)

Poor Service Level Agreements (SLAs) Unclear responsibilities Unknown components, dependencies and ownership Unable to justify investment or assess risk

No measure or proof of improvement

What can we do?

PD0015 Self assessment workbook BS Achieve this 15000 Standard

Management Overview PD0005 Management Overview

ITIL Self Assessment Questionnaire Process definition

ITIL

Internal Processes and Procedures

Deployed Solution

Stop falling over Start climbing!

BS 15000 Service Management

Service Delivery Processes
Security Management Service Continuity & Availability Management Service Level Management Service Reporting Capacity Management Financial Management

Control Processes
Configuration Management Change Management

Release Processes
Release Management

Relationship Processes
Business Relationship Management Supplier Management

Resolution Processes
Incident Management Problem Management

Automation

Best Practice?

What do you understand by the term?

An industry accepted way of doing something, that works

The most effective way of understanding a process or procedure

Where does it work well and why?

What does it consist of?

Principles Agreement on specific processes Usually put into writing Reviewed and updated

ITIL Best Practice

Gathered from IS practitioners:

Users, Suppliers, Consultants

Proven Is supported by tools Is used world-wide Supported by the International user group (IT Service Management Forum)

Why Implement Best Practice?

Professionalism Managing complex infrastructures and services Understand the core processes and capabilities Decision making metrics

Clear responsibilities and points of contact

Avoid reinventing the wheel Long term survival!

What is Service Management ?

A dynamic balance between:

Demand for IT Services:

Supply of IT Services:

Need to know and understand: - the requirements of the business as a whole - the capabilities of IT to deliver to its customers

Application in the Real World

Processes and Procedures

- What and How

Activities and Functions - Responsibilities and Roles Organization and Resources - Hierarchy / Structure and People / Tools Ownership and Operational Control - Budgets and Service Responsibility

Process definition & KPIs

PROCESS CONTROL & CHECKS

Process Manager Quality Parameters ! Key Performance Indicators PROCESS

Process Objectives

Inputs

Activities & SubProcesses

Outputs

Process Enablers

Balance:

Resources

Roles

TIME / COST / SCOPE / QUALITY

What are the inputs and outputs for change management?

Quality Drivers

BS 15000 and supporting documents ISO 9000:2000

BS 7799/ISO 17799 Information Systems

Security

SEI - Capability Maturity Models (CMM EFQM - European Foundation for Quality

Management

IIP - Investors in People Project Olympus

EFQM Business Excellence Model

Enablers 50%
People Management 9%

Results 50%
People Satisfaction 9%

Leadership

10%

Policy & Strategy 8%

Processes 14%

Customer Satisfaction 20%

Business Results 15%

Partnership & Resources 9%

Impact on Society 6%

Innovation and Learning

Quality Drivers

Overview of ITIL

The ITIL Disciplines

IT Service Support

Service Desk (function) Service Levels

Release Change Problem

Configuration

Incident Availability Capacity IT Finance

IT Continuity

IT Service Delivery

The IT Image

SLM
Service Desk

What does the business see?

Service Desk

Central (or Single) point of contact Handles incidents and requests Interface to:

Change Problem

Configuration
Release Service Level Management

IT Service Continuous Management

Internal Suppliers External Suppliers

Incidents, Problems and Known Errors

Incident
- Any event which is not part of the standard operation of a service

and which causes or may cause an interruption to or a reduction in the quality of that service

Problem
- The unknown root cause of one or more incidents (not necessarily

solved at the time the incident is closed)

Known Error
- The successful diagnosis of the root cause of a problem when the

configuration items (Cis) at fault are confirmed (and a workaround exits) - often removed by implementing a change.

Can you provide examples of each?

Customers and Users

Customers
The business managers authorized to negotiate with the IT supplier on behalf of the business. Typically people who have responsibility for the cost of the service.

Users
The people who use the service on a day-today basis.

Incident Management

Focus on restoration of service

Consistent approach to incidents

Service Desks are key to this process

Problem Management
To minimise the adverse effect of incidents and problems to the business

Prioritisation of problems Investigation of underlying causes Proactive prevention of incidents Initiating corrective change

Change Management

Managing changes to the infrastructure or any aspect of

services, in a controlled manner

Standardized method & procedures Prompt handling of requests for change Scheduling and overseeing changes Balance between need and detrimental impact

Change Management
Objective: To ensure that changes that maximize customer or business benefit are implemented in a controlled manner, efficiently and effectively. External IT Services

What triggers a change and when should an RFC be raised?

Release Management

To deliver, distribute and track one or

more changes into the live environment

Holistic view of change to an IT service

For significant roll-outs

For distributed software releases Integrated with Change & Configuration

Configuration Management

What there is
Where it is How it is joined up

Availability Management

Optimise capability

Based on business requirements

Monitoring and analysing

against availability
requirements
Can you think of examples of how availability can be measured? How useful are your examples to the business?

IT Service Continuity Management

Support business continuity

Identify and address risk and vulnerability

Planning and testing

Capacity Management
Understood current and future requirements

Ensure requirements are met cost effectively

No surprises.

Financial Management for IT Services

Budgeting and accounting (mandatory)

Charging (optional)
Cost effective stewardship

Service Level Management

Documented, agreed, measured and reviewed service levels Maintain and improve business aligned IT quality Joint responsibility with customer focus

Service Delivery
IT Service Support

Service Desk (function) Service Levels

Release Change Problem

Configuration

Incident Availability Capacity IT Finance

IT Continuity

IT Service Delivery

Service Level Management

Service Level Management

Achieving a balance between:
Demand for

Supply of
IT Services

IT Services

By:

- Knowing the requirements of the business

- Knowing the capabilities of IT

Service Level Management Objectives

Business-like relationship between customer and supplier

Improved understanding and specification of service requirements Greater flexibility and responsiveness in service provision

Balance customer demands and cost of services provision

Measurable service levels

Quality improvement (continuous review)

Typical Business Relationship map

User

Customer
User Business

User

IT Supplier 1 Supplier 5 Supplier 2

Supplier 4 Supplier 3

Supplier 2 Supplier 4

Supplier 6

Many customers Supplier 5 Many users Many suppliers Complex supply chain

Service Catalogue

Details the full range of services and sometimes the different levels of service that are available to customers.

It defines agreed expectations What you choose to define as a Service to your organization is a business decision

Examples are: Payroll service, printing service, email service, PC delivery and installation service

Service Level Management Activities

Service requirements Develop and maintain service catalogue Service Level agreements Operational level agreements & contracts Managing customer expectations

Monitor, review & report

Service improvement

Creating & Maintaining Agreements

SLAs, Contracts, OLAs - Examples

Finance Human Resources Marketing

Sales
Service Level Agreements - SLAs Customer Facing IT Service Management Underpinning Contracts, UPCs

Operational Level Agreements, OLAs Desktop UNIX

Supplier X Telecoms
Networks Supplier Y WAN

Contracts and SLAs

Contract is between two bodies with separate legal existence

Emphasis of SLA is on targets

Emphasis of contract is minimum acceptable level of service

SLA can supplement a contract

Tendency for SLA to be more specific with a shorter currency

Example of SLAs and Multi level SLAs

Customer Level
(all SLM issues

Corporate Level for a particular

(generic SLM issues for all customers eg. Service Desk response times) customer group)

Service Level
(all issues relevant to a specific Service within this customer group)

Can you provide an example of each of these?

Specifying a Service

Service description, dates, duration, deliverables

Service times, location, terms of delivery, finance Information on products & facilities supplied Service levels, availability, performance Security, backup & recovery, contingencies Procedures for : signing, changes, delivery, corrective action

SLAs - Important Considerations

Plan and trial before agreeing

Understand the customer perspective Only pleasant surprises for the customer and third party suppliers

Be sure you can measure and agree who, how and when Check definitions are understood (glossary) Be customer orientated

Possible Problems

Customers have difficulty identifying requirements IT has difficulty identifying the customer Focused on IT deliverables instead of service as perceived by customer Necessary disciplines not in place or not integrated with Service Level Management Differences between costing and charging not always appreciated by internal clients Investment in broad-based budget, not focused on a specific SLA, makes improvement difficult Managers over-ambitious but not willing to invest in underpinning processes Lack of discipline and/or necessary formality

Benefits

Establish more business-like relationships through measurable and realistic service level agreements.

Accurately balance the service requirements of customers against the costs and complexity of providing those services.

Accurately specify IT resources. Reduce unpredictable demand. Cut procurement costs through better information for on-time negotiations with suppliers.

Establish baseline for service improvements for greater customer satisfaction.

Best Practice

Emphasize contribution to business success as opposed to IT realities

Construct SLAs with and for business units using common language
Implement Service Level Management to start at design and be involved throughout life of the service Establish SLAs only within the context of a Service Level Management discipline

All relationships (internal/external) to be consistent with SLAs

Service Level Management - Summary (1)

We need to understand what we mean by Service Management and by a Service Objectives - Improve service quality (customer dependence) - Measurable service levels

- Balance between customer demand and IT capabilities

Activities - Manage customer relationships - Create / maintain Service Catalogue

- Determine SLRs; Negotiate, prepare & monitor Service Charter, SLAs & OLAs, Service Reviews - Service Improvement / Quality plans

Minimum requirements for an agreement

- Service description, service hours, response times, availability, security & continuity targets, critical periods

Service Level Management Summary (2) Other possible clauses

Contingency arrangements, review procedures, change procedures, support services, customer responsibilities, housekeeping, inputs and outputs, charges, glossary

General
Terms and conditions clearly defined and understood Ideally OLAs and contracts are based on targets in the SLA SLAs can be organised by service or by customer
The new generation of service management tools allow SLAs to overlap, usually defaulting to the higher level of service

SLAs must be monitored regularly and reviewed regularly

Monitor to see if service is being delivered to specification Review to see if service specification is still appropriate

NB the quality of IS underpins the success of business operations !

Availability Management

Availability Management - Objectives

To optimize the capability of the IT infrastructure and supporting organisation to deliver a cost effective and sustained level of availability agreed with customers in SLAs. To predict, plan for and manage the availability of services by ensuring that :
All services are underpinned by sufficient, reliable and properly maintained configuration items (CIs) Where CIs are not supported internally there are appropriate contractual arrangements with third party suppliers Changes are proposed to prevent future loss of service availability

When the Customer Cannot Work

An IT service is not available to a user if the functions that the customer requires at that particular location cannot be used although the agreed conditions under which the IT service is supplied are being met

NB Simplistic calculation of % availability in the ITIL book is ( Agreed Service Hours Downtime ) Agreed Service Hours X 100

But what does 90% Availability really mean ?

Aspects of Availability
Reliability Maintainability Resilience Serviceability Security
Confidentialy Integrity Availability

The Incident Life - Cycle

MTTR Mean Time To Repair (Downtime) Detection Repair Restoration

Incident

Diagnosis

Recovery

Incident MTBF Mean Time Between Failures (Uptime)

Time

MTBSI Mean Time Between System Incidents

Availability Formulae Series and Parallel

In Series In Parallel
Avail = 90%

Disk A Monitor A
Avail = 90%

Monitor B Disk B
Avail = 90% Avail = 90%
Available as long as either A or B is working If both components have the same availability formula = 2A-A2=11.80.81=99%

Available only if both work = AxB= 0.9* 0.9 = 0.81 or 81%

Alternatively 1 (A Down) x (B down ) = 1 (.1 * 0.1) = 0.99 or 99%

Component Failure Impact Analysis (CFIA)

Desktop Device #1 Desktop Device #2

Configuration Item Desktop Device #1

Service 1 X

Service 2

Cable #1
Desktop Device #2
Cable 1 Cable 3 Cable 2 Ethernet

Cable #2
Printer 2 Power

X X X

Ethernet Cable #3 Servier

Disk# 1

Server System Software Printer 1 Disk# 2 Application B Application A

Disk #1 Disk #2 Systems Software Application A Application B Printer #1 Printer #2 power

X X X X X

x X

Fault Tree Analysis (FTA)

Service Down inhibit System down Outside Service hours ?

OR
Computer down Application Down Network Down AND Normal Line down Backup line down

Possible Problems
Cost of Availability considered overhead and too expensive Difficult to quantify and cost users availability requirements Hard to find experienced IT professionals Many tools needed to quantify baseline data Dependency on suppliers Understanding the IT infrastructure

Attitudes for Availability

Intimate with other processes
Proactive problem, continuity, SLM, capacity

A team game needs acceptance of concept

for successful implementation

Often done but less often documented

Therefore not repeatable

So not efficient

Benefits
Accurate baseline metrics, leading to more practical and accurate Service Level Agreements (SLAs) Accurate statistics leading to better supplier relations and support. Improved quality and manageability of the IT infrastructure Improved end user services by designing and meeting specific availability targets (SLAs) Improved service levels because of a proactive rather than

reactive approach of problems.

Stronger cost justification and cost effectiveness of IT

Best Practice
Separate technical design from measurement

Do with IT Service Continuity Management

Use in co-operation with Capacity, Cost, and Business Continuity Management Use business language

Availability Management - Summary

Purpose Plan and manage CI availability to meet Customers business objectives Scope Hardware, Software, environment etc. Assessing risk Calculating and monitoring availability MTBSI, MTTR, MTBF, % availability formulae, thresholds, auto-detection Aspects Reliability, Maintainability, Serviceability, Security (CIA) Resilience redundancy, duplexing, fault tolerance Techniques CFIA, FTA, TOP, SOA Incident life-cycle occurrence, detection, diagnosis, repair, recovery,

restoration

IT Service Continuity Management

IT Service Continuity Management Objective

Ensure business survival by reducing impact of disaster or major failure

Reduce vulnerability and risk to the business

Preserve high customer and user confidence Integrate IT plans with overall business continuity.

Why ITSCM and business continutity ?

Increased business dependency on IT

Reduced cost and time of recovery

Cost to customer relationship

Legal and regulatory requirements

Survival Many businesses have failed within a year of suffering a major IT disaster !

ITSCM - Activities
Threats

Value of Assets

Vulnerabilities

Risks
Countermeasures
Managing a Disaster

Planning for potential disasters

The Six ITIL options

Do nothing
Manual work around

Reciprocal arrangement
Gradual recovery (cold standby)

Intermediate recovery (Warm standby)

Immediate recovery (Hot standby)

Fortress ? Fixed Vs. Portable ?

Business Continuity Lifecycle

Initiation Requirements and strategy
- Business impact analysis - Risk assessment - Business continuity strategy

Implementation
- Organisation & implementation planning - Implement standby and risk reduction develop recovery plan

Develop procedures Initial testing (so we know it will work !)

ITSCM Roles in Normal operation

Board level Initiate ITSCM, set policy and allocate responsibilities Direct and authorise Senior management Manage ITSCM and accept deliverables Communicate and maintain awareness Integrate across organisation Junior Management Undertake ITSC analysis Define deliverables and contract for services Manage testing and assurance Supervisors & staff Develop Deliverables and negotiate services Develop, operate and test processes & procedures

ITSCM Roles in Crisis situation

Board Level Crisis management Corporate decisions

External affairs
Senior Management Co-ordination, direction & arbitration Resource authorisation Junior Management Invocation Team leadership & site management Liaison & reporting Supervisors & staff Task execution, team membership. liaison

Test and Review the Plan

Initially then at least annually and after each disaster Test it under realistic circumstances
Move / protect any live services first ! At different times

Review and change plan What changes ? New, more, less of :

Customers / services / SLRs / risks Dependencies / assets / CIs / staff Contracts / SLAs / countermeasures /

ALL changes need to be via formal Change Management

Testing Approaches
Inspection / Walkthrough
Dry-run testing (visit site) Partial test (physical or logical) Test third-party support Announced Unannounced Full test often an unacceptable risk

Possible Problems
Gaining commitment to staffing an IT service Continuity Planning team Constrained to testing the plan on a production system IT Service Continuity Planning not included in departmental budgets Not linked to business continuity Technical plans not service plans Desktop ignored

Benefits
Reduction in the number of breaks and disasters that occur Reduction in the impact of disasters that do occur

Increased ability to recover from IT disasters in a

controlled manner Reduction of lost time, providing greater continuity of service to users Minimal interruption to business

Best Practice
Integrate with and base on thorough Risk Analysis and Management activities. Apply the If its not worth protecting, its not worth doing! approach Use business-oriented risk analysis to drive other processes

Remember if we have enough counter measures, it is less likely to happen. However, it probably will happen .. ONE DAY!

IT Service Continuity Management - Summary

Disasters will happen and will affect services !
Assets / Threats / Vulnerabilities / Risks / Countermeasures Part of Service Planning & design The IT Service Continuity Plan Based upon Business Impact Analysis Assists in fast, controlled recovery Must be given wide but controlled access Contents (incl. Admin, Infrastructure, People, Return to normal) Options gradual (cold), intermediate (warm), immediate (hot), reciprocal, manual work-around, do nothing

Standby options may only be available for limited periods (or not at all!!);
Fixed vs. portable. Must be tested frequently without unacceptably impacting the live

Capacity Management

Capacity Management Objective

To determine the right, cost justifiable, capacity of resources such that the Service Levels agreed with the business are achieved at the right time

Capacity Management Activities

Business Capacity Management Inputs
Implement

Service Capacity Management

Capacity DataBase
Tune Monitor

Resource Capacity Management

Outputs

Business Capacity Management

Trend, forecast, model, prototype, size, document future business requirements. Requires knowledge of Existing service levels and SLAs Future service levels and service level requirements (SLRs) Business plan and capacity plan Modeling techniques Analytical Simulation

Trending
Base lining Application sizing methods

Service Capacity Management

Monitor, analyse, tune and report on service performance Establish baselines and profiles of use of services (peaks, troughs and seasonal variations) Manage demand for service Requires knowledge of Service levels and SLAs Systems, networks and service throughput and performance Monitoring, measurement, analysis, tuning and demand management

Demand Management
Manage demand for resources (typically real time) Smoothing peaks Differential charging Flexible purchase / use of resources Artificial constraints Limit number of concurrent users to prevent resource overload Requires full support and understanding Unpopular measures to protect service Management commitment is vital

Resource Capacity Management

Monitor, analyse, tune and report on the utilisation and performance of components Establish baselines and profiles of use of components Requires knowledge of Current technology and its utilisation Future of alternative technologies

Resilience of systems and services

Inputs and Outputs Capacity plans and reports

Business data Service data Technical data Financial data Utilisation data

Capacity DataBase (CDB)

Management Reports

Technical Reports

Capacity Plan

Capacity Plan
Management Summary Assumptions made (Business and IT strategy) Details of current service level targets and performance against those targets. New services and Service Level Requirements Future resource requirements Likely implications of technical innovation Scenarios and options Investment recommendations

Possible Problems
Skill levels of capacity management staff. Complexity of tools and tool integration Difficult to translate business requirements to system requirements to workloads Over-expectations of possible savings from implementing capacity management Difficult to manage customer expectations with respect to actual capacity and related costs Difficult to translate vendor benchmark results into realistic capacity characteristics in the production environment.

Benefits (No surprises !)

Ability to create, delivery and manage Service Level Agreements (SLAs) Reduced number of problems caused by lack of resources Increased end user satisfaction Increased system availability / resource utilisation Improved capacity forecasting and budgeting capability Improved scheduling for upgrades and hardware installs Improved negotiating position

Best Practice
Capacity requirements are demand-driven
(linked to business) rather than reactive (derived from technology issues) Focus on customer driven metrics Basis in Availability Management

Closely linked to Financial Management

Capacity Management - Summary

Business CM trend, forecast, model, prototype, size, document future business requirements. Service CM Monitor, analyse, tune and report on service performance; establish baselines and profiles of use (incl. peaks & troughs and throughput) of services; manage demand for service Resource CM Monitor, analyse, tune and implement / report on the

utilisation of components; be aware of technological innovation

Application Sizing and Modeling Capacity Planning Defining thresholds and monitoring Capacity Management is a balancing act Cost against Capacity : Supply against Demand

Financial Management

Financial (Cost) Management

Financial Management

Budgeting

Charging (optional) Accounting

Budgeting and Accounting - Objectives

Budgeting Predict and control the money required to run IT services

Day-to-day monitoring of current budgets

Compare actual spend against predicted Accounting

Account for the money spent on IT services

Calculate the cost of IT services Help identify and justify the cost of changes

Budgeting and Accounting are mandatory

Typical input cost types / elements

Hardware (LAN, processor, PC) Accommodation (office, utilities) Software (O/S, applications, tools) People (salaries, benefits, consultancy) External Services (disaster recovery, outsourcing) Transfer (internal charges from other areas)

Different Types of Costs

Either Or

Capital
Outright purchase of fixed assets e.g. new server Direct Costs which can be directly allocated to a single Customer or Customer group Fixed Costs fixed for a reasonable period of time (salaries, depreciation, standing charges)

Operational
Day-to-day costs of running a service; staff, electricity, maintenance, consumables Indirect Costs which must be apportioned across all or a

number of Customer groups

Variable Costs that vary with usage or time (overtime, electricity etc.)

Output Cost Units

Cost per
Customer / business unit Service Department Location Employee e.g. for desktop and network access

Charging Objectives
Recover from customers the costs of the IT services provided Ensure that customers are aware of the costs they impose on IT Operate the IT service as a business unit

Charging is operational
The organisations finance experts will be involved in charging as this is part of the overall accounting strategy

Charging & Pricing Options

Charging needs to be seen as simple, understandable, fair and realistic.

Charging options include :

Cost -------------> Price = cost Cost plus --------> Price = cost + X % Going rate
Comparable with other internal costs or with similar organisations

Market rate
Matches external suppliers

Fixed price
Set price agreed for set period based on anticipated usage

Possible Problems
Skill levels of IT financial management staff, especially finding professional with accounting and IT experience. Political aspects of cost allocation. Monitoring can be expensive Difficult to identify and determine customer based charges. Integration across functions and tools is essential for real leverage. Lack of clear IS strategy and objectives.

Benefits
Costing helps the IT Services Manager to Base decisions about the services to be provided on assessments of cost effectiveness, service by service Make more business-like decisions about IT services and their related investments Provide information to justify IT expenditure

Plan and budget with confidence

Understand the costs of failing to take advantage of strategic opportunities to justify the required expenditure (thereby providing value-added productivity) Help the users understand the costs associated with the services that they utilise.

Financial Management - Summary

Budgeting
Predict, understand and control the budgets and the
spend

Accounting
Calculate the cost of IT services
Help identify and justify the cost of changes e.g. ROI Input cost units and Input cost types (F/V, D/I, C/O) Output business cost units Need for good estimates of business workloads.

Financial Management - Summary

Charging (but not policy)
Determine charges in SLAs (cost recovery, cost +, market rate, etc) Influence customer behaviour Charging does not affect costs directly but is an expensive process

General
Sound stewardship Mininmise risk in decision making Basis of busines estimating, planning, budgeting / forecasting Often used in targets & measures / metrics

Service Support
IT Service Support

Release Change Users Customers Service ` Desk Problem Incident

Configuration

Service Levels

Availability Capacity

IT Continuity IT Finance ` IT Service Delivery IT Service Delivery

Service Desk

Service Desk - Objectives

To be the primary contact point for all users :
Calls Questions Service Requests Complaints Remarks

To manage the incident life-cycle (coordinating resolution, owning incidents) To support business activities

To manager Service Requests

To provide management information

Service Desk Structures

Customer 2

Customer 1

Customer 2

Customer 3

Customer 1

Customer 3

Ops
Service Desk
Desktop

Supplier

Service Desk A

Service Desk B

Supplier

Centralised Service Desk

Centralised

Decentralised

What are the advantages and disadvantages of each type of service Desk, including the Virtual desk?

Hello Can I help you ?

Service Desk Summary

Acts as the Central point of contact between the Customer and the IT service (the buffer between users and the IT Staff) Handles incidents, problems, requests, and questions

Provides an interface for other activities such as Change, Configuration, Release, Service level, and Service continuity Management.
Central, de-centralised, virtual service desks. Requires staff with appropriate attributes and skills Provides business support Good communication

Value of metrics on events / incidents / calls.

Incident Management

Incident Management Objectives

Restore the service to users as quickly as possible with minimum disruption to the business.
Ensuring that the best possible levels of availability and service are maintained.

Ensure best use of resources

Maintain and apply consistent approach to incidents.

The ITIL incident Lifecycle

Incident detection & recording
Initial Classification & Support

Ownership
Monitoring Tracking Communication

Investigation & diagnosis Resolution & Recovery Incident Closure

Prioritization

Impact

Assess and code impact / urgency / priority

Evidence of effect upon business activities Service Levels in danger

Impact

Urgency

Urgency

Evidence of effect upon business deadlines

Prioritise resources

Priority

Manpower
Money Time

Escalation and Referral

Inform / Support (escalation)

Service Desk

Knowledge (functional referral)

Possible Problems
Too many Desks ? Service desk is launched too early and gets swamped Interface and information sharing Ineffective communications between development and service desk (e.g. at roll-outs) Tension between Service desk and other IT units Users try to bypass the system.

No process for escalation

The director as Service desk Concentrating on the Service Desk instead of the overall need for Service management.

Benefits
Higher levels of IT service availability Reduction in time to respond to users and to resolve incidents Earlier & more effective identification of problem areas Fewer incidents and user difficulties with business applications Better utilisation & increased productivity of skilled staff Provides comprehensive and accurate management information for IT and the customer.

Best Practice
Integrate with Service Management. First line fixes are more efficient and quicker but beware loss of data and over reliance on quick fixes Place less emphasis on reducing ITs costs and more on increasing business effectiveness. Position Service desk as the primary interface to IT and use it to increase IT credibility throughout lines of business.

Incident Management Summary

Incident : (Expected) disruption to agreed service
Manage the Incident life-cycle Restore service ASAP Priority determined by business impact and urgency. Correct assessment of priorities enables resources to be deployed in the best interests of the customer. Escalation and referral. Incident closure Scripts, diagnostic aids, forward schedule of change. Comprehensive CMDB invaluable.

Problem Management

Problem Management Objectives

Stabilising IT services through :
Minimising the consequences of incidents Removal of the root causes of incidents Prevention of incidents and problems.

Improving productive use of resources Improving productivity of support staff

Definitions
Problem The unknown root cause of one or more incidents (not necessarily solved at the time the incident is closed). Known Error The successful diagnosis of the root cause of a problem when the configuration items (Cls) at fault are confirmed (and a workaround exists) often removed by implementing a change.

Problem Management Activities

Ownership Monitoring

Problem identification & recording

Initial Classification

Tracking
Communication

Investigation & diagnosis Error identification & recording Error assessment & RFC Review & Closure

Reactive - Proactive
Proactive Reactive

Prevention of problems on other systems and applications Monitoring of Change Management

Initiating changes to combat: Occurrence of incidents Repetition of incidents Identification of trends

Problem identification Problem diagnosis Supplying 2nd / 3rd line incident support

Processing Known Errors from the Development Environment

Live Service
Release Change Building

Service Desk & Incidents

Problem Management

Production known errors

Dev. known errors

Problem

Investigation and diagnosis

Investigation and diagnosis

RFC
Change Management

Possible Problems
Wrong staff in Problem Management team. Poor understanding of the distinct objectives of incident and problem management. Resource conflicts between incident and problem management. Lack of discipline in support teams. Poor communications between systems development and error control in the live environment.

Benefits
Higher availability and less interruption to users by eliminating repeat incidents. Prevention of incidents from spreading across systems or even occurring at all through proactive analysis. Minimization of the consequences of service interruptions. Prevention of know errors from elsewhere being introduced into this environment.

Problem Management - Summary

Problem and Known Error definitions Objectives Manage the problem life cycle (other will implement solutions)

Stabilising services through :

Removing the root causes of incidents Preventing occurrence of incidents and problems Minimising the consequences of incidents (the quick fix) Improving Productive use of resources Activities Problem Control, Error Control (incl. raising RFCs), Management

information
Reactive to proactive (stop problems occurring / recurring) Priorities determined by business impact and urgency.

Configuration Management

Configuration Management Objectives

To define and control the components of the service and infrastructure and maintain accurate configuration information To provide information on the IT infrastructure for all other processes & IT Management

The CMDB
Incident

Problems / KERs

CMDB

Release / Roll Out

Change

Configuration Management
Planning Identification
What is going to be controlled ?

Control
Are you allowed to change it and how is a change to the
configuration controlled ?

Status Accounting
What has changed and why ?

Verification / Audit
Is it what we said we would have ?

Configuration Identification
What is to be controlled (CIs) base selection on Criticality, Risk, Interface, Security, Safety E.g.. email service, web service, server, application, desktop build, network What dependencies / relationships Who is responsible for each CI at which point in its lifecycle (budgetary, change & release authority)

CIs Scope and Detail

Infrastructure

D E T A I L

Accommo dation

Desktop Service

Desktop Assets

People / Users

Network

Standard Software e.g. COTS

Network printer Location PC No break power Office bundle Local Printer

Monitor

Keyboard

Base Unit

Word processor

Web

Email

Scope

Variants
A CI that has the same basic functionality as another CI but is slightly different in some small way
Two printer models with different memory cards A standard package is customised for particular applications or areas of the business. Used when problems or changes affecting one are likely to affect the other.

Examples of Attributes

Unique Identifier

Warranty expiry date

CI Name / Title

License Supply Date Accepted Date Status (current, date & who Status (scheduled, date & who Parent CI(s) Relationships Child CI(s) & Relationships Relationships RFC Numbers Problem & Incident Numbers

Version
Copy or Serial Number Category Type

Location
Source / Supplier Owner Responsible Date owner became responsible Created by / date time Model Number (Hardware)

Comment

Mark which ones are essential for all CI types

Relationships
Logical and physical relationships
E.g. between environments, software, hardware, products, services

Relationships to
Changes, problems, baselines, software builds and releases Traceability back to requirements (status history)

Baselines
A baseline is a specific and consistent configuration of a product or system established at a specific pint in time. It captures the structure and details and is used as : Sound basis for future work Record of CIS affected and actually changed by an RFC A point to fall back to if (or when) things go wrong (such as the ability

to return a service to a trusted state if a change goes wrong)

When would you take a baseline?

Managing Assets & Configurations

An order, approved plan or RFC Life Cycle of an IT asset / configuration item
Order or plan CI Create / acquire CI Install CI Change CI (move, add, change) Disposal / archive CI

Register CI

Register or update CI

Update Record

Update Record

Delete / Archive CI records

Updating the CMDB

Updating CI Records
When new CIs and versions are registered
E.g. new package and license, new contract

Promotion to the next environment (status)

E.g. ordered to delivered, delivered to accepted, development to test, test to live, live to archive Ownership or roles change

Changes, builds and releases create new versions of software and documentation After configuration audits to correct the CM database and records.

Configuration Audit
As Built Baseline Records

Live Infrastructure
App. Server Live

App. Server As Built

Audit Tools & Scripts

NT Server As Built

NT Server Live

Perform audit

Desktop As Built

Log exceptions Notify exceptions Investigate exceptions Follow up and resolve

Desktop Live

Possible Problems
Establishing depth and breadth Interfaces to other systems where CI information is stored. Data collection and maintenance of accuracy Roles and responsibilities in distributed, client / server environments Establishing owners for CIs Over-ambitious schedules and scope Management commitment to importance of Configuration Management as a foundation block

Benefits
Improves asset management Reduces risks from changes Leads to more effective user support

Improves security against malicious changes

Facilitates compliance with legal obligations Supports budget process Facilitates service level management, better planning & design Improves capability to identify, improve, inspect, deliver, operate, repair and upgrade Provides accurate information & configuration history Supports Continuity and Availability

Exercise
Select some important configurations that would need to be held as configuration items in your organization for configuration management e.g. for financial service, email, desktop or web service. Try to classify them as a CI type e.g. Service, System, Hardware, Bespoke Application, External software, Build, Baseline, Release, Accommodation, Facility, Data Set, People What documentation or attributes do you need to define each CI ? What lifecycle states would be appropriate ?

Configuration Management - Summary

Single source and repository for information about the IT infrastructure & services more than an asset register (CMDB)

Activities
Planning and Identification (including relationships) Control, Status Accounting, Verification Management Information Role in assessing impact of changes

Configuration item : Categories, Attributes, Relationships, Status, Unique Id, Version, Owner

Scope and detail (value of the information and level of independent change)
Baselines and Variants Supports all other processes.

Change Management

Change Management Objective

To implement approved changes
that maximize business benefit efficiently, cost effectively and with new IT infrastructure and services

Change Management Activities

Ensure ALL changes are raised and recorded Tracks individual changes Establishes Change Advisory Board / Change Authority The Change Manager Oversees the whole process Oversees building, testing and implementation of authorised changes Co-ordinates the back-out of failed changes Maintains forward schedule of changes (FSC) and Projected Service Availability (PSA) Is a good communicator and provides change management reports Ensures all changes are reviewed for success / failure Monitors and reports on the major metrics of the Change process Provides link to third parties and projects Process is linked to other processes, particularly configuration management.

Example RFC Contents

Unique Ref : Change originator: Trigger for Change e.g. problem no. Justification: Time / Implementation Target & Dependencies

Category e.g. normal / standard

Affected Configuration Item :e.g. SRV003, WORD7 Change Priority e.g. Urgent, High, Medium or Low. Impact and Risk e.g. High, Medium, Low Change Requested By Date / time of Change Request Change Title / Description

Impact Assessment
A summary of the impact to the service, business and technical aspects, that could be affected by these changes .

Specify resource requirements known

risk and concerns. Change Approval Who will approve the RFC ?

Decision : Accepted or rejected

Change Assignment / Builder Signature Block

Urgency and Priority

Impact of Problem

High
Urgency for the remedy

Medium 2

Low
3

High

Medium
Low

2
3

3
4

4
4

Priority 1 2 3 4

Urgent High

Description Necessary immediately. As soon as possible e.g. 8 hours

Medium Will solve irritating or missing functionality. Can be scheduled Minor Improvement Low

Impact of Change
Minor
Little impact on current services. The Change Manager is entitled to authorise this RFC.

Significant
Clear impact on the services. The RFC must be discussed by the Change Advisory Board. The Change Manager requests advice on authorisation and planning.

Major
Significant impact on the services and the business. Considerable manpower and / or resources needed. The RFC will have to be submitted to board level.

Change of Models
Pre-defined by Change Management Agreed with the organisation May be specific to appropriate aspects e.g.
Type (network, software, hardware, location change Urgency or impact Logical or geographical unit of the organisation

Appropriate to all types / levels of change

Standard Changes
Follow an established path (change model) Accepted solution to specific (set of) requirement(s) Crucial elements Tasks well known & proven Authority effectively given in advance Usually initiated by service desk Budgetary authority typically preordained

Change Management Process

Initiation & Sponsorship Filtering Acceptance & Matching Impact and Urgency Assessment, Prioritisation Approval & Authority to Proceed Design Build and Test Approval & Authority to implement Implementation & Operational Review (Back Out if required)

Post implementation Review & Reporting

Closure

Tracking Individual Changes

Management, tracking, administration
Request for Change (RFC) Assess impact Obtain Approval

Initiate Implementation
Develop & Test Change & Implement / Release Change Verification / ` Review Implementation

Configuration Management Database (CMDB)

CLOSE Request for Change

RFCs and Configuration Management

Initial Change Request

Configuration Management Assess Impact & Proposal

C
M D

Software CI to be changed Related Operating CI

Related Training CI

Related Hardware CI

Combines Change Request

Impact and Resource Assessment

Change management, CAB, CAB / EC & other assessors consider the impact of the
change on Customers business Infrastructure & the customers service e.g. SLA, capacity and performance, reliability and resilience, contingency plans, security Impact on other services, projects and non-IT infrastructures within the organisation Effect of not implementing the change Current FSC and Projected Service Availability (PSA) Resources required to implement the change & ongoing resources resulting from the change

Change Advisory Board (CAB)

Change Manager (chair) Service Level Manager

Finance Manager

Release Manager

CAB

Application Manager Office Services Suppliers etc.

Problem Manager

Senior Business Representation CAB/EC is a smaller group / sub-set used for emergency decisions

Possible Problems
Managing the backlog Circumvention of procedures Excessive over-ruling for strategic expedience Suppliers Over zealousness can lead to analysis paralysis particularly in impact analysis e.g. endless meetings / time Unclear responsibilities and definitions.

Benefits
Increased productivity of customers and IT staff Less adverse impact of changes on services Ability to absorb a higher level of error-free change helps speed to market & quality of service Better up-front assessment of the cost and business impact of proposed changes Reduction in the number of disruptive changes Reduction in the number of failed changes Valuable management information

Best Practice
Integrate with Configuration Management and Release Management Go beyond operational environment to encompass projects Separate the process and the management of the process Assign ownership of process as independently as possible of the line hierarchy Plan for urgent changes rather than making urgent changes by circumventing the normal change procedures

Change Management - Summary

Objective Only approved changes made, risk and cost assessed, benefit maximized

Applies to all configuration items

Activities Manage / Filter RFCs; Manage Change Records; Assess impact, risk, urgency, priority & resources; Approve & schedule changes; Oversee

change building, testing & implementation; Review; Business Support.

CAB and CAB / emergency Committee : Membership, Advisory role, Urgent changes Testing of changes and Backout Change models and standard changes Links to Configuration and Release Management Process always ends with a review of the change and closure of the change

record.

Release Management

Release Management Objectives

Holistic view of roll-outs
Hardware, software, connections, staffing and skills, documentation, training, logistics etc.

Integrated with Change and Configuration via combined plan Used for
Large or critical roll-outs Major software roll-outs Distributed software roll-outs e.g. virus update security patch Bundling or batching related sets of changes.

Release Management
Development Environment
Controlled Test Environment
Design, develop, build, configure release Fit for purpose Testing & Release Acceptance

Live Environment

Release Policy (frequency)

Release Planning

Roll-out Planning

Comms., Preparation & Training

Distribution & Installation

Types of Releases
Full Release (Normal Release)
All components of the release are built, tested,
distributed and implemented together

Delta release (Interim Release)

Only those CIs that have actually changed since the last release are included

Package release (Major Release)

Individual releases, both full and delta, are grouped together to form a package for release.

Release Policy
Define the Release Unit, type of release and release frequency Define and publish the release frequency with an agreed limit for change content (business driven). Specification should be frozen sufficiently in advance of the release date to allow for sufficient testing. Release Numbering ensures each release Is allocated a unique release number Urgent changes follow the urgent changes procedure & links to an urgent release management procedure

Release Management Activities

Define the release policies Control the DSL and DHS Plan the content of releases Design and implement distribution & installation procedures Manage and oversee the build, release and rollout of software and related hardware to development, test and live Provide controlled back-out mechanisms for incomplete or failed releases.

DSL and Software Distribution

Mainframe

PC
PDA

DSL
UNIX Web CD ROMs Other Media

Maintain the DSL Quality / virus Checks Enough physical storage space Physical distribution always from the MASTER in the DSL Provide secure environments. Where only correct, authorized and tested versions are installed and copied to during distribution. Use configuration verification and audit to check the configurations Update the CMDB when software is distributed

Possible Problems
Establishing version and release policies with outside vendors Attempts to implement software outside of procedure Creating Definite Software Library Integrating DSL into an automated distribution environment Ensuring no circumvention of numbering policy Excessive over-ruling for management expedience

Benefits
Guaranteed quality of live services The ability to maintain consistency over many locations. Detection and elimination of incorrect versions / unauthorized

copies of software
Better co-ordination of releases to avoid errors. Reduced opportunities for unnoticed introduction of viruses or other

malicious software
Software and hardware assets are properly and securely safeguarded Ability to build and control software used at remote sites from a central location Reduced likelihood of illegal copies of software Baseline and trusted configuration available for fall-back reversions

Release Management Summary

Objectives
Take an holistic view of changes to the infrastructure Ensure all aspects a release are considered together Manage rights and obligations

Activities
Control DSL & DHS, define release, build release, manage release, distribute s/w CIs, software audits Safeguard software and hardware Configuration Items (CIs)

Ensure only tested, authorised software is in the live environment

DSL and DHS Reliable versions of all software and associate CIs (source & object)

Logical / Physical storage

Release Management Summary

Releases
Normal Release Unit, Full/package/delta releases, Numbering, Frequency, Version control for development testing, live, archive Urgent releases backouts / testing / documentation

Summary Slides for Revision

We need to understand what we mean by Service Management and by a service Objectives Improve service quality (customer dependence) Measurable service levels Balance between customer demand and IT capabilities

Service Level Management Summary (1)

Activities

Manage customer relationships

Create / maintain Service Catalogue Determine SLRs; Negotiate, prepare & monitor Service Charter, SLAs & OLAs, Service Reviews Service Improvement / Quality plans Minimum requirements for an agreement Service description, service hours, response times, availability, security & continuity targets, critical periods.

Availability Management Summary

Purpose
Plan and manage CI availability to meet Customers business objectives Scope hardware, software, environment etc.

Assessing risk
Calculating and monitoring availability MTBSI, MTTR, MTBF, % availability formulae, thresholds, autodetection

Aspects
Reliability, Maintainability, Serviceability , Security (CIA) Resilience redundancy, duplexing, fault tolerance Techniques CFIA, FTA, TOP, SOA

Incident life-cycle occurrence, detection, diagnosis, repair, recovery, restoration.

IT Service Continuity Management Summary

Disasters will happen and will affect services Assets / Threats / Vulnerabilities / Risks / Countermeasures

Part of service planning & design

The IT Service Continuity Plan Based upon Business Impact Analysis Assists in fast, controlled recovery Must be given wide but controlled access Contents (incl. admin, Infrastructure, People, Return to normal) Options gradual (cold), intermediate (warm), immediate (hot), reciprocal, manual work-around, do nothing Standby options may only be available for limited periods (or not at all!!). Fixed vs. Portable Must be tested frequently without unacceptably impacting the live service.

Capacity Management - Summary

Business CM trend, forecast, model, prototype, size, document future

business requirements.
Service CM Monitor, analyse, tune and report on service performance; establish baselines and profiles of use (incl. peaks & troughs and throughput) of services; manage demand for service

Resource CM Monitor, analyse, tune and implement / report on the

utilisation of components; be aware of technologies innovation Application Sizing and Modeling Capacity Planning Defining thresholds and monitoring Capacity Management is a balancing act Cost against Capacity : Supply against Demand

Financial Management - Summary

Budgeting
Predict, understand and control the budgets and the spend

Accounting
Calculate the cost of IT services Help identify and justify the cost of changes e.g. ROI Input cost units and Input cost types (F/V, D/I, C/O) Output business cost units

Need for good estimates of business workloads

Financial Management - Summary

Charging (but not policy) Determine charges in SLAs (cost recovery, cost +, market rate, etc) Influence customer behavior Charging does not affect costs directly but is an expensive process General Sound stewardship Minimise risk in decision making Basis of business estimating, planning , budgeting / forecasting Often used in targets & measures / metrics

Service Desk - Summary

Acts as the central point of contact between the Customer and the IT service (the buffer between users and IT staff) Handles incidents, problems, and questions Provides an interface for other activities such as Change, Configuration, Release, Service level, and Service Continuity Management Requires staff with appropriate attributes and skills. Provides business support Good communication Value of metrics on events / incidents / calls

Problem Management - Summary

Problem and Known Error definitions

Objectives
Manage the problem life-cycle (others will implement solutions) Stabilizing services through : Removing the root causes of incidents Preventing occurrence of incidents and problems. Minimizing the consequences of incidents (the quick fix) Improving productive use of resources

Activities
Problem Control, Error Control (incl. raising RFCs), Management information

Reactive to proactive (stop problems occurring / recurring) Priorities determined by business impact and urgency

Incident Management Summary

Incident : (Expected) disruption to agreed service
Manage the Incident life-cycle Restore service ASAP

Priority determined by business impact and urgency

Correct assessment of priorities enables resources to be deployed in the best interests of the customer. Escalation and referral Incident closure Scripts, diagnostic aids, forward schedule of change. Comprehensive CMDB invaluable

Configuration Management - Summary

Single source and repository for information about the IT infrastructure & services more than an asset register (CMDB)

Activities
Planning, Identification, status Accounting, Control, Verification, Management Information Role in assessing impact of changes

Configuration Item:
Categories, Attributes, Relationships, Status, Unique Id., Version, Owner

Scope and detail (Value of the information and level of independent change) Baselines and Variants Supports all other processes.

Change Management - Summary

Objective Only approved changes made, risk and cost assessed, benefit maximised Applies to all configuration items Activities Manage / Filter RFC; Manage Change Record; Assess impact, risk, urgency, priority & resources; Approve & schedule changes; Oversee change building, testing & implementation; Review; Business Support CAB and CAB/ emergency Committee Membership, Advisory role, Urgent changes

Testing of changes and Backout

Change models and standard changes Links to Configuration and Release Management Process always ends with a review of the change and closure of the Change Record.

Release Management - Summary

Objectives Take an holistic view of changes to the infrastructure Ensure all aspects a release are considered together Manage rights and obligations

Activities
Control DSL & DHS, define release, build release, manage release, distribute s/w CIs, software audits Safeguard software and hardware Configuration items (CIs)

Ensure only tested, authorised software is in the live environment

DSL and DHS Reliable versions of all software and associated CIs (source & object) Logical / physical storage

Release Management Summary

Releases
Normal Release Unit, Full / package / delta releases, Numbering, Frequency, Version control for development, testing, live, archive Urgent releases backouts / testing / documentation

Thank You