Documente Academic
Documente Profesional
Documente Cultură
Introduction
IT is the Business The Business is IT Neglect IT Services and the Business will suffer
Distributed world-wide systems Ensure clear boundaries of responsibility between providers, their suppliers and their customers Manage and track component dependencies Faster & Clearer risk analysis (speed to market)
Busy Customers
Mountains ...
Speed to market Constant change Focus on the business Contribute to solving business challenges
Pebbles ...
Uncontrolled and disruptive change Unknown service costs, high peer support costs
Poor Service Level Agreements (SLAs) Unclear responsibilities Unknown components, dependencies and ownership Unable to justify investment or assess risk
ITIL
Deployed Solution
Control Processes
Configuration Management Change Management
Release Processes
Release Management
Relationship Processes
Business Relationship Management Supplier Management
Resolution Processes
Incident Management Problem Management
Automation
Best Practice?
Principles Agreement on specific processes Usually put into writing Reviewed and updated
Proven Is supported by tools Is used world-wide Supported by the International user group (IT Service Management Forum)
Professionalism Managing complex infrastructures and services Understand the core processes and capabilities Decision making metrics
Supply of IT Services:
Need to know and understand: - the requirements of the business as a whole - the capabilities of IT to deliver to its customers
Activities and Functions - Responsibilities and Roles Organization and Resources - Hierarchy / Structure and People / Tools Ownership and Operational Control - Budgets and Service Responsibility
Process Objectives
Inputs
Outputs
Process Enablers
Balance:
Resources
Roles
Quality Drivers
Security
SEI - Capability Maturity Models (CMM EFQM - European Foundation for Quality
Management
Results 50%
People Satisfaction 9%
Leadership
10%
Processes 14%
Impact on Society 6%
Quality Drivers
Overview of ITIL
Configuration
IT Continuity
IT Service Delivery
The IT Image
SLM
Service Desk
Service Desk
Central (or Single) point of contact Handles incidents and requests Interface to:
Change Problem
Configuration
Release Service Level Management
Incident
- Any event which is not part of the standard operation of a service
and which causes or may cause an interruption to or a reduction in the quality of that service
Problem
- The unknown root cause of one or more incidents (not necessarily
Known Error
- The successful diagnosis of the root cause of a problem when the
configuration items (Cis) at fault are confirmed (and a workaround exits) - often removed by implementing a change.
Users
The people who use the service on a day-today basis.
Incident Management
Problem Management
To minimise the adverse effect of incidents and problems to the business
Prioritisation of problems Investigation of underlying causes Proactive prevention of incidents Initiating corrective change
Change Management
Standardized method & procedures Prompt handling of requests for change Scheduling and overseeing changes Balance between need and detrimental impact
Change Management
Objective: To ensure that changes that maximize customer or business benefit are implemented in a controlled manner, efficiently and effectively. External IT Services
Release Management
Configuration Management
What there is
Where it is How it is joined up
Availability Management
Optimise capability
against availability
requirements
Can you think of examples of how availability can be measured? How useful are your examples to the business?
Capacity Management
Understood current and future requirements
No surprises.
Charging (optional)
Cost effective stewardship
Documented, agreed, measured and reviewed service levels Maintain and improve business aligned IT quality Joint responsibility with customer focus
Service Delivery
IT Service Support
Configuration
IT Continuity
IT Service Delivery
Supply of
IT Services
IT Services
By:
Customer
User Business
User
Supplier 4 Supplier 3
Supplier 2 Supplier 4
Supplier 6
Many customers Supplier 5 Many users Many suppliers Complex supply chain
Service Catalogue
Details the full range of services and sometimes the different levels of service that are available to customers.
It defines agreed expectations What you choose to define as a Service to your organization is a business decision
Examples are: Payroll service, printing service, email service, PC delivery and installation service
Service requirements Develop and maintain service catalogue Service Level agreements Operational level agreements & contracts Managing customer expectations
Sales
Service Level Agreements - SLAs Customer Facing IT Service Management Underpinning Contracts, UPCs
Supplier X Telecoms
Networks Supplier Y WAN
Service Level
(all issues relevant to a specific Service within this customer group)
Specifying a Service
Be sure you can measure and agree who, how and when Check definitions are understood (glossary) Be customer orientated
Possible Problems
Customers have difficulty identifying requirements IT has difficulty identifying the customer Focused on IT deliverables instead of service as perceived by customer Necessary disciplines not in place or not integrated with Service Level Management Differences between costing and charging not always appreciated by internal clients Investment in broad-based budget, not focused on a specific SLA, makes improvement difficult Managers over-ambitious but not willing to invest in underpinning processes Lack of discipline and/or necessary formality
Benefits
Establish more business-like relationships through measurable and realistic service level agreements.
Accurately balance the service requirements of customers against the costs and complexity of providing those services.
Accurately specify IT resources. Reduce unpredictable demand. Cut procurement costs through better information for on-time negotiations with suppliers.
Best Practice
Construct SLAs with and for business units using common language
Implement Service Level Management to start at design and be involved throughout life of the service Establish SLAs only within the context of a Service Level Management discipline
We need to understand what we mean by Service Management and by a Service Objectives - Improve service quality (customer dependence) - Measurable service levels
- Determine SLRs; Negotiate, prepare & monitor Service Charter, SLAs & OLAs, Service Reviews - Service Improvement / Quality plans
- Service description, service hours, response times, availability, security & continuity targets, critical periods
General
Terms and conditions clearly defined and understood Ideally OLAs and contracts are based on targets in the SLA SLAs can be organised by service or by customer
The new generation of service management tools allow SLAs to overlap, usually defaulting to the higher level of service
Availability Management
To optimize the capability of the IT infrastructure and supporting organisation to deliver a cost effective and sustained level of availability agreed with customers in SLAs. To predict, plan for and manage the availability of services by ensuring that :
All services are underpinned by sufficient, reliable and properly maintained configuration items (CIs) Where CIs are not supported internally there are appropriate contractual arrangements with third party suppliers Changes are proposed to prevent future loss of service availability
NB Simplistic calculation of % availability in the ITIL book is ( Agreed Service Hours Downtime ) Agreed Service Hours X 100
Aspects of Availability
Reliability Maintainability Resilience Serviceability Security
Confidentialy Integrity Availability
Incident
Diagnosis
Recovery
Time
Disk A Monitor A
Avail = 90%
Monitor B Disk B
Avail = 90% Avail = 90%
Available as long as either A or B is working If both components have the same availability formula = 2A-A2=11.80.81=99%
Service 1 X
Service 2
Cable #1
Desktop Device #2
Cable 1 Cable 3 Cable 2 Ethernet
Cable #2
Printer 2 Power
X X X
Disk# 1
X X X X X
x X
OR
Computer down Application Down Network Down AND Normal Line down Backup line down
Possible Problems
Cost of Availability considered overhead and too expensive Difficult to quantify and cost users availability requirements Hard to find experienced IT professionals Many tools needed to quantify baseline data Dependency on suppliers Understanding the IT infrastructure
So not efficient
Benefits
Accurate baseline metrics, leading to more practical and accurate Service Level Agreements (SLAs) Accurate statistics leading to better supplier relations and support. Improved quality and manageability of the IT infrastructure Improved end user services by designing and meeting specific availability targets (SLAs) Improved service levels because of a proactive rather than
Best Practice
Separate technical design from measurement
restoration
Survival Many businesses have failed within a year of suffering a major IT disaster !
ITSCM - Activities
Threats
Value of Assets
Vulnerabilities
Risks
Countermeasures
Managing a Disaster
Reciprocal arrangement
Gradual recovery (cold standby)
Implementation
- Organisation & implementation planning - Implement standby and risk reduction develop recovery plan
External affairs
Senior Management Co-ordination, direction & arbitration Resource authorisation Junior Management Invocation Team leadership & site management Liaison & reporting Supervisors & staff Task execution, team membership. liaison
Testing Approaches
Inspection / Walkthrough
Dry-run testing (visit site) Partial test (physical or logical) Test third-party support Announced Unannounced Full test often an unacceptable risk
Possible Problems
Gaining commitment to staffing an IT service Continuity Planning team Constrained to testing the plan on a production system IT Service Continuity Planning not included in departmental budgets Not linked to business continuity Technical plans not service plans Desktop ignored
Benefits
Reduction in the number of breaks and disasters that occur Reduction in the impact of disasters that do occur
Best Practice
Integrate with and base on thorough Risk Analysis and Management activities. Apply the If its not worth protecting, its not worth doing! approach Use business-oriented risk analysis to drive other processes
Remember if we have enough counter measures, it is less likely to happen. However, it probably will happen .. ONE DAY!
Standby options may only be available for limited periods (or not at all!!);
Fixed vs. portable. Must be tested frequently without unacceptably impacting the live
Capacity Management
Capacity DataBase
Tune Monitor
Outputs
Trending
Base lining Application sizing methods
Demand Management
Manage demand for resources (typically real time) Smoothing peaks Differential charging Flexible purchase / use of resources Artificial constraints Limit number of concurrent users to prevent resource overload Requires full support and understanding Unpopular measures to protect service Management commitment is vital
Management Reports
Technical Reports
Capacity Plan
Capacity Plan
Management Summary Assumptions made (Business and IT strategy) Details of current service level targets and performance against those targets. New services and Service Level Requirements Future resource requirements Likely implications of technical innovation Scenarios and options Investment recommendations
Possible Problems
Skill levels of capacity management staff. Complexity of tools and tool integration Difficult to translate business requirements to system requirements to workloads Over-expectations of possible savings from implementing capacity management Difficult to manage customer expectations with respect to actual capacity and related costs Difficult to translate vendor benchmark results into realistic capacity characteristics in the production environment.
Best Practice
Capacity requirements are demand-driven
(linked to business) rather than reactive (derived from technology issues) Focus on customer driven metrics Basis in Availability Management
Financial Management
Budgeting
Capital
Outright purchase of fixed assets e.g. new server Direct Costs which can be directly allocated to a single Customer or Customer group Fixed Costs fixed for a reasonable period of time (salaries, depreciation, standing charges)
Operational
Day-to-day costs of running a service; staff, electricity, maintenance, consumables Indirect Costs which must be apportioned across all or a
Charging Objectives
Recover from customers the costs of the IT services provided Ensure that customers are aware of the costs they impose on IT Operate the IT service as a business unit
Charging is operational
The organisations finance experts will be involved in charging as this is part of the overall accounting strategy
Market rate
Matches external suppliers
Fixed price
Set price agreed for set period based on anticipated usage
Possible Problems
Skill levels of IT financial management staff, especially finding professional with accounting and IT experience. Political aspects of cost allocation. Monitoring can be expensive Difficult to identify and determine customer based charges. Integration across functions and tools is essential for real leverage. Lack of clear IS strategy and objectives.
Benefits
Costing helps the IT Services Manager to Base decisions about the services to be provided on assessments of cost effectiveness, service by service Make more business-like decisions about IT services and their related investments Provide information to justify IT expenditure
Accounting
Calculate the cost of IT services
Help identify and justify the cost of changes e.g. ROI Input cost units and Input cost types (F/V, D/I, C/O) Output business cost units Need for good estimates of business workloads.
General
Sound stewardship Mininmise risk in decision making Basis of busines estimating, planning, budgeting / forecasting Often used in targets & measures / metrics
Service Support
IT Service Support
Configuration
Service Levels
Availability Capacity
Service Desk
To manage the incident life-cycle (coordinating resolution, owning incidents) To support business activities
Customer 1
Customer 2
Customer 3
Customer 1
Customer 3
Ops
Service Desk
Desktop
Supplier
Service Desk A
Service Desk B
Supplier
Centralised
Decentralised
What are the advantages and disadvantages of each type of service Desk, including the Virtual desk?
Provides an interface for other activities such as Change, Configuration, Release, Service level, and Service continuity Management.
Central, de-centralised, virtual service desks. Requires staff with appropriate attributes and skills Provides business support Good communication
Incident Management
Ownership
Monitoring Tracking Communication
Prioritization
Impact
Impact
Urgency
Urgency
Prioritise resources
Priority
Manpower
Money Time
Service Desk
Possible Problems
Too many Desks ? Service desk is launched too early and gets swamped Interface and information sharing Ineffective communications between development and service desk (e.g. at roll-outs) Tension between Service desk and other IT units Users try to bypass the system.
Benefits
Higher levels of IT service availability Reduction in time to respond to users and to resolve incidents Earlier & more effective identification of problem areas Fewer incidents and user difficulties with business applications Better utilisation & increased productivity of skilled staff Provides comprehensive and accurate management information for IT and the customer.
Best Practice
Integrate with Service Management. First line fixes are more efficient and quicker but beware loss of data and over reliance on quick fixes Place less emphasis on reducing ITs costs and more on increasing business effectiveness. Position Service desk as the primary interface to IT and use it to increase IT credibility throughout lines of business.
Problem Management
Definitions
Problem The unknown root cause of one or more incidents (not necessarily solved at the time the incident is closed). Known Error The successful diagnosis of the root cause of a problem when the configuration items (Cls) at fault are confirmed (and a workaround exists) often removed by implementing a change.
Tracking
Communication
Investigation & diagnosis Error identification & recording Error assessment & RFC Review & Closure
Reactive - Proactive
Proactive Reactive
Problem Management
Problem
RFC
Change Management
Possible Problems
Wrong staff in Problem Management team. Poor understanding of the distinct objectives of incident and problem management. Resource conflicts between incident and problem management. Lack of discipline in support teams. Poor communications between systems development and error control in the live environment.
Benefits
Higher availability and less interruption to users by eliminating repeat incidents. Prevention of incidents from spreading across systems or even occurring at all through proactive analysis. Minimization of the consequences of service interruptions. Prevention of know errors from elsewhere being introduced into this environment.
information
Reactive to proactive (stop problems occurring / recurring) Priorities determined by business impact and urgency.
Configuration Management
The CMDB
Incident
Problems / KERs
CMDB
Change
Configuration Management
Planning Identification
What is going to be controlled ?
Control
Are you allowed to change it and how is a change to the
configuration controlled ?
Status Accounting
What has changed and why ?
Verification / Audit
Is it what we said we would have ?
Configuration Identification
What is to be controlled (CIs) base selection on Criticality, Risk, Interface, Security, Safety E.g.. email service, web service, server, application, desktop build, network What dependencies / relationships Who is responsible for each CI at which point in its lifecycle (budgetary, change & release authority)
D E T A I L
Accommo dation
Desktop Service
Desktop Assets
People / Users
Network
Monitor
Keyboard
Base Unit
Word processor
Web
Scope
Variants
A CI that has the same basic functionality as another CI but is slightly different in some small way
Two printer models with different memory cards A standard package is customised for particular applications or areas of the business. Used when problems or changes affecting one are likely to affect the other.
Examples of Attributes
Unique Identifier
CI Name / Title
License Supply Date Accepted Date Status (current, date & who Status (scheduled, date & who Parent CI(s) Relationships Child CI(s) & Relationships Relationships RFC Numbers Problem & Incident Numbers
Version
Copy or Serial Number Category Type
Location
Source / Supplier Owner Responsible Date owner became responsible Created by / date time Model Number (Hardware)
Comment
Relationships
Logical and physical relationships
E.g. between environments, software, hardware, products, services
Relationships to
Changes, problems, baselines, software builds and releases Traceability back to requirements (status history)
Baselines
A baseline is a specific and consistent configuration of a product or system established at a specific pint in time. It captures the structure and details and is used as : Sound basis for future work Record of CIS affected and actually changed by an RFC A point to fall back to if (or when) things go wrong (such as the ability
Register CI
Register or update CI
Update Record
Update Record
Updating CI Records
When new CIs and versions are registered
E.g. new package and license, new contract
Changes, builds and releases create new versions of software and documentation After configuration audits to correct the CM database and records.
Configuration Audit
As Built Baseline Records
Live Infrastructure
App. Server Live
NT Server As Built
NT Server Live
Perform audit
Desktop As Built
Desktop Live
Possible Problems
Establishing depth and breadth Interfaces to other systems where CI information is stored. Data collection and maintenance of accuracy Roles and responsibilities in distributed, client / server environments Establishing owners for CIs Over-ambitious schedules and scope Management commitment to importance of Configuration Management as a foundation block
Benefits
Improves asset management Reduces risks from changes Leads to more effective user support
Exercise
Select some important configurations that would need to be held as configuration items in your organization for configuration management e.g. for financial service, email, desktop or web service. Try to classify them as a CI type e.g. Service, System, Hardware, Bespoke Application, External software, Build, Baseline, Release, Accommodation, Facility, Data Set, People What documentation or attributes do you need to define each CI ? What lifecycle states would be appropriate ?
Activities
Planning and Identification (including relationships) Control, Status Accounting, Verification Management Information Role in assessing impact of changes
Configuration item : Categories, Attributes, Relationships, Status, Unique Id, Version, Owner
Scope and detail (value of the information and level of independent change)
Baselines and Variants Supports all other processes.
Change Management
Impact Assessment
A summary of the impact to the service, business and technical aspects, that could be affected by these changes .
High
Urgency for the remedy
Medium 2
Low
3
High
Medium
Low
2
3
3
4
4
4
Priority 1 2 3 4
Urgent High
Medium Will solve irritating or missing functionality. Can be scheduled Minor Improvement Low
Impact of Change
Minor
Little impact on current services. The Change Manager is entitled to authorise this RFC.
Significant
Clear impact on the services. The RFC must be discussed by the Change Advisory Board. The Change Manager requests advice on authorisation and planning.
Major
Significant impact on the services and the business. Considerable manpower and / or resources needed. The RFC will have to be submitted to board level.
Change of Models
Pre-defined by Change Management Agreed with the organisation May be specific to appropriate aspects e.g.
Type (network, software, hardware, location change Urgency or impact Logical or geographical unit of the organisation
Standard Changes
Follow an established path (change model) Accepted solution to specific (set of) requirement(s) Crucial elements Tasks well known & proven Authority effectively given in advance Usually initiated by service desk Budgetary authority typically preordained
Initiate Implementation
Develop & Test Change & Implement / Release Change Verification / ` Review Implementation
C
M D
Related Training CI
Related Hardware CI
Finance Manager
Release Manager
CAB
Problem Manager
Senior Business Representation CAB/EC is a smaller group / sub-set used for emergency decisions
Possible Problems
Managing the backlog Circumvention of procedures Excessive over-ruling for strategic expedience Suppliers Over zealousness can lead to analysis paralysis particularly in impact analysis e.g. endless meetings / time Unclear responsibilities and definitions.
Benefits
Increased productivity of customers and IT staff Less adverse impact of changes on services Ability to absorb a higher level of error-free change helps speed to market & quality of service Better up-front assessment of the cost and business impact of proposed changes Reduction in the number of disruptive changes Reduction in the number of failed changes Valuable management information
Best Practice
Integrate with Configuration Management and Release Management Go beyond operational environment to encompass projects Separate the process and the management of the process Assign ownership of process as independently as possible of the line hierarchy Plan for urgent changes rather than making urgent changes by circumventing the normal change procedures
record.
Release Management
Integrated with Change and Configuration via combined plan Used for
Large or critical roll-outs Major software roll-outs Distributed software roll-outs e.g. virus update security patch Bundling or batching related sets of changes.
Release Management
Development Environment
Controlled Test Environment
Design, develop, build, configure release Fit for purpose Testing & Release Acceptance
Live Environment
Release Planning
Roll-out Planning
Types of Releases
Full Release (Normal Release)
All components of the release are built, tested,
distributed and implemented together
Release Policy
Define the Release Unit, type of release and release frequency Define and publish the release frequency with an agreed limit for change content (business driven). Specification should be frozen sufficiently in advance of the release date to allow for sufficient testing. Release Numbering ensures each release Is allocated a unique release number Urgent changes follow the urgent changes procedure & links to an urgent release management procedure
PC
PDA
DSL
UNIX Web CD ROMs Other Media
Maintain the DSL Quality / virus Checks Enough physical storage space Physical distribution always from the MASTER in the DSL Provide secure environments. Where only correct, authorized and tested versions are installed and copied to during distribution. Use configuration verification and audit to check the configurations Update the CMDB when software is distributed
Possible Problems
Establishing version and release policies with outside vendors Attempts to implement software outside of procedure Creating Definite Software Library Integrating DSL into an automated distribution environment Ensuring no circumvention of numbering policy Excessive over-ruling for management expedience
Benefits
Guaranteed quality of live services The ability to maintain consistency over many locations. Detection and elimination of incorrect versions / unauthorized
copies of software
Better co-ordination of releases to avoid errors. Reduced opportunities for unnoticed introduction of viruses or other
malicious software
Software and hardware assets are properly and securely safeguarded Ability to build and control software used at remote sites from a central location Reduced likelihood of illegal copies of software Baseline and trusted configuration available for fall-back reversions
Activities
Control DSL & DHS, define release, build release, manage release, distribute s/w CIs, software audits Safeguard software and hardware Configuration Items (CIs)
We need to understand what we mean by Service Management and by a service Objectives Improve service quality (customer dependence) Measurable service levels Balance between customer demand and IT capabilities
Activities
Purpose
Plan and manage CI availability to meet Customers business objectives Scope hardware, software, environment etc.
Assessing risk
Calculating and monitoring availability MTBSI, MTTR, MTBF, % availability formulae, thresholds, autodetection
Aspects
Reliability, Maintainability, Serviceability , Security (CIA) Resilience redundancy, duplexing, fault tolerance Techniques CFIA, FTA, TOP, SOA
business requirements.
Service CM Monitor, analyse, tune and report on service performance; establish baselines and profiles of use (incl. peaks & troughs and throughput) of services; manage demand for service
Accounting
Calculate the cost of IT services Help identify and justify the cost of changes e.g. ROI Input cost units and Input cost types (F/V, D/I, C/O) Output business cost units
Objectives
Manage the problem life-cycle (others will implement solutions) Stabilizing services through : Removing the root causes of incidents Preventing occurrence of incidents and problems. Minimizing the consequences of incidents (the quick fix) Improving productive use of resources
Activities
Problem Control, Error Control (incl. raising RFCs), Management information
Reactive to proactive (stop problems occurring / recurring) Priorities determined by business impact and urgency
Activities
Planning, Identification, status Accounting, Control, Verification, Management Information Role in assessing impact of changes
Configuration Item:
Categories, Attributes, Relationships, Status, Unique Id., Version, Owner
Scope and detail (Value of the information and level of independent change) Baselines and Variants Supports all other processes.
Activities
Control DSL & DHS, define release, build release, manage release, distribute s/w CIs, software audits Safeguard software and hardware Configuration items (CIs)
Thank You