ITIL is a Registered Trade Mark, and a Registered Community Trade Mark of the Office of Government Commerce, and is Registered in the U.S. Patent and Trademark Office. IT Infrastructure Library is a Registered Trade Mark of the Central Computer and Telecommunications Agency which is now part of the Office of Government Commerce.
3/31/2012
Page 1
Introduction
ITIL History What is ITIL? The ITIL Framework ITIL Certifications Benefits of ITIL Remember about ITIL
3/31/2012
Page 2
ITIL History
In the late 1980s, the British govt. asked the Central Computer and Telecommunications Agency (CCTA) to structure the IT organisations of the British government agencies.
This resulted in the IT Infrastructure Library, a library of books describing best practices in IT management, and a detailed approach for the implementation of these best practices.
The aims of the CCTA in developing the IT Infrastructure Library were: to facilitate the quality management of IT services. increase the efficiency with which the corporate objectives are met. to improve efficiency, increase effectiveness, and reduce risks. to provide codes of practice in support of total quality.
3/31/2012
Page 3
What is ITIL?
ITIL is a compilation of best practices in IT Service Management, developed by the OGC (Office of Govt. Commerce) and supported by publications, qualifications and an international user group. ITIL defines the organisational structure and skill requirements of an information technology organisation and a set of standard operational management procedures to allow the organisation to manage an IT operation and associated IT infrastructure. ITIL does not set in stone every action you should do on a day-to-day basis as that is something which differs from organisation to organisation. Instead, it allows the IT Infrastructure Library to be utilised within organisations with existing methods and activities in Service Management. IT Service Management is concerned with delivering and supporting IT services that are appropriate to the business requirements of the organisation.
3/31/2012
Page 4
Service Support
describes the processes associated with the day-to day support and maintenance activities associated with the provision of IT services
Service Delivery
covers the processes required for the planning and delivery of quality IT services and looks at the longer term processes associate with improving the quality of IT services delivered
3/31/2012
Page 5
Application Management
describes how to manage applications from the initial business need, through all stages in the application lifecycle, up to and including retirement. It places emphasis on ensuring that IT projects and strategies are tightly aligned with those of the business throughout the application lifecycle, to ensure that the business obtains best value from its investment.
3/31/2012
Page 6
Security Management
details the process of planning and managing a defined level of security for information and IT services, including all aspects associated with reaction to security Incidents. It also includes the assessment and management of risks and vulnerabilities, and the implementation of cost justifiable countermeasures
3/31/2012
Page 7
3/31/2012
Page 8
ITIL Framework
Service Desk Configuration Management Incident Management Problem Management Change Management Release Management
Planning to implement service management
Service Level Management Availability Management Capacity Management Financial Management for IT Services IT Services Continuity Management
Guidance on integrating the business perspective into every aspect of service management
Service management
Service support
The business
Service delivery
Software Asset Management
Security management
IT Infrastructure Security Management Security setup from the IT manager's point of view
Application management
What is the vision? Where are we now? Where do we want to be? How do we check our milestones? How do we keep momentum?
Organization & Roles Process Overview Tools & Technology Partners and SAM
Manage the Business Value Align Service Delivery with Business Strategy Drivers and Organizational Capability Application Lifecycle Management Organization Roles and Functions Control Methods and Techniques 3/31/2012 Page 9
ITIL Framework
( contd )
The two most commonly used disciplines are Service Support and Service Delivery Service Support comprises of : Service Desk Incident Management Problem Management Configuration Management Change Management Release Management
Service Delivery comprises of : Service Level Management Financial Management for IT Services Capacity Management Availability Management IT Service Continuity Management
3/31/2012
Page 10
3/31/2012
Page 11
Service Management
Service Delivery
Availability Problem Capacity Change ITSCM Define what services and service levels will be supported and delivered Release SLM Ensure the greed services are available at agreed levels Ensure agreed services have the required and agreed to capacity
Service Support
Incident Service Desk
Identify root causes of incidents and submit RFCs to remove them Single Point of Contact for users of IT Services Ensure standard methods and procedures are used from the RFCs to the PIR Manage major hardware and software releases as part of effective change management Manage technical information regarding the version, status, ownership and relationships among IT assets.
FMITS
Config
Ensure agreed-to services can recover after a disruption as a part of business continuity management
3/31/2012
Page 12
ITIL Certifications
ITIL accreditation demonstrates that an individual has met the standards in Service Management as set by an examination certification board comprising representatives of OGC, itSMF and the Examination Institutes
Official qualifications based on ITIL are currently offered by the following Examination Institutes :
ISEB (The Information Systems Examination Board), a wholly owned subsidiary of the British Computer Society EXIN (the European Examination Institute for Information Science) in the Netherlands
ITIL qualifications are recognised world-wide. Whether you passed your exam via ISEB or EXIN, the qualification is recognised by the industry
3/31/2012
Page 13
ITIL Certifications
(contd..)
Foundations Certificate
This is designed to provide a foundation level of knowledge in IT Service Management and is aimed at all personnel who wish to become familiar with the best practices for IT Service Management
Practitioners Certificate
This is aimed at those who are responsible within their organisation for designing specific processes within the IT Service Management discipline, and performing the activities that belong to those processes
Managers Certificate
This is aimed at those who need to demonstrate a capability for managing ITIL-based solutions across the breadth of the Service Management subjects.
3/31/2012
Page 14
ITIL Certifications
Foundations
Essential (2 days)
Practitioners (9 certificates)
Change Manager (5 days)
Prerequisites form assessed by Examination Board In course assessment 3 hour examination (essay form)
Service Delivery (5 days) Service Support (5 days)
Service Manager
3/31/2012 Page 15
Benefits of ITIL
Adopting ITIL guidance can provide such benefits as: Continuous improvement in the delivery of quality IT services Reduced long term costs through improved Return On Investment through process improvement Demonstrable Value For Money to the business, the board and stakeholders, through greater efficiency Reduced risk of not meeting business objectives, through the delivery of rapidly recoverable, consistent services
Improved communication and better working relationships between IT and the business
The ability to absorb a higher rate of Change with an improved, measurable rate of success Processes and procedures that can be audited for compliance to best practice guidelines
3/31/2012
Page 16
3/31/2012
Page 17
Service Support
Service Desk Incident Management Problem Management Change Management Release Management Configuration Management
3/31/2012
Page 18
Service Support
3/31/2012
Page 19
Incident Management
Restore normal service operations as quickly as possible Should interface closely with Problem Management, Change management and the Service Desk Incident priorities and escalation procedures need to be agreed as part of the Service Level Management process and documented in the SLAs
3/31/2012 Page 20
Change Management
Ensure standardized methods and procedures are used for efficient, prompt and authorized handling of all changes in the IT Infrastructure
Configuration Management
Provide a logical model of the IT Infrastructure by identifying, controlling, maintaining and verifying the versions of all Configuration Items (CIs)
Stores information in the CMDB of what CIs available, where are they available and how are they inter-connected
3/31/2012
Page 22
Service Support
Service Desk Incident Management Problem Management Change Management Release Management Configuration Management
3/31/2012
Page 23
Service Desk
Service Desk acts as the Single Point of Contact (SPOC) between the users and the IT Services Organization
ITIL defines customers and users : Customers : People (generally senior managers) who commission, pay for and own the IT Services, sometimes referred to as "the business" Users : People who use the services on a day-to-day basis
3/31/2012
Page 24
Service Desk
(contd..)
The primary functions of the Service Desk are : Incident Control : life cycle management of all Service Requests Communication : keeping the customer informed of progress and advising on workarounds It handles all incoming calls and only directs them through to the second or third tier support when necessary : for the customer, the advantage is that they dont have to ring around searching for the right person to solve their problem for IT personnel, it means that they only have to deal with issues that are related to their skills or area of responsibility
3/31/2012
Page 25
Service Desk
- Types
HelpDesk
manage, co-ordinate and resolve incidents as quickly as possible
Service Desk
not only handles incidents, problems and questions but also provides an interface for other activities such as change requests, maintenance contracts, software licenses, Service Level Management, Configuration Management, Availability Management, Financial Management and IT Services Continuity Management
3/31/2012 Page 26
Service Desk
- Types
Many Call Centres and HelpDesks naturally evolve into Service Desks to improve and extend overall service to the Customers and the Business All three functions share common characteristics : they represent the service provider to the Customer and the User (internal or external) they operate on the principle that customer satisfaction and perception is critical they depend on blending people, processes and technology to deliver a service
3/31/2012
Page 27
Service Desk
- Structures
The three types of structure that can be considered are : Local Service Desk
to meet local business needs - is practical only until multiple locations requiring support services are involved
3/31/2012
Page 28
Service Desk
- Local
3/31/2012
Page 29
Service Desk
- Central
3/31/2012
Page 30
Service Desk
- Virtual
3/31/2012
Page 31
Service Desk
- Functions
The common Service Desk functions include : receiving calls and first-line customer liaison recording and tracking incidents and complaints keeping customers informed on request status and progress making an initial assessment of requests, attempting to resolve them or refer them to someone who can, based on agreed service levels managing the request life-cycle, including closure and verification communicating planned and short-term changes of service levels to customers coordinating second-line and third party support groups providing management information and suggestions for service improvement identifying or contributing to problem identification highlighting Customer training and education needs closing incidents after confirmation with the Customer
3/31/2012
Page 32
Service Desk
Customer-focused
- Staff Profile
A Service Desk staff member should be : articulate and methodical trained in interpersonal skills multilingual (if required) able to understand the businesss objectives able to understand and accept that: the Customers Problem affects the business without the Customer there is no support department the Customer is an expert in their own field genuinely wanting to deliver a first-class service
3/31/2012
Page 33
Service Desk
- Benefits
A Service Desk benefits an organisation by : improved customer service, perception and satisfaction increased accessibility through a single point of contact, communication, and information. better quality and speedier turnaround of customer requests improved teamwork and communication enhanced focus and a proactive approach to service provision reduced negative business impact better managed infrastructure and improved control improved usage of IT support resources and increased productivity of business personnel more meaningful management information for decision support
3/31/2012
Page 34
Service Desk
To introduce and maintain a successful Service Desk, it is essential that: business needs and requirements are understood Customer requirements are understood
investment is made in training for customers, support teams and Service Desk staff
service objectives, goals and deliverables are clearly defined service levels are practical, agreed and regularly reviewed
3/31/2012
Page 35
Service Support
Service Desk Incident Management Problem Management Change Management Release Management Configuration Management
3/31/2012
Page 36
Incident Management
An Incident is defined as any event which is not part of the standard operation of a service and which causes or may cause, an interruption to, or a reduction in, the quality of that service The primary goal of Incident Management is to restore normal service operations as quickly as possible with the least possible impact on business operations, at a cost-effective price, thus ensuring that the optimum levels of service quality and availability are maintained In lay-man terms, Incident Management is similar to fire-fighting Inputs for Incident Management mostly come from users (through the Service Desk), but can have other sources as well like Automatic Detection Systems or Release Management
3/31/2012
Page 37
3/31/2012
Page 38
Incident Management
Functions
3/31/2012
Page 39
Incident Management
Incident detection and recording Classification and initial support
- Functions
3/31/2012
Page 40
Incident Management
- Functions
Actions
record basic details of the Incident alert specialist support group(s) as necessary start procedures for handling the service request
Outputs
updated details of Incidents the recognition of any errors on the CMDB notice to Customers when an Incident has been resolved
3/31/2012
Page 41
Incident Management
Inputs
- Functions
Actions
matching against Known Errors and Problems informing Problem Management of the existence of new Problems and of unmatched or multiple Incidents assigning impact and urgency, and thereby defining priority providing initial support (assess Incident details, find quick resolution) closing the Incident/routing to a specialist support group, and informing User(s).
Outputs
RFC for Incident resolution updated Incident details, and
Work-arounds for Incidents, or Incident routed to second- or third-line support
3/31/2012 Page 42
Incident Management
- Incident Classification
3/31/2012
Page 43
Incident Management
Categorisation Application
Service not available Application bug/query
- Incident Classification
Hardware
Automatic alert Printer not printing
Service Request
Password forgotten
Security Incident
Virus
3/31/2012
Page 44
3/31/2012
Page 45
Incident Management
Prioritising
- Incident Classification
The priority with which Incidents need to be resolved and therefore the amount of effort put into the resolution of and recovery from Incidents, will depend upon : The impact on the business The urgency with which a resolution/work-around is needed The size, scope and complexity of the Incident The resources available for coping in the meantime and for correcting the fault
3/31/2012
Page 46
Incident Management
- Incident Classification
All incidents are categorised in order to establish appropriate priorities and resolution lead times To facilitate lead-times of incident resolution, accurate classification and sufficient registration is imperative The criteria to consider when assigning priority are: Impact : To what extent an incident results in a deviation from the normal service level; aspects are the number of users and the service concerned Urgency : To what extent the solution of an incident can be postponed
3/31/2012
Page 47
3/31/2012
Page 48
Incident Management
Matching
- Incident Classification
Matching is the process whereby the Incident details are compared to knowledge that is already present in the organisation. Successful matching could give access to proven resolution actions, which should require no further investigation effort.
3/31/2012
Page 49
3/31/2012
Page 50
Incident Management
Investigation and diagnosis Inputs
- Functions
Actions
assessment of the Incident details, collection and analysis of all related information, and resolution (including any Work-around) or a route to n-line support
Outputs
Incident details yet further updated, and a specification of the selection or required Work-around
3/31/2012
Page 51
Incident Management
Resolution and recovery Inputs
- Functions
updated Incident details any response on an RFC to effect resolution for the Incident(s) any derived Work-around or solution
Actions
resolve the Incident using the solution/Work-around or, alternatively, to raise an RFC (including a check for resolution) take recovery actions
Outputs
RFC for future Incident resolution resolved Incident, including recovery details, updated Incident details
3/31/2012
Page 52
Incident Management
Incident closure Inputs
updated Incident details resolved Incident
- Functions
Actions
the confirmation of the resolution with the Customer or originator close category Incident
Outputs
updated Incident detail closed Incident record
3/31/2012
Page 53
Incident Management
- Functions
Actions
monitor Incidents escalate Incidents inform User
Outputs
management reports about Incident progress escalated Incident details; and Customer reports and communication
3/31/2012
Page 54
Incident Management
- Escalation
There are two levels of escalation possible: Transferring an Incident from first-line to second-line support groups or further is called Functional Escalation and primarily takes places because of lack of knowledge or expertise
Hierarchical Escalation can take place at any moment during the resolution process when it is likely that resolution of an Incident will not be in time or satisfactory
3/31/2012
Page 55
Incident Management
- Tasks
3/31/2012
Page 56
Incident Management
- Benefits
The benefits to be gained by implementing an Incident Management process are: For the business as a whole: reduced business impact of Incidents by timely resolution, thereby increasing effectiveness the proactive identification of beneficial system enhancements and amendments the availability of business-focused management information related to the SLA. For the IT organisation in particular: improved monitoring, allowing performance against SLAs to be accurately measured improved management information on aspects of service quality better staff utilisation, leading to greater efficiency elimination of lost or incorrect Incidents and service requests improved User and Customer satisfaction.
3/31/2012
Page 57
3/31/2012
Page 58
Service Support
Service Desk Incident Management Problem Management Change Management Release Management Configuration Management
3/31/2012
Page 59
Problem Management
A problem is a condition identified from multiple incidents exhibiting common symptoms, or from a single significant incident, indicative of a single error, for which the cause is unknown.
The goal of Problem Management is to minimize the adverse impact of incidents and problems on the business caused by errors within the IT Infrastructure, and to prevent reoccurrence of incidents related to these errors.
While Incident Management focuses on quick resolution of incidents, Problem Management analyses the root cause of the incidents.
3/31/2012
Page 60
Problem Management
Problem Definition
(contd..)
Many criteria can be used to define a Problem including : A number of related incidents
3/31/2012
Page 61
Problem Management
Problem Management Terminology
Problem
(contd..)
The unknown root cause of one or more incidents (not necessarily or often solved at the time the incident is closed) Error A condition that exists after the successful diagnosis of the root cause of a Problem
Known Error
Error + solution and/or workaround has been found Known Error DataBase (KEDB) Repository of known errors for the benefit and utilisation of Incident Management
3/31/2012 Page 62
Problem Management
(contd..)
Problems can be identified from incidents. When a problem is defined, diagnosis takes place to find the root cause of the problem, and then a change request is entered to correct the problem
3/31/2012
Page 63
Problem Management
(contd..)
The "Funnel Effect" is shown below - multiple incidents are usually, after investigation, re-classified as a smaller number of problems, which are also reanalyzed and (usually) reclassified as yet a smaller number of known errors, which usually, after further investigation, end up resulting in a smaller number of RFCs
3/31/2012
Page 64
3/31/2012
Page 65
Problem Management
(contd..)
Error Control : the processes involved in successful correction of Known Errors. The objective is to change IT components to remove Known Errors affecting the IT infrastructure and thus to prevent any recurrences of incidents
3/31/2012
Page 66
Problem Management
(contd..)
Deduction
3/31/2012
Page 67
Problem Management
(contd..)
3/31/2012
Page 68
3/31/2012
Page 69
Problem Management
(contd..)
3/31/2012
Page 70
3/31/2012
Page 71
Problem Management
(contd..)
3/31/2012
Page 72
Problem Management
(contd..)
Incident Management is the basis for defining Problems and information from Problem Management is made available for Incident Matching.
The differences between Incident & Problem Management are : Objectives are different Different skills/expertise required Time is less of an issue within Problem Management Activities carried out are different
3/31/2012
Page 73
Problem Management
- Tasks
3/31/2012
Page 74
Problem Management
- Benefits
The benefits of Problem Management are : improved IT Service quality (by removing structural errors pro-actively) reduction in the number of incidents providing permanent solutions thereby resolved problems stay resolved improving the organisations knowledge by contributing known error data to the service desk / incident management / configuration management, etc.
3/31/2012
Page 75
Problem Management
The critical success factors for Problem Management are : Keep Incident Management and Problem Management separate Start with re-active Problem Management and then progress towards developing pro-active Problem Management Makes use of tools to detect possible trends Interface with Incident Management and Change Management
3/31/2012
Page 76
Service Support
Service Desk Incident Management Problem Management Change Management Release Management Configuration Management
3/31/2012
Page 77
Change Management
A change is an event that results in a new status of one or more configuration items (CI's)
3/31/2012
Page 78
Change Management
The goal of Change Management is to ensure that standardised methods and procedures are used for efficient handling of all Changes, in order to minimise the impact of Change-related incidents and to improve day-to-day operations.
The main aims of Change Management are : Minimal disruption of services Reduction in back-out activities Economic utilisation of resources involved in the change
3/31/2012
Page 79
Change Management
Change Management Terminology
Change
3/31/2012
Page 80
Change Management
Change Categories
(contd..)
Category 0 : Is executed without prior contact. Used for workarounds/ temporary fixes Category 1 : Little or no impact. Change Manager authorises this RFC Category 2 : Significant impact. CAB discussion needed. Change Manager requests advice on authorisation and planning Category 3 : Major impact. Considerable resources required. Senior Management need to be a part of the CAB.
Change Priorities
Urgent: change is required now, in order to achieve the service levels High: as soon as possible, otherwise risk to current or future production Normal: change solves serious mistakes or a lack in functionality
3/31/2012
Page 81
3/31/2012
Page 82
Change Management
Request for Change ( RFC)
(contd..)
It is a formal document sent to Change Management by the Change Requestor requesting for a change. Every RFC runs through a number of stages before the change can be implemented
3/31/2012
Page 83
Change Management
Change Review
(contd..)
All implemented changes must be reviewed to establish whether: The change has had the desired effect and met its objectives There have been no unexpected or undesirable side-effects The resources used to implement the change were as planned
Change Management
(contd..)
3/31/2012
Page 85
Change Management
- CAB attendees
3/31/2012
Page 86
Change Management
Change Approval Process
(contd..)
Financial approval Indicates costs are within budgetary limits or cost-benefit criteria are met Technical approval Assurance that the Change is feasible, sensible and can be performed without serious interruptions to the business Customer approval To ensure that business managers are satisfied with the proposals and accept any impact to their requirements
3/31/2012
Page 87
Change Management
- Tasks
3/31/2012
Page 88
Change Management
- Benefits
The benefits of Change Management are : increased visibility and better communication of changes improved risk assessment of changes fewer backed-out or failed changes better productivity of Users (fewer disruptions) and IT Staff (duties clearly planned) ability to absorb large number of changes reduction in the number of incidents and problems caused by changes
3/31/2012
Page 89
3/31/2012
Page 90
Service Support
Service Desk Incident Management Problem Management Change Management Release Management Configuration Management
3/31/2012
Page 91
Release Management
Release Management undertakes the planning, design, build, configuration and testing of hardware and software to create a set of Release components for a live environment
Release Management takes a holistic view of a Change to an IT service and ensures that all aspects of a Release, both technical and non-technical, are considered
The input to the Release Management process comes from the Change Management process
3/31/2012
Page 92
Release Management
Release Categories
(contd..)
A Release consists of the new or changed software and/or hardware required to implement approved Changes
Releases are categorised as : Major software Releases and hardware upgrades, normally containing large areas of new functionality, some of which may make intervening fixes to Problems redundant. A major upgrade or Release usually supersedes all preceding minor upgrades, Releases and emergency fixes Minor software Releases and hardware upgrades, normally containing small enhancements and fixes, some of which may have already been issued as emergency fixes. A minor upgrade or Release usually supersedes all preceding emergency fixes Emergency software and hardware fixes, normally containing the corrections to a small number of known Problems
3/31/2012
Page 93
Release Management
(contd..)
Releases can be divided based on the release unit into : Delta Release : is a release of only that part of the software which has been changed. For ex: Security patches to plug bugs in a software Full Release : means that the entire software program will be release again. For ex : an entire version of an application Packaged Release : is a combination of many changes . For ex : an Operating System image containing the applications as well
3/31/2012
Page 94
Release Management
Release Policy
(contd..)
A Release policy should include : Release naming and numbering conventions A definition of major and minor Releases, plus a policy on issuing emergency fixes Frequency of Releases Expected deliverables for Releases (e.g. installation instructions and Release notes) Guidance as to how and where Releases should be documented (e.g. which tool to use and how) A policy on the production of back-out plans
3/31/2012
Page 95
Release Management
(contd..)
One of the main activities of Release Management is managing the Definitive Software Library (DSL) and the Definite Hardware Storage (DHS)
3/31/2012
Page 96
Release Management
- Tasks
3/31/2012
Page 97
Release Management
greater success rate of changes consistency in the release process
- Benefits
less disruptions to services by synchronizing releases assurance that all CIs in use are of known quality and satisfy legal obligations controlling & safeguarding of CIs lower probability of illegal CIs easier detection of wrong & unauthorized versions
3/31/2012
Page 98
Release Management
The critical success factors for Release Management are : Align with Change and Configuration Management Create test environments that represent the live hardware and software environments as closely as possible
3/31/2012
Page 99
Service Support
Service Desk Incident Management Problem Management Change Management Release Management Configuration Management
3/31/2012
Page 100
Configuration Management
Almost every Service Management process depends upon accurate IT infrastructure information. Configuration Management : Provides accurate information on configurations and their documentation to support all the other Service Management processes
Accounts for all the IT assets and configurations within the organisation
Verifies the configuration records against the infrastructure and corrects any exceptions Configuration Management v/s Asset Management Configuration Management revolves around the lifecycles of CIs and their relationships, whereas Asset Management is primarily concerned with the financial value of assets
3/31/2012
Page 101
Configuration Management
(contd..)
A configuration item (CI) is a component of, or directly related, to the ITinfrastructure. CI's include: hardware, software, documentation, processes and procedures Examples of CIs : Personal computers, Network components, Service Level Agreements, Manuals, Applications, etc. Hierarchically subjected to (parent-child relation) Is part of (a processor is part of a PC) Interfaced with (a system is connected to a printer) Uses (a program uses a subroutine) Is a copy of (program is a copy of...) Is related to (attribute) (serial number, location, status)
3/31/2012
Page 102
3/31/2012
Page 103
3/31/2012
Page 104
Configuration Management
(contd..)
Configuration Management will then update the CMDB to reflect the changed status of the CI
3/31/2012
Page 105
3/31/2012
Page 106
Configuration Management
Planning
During the planning, define : Purpose, scope and objectives
(contd..)
3/31/2012
Page 107
Configuration Management
Identification
The Identification activity addresses :
(contd..)
Labelling CIs
3/31/2012
Page 108
Configuration Management
Control
The Control activity organises : Registration of new CIs and versions Updating of CI records
(contd..)
Archiving of CIs and their associated records Protection of the integrity of configurations Updating of the CMDB after periodic checking
3/31/2012
Page 109
Configuration Management
Status Accounting
(contd..)
Status reports should be produced on a regular basis listing, for all CIs under Control, their current version and history.
Status Accounting reports can be used to establish baselines and enable Changes between baselines and Releases to be traceable.
3/31/2012
Page 110
Configuration Management
Verification and Audit
(contd..)
Before acceptance into the environment, new Releases, builds, equipment and standards should be verified against the contracted or specified requirements. Physical configuration audits should be carried out to verify that the asbuilt configuration of a CI confirms to its as-planned configuration and its associated documents.
3/31/2012
Page 111
Configuration Management
Configuration BaseLines
(contd..)
A BaseLine is the configuration of a product or system established at a specific point in time, which captures both the structure and the details of that product or system and enables that product or system to be re-built at a later date. Configuration BaseLines and approved Changes to those BaseLines together constitute the Currently Approved Configuration.
3/31/2012
Page 112
3/31/2012
Page 113
Change Management
- Benefits
The benefits of Configuration Management are : helps to minimize the impact of changes provides accurate information on CIs improves security by controlling the versions of CIs in use facilitates adherence to legal obligations helps in financial & expenditure planning
3/31/2012
Page 114
Change Management
The critical success factors for Configuration Management are : Select the appropriate tool at the start of the process Ensure no one bypasses Change Management Make use of Inventory Systems
3/31/2012
Page 115
Service Support
Configuration Management
Incident Management
Problem Management
Change Management
Release Management
Identification
Problem Control
Release Planning
Control
Error Control
Evaluate
Status Accounting
Test, Accept
Coordinate Implementation
Closure
3/31/2012
Page 116
3/31/2012
Page 117
Service Delivery
Capacity Management Availability Management Service Level Management IT Service Continuity Management Financial Management for IT Services
3/31/2012
Page 118
Service Delivery
3/31/2012
Page 119
Availability Management
Optimize the capability of the IT Infrastructure and supporting organization to deliver a cost effective and sustained level of availability to satisfy business objectives
3/31/2012
Page 120
(contd..)
Ensuring that the required IT technical and service facilities can be recovered within the time scales required by Business Continuity Management
3/31/2012
Page 121
Service Delivery
Capacity Management Availability Management Service Level Management IT Service Continuity Management Financial Management for IT Services
3/31/2012
Page 122
Capacity Management
The objective of Capacity Management is to ensure the optimum use of IT resources for the performance agreed upon with the client
Capacity Management is needed to support the optimum and cost-effective provision of IT services by helping organizations to match their IT resources to the current and future demands of their business
3/31/2012
Page 123
Capacity Management
(contd..)
3/31/2012
Page 124
3/31/2012
Page 125
Capacity Management
(contd..)
Capacity Management activities can be subdivided into planning and monitoring activities
3/31/2012
Page 126
3/31/2012
Page 127
Capacity Management
(contd..)
Demand Management (covers the management of users' demands for IT resources) Short-term: optimization Long-term: have an insight into future projects Workload Management (concerned with identifying and understanding the applications, their work patterns and peaks, and their use of hardware resources) Resource Management (storage management, assessment of new HW technology) Performance Management (measure, control and tuning of performance of components of the IT infrastructure)
Application Sizing (forecast for HW resources for new and changed applications)
3/31/2012 Page 128
Capacity Management
(contd..)
Modelling (trend analysis, estimation, simulation, analytic modeling) Capacity Planning (Capacity plan which details the current levels of resource utilisation and service performance, and forecasts the future requirements for resources)
3/31/2012
Page 129
Capacity Management
(contd..)
Capacity Management DataBase (CDB) Capacity Management collects data from a variety of hardware platforms and software applications that could be widely distributed and stores the data in a CDB. The components of a CDB include : service data from SLAs business data from the business plans and strategy technical data from the manufacturers specification of the hardware and software components financial data
3/31/2012
Page 130
Capacity Management
- Tasks
3/31/2012
Page 131
Capacity Management
- Benefits
The benefits of Capacity Management are : Reduced risk of performance problems and failure Cost savings Both achievable through: Planned buying Deferring expenditure until really needed (but in a controlled way) Matching capacity to business need Ensures that systems have sufficient capacity to run the applications required by the business for the foreseeable future
Provides information on current and planned resource utilization of individual components allowing decisions on which components to upgrade, when to do so, and how much it will cost.
3/31/2012
Page 132
Capacity Management
The critical success factors for Capacity Management are : Interface with Availability and Financial Management Ensure business expertise is available, especially for Business Capacity Management
3/31/2012
Page 133
Service Delivery
Capacity Management Availability Management Service Level Management IT Service Continuity Management Financial Management for IT Services
3/31/2012
Page 134
Availability Management
A service is available when the service has been provided for an agreed number of direct users, within a maximum response time, maintaining the agreed functionality
Availability Management is concerned with the planning, and ongoing management activities, needed to ensure that the reliability and availability levels, as specified in the SLAs, are achieved and maintained
The goal of Availability Management is to optimise the capability of the IT Infrastructure, services and the supporting organisation to deliver effective and sustained levels of availability that enable the business to satisfy the business objectives
3/31/2012
Page 135
The extent that a CI or an IT service is able to perform the expected functionality of the CI or IT service over a specified time period
Reliability Refers to the extent that an IT service is able to perform the expected functionality, over a certain period of time, under prescribed circumstances OR freedom from operational failure. Maintainability This indicates the ease of the maintenance of the IT service (preventative, inspective, corrective)
3/31/2012
Page 136
Resilience The ability of an IT service to function correctly in spite of the incorrect operation of one or more subsystems
3/31/2012
Page 137
3/31/2012
Page 138
3/31/2012
Page 139
Availability = Host * Network * Server * Workstation = 0.98 * 0.98 * 0.98 * 0.975 * 0.96 = 0.8809 Total Infrastructure Availability = 88.09%.
3/31/2012
Page 140
Availability Management
(contd..)
3/31/2012
Page 141
3/31/2012
Page 142
Availability Management
Un-Availability Costs Tangible costs
(contd..)
Lost user and IT staff productivity, lost revenue, overtime payments, wasted goods and material, fines and penalties
Intangible costs Loss of goodwill (customer dissatisfaction), loss of customers, loss of business opportunity (to sell, gain customers), damage to business reputation, loss of confidence, damage to staff morale
3/31/2012
Page 143
Availability Management
Calculating Un-Availability Costs Determine the Vital Business Function
(contd..)
3/31/2012
Page 144
Availability Management
- Tasks
3/31/2012
Page 145
Availability Management
- Benefits
The benefits of Availability Management are : IT services with an availability requirement are designed, implemented, and managed to consistently meet that target Improvement of capability of the IT infrastructure to attain the required levels of availability to support the critical business processes Improvement of customer satisfaction and recognition that availability is the prime IT deliverable Reduction in frequency and duration of incidents that impact IT availability Single point for availability is established within the IT organization (process owner) Levels of IT availability provided are cost-justified and support SLAs fully Shortcomings in provision of availability are recognized and coped with in a formal way Mindset moves from error correction to service enhancement: from reactive to proactive attitude
3/31/2012
Page 146
Availability Management
3/31/2012
Page 147
Service Delivery
Capacity Management Availability Management Service Level Management IT Service Continuity Management Financial Management for IT Services
3/31/2012
Page 148
Service Level Management is the process of negotiating, defining, contracting, monitoring and reviewing the levels of customer service, that are both required and cost effective
Service Level Management helps to develop a better relationship between the IT Organisation and its customers
3/31/2012
Page 149
(contd..)
Strike a balance between customer requirements and service costs Identify customer requirements in terms of what customers want and what can be delivered Measurable service standards What you don't measure, you can't agree upon Enhance quality by implementing quality improvement programs What can be measured can be improved! Business relationship between customer and supplier
3/31/2012
Page 150
(contd..)
The IT organization has several contracts: An SLA with customers, an OLA with an internal supplier and underpinning contracts with external suppliers
3/31/2012
Page 151
(contd..)
As well as setting up and monitoring SLAs, maintaining underpinning contracts with suppliers and managing relationships with customers are also functions of SLM
3/31/2012
Page 152
(contd..)
Service Level Management consists of activities that are needed to set up a SLA, but also activities needed to see if the Service Levels are met
3/31/2012
Page 153
(contd..)
Important within a SLA is the balance between the demand for IT services and the supply of IT services
Demand and Supply for IT Services can be balanced by : Being aware of the business requirements Being aware of the IT possibilities (technical and economical) Alignment of expectations
3/31/2012 Page 154
(contd..)
Service Level Agreements consist of elements of the other Service Management processes Input from those processes is required for agreeing and monitoring Service Levels
3/31/2012
Page 155
(contd..)
3/31/2012
Page 156
(contd..)
General Introduction : Parties, Signatures, Service Description Reporting & Reviewing : Content, Frequency Incentives & Penalties Support
3/31/2012
Page 157
(contd..)
Data like reaction times, escalation times and support should be made measurable
Reports should be produced regularly Reports contain measuring values concerning the up-to-date supporting levels and the trend developments
3/31/2012
Page 158
(contd..)
A Service Catalogue can be used to list the "normal" services provided by the IT organization whereas Service Level Agreements can be set up for "special" services
The Service Catalogue contains : Relevant characteristics of services Relevant information of the use of the services
3/31/2012
Page 159
- Tasks
3/31/2012
Page 160
- Benefits
The benefits of Service Level Management are : Improvement in IT service quality and reduction of service outages can lead to significant financial savings Satisfied customers and better customer relationship Clearer view between both parties on roles and responsibilities Specific targets that have to be achieved and that can be measured and reported Focusing of IT effort on what the business thinks is key IT and customers have consistent expectations on the level of service required Identification of weak areas that can be remedied subsequently SLM underpins supplier management and vice-versa IT services are designed to meet Service Level Requirements SLAs can be the basis for charging, and are the demonstration of what customers receive for their money.
3/31/2012
Page 161
The critical success factors for Service Level Management are : Service Level Management should not just be limited to SLAs Ensure buy-in from all other Service Management processes Create a definition of Service
3/31/2012
Page 162
Service Delivery
Capacity Management Availability Management Service Level Management IT Service Continuity Management Financial Management for IT Services
3/31/2012
Page 163
3/31/2012
Page 164
(contd..)
Business Continuity Management and IT Service Continuity Management Business Continuity Management (BCM) is concerned with managing risks to ensure that at all times an organization can continue operating to, at least, a predetermined minimum level. The BCM process involves reducing the risk to an acceptable level and planning for the recovery of business processes should a risk materialize and a disruption to the business occur. IT Service Continuity Management (ITSCM) must be a part of the overall BCM (Business Continuity Management) process and is dependent upon information derived through this process. ITSCM is focused on the continuity of IT Services to the business. BCM is concerned with the management of Business Continuity that incorporates all services upon which the business depends, one of which is IT.
3/31/2012
Page 165
(contd..)
Reporting
These activities are all engineered to provide IT Service continuity
3/31/2012
Page 166
(contd..)
Manual back-up procedures (on paper until IT is restored) Take-over by other organization with similar equipment (reciprocal) Fortress approach; disaster-proof Gradual recovery {cold standby} 72-48 hours Intermediate recovery {warm standby} 24-1 hours
3/31/2012
Page 167
(contd..)
3/31/2012
Page 168
(contd..)
IT infrastructure
IT infrastructure management and procedures for operation Staff Security Continuity site
3/31/2012
Page 169
(contd..)
3/31/2012
Page 170
- Benefits
Business relationship with the rest of the enterprise is fostered because IT organization is forced to get a better understanding of the business Positive marketing of contingency capabilities. Effective ITSCM allows organization to provide high service levels and thus win business Organizational credibility is increased towards customers, business partners, and stakeholders
3/31/2012
Page 171
The critical success factors for IT Service Continuity Management are : Ensure alignment to BCM If its not worth protecting, its not worth doing Test under realistic circumstances
3/31/2012
Page 172
Service Delivery
Capacity Management Availability Management Service Level Management IT Service Continuity Management Financial Management for IT Services
3/31/2012
Page 173
The reasons why an organization should implement Financial Management for IT Services are : Cost/profits awareness (make users aware of what services actually cost) Decision-making support Cost recovery
3/31/2012
Page 174
3/31/2012
Page 175
(contd..)
Budgeting
The process of predicting and controlling the spending of money within the enterprise and consists of a periodic negotiation cycle (usually annual) to set limits on budgets and the day-to-day monitoring of the current budgets. Budgeting enables an organisation to : Predict the money required for a given period Ensure that actual spending can be compared with predicted spending Reduce the risk of over-spending
3/31/2012
Page 176
(contd..)
The set of processes that enable the IT organization to fully account for the way its money is spent (particularly the ability to identify costs by customer, by service, by activity). It usually involves ledgers and should be overseen by someone trained in Accountancy. IT Accounting enables an organisation by : Account for the money spent Calculate the cost of providing IT Services to both internal & external services Perform cost-benefit or return-on-investment analyses
3/31/2012
Page 177
(contd..)
The set of processes required to bill a customer for the services supplied to them. To achieve this requires sound Accounting, to a level of detail determined by the requirements of the analysis, billing & reporting processes. Charging enables an organisation to : Recover the costs of the IT Services from the Customers of the service Operate the IT Organisation as a business unit, if required Influence User and Customer behaviour
3/31/2012
Page 178
3/31/2012
Page 179
3/31/2012
Page 180
- Benefits
Essential decisions about IT services and the required investments Data for justifying IT expenditures Essential planning and budgeting Overview of costs, created by service failures, as a basis for expenditure justification in strategy planning Users can track costs of the services they have used
3/31/2012
Page 181
- Critical
The critical success factors for Financial Management for IT Services are : Involve financial / accounting experts Interface with the other Service Management processes Use customer-based charging units
3/31/2012
Page 182
Service Delivery
Availability Management
Capacity Management
Determine Requirements
Budget
Initiation
Verification of Feasibility
Account
Negotiate (Agreeing)
Charge (Optional)
Implementation
Establishment of Agreements
Operational Management
Investigate
3/31/2012
Page 183
3/31/2012
Page 184
Security Management
3/31/2012
Page 185
Security Management
Security Management is the process of managing a defined level of
security on information and IT services, including managing the responses to security incidents The goal of Security Management is to counter risks of threats to one of the most important assets for business: information Information is threatened in three main ways: Confidentiality Integrity (accuracy) Availability (accessibility)
3/31/2012
Page 186
Security Management
Confidentiality
- CIA
Protecting sensitive information from unauthorized disclosure or intelligible interception Integrity Safeguarding the accuracy and completeness of information and software Availability Ensuring that information and vital IT services are available and accessible when required
3/31/2012
Page 187
3/31/2012
Page 188
Security Management
Security organization
- Security Measures
With clear responsibilities and tasks Policies, codes of conduct Physical security measures
3/31/2012
Page 189
Collect experiences, lessons learned Improvement will be considered for the next round of planning & implementation
The section security in SLA is negotiated between customer and service provider
Show conformity with SLA Management without information is impossible Define processes, functions, roles, responsibilities Organization structure between sub-processes Reporting structure/line of command
Avoid the atmosphere of phantom security Internal audits External audits Self-assessments Security incident evaluation
Maintaining awareness - Security works only if disciplined and motivated Security incident handling responsiveness Security incident registration - measurement - classification - and reporting
3/31/2012
Page 190
3/31/2012
Page 191
Security Management
- Tasks
3/31/2012
Page 192
Security Management
Can only be qualified with difficulty
- Benefits
3/31/2012
Page 193
Application Management
3/31/2012
Page 194
Application Management
A key issue that has existed for some time is the problem of moving application developers and IT Service Management closer together. The lack of Service Management considerations within all phases of the application lifecycle has been seriously deficient for some time. Applications need to be deployed with Service Management requirements included, i.e. designed and built for operability, availability, reliability, maintainability, performance and manageability, and to be tested for compliance to specification. To fully understand Application Management, it is necessary to compare it with Service Management and Application Development: Application Management is the superset which describes the overall handling, or management, of the application as it goes through its entire lifecycle (see Figure 9) Application Development is concerned with the activities needed to plan, design, and build an application that can ultimately be used by some part of the organisation to address a business requirement Service Management focuses on the activities that are involved with the Release, delivery, support and optimisation of the application. The main objective is to ensure that the application once built and deployed can meet the service level that has been defined for it.
3/31/2012 Page 195
Application Management
3/31/2012
Page 196
Application Management
It is essential that the requirements of all areas of the business and Service Management are considered at each stage of the application lifecycle. Having IT and the business jointly develop their strategies, as a mutual effort, needs to be a precursor to beginning any Application Development or deployment project. This ensures that IT and the business agree to objectives that are clear, concise and achievable. Once an organisation has a common understanding of the alignment between business and IT, it faces a new problem, ensuring that the increasing number of applications are appropriately documented. A method for managing a complex applications environment is through the use of an application portfolio, which provides a mechanism for viewing and evaluating the entire suite of applications in the business enterprise. Organisations need to assess their ability to build, maintain, and operate the IT services needed by the business. A readiness assessment provides a structured mechanism for determining an organisations capabilities and state of readiness for delivering a new or revised application to support business drivers. The information obtained from an assessment can be used to determine the delivery strategy for an application, IT service, or ICT system. The delivery strategy is the approach to move an organisation from a known state, based on the readiness assessment, to a desired state, as determined by the business drivers.
3/31/2012
Page 197
Application Management
Application Management sees Application Development and all areas of Service Management as interrelated parts of a whole, which need to be aligned. The implication of this is that Application Development, Service Management and ICT IM units need to cooperate closely to ensure that every phase in the lifecycle dedicates the appropriate attention to service creation, delivery and operational aspects. The emphasis must be on the importance of dealing early in the lifecycle with those issues as this can have a large impact on the effectiveness and efficiency of service delivery and operation. For each application lifecycle phase a management checklist can be developed to ensure appropriate Service Management aspects are fully considered and addressed, identifying the key Application Management roles that need representation to ensure that activities are completed comprehensively. Within each phase of the application lifecycle, and likewise for the service lifecycle, each of the key Application Management roles has very specific goals to meet. It is crucial that organisations find some way of measuring progress and performance with respect to achieving these goals. To be effective, measurements and metrics must be woven through the complete organisation, touching the strategic as well as the tactical and operational levels.
3/31/2012
Page 198
3/31/2012
Page 199