Transcription
IT Service Management,Best practices andresearch challengesClaudio Bartolini – HP LabsJacques Sauvé – UFCGSBRC 2010
The message There’s more to IT than just networks andsystems There’s interesting research to be done onthe other aspects of IT than tecnology(people and processes)2
Agenda IT Service Management––––What’s the problem?Service Management as a PracticeITSM: The IT Infrastructure Library (ITIL)IT Governance Business-Driven IT Management––––IntroductionBDIM ChallengesApplying BDIM to Specific ScenariosOverview of some current BDIM tools andsolutions3
WHAT’S THE PROBLEM?4
Drivers Dependence of organizations on IT– Information is the most important strategicresource that any organization has to manage. Results– Much increased deployment– Much increased complexity (heterogeneous,distributed, very large scale systems)– Much increased cost (3-11% of revenue!) leads toincreased senior management scrutiny on IT the CFO is screaming bloody murder!– Fast changing world Changing business context/requirements Changing technologies5
Key Issues for the CIO: How many of these involve “technology”?IT and business strategic planningIntegrating and aligning IT and business goalsImplementing continuous improvementMeasuring IT organization effectiveness and efficiencyOptimizing costs and the Total Cost of Ownership (TCO)Achieving and demonstrating Return on Investment (ROI)Demonstrating the business value of ITDeveloping business and IT partnerships and relationshipsImproving project delivery successOutsourcing, insourcing and smart sourcingUsing IT to gain competitive advantageDelivering the required, business justified IT services (i.e.what is required, when required and at an agreed cost) Managing constant business and IT change Demonstrating appropriate IT governance.6
The IT realityBusiness demandsExpectationson IT Agility, alignment and availabilityBusiness intelligenceMergers and acquisitionsRegulatory complianceTechnology demands Modern, flexible architectureService migrations and upgradesIT automation and consolidationSecurityVersusIT’s capability to deliver Flat to modest increase in budgetManual processesDisparate tools/point solutionsSilo’d organizationsTimeThere’s a growing gap between the demands placed on ITand IT’s ability to deliver7
Leveragingbest practice to bridge the gapRunning IT like a businessBusinessManagement Compliance Improving Business Operations Enable Competitive advantage Linking IT with the Business Improving IT processes,Governance Significantly reduce the costof IT operations Demonstrating BusinessValueNeed to break down functional IT silosto deliver positive business outcomesStrategyApplicationsITIL v3 (Service Management)OperationsITIL v2 (ITSM)8
Therefore . The old ways of managing IT are notadequate– IT is much more important and much morevisible than in the past– Need to get organized to handle all thesedragons9
A SOLUTION:IT SERVICE MANAGEMENT10
A change in IT mindset IT is not a technology island dissociated fromthe business Basic changes needed in IT management– Get visibility into the business (look outside the ITdepartment) Identify clients, their needs (business, not technology)– Package what IT does for the business in a waythat it can be described, cataloged, its qualityagreed-upon, audited, continuously improved The notion of “service”– Organize the IT processes so that you can offerthe services with required quality attributes11
ITSM All this is called IT Service Management (ITSM) The (promised) result? Management systems arebecoming become:– more focused on business needs– more closely integrated with the business processes– less dependent on specific technology and more “servicecentric”– more integrated with other management tools andprocesses as the management standards evolve. It is about understanding and meeting business needsthrough the provisioning of IT services at every stageof their lifecycle, encompassing everything fromstrategy to daily operations12
ITSM and ITIL “By 2008, more than half of all enterpriseswill be looking to standardize ITSMprocesses based on ITIL.” Wow! Maybe we should have a look atITSM and ITIL!13
Business-Driven ITManagement But we think ITIL still needs to mature toget even better visibility into the business Business-Driven IT Management (BDIM)is a new area looking into these issues14
WHAT ARE SERVICES?15
What is a service? Service means of delivering value tocustomers by facilitating outcomes customerswant to achieve without the ownership of specificcosts and risks. Simple example of a customer outcomefacilitated by an IT service: “Sales people spending more time interacting withcustomers” facilitated by “a remote access servicethat enables reliable access to corporate salessystems from sales people’s laptops” Services are organized in a Service Catalog16
Transfer of costs and risks - 1 Service is a transfer of costs and risk between twoparties Ex. a business unit needs a terabyte of securestorage to secure its online shopping system. It does not want to be accountable for all theassociated costs and risks because it does have the confidence to do it well A third party (a service provider) has expertise andexperience (and hence the confidence) to controlcosts and risks The service business unit is responsible for thefulfillment of purchase orders17
Transfer of costs and risks - 2 Service provider responsible for:– operation and maintenance of fault-tolerantconfigurations of storage devices– dedicated and redundant power supplies– qualified personnel– security of the building perimeter– administrative expenses– Insurance– compliance with safety regulations– contingency measures– optimization of idle capacity for unexpected surges indemand The business unit does not want to own thesecosts and risks18
Services as Assets IT Services are crucial, strategic,organizational assets Organizations must invest appropriatelevels of resource into the support,delivery and management of these criticalIT Services and the IT systems thatunderpin them These aspects of IT are often overlookedor only superficially addressed within19many organizations
Service Providers They need not be inhouse Increasing number of companiesoutsource IT services– Actually, almost the whole IT department– Keep the business analysts who know how toapply technology to solve business problems20
WHAT ISIT SERVICE MANAGEMENT?21
Objectives of ITSM Service management is what enables aservice provider to– Understand the services they are providing– Ensure that the services really do facilitate theoutcomes their customers want to achieve– Understand the value of the services to theircustomers– Understand and manage all of the costs andrisks associated with those services22
ITSM as a set of capabilities ITSM “specialized organizational tionsRolesActivities Treats service, process or infrastructure componentover its entire erationContinual improvement23
Service lifecycle24
ITSM as an Asset Effective service management is itself astrategic asset Follow good practice for effective ITSM– Public frameworks ITIL, COBIT and CMMI– Standards ISO/IEC 20000, ISO 9000– Proprietary knowledge of people andorganizations25
THE BUSINESS PROCESS26
IT and BPs BP is a coordinated set of activities producingan outcome that creates value– Think of a workflow in a business Business managers challenge ITorganizations to engage with them at thelevel of business processes– They want assurance that applications andinfrastructure will support new business initiatives IT services serve the business by supportingBPs27
IT INFRASTRUCTURELIBRARY (ITIL)28
ITIL v2TheBusinessPlanning to implement Service gementSecurityManagementSoftware AssetManagementTheTechnology29
Process Orientated WorkingService Level ManagementChange ManagementIncident Management30
ITIL V3Continual ion31
ITIL v3ServiceDesignServiceServiceStrategiesITILSource: ITIL Refresh Project32
ITIL esServiceOperationITILServiceTransitionSource: ITIL Refresh Project33
ITIL v3Continual itionSource: ITIL Refresh Project34
ITIL v3Continual itionSource: ITIL Refresh Project35
What’s different about ITIL V3? Centered on business value– Seeing IT as a Strategic Business Unit– Creating a way to integrate IT Processes,People and Tools with the Business Strategyand desired Outcomes Structured according to the IT Servicelifecycle– v2 was structured by processes Increased scope36
What is NOT changing? Key concepts are preserved– No radical changes to v2 service support andservice delivery processes Core books provide generic guidance andremain non-prescriptive– Adopt and adapt37
Service Service ServiceDesign Transition AvailabilityDemandPortfolioBusiness OutcomesContinual Service ImprovementIT ctureServiceStrategyDesignAnalysisBus. Req.StrategyBusiness NeedsThe ITIL V3 Value PropositionContinual Service Improvement38
What is a ‘Service’?“A means of delivering valueto customers by facilitatingoutcomes customers wantto achieve without theownership of specific costsand risks.”- ITIL V3 Glossary v3.1.24, 11 May 200739
How to define Services?Functionality“Fit for eRequirementsassuranceWarranty“Fit for use”ReducesperformancevariationDefined via1. Outcomessupported2. Ownershipcosts and risksavoidedDefined via3. Availability4. Capacity5. Continuity6. SecuritySource: ITIL V3 Service Strategy, chapter 3.140
ITIL has 27 processes, each fullydescribed in one of the 5 core booksSERVICE STRATEGYSERVICE DESIGN Service Strategy Service PortfolioManagement Financial Management Demand Management Service Catalog ManagementService Level ManagementSupplier ManagementCapacity ManagementAvailability ManagementIT Service ContinuityManagement Information SecurityManagementSERVICE TRANSITIONSERVICE OPERATION Event ManagementIncident ManagementProblem ManagementRequest FulfillmentAccess ManagementCONTINUAL SERVICEIMPROVEMENT Service Measurement Service Reporting Service Improvement Transition Planning andSupport Change Management Service Asset & ConfigurationManagement Release & DeploymentManagement Service Validation Evaluation Knowledge Management41
What else is different aboutITIL V3? IT service lifecycle More context– Industry best practices– International standards– Regulatory compliance– Specific industries More people, processesandtechnology42
Why update ITIL? The industry has matured since 2000 ITIL v2 tells us ‘what’ not ‘how’ What is the return on investment? What about suppliers and customers? An integrated process model Application in different contexts43
The Service Management JourneyRole of theIT FunctionService ManagementITIL v3StrategicPartnerFocus: Business-IT Alignment & Integration Service Mgmt for Business & Technology Automated and Integrated Operations Strategy and Portfolio Governance Continuous ImprovementIT ServiceManagementITIL v2ServiceProviderFocus: Quality and Efficiency of IT Processes IT is a service provider IT is separable from business IT budgets as expenses to controlTechnologyProviderIT InfrastructureManagementITIL v1Focus: Stability and Control of the Infrastructure IT are technical experts IT concerned with minimizing business disruption IT budgets are driven by external benchmarks44Time
The Service LifecycleA new control perspectiveKey Themes in ITIL v3 Evolution from process tolifecycle management Services are driven by value Investments are lifecycledecision Functionality and manageabilityare two sides of the same coin Knowledge enables services Infrastructure and Service arenot separate entities45
Some Key definitions A ‘Service’ is a means of delivering value to customersby facilitating outcomes customers want to achievewithout the ownership of specific costs and risks ‘Service Management’ is a set of specializedorganizational capabilities for providing value tocustomers in the form of services. ‘Business Service Management’ is the ongoingpractice of governing, monitoring, and reporting on ITand the business services it impacts ‘IT Service Management’ is the implementation andmanagement of Quality IT Services that meet the needsof the BusinessSource: ITIL V3 Glossary v3.1.24, 11 May 2007 * Service Strategy46
ITIL v3 – The structureCoreCorebest practiceguidanceWebComplementarySupport for particularmarket sectoror technologyValue added products,process maps,templates, studiesCustomized implementation47
Service StrategiesPractical Decision MakingService PortfolioServicePipeline How should we select, adapt and tune the bestIT strategies? How do we manage demand, IT finance andour service portfolio?ServiceCatalog How does IT create value for its customers andwho are those customers?RetiredServices How do we manage risk, uncertainty andcomplexity?Service StrategyProcessesStrategy Generation & Demand MgmtIT Financial & Service Portfolio MgmtCIO’sIT ManagersConsultantsPractitionersVendors48
Service DesignPragmatic Service s/Suppliers Policies, Architecture, service models Effective technology, process andmeasurement design Outsource, shared services, co-sourcemodels? How to choose the best option? The service package of utility, warranty,capability, metrics treeService Design ProcessesRequirements Mgmt for Availability,SLM, Capacity, Service Continuity,Information Security MgmtSupplier Mgmt & Service CatalogMgmtIT ManagersConsultantsPractitionersOutsourcersVendors 49
Service TransitionManaging change, risk & quality assurance Newly designed Change, Release &Configuration processes Risk and quality assurance of design Managing organization & cultural changeduring transition Integrating projects into transition Creating & selecting transition modelsService KnowledgeManagement SystemDecisionsConfiguration ManagementSystemConfiguration ManagementDatabasesService Transition ProcessPlanning & Support, Change, ServiceAsset & Configuration and KnowledgeMgmtRelease & Deployment MgmtService Validation & TestingEvaluationIT 50
Service OperationsResponsive, stable servicesEventManagementIncidentManagement Robust end to end operations practices Redesigned, incident and problem processes New processes covering Request, Asset,Security, Event & Technology operationalmanagement Influencing strategy, design, transition andimprovement SOA, virtualization, adaptive, agile serviceoperation modelsIncidentManagementRequestFulfillmentService OperationProcessesAccess MgmtOperations and Event MgmtIncident, Problem, Request FulfillmentMgmt51
Continual Service ImprovementMeasures to improve thingsIdentify Vision Strategy Tactical Goals Operational Goals1. Define whatyou shouldmeasure2. Define whatyou canmeasure7. Implementcorrective actionsGoals6. Present & use theinformation,assessment andresulting actions5. Analyze the dataRelationships,Trends? Accordingto plan? TargetsMet? Correctiveaction?3. Gather thedata Who?How? When?Integrity ofdata?4. Process the dataFrequency?Format?System?AccuracyContinual ServiceImprovement ProcessesService Improvement, ServiceMeasurement, Service Reporting,Service Level Mgmt and Service ROI The business case for ROI Getting past just talking about it Overall health of ITSM Portfolio alignment in real-time withbusiness needs Growth and maturity of SM practice How to measure, interpret andexecute resultsIT rs
How to think and actin a strategic manner How to transformService Managementinto a strategic asset Clarifies relationshipsbetween services,systems, processesand the businessmodels, strategies orobjectives theysupport53
Creating valueServiceManagementServicesBusinessOutcomes54
Service Strategy – Processes Strategy GenerationFinancial managementService Portfolio ManagementDemand Management55
Design everythingneeded to realizethe strategy Aimed atdevelopment ANDoperations Includes many ofthe V2 ServiceDelivery Processes56
Service Design - Aspects Service solutionsManagement systems and toolsTechnical and management architecturesService management processesMeasurement systems and metrics57
Service Design – Processes Service Catalogue ManagementService Level ManagementSupplier ManagementInformation Security ManagementAvailability ManagementCapacity ManagementIT Service Continuity Management58
Implement ServiceDesign Packagesthrough testing tolive Transition servicesto and from otherorganizations Organizationalchange Decommission orterminate services59
Configuration Management SystemChange & Release ViewAsset Mgmt ViewService Desk View Presentation LayerKnowledge Processing LayerInformationIntegrationLayerData andInformationIntegrated CMDBCMDB2DML1CMDB1DML260
Service Transition Processes Transition Planning and SupportKnowledge ManagementService Testing and ValidationEvaluationChange ManagementService Asset and ConfigurationManagement Release and Deployment Management61
Coordinate and carryout day-to-dayactivities Deliver and manageservices at agreedlevels Manage technologyand applications Execute and measureall plans, designs andoptimizations Where value isactually delivered to62the business
Achieving vvvvServiceCostStabilityProactive63
Monitor Control LoopNormControlCompareMonitorInputActivityOutput64
Complex Monitor Control reControlActivityOutput Output InputCompareMonitorActivityOutput65
Business Executives, Business Unit Managers, tecturesServiceDesign2Service TransitionTech Architectures,Performance tputInputContinualServiceImprovementUsersIT Managers, Vendor Account Execs, IT ExecsContext - The ITSM LifecycleCompareMonitorActivityOutputTechnical Experts, Vendor Support, IT Operational Staff66
Service Operation Processes (I) Event Management– Detect Events, make sense of them, and determineaction– Manage events throughout their Lifecycle Incident Management– Restore normal service as quickly as possible– Minimize the adverse impact on the business Problem Management– Eliminate recurring incidents– Minimize impact of incidents that can’t be prevented67
Service Operation Processes (2) Request Fulfillment– Allow users to request and receive standardservices– Provide information to users and customersabout procedures for obtaining services– Assist with general information, complaints orcomments Access Management– Grant authorized users right to use a service– Prevent access from non-authorized users 68
Service Operation FunctionsService DeskIT ManagementOperations ControlFacilities Management69
Measurement andimprovement Continually lookingfor ways to improve– processes andservices– efficiency,effectiveness, andcost effectiveness Improve each stagein the lifecycle70
Overall CSI ApproachThe CSI ModelWhat is the vision?Where are we now ?How do we keep themomentum going?Business Vision,mission, goals andobjectivesBaseline AssessmentsWhere do we want tobe?Measurable TargetsHow do we get there ?Service and ProcessImprovementDid we get there?Measurements andMetrics71
Measurement and Improvement You cannot manage what you cannotcontrol You cannot control what you cannotmeasure You cannot measure what you cannotdefine72
Measurement and Improvement You cannot manage what you cannot controlYou cannot control what you cannot measureYou cannot measure what you cannot defineServices and processes need to beimplemented with – Clearly defined goals and objectives– Clearly defined measurements Now we can monitor, measure, and improve– Not just discrete projects, but as a way of life73
Types of MetricServiceMetricsThe results of the end-to-end serviceProcessMetricsCSFs, KPIs and activity metrics for theservicemanagement processesTechnologyMetricsComponent and application basedmetrics such as utilisation,performance, availability74
The 7-Step ImprovementProcessIdentify Vision, & Strategy Tactical Goals Operational Goals7.1.Define what youshould measureImplementcorrective action2.Define what youcan measure3.Gather the dataGoals6.Present and usethe informationassessment summaryaction plans, etc.Who? How? When?Integrity of data?5. Analyze the dataRelations? Trends?According to plan?Targets met?Corrective action?4. Process the dataFrequency? Format?System? Accuracy?75
The 7-Step ImprovementProcessWisdom7.Identify Vision, & Strategy Tactical Goals Operational Goals1.Define what youshould measureImplementcorrective action2.Define what youcan measure3.Gather the dataGoals6.Present and usethe informationassessment summaryaction plans, etc.Who? How? When?Integrity of data?InformationKnowledge5. Analyze the dataRelations? Trends?According to plan?Targets met?Corrective action?Data4. Process the dataFrequency? Format?System? Accuracy?76
CSI Processes The 7-Step Improvement Process Service Reporting– The right content for the right audience– Focused on the future as well as the past– This is what happened; this is what we did;this is why it won’t happen again; this is howwe will improve Service Measurement– Service Measurement Framework– Underpins scorecards and reports– Underpins improvement77
78
IT GOVERNANCE79
IT Governance IT governance is the responsibility ofexecutives and the board of directors, andconsists of the leadership, organisationalstructures and processes that ensure thatthe enterprise’s IT sustains and extendsthe organisation’s strategies andobjectives.80
81
COBIT Control Objectives for Information and relatedTechnology (COBIT ) provides good practicesacross a domain and process framework andpresents activities in a manageable and logicalstructure. COBIT’s good practices represent theconsensus of experts. They are strongly focused on control and less onexecution. These practices will help optimise ITenabled investments, ensure service deliveryand provide a measure against which to judgewhen things do go wrong.82
COBIT For IT to be successful in delivering againstbusiness requirements, management should putan internal control system or framework in place.The COBIT control framework contributes tothese needs by:– Making a link to the business requirements– Organising IT activities into a generally acceptedprocess model– Identifying the major IT resources to be leveraged– Defining the management control objectives to beconsidered83
COBIT basic principleThe COBIT framework isbased on the followingprinciple: to provide theinformation that theenterprise requires toachieve its objectives, theenterprise needs to manageand control IT resourcesusing a structured set.84
Process orientedCOBIT framework can beshown with COBIT’sprocess model of 4domains containing 34generic processes, 214Control Objectives,managing the IT resourcesto deliver information to thebusiness according tobusiness and governancerequirements.Monitor and EvaluateDeliver and SupportPlan and OrganizeAcquire andImplement85
Plan and Organize (PO)This domain is related to strategy andtactic to support alignment of IT tocorporate business objectives.Strategic vision needs to be creafullyplanned, defined and communicated.A support organization andtechnology is then needed.It addresses following questions: Are IT and Corporate stratgies aligned? Company is exploiting at the best its ownresources? IT objectives are clearly stated andshared by all within the company? IT risks are analized and managed? IT service quality is aligned to businessobjectives?86
Acquire and Implement (AI)To execute IT strategy, it’s needed toidentify, acquire, implement andrelease ad hoc solutions, integratingthem into IT processes. This domaincovers also all modification andmaintenance to existing applicationsto align them to new businessdemands.It addresses following questions: New projects are correctly addressingbusiness demand? Projects are being delivered inline withexpected time and budget? Implemented solutions and services arecorrectly working according to the initialdemand? Changes can be applied withoutimpacting to end users?87
Deliver and Support (DS)This domain addresses delivery of ITservices, security management,continuity management, servicesupport to end users and data andinfrastructure management.It addresses following questions: IT services are delivered inline withcorporate priority? Are IT costs optimized? Availability, integrity and security arecorrectly addressed and guaranteed?88
Monitor and Evaluate (ME)All IT processes need to beperiodically reviewed to monitorquality and adherence to businessdemands. This domain addresses ITperformance mgmt, respect toregulatory obligations, alignment togovernment requirements.It addresses following questions: Are IT performances monitored to identifyand isolate problems before it’s too late? IT mgmt assures controls are executed inan effective and effcient way? Is IT peformance linked to corporatebusiness objectives? Is in place a set of controls to monitorrisks, compliances and performances?89
IT Governance focus Area COBITthus supports ITgovernance by providing aframework to ensure that: IT is aligned with thebusiness IT enables the business andmaximises benefits IT resources are usedresponsibly IT risks are managedappropriately90
Business Goals and IT GoalsThe enterprise strategy should betranslated by the business intoobjectives for its use of ITenabled initiatives (the businessgoals for IT). These objectives inturn should lead to a cleardefinition of IT’s own objectives(the IT goals), and then these inturn define the IT resources andcapabilities (the enterprisearchitecture for IT) required tosuccessfully execute IT’s part ofthe enterprise’s strategy.91
Information criteriaTo satisfy business objectives,information needs to conform tocertain control criteria, whichCOBIT refers to as businessrequirements for information.Based on the broader quality,fiduciary and securityrequirements, seven distinct,certainly overlapping, informationcriteria are defined Effectiveness Efficiency Confidentiality Integrity Availability Compliance Reliability92
IT resoucesThe IT resources identified in COBIT canbe defined as follows: Applications Information Infrastructure People93
Performance measurementObiettivi e metriche sono definiti nelCOBIT a tre livelli: obiettivi IT e metriche di che cosal’azienda si aspetta dall’IT (cosa l’aziendavuole usare per misurare l’IT) obiettivi di processo e metriche chedefiniscono cosa deve produrre ilprocesso IT per supportare gli obiettividell’IT (come si dovrebbe valutare ilreferente del processo IT) metriche della performance del processo(per misurare come sta funzionando ilprocesso e indicare la probabilità diraggiungere gli obiettivi)94
COBIT framework modelThe COBIT framework, therefore,ties the businesses requirementsfor information and governance tothe objectives of the IT servicesfunction. The COBIT processmodel enables IT activities andthe resources that support themto be properly managed andcontrolled based on COBIT’scontrol objectives, and alignedand monitored using COBIT’sKGI and KPI metrics.95
Maturity modelFor each process a maturity modelhas been defined to provide ameasurable level from 0 (Notexistent) to 5 (Optimised). Using thematurity model, it can be identified: current performance of each process maturity gap in respect to businessobjectives roadmap to fill gap and reach maturityneeded by related business objectives96
COBIT Framework97
COBIT cube98
COBIT Framework Navigation99
ITSM Market TrendTo what extent has your organization currently implemented ITSM?To what extent will your organization implement ITSM by mid- year 2009?ITSM a d op tion, Enter p r ise lev el24%23%13%7%21%16%13%28%14%40%Support many business areasCommited, early stagesRejected60%10%17%200919%8%20%35%11% 18%35%0%102006% 4%28%19%6%25%6% 19%20062009ITSM a d op tion, M id m a r k et lev el41%8%80%100%0%5%20%40%60%80%100%Support some business areasEvaluation stageUnsureSource: “Survey finds highly satisfiedITSM customers are most businessfocused”, Summit Strategies, August2006100
OVERVIEW OF SOME CURRENTBDIM TOOLS AND SOLUTIONS101
HP business technology optimizationdatawarehouse IBM tivoli decision center and cognos BMC Dashboard for business servicemanagement CA Cleverpath AION BPM, BRE (Businessrules expert)102
BUSINESS-DRIVEN ITMANAGEMENT103
The problem Why are we still talking about IT-businessalignment after 15 years? The problem is not completely solved bycurrent ITSM practices– ITIL v2: aligned to activity and output but notnecessarily to value– ITIL V
ITSM All this is called IT Service Management (ITSM) The (promised) result? Management systems are becoming become: - more focused on business needs - more closely integrated with the business processes - less dependent on specific technology and more "service centric" - more integrated with other management tools and
