fedsm itsm intro
TRANSCRIPT
Tutorial on Service Level Management in e-‐Infrastructures – State of the Art and Future
Challenges
The FedSMProject Thomas Schaaf & Owen Appleton
Contents
• IntroducCon • Background: why ITSM in e-‐Infrastructure? • ITSM basics: delivering value • ITSM frameworks and standards • Resources
Contents
• IntroducCon • Background: why ITSM in e-‐Infrastructure? • ITSM basics: delivering value • ITSM frameworks and standards • Resources
IntroducCon
• Purpose of this tutorial – Describe the tradiConal IT Service Management (ITSM) approaches used in the commercial sector
– Suggest how they can be of interest in e-‐Infrastructure
Contents
• IntroducCon • Background: why ITSM in e-‐Infrastructure? • ITSM basics: delivering value • ITSM frameworks and standards • Resources
Background
• e-‐Infrastructure has become increasingly mature in the last decade – Academic beginnings – Research projects, experimental uses at first – Increasing producCon use – Moving toward sustainable models
• Moving beyond EC backing invites comparisons to other technologies – Cloud compuCng has clearer business models – HPC has more concrete unique use case
Background
• Service Management in Grid Infrastructures – All services are managed… somehow
• Everyone does service management, whatever they call it • Most services are managed by people who are not experts in service provisioning
– Services in academia are not operated in the same way as the commercial sector
• Best effort or loosely formalized approaches are common and appropriate for many services
• e-‐Infrastructure complexity is too high for best effort to be a long term, scalable and sustainable opCon
Background
• Service management among ‘compeCtors’ – HPC has quite clearly defined service levels, but this is achievable at a single site
– Clouds are more commercial products • Offered by major firms • Involves ITSM that appears to be ‘commercial grade’ but is actually very weak in terms of service guarantees
• Customers have opCons – Increasing availability of clouds
• Currently if not always the best technical opCon – Local resources are simpler if less effecCve
Contents
• IntroducCon • Background: why ITSM in e-‐Infrastructure? • ITSM basics: delivering value
– Why ITSM – Service & Value – What is ITSM – Key facts & QuesCon – Policies, Processes & Procedures – Process OrientaCon – Example: Incident management – Planning & allocaCng responsibiliCes
• ITSM frameworks and standards • Resources
Motivation: IT Service Management (ITSM)
• Why IT Service Management? – About 80% of all service outages originate
from “people and process issues” – Duration of outages and degradations
significantly dependent on non-technical factors
• IT Service Management … – … aims at providing high quality IT services
meeting customers’ and users’ expectations …
– … by defining and installing management processes covering all aspects of managing the service lifecycle:
• Planning • Roll-out and delivery • Operational support • Changing and improving
10 Tutorial: IT Service Management best pracCces
Reasons for service outages [Gartner, 2001]
Service and Value
• Service can be defined as … – … a means of delivering value to customers … – … by supporting them in achieving their goals … – (… without the customer being responsible for the specific costs and risks
associated with the service.)
• What is value from a customer/business perspective?
11 Tutorial: IT Service Management best pracCces
Utility Warranty Value
Definition according to [OGC/ITIL, 2007]
Why would a customer be interested in the service?
How can the provider guarantee to meet the
agreed quality?
Subject to Service Level Agreements (SLAs)
What is (IT) Service Management?
Service Management (1): Set of capabilities and processes to direct and control the service provider's activities and resources for the design, transition, delivery and improvement of services to fulfill the service requirements
Service Management (2):
Service management is a set of specialized organizational capabilities for providing value to customers in the form of services. The capabilities take the form of functions and processes for managing services over a lifecycle, with specializations in strategy, design, transition, operation, and continual improvement. The capabilities represent a service organization's capacity, competency, and confidence for action. The act of transforming resources into valuable services is at the core of service management.
12 Tutorial: IT Service Management best pracCces
Definition according to ISO/IEC 20000-1, 3.30
cf. ISO/IEC 20000-1:2011, p. 6
Definition according to ITIL
cf. ITIL Service Strategy, p. 15
What is (IT) Service Management?
• Service management is: – Organizational capabilities – Processes needed to provide a good service – Understanding the value of the services provided – Doing everything needed to meet (agreed) requirements – Involving people, creating awareness, clarifying responsibilities,
defining interfaces – Continual improvement
• Service management is not: – Buying a new tool – Marketing
13 Tutorial: IT Service Management best pracCces
ITSM: 5 Key Facts
1. ITSM means: Alignment of IT service operations to the customers' needs.
2. ITSM means: A process approach in delivering and supporting IT services.
3. ITSM supports a consistent terminology, avoiding bad communication and lack of understanding.
4. ITSM requires the provider to understand the requirements of his customers.
5. There are various frameworks and standards providing guidance around ITSM.
14 Tutorial: IT Service Management best pracCces
ITSM: 5 Key Facts à Resulting questions
1. Who is my 'customer'?
2. What are the processes I need to handle?
3. What is my understanding of service? (And does this fit to the customer's?)
4. What are the essential requirements that I must fulfill?
5. Which ITSM framework / approach is most suitable for me?
15 Tutorial: IT Service Management best pracCces
Important "Elements" of ITSM
• Policies: General guidelines and objectives • Processes: Sets of interrelated activities that
convert inputs into outputs • Procedures: Specified ways to perform activities • Plans • People (human resources) • Tools (software) • Other resources: technology, budgets, ...
Policies, processes, procedures
Policy
1. Abc def ghijk. 2. Abc def ghijk. 3. Abc def ghijk. 4. Abc def ghijk.
Proce- dures
Process: Inputs
Outputs
Definition level Top Management
Process Owner
Control level Process Manager
Process teams
Operational level Departments
Functions Persons
Activities and roles
e.g. Incident handling policy, change policy,
security policy
e.g. Incident Management, Change Management, Security Management, …
e.g. procedures for classifying and prioritizing incidents
Person (in a role)
applies
Why process-orientation?
• Characteristics of well-defined processes: – Interrelated activities – Clearly defined interfaces – Measurable and repeatable results
• Basic idea of a process approach in Service Management: – Control of arising tasks through processes and procedures – Thus:
• Better alignment to objectives • Standardization of processes and procedures as well as use of tools • Clear authorities/responsibilities • Increase of effectiveness and efficiency
18 Tutorial: IT Service Management best pracCces
What is a process?
Process: Set of interrelated or interacCng acCviCes which transforms inputs into output.
• Exemplary business process flow:
19 Tutorial: IT Service Management best pracCces
Definition according to ISO/IEC 20000-1, 3.21 & ISO 9000
cf. ISO/IEC 20000-1:2011, p. 5
Benefits from a process approach in ITSM
• Higher effecCveness and efficiency of IT operaCons • Customer orientaCon, alignment to business objecCves
• Beher communicaCon • Improved knowledge management • Less failures and related incidents • CompeCCve advantages • Improved risk management
20 Tutorial: IT Service Management best pracCces
Risks / challenges of a process approach in ITSM
• OperaCons become too bureaucraCc, too much paperwork • Lower effecCveness and efficiency of IT operaCons, if ...
– Employees are insufficiently informed/trained/aware of processes and measures
– Lack of commitment from senior management – Important tasks performed beyond the management system, processes are
undermined
21 Tutorial: IT Service Management best pracCces
Successful implementaCon of IT Service Management is highly dependent on the acceptance by the people
involved, including staff and decision takers.
Components of a process description
1. Objective of the process 2. Input into the process 3. Output (desired result) of the process 4. Activities 5. Roles and responsibilities 6. Success factors and key performance indicators
(KPIs) 7. Interfaces to other processes
22 Tutorial: IT Service Management best pracCces
Example: Incident Management
1. Objective: Restore agreed service to the customer as soon as possible, minimize disruption to the business
2. Input: Event or notification (e.g., through user) indicating the occurrence of an incident
3. Output: Incident resolved, service restored, plus complete incident record
4. Activities: – Logging – Classification + Prioritization – First level support – Functional and/or hierarchical escalation – Resolution – Closure
23 Tutorial: IT Service Management best pracCces
Example: Incident Management
5. Roles and responsibilities: – Process Owner – Incident Manager – Major Incident Coordinator – Agent – User – Customer
6. Success factors and key performance indicators (KPIs): – First line resolution ration (per category, priority, …) – Average resolution time (per category, priority, …) – Amount of SLA violations (and their impact) – …
7. Interfaces to other processes: à see later
24 Tutorial: IT Service Management best pracCces
Basic roles within each process
• Process owner: – Overall accountability for the process (ojen for more than one process) – Defines goals and policies, enforces the achievement of these goals – Has got sufficient authority (usually a member of the top management level) – AllocaCng/Approving of resources
• Process manager: – Responsible for the effecCveness and efficiency of the enCre process with the resources
provided/available – May take over (important) operaConal tasks in the process – Reports to the process owner
• Process staff/team member: – Responsible for the execuCon of specific process acCviCes – Escalates excepCons hierarchically to the process manager – Usually several process staff/team members per process
25 Tutorial: IT Service Management best pracCces
Planning and allocaCng responsibiliCes
• For planning and allocaCng responsibiliCes within a process, a RACI matrix is recommended. – Responsible: Responsible for the (operaConal) implementaCon – Accountable: Accountable for results and achievements – Consulted: Invited to consult on certain acCviCes – Informed : Informed of acCviCes and their results
26 Tutorial: IT Service Management best pracCces
Role 1 Role 2 Role 3 …
AcCvity 1 R AC …
AcCvity 2 I R A …
AcCvity 3 I C AR …
… … … … …
CreaCng a RACI matrix
• Rows represent different acCviCes (also: processes, procedures, documents, etc.)
• Columns represent different roles or persons (also: funcCons, groups, teams, etc.)
• Per row usually … – at least one role / person responsible – exactly one role / person accountable – none, one or more roles / persons consulted or informed
• Possible combinaCons, for example: – AR: accountable and responsible at the same Cme – AI: accountable and informed at the same Cme – AC: accountable and consulted at the same Cme – CI: consulted and informed at the same Cme – …
27 Tutorial: IT Service Management best pracCces
Typical carriers of responsibility
• FuncCon: number of people, resources and tools supporCng a process or an acCvity
• Department: part of the organizaConal hierarchy of a company/organizaCon
• Division: several departments related geographically or with respect to a product
• Group: people performing similar acCviCes • Team: formal group, directed towards the achievement of one or more
defined objecCves • Role: logical concept that relates responsibiliCes, acCviCes or behaviours
to a person, a team, a group, or a funcCon
28 Tutorial: IT Service Management best pracCces
Tools to effecCve communicaCon
• Create a communicaCon plan for communicaCng processes, responsibiliCes and changes!
• Possible / main contents of the communicaCon plan:
– Who informs? à InformaCon bearer – Who will know about? à InformaCon receiver – About what exactly? à InformaCon / message – When and how ojen? à Timing / frequency – In what form? à CommunicaCon medium – How is success of communicaCon measured? à Measurement / evaluaCon
• A communicaCon strategy is useful to define generally in which cases and which ways, by whom and how informaCon has to be delivered
29 Tutorial: IT Service Management best pracCces
Contents
• IntroducCon • Background: why ITSM in e-‐Infrastructure? • ITSM basics: delivering value • ITSM frameworks and standards
– Important Frameworks & Standards – Overview – ITIL – ISO/IEC 20000 – COBIT – Common myths
• Resources
Important IT Management Frameworks & Standards
31
ITIL V2 ITIL V3
COBIT
MOF
ISO/IEC 20000
ISO 9000
CMM CMMI
ISO/IEC 15504
Software Engineering: Maturity Model
IT Service Management
Quality Management
BS 15000
Adoption of key concepts
Successor
ISO/IEC 27000
eTOM
Telecommunications Management
TOM
SID
Important IT Management Frameworks & Standards
32 Tutorial: IT Service Management best pracCces
ITIL V2 ITIL V3
ISO/IEC 20000
ISO 9000
CMM CMMI
ISO/IEC 15504
Software Engineering: Maturity Model
(IT) Service Management
Quality Management
BS 15000
Adoption of key concepts
Successor
ISO/IEC 27000
TOM
SID
COBIT
MOF
eTOM
Telecommunications Management
IT Management Frameworks – An Overview
33 Tutorial: IT Service Management best pracCces
ISO/IEC 20000
IT Infrastructure Library • Number of books with "Good Practice" in IT Service Management • Slogan: "the key to managing IT services" • Descriptions of key principles, concepts and processes in ITSM
• Most popular and wide-spread framework • Not a "real" standard, but often related to as "de-facto standard" • 5 books edited and released by the British OGC
ISO/IEC 20000 • International standard for managing and delivering IT services • Defines the minimum requirements on ITSM
• Developed by a joint committee of ISO and IEC • Based on ITIL • Auditable, certifiable
Control Objectives for Information and Related Technologies • IT Governance framework • Specifies control objectives, metrics, maturity models
• Developed by ISACA • can be combined with ITIL and ISO/IEC 20000
– Overview and Key Facts
• Set of books with recommendations and good practices for IT Service Management
• Goal: Description of management processes and supporting concepts – Slogan: "The key to managing IT services" – Often considered as the "de-facto standard" for ITSM – Service-lifecycle-based approach (from version 3)
• Editor: OGC (Office of Government Commerce, UK) • Application domain / recipients:
– (IT) Service providers (internal or external) – Independent from their organizational form or setup
• Form of publication: Books
34 Tutorial: IT Service Management best pracCces
– Structure
• 5 lifecycle phases (for each stage: one identically named core publication): – Service Strategy – Service Design – Service Transition – Service Operation – Continual Service Improvement
• Process model consisting of about 30 processes – thus, ITIL is more comprehensive and fine-grained than the process model used in ISO/IEC 20000
35 Tutorial: IT Service Management best pracCces
– How to use it
• Important: – ITIL is "just good practice". – ITIL is not necessarily the "perfect solution". – Many organizations implement only 15 to 30 per cent of the ITIL concepts,
and still provide good or excellent services. – There may also be organization trying to fully implement ITIL – still failing to
meet customer requirements.
• When reading ITIL … – … have your bottle of red whine ready. – … do not think "Impossible, where I am working!" after every sentence. – … be aware that this is not a scientific approach, but just good practice
guidelines collected by some teams of practitioners / authors.
36 Tutorial: IT Service Management best pracCces
– Overview of the Core Books
37
Service Strategy
Financial Management
Service Portfolio
Mgmt.
Demand Mgmt.
Service Design
Service Catalogue Mgmt.
Service Level Mgmt.
Capacity Mgmt.
Availability Mgmt.
Continuity Mgmt.
Security Mgmt.
Supplier Mgmt.
Service Transition
Change Mgmt.
Service Asset and Configuration Mgmt.
Release and
Deployment Mgmt.
Service Validation and Testing
Evaluation
Knowledge Mgmt.
Service Operation
Event Mgmt.
Incident Mgmt.
Request Fulfillment
Problem Mgmt.
Access Mgmt.
Continual Service Improvement
The 7-Step
Improvement Process
Service Reporting
Service Measurement
in 100 seconds
38
Incident Management
Problem Management
Configuration Management
Change Management
Release Management
Service Level Management
Financial Management
Capacity Management
Continuity Management
Availability Management
Restore interrupted service as soon as possible
Avoid recurrence of incidents by improving infrastructure quality and stability
Provide a logical model of the infrastructure and all configuration items (CIs)
Ensure all changes are assessed, approved, implemented and reviewed in a controlled manner to avoid unplanned and unintentional effects
Deliver, distribute and track one or more changes in a release into the live environment
Define, agree, record and manage levels of service by closing SLAs with all customers and OLAs/UCs with internal and external sub-providers
Financial control including budgeting, accounting and charging of/for IT services
Ensure sufficient capacity to meet the current and future agreed demands
Ensure continuity of the most critical systems and services after a disaster event
Ensure that agreed service availability commitments can be met
The 10 core processes of ITIL and their objectives):
ITIL (good practice) vs. ISO/IEC 20000 (standard)
39
• 24 pages total (entire standard) • ½ page per management process
• about 1,500 pages total (entire framework) • 10-20 pages per management process
ISO/IEC 20000 – Overview and Key Facts
• International Standard for IT Service Management • Goal: Provide general minimum requirements for service
management – including definitions of 37 important terms – including requirements for the 13 most important service management
processes
• Editor: Joint committee of ISO and IEC • Application domain / recipients:
– (IT) Service providers (internal or external) – Independent from their organizational form or setup
• Form of publication: Electronically (PDF) or in print
40 Tutorial: IT Service Management best pracCces
Context of ISO/IEC 20000
41 Tutorial: IT Service Management best pracCces
Frameworks & standards: IT Service Management
(e.g. ITIL®, MOF, COBIT), Quality Management acc. to ISO 9000
ISO/IEC 20000-2
ISO/IEC 20000-1
PART 1: SHALL/MUST-HAVEs à Minimum requirements à Checklists
PART 2: SHOULD-HAVEs à Extensions of part 1 à Optional recommendations
ISO/IEC 20000
SpecificaCon
ISO/IEC 20000
Code of PracCce
FRAMEWORKS & STANDARDS à Best Practices à QM foundations
BEST PRACTICE
Quality Management
ISO/IEC 20000: Structure and process framework
42 Tutorial: IT Service Management best pracCces
Business relationship management Supplier management
Budgeting and accounting for services
Information security management Service level management
Service reporting Capacity management
Service continuity and availability management
Incident and service request management Problem management
Configuration management Change management
Release and deployment management
[9] Control processes
[8] Resolution processes
[7] Relationship processes
[6] Service delivery processes
[4] Service management system general requirements
[5] Design and transition of new or changed services
[1] Scope [2] Normative references [3] Terms and definitions
Key principles in quality management
• ISO/IEC 20000 is based on the key principles in Quality Management as described by ISO 9004:
43 Tutorial: IT Service Management best pracCces
Customer Focus Leadership Involvement of
People Process
Approach
System Approach
Continual Improvement
Factual Approach to
Decision Making
Mutually Beneficial
Relationships
InterrelaCon: ISO/IEC 20000 and ISO 9000
• ISO/IEC 20000 is based on the key principles in Quality Management as described by ISO 9004:
44 Tutorial: IT Service Management best pracCces
ISO/IEC 20000
• Focus: IT Service Management • Basic terms, concepts, processes, ... • Buidling an IT Service Management System • Applicable for IT Service providers
ISO 9000
• Foundations of Quality Management • Basic priciples • Building a Quality Management System • Applicable for all organizations/domains
ISO/IEC 20000: Summary
• InternaConal standard for IT service providers • Process approach in IT Service Management • Based on ...
– Best PracCces in IT Service Management (as described e.g. in ITIL®) – Key principles in Quality Management (as described in ISO 9000)
• Consists of two parts: – ISO/IEC 20000-‐1: SpecificaCon / Minimum requirements – ISO/IEC 20000-‐2: Code of PracCce
45 Tutorial: IT Service Management best pracCces
COBIT – Overview and Key Facts
• Framework for IT Governance • Goal: Transparent and consistent governance standards
through all IT-relevant processes, including ... – defined metrics to measure effectiveness and efficiency – maturity models
• Editor: ISACA/ITGI (Information Systems Audit and Control Association, IT Governance Institute)
• Application domain / recipients: – Top management and decision makers of IT service providers (internal or
external) – Independent from their organizational form
• Form of publication: Electronically (PDF), provided under http://www.isaca.org/cobit
46 Tutorial: IT Service Management best pracCces
COBIT – Structure
• 34 processes, structured along four lifecycle phases: – Plan and Organize (PO) – Acquire and Implement (AI) – Deliver and Support (DS) – Monitor and Evaluate (ME)
• For each process: – High level control objective – Detailed control objectives – Management guidelines – Maturity model
47 Tutorial: IT Service Management best pracCces
COBIT – High Level Control Objectives
48 Tutorial: IT Service Management best pracCces
Plan and Organize (PO)
Acquire and Implement (AI)
Deliver and Support (DS)
Monitor and Evaluate (ME)
The 5 most common “myths” around ITSM
1. ITSM is about buying or developing fancy tools. 7
2. ITSM means: Everything changes. 7
3. ITSM reduces costs. 7
4. ITSM is only about having some SLAs and dealing with incidents. 7
5. ITSM means: Customers and users are happy. 7
49 Tutorial: IT Service Management best pracCces
Contents
• IntroducCon • Background: why ITSM in e-‐Infrastructure? • ITSM basics: delivering value • ITSM frameworks and standards • Resources
Resources
• ITIL • ISO/IEC 20000 • ISO/IEC 27000 • CMMI • COBIT • gSLM Roadmap / Maturity Model / assessment tool (www.gslm.eu/results)
More informaCon
• Keep up to date – Twiher @FedSM_project
• Contact: – [email protected] – Dr Thomas Schaaf, FedSM Project Director, [email protected]