fedsm itsm intro

Tutorial on Service Level Management in e-‐Infrastructures – State of the Art and Future

Challenges

The FedSMProject Thomas Schaaf & Owen Appleton

Contents

•  IntroducCon •  Background: why ITSM in e-‐Infrastructure? •  ITSM basics: delivering value •  ITSM frameworks and standards •  Resources

IntroducCon

•  Purpose of this tutorial –  Describe the tradiConal IT Service Management (ITSM) approaches used in the commercial sector

–  Suggest how they can be of interest in e-‐Infrastructure

Contents


Background

•  e-‐Infrastructure has become increasingly mature in the last decade –  Academic beginnings –  Research projects, experimental uses at first –  Increasing producCon use – Moving toward sustainable models

•  Moving beyond EC backing invites comparisons to other technologies –  Cloud compuCng has clearer business models –  HPC has more concrete unique use case

Background

•  Service Management in Grid Infrastructures –  All services are managed… somehow

•  Everyone does service management, whatever they call it •  Most services are managed by people who are not experts in service provisioning

–  Services in academia are not operated in the same way as the commercial sector

•  Best effort or loosely formalized approaches are common and appropriate for many services

•  e-‐Infrastructure complexity is too high for best effort to be a long term, scalable and sustainable opCon

Background

•  Service management among ‘compeCtors’ –  HPC has quite clearly defined service levels, but this is achievable at a single site

–  Clouds are more commercial products •  Offered by major firms •  Involves ITSM that appears to be ‘commercial grade’ but is actually very weak in terms of service guarantees

•  Customers have opCons –  Increasing availability of clouds

•  Currently if not always the best technical opCon –  Local resources are simpler if less effecCve

Contents

•  IntroducCon •  Background: why ITSM in e-‐Infrastructure? •  ITSM basics: delivering value

–  Why ITSM –  Service & Value –  What is ITSM –  Key facts & QuesCon –  Policies, Processes & Procedures –  Process OrientaCon –  Example: Incident management –  Planning & allocaCng responsibiliCes

•  ITSM frameworks and standards •  Resources

Motivation: IT Service Management (ITSM)

•  Why IT Service Management? –  About 80% of all service outages originate

from “people and process issues” –  Duration of outages and degradations

significantly dependent on non-technical factors

•  IT Service Management … –  … aims at providing high quality IT services

meeting customers’ and users’ expectations …

–  … by defining and installing management processes covering all aspects of managing the service lifecycle:

•  Planning •  Roll-out and delivery •  Operational support •  Changing and improving

10 Tutorial: IT Service Management best pracCces

Reasons for service outages [Gartner, 2001]

Service and Value

•  Service can be defined as … –  … a means of delivering value to customers … –  … by supporting them in achieving their goals … –  (… without the customer being responsible for the specific costs and risks

associated with the service.)

•  What is value from a customer/business perspective?


Utility Warranty Value

Definition according to [OGC/ITIL, 2007]

Why would a customer be interested in the service?

How can the provider guarantee to meet the

agreed quality?

Subject to Service Level Agreements (SLAs)

What is (IT) Service Management?

Service Management (1): Set of capabilities and processes to direct and control the service provider's activities and resources for the design, transition, delivery and improvement of services to fulfill the service requirements

Service Management (2):

Service management is a set of specialized organizational capabilities for providing value to customers in the form of services. The capabilities take the form of functions and processes for managing services over a lifecycle, with specializations in strategy, design, transition, operation, and continual improvement. The capabilities represent a service organization's capacity, competency, and confidence for action. The act of transforming resources into valuable services is at the core of service management.


Definition according to ISO/IEC 20000-1, 3.30

cf. ISO/IEC 20000-1:2011, p. 6

Definition according to ITIL

cf. ITIL Service Strategy, p. 15

What is (IT) Service Management?

•  Service management is: –  Organizational capabilities –  Processes needed to provide a good service –  Understanding the value of the services provided –  Doing everything needed to meet (agreed) requirements –  Involving people, creating awareness, clarifying responsibilities,

defining interfaces –  Continual improvement

•  Service management is not: –  Buying a new tool –  Marketing


ITSM: 5 Key Facts

1.  ITSM means: Alignment of IT service operations to the customers' needs.

2.  ITSM means: A process approach in delivering and supporting IT services.

3.  ITSM supports a consistent terminology, avoiding bad communication and lack of understanding.

4.  ITSM requires the provider to understand the requirements of his customers.

5.  There are various frameworks and standards providing guidance around ITSM.


ITSM: 5 Key Facts à Resulting questions

1.  Who is my 'customer'?

2.  What are the processes I need to handle?

3.  What is my understanding of service? (And does this fit to the customer's?)

4.  What are the essential requirements that I must fulfill?

5.  Which ITSM framework / approach is most suitable for me?


Important "Elements" of ITSM

•  Policies: General guidelines and objectives •  Processes: Sets of interrelated activities that

convert inputs into outputs •  Procedures: Specified ways to perform activities •  Plans •  People (human resources) •  Tools (software) •  Other resources: technology, budgets, ...

Policies, processes, procedures

Policy

1. Abc def ghijk. 2. Abc def ghijk. 3. Abc def ghijk. 4. Abc def ghijk.

Proce- dures

Process: Inputs

Outputs

Definition level Top Management

Process Owner

Control level Process Manager

Process teams

Operational level Departments

Functions Persons

Activities and roles

e.g. Incident handling policy, change policy,

security policy

e.g. Incident Management, Change Management, Security Management, …

e.g. procedures for classifying and prioritizing incidents

Person (in a role)

applies

Why process-orientation?

•  Characteristics of well-defined processes: –  Interrelated activities –  Clearly defined interfaces –  Measurable and repeatable results

•  Basic idea of a process approach in Service Management: –  Control of arising tasks through processes and procedures –  Thus:

•  Better alignment to objectives •  Standardization of processes and procedures as well as use of tools •  Clear authorities/responsibilities •  Increase of effectiveness and efficiency


What is a process?

Process: Set of interrelated or interacCng acCviCes which transforms inputs into output.

•  Exemplary business process flow:


Definition according to ISO/IEC 20000-1, 3.21 & ISO 9000

cf. ISO/IEC 20000-1:2011, p. 5

Benefits from a process approach in ITSM

•  Higher effecCveness and efficiency of IT operaCons •  Customer orientaCon, alignment to business objecCves

•  Beher communicaCon •  Improved knowledge management •  Less failures and related incidents •  CompeCCve advantages •  Improved risk management


Risks / challenges of a process approach in ITSM

•  OperaCons become too bureaucraCc, too much paperwork •  Lower effecCveness and efficiency of IT operaCons, if ...

–  Employees are insufficiently informed/trained/aware of processes and measures

–  Lack of commitment from senior management –  Important tasks performed beyond the management system, processes are

undermined


Successful implementaCon of IT Service Management is highly dependent on the acceptance by the people

involved, including staff and decision takers.

Components of a process description

1.  Objective of the process 2.  Input into the process 3.  Output (desired result) of the process 4.  Activities 5.  Roles and responsibilities 6.  Success factors and key performance indicators

(KPIs) 7.  Interfaces to other processes


Example: Incident Management

1.  Objective: Restore agreed service to the customer as soon as possible, minimize disruption to the business

2.  Input: Event or notification (e.g., through user) indicating the occurrence of an incident

3.  Output: Incident resolved, service restored, plus complete incident record

4.  Activities: –  Logging –  Classification + Prioritization –  First level support –  Functional and/or hierarchical escalation –  Resolution –  Closure


Example: Incident Management

5.  Roles and responsibilities: –  Process Owner –  Incident Manager –  Major Incident Coordinator –  Agent –  User –  Customer

6.  Success factors and key performance indicators (KPIs): –  First line resolution ration (per category, priority, …) –  Average resolution time (per category, priority, …) –  Amount of SLA violations (and their impact) –  …

7.  Interfaces to other processes: à see later


Basic roles within each process

•  Process owner: –  Overall accountability for the process (ojen for more than one process) –  Defines goals and policies, enforces the achievement of these goals –  Has got sufficient authority (usually a member of the top management level) –  AllocaCng/Approving of resources

•  Process manager: –  Responsible for the effecCveness and efficiency of the enCre process with the resources

provided/available –  May take over (important) operaConal tasks in the process –  Reports to the process owner

•  Process staff/team member: –  Responsible for the execuCon of specific process acCviCes –  Escalates excepCons hierarchically to the process manager –  Usually several process staff/team members per process


Planning and allocaCng responsibiliCes

•  For planning and allocaCng responsibiliCes within a process, a RACI matrix is recommended. –  Responsible: Responsible for the (operaConal) implementaCon –  Accountable: Accountable for results and achievements –  Consulted: Invited to consult on certain acCviCes –  Informed : Informed of acCviCes and their results


Role 1 Role 2 Role 3 …

AcCvity 1 R AC …

AcCvity 2 I R A …

AcCvity 3 I C AR …

… … … … …

CreaCng a RACI matrix

•  Rows represent different acCviCes (also: processes, procedures, documents, etc.)

•  Columns represent different roles or persons (also: funcCons, groups, teams, etc.)

•  Per row usually … –  at least one role / person responsible –  exactly one role / person accountable –  none, one or more roles / persons consulted or informed

•  Possible combinaCons, for example: –  AR: accountable and responsible at the same Cme –  AI: accountable and informed at the same Cme –  AC: accountable and consulted at the same Cme –  CI: consulted and informed at the same Cme –  …


Typical carriers of responsibility

•  FuncCon: number of people, resources and tools supporCng a process or an acCvity

•  Department: part of the organizaConal hierarchy of a company/organizaCon

•  Division: several departments related geographically or with respect to a product

•  Group: people performing similar acCviCes •  Team: formal group, directed towards the achievement of one or more

defined objecCves •  Role: logical concept that relates responsibiliCes, acCviCes or behaviours

to a person, a team, a group, or a funcCon


Tools to effecCve communicaCon

•  Create a communicaCon plan for communicaCng processes, responsibiliCes and changes!

•  Possible / main contents of the communicaCon plan:

–  Who informs? à InformaCon bearer –  Who will know about? à InformaCon receiver –  About what exactly? à InformaCon / message –  When and how ojen? à Timing / frequency –  In what form? à CommunicaCon medium –  How is success of communicaCon measured? à Measurement / evaluaCon

•  A communicaCon strategy is useful to define generally in which cases and which ways, by whom and how informaCon has to be delivered


Contents

•  IntroducCon •  Background: why ITSM in e-‐Infrastructure? •  ITSM basics: delivering value •  ITSM frameworks and standards

–  Important Frameworks & Standards –  Overview –  ITIL –  ISO/IEC 20000 –  COBIT –  Common myths

•  Resources

Important IT Management Frameworks & Standards

31

ITIL V2 ITIL V3

COBIT

MOF

ISO/IEC 20000

ISO 9000

CMM CMMI

ISO/IEC 15504

Software Engineering: Maturity Model

IT Service Management

Quality Management

BS 15000

Adoption of key concepts

Successor

ISO/IEC 27000

eTOM

Telecommunications Management

TOM

SID

Important IT Management Frameworks & Standards


ITIL V2 ITIL V3

ISO/IEC 20000

ISO 9000

CMM CMMI

ISO/IEC 15504

Software Engineering: Maturity Model

(IT) Service Management

Quality Management

BS 15000

Adoption of key concepts

Successor

ISO/IEC 27000

TOM

SID

COBIT

MOF

eTOM

Telecommunications Management

IT Management Frameworks – An Overview


ISO/IEC 20000

IT Infrastructure Library •  Number of books with "Good Practice" in IT Service Management •  Slogan: "the key to managing IT services" •  Descriptions of key principles, concepts and processes in ITSM

•  Most popular and wide-spread framework •  Not a "real" standard, but often related to as "de-facto standard" •  5 books edited and released by the British OGC

ISO/IEC 20000 •  International standard for managing and delivering IT services •  Defines the minimum requirements on ITSM

•  Developed by a joint committee of ISO and IEC •  Based on ITIL •  Auditable, certifiable

Control Objectives for Information and Related Technologies •  IT Governance framework •  Specifies control objectives, metrics, maturity models

•  Developed by ISACA •  can be combined with ITIL and ISO/IEC 20000

– Overview and Key Facts

•  Set of books with recommendations and good practices for IT Service Management

•  Goal: Description of management processes and supporting concepts –  Slogan: "The key to managing IT services" –  Often considered as the "de-facto standard" for ITSM –  Service-lifecycle-based approach (from version 3)

•  Editor: OGC (Office of Government Commerce, UK) •  Application domain / recipients:

–  (IT) Service providers (internal or external) –  Independent from their organizational form or setup

•  Form of publication: Books


– Structure

•  5 lifecycle phases (for each stage: one identically named core publication): –  Service Strategy –  Service Design –  Service Transition –  Service Operation –  Continual Service Improvement

•  Process model consisting of about 30 processes – thus, ITIL is more comprehensive and fine-grained than the process model used in ISO/IEC 20000


– How to use it

•  Important: –  ITIL is "just good practice". –  ITIL is not necessarily the "perfect solution". –  Many organizations implement only 15 to 30 per cent of the ITIL concepts,

and still provide good or excellent services. –  There may also be organization trying to fully implement ITIL – still failing to

meet customer requirements.

•  When reading ITIL … –  … have your bottle of red whine ready. –  … do not think "Impossible, where I am working!" after every sentence. –  … be aware that this is not a scientific approach, but just good practice

guidelines collected by some teams of practitioners / authors.


– Overview of the Core Books

37

Service Strategy

Financial Management

Service Portfolio

Mgmt.

Demand Mgmt.

Service Design

Service Catalogue Mgmt.

Service Level Mgmt.

Capacity Mgmt.

Availability Mgmt.

Continuity Mgmt.

Security Mgmt.

Supplier Mgmt.

Service Transition

Change Mgmt.

Service Asset and Configuration Mgmt.

Release and

Deployment Mgmt.

Service Validation and Testing

Evaluation

Knowledge Mgmt.

Service Operation

Event Mgmt.

Incident Mgmt.

Request Fulfillment

Problem Mgmt.

Access Mgmt.

Continual Service Improvement

The 7-Step

Improvement Process

Service Reporting

Service Measurement

in 100 seconds

38

Incident Management

Problem Management

Configuration Management

Change Management

Release Management

Service Level Management

Financial Management

Capacity Management

Continuity Management

Availability Management

Restore interrupted service as soon as possible

Avoid recurrence of incidents by improving infrastructure quality and stability

Provide a logical model of the infrastructure and all configuration items (CIs)

Ensure all changes are assessed, approved, implemented and reviewed in a controlled manner to avoid unplanned and unintentional effects

Deliver, distribute and track one or more changes in a release into the live environment

Define, agree, record and manage levels of service by closing SLAs with all customers and OLAs/UCs with internal and external sub-providers

Financial control including budgeting, accounting and charging of/for IT services

Ensure sufficient capacity to meet the current and future agreed demands

Ensure continuity of the most critical systems and services after a disaster event

Ensure that agreed service availability commitments can be met

The 10 core processes of ITIL and their objectives):

ITIL (good practice) vs. ISO/IEC 20000 (standard)

39

•  24 pages total (entire standard) •  ½ page per management process

•  about 1,500 pages total (entire framework) •  10-20 pages per management process

ISO/IEC 20000 – Overview and Key Facts

•  International Standard for IT Service Management •  Goal: Provide general minimum requirements for service

management –  including definitions of 37 important terms –  including requirements for the 13 most important service management

processes

•  Editor: Joint committee of ISO and IEC •  Application domain / recipients:

–  (IT) Service providers (internal or external) –  Independent from their organizational form or setup

•  Form of publication: Electronically (PDF) or in print


Context of ISO/IEC 20000


Frameworks & standards: IT Service Management

(e.g. ITIL®, MOF, COBIT), Quality Management acc. to ISO 9000

ISO/IEC 20000-2

ISO/IEC 20000-1

PART 1: SHALL/MUST-HAVEs à Minimum requirements à Checklists

PART 2: SHOULD-HAVEs à Extensions of part 1 à Optional recommendations

ISO/IEC 20000

SpecificaCon

ISO/IEC 20000

Code of PracCce

FRAMEWORKS & STANDARDS à  Best Practices à  QM foundations

BEST PRACTICE

Quality Management

ISO/IEC 20000: Structure and process framework


Business relationship management Supplier management

Budgeting and accounting for services

Information security management Service level management

Service reporting Capacity management

Service continuity and availability management

Incident and service request management Problem management

Configuration management Change management

Release and deployment management

[9] Control processes

[8] Resolution processes

[7] Relationship processes

[6] Service delivery processes

[4] Service management system general requirements

[5] Design and transition of new or changed services

[1] Scope [2] Normative references [3] Terms and definitions

Key principles in quality management

•  ISO/IEC 20000 is based on the key principles in Quality Management as described by ISO 9004:


Customer Focus Leadership Involvement of

People Process

Approach

System Approach

Continual Improvement

Factual Approach to

Decision Making

Mutually Beneficial

Relationships

InterrelaCon: ISO/IEC 20000 and ISO 9000

•  ISO/IEC 20000 is based on the key principles in Quality Management as described by ISO 9004:


ISO/IEC 20000

• Focus: IT Service Management • Basic terms, concepts, processes, ... • Buidling an IT Service Management System • Applicable for IT Service providers

ISO 9000

• Foundations of Quality Management • Basic priciples • Building a Quality Management System • Applicable for all organizations/domains

ISO/IEC 20000: Summary

•  InternaConal standard for IT service providers •  Process approach in IT Service Management •  Based on ...

–  Best PracCces in IT Service Management (as described e.g. in ITIL®) –  Key principles in Quality Management (as described in ISO 9000)

•  Consists of two parts: –  ISO/IEC 20000-‐1: SpecificaCon / Minimum requirements –  ISO/IEC 20000-‐2: Code of PracCce


COBIT – Overview and Key Facts

•  Framework for IT Governance •  Goal: Transparent and consistent governance standards

through all IT-relevant processes, including ... –  defined metrics to measure effectiveness and efficiency –  maturity models

•  Editor: ISACA/ITGI (Information Systems Audit and Control Association, IT Governance Institute)

•  Application domain / recipients: –  Top management and decision makers of IT service providers (internal or

external) –  Independent from their organizational form

•  Form of publication: Electronically (PDF), provided under http://www.isaca.org/cobit


COBIT – Structure

•  34 processes, structured along four lifecycle phases: –  Plan and Organize (PO) –  Acquire and Implement (AI) –  Deliver and Support (DS) –  Monitor and Evaluate (ME)

•  For each process: –  High level control objective –  Detailed control objectives –  Management guidelines –  Maturity model


COBIT – High Level Control Objectives


Plan and Organize (PO)

Acquire and Implement (AI)

Deliver and Support (DS)

Monitor and Evaluate (ME)

The 5 most common “myths” around ITSM

1.  ITSM is about buying or developing fancy tools. 7

2.  ITSM means: Everything changes. 7

3.  ITSM reduces costs. 7

4.  ITSM is only about having some SLAs and dealing with incidents. 7

5.  ITSM means: Customers and users are happy. 7


Contents


Resources

•  ITIL •  ISO/IEC 20000 •  ISO/IEC 27000 •  CMMI •  COBIT •  gSLM Roadmap / Maturity Model / assessment tool (www.gslm.eu/results)

More informaCon

•  Keep up to date –  Twiher @FedSM_project

•  Contact: –  [email protected] –  Dr Thomas Schaaf, FedSM Project Director, [email protected]

fedsm itsm intro

Documents