is 483 information systems management
DESCRIPTION
IS 483 Information Systems Management. James Nowotarski 1 May 2003. Today’s Objectives. Deepen understanding of service level agreements (SLA) Understand fundamentals of operations management Understand primary approaches to end user training. Today’s agenda. Topic Duration - PowerPoint PPT PresentationTRANSCRIPT
• Deepen understanding of service level agreements (SLA)
• Understand fundamentals of operations management
• Understand primary approaches to end user training
Today’s Objectives
Topic Duration
• Recap last week 15 minutes
• Operations management 60 minutes
• *** Break 15 minutes
• Operations management 45 minutes
• Quiz 15 minutes
• Assignment 3 5 minutes
• End user training 30 minutes
Today’s agenda
Topic Duration
• Recap last week 15 minutes
• Operations management 60 minutes
• *** Break 15 minutes
• Operations management 45 minutes
• Quiz 15 minutes
• Assignment 3 5 minutes
• End user training 30 minutes
Today’s agenda
Importance of business focus in network solutions
• Globalization• Mobile enterprise• Lower cost/Increased capability• Security threats• 24/7/365 availability• Increased reach and content of today’s
applications
Some of today’s key business drivers
Computer Associates and others have pointed out the importance of business focus when providing network solutions
Network Management Functions
• Fault management
• Configuration management
• Accounting management
• Performance management
• Security management
Source: International Standards Organization (ISO)
Management of Systems Environments
Users
IT Service Management
SLA
Vendors Developers
SystemsManagement• Network Mgmt• Server Mgmt• etc.
Internal SLAExternal SLA
Service Level Agreements
Service ServiceType of SLA Provider User
Internal IT network End user group group (i.e., business unit)
External Vendor End user group-- IT network group coordinates
Service Level Agreements
Table of Contents
• Dates (start, expiration)
• Types of services provided
• Service measures
• Roles/Responsibilities (provider, consumer)
• Resources needed and/or costs charged
• Reporting mechanism
• Signatures
Service Level Agreements
Disciplines
Performance Management
Configuration Management
Availability
Reliability
Response time
Application versions & enhancements
Accounting Management Reporting procedure
Fault Management Incident management, e.g., • database failure• workstation failure
Security Management
Recovery ManagementBackup
Recovery
Capacity Planning
Online Systems
Batch SystemsOutput handling
Schedule execution
Service Types
• Data/Voice convergence– Examples: VoIP, unified messaging
• Exponential growth in # of managed elements– Used to be 1 element per 8000 subscriber lines– Now closer to 1:1, will soon be M:1 subscriber due to new technologies (ATM, SONET), complexity
• Security– File sharing and Instant Messaging (IM) software routinely subvert firewalls
• Business continuity• Rich media• Web services• Network attached storage
Trends
Overall: Network infrastructure more intelligent
• Mobile/Wireless– Five years ago, mobile users were 5 percent of the population– Now, upwards of 50 percent might be mobile part of the time– Security issues: IEEE working on IEEE 802.11i to be released in 2003– Security is #1; coverage, ubiquity and quality of service (QoS) fall under #2– “Our enterprise customers are now supplying WLANs as a strategic part of their
networks . . . With the proliferation of WLAN technology, customers have become increasingly concerned about security and interoperability . . . it’s important to maintain real interoperability across many vendors, not just one or two” (Gary Berzack, CEO of Tribeca Technologies, wireless solution provider, CRN, 3/31/03)
Trends (cont.)
Topic Duration
• Recap last week 15 minutes
• Operations management 60 minutes
• *** Break 15 minutes
• Operations management 45 minutes
• Quiz 15 minutes
• Assignment 3 5 minutes
• End user training 30 minutes
Today’s agenda
Operations Management - What is it?
• Computer hardware (servers, workstations, etc.)• Communications lines and equipment (hubs, routers, switches,
gateways, etc.)• Software (applications, system software, utilities)• Data centers (control rooms, console operations, libraries,
backup, etc.)• Disaster recovery - detailed procedures/processes for
recovering data and applications• Security (firewalls, intrusion detection, user authentication,
etc.)• Personnel for the above (e.g., operators, programmers,
technicians, etc.)
Operations Management is the planning and management of . . .
Where Operations Management Fits
Example: IT functional alignment is organizing IT personnel by primary tasks
Director - IS/IT
Manager, Systems Development
Manager, Application Maintenance
Manager, Computer Operations
Where Operations Management Fits
Director - CIO
Director, IS Planning
Director, Software Engineering
Manager, Production
Director, Business Technology
Manager, Administration
Director, Technical Services
• Enterprise Arch• Security• S/W Evaluation
• Business analysts• Program managers• Data warehouse
• Developers• Development tools
• Operations• Help desk• Application support
• Network• PC technicians
• $4B revenue company• 400 person IT shop, $70M
Operations Management - Who Cares?
• Cost Containment– Typical IT budget breakdown:
.57 data center operations
.33 systems and programming
.10 admin and training
• Reliability– Problems are very visible
• Adaptability– Extend existing functions– Take on new jobs
• Benefits Realization– Improve quality of service– Revenue generating opportunities
Key Objectives
Operations Management - What is it?
• Computer hardware (servers, workstations, etc.)• Communications lines and equipment (hubs, routers, switches,
gateways, etc.)• Software (applications, system software, utilities)• Data centers (control rooms, console operations, libraries,
backup, etc.)• Disaster recovery - detailed procedures/processes for
recovering data and applications• Security (firewalls, intrusion detection, user authentication,
etc.)• Personnel for the above (e.g., operators, programmers,
technicians, etc.)
Operations Management is the planning and management of . . .
Data Centers
1. Console monitoring
2. Input/Output control
3. Manual media distribution
4. Backups
5. Production coordination
Data Center Functions
Data Center Functions
• Monitor and ensure acceptable performance of:– servers
– databases
– networks
– applications
• Detect and correct problems• Shut down components for servicing
Console monitoring
Data Center Functions
• Compare calculated control numbers on input to actuals to ensure integrity
• Compare output control numbers to input control numbers to ensure integrity
Input/Output Control
Data Center Functions
• Distribute non-electronic media, e.g., reports• Done on ad-hoc or scheduled basis to agreed
standards of delivery
Manual Media Distribution
Data Center Functions
• Make and control copies and backups of:– databases
– logs
– software
– utilities
• Transfer backups to offsite storage facilities• For crucial/sensitive items, maintain backups at several
sites• Enable retrieval of backups for recovery purposes
Backup
Data Center Functions
• Schedule and run production processes– applications
– utilities
– backups
• Coordinate with stakeholders on outages, problems, changes, etc.
Production Coordination
Data Center Set-Up
• Evaluation of user expectations
• Use of vendors
• Proximity issues
• Measures and controls
• Procure needed human resources
• Define test plan
• Physical security
• Buy vs. lease the facility
Managerial Considerations
Data Center Set-Up
• Location of the data center (access to needed resources)
• Power issues
• Fire suppression
• Telephone-company connectivity
• Cable management
• Cooling system
• Security/Backup procedures
Technical Considerations
Data Center Set-Up
• Location of the data center (access to needed resources)
• Power issues
• Fire suppression
• Telephone-company connectivity
• Cable management
• Cooling system
• Security/Backup procedures
Technical Considerations
Fire Suppression
Q. Which of the following methods of suppressing a fire in a data center is the MOST effective and environmentally friendly?
a. Halon gasb. Wet-pipe sprinklersc. Dry-pipe sprinklersd. Carbon dioxide
Fire Suppression
Q. Which of the following methods of suppressing a fire in a data center is the MOST effective and environmentally friendly?
a. Halon gasb. Wet-pipe sprinklersc. Dry-pipe sprinklersd. Carbon dioxide
Explanation: Water sprinklers, with an automatic power shut-off system, are accepted as efficient because they can be set to automatic release without threat to life and water is environmentally friendly. Sprinklers must be dry-pipe to prevent the risk of leakage. Halon is efficient and effective as it does not threaten human life, and therefore can be set to automatic release, but it is environmentally damaging and very expensive. Water is an acceptable medium but the pipes should be empty to avoid leakage, so a full system is not a viable option. Carbon dioxide is accepted as an environmentally acceptable gas, but it is less efficient as it cannot be set to automatic release in a staffed site because it threatens life.
A Word on Security
According to the 2002 CSI/FBI Computer Crime and Security Survey, more than 90% of the study's 503 respondents (mainly Fortune 500 corporations and government agencies) reported detecting a computer system security breach within the last year, with the average annual financial loss reported at about $5 million.
- Application Development Trends, Oct. 2002
A Word on Security
“Before, [small businesses] first looked at getting their site up with us quickly, then at high-availability services and lastly at security. Now they’re more concerned about their site being compromised, so security is taking precedence over things such as high availability”
- Steve Mann, director of network and security engineering at NaviSite, Andover, Mass, Computer Reseller News, 10/14/2002
A Word on Security
Bringing together the various departments of a company -- HR, MIS, legal, etc. -- to develop and enforce policies is essential to tackling the security problem. You evaluate, you write the policies, you educate the employees and you put the enforcement technology in place, and then you start again every month of every quarter. It’s just doing due diligence.
- Computer Reseller News, 10/14/2002
A Word on Security
“Transaction theft and application exploits are where we see things moving . . . vendors introducing more comprehensive security-management products (Symantec, SAS, IBM). . . Despite the growing sophistication and comprehensiveness of security management systems, IT professionals will face tough integration tasks for years to come . . . no single product addresses the many areas that need attention, including improved usability and forensics” - Information Week, 7 October 2002
Disaster Recovery Planning
• Enable an organization to survive a disaster and to continue normal business operations.
Primary Objective
• Assess existing vulnerabilities
• Implement disaster avoidance and prevention procedures
• Develop comprehensive plan to enable organization to react appropriately and in a timely manner if disaster strikes
Specific Goals
Disaster Recovery Planning vs. Business Continuity
Disaster recovery
+ Business resumption and recovery (workplace to rebuild systems and the business)
+ Crisis management (how executives respond to and make decisions during a crisis)
Business Continuity
Business Continuity Project Team
• Real estate and facilities
• Security
• Human resources
• Information systems
• Communications
• Technology, planning, and development
• Audit department oversees process
Departments Involved
Disaster Recovery Planning
• Disaster recovery planning is not a two-month project,
neither is it a project that once completed, you can forget
about. An effective recovery plan is a live recovery plan.
- Computing and Network Services
(CNS)
What is meant by this statement?
Disaster Recovery Planning
• Continuous process, not a discrete process
• Involves IT and the business units
• Essential that required resources (personnel, capital, expenses) are available during development and ongoing maintenance of the program
Key Success Factors
Disaster Recovery Planning
Two out of five enterprises that experience a disaster, such as a terrorist attack or an extreme force of nature, go out of business within five years.
Need to immediately begin developing and testing business-continuity plans and seeking disaster-recovery services.
- Gartner Group, Sept. 2001
The most critical data storage device in an enterprise -- the mainframe -- is typically overlooked during disaster recovery planning. That's according to mainframe security maven Ronn H. Baily, who made the observation during a recent briefing at the White House.
"Mainframe computers are less secure now than they were just seven to 10 years ago,“ Baily said, "and mainframe systems, by and large, are very vulnerable to unauthorized access, misuse and attack.“
- Application Development Trends, Oct. 2002
Disaster Recovery Planning
Operations Management - How to Improve
• Centralize resources
• Automate operations
• Replace/Streamline legacy applications
• Outsource
• Continuous process improvement
Approaches to Meeting Objectives
Operations Management - How to improve
• Locate resources in same physical location(s)• Can reduce support costs without jeopardizing
service levels• Enables greater standardization of processes• Enables continual streamlining of operations
processes
Centralize resources
Operations Management - How to improve
• Partial or full (“lights out”) automation of data center functions• Example: Automatic response to console messages (80% of messages can be handled
this way)• Example: Intelligently manage data center assets (e.g., servers) through software that can
summon capacity as needed– IBM’s Project eLiza– HP’s Adaptive Management Platform– Sun’s N1
• Computer operators going way of telephone operators• Implications for data center managers:
– Focus more on business issues than technical issues– Plan more than react– Focus on customer service
Automate Operations
Operations Management - How to improve
• Upgrade to minimize human intervention• Replace with higher-quality, more reliable, more
adaptable components
Replace/Streamline Legacy Applications
Operations Management - How to improve
• Third party handles computer operations, network operations, application maintenance, and/or other IS functions
• Typically for a specified period of time, e.g., 10 years• Leads to lower costs and frees up IS personnel to focus on
more strategic projects• Recent variation: Application Service Providers (ASPs)• IS departments can underbid outsourcers, if they are doing a
good job
Outsource
Operations Management - How to Improve
Example
Objective: Student arrives at class on time
Metric: ???
Target Value: ???
Metrics are required to determine whether goals are being met
Small Group Discussion
• Performance?
• Reliability (outages)?
• Security management?
• Incident management (i.e., responding to problems)?
• Schedule execution (i.e., batch runs)?
Identify metrics and targets for each of the SLA service types below:
Trend: ROI Optimization
Example: GM now runs on 80 Lotus Notes servers instead of 300 and has halved the array of software products used to run operations
Many companies refocusing their technology spending on solutions that consolidate and optimize existing infrastructure and squeeze out a better return on investment
Trend: Increased Need for Storage Management
• email proliferation• explosion of multimedia content• business continuity
– multiple copies of data on the network
• trend to network attached storage
Trend: Automatic Systems Management
• Computer Associates• IBM• HP• Microsoft
Managing IT in a way that’s pegged to a company’s demand for computing power
Topic Duration
• Recap last week 15 minutes
• Operations management 60 minutes
• *** Break 15 minutes
• Operations management 45 minutes
• Quiz 15 minutes
• Assignment 3 5 minutes
• End user training 30 minutes
Today’s agenda
Topic Duration
• Recap last week 15 minutes
• Operations management 60 minutes
• *** Break 15 minutes
• Operations management 45 minutes
• Quiz 15 minutes
• Assignment 3 5 minutes
• End user training 30 minutes
Today’s agenda
Topic Duration
• Recap last week 15 minutes
• Operations management 60 minutes
• *** Break 15 minutes
• Operations management 45 minutes
• Quiz 15 minutes
• Assignment 3 5 minutes
• End user training 30 minutes
Today’s agenda
Business Process Reengineering (BPR)
• Use of technology to change specific business processes
• Typical goals:– Cost reduction– Time reduction– Increased quality of outcome
• Example: Ford reengineers purchasing/accounts payable, eliminating need for vendor invoices
Enterprise Resource Planning (ERP)
• Packaged application software to address common business functions
• Some customization through switches and parameters, but NO changes to core application
• Emphasis is on changing the business to what the ERP does, not on changing the ERP
• Tight integration among modules and data
• Rich functionality
• Process orientation: Streamline processes
BPR vs. ERP
BPR ERP
Business processimpact
Software deliveryapproach
Software upgraderesponsibility
Biggest challenge
Radically redesignprocess
Use process imposedby package
Mostly custom Package
Enterprise Vendor
Adoption by the enterprise
Adoption by the enterprise
Human Resource Impacts of BPR and ERP
Both BPR and ERP are high risk projects that frequently fail to live up to expectations
Process Tech
People
• Lack of visible leadership/sponsorship• Lack of adequate training• Lack of communication• Death by 1000 initiatives• New/Changed roles not implemented• New/Changed incentives/rewards not implemented
End User Training
• Helps to overcome resistance to change
• Boosts productivity
• More knowledgeable and effective workers
• Drives down support costs
– help desk support
– support from colleagues
• Increases self-worth, confidence, morale, retention
Benefits
End User Training
• Third-Party Training Classes
• In-House Training Classes
• Traditional Self-Study
• Computer-Based Training
• Web-based training
• Video-based training (“highly animated cave paintings”)
Major Types of Training
Small Group Discussions
• Third-Party Training Classes
• In-House Training Classes
• Traditional Self-Study
• Computer-Based Training
• Web-based training
• Video-based training
List Advantages and Disadvantages of Each:
End User Training
• eLearning
• Executive education
• Integrated performance support (e.g., online help)
• Management training
• Mentoring, coaching
Other Types of Training
User training and total cost of ownership
Increasesuser productivity/effectiveness
Increasestotal costof ownership
Decreasestotal costof ownership
Decreasesuser productivity/effectiveness
• Process-related, rather than application-specific training
• Additional software functionality (new or existing software)
• Providing FAQ’s from the help desk
• Training new users
• Retraining existing users on functionality they have forgotten
• Not providing any training• Providing training at the
wrong time• Providing ineffective training• Replacing software with
same level of functionality • Providing functionality not
required by user
Source: Gartner
• Management training• Customer service training• Communication skills training (e.g., presentations,
writing)
Training
IT Training Emphasis
Training
• What is the relationship between end user training costs and graphical user interfaces (GUIs)?
• What is the impact of distributed systems on training of user support personnel (do they require more or less training)?
• Should an organization provide training in areas not directly applicable to a person’s job responsibilities (e.g., provide training on web page publishing)?
Questions for Discussion