Tutorial: Towards better managed Grids. IT Service Management best practices based on ITIL

Tutorial: Towards better managed Grids. IT Service Management best practices based on ITIL EGI Technical Forum 2011, Lyon (France) September 22, 2011 Dr. Thomas Schaaf www.gslm.eu EMERGENCE TECH LTD. The gslm project is supported and funded by the Seventh Framework Programme of the European Commission (2007-2013) Coordination and Support Action

About this handout Thank you for attending this tutorial at the EGI Technical Forum 2011! Please visit http://www.gslm.eu to learn more about Service Management in Grids. Please note: Due to copyright reasons, some slides and contents showed during the tutorial are not included in this set of slides. 2

Agenda IT Service Management An introduction ITIL ISO/IEC 20000 COBIT Summary 3

Goals of this tutorial This tutorial will provide a general introduction to (IT) Service Management explain the key ideas behind a process approach for (IT) Service Management give an overview and insights to ITIL and the related standards / frameworks ISO/IEC 20000 and COBIT 4

Agenda IT Service Management An introduction Motivation Service and value 5 Key facts Policies, processes, procedures Important IT service management standards and frameworks ITIL ISO/IEC 20000 COBIT Summary 5

Motivation: IT Service Management (ITSM) Why IT Service Management? About 80% of all service outages originate from people and process issues Duration of outages and degradations significantly dependent on non-technical factors IT Service Management aims at providing high quality IT services meeting customers and users expectations by defining and installing management processes covering all aspects of managing the service lifecycle: Planning Roll-out and delivery Operational support Changing and improving Reasons for service outages [Gartner, 2001] 6

Service and Value Service can be defined as a means of delivering value to customers by supporting them in achieving their goals ( without the customer being responsible for the specific costs and risks associated with the service.) Definition according to [OGC/ITIL, 2007] What is value from a customer/business perspective? Utility Warranty Value Why would a customer be interested in the service? How can the provider guarantee to meet the agreed quality? Subject to Service Level Agreements (SLAs) 7

What is (IT) Service Management? Service Management (1): Definition according to ISO/IEC 20000-1, 3.30 Set of capabilities and processes to direct and control the service provider's activities and resources for the design, transition, delivery and improvement of services to fulfill the service requirements cf. ISO/IEC 20000-1:2011, p. 6 Service Management (2): Definition according to ITIL Service management is a set of specialized organizational capabilities for providing value to customers in the form of services. The capabilities take the form of functions and processes for managing services over a lifecycle, with specializations in strategy, design, transition, operation, and continual improvement. The capabilities represent a service organization's capacity, competency, and confidence for action. The act of transforming resources into valuable services is at the core of service management. cf. ITIL Service Strategy, p. 15 8

What is (IT) Service Management? Service management is: Organizational capabilities Processes needed to provide a good service Understanding the value of the services provided Doing everything needed to meet (agreed) requirements Involving people, creating awareness, clarifying responsibilities, defining interfaces Service management is not: Buying a new tool Marketing 9

ITSM: 5 Key Facts 1. ITSM means: Alignment of IT service operations to the customers' needs. 2. ITSM means: A process approach in delivering and supporting IT services. 3. ITSM supports a consistent terminology, avoiding bad communication and lack of understanding. 4. ITSM requires the provider to understand the requirements of his customers. 5. There are various frameworks and standards providing guidance around ITSM. 10

ITSM: 5 Key Facts Resulting questions 1. Who is my 'customer'? 2. What are the processes I need to handle? 3. What is my understanding of service? (And does this fit to the customer's?) 4. What are the essential requirements that I must fulfill? 5. Which ITSM framework / approach is most suitable for me? 11

Important "Elements" of ITSM Policies: General guidelines and objectives Processes: Sets of interrelated activities that convert inputs into outputs Procedures: Specified ways to perform activities Plans People (human resources) Tools (software) Other resources: technology, budgets,...

Policies, processes, procedures e.g. Incident handling policy, change policy, security policy Policy 1. Abc def ghijk. 2. Abc def ghijk. 3. Abc def ghijk. 4. Abc def ghijk. Definition level Top Management Process Owner Process: Inputs e.g. Incident Management, Change Management, Security Management, Activities and roles Control level Process Manager Process teams Outputs Person (in a role) applies Procedures e.g. procedures for classifying and prioritizing incidents Operational level Departments Functions Persons

Why process-orientation? Characteristics of well-defined processes: Interrelated activities Clearly defined interfaces Measurable and repeatable results Basic idea of a process approach in Service Management: Control of arising tasks through processes and procedures Thus: Better alignment to objectives Standardization of processes and procedures as well as use of tools Clear authorities/responsibilities Increase of effectiveness and efficiency 14

Components of a process description 1. Objective of the process 2. Input into the process 3. Output (desired result) of the process 4. Activities 5. Roles and responsibilities 6. Success factors and key performance indicators (KPIs) 7. Interfaces to other processes 15

Example: Incident Management 1. Objective: Restore agreed service to the customer as soon as possible, minimize disruption to the business 2. Input: Event or notification (e.g., through user) indicating the occurrence of an incident 3. Output: Incident resolved, service restored, plus complete incident record 4. Activities: Logging Classification + Prioritization First level support Functional and/or hierarchical escalation Resolution Closure 16

Example: Incident Management 5. Roles and responsibilities: Process Owner Incident Manager Major Incident Coordinator Agent User Customer 6. Success factors and key performance indicators (KPIs): First line resolution ration (per category, priority, ) Average resolution time (per category, priority, ) Amount of SLA violations (and their impact) 7. Interfaces to other processes: see later 17

Important IT Management Frameworks & Standards TOM etom SID ISO 9000 ISO/IEC 27000 BS 15000 ISO/IEC 20000 Telecommunications Management Quality Management ITIL V2 ITIL V3 IT Service Management Software Engineering: Maturity Model COBIT MOF Adoption of key concepts CMM CMMI Successor ISO/IEC 15504 Service Delivery & Service Level Management in Grid Infrastructures (gslm) 18

Important IT Management Frameworks & Standards TOM etom SID ISO 9000 ISO/IEC 27000 BS 15000 ISO/IEC 20000 Telecommunications Management Quality Management ITIL V2 ITIL V3 (IT) Service Management Software Engineering: Maturity Model COBIT MOF Adoption of key concepts CMM CMMI Successor ISO/IEC 15504 19

IT Management Frameworks An Overview ISO/IEC 20000 IT Infrastructure Library Number of books with "Good Practice" in IT Service Management Slogan: "the key to managing IT services" Descriptions of key principles, concepts and processes in ITSM ISO/IEC 20000 International standard for managing and delivering IT services Defines the minimum requirements on ITSM Control Objectives for Information and Related Technologies IT Governance framework Specifies control objectives, metrics, maturity models Most popular and widespread framework Not a "real" standard, but often related to as "de-facto standard" 5 books edited and released by the British OGC Developed by a joint committee of ISO and IEC Based on ITIL Auditable, certifiable Developed by ISACA can be combined with ITIL and ISO/IEC 20000 20

Agenda IT Service Management An introduction Motivation Service and value 5 Key facts Policies, processes, procedures Important IT service management standards and frameworks ITIL ISO/IEC 20000 COBIT Summary 21

Overview and Key Facts Set of books with recommendations and good practices for IT Service Management Goal: Description of management processes and supporting concepts Slogan: "The key to managing IT services" Often considered as the "de-facto standard" for ITSM Service-lifecycle-based approach (from version 3) Editor: OGC (Office of Government Commerce, UK) Application domain / recipients: (IT) Service providers (internal or external) Independent from their organizational form or setup Form of publication: Books 22

Structure 5 lifecycle phases (for each stage: one identically named core publication): Service Strategy Service Design Service Transition Service Operation Continual Service Improvement Process model consisting of about 30 processes thus, ITIL is more comprehensive and fine-grained than the process model used in ISO/IEC 20000 23

How to use it Important: ITIL is "just good practice". ITIL is not necessarily the "perfect solution". Many organizations implement only 15 to 30 per cent of the ITIL concepts, and still provide good or excellent services. There may also be organization trying to fully implement ITIL still failing to meet customer requirements. When reading ITIL have your bottle of red whine ready. do not think "Impossible, where I am working!" after every sentence. be aware that this is not a scientific approach, but just good practice guidelines collected by some teams of practitioners / authors. 24

Overview of the Core Books Service Strategy Financial Management Service Portfolio Mgmt. Demand Mgmt. Service Design Service Catalogue Mgmt. Service Level Mgmt. Capacity Mgmt. Availability Mgmt. Continuity Mgmt. Service Transition Change Mgmt. Service Asset and Configuration Mgmt. Release and Deployment Mgmt. Service Validation and Testing Service Operation Event Mgmt. Incident Mgmt. Request Fulfillment Problem Mgmt. Access Mgmt. Continual Service Improvement The 7-Step Improvement Process Service Reporting Service Measurement Security Mgmt. Evaluation Supplier Mgmt. Knowledge Mgmt. Service Delivery & Service Level Management in Grid Infrastructures (gslm) 25

in 100 seconds The 10 core processes of ITIL and their objectives): Incident Management Restore interrupted service as soon as possible Problem Management Configuration Management Change Management Release Management Service Level Management Financial Management Capacity Management Continuity Management Availability Management Avoid recurrence of incidents by improving infrastructure quality and stability Provide a logical model of the infrastructure and all configuration items (CIs) Ensure all changes are assessed, approved, implemented and reviewed in a controlled manner to avoid unplanned and unintentional effects Deliver, distribute and track one or more changes in a release into the live environment Define, agree, record and manage levels of service by closing SLAs with all customers and OLAs/UCs with internal and external sub-providers Financial control including budgeting, accounting and charging of/for IT services Ensure sufficient capacity to meet the current and future agreed demands Ensure continuity of the most critical systems and services after a disaster event Ensure that agreed service availability commitments can be met Service Delivery & Service Level Management in Grid Infrastructures (gslm) 26

A look inside (Service Level Management) (Content removed due to copyright reasons.) 27

A look inside (Incident Management) (Content removed due to copyright reasons.) 28

Interfaces 29

ITIL (good practice) vs. ISO/IEC 20000 (standard) 24 pages total (entire standard) ½ page per management process about 1,500 pages total (entire framework) 10-20 pages per management process Service Delivery & Service Level Management in Grid Infrastructures (gslm) 30

Agenda IT Service Management An introduction Motivation Service and value 5 Key facts Policies, processes, procedures Important IT service management standards and frameworks ITIL ISO/IEC 20000 COBIT Summary 31

ISO/IEC 20000 Overview and Key Facts International Standard for IT Service Management Goal: Provide general minimum requirements for service management including definitions of 37 important terms including requirements for the 13 most important service management processes Editor: Joint committee of ISO and IEC Application domain / recipients: (IT) Service providers (internal or external) Independent from their organizational form or setup Form of publication: Electronically (PDF) or in print 32

Terms defined by the standard 1. Availability 2. Configuration baseline 3. Configuration item (CI) 4. Configuration management database (CMDB) 5. Continual improvement 6. Corrective action 7. Customer 8. Document 9. Effectiveness 10.Incident 33

Terms defined by the standard 11.Information security 12.Information security incident 13.Interested party 14.Internal group 15.Known error 16.Nonconformity 17.Organization 18.Preventive action 19.Problem 20.Procedure 34

Terms defined by the standard 21.Process 22.Record 23.Release 24.Request for change 25.Risk 26.Service 27.Service component 28.Service continuity 29.Service level agreement (SLA) 30.Service management 35

Terms defined by the standard 31.Service management system (SMS) 32.Service provider 33.Service request 34.Service requirement 35.Supplier 36.Top management 37.Transition 36

ISO/IEC 20000: Structure and process framework [1] Scope [2] Normative references [3] Terms and definitions [4] Service management system general requirements [5] Design and transition of new or changed services [6] Service delivery processes Capacity management Service level management Service reporting Information security management Service continuity and availability management [8] Resolution processes [9] Control processes Configuration management Change management Release and deployment management Budgeting and accounting for services [7] Relationship processes Incident and service request management Problem management Business relationship management Supplier management 37

A look inside (Terms and definitions) (Content removed due to copyright reasons.) 38

A look inside (Service Level Management) (Content removed due to copyright reasons.) 39

A look inside (Incident Management) (Content removed due to copyright reasons.) 40

Agenda IT Service Management An introduction Motivation Service and value 5 Key facts Policies, processes, procedures Important IT service management standards and frameworks ITIL ISO/IEC 20000 COBIT Summary 41

COBIT Overview and Key Facts Framework for IT Governance Goal: Transparent and consistent governance standards through all IT-relevant processes, including... defined metrics to measure effectiveness and efficiency maturity models Editor: ISACA/ITGI (Information Systems Audit and Control Association, IT Governance Institute) Application domain / recipients: Top management and decision makers of IT service providers (internal or external) Independent from their organizational form Form of publication: Electronically (PDF), provided under http://www.isaca.org/cobit 42

COBIT Structure 34 processes, structured along four lifecycle phases: Plan and Organize (PO) Acquire and Implement (AI) Deliver and Support (DS) Monitor and Evaluate (ME) For each process: High level control objective Detailed control objectives Management guidelines Maturity model 43

COBIT High Level Control Objectives Monitor and Evaluate (ME) Plan and Organize (PO) Deliver and Support (DS) Acquire and Implement (AI) 44

A look inside (Service Level Management) (Content removed due to copyright reasons.) 45

A look inside (Incident Management) (Content removed due to copyright reasons.) 46

Agenda IT Service Management An introduction Motivation Service and value 5 Key facts Policies, processes, procedures Important IT service management standards and frameworks ITIL ISO/IEC 20000 COBIT Summary 47

The 5 most common mistakes around ITSM 1. ITSM is about buying or developing fancy tools. 7 2. ITSM means: Everything changes. 7 3. ITSM reduces costs. 7 4. ITSM is only about having some SLAs and dealing with incidents. 7 5. ITSM means: Customers and users are happy. 7 48

gslm: An EC-funded FP7 Project Core objectives of gslm: Foster the cross-disciplinary scientific exchange between the Grid and the IT Service Management communities Initiate and hold regular meetings and public workshops on the management of e- Infrastructures (Grids). Produce a scientific roadmap as a basis for future developments and research efforts. Key facts: Start date: 2010-09-01 Duration: 24 months Total budget: 475,000 EUR Web site: www.gslm.eu Consortium/participants: EMERGENCE TECH LTD. Service Management in the EGI ecosystem (@EGI TF 2011) 49

gslm: An EC-funded FP7 Project Grid Community Expertise in building and operating Grids Scope of gslm: Bring together Grid experts and experts in IT Service Management in order to adopt and adapt IT Service Management methods and technologies for e-infrastructures like Grid environments. IT Service Management Community Expertise in managing distributed information technology services Service Management in the EGI ecosystem (@EGI TF 2011) 50

gslm: Vision A roadmap that describes the potential (and/or non-potential) of applying ITSM concepts in Grids. a gap analysis showing where ITSM-related concepts have already been implemented in Grids and to which degree of success. recommendations on how to establish ITSM in Grids in the future. gslm will provide among others: Guidance and recommendations on SLM and SDM in Grids in a "good practice" fashion (NOT limited to or focused on a specific Grid Initiative, but generally applicable)... www.gslm.eu Service Management in the EGI ecosystem (@EGI TF 2011) 51