Using ITILv3 Methodology for Implementing New E-mail Services in Operator for Producing and Distributing Electrical Energy 1 Selma Kovacevic, 2 Fahrudin Orucevic 1 Public Enterprise, Electrical Power Industry, Sarajevo, Vilsonovo setaliste 15, 71000 Sarajevo, Bosnia nad Hercegovina 2 ALEM Sistem, Chief Operating Officer, Podgaj 14, 71000 Sarajevo, Bosnia and Hercegovina 1 se.kovacevic@elektroprivreda.ba, 2 fahrudin.orucevic@alemsistem.com.ba Abstract. This paper proposes and discusses one case study of using ITIL methodology in implementing new services in operator for producing and distributing electrical energy. Specifically, this paper describes methods for consolidating an existing e-mail system and implementing a new e-mail system. For sucessfull implementation of any new IT service, it is necessary to implement IT service lifecycle described in ITILv3 methodology. IT Service lifecycle contains five phases: Service Strategy, Service Design, Service Transition, Service Operation and Continual Service Improvement, each of them including its own processes and functions. Keywords. ITILv3, Service Strategy, Service Design, Service Transition, Service Operation, Continual Service Improvement, Service Lifecycle, Continuous Cluster Replication, Network Load Balancing. 1. Introduction ITILv3 (IT Infrastructure Library), also known as Infrastructure Management Services, is defined as a set of concepts and rules for managing infrastructure, development and operations inside information technologies. ITILv3 gives detailed description of important IT practices with detailed written procedures, tasks and metrics which can help IT organizations, as well as IT service providers inside the company. ITILv3 is published as a set of 5 publications. Each of them covers a separate segment of IT Service Management. They are: 1. Service Strategy 2. Service Design 3. Service Transition 4. Service Operation 5. Continual Service Improvement 1. Service Strategy represents central and basic point for implementing ITIL methodology and service lifecycle. Key points that should be covered by service strategy phase are: defining service values, business case, service portfolio, market analysis, request for management and financial assessment. 2. Service Design coveres design of IT service, processes and other aspects of service management. Processes covered by this segment are: Service Level Management, Availability Management, Capacity Management, IT Service Continuity Management, Information Security Management, Supplier Management and Service Catalog Management. 3. Service Transition defines the transition phase between the service design and its implementation in a production environment. Processes covered by this section are: Change Management, Service Asset&Configuration Management and Release&Deployment Management. 4. Service Operation represent one part of a service life cycle in which the service is actually delivered to the customer and becomes available and measurable in a production environment. Processes covered by this section are: Event Management, Incident Management, Problem Management and Access Management. 5.Continual Service Improvement defines needed changes and improvements of service models, with two goals: to improve the quality of service and to accomplish business goals. Also, it is necessary to improve the cost effectiveness and efficiency during the entire service life cycle. 2. Applying ITILv3 methodology in implementing new e-mail system ITILv3 methodology garantees that implementation of service will be a standardized 147 Proceedings of the ITI 2010 32 nd Int. Conf. on Information Technology Interfaces, June 21-24, 2010, Cavtat, Croatia
and tested process controled by authorized persons. One example of using ITILv3 methodology which will be elaborated in this article is consolidation of the existing and implementation a new e-mail system as a part of information system. 2.1. Service Strategy 2.1.1. Defining the current state of e-mail system In this phase it is necessary to define the current state of existing e-mail system, especially its restrictions, faults, disadvantages and problems in everyday operational work and administration. Based on this analysis it is possible to define all the requirements and write up the solution for detected problems. Some of the main problems detected in analysis phase are: Different e-mail applications are used for e-mail communication. Low security level of e-mail system as a result of older versions of Exchange server (MS Exchange Server 2003) and Internet mail server (Postfix with POP3 and SMTP protocols). The absence of adequate mechanisms for archiving e-mail data, which is one of the regulatory rules for archiving data in information system, generally. After current state analysis it is necessary to define all the metrics for measuring the quality of existing services, as well as the metrics for measuring the quality of new services. 2.1.2. Defining the project scope and goals It is necessary to define which part or parts of the information and business system will be included into a new mail system. Some of the goals of new consolidated e-mail system should be: To ensure that all ways of e-mail communication are done over one e-mail application. Implement appropriate antivirus program which should filter all the messages and which shouldn t slow up slow up e-mail communication. Implement appropriate antispam program for all incoming and outcoming messages. Enable delegating of administrative control from the central Windows domain to all child domains. Simplify integration of Exchange server data with line-off-business applications and solutions through new Exchange Web services. Enhance hardware and software cost effectiveness by using x64 architecture and bandwidth-optimized routing algorithms. Enhance administrator productivity, enable easier detecting and solving problems, as well as task automatization. Enhance user productivity. 2.1.3. Defining service portfolio In this phase we define new services that are going to be delivered to customers. They are: Services for sending and receiving e- mail messages over centralized e-mail system (MS Exchange Server 2007), and over one e-mail client application (MS Outlook 2007 or Web browser for Outlook Web Access). Antivirus and antispam security for all e- mail content (messages, address lists, attachments, and other) that is sent over e-mail server. 2.1.4. Market analysis (analysis of technical solutions at the market) In this analysis we make a comparative analysis of technical solutions of leading hardware and software vendors (EMC, HP, IBM, Microsoft, Symantec, TrendMicro, IronPort...), and all this with one goal: to find out all the benefits and imperfections for each of the solution. 2.1.5. Risk analysis Risk analysis should include next steps: Identify all the risks of implementing a new system. Some of the possible risks could be: e-mail losses, inadequate functionality of new e-mail system, unsecurity risks and incompatibility of hardware and software components. Identify potential risk owners (IT administrators can endanger system security and functionality because they 148
have administrator privileges, while end users can also endanger the system if they do not use it regularly). Evaluate the risk (analyse the risk probability, influences that risk has to the system, and define the way how to eliminate the risk). Define the acceptable risk level and calculate overall residual risk (acceptable risk level that we can not eliminate, for example: disaster, social engineering). Describe the ways to act when the risk escalates (accept all the needed system quality procedures which should describe actions in the case of risk escalation). Describe the effects on the system when risk factors actually occur. For example, in the case of e-mail data loss, not only the IT system, but also the business would be dangerous, so the effects on the system will be very deep and difficult to solve. 2.1.6. Financial assesment and Cost benefit analysis In the Cost-benefit analysis (also called the feasibility study) it is necessary to estimate a financial framework for the new project, where we should consider costs of: hardware, software, implementation and education for system administrators, as well as costs of system downtime. The cost benefit analysis should also include the cost of NOT switching (for example, the cost of bringing maintenance inhouse). When we think of a profit, it is necessary to estimate financial benefits, as well as nonmaterial benefits, like: end user satisfaction, company reputation and new marketing opportunities. 2.2. Service Design 2.2.1.Design of the Service Management systems and tools In this phase it is necessary to define what tool will be used for monitoring and managing all the e-mail services. Concrete, we should determine hardware and software vendor tools specialized for monitoring and managing services, like: Exchange Server 2007 console, EMC Symmetrix Management Console, EMC ControlCenter,VMware vcenter, and many others. 2.2.2. Design of the processes needed to undertake and deliver the services It is needed to design all the processes that are going to be covered by new e-mail system. Some of the processes are: sending e-mail, receiving e- mail, e-mail backup, e-mail restore, e-mail archiving, e-mail scanning, hardware and software maintainance and administration, and many others. 2.2.3. Design of the technology architecture Design of the technology architecture includes technical and security design, as well as the availability and reliability design. Technical design should describe design and implementation framework for all the segments belonging to the project. It is necessary to define in details all the hardware and software components needed for sucessfull operations. We should also give detailed technical plan of installation, configuration, testing and integration into the existing system. Fig. 1 gives a schema of architectural design of a new e-mail system. Technology design should include: Solution for implementing and migrating Exchange 2007 infrastructure. Windows domain consolidation of existing Active Directory and Exchange infrastructure. Detailed description of configuration Exchange Server 2007 SP2 with included roles. Virtualization of specific roles in Exchange Server 2007 SP2. Configuration of specific roles in Exchange Server 2007 SP2. Migration of existing mail servers (Exchange Server 2003 and Postfix mail server) to Exchange Server 2007 SP2. Implementation of antivirus/antispam solution (Forefront Security for Exchange Server 2007). 149
realization, as well as to describe the influence this latency has on the realization. 2.3.4. Service Asset & Configuration Management Figure 1. Technology architecture design of new e-mail system 2.3. Service Transition 2.3.1. Implementing and testing the technical solution In this phase it is time to implement project design including: Installing, configuring and testing hardware equipment (Disk Storage system, network and server infrastructure). Installing, tunning and testing the software (VMware vsphere 4.0, Microsoft Exchange Server 2007, Microsoft Forefront Security for Exchange). Compatibility testing of all the system components and service functionalities. Testing should include best-practice analyzers and tools for testing all the implemented features. Some of the tools are: Exchange Server Remote Connectivity Analyzer, Autodiscovery tests, Security Configuration Wizard, Best practice analyzer, Performance testing. 2.3.2. Managing the dynamic of the realization System implementation should be done according to accepted project plan. Project plan should contain all the phases of system implementation with timeline for each of them. It is necessary to document any latency in the For the purpose of adequate service management in e-mail system, it is necessary to give a detailed analysis of all the resources and functions needed for the service operations. These resources are: Infrastructure (hardware, software) Applications (MS Exchange Server 2007, MS Forefront Security for Exchange, VMware vsphere 4.0, EMC Symmetrix Management Console, EMC Control Center). Information (number of disks, free storage space, used storage space, memory capacity, memory usage, CPU speed, CPU performance, disk allocation, Exchange server roles, number of Exchange clients, number of storage groups, address lists, restrictions regarding mailbox size, restrictions regarding mail size). Financial fund (cost of each of the e-mail system components). People (process owners, persons responsible for e-mail service operations, e-mail administrators, e-mail users). Organization (organizational units inside the company). Processes (change management, configuration management, e-mail service support, sending/receiving e- mail, e-mail backuping, e-mail restoring, e-mail archiving, e-mail scanning, e-mail filtering, hardware and software maintainance and administration, system upgrades, e-mail service optimization). Knowledge (accepted and tested methods for configuring and maintaining of all the system components and services, accepted procedures and policies for upgrading and reconfiguring hardware and software capacities of e- mail system). 150
If we consider configuration management, having in mind all the complexity of e-mail system infrastructure, it is recommended to implement central database which will store all the system configurations (Configuration Management Database-CMDB). All the changes made on the configurations, should be logged and stored in CMDB. CMDB should also be connected to other databases used in information systems, and all this for the purpose of data exchange. One of the examples of incident management is pictured on Fig.2, and represents implementation of Continuous Cluster Replication (CCR) technology for ensuring full redundancy in mailbox server operations. 2.3.5. Release & Deployment Management In any e-mail system it is very important to monitor and manage system and application softwares, which includes: firmware and driver packages for hardware components, operating systems (MS Windows 2008 Enterprise or Standard), Exchange server (Exchange Server 2007 Enterprise and Standard), VMware software (VMware vsphere 4.0), Antivirus/antispam software (Symantec 11.0, Microsoft Forefront Security for Exchange), Management software. 2.4. Service Operation 2.4.1. Incident Management We define incident as an unplanned downtime in e-mail system or significantly reduced e-mail service quality. In incident management, it is important to determine matrix with two parameters: impact on system and urgency. Some of the examples of incident management in e-mail system are: Unavailable e-mail system results in disfunctionality of overall e-mail system in organization. High availability of mailbox servers is implemented through one of cluster types supported by Exchange Server 2007 (LCR, CCR, SCC, SCR). Unavailable Client Access servers leads to disfunctionalilty of services which serve external e-mail users. High availability of this service is achieved by implementing Network Load Balancing. Hub Transport server unavailability results in disfunctionality of sending and receiving all the e-mails. Figure 2. Continuous Cluster Replication (CCR) technology in e-mail system 2.4.2. Problem Management Unlike incident management which threats solving urgent incidents in e-mail system, problem management is responsible for cause analysis of incidents and problems, which requires additional time, but gives high-quality and long-term solution. One example of Problem management would be: Mailbox servers fullfill logs extremely fast, which causes e-mail services interruption or downtime. In this case, we need to analyze the situation which causes this incident. Analysis should cover analyzing the operating system (including the system, application and security logs) and Internet sources research. After we determine the root cause, we define the framework for solving the problem. After solving the problem, it is necessary to document the solution, using the Known Error Database (KEDB), as well as to periodically test solution to ensure it is still applicable. 2.4.3. Access Management Access Management in e-mail system is all about security aspect of the e-mail system. Besides functionality of e-mail services, it is very important to ensure needed accuracy and reliability of data exchanged over e-mail infrastructure. This means that it is necessary to verify identity and credentials for each user in e- mail system, as well as to log in all the activities 151
for each user. This also relates to IT administrators whose role in ensuring security request fullfilment is very important. Each IT administrator in e-mail system must have its own administrator account with all the rights defined in details. In the case of any anauthorized access to e-mail system, it is possible to read the access logs and thereby determine the user who eventually tried to endanger the security of the system. There are many different methods, algorythms and protocols that can be used to manage the access to e-mail system. Some of them are: 3DES, AES, SSL i SSH protocols. Public Key Infrastructure for managing certificates that will be used for secure e- mail communication. 2.5. Continual Service Improvement After implementing and testing e-mail system, it is necessary to analyze the realization of goals defined in service strategy. Based on this analysis, we give the proposition for optimizing the existing services or implementing the new one. One of the examples of appropriate improvement of existing e-mail system would be implementing Unified Messaging services for integrated communication over Exchange servers. Unified Messaging enables delivery of e-mail, voice and fax messages into single mailbox, which makes e-mail communication easier and faster. To accomplish an integrated communication, it is enough to have any device or communicator which has Outlook 2007, Outlook Web Access 2007, Exchange ActiveSync or Outlook Voice Access installed. Figure 3. Unified Messaging featares in Exchange Server 2007 infrastructure Other example of improving the quality of existing e-mail services would be implementing system for archiving e-mail data. According to the law regulatory rules and internal procedures for storing data, it is necessary to implement the system for long-term storing and archiving e- mail data. 3. Conslusion IT management has been in transition for some time, from a focus on managing the technology itself to using technology to help a business achieve its strategic objectives. In theory, imposing disciplines on IT processes should improve productivity and make IT more responsive to the business. Many organizations are turning to the ITIL, to accomplish this goal. ITIL, as we can conclude, is defined as a set of concepts and rules for managing infrastructure, development and operations inside information technologies. One of its main goals is to provide structured, flexible guidelines for establishing governance standards around IT service management, which should result in providing better service quality for end user. In this article, we tried to describe the way ITIL helps implementing a new e-mail system and it s services, providing adequate planning, design and implementation including integration with the existing system. ITIL enables the appropriate strategy for new e-mail system and optimal integration with existing system with minimum downtime. End user faced many benefits from new system, including new functionalities and features, and more secure and reliable service delivery. REFERENCES [1] Daniel E. Braswell, W. Ken Harmon. Article Assessing and Preventing Risks from E-mail System Use; 2003. [2] Gary Stoneburner, Alice Goguen, Alexis Feri. Risk Management Guide for Information ManagementSystems;2002. [3] Microsoft Corporation. Exchange Server Product overview. http://www.microsoft.com/exchange/2007/defaul t.mspx[12/28/2009] [4] Logosoft d.o.o. Document of final state for project Consolidation of e-mail system in JP Elektroprivreda BiH d.d.-sarajevo; 2009. 152
[5] Logosoft d.o.o. Technical solution for project Consolidation of e-mail system in JP Elektroprivreda BiH d.d.-sarajevo; 2009. 153
154