Tutorial on Service Level Management in e- Infrastructures State of the Art and Future Challenges. The FedSMProject Thomas Schaaf & Owen Appleton

Tutorial on Service Level Management in e- Infrastructures State of the Art and Future Challenges The FedSMProject Thomas Schaaf & Owen Appleton

Contents IntroducCon Background: why ITSM in e- Infrastructure? ITSM basics: delivering value ITSM frameworks and standards Resources

Contents IntroducCon Background: why ITSM in e- Infrastructure? ITSM basics: delivering value ITSM frameworks and standards Resources

IntroducCon Purpose of this tutorial Describe the tradiconal IT Service Management (ITSM) approaches used in the commercial sector Suggest how they can be of interest in e- Infrastructure

Contents IntroducCon Background: why ITSM in e- Infrastructure? ITSM basics: delivering value ITSM frameworks and standards Resources

Background e- Infrastructure has become increasingly mature in the last decade Academic beginnings Research projects, experimental uses at first Increasing produccon use Moving toward sustainable models Moving beyond EC backing invites comparisons to other technologies Cloud compucng has clearer business models HPC has more concrete unique use case

Background Service Management in Grid Infrastructures All services are managed somehow Everyone does service management, whatever they call it Most services are managed by people who are not experts in service provisioning Services in academia are not operated in the same way as the commercial sector Best effort or loosely formalized approaches are common and appropriate for many services e- Infrastructure complexity is too high for best effort to be a long term, scalable and sustainable opcon

Background Service management among compectors HPC has quite clearly defined service levels, but this is achievable at a single site Clouds are more commercial products Offered by major firms Involves ITSM that appears to be commercial grade but is actually very weak in terms of service guarantees Customers have opcons Increasing availability of clouds Currently if not always the best technical opcon Local resources are simpler if less effeccve

Contents IntroducCon Background: why ITSM in e- Infrastructure? ITSM basics: delivering value Why ITSM Service & Value What is ITSM Key facts & QuesCon Policies, Processes & Procedures Process OrientaCon Example: Incident management Planning & allocacng responsibilices ITSM frameworks and standards Resources

Motivation: IT Service Management (ITSM) Why IT Service Management? About 80% of all service outages originate from people and process issues Duration of outages and degradations significantly dependent on non-technical factors IT Service Management aims at providing high quality IT services meeting customers and users expectations by defining and installing management processes covering all aspects of managing the service lifecycle: Planning Roll-out and delivery Operational support Changing and improving 10 Reasons for service outages [Gartner, 2001]

Service and Value Service can be defined as a means of delivering value to customers by supporting them in achieving their goals ( without the customer being responsible for the specific costs and risks associated with the service.) Definition according to [OGC/ITIL, 2007] What is value from a customer/business perspective? Utility Warranty Value 11 Why would a customer be interested in the service? How can the provider guarantee to meet the agreed quality? Subject to Service Level Agreements (SLAs)

What is (IT) Service Management? Definition according to ISO/IEC 20000-1, 3.30 Service Management (1): Set of capabilities and processes to direct and control the service provider's activities and resources for the design, transition, delivery and improvement of services to fulfill the service requirements cf. ISO/IEC 20000-1:2011, p. 6 Definition according to ITIL Service Management (2): Service management is a set of specialized organizational capabilities for providing value to customers in the form of services. The capabilities take the form of functions and processes for managing services over a lifecycle, with specializations in strategy, design, transition, operation, and continual improvement. The capabilities represent a service organization's capacity, competency, and confidence for action. The act of transforming resources into valuable services is at the core of service management. cf. ITIL Service Strategy, p. 15 12

What is (IT) Service Management? Service management is: Organizational capabilities Processes needed to provide a good service Understanding the value of the services provided Doing everything needed to meet (agreed) requirements Involving people, creating awareness, clarifying responsibilities, defining interfaces Continual improvement Service management is not: Buying a new tool Marketing 13

ITSM: 5 Key Facts 1. ITSM means: Alignment of IT service operations to the customers' needs. 2. ITSM means: A process approach in delivering and supporting IT services. 3. ITSM supports a consistent terminology, avoiding bad communication and lack of understanding. 4. ITSM requires the provider to understand the requirements of his customers. 5. There are various frameworks and standards providing guidance around ITSM. 14

ITSM: 5 Key Facts à Resulting questions 1. Who is my 'customer'? 2. What are the processes I need to handle? 3. What is my understanding of service? (And does this fit to the customer's?) 4. What are the essential requirements that I must fulfill? 5. Which ITSM framework / approach is most suitable for me? 15

Important "Elements" of ITSM Policies: General guidelines and objectives Processes: Sets of interrelated activities that convert inputs into outputs Procedures: Specified ways to perform activities Plans People (human resources) Tools (software) Other resources: technology, budgets,...

Policies, processes, procedures e.g. Incident handling policy, change policy, security policy Policy 1. Abc def ghijk. 2. Abc def ghijk. 3. Abc def ghijk. 4. Abc def ghijk. Definition level Top Management Process Owner Process: Inputs e.g. Incident Management, Change Management, Security Management, Activities and roles Control level Process Manager Process teams Outputs Person (in a role) applies Procedures e.g. procedures for classifying and prioritizing incidents Operational level Departments Functions Persons

Why process-orientation? Characteristics of well-defined processes: Interrelated activities Clearly defined interfaces Measurable and repeatable results Basic idea of a process approach in Service Management: Control of arising tasks through processes and procedures Thus: Better alignment to objectives Standardization of processes and procedures as well as use of tools Clear authorities/responsibilities Increase of effectiveness and efficiency 18

What is a process? Process: Definition according to ISO/IEC 20000-1, 3.21 & ISO 9000 Set of interrelated or interaccng accvices which transforms inputs into output. cf. ISO/IEC 20000-1:2011, p. 5 Exemplary business process flow: 19

Benefits from a process approach in ITSM Higher effeccveness and efficiency of IT operacons Customer orientacon, alignment to business objeccves Beher communicacon Improved knowledge management Less failures and related incidents CompeCCve advantages Improved risk management 20

Risks / challenges of a process approach in ITSM OperaCons become too bureaucracc, too much paperwork Lower effeccveness and efficiency of IT operacons, if... Employees are insufficiently informed/trained/aware of processes and measures Lack of commitment from senior management Important tasks performed beyond the management system, processes are undermined Successful implementacon of IT Service Management is highly dependent on the acceptance by the people involved, including staff and decision takers. 21

Components of a process description 1. Objective of the process 2. Input into the process 3. Output (desired result) of the process 4. Activities 5. Roles and responsibilities 6. Success factors and key performance indicators (KPIs) 7. Interfaces to other processes 22

Example: Incident Management 1. Objective: Restore agreed service to the customer as soon as possible, minimize disruption to the business 2. Input: Event or notification (e.g., through user) indicating the occurrence of an incident 3. Output: Incident resolved, service restored, plus complete incident record 4. Activities: Logging Classification + Prioritization First level support Functional and/or hierarchical escalation Resolution Closure 23

Example: Incident Management 5. Roles and responsibilities: Process Owner Incident Manager Major Incident Coordinator Agent User Customer 6. Success factors and key performance indicators (KPIs): First line resolution ration (per category, priority, ) Average resolution time (per category, priority, ) Amount of SLA violations (and their impact) 7. Interfaces to other processes: à see later 24

Basic roles within each process Process owner: Overall accountability for the process (ojen for more than one process) Defines goals and policies, enforces the achievement of these goals Has got sufficient authority (usually a member of the top management level) AllocaCng/Approving of resources Process manager: Responsible for the effeccveness and efficiency of the encre process with the resources provided/available May take over (important) operaconal tasks in the process Reports to the process owner Process staff/team member: Responsible for the execucon of specific process accvices Escalates excepcons hierarchically to the process manager Usually several process staff/team members per process 25

Planning and allocacng responsibilices For planning and allocacng responsibilices within a process, a RACI matrix is recommended. Responsible: Responsible for the (operaconal) implementacon Accountable: Accountable for results and achievements Consulted: Invited to consult on certain accvices Informed : Informed of accvices and their results Role 1 Role 2 Role 3 AcCvity 1 R AC AcCvity 2 I R A AcCvity 3 I C AR 26

CreaCng a RACI matrix Rows represent different accvices (also: processes, procedures, documents, etc.) Columns represent different roles or persons (also: funccons, groups, teams, etc.) Per row usually at least one role / person responsible exactly one role / person accountable none, one or more roles / persons consulted or informed Possible combinacons, for example: AR: accountable and responsible at the same Cme AI: accountable and informed at the same Cme AC: accountable and consulted at the same Cme CI: consulted and informed at the same Cme 27

Typical carriers of responsibility FuncCon: number of people, resources and tools supporcng a process or an accvity Department: part of the organizaconal hierarchy of a company/ organizacon Division: several departments related geographically or with respect to a product Group: people performing similar accvices Team: formal group, directed towards the achievement of one or more defined objeccves Role: logical concept that relates responsibilices, accvices or behaviours to a person, a team, a group, or a funccon 28

Tools to effeccve communicacon Create a communicacon plan for communicacng processes, responsibilices and changes! Possible / main contents of the communicacon plan: Who informs? à InformaCon bearer Who will know about? à InformaCon receiver About what exactly? à InformaCon / message When and how ojen? à Timing / frequency In what form? à CommunicaCon medium How is success of communicacon measured? à Measurement / evaluacon A communicacon strategy is useful to define generally in which cases and which ways, by whom and how informacon has to be delivered 29

Contents IntroducCon Background: why ITSM in e- Infrastructure? ITSM basics: delivering value ITSM frameworks and standards Important Frameworks & Standards Overview ITIL ISO/IEC 20000 COBIT Common myths Resources

Important IT Management Frameworks & Standards TOM etom SID ISO 9000 ISO/IEC 27000 BS 15000 ISO/IEC 20000 Telecommunications Management Quality Management ITIL V2 ITIL V3 IT Service Management Software Engineering: Maturity Model COBIT MOF Adoption of key concepts CMM CMMI Successor ISO/IEC 15504 31

Important IT Management Frameworks & Standards TOM etom SID ISO 9000 ISO/IEC 27000 BS 15000 ISO/IEC 20000 Telecommunications Management Quality Management ITIL V2 ITIL V3 (IT) Service Management Software Engineering: Maturity Model COBIT MOF Adoption of key concepts Successor CMM ISO/IEC 15504 CMMI 32

IT Management Frameworks An Overview ISO/IEC 20000 33 IT Infrastructure Library Number of books with "Good Practice" in IT Service Management Slogan: "the key to managing IT services" Descriptions of key principles, concepts and processes in ITSM ISO/IEC 20000 International standard for managing and delivering IT services Defines the minimum requirements on ITSM Control Objectives for Information and Related Technologies IT Governance framework Specifies control objectives, metrics, maturity models Most popular and widespread framework Not a "real" standard, but often related to as "de-facto standard" 5 books edited and released by the British OGC Developed by a joint committee of ISO and IEC Based on ITIL Auditable, certifiable Developed by ISACA can be combined with ITIL and ISO/IEC 20000

Overview and Key Facts Set of books with recommendations and good practices for IT Service Management Goal: Description of management processes and supporting concepts Slogan: "The key to managing IT services" Often considered as the "de-facto standard" for ITSM Service-lifecycle-based approach (from version 3) Editor: OGC (Office of Government Commerce, UK) Application domain / recipients: (IT) Service providers (internal or external) Independent from their organizational form or setup Form of publication: Books 34

Structure 5 lifecycle phases (for each stage: one identically named core publication): Service Strategy Service Design Service Transition Service Operation Continual Service Improvement Process model consisting of about 30 processes thus, ITIL is more comprehensive and fine-grained than the process model used in ISO/IEC 20000 35

How to use it Important: ITIL is "just good practice". ITIL is not necessarily the "perfect solution". Many organizations implement only 15 to 30 per cent of the ITIL concepts, and still provide good or excellent services. There may also be organization trying to fully implement ITIL still failing to meet customer requirements. When reading ITIL have your bottle of red whine ready. do not think "Impossible, where I am working!" after every sentence. be aware that this is not a scientific approach, but just good practice guidelines collected by some teams of practitioners / authors. 36

Overview of the Core Books Service Strategy Financial Management Service Portfolio Mgmt. Demand Mgmt. Service Design Service Catalogue Mgmt. Service Level Mgmt. Capacity Mgmt. Availability Mgmt. Continuity Mgmt. Service Transition Change Mgmt. Service Asset and Configuration Mgmt. Release and Deployment Mgmt. Service Validation and Testing Service Operation Event Mgmt. Incident Mgmt. Request Fulfillment Problem Mgmt. Access Mgmt. Continual Service Improvement The 7-Step Improvement Process Service Reporting Service Measurement Security Mgmt. Evaluation Supplier Mgmt. Knowledge Mgmt. 37

in 100 seconds The 10 core processes of ITIL and their objectives): Incident Management Problem Management Configuration Management Change Management Release Management Service Level Management Financial Management Capacity Management Continuity Management Availability Management 38 Restore interrupted service as soon as possible Avoid recurrence of incidents by improving infrastructure quality and stability Provide a logical model of the infrastructure and all configuration items (CIs) Ensure all changes are assessed, approved, implemented and reviewed in a controlled manner to avoid unplanned and unintentional effects Deliver, distribute and track one or more changes in a release into the live environment Define, agree, record and manage levels of service by closing SLAs with all customers and OLAs/UCs with internal and external sub-providers Financial control including budgeting, accounting and charging of/for IT services Ensure sufficient capacity to meet the current and future agreed demands Ensure continuity of the most critical systems and services after a disaster event Ensure that agreed service availability commitments can be met

ITIL (good practice) vs. ISO/IEC 20000 (standard) 24 pages total (entire standard) ½ page per management process about 1,500 pages total (entire framework) 10-20 pages per management process 39

ISO/IEC 20000 Overview and Key Facts International Standard for IT Service Management Goal: Provide general minimum requirements for service management including definitions of 37 important terms including requirements for the 13 most important service management processes Editor: Joint committee of ISO and IEC Application domain / recipients: (IT) Service providers (internal or external) Independent from their organizational form or setup Form of publication: Electronically (PDF) or in print 40

Context of ISO/IEC 20000 ISO/IEC 20000 SpecificaCon ISO/IEC 20000-1 PART 1: SHALL/MUST-HAVEs à Minimum requirements à Checklists ISO/IEC 20000 Code of PracCce ISO/IEC 20000-2 PART 2: SHOULD-HAVEs à Extensions of part 1 à Optional recommendations BEST PRACTICE Quality Management 41 Frameworks & standards: IT Service Management (e.g. ITIL, MOF, COBIT), Quality Management acc. to ISO 9000 FRAMEWORKS & STANDARDS à Best Practices à QM foundations

ISO/IEC 20000: Structure and process framework [1] Scope [2] Normative references [3] Terms and definitions [4] Service management system general requirements [5] Design and transition of new or changed services [6] Service delivery processes Capacity management Service continuity and availability management [8] Resolution processes Service level management Service reporting [9] Control processes Configuration management Change management Release and deployment management Information security management Budgeting and accounting for services [7] Relationship processes Incident and service request management Problem management Business relationship management Supplier management 42

Key principles in quality management ISO/IEC 20000 is based on the key principles in Quality Management as described by ISO 9004: Customer Focus Leadership Involvement of People Process Approach System Approach Continual Improvement Factual Approach to Decision Making Mutually Beneficial Relationships 43

InterrelaCon: ISO/IEC 20000 and ISO 9000 ISO/IEC 20000 is based on the key principles in Quality Management as described by ISO 9004: Foundations of Quality Management Basic priciples Building a Quality Management System Applicable for all organizations/domains ISO 9000 ISO/IEC 20000 Focus: IT Service Management Basic terms, concepts, processes,... Buidling an IT Service Management System Applicable for IT Service providers 44

ISO/IEC 20000: Summary InternaConal standard for IT service providers Process approach in IT Service Management Based on... Best PracCces in IT Service Management (as described e.g. in ITIL ) Key principles in Quality Management (as described in ISO 9000) Consists of two parts: ISO/IEC 20000-1: SpecificaCon / Minimum requirements ISO/IEC 20000-2: Code of PracCce 45

COBIT Overview and Key Facts Framework for IT Governance Goal: Transparent and consistent governance standards through all IT-relevant processes, including... defined metrics to measure effectiveness and efficiency maturity models Editor: ISACA/ITGI (Information Systems Audit and Control Association, IT Governance Institute) Application domain / recipients: Top management and decision makers of IT service providers (internal or external) Independent from their organizational form Form of publication: Electronically (PDF), provided under http://www.isaca.org/cobit 46

COBIT Structure 34 processes, structured along four lifecycle phases: Plan and Organize (PO) Acquire and Implement (AI) Deliver and Support (DS) Monitor and Evaluate (ME) For each process: High level control objective Detailed control objectives Management guidelines Maturity model 47

COBIT High Level Control Objectives Monitor and Evaluate (ME) Plan and Organize (PO) Deliver and Support (DS) Acquire and Implement (AI) 48

The 5 most common myths around ITSM 1. ITSM is about buying or developing fancy tools. 7 2. ITSM means: Everything changes. 7 3. ITSM reduces costs. 7 4. ITSM is only about having some SLAs and dealing with incidents. 7 5. ITSM means: Customers and users are happy. 7 49

Contents IntroducCon Background: why ITSM in e- Infrastructure? ITSM basics: delivering value ITSM frameworks and standards Resources

Resources ITIL ISO/IEC 20000 ISO/IEC 27000 CMMI COBIT gslm Roadmap / Maturity Model / assessment tool (www.gslm.eu/results)

More informacon Keep up to date Twiher @FedSM_project Contact: info@fedsm.eu Dr Thomas Schaaf, FedSM Project Director, schaaf@nm.ifi.lmu.de