Service Management A framework for providing worlds class IT services Barry Corless MISM Slide - 1 Copyright Remarc Technologies Ltd, 2007 These course notes were produced by Remarc Service Management, a division of Remarc Technologies Ltd. All rights reserved. No part of this publication may be reproduced, stored in a retrieval system, or transmitted, in any form or by means, electronic, mechanical, photocopy, recording or otherwise without prior written permission of the publisher. Produced in the UK. Limitations of Liability Whilst every precaution has been taken in the preparation of this documentation, the author and publisher accept no responsibility for errors or omissions, nor for the uses made of the material contained herein and the decisions based on such use. No warranties are made, expressed or implied, with regard the contents of this work, its merchantability, or fitness for a particular purpose. Neither the author nor the publishers shall be liable for direct, indirect, incidental or consequential damages arising out of the use or inability to use the contents of this manual. ITIL is a registered trademark, a registered community trademark of the Office of Government Commerce (OGC) and is registered in the U.S. Patent & Trademark Office. 1
What is a Service? A Service is a means of delivering value to customers by facilitating outcomes that customers want to achieve without the ownership of specific costs & risks. Slide - 2 For example, Users & Customers want to be able to send invoices and store or retrieve customer information (OUTCOMES). Users & Customers would like to able to control what that SERVICE does but they do not want to be accountable for, own, buy or manage hardware, software, support staff or machine rooms (SPECIFIC COSTS & RISKS). Fortunately, this is where the IT Service Provider can help the Business with specialised knowledge, experience and confidence to control these costs and risks. The Business agrees to pay for the SERVICE provided by the IT Service Provider under specific terms and conditions often in the form of a Service Level Agreement (SLA) or Contract. 2
Service Management Service Management is a set of specialised organisational capabilities for providing value to customers in the form of Services. Slide - 3 The capabilities take the form of functions & processes for managing services over a lifecycle. The lifecycle is covered in the ITIL core publications Service Strategy, Service Design, Service Transition, Service Operation and Continual Service Improvement. The act of transforming resources into valuable services is at the core of Service Management. Thought: PC s, network components, application software, training courses, a change process & service desk analysts. On their own they are of no real value to Users or Customers but put them together in a stable service with sufficient capacity to provide value and you are well on your way to providing Service Management. 3
Good Practice Standards Industry Practice Academic Research Training and Education Internal Experience Employees Customers Suppliers Advisors Technologies Competition Compliance Commitments Knowledge to achieve Business Objectives Slide - 4 Good Practice results from a combination of effects. Public frameworks and standards (such as ITIL) are attractive when compared with proprietary knowledge deeply embedded in organizations and therefore difficult to adopt, replicate, or transfer even with the cooperation of the owners. Thought: It is far easier to adopt ITIL than try to document and replicate 25 years of system knowledge built up by a senior technician. This knowledge is often littered with poor practice and difficult for others to pick up. Publicly available frameworks and standards such as ITIL, COBIT, CMMI, PRINCE2, ISO 9000, ISO/IEC 20000, and ISO/IEC 27001 are validated across a diverse set of environments rather than the limited experience of a single organization or person. The knowledge of public frameworks is more likely to be widely distributed amongst the professionals through publicly available training and certification. This results in it being far easier to acquire such knowledge through the labour market. Thought: Try putting ITIL into a job search engine! 4
ITIL Best Practice The IT Infrastructure Library (ITIL) was first published (40+ books strong) in late 1980 s. It was FUNCTION based ITIL was refreshed / condensed to eight core books published over about 3 years at the turn of the century. It was PROCESS based ITIL 3 has five core books. It is based around the SERVICE LIFECYCLE Slide - 5 5
The Service Lifecycle CMMI Etom Six Sigma PMBOK PRINCE2 SOA COBIT ISO/IEC 20000 SOX Certified Training ISO/IEC 17799 ISO/IEC 19770 M_o_R Slide - 6 The ITIL core architecture is based on a Service Lifecycle. Each volume of the core is represented in the Service Lifecycle. Service Design (SD), Service Transition (ST) and Service Operation (SO) are progressive phases of the lifecycle that represent change & transformation. Service Strategy (SS) represents policies & objectives. Continual Service Improvement (CSI) represents learning & improvement. 6
We Want VALUE! Customers derive value in two ways: UTILITY & WARRANTY Slide - 7 UTILITY is derived from the attributes of the Service. (In other words, the Service does what the customer wants it to making it easier for users to do their jobs). WARRANTY is derived from the Service being available when needed in sufficient capacity. Utility is what the customer gets and Warranty how it is delivered. Thought: There is little point in having the greatest website with all the functionality in the world (UTILITY) if it is slow, unreliable, insecure and support calls take days to resolve (WARRANTY). 7
Service Strategy Slide - 8 8
Service Strategy: The Goal To allow Service Providers to act and think in a strategic manner and achieve goals & objectives using strategic assets. To enable them to see the relationships between systems, services & processes that will help transform Service Management into a strategic asset. Slide - 9 9
Financial Management Objective: to enable informed decision making and provide transparency of spend. Basic Concepts: - Demand Modelling (reconciling the supply & demand) - Service Valuation (quantifying funding sought by IT & the Business for Services) Slide - 10 The role of Financial Management is to work as a Strategic Tool to support the Business in quantifying Services and decision making. 10
Service Design Slide - 11 11
Service Design: The Goal Service Design (SD) designs new or changed services for introduction into the live environment ensuring that an holistic approach is adopted that takes into consideration aspects beyond just the individual elements being introduced or changed Slide - 12 12
THE 5 MAJOR ASPECTS OF SD: design of the service solutions design of Service Management systems & tools design of the technology & management architectures Key Principles design of the processes needed to design, transition, operate & improve the services design of the metrics & measurements systems Slide - 13 Designing the service solutions includes understanding and agreeing the Business functional requirements including the capabilities needed and all the resources required. Every time a new service solution is produced it needs to be checked to ensure that it will integrate and interface with all of the other services in existence. Service Management systems & tools like the Service Portfolio are essential for the management and control of services through their lifecycle. The design of the technology & management architectures represents the development and maintenance of IT policies, strategies, architectures, designs, documents, plan and processes for the deployment and subsequent operation and improvement of IT Services and solutions. Only measurements that encourage progression towards meeting business objectives or desired behavioural change should be selected but if you can t measure it then you can t manage it. Services and the processes behind them should be fit for purpose so our metrics must be created to measure the quality of the solutions against the Business requirements in terms of Progress, Effectiveness, Efficiency & Compliance. 13
Service Catalogue The Business Service Catalogue: This is the customer view of the Service Catalogue. The Technical Service Catalogue: This should underpin the Business Service Catalogue and not form part of the customer view. Slide - 14 The Business Service Catalogue: containing details of all the IT services delivered to the customer, together with relationships to the business units and the business process that rely on the IT services. This is the customer view of the Service Catalogue. The Technical Service Catalogue: containing details of all the IT services delivered to the customer, together with relationships to the supporting services, shared services, components and CIs necessary to support the provision of the service to the business. This should underpin the Business Service Catalogue and not form part of the customer view. 14
Service Level Management Objective: The goal of the Service Level Management process is to ensure that an agreed level of IT service is provided for all current IT services, and that future services are delivered to agreed achievable targets. Proactive measures are also taken to seek and implement improvements to the level of service delivered. Basic Concepts: - SLAs, OLAs and Contracts (the Good, the bad and the ugly!!) Slide - 15 The key role for Service Level Management is the Service Level Manager (see appendix 1) Service Level Agreements (SLA s) An SLA is a written agreement between an IT Service Provider and the IT Customer, which defines the key service targets and responsibilities of both parties Operational Level Agreements (OLA s) An OLA is an agreement between an IT Service Provider and another part of the same organisation that assists with the provision of servers (such as the Network Support Team) Contract A contract is used as the basis for external supplier agreements where an enforceable commitment is required 15
Availability Management Objective: The goal of the Availability Management process is to ensure that the level of service availability delivered in all services is matched to or exceeds the current and future agreed needs of the business, in a cost-effective manner. Basic Concepts: - Service vs. Component Availability - Availability, Reliability and Maintainability Slide - 16 The key role for Availability Management is the Availability Manager (see Appendix 1) Service availability: involves all aspects of service availability and unavailability and the impact of component availability, or the potential impact of component unavailability on service availability Component availability: involves all aspects of component availability and unavailability Availability: the ability of a service, component or CI to perform its agreed function when required Reliability: a measure of how long a service, component or CI can perform its agreed function without interruption Maintainability: a measure of how quickly and effectively a service, component or CI can be restored to normal working after a failure 16
Information Security Management Objective: The goal of the ISM process is to align IT security with business security and ensure that information security is effectively managed in all service and Service Management activities. Slide - 17 17
Capacity Management Objective: The goal of the Capacity Management process is to ensure that cost-justifiable IT capacity in all areas of IT always exists and is matched to the current and future agreed needs of the business, in a timely manner Basic Concepts: - Business, Service, Component Capacity Mgmt Slide - 18 The key role Capacity Management is a balancing act. Balancing costs against resources needed: the need to ensure that processing capacity that is purchased is cost-justifiable in terms of business need, and the need to make the most efficient use of those resources. Balancing supply against demand: the need to ensure that the available supply of IT processing power matches the demands made on it by the business, both now and in the future. It may also be necessary to manage or influence the demand for a particular resource. Thought: A lack of capacity has obvious effects such as performance problems or system crashes. Whilst over capacity may be heaven for the users with no failures, they may not be as enthusiastic when the bill arrives for maintaining, powering and supporting the excess capacity. 18
IT Service Continuity Management Objective: The goal of ITSCM is to support the overall Business Continuity Management process by ensuring that the required IT technical and service facilities (including computer systems, networks, applications, data repositories, telecommunications, environment, technical support and Service Desk) can be resumed within required, and agreed, business timescales Slide - 19 The key role for ITSC Management is the IT Service Continuity Manager (see Appendix 1) 19
Service Transition Slide - 20 20
Service Transition: The Goal Service Transition provides guidance for the development and improvement of capabilities for transitioning new and changed Services into Operations. Slide - 21 ST must set customer expectations on how the performance a& use of the new or changed service can be used to enable Business change. They enable the Business change project or Customer to integrate a release into their Business Processes & Services. Their aim is to reduce variations between the predicted & the actual performance of the transitioned Services, ensuring that the Services can be used in accordance with the requirements & constraints specified within the Service Requirements. 21
Service Asset & Configuration Management Objective: to provide a logical model of the IT Infrastructure, correlating the IT Services and the different IT Components (physical & logical) needed to deliver these services. Slide - 22 SA&CM protects the integrity of Service Assets (SA s) and Configuration Items (CI s). They are tasked with establishing & maintaining a complete Configuration Management System (CMS). Once established the CMS should be capable of providing accurate information about Assets and Configuration Items. 22
Service Asset & Configuration Management Presentation Layer Knowledge Processing Layer Information Integration Layer Data and Information Sources and Tools Slide - 23 Often, data and information is collected with no clear understanding of how it will be used and this can be costly. Efficiency and effectiveness are delivered by establishing the requirements for information. In order to make effective use of data, in terms of delivering the required knowledge, a relevant architecture matched to the organisational situation and the knowledge requirements is essential. The CMS typically contains configuration data and information that combines into an integrated set of views for different stakeholders through the Service Life Cycle. It therefore needs to be based upon appropriate web, reporting and database technologies that provide flexible and powerful visualisation and mapping tools, interrogation and reporting facilities. Automated processes to load and update the Configuration Management database should be developed where possible so as to reduce errors and optimise costs. Discovery tools, inventory and audit tools, enterprise systems and network management tools can be interfaced to the CMS. These tools can be used initially to populate a CMDB and subsequently to compare the actual Live configuration with the information and records stored in the CMS. 23
Change Management Objective: to ensure that changes are recorded and then evaluated, authorised, prioritised, planned, tested, implemented, documented & reviewed in a controlled manner. Change Management seeks to ensure that standardised methods and procedures are used for efficient & prompt handling of all changes. Slide - 24 Change Management covers changes to baselined Services Assets and CI s across the whole Service lifecycle. All changes to Service Assets & CI s are recorded in the CMS. Change Management responds to the Customer s changing Business Requirements whilst maximising value & reducing incidents, disruption and re-work. It ensures that the overall Business risk is always optimised. 24
Change Management Top Five Risk Indicators of Poor Change Management: Unauthorised Changes (>0 is unacceptable) Unplanned Outages Low Change Success Rate High Number of Emergency Changes Delayed Project Implementations Slide - 25 Thought: What are the metrics we need to put in place against the Change Management Process? 25
Release & Deployment Management Objective: to build, test & deliver the capability to provide the Services specified by Service Design and that will accomplish the Stakeholders requirements & deliver intended objectives. Slide - 26 R&DM ensures that: clear & comprehensive Release & Deployment plans are created that the Customer and Business Change Projects can align their activities against Release Package can be built, installed, tested and deployed efficiently & on schedule new/changed Services and their enabling systems, technology and organisation are capable of delivering the agreed service requirements (i.e. utilities, warranties and service levels) knowledge transfer occurs enabling the Customers & Users to optimise the use of the Service knowledge is transferred to Operations & Support Staff to enable them to effectively and efficiently deliver, support & maintain the Services minimal (unpredicted) impact occurs to the Production Services, Operations & Support Organisation Customers, Users & Service Management staff are satisfied with the Service Transition practices and outputs (e.g. user documentation and training) 26
Service Operation Slide - 27 27
Service Operation: The Goal To undertake the activities & processes that manage & deliver Services at agreed levels to Business Users & Customers. To manage the technology used to deliver the services and to collect information on performance & Service metrics. Slide - 28 Thought: What sort of jobs fit into Service Operation? 28
Service Operation: Achieving Balance Stability vs. Responsiveness STABILITY Reacting to changes vs. RESPONSIVENESS Maintaining stability & consistency of Service Quality vs. Cost QUALITY Quality of Service vs. COST Cost of Service Slide - 29 Thought: If the Customer only has a Nissan Micra budget, they can t afford a Rolls Royce. If the Customer only wants a Nissan Micra, why give them a Rolls Royce? 29
Service Operation: Achieving Balance Reactive vs. Proactive REACTIVE Fire fighting No time to plan Uncoordinated Stressful vs. PROACTIVE Forward planning Preventative actions Efficient use of resource Slide - 30 Thought: Where is the focus in your support organisation? Do you carry out any proactive activities? 30
Service Desk Role: to act as a Single Point of Contact (SPoC) for all Users, to deal with IT Events, to own all incidents and manage Service Requests. Aim: to restore service to users as quickly as possible. Objectives: to improve Customer Service, increase accessibility for Users, provide a consistent approach & improve communication. Slide - 31 Understanding of the concepts of role, aim & objectives is important for the Foundation Examination. 31
Incident Management The Goal: to restore Service as quickly as possible, minimising Business impact. An Incident is defined as an unplanned interruption to an IT Service or reduction in the quality of an IT Service. Slide - 32 The failure of a Configuration Item (CI) that has not yet impacted Service is also classed as an incident. For example, the failure of one disk from a mirror set. 32
Request Fulfilment Service Request: a generic description for many types of day-to-day demands placed on IT by Users. Request Model: a predefined method for handling repeat requests. Standard Change: a pre-approved Change managed as a Service Request, for example setting up a new User on a system. Slide - 33 The term Service Request is used as a generic description for many varying types of demands that are placed upon the IT Department by the Users. Many of these are actually small changes low risk, frequently occurring and low cost (such as a request to reset a password or install additional software). Their scale and frequency and low risk nature means that they are better handled by a separate process, rather than being allowed to congest and obstruct the normal Incident & Change Management processes. 33
Event Management Objectives: to be able to detect, analyse & take appropriate action in relation to events as well as to communicate event information as required. Business Value: gained through the early detection of events & incidents, monitoring by exception & the provision of more efficient Services. Slide - 34 Event Management & Monitoring are closely related, but slightly different in nature. Event Management is focused on generating & detecting meaningful notifications about the status of the IT Infrastructure and Services. Whilst Monitoring detects & tracks such notifications, its scope is somewhat broader. For example, monitoring tools will check the status of a device to ensure that it is operating within acceptable limits, even if that device is not generating Events. Event Management works with occurrences that are specifically generated to be monitored. Monitoring tracks these occurrences, but it will also actively seek out conditions that do not generate Events. 34
Access Management Role: to ensure the appropriate access is available to the appropriate User. Basic Concepts: Access Identity Rights Directory Services Slide - 35 Access Management provides the rights for Users to access Services, executing policies defined in Availability & Security Management. Access to the level and extent of a service s functionality or data that a User is entitled to Identity of Users that distinguishes them as an individual, which verifies their status within the Organisation Rights (also called privileges) of the actual settings through which a User is provided access to a Service or group of Services (read, write, execute, change & delete) Directory Services of a specific type of tool that is used to manage Access & Rights 35
Problem Management Objectives: to prevent Problems & resulting Incidents from occurring and reoccurring, minimising the impact of Incidents. Business Value: increase in Service availability & quality, with improved resolution times & permanently resolved incidents, which results in higher levels of productivity of the Business and IT staff. Slide - 36 Problem Management means there will be less need for fire fighting. Problem: the unknown cause of one or more incidents. Workaround: a temporary way of overcoming difficulties. Known Error: Problem diagnosis complete & workaround identified. Problem Model: a predefined method for handling repeated Problems. Reactive/Proactive Activities: - Reactive Problem Management is a Service Operation responsibility - Proactive Problem Management has links to Continual Service Improvement Known Errors are held in the Known Error Database (KEDB). 36
Continual Service Improvement Slide - 37 37
CSI: The Goal Continual Service Improvement (CSI) seeks to identify & implement improvements to IT Services that support Business Processes and to ensure the ongoing alignment of IT Services to the changing needs of the Business. Slide - 38 38
CSI: The Deming Cycle Business Requirements Requests for new Service Service & Process Measurements External Requirements Security Requirements Continual Service Improvement Management Responsibilities ACT Modify CSI PLAN CSI CHECK Monitor, measure & review CSI DO Implement CSI Business Results Customer Satisfaction More effective & efficient processes New changed Services Improved employee morale Slide - 39 Consistent, ongoing improvement sits at the core of CSI thinking but how do we achieve this? The Deming Cycle is critical at the implementation of service improvements drawing on all four stages (Plan, Do, Check & Act). With ongoing improvements, CSI utilises the Check & Act stages to monitor, measure, review and implement initiatives. The cycle is underpinned by a process-led approach to management where defined processes are in place, the activities are measured for compliance to expected values and outputs are audited to validate and improve the process. Thought: Too often organisations looking for a big-bang approach to improvements but it is important to appreciate that a phased series of small (planned) improvements are less likely to put stress on the infrastructure and will amount to a large amount of improvement over time. 39
CSI: 7 Step Improvement Process Identify Vision & Strategy Tactical Goals Operational Goals (1) Define what you SHOULD measure (2) Define what you CAN measure (7) Implement Corrective Action Goals (3) Gather the data Who, How, When? Integrity of Data? (6) Present & use the Information Assessment Summary Action Plans, etc. (5) Analyse the data Relations, Trends? To plan, Target met? Corrective action? (4) Process the data Frequency, Format? System, Accuracy? Slide - 40 Thought: What do we actually measure and where do we find the information? Steps 1 & 2 are iterative during the rest of the activities, an organisation may have to purchase and install new technology to support the gathering and processing of the data and / or hire staff with the required skills sets Step 3 requires having some form of monitoring in place either manually or using application, system and component monitoring tools ( Step 4 typically using report generating technologies condensing various amounts of data into information for use in the analysis activity (usually in a format that provides an end-to-end perspective on the overall performance of a Service) Step 5 transforming information into knowledge using specific skills and experience to analyse the data Step 6 using the knowledge gained to identify issues and present solutions and create action plans for the relevant audience Step 7 optimise, improve & correct services 40
Requirements The Business / Customers Service Strategy Strategies Policies Resource and constraints Objectives from Requirements Service Portfolio Service Catalogue Service Design Service Transition Solution Designs Architectures Standards SKMS Tested solutions Transition Plans Service Design Packages Service Operation Operational Plans Operational services Continual Service Improvement Improvement actions & plans Slide - 41 41
ITIL v3 Certification scheme Credit based scheme Credits gained from previous v2 awards Modular in design Career path orientated On Demand examinations V2 to v3 bridging courses Slide - 42 42
ITIL v3 Certification scheme Slide - 43 43