ITIL and other best practices frameworks
Download
Report
Transcript ITIL and other best practices frameworks
STORAGE MANAGEMENT/
EXECUTIVE:
®
ITIL and Other Best
Practices Frameworks
Jim Damoulakis
CTO, GlassHouse Technologies
[email protected]
Sept. 21, 2004
Outline
Best practices frameworks
•
•
Drivers
Benefits
ITIL®
•
•
•
What is it?
Who owns it?
How do you use it?
Other “standards”
•
•
•
CMM
COBIT
COSO
ITIL® is a registered trade mark of OGC
Outline (2)
How does this fit with storage?
•
Improving storage management – need more than
tools
•
•
Managing increasing complexity and controlling cost
•
Better services at lower cost
Realization that you can’t take advantage of new
technology without fixing the process
GH SML
•
•
•
What is it?
How does it fit with the frameworks?
Usage examples
Best practices frameworks
Process rediscovered?
Increased accountability – compliance
Aligning IT with business – more than lip service
Growth is too difficult to manage
Reduce risk
Improve effectiveness
Improve cost
ITIL: What?
IT Infrastructure Library (ITIL)
•
“ITIL is the most widely accepted approach to IT
service management in the world.”
•
A best practices approach for IT service
management
•
A framework to structure new and existing methods
and activities
•
•
De facto standard (Real standard is BS15000)
Quality focus
ITIL: Who?
UK Office of Government Commerce (OGC)
•
•
Holder of copyright
Also oversees PRINCE2
itSMF: IT Service Management Forum
•
Drives much of the ITIL definition and qualification
criteria
Publications
Training
Certifications (people, not organizations)
ITIL framework publications
Source: Pink Elephant
Service delivery
Service level management
Financial management for IT services
Capacity management
IT services continuity management
Availability management
Service support
Incident management
Problem management
Configuration management
Change management
Release management
Capability maturity model: Carnegie Mellon SEI
Level
Name
Description
1
Initial
Ad-hoc, reactive, “firefighting”
2
Repeatable Proactive, trained people
Documented, standardized products and
procedures
3
Defined
4
Managed
Metrics for deliverables and processes
5
Optimizing
Continuous improvement with feedback
Control OBjectives for Information
®
and related Technology (COBIT )
Controlled by the IT Governance Institute (ITGI)
and Information Systems Audit and Control
Association (ISACA)
Framework for governance of IT
“Developed as a generally applicable and
accepted standard for good Information
Technology (IT) security and control practices
that provides a reference framework for
management, users, and IS audit, control and
security practitioners”
CobiT domains:
Planning & organization
Acquisition &
implementation
Delivery & support
Monitoring
Compliance auditing
COSO internal control – Integrated
framework
• Committee of Sponsoring Organizations of the
Treadway Commission
•
Blessed by SEC and PCAOB as approved IT
governance framework
•
Five components:
Control environment
Risk assessment
Control activities
Information and communication
Monitoring
How does this apply to storage?
ITIL, COBIT, COSO do not discuss storage
specifically
Goals of effectiveness and efficiency are
the same across IT
Storage adds the problem of persistence
Need for a storage-specific framework
The GlassHouse Storage
Management Lifecycle™
A framework of best practice for the
planning, management and operation of
the storage environment
A guide to the steps needed to align, plan,
design and purchase the storage
infrastructure
A road map for the development of
policies and standard operating
procedures needed for efficient and
compliant storage management
Supportive of international standards on
compliance
Storage Management Lifecycle
Phase 3
Maintenance
Phase 1
Planning
Phase 2
Provisioning
Phase 4
Customer
Care
Source: GlassHouse Technologies Inc. 2004
Phase 1: Planning
1.1
Strategy
1.2
Policies
Source: GlassHouse Technologies Inc. 2004
1.3
Discovery
Phase 1.4
Requirements
Phase 2: Provisioning
2.1
Purchasing
2.2
Change
Control
Source: GlassHouse Technologies Inc. 2004
2.3
Activation
Phase 2.4
Service
Acceptance
Phase 3: Maintenance
3.1
Service
Delivery
3.2
Infrastructure
Management
Source: GlassHouse Technologies Inc. 2004
3.3
Service
Support
Phase 3.4
Compliance
Phase 4: Customer Care
4.1
Service
Ordering
4.2
Service
Fulfillment
Source: GlassHouse Technologies Inc. 2004
4.3
Service
Quality
4.4
Alignment
Check
Domain
Planning
Activities
Tasks
4
28
Technical
Requirements
Reference
Architecture
Focus Areas
Primary
Environment
89
Provisioning
4
25
56
Operations &
Maintenance
4
21
51
Client Care
(end user)
3
16
16
Example: Breakout of planning phase and tiered,
detailed activities and tasks
Phase
Activity
Tasks
Strategy
Business Drivers, Service Levels required,
Financial criteria
Policies
Demarcation lines, storage group roles, data
classification, expense request, capacity
planning, security, technology directions,
communications
Discovery of
environment
Primary environment, server environment,
storage network environment, data
identification, backup environment, DR
environment, archiving environment, policies,
procedure, tools environment, organization
structure, application environment
Technical
requirements
Group service levels, define COS attributes,
develop reference architecture, establish
financial parameters, establish standard
operating procedures
Planning
Mapping the ITIL framework to the SML
(SS) Service Support
(BP) Business Perspective
1.
2.
3.
4.
Business continuity √
Partnerships and outsourcing
Surviving change
Transformation of business practice
1.
2.
3.
4.
5.
6.
Service desk √
Incident management √
Problem management √
Configuration management √
Change management √
Release management √
Application
Management
(SD) Service Delivery
1.
2.
3.
4.
5.
Capacity management √
Financial management √
Availability management √
Service level management √
Service continuity management √
(IM) Infrastructure Management
1.
2.
3.
4.
5.
Network service management √
Operations management √
Management of local processors √
Computer installation and acceptance √
Systems management √
√ indicates match to GH SML activity
Engagement objectives - Capability maturity model
SML CMM - Phase Activity Gap Analysis
Discovery
5
Service Assurance
Planning
Capacity Planning
4
Cust Care
3
Cost Accounting
Requirements Analysis
2
1
Operations
Storage Policies
0
Maintenance &
Operations
Management
Storage Procedures
Service Acceptance
Change Control
Storage Provisioning, Activation
Provisioning
Requisitioning
------ Current State
------ Desired State
Key findings: Fragile storage utility model
Business unit concerns
– Availability
Single tier of service
– Cost & need mismatch
No service level agreements
– Need & value mismatch
Cost model constraints
– Not tiers, no penalties, no BU$
Virtual storage team
– Authority & accountability
mismatch
Mature management practices
– Under development
One level data protection
– Cost & need mismatch
No lab environment
– Cost & risk mismatch
Overall maturity level
Prioritization of
process
development
plan by:
Activity
Maturity
Current
Target
Priority
Change Control
3.0
3.0
Short Term
Reporting
2.0
2.0
Immediate
Resource Management
2.0
2.0
Immediate
Configuration Management
1.0
2.0
Immediate
• Impact
Quota Management
1.0
2.0
Long Term
Monitoring
2.0
2.0
Short Term
• Level of effort
Fault Response
2.0
2.0
Short Term
Device Management
2.0
2.0
Immediate
Asset Management
1.0
2.0
Immediate
Testing
1.0
2.0
Long Term
Data Protection
2.0
2.0
Immediate
Data Migration
1.0
2.0
Immediate
Authorization
2.0
2.0
Long Term
Security
2.0
3.0
Immediate
Retirement
1.0
2.0
Long Term
Training
1.0
1.0
Short Term
3 Months
Storage management road map
6 months
9 months
9+ Months
Desired State:
Foundation
Optimize
Key Metrics
Develop and
Implement Key
Performance
Indicators and Key
Risk Indicators
Base SOP’s
Develop key Standard operating
procedures with compliance,
completion and quality artifacts
Cost Model Simulation
Develop model to
include BU, Arch, DR
and Dev costs
Improved staff
productivity
Continuous reduction
in unit TCO of
storage
SLA Development Simulation
Develop & Publish draft SLA’s
Backup Compression
Model BU Strategies for closing window of opportunity
Automation
Tools selection
Reduced risk to
critical apps
Cost Reduction
Consolidation of Storage
Data Identification
Application, Server, Storage, Business cross ref and inter dependency
Compliance
Critical Priorities
Identify & Implement
immediate compliance
requirements
ILM Strategies
Develop ILM strategies for DB information,
and email
Audit Capability
Develop & implement internal
audit capability
Archiving
Develop archiving compliance needs, refresh, recovery needs & priorities
Strategic Storage Architecture -
Architecture
ILM Implementation
Implement ILM strategies for DB and
email
Business needs, Policies, Service Levels, Backup, Archiving, DR,
Reference Architecture, RFI/RFP, Acquisition, Implementation,
Metrics, Tools, SOP’s, Operation,
Costs aligned with
data criticality
Improved service
levels to business
units
Expansion and
growth part of a
planned strategy
Compliant with
regulation,
legislation and
mandate
Pragmatic and
usable Disaster
Recovery plan
SAN Management
Task
SAN Design
Provisioning
Performance Management
Information Lifecycle Management
Device Management
Configuration Management
Capacity Planning
Asset Management
Application Management
Sample Tools – Provisioning
Accounting
Activity
Infrastructure
Product Selection
Infrastructure
Purchasing
Infrastructure
Site Preparation
Infrastructure
Equipment Staging
X
Infrastructure
Asset Management
X
Requisitioning
Change Request
Requisitioning
Optimization
Requisitioning
Change Control
Activation
Storage Allocation
X
x
X
X
Activation
Backup Implementation
X
X
x
x
x
Activation
DR Implementation
X
X
X
x
x
Activation
Data Security
X
X
Activation
Data Migration
X
X
X
X
X
Activation
Retirement
X
X
X
X
X
Activation
Configuration Management
Service Acceptance Testing
Service Acceptance Go-Live
Service Acceptance SLA Acceptance
X
X
X
X
X
X
X
X
X
X
X
X
X
X
Summary – Why a best practices framework?
Promotes alignment of business needs with IT storage directions
Optimizes storage investment effectiveness and reduces
operational costs.
Ability to cost, migrate and manage data appropriate to its
value.
Provides speedy development of policy and procedure
Reduces risk and promotes manageability and predictability.
Creates a solid basis for identification and selection of appropriate
automation tools.
Supports compliance process validation.
Useful links
Official ITIL home page –
www.ogc.gov.uk/index.asp?id=2261
itSMF – www.itsmf.com
CobiT – www.isaca.org
COSO – www.coso.org
CMM – www.sei.cmu.edu/cmm/
GlassHouse SML – www.glasshouse.com