Transcript ITIL and other best practices frameworks

STORAGE MANAGEMENT/
EXECUTIVE:
®
ITIL and Other Best
Practices Frameworks
Jim Damoulakis
CTO, GlassHouse Technologies
[email protected]
Sept. 21, 2004
Outline
 Best practices frameworks
•
•
Drivers
Benefits
 ITIL®
•
•
•
What is it?
Who owns it?
How do you use it?
 Other “standards”
•
•
•
CMM
COBIT
COSO
ITIL® is a registered trade mark of OGC
Outline (2)
 How does this fit with storage?
•
Improving storage management – need more than
tools
•
•
Managing increasing complexity and controlling cost
•
Better services at lower cost
Realization that you can’t take advantage of new
technology without fixing the process
 GH SML
•
•
•
What is it?
How does it fit with the frameworks?
Usage examples
Best practices frameworks
 Process rediscovered?
 Increased accountability – compliance
 Aligning IT with business – more than lip service
 Growth is too difficult to manage
 Reduce risk
 Improve effectiveness
 Improve cost
ITIL: What?
 IT Infrastructure Library (ITIL)
•
“ITIL is the most widely accepted approach to IT
service management in the world.”
•
A best practices approach for IT service
management
•
A framework to structure new and existing methods
and activities
•
•
De facto standard (Real standard is BS15000)
Quality focus
ITIL: Who?
 UK Office of Government Commerce (OGC)
•
•
Holder of copyright
Also oversees PRINCE2
 itSMF: IT Service Management Forum
•
Drives much of the ITIL definition and qualification
criteria
 Publications
 Training
 Certifications (people, not organizations)
ITIL framework publications
Source: Pink Elephant
Service delivery
 Service level management
 Financial management for IT services
 Capacity management
 IT services continuity management
 Availability management
Service support
 Incident management
 Problem management
 Configuration management
 Change management
 Release management
Capability maturity model: Carnegie Mellon SEI
Level
Name
Description
1
Initial
Ad-hoc, reactive, “firefighting”
2
Repeatable Proactive, trained people
Documented, standardized products and
procedures
3
Defined
4
Managed
Metrics for deliverables and processes
5
Optimizing
Continuous improvement with feedback
Control OBjectives for Information
®
and related Technology (COBIT )
 Controlled by the IT Governance Institute (ITGI)
and Information Systems Audit and Control
Association (ISACA)
 Framework for governance of IT
 “Developed as a generally applicable and
accepted standard for good Information
Technology (IT) security and control practices
that provides a reference framework for
management, users, and IS audit, control and
security practitioners”
CobiT domains:
 Planning & organization
 Acquisition &
implementation
 Delivery & support
 Monitoring
Compliance auditing
 COSO internal control – Integrated
framework
• Committee of Sponsoring Organizations of the
Treadway Commission
•
Blessed by SEC and PCAOB as approved IT
governance framework
•
Five components:
 Control environment
 Risk assessment
 Control activities
 Information and communication
 Monitoring
How does this apply to storage?
 ITIL, COBIT, COSO do not discuss storage
specifically
 Goals of effectiveness and efficiency are
the same across IT
 Storage adds the problem of persistence
 Need for a storage-specific framework
The GlassHouse Storage
Management Lifecycle™
 A framework of best practice for the
planning, management and operation of
the storage environment
 A guide to the steps needed to align, plan,
design and purchase the storage
infrastructure
 A road map for the development of
policies and standard operating
procedures needed for efficient and
compliant storage management
 Supportive of international standards on
compliance
Storage Management Lifecycle
Phase 3
Maintenance
Phase 1
Planning
Phase 2
Provisioning
Phase 4
Customer
Care
Source: GlassHouse Technologies Inc. 2004
Phase 1: Planning
1.1
Strategy
1.2
Policies
Source: GlassHouse Technologies Inc. 2004
1.3
Discovery
Phase 1.4
Requirements
Phase 2: Provisioning
2.1
Purchasing
2.2
Change
Control
Source: GlassHouse Technologies Inc. 2004
2.3
Activation
Phase 2.4
Service
Acceptance
Phase 3: Maintenance
3.1
Service
Delivery
3.2
Infrastructure
Management
Source: GlassHouse Technologies Inc. 2004
3.3
Service
Support
Phase 3.4
Compliance
Phase 4: Customer Care
4.1
Service
Ordering
4.2
Service
Fulfillment
Source: GlassHouse Technologies Inc. 2004
4.3
Service
Quality
4.4
Alignment
Check
Domain
Planning
Activities
Tasks
4
28
Technical
Requirements
Reference
Architecture
Focus Areas
Primary
Environment
89
Provisioning
4
25
56
Operations &
Maintenance
4
21
51
Client Care
(end user)
3
16
16
Example: Breakout of planning phase and tiered,
detailed activities and tasks
Phase
Activity
Tasks
Strategy
Business Drivers, Service Levels required,
Financial criteria
Policies
Demarcation lines, storage group roles, data
classification, expense request, capacity
planning, security, technology directions,
communications
Discovery of
environment
Primary environment, server environment,
storage network environment, data
identification, backup environment, DR
environment, archiving environment, policies,
procedure, tools environment, organization
structure, application environment
Technical
requirements
Group service levels, define COS attributes,
develop reference architecture, establish
financial parameters, establish standard
operating procedures
Planning
Mapping the ITIL framework to the SML
(SS) Service Support
(BP) Business Perspective
1.
2.
3.
4.
Business continuity √
Partnerships and outsourcing
Surviving change
Transformation of business practice
1.
2.
3.
4.
5.
6.
Service desk √
Incident management √
Problem management √
Configuration management √
Change management √
Release management √
Application
Management
(SD) Service Delivery
1.
2.
3.
4.
5.
Capacity management √
Financial management √
Availability management √
Service level management √
Service continuity management √
(IM) Infrastructure Management
1.
2.
3.
4.
5.
Network service management √
Operations management √
Management of local processors √
Computer installation and acceptance √
Systems management √
√ indicates match to GH SML activity
Engagement objectives - Capability maturity model
SML CMM - Phase Activity Gap Analysis
Discovery
5
Service Assurance
Planning
Capacity Planning
4
Cust Care
3
Cost Accounting
Requirements Analysis
2
1
Operations
Storage Policies
0
Maintenance &
Operations
Management
Storage Procedures
Service Acceptance
Change Control
Storage Provisioning, Activation
Provisioning
Requisitioning
------ Current State
------ Desired State
Key findings: Fragile storage utility model

Business unit concerns
– Availability

Single tier of service
– Cost & need mismatch

No service level agreements
– Need & value mismatch

Cost model constraints
– Not tiers, no penalties, no BU$

Virtual storage team
– Authority & accountability
mismatch

Mature management practices
– Under development

One level data protection
– Cost & need mismatch

No lab environment
– Cost & risk mismatch
Overall maturity level
Prioritization of
process
development
plan by:
Activity
Maturity
Current
Target
Priority
Change Control
3.0
3.0
Short Term
Reporting
2.0
2.0
Immediate
Resource Management
2.0
2.0
Immediate
Configuration Management
1.0
2.0
Immediate
• Impact
Quota Management
1.0
2.0
Long Term
Monitoring
2.0
2.0
Short Term
• Level of effort
Fault Response
2.0
2.0
Short Term
Device Management
2.0
2.0
Immediate
Asset Management
1.0
2.0
Immediate
Testing
1.0
2.0
Long Term
Data Protection
2.0
2.0
Immediate
Data Migration
1.0
2.0
Immediate
Authorization
2.0
2.0
Long Term
Security
2.0
3.0
Immediate
Retirement
1.0
2.0
Long Term
Training
1.0
1.0
Short Term
3 Months
Storage management road map
6 months
9 months
9+ Months
Desired State:
Foundation
Optimize
Key Metrics
Develop and
Implement Key
Performance
Indicators and Key
Risk Indicators
Base SOP’s
Develop key Standard operating
procedures with compliance,
completion and quality artifacts
Cost Model Simulation
Develop model to
include BU, Arch, DR
and Dev costs
Improved staff
productivity
Continuous reduction
in unit TCO of
storage
SLA Development Simulation
Develop & Publish draft SLA’s
Backup Compression
Model BU Strategies for closing window of opportunity
Automation
Tools selection
Reduced risk to
critical apps
Cost Reduction
Consolidation of Storage
Data Identification
Application, Server, Storage, Business cross ref and inter dependency
Compliance
Critical Priorities
Identify & Implement
immediate compliance
requirements
ILM Strategies
Develop ILM strategies for DB information,
and email
Audit Capability
Develop & implement internal
audit capability
Archiving
Develop archiving compliance needs, refresh, recovery needs & priorities
Strategic Storage Architecture -
Architecture
ILM Implementation
Implement ILM strategies for DB and
email
Business needs, Policies, Service Levels, Backup, Archiving, DR,
Reference Architecture, RFI/RFP, Acquisition, Implementation,
Metrics, Tools, SOP’s, Operation,
Costs aligned with
data criticality
Improved service
levels to business
units
Expansion and
growth part of a
planned strategy
Compliant with
regulation,
legislation and
mandate
Pragmatic and
usable Disaster
Recovery plan
SAN Management
Task
SAN Design
Provisioning
Performance Management
Information Lifecycle Management
Device Management
Configuration Management
Capacity Planning
Asset Management
Application Management
Sample Tools – Provisioning
Accounting
Activity
Infrastructure
Product Selection
Infrastructure
Purchasing
Infrastructure
Site Preparation
Infrastructure
Equipment Staging
X
Infrastructure
Asset Management
X
Requisitioning
Change Request
Requisitioning
Optimization
Requisitioning
Change Control
Activation
Storage Allocation
X
x
X
X
Activation
Backup Implementation
X
X
x
x
x
Activation
DR Implementation
X
X
X
x
x
Activation
Data Security
X
X
Activation
Data Migration
X
X
X
X
X
Activation
Retirement
X
X
X
X
X
Activation
Configuration Management
Service Acceptance Testing
Service Acceptance Go-Live
Service Acceptance SLA Acceptance
X
X
X
X
X
X
X
X
X
X
X
X
X
X
Summary – Why a best practices framework?
 Promotes alignment of business needs with IT storage directions
 Optimizes storage investment effectiveness and reduces
operational costs.
 Ability to cost, migrate and manage data appropriate to its
value.
 Provides speedy development of policy and procedure
 Reduces risk and promotes manageability and predictability.
 Creates a solid basis for identification and selection of appropriate
automation tools.
 Supports compliance process validation.
Useful links
 Official ITIL home page –
www.ogc.gov.uk/index.asp?id=2261
 itSMF – www.itsmf.com
 CobiT – www.isaca.org
 COSO – www.coso.org
 CMM – www.sei.cmu.edu/cmm/
 GlassHouse SML – www.glasshouse.com