Professional Documents
Culture Documents
14, 2006
Aroonrat Chinwonno
Sakul Tunboonek
page 1
What is ITIL ?
ITIL (Information Technology Infrastructure Library) is
- Documentation for IT Server Management Best Practice
- Framework for any IT organization to develop its support model
ITIL has been well established in UK and Europe, and was used as a
groundwork in developing BS15000/ISO20000*
HP “ADOPT and ADAPT” ITIL into its HP’s IT Service Management Reference Model
Many companies are now regularly requesting ITIL compliance in bids and requests for
service improvement
Forrester Research reports that 13% of corporations with revenue exceeding $1 billion
had adopted ITIL by the end of 2005. By late 2006, that will have expanded to 40%,
then to as high as 80% by 2008.
page 8
Service Delivery Agenda
Service Desk
page 10
Service Desk - Roles
Incident Management
page 17
Incident Management
Purpose:
• To restore normal service operation as quickly as possible
with minimal disruption to the business
Definition:
• Incident is an event which is not part of standard operation
service and cause interruption or reduction in quality of
service
IM’s roles
– Arrange a formal meeting of “Support Group” which are
usually Problem Management, and Service Desk teams
– Make common understanding of this incident management
objectives:
• To restore the service ASAP (also communicate SLA)
• To minimize the business disruption (consider workaround)
– Arrange any additional resources if required
– Be a communicator between “Support Group” and the
“Customer”, so that the “Support Group” do not receive
mixed directions
Problem Management
page 24
Problem Management
Purpose:
- To minimize the adverse effect on the business of Incidents and
problems cause by error in the infrastructure
- To proactively prevent the occurrence of incidents and problems
Role:
- To diagnose the root cause of the incidents and to identify a
permanent solution
Definition:
Incident is an abnormal event which cause interrupt or impact
Problem is an Unknown underlying cause of the incident
Known Error is an problem which root cause has been determined
Incident
is an abnormal event which cause interrupt or impact
Problem:
A problem describes an undesirable situation, indicating the unknown root cause of the Incident
Known Error
A known error is a problem whose root cause has been determined
• Identify problems
• Investigate problems to resolution or error identification
• Raise RFC to clear error
• Advise IM of workaround for incidents for known errors
• Assist in Major incident to identify root cause
• Prevent the replication of problems across multiple system
Information
Problem Management
Workaround Problem Control -> Error Control
RFC
Change
Management
Configuration Management
page 30
Configuration Management
• Asset Management
• Assurance the recorded CIs (Configuration Item) from
receipt to disposal
• Not only Asset Management but also provide relationship
among CIs
Configuration Baseline
is a configuration of a system established at a specific point in
time, and capturing both structure and details
ERROR
INCIDENT
PROBLEM
KNOWN ERROR
CDMB
RFC
CHANGE
AUTHORIZED
CHANGE
IMPLEMENTED
Change Management
page 36
Change Management
Purpose
To ensure that standardize method and procedure are used
to handle all changes in order to minimize the impact of
change-related incidents, and the improve the day-to-day
operation of the organizations
Input of RFC
- Required resolution of an incident or problem
- A proposed to add/change/remove a CI
- A proposed to upgrade the infrastructure
- Changes in business requirement or Policy
- Product or service changes from vendors/suppliers
Note: An Urgent Change should be avoided if possible and used only when
required. Urgent Changes skip the normal planning and communication process,
many urgent changes request for approval over the telephone. Approval of the
RFCs in such situation can cause instability in the production environment.
Release Management
page 42
Release Management - Purpose
Release Management
• is concerned with implementation, unlike Change
Management, which is concerned with verification
• particularly useful in distributed multi-tier environments,
where an implementation may consist of a number of
different components supported by different technology
domains, which need to be coordinated
Responsibilities:
A Release is
a collection of
authorized
changes into
an IT
environment
Service Release
Desk Management
Release
schedules Configuration
Configuration
-assets
Management
-relationships
Release
schedules
Service -Monitoring
CpM Level -software
Service Management -availability
AvM Delivery
SCM
ITIL Essentials (Foundations) Oct 14, 2006 page 48
Release, Change and Configuration Management
page 51
Service Delivery Agenda
Service
Level
Management
IT Service
COSTS Financial
Management SERVICE Continuity
Management
RISK
DELIVERY Security
Management
Capacity Availability
Management Management
TECHNOLOGY
ITIL Essentials (Foundations) Oct 14, 2006 page 53
Service Delivery
Internal/External
Service Level Customers
Agreements
(Business
Language)
IT Service Level
Operational Underpinning
Level
Management Contracts
Agreements (supporting)
(Technical
(Technical Language)
Language)
Identify: ServiceLevel
needs Requirements
Operational
Level
Agreem ent
Underpinning
C ontract
Report ServiceLevel
Reports
Service
Review Improvem ent
Program
Service
Incidents Incident Problem
Desk
Management Release
RFC
Service
Support
Change Configuration
Management Management
Service
SLAs definitions
OLAs
Capacity Finance
Service
Planning Availability
Delivery
Continuity
SERVICE MGMT
Requirement FIN
SLA - Service SCM METRICS
Level Agreement AVM CEO
SLR
UC CAP SLA
SLM
Suppliers
SLR
Suppliers OLA
Suppliers
Suppliers
IM
SERVICE DESK
PM End
OLA - Operational CHG User
Level Agreement CFG
UC - Underpinning
REL
Contract IT ORGANISATION
page 65
Financial Management for IT Services
- Purpose
Finance Manager
Responsibility for:
• Managing the IT budget
• Gathering suitable cost data to develop a cost model
• Preparing regular bills for the customer
Note:
• The Finance Manager for IT Services may not necessarily be
a dedicated resource.
• The process may have an owner within the IT department
who liaises with the Finance department of the organization
and senior IT managers, particularly those responsible for
service level management.
Financial targets
Costing models
Feedback of proposed Charging policies
charges to business
Process Relationships
• Activities
• Benefits
• Relationships Between Processes
• Potential Challenges/Problems
• KPIs
Services Service
Customer Level
Management
Performance
Cost Usage Service
Budget model Support
Spend Charging
Configuration
Management
Business
Relationship Financial Changes with
Management Cost model Management cost affects
Charges Capacity
Management
Service
Delivery
Performance
Usage
Capacity Management
page 74
Capacity Management - Purpose
Capacity Manager
• Reporting on current usage of resources, trending and
forecasts for future usage
• Identifying needs for increases or reductions in
hardware based on SLR and cost
• Performance testing of new systems
• Sizing all proposed new systems to determine
resources required.
• Assessing new technology or products which may
improve efficiency of the capacity process.
Technology
Capacity plan
SLAs, SLRs and Service Business Capacity Database
Catalogue
Capacity Baselines and profiles
Business plans and strategy
Management Thresholds and alarms
IS/IT plans and strategy
Capacity reports (regular, ad
Business requirements and
hoc and exception)
volumes
SLA and SLR
Operational schedules Service
recommendations
Deployment and development Capacity Costing and charging
plans and programs Management recommendations
Forward Schedule of Change
Proactive changes and service
Incidents and Problems
Resource improvements
Service Reviews
Capacity Revised operational schedule
SLA breaches
Management Effectiveness reviews
Financial plans
Audit reports
Budgets
Service
Level Monitoring Incident
Management Reporting Management
Requirements Change
Customer Capacity Management
Availability Service
Continuity Delivery
Planning
page 81
IT Service Continuity Management –
Purpose
Initial Testing
Testing
Review & Change
Audit Management
Stage 4 – Operational
Management Education & Training
Awareness
Assurance
• Accommodations
• Power
• Environmental controls
• Network cabling infrastructure
• Telecommunications
• Accommodations
• Power
• Environmental controls
• Network cabling infrastructure
• Telecommunications
• Operations, system management and technical support
• Processors, peripherals, communications equipment and / or
operating systems
• Accommodations
• Power
• Environmental controls
• Network cabling infrastructure
• Telecommunications
• Operations, system management and technical support
• Processors, peripherals and communications equipment
• Operating systems, applications and data mirrored from the operational
servers
Service Exercise /
Level Service Recovery Incident
Management Management
Problem
Management Service
SLR Support
Plans Requirements
Change
Requirements Service
Management
Customer Continuity
Plans Management Configuration
Management
Planning
Incidents
Service
Desk Capacity
Event Availability
Monitoring Service
Delivery
Planning
Availability Management
page 93
Availability Management - Purpose
INPUTS OUTPUTS
Business availability Availability & recovery design
requirements criteria
A
Business impact assessment V M IT infrastructure resilience
& assessment
A A
I N
Availability, reliability & Agreed targets for availability
L A
maintainability requirements and maintainability
A G
B E
Reports of availability, reliability
Incident and problem data I M & maintainability achieved
L E
I N
Configuration & monitoring data Availability monitoring
T T
Y
Service level achievements Availability Plan
ITIL Essentials (Foundations) Oct 14, 2006 page 95
Availability Management Terminology
• Availability - is the ability for an IT Service or component to perform
its required function at a stated instant or over a stated period
• Reliability – the tendency of an IT Service or component not to fail
(i.e. how long can it perform)
• Resilience – the ability of the component to continue providing the
service even though some piece is no longer functioning (i.e. fault
tolerance)
• Maintainability - is the ability to retain or restore an IT Service or
component to an operational state (internal)
• Serviceability - as Maintainability but for external suppliers
• Security - Confidentiality, Integrity and Availability of the services
and associated data; an aspect of overall availability
Confidentiality, Integrity and Availability (CIA) – the basis of
security
+
Impact on
Customer Service (Where / if known)
/ Reputation
93.4%
0.998 x 0.98 x 0.995 x 0.96 = 0.934
Service Downtime
Level SLA Monitoring Incident
Management Monitoring Management
Cause Problem
Management Service
SLR Support
Plans
Change
Requirements Management
Customer Availability
Management Change
Plans Configuration
Management
Planning
Incidents
Service
Desk
Event
Monitoring of Capacity Service
Downtime Continuity Delivery
Planning
Security Management
page 103
Security Management - Purpose
•PROTECT DATA
ITIL Essentials (Foundations) Oct 14, 2006 page 104
The Cost of Security Incidents
• Confidentiality
– protecting the business information from failure and
attack
– is more than locking server rooms or insisting on
password discipline.
• Integrity
– timeliness or correctness require careful consideration of
information flows and
– safeguards against incorrect values
• Availability
– maintaining the uninterrupted operation of the IT
organization
– also helps to simplify Information Security Service Level
Management, as it is much more difficult to manage a
large number of different SLAs than a limited one.
ITIL Essentials (Foundations) Oct 14, 2006 page 106
Security Management Activities *
• Plan
– Establish the structure of the Security section of the Service Level Agreements, Operational Level Agreements and
Underpinning Contracts
– Establish the security baseline (or minimum security standards)
• Implement
– Establish and maintain security awareness
– Establish the procedures to identify and classify security incidents
– Establish the procedures to handle security incidents
• Evaluate
– Conducting security audits
• Using Internal resources
• Using External resources
• Self assessment (using Security Management resources)
– Ongoing review and analysis of security incidents
• Control
– Establish the structure and controls for security functions
– Defines the roles & responsibilities (including the line of command)
• Maintain
– Ensure the continuity of security measures
– Update to the security handbooks
• Report
– Communicate the effectiveness and efficiency of the security management process and functions
– Communicate the number and type of security incidents
– Communicate the action plans to improve/correct security measures
– Communicate compliance with security policy
Service Incidents
Level SLA Incident
Management Monitoring Management
Virus Problem
Management Service
SLR Support
Plans
Change
Requirements Management
Customer Security
Management Change
Plans Configuration
Management
Planning
Incidents Release
Management
Service
Desk
Attacks
Capacity Service
Continuity Delivery
Planning Availability
Quick Review
page 109
ITIL Process Linkages
IT Service
Continuity
Management
Communicates With
Configuration Management
Change
Management
Financial Service Level
Management Management
Problem
Release
Management
Management
Incident
Management and
Service Desk
We can learn
Recommending improvements
Structure helps
Understanding
May have
benefits
Bureaucratic
Time and Effort
Too much
delay
Paper chase
We already do
ITIL Essentials (Foundations)
that Oct 14, 2006 page 111
Roles that could be combined
http://www.ogc.gov.uk The OGC – the organization that publishes the ITIL books