Professional Documents
Culture Documents
IT Service Management
1
The Philosophy of Service
Management
IT is the business
And
The business is IT
2
Triple P
3
IT Process
Objective Result
Activities
Operational Level
Input Output
Process
4
Deming Quality Circle
Maturity Continuous
Step by step
improvement
Act Plan
Time Scale
5
The Objective of Service
Management
• Align IT services in such a way that
they will always meet the business/
organization needs which will change
in time
• Quality Improvement of the IT
services Provided
• Reduce long-term costs of the IT
services provided
Service Management: is the delivery of customer-focused IT
services, by using a process-oriented approach/ Method
6
ITIL (CCTA’s) Reference Model
Capacity Management
Service Level Management
Availability Management
Service Delivery
Security Management
7
ITIL Certification Program
Service
Delivery
Serv ic e
Case
Mg t. 2 Studies
Service
Service Mgt. 1 Support
IT IL Fou nd ati on (3 -d ay
Cour se)
8
ITIL in a Nutshell (1)
Bridge
IT Business
GAP
9
ITIL in a Nutshell (2)
Bridge =SLM Bridge =SLM
Supplier IT Business
UC’S OLA’s SLA’s
GAP GAP
10
ITIL in a Nutshell (3)
Bridge =SLM Bridge =SLM
$ Pricing Service
Supplier IT Business
UC’S OLA’s SLA’s
GAP GAP
$ Charging
Service
Service
11
ITIL in a Nutshell (4)
Bridge =SLM Bridge =SLM
$ Pricing
$
Service
Profit
Supplier IT Business
UC’S OLA’s SLA’s
GAP GAP
$ Charging
Service
Service
12
ITIL in a Nutshell (5)
Bridge =SLM Bridge =SLM
Service
$ Pricing Service
Profit
GAP GAP $
$ Charging Pricing
Service
Service
13
Goals of Configuration
Management
15
Assets versus Configuration
Items
• Asset
– Element/ part of a business/ Organization
process
• Configuration Item (CI)
– Element/ part of an IT infrastructure - or an
item associated with an IT infrastructure
which is under the control of Configuration
Management
• Configuration Management Database (CMDB)
– A database, which contains all relevant
details of each CI and details of the important
relationships between CI’s
NOTE:
A CMDB contains RELATIONSHIPS
BETWEEN CI’s , DOCUMENTATION and
goes much further than an Asset DB
Tool 16
Configuration management
Process
Plannin
g Configuration
Identification/
verification Items =(CI’s)
Register & Recoding of CI’s
Service
Status s
Environmen
Accounting t
Controlling & HW/ SW
Updating
Auditin Detail
Documentatio
g
(Attributes) CMDB n
Procedure
s
Processes
Contract
Scope s
SLA’s, OLA’s UC’s
(Category) WI (= Work
Instructions)
Manuals
Relationships between
CI’s
Baseline Models
17
How to Determine IMPACT of
Incidents through the
Relationships between the
CI’s
Po ea
br
w k
er
DB
Virus Scanners
Backup Security
os
18
Baseline
• Configuration Baseline
– Configuration of a product or system
established at a specific moment in time,
which captures both the structure and details
of the product or system
19
Detail of the CMDB
Pl
a nn
ed
O
rd
er
ed
In
Te
st
In
Pr
od
uc
ti o
Br n
Status of CI’s
ok
en
an
In ce
Re
pa
… ir
…
…
…
Ar .
20
ch
iv
ed
Goals of Incident Management
Incident Management
Service Users
Desk =SPO
Incident Detection and recording
C
Classification of Incident(s) & Service Request(s)
- Impact
- Urgency
Prioritization
* High
* Medium CMDB Knowledge out of
* Low Configuration Management
Categorization
- Hardware
- Software
24
Service Requests are dealt within SRQ
procedures
Outstanding Incidents DB Knowledge out of
Matching of Incidents
K.E. / Workarounds DB Problem Management
Problem DB
Routing Incidents
1st Line-Support
2nd Line-Support
3rd Line-Support
Escalation
Inform / Support
(vertical Service
Desk
escalation)
27
Problem Management Process
(1)
Service
Escalation of
Incidents Desk
Problem
Management
1 Problem
Record 2 Known
Error
Record
Classification
Fi Solu
Error Assessment
nd
Fi
Assigning
“B n
Resources
nd use
Recording Error
RFC
Ca
Resolution (RFC)
ES
tio
Ro
Investigation
and Diagnosis T” Successful completion
ot
29
From Reactive Proactive
Problem Management Prevention of
problems
on/ in IT-
Infrastructure
Monitor
Change
Managemen
t
Initiating
changes:
• Fix Incidents
• Control RFC
Problem
identification
& diagnosis
Delivering
(2nd) & 3rd
line support
30
Goals of Change
Management
31
Terminology
• Change
The addition of…, the modification of…,
or the removal of…, approved and
supported CI’s or baseline CI’s
• Request for Change
Form use to record details of a request
for a change to any CI; can be submitted
from each single ITIL Process
• Forward Schedule of Changes
Schedule that contains details of all the
Changes authorized for implementation
and their proposed implementation
dates. It also shows the dependency of
each change!!!
32
Impact of a Change
• Standard
The change may be executed without contacting the
Change Manager (Manual with standard Changes)
• Category 1
Small Business impact on the Services. The Change
Manager is entitled to authorize this RFC
• Category 2
Medium Business Impact on the services. The RFC must
be discussed in the CAB. The Change Manager
requests advice on authorization and planning
• Category 3
Large Business Impact on the services. Management is
involved in the decision process
33
Priority of a Change
• Urgent
Change necessary immediately, approval by
CAB/Emergency Committee (CAB/CEC)
• High
Change needed as soon as possible
• Medium
Change will solve annoying errors or missing
functionalities (can be scheduled)
• Low
Change leads to minor improvements (which is not
contractually necessarily)
34
Change Management Process
Entering
Projec Change
t Managemen
t Process
Change Manager does Registration & RFC’s
Classification of RFC’s
Verification
P.I.R
36
The Change Advisory Board
(CAB)
A
A R
A
Financial Manager
Incident
Manager
Business
Representation
User /Dept.
Problem Manager Configuration Manager
Manager
37
Clarification
Change
Manager
Release
Manager
38
Goals of Release Management
Base for
Releases One or More
Physical
File Stores
DSL
Linked Logical
with CMDB Storage
Distribution
40
Definitive Hardware Store
(DHS)
Protection
of Hardware
Spares and
Components
Spares for
Recovery
DHS
Linked
One or More
with CMDB
Physical
File Storages
Components
for Changes
41
Form of Releases
Full, Package
And Delta Release
Emergency
Release
Release Unit
Release
policies Version
Numbering
Release
Frequency
42
Goals of Capacity Management
43
Capacity Management Process
Demand Management (INPUT)
Capacity
Database
(INPUT)
Capacity
Plan
44
Sizing and Modelling
• Application Sizing
Determining the hardware capacity required to
support new (or adapted) applications,
according to the agreed SLA’s
• Modelling
– Trend analysis
– Simulation modelling
– Baseline models
45
Goals of Availability
Management
– Resilience (Redundancy)
T
R
W
I
Unavailable=Downtime
T
MA
M
i
v
eT
T
Ima
sT
B
eil
M
BR
F
a
t
E
S=
b
l
o
IS
Ae
=
r
=e
v
U
e
Rrp
a
ti
v
il
m
eai
e
l
b
c
i
e
il 49
CRAMM= CCTA’s Risk Analysis
Management Methodology
Threats
Value of Vulnerabilit
Assets ies
Risk Analysis
Risk Management
Managing an
Counter Planning for potential Outage
Measures Outage
50
When Is a Service
Available?
(AST-DT)
Availability= X 100%
AST
51
Availability Formula
In Series In Parallel
Avail = 90%
Network Disk Y
Printer
Print
Server
Disk Z
Avail = 90% Avail = 80%
Avail = 80%
53
Structure of
Security Management
B
S
SI
e
u
L
Tc
s
A
Su
i
ri
e
t
n
cy
e
u
P 54
Security Definitions (1)
CI A
A
C
E
P
S I
v
o
n
ar
a
n
o
stf
e
u fti
eril
g
a
d
u
cri
b
e
ati
n
n
gtri 55
Security Definitions(2)
oevr
T
R
DIR
C
P
E
ae
h
narperl
cuevr
m
acetr
nio
easoit
a
v
d
g
no/
isnoi
e
Rt
n
nsre
d
yut
ct
ioD
ne
t
e
c
ti 57
Information Security Model
(ISM)
Information Security Policy
Risk Analysis
External Influence
Business Drives
Planning
Operational Measures
58
BS 7799 & ISO/IEC 17799
The Code of Practice for Information Security
Management
Security Policy
ISO/IEC 17799 (British Standard BS 7799
The 10 Control areas defined within
Security Organization
Asset Classification and Control
Personnel Security
Physical & environmental Security
Communications & Operations Management
Access Control
Systems development & Maintenance
Business Continuity Management
Compliance
59
Security Activities
61
Challenges
• Expensive and no Benefits
• The ‘Ostrich Approach’, or “IT’ll never happen
2me!”
• You can not protect against all the threats
• Lack of Senior Management interest
• “Entropy Rules”; Security degrades over time!, Maintaining
security at the agreed level is an imperative
• No ‘Security by Design’; Many ‘Legacy’ applications do
not have security embedded in them.
• Locks on grass huts; There is no point securing one
aspect of an information system or IT Infrastructure, if the rest
is less secure. Similarly, failing in one small area of security is
failing overall
62
Reporting
Survival
64
ITSCM Process (1)
Initiate
Initiation
Continuity MGT
Business Impact
Analysis
Business Continuity
Strategy
Organization and
Implementation
Planning
Implement Implement
Develop
Stand-by Risk Reduction
Implementation Arrangements Recovery Plans Measures
Develop Procedures
Initial Testing
65
ITSCM Process (2)
(=Operational)
Testing
Review & Change
Audit Manageme
nt
Education & Training
Awareness
Assurance
66
CRAMM= CCTA’s Risk Analysis
Management Methodology
(=based on Business Impact)
Threats
Value of Vulnerabiliti
Assets es
Risk Analysis
Risk Management
Managing a
Counter Planning for potential Disaster
Measures Disaster
67
Recovery Options
Cold Standby
Gradual Recovery
Warm
Standby
Intermediate Recovery
HOT Standby
Immediate Recovery
68
Roles & Responsibilities in Normal
Operation, Change during a Crisis
Situation
69
Extensive Testing &
Reviewing of the ITSCM Plan
Charge
s
Business IT IT Charge
Cost Analysis
Requirements Operational s
(IT
Plan (Incl. Accounting)
Budgets) Charge
Financial Cost
Targets Models s
Charging Policies
72
Charging
• Customers paying the full costs of
the IT services provided in a fair
manner (“…what you use is what
you pay for……”)
• Ensure that customers are aware of
the costs they spent on IT Services
and influence customer behavior by
advising them how to spend their
IT Funds
• Make formal evaluations of IT
services and plan for investments,
based on cost recovery and 73
Charging & Pricing Options
Charging
• No charging
• Notional Charging / Differential Charging
• Actual/Real Charging
Pricing
• Recover of costs
• Cost price plus
• Going Rate
• Market prices
• Fixed Price
74
Service Level
Management
&
Balance between:
How???:
– Know the requirements of the business
– Know the capabilities of the IT Organization
75
Goals of Service Level
Management
Dr
aft
Process
3
4
Ne
PERIODIC REVIEW
OL go
2
A’ Re ti
ate
sa vie
nd w
ex UC’
s,
MANAGE THE ONGOING PROCESS
ist
IMPLEMENT SLA’s
in
g
SL
A’
s
Mo
n ito Ag
r re
e
Re
po
rt
Re
vie
w
Define
Control
The Service Level Management
78
Execute
Contracts:
OLA’s
C
O
S
U II
n
T
e
u
L
C
t
p
A
s
re’
O
v
p
s rt’
o
s
n rli
a
m
g
ci
al
e
I
n
r
T
C
D (i 79
Service Quality Plan
(SQP)
• Internal service description of
responsibilities and delivery times to meet
the agreed service level(s)
• Objective:
– Controlled improvement of the IT
Service provided
82
Exam Preparation
83
BREAK A LEG!!!!!!!
ITIL
FO U N D A T I O N S
e
World Wid
d
Recognize
84