Version: 2008.05.01c Version: 2008.05.01c I N F O R M A T I O N T E C H N O L O G Y S E R V I C E S Breaking Down IT Silos Breaking Down IT Silos K P M G LLP
Jul 09, 2015
Version: 2008.05.01cVersion: 2008.05.01c
I N F O R M A T I O N T E C H N O L O G Y S E R V I C E S
Breaking Down IT SilosBreaking Down IT Silos
K P M G LLP
2
Key TakeawaysKey Takeaways
Environmental attributesEnvironmental attributes
Increasing business Increasing business demandsdemands
Introduce greater Introduce greater complexity & opennesscomplexity & openness
Technology can provide Technology can provide advantagesadvantages
Issue resolution more Issue resolution more complicatedcomplicated
Greater cross functional Greater cross functional dependenciesdependencies
Success enablersSuccess enablers
Ensure Ensure ““governancegovernance”” for for proper support proper support
Incorporate process Incorporate process updates into prepupdates into prep
Use tools to assistUse tools to assist
Execute against the planExecute against the plan
DonDon’’t forget your peoplet forget your people
3
The Challenge is Growing ExponentiallyThe Challenge is Growing Exponentially
Key developmentsKey developments
Growth of mobilityGrowth of mobility
Extension of the enterpriseExtension of the enterprise
Business expectations for instant gratificationBusiness expectations for instant gratification
Are leading us toAre leading us to
Unified CommunicationsUnified Communications
Federated connectivityFederated connectivity
Automated Provisioning of end to end serviceAutomated Provisioning of end to end service
ResultsResults
““On DemandOn Demand”” services and connectivityservices and connectivity
Significant Significant ““non employeenon employee”” accessaccess
More groups brought into “cross disciplinary” efforts
With resources pushed beyond their comfort zone
4
Existing SilosExisting Silos
Focused on individual, group or enterprise goals?Focused on individual, group or enterprise goals?
Services and support agreements clearly defined?Services and support agreements clearly defined?
Tied into legacy technologies and processes?Tied into legacy technologies and processes?
Understanding of other disciplines?Understanding of other disciplines?
Operating with blinders on?Operating with blinders on?
Open to learning new technologies and techniques?Open to learning new technologies and techniques?
““Who moved my cheese?Who moved my cheese?””
Entrenched operational models
can be difficult to overcome
5
IP Telephony Challenge – Silo Poster ChildIP Telephony Challenge – Silo Poster Child
Traditionally separate networks and organizationsTraditionally separate networks and organizations
Different cultures, technologies, skill setsDifferent cultures, technologies, skill sets
Organizations have NOT traditionally worked togetherOrganizations have NOT traditionally worked together
Must now cooperate for end to end serviceMust now cooperate for end to end service
Impacts both provisioning and supportImpacts both provisioning and support
Generates need for:Generates need for:
Definition of more granular servicesDefinition of more granular services
Agreement on Service LevelsAgreement on Service Levels
Next Generation IP Communication deployments Next Generation IP Communication deployments
become even more complexbecome even more complex
Increasing #Increasing #’’s of groups and applications incorporateds of groups and applications incorporated
Other technologies will challenge us as well…
6
802.1X Wired – End to End Security802.1X Wired – End to End Security
Access controlAccess control
Secure network via Directory Services authentication Secure network via Directory Services authentication
Nontraditional groups must work togetherNontraditional groups must work together
Client Client –– Network Network –– Directory Directory SvcsSvcs interaction challenges interaction challenges
traditional boundaries, roles & responsibilitiestraditional boundaries, roles & responsibilities
Generates need for:Generates need for:
Definition of more granular servicesDefinition of more granular services
Agreement on Service LevelsAgreement on Service Levels
Service failure has broad ramifications
7
802.1X Wired – End to End Security802.1X Wired – End to End Security
Need for definition of more granular services
Need for agreement on Service Levels
8
What to do?What to do?
Problems can seem insurmountableProblems can seem insurmountable
But inaction is not the answer!But inaction is not the answer!
Three pronged attack to address the issueThree pronged attack to address the issue
PeoplePeople
PlanPlan
ProcessProcess
Change required to reach the
Potential of new developments?
9
ProcessProcess
Follow Follow ““GovernanceGovernance”” structurestructure
Ensure commitments to full effort including supportEnsure commitments to full effort including support
Establish Establish ““feedbackfeedback”” looploop
Define services and support levelsDefine services and support levels
Does Does ““Service ManagementService Management”” become mandatory?become mandatory?
Can Enterprise Standards be enforced?Can Enterprise Standards be enforced?
ITIL/ITSM or similar structures can provide frameworkITIL/ITSM or similar structures can provide framework
Can automation facilitate success? Potential forCan automation facilitate success? Potential for……
Improving qualityImproving quality
Eliminating manual interventionEliminating manual intervention
Reducing organizational conflictsReducing organizational conflicts
10
Plan – Define Criteria for SuccessPlan – Define Criteria for Success
Customer satisfactionCustomer satisfaction
Business Units & End UsersBusiness Units & End Users
Realization of business and operational benefitsRealization of business and operational benefits
Increased revenuesIncreased revenues
Cost savingsCost savings
QualityQuality
Reduced time to provision/repairReduced time to provision/repair
Improved securityImproved security
Develop metrics to demonstrate progressDevelop metrics to demonstrate progress
Communicate aboveCommunicate above
11
Plan – Create Robust Support ModelPlan – Create Robust Support Model
Include Operational PerspectiveInclude Operational Perspective
Incorporate Services and Support AgreementsIncorporate Services and Support Agreements
Define Roles and ResponsibilitiesDefine Roles and Responsibilities
Use tools to facilitate creation of modelUse tools to facilitate creation of model
Use cases to define support scenariosUse cases to define support scenarios
RACI diagrams to delineate task ownershipRACI diagrams to delineate task ownership
Obtain signoff on both criteria and model!
12
RACI ExampleRACI Example
13
PeoplePeople
Can people work in cross disciplinary teams?Can people work in cross disciplinary teams?
Can resources learn new skills?Can resources learn new skills?
Do individuals feel Do individuals feel ““threatenedthreatened””??
Not a Not a ““linearlinear”” exercise exercise
Emotions and Politics can play major rolesEmotions and Politics can play major roles
Support for the transition? ApproachesSupport for the transition? Approaches……
TrainingTraining
Team buildingTeam building
MentoringMentoring
Job Rotations and ShadowsJob Rotations and Shadows
Clearly defined objectives with criteria for successClearly defined objectives with criteria for success
Technologists need structure!
14
ConclusionConclusion
Issues can sometimes seem insurmountableIssues can sometimes seem insurmountable
But the business benefits are too great to ignoreBut the business benefits are too great to ignore
Challenges can be overcome withChallenges can be overcome with
LeadershipLeadership
Open mindsOpen minds
ProPro--active planning andactive planning and
Strong executionStrong execution
Can you be a “silo-breaker” in your organization?
15
PresenterPresenter’’s contact detailss contact details
Peter J HughesPeter J Hughes
KPMG LLPKPMG LLP
(201) 505(201) 505--60846084
[email protected]@kpmg.com
http://www.kpmg.comhttp://www.kpmg.com
The information contained herein is of a general nature and is not intended to address the circumstances of any particular individual or entity. Although we endeavor to provide accurate and timely information, there can be no guarantee that such information is accurate as of the date it is received or that it will continue to be accurate in the future. No one should act on such information without appropriate professional advice after a thorough examination of the particular situation.
©2005 KPMG LLP, the U.S. member firm of KPMG International, a Swiss cooperative. All rights reserved.
16
BackgroundBackground
17
PremisePremise
IT comprises technology and process silosIT comprises technology and process silos
Technology developments and market forces can Technology developments and market forces can
outpace organizational structuresoutpace organizational structures
Techniques can be used to successfully break down Techniques can be used to successfully break down
these silosthese silos
Can you be a silo-breaker in your organization?
18
Impactful Events - ExamplesImpactful Events - Examples
Technology shiftsTechnology shifts
IP Telephony causes voice and network operations IP Telephony causes voice and network operations
to combineto combine
Metro Ethernet requires LAN and WAN groups to Metro Ethernet requires LAN and WAN groups to
mergemerge
MultiMulti--function devices drive the need for changefunction devices drive the need for change
E.g., VPN/Remote Access/Firewalls and Internet GatewaysE.g., VPN/Remote Access/Firewalls and Internet Gateways
19
Impactful Events – Examples (cont’d)Impactful Events – Examples (cont’d)
Increasing business requirementsIncreasing business requirements
Improving application performance requires network Improving application performance requires network
and security operations to work closely togetherand security operations to work closely together
Faster time to market Faster time to market -- cross disciplinary efforts needed cross disciplinary efforts needed
to facilitate rapid deploymentsto facilitate rapid deployments
802.1X troubleshooting and support requires integrated 802.1X troubleshooting and support requires integrated
testing across multiple infrastructure teamstesting across multiple infrastructure teams
Change required to reach
the potential of these developments
20
IP Telephony Challenge – Silo Poster ChildIP Telephony Challenge – Silo Poster Child
Traditionally separate networks and organizationsTraditionally separate networks and organizations
Different cultures, technologies, skill setsDifferent cultures, technologies, skill sets
Organizations have NOT traditionally worked togetherOrganizations have NOT traditionally worked together
Must now cooperate for end to end service provisioning Must now cooperate for end to end service provisioning
and supportand support
Generates need for:Generates need for:
Definition of more granular servicesDefinition of more granular services
Agreement on Service LevelsAgreement on Service Levels
Next Generation IP Communication deployments Next Generation IP Communication deployments
become even more complexbecome even more complex
Increasing #Increasing #’’s of groups and applications incorporateds of groups and applications incorporated
21
IP Telephony Challenge – Traditional VoiceIP Telephony Challenge – Traditional Voice
Historical End to End Service Levels Understood
22
IP Telephony Challenge – VoIP EnvironmentIP Telephony Challenge – VoIP Environment
IDC
Need for definition of more granular services
Need for agreement on Service Levels
23
RACI ExamplesRACI Examples
Application Performance TestingApplication Performance Testing
Application Intake ProcessApplication Intake Process
Network Storage MaintenanceNetwork Storage Maintenance
App Performance Testing
App Intake Process
Network Storage Support
24
A Brief 802.1X Wired TutorialA Brief 802.1X Wired Tutorial
25
What is 802.1X?What is 802.1X?
An IEEE 802.1X standardAn IEEE 802.1X standard
An access control and authentication protocol An access control and authentication protocol
Restricts unauthorized clients/machines from Restricts unauthorized clients/machines from
connecting to LAN switch portsconnecting to LAN switch ports
Authentication servers verify each client/machine that Authentication servers verify each client/machine that
connects to a switch port before providing it access connects to a switch port before providing it access LAN Switch
“Authenticator”
Laptop
“Supplicant”
RADIUS
“Authentication
Server”
Directory
Services
802.1X RADIUS
EAP
26
Technology Definition - SupplicantTechnology Definition - Supplicant
The host or client The host or client -- must be running 802.1X compliant must be running 802.1X compliant
softwaresoftware
The supplicant/client requests access to the LAN and The supplicant/client requests access to the LAN and
can respond to requests from the switch (or can respond to requests from the switch (or
authenticator)authenticator)
LAN Switch
“Authenticator”
Laptop
“Supplicant”
RADIUS
“Authentication
Server”
Directory
Services
802.1X RADIUS
EAP
27
Technology Definition - AuthenticatorTechnology Definition - Authenticator
LAN switch LAN switch -- speaks the 802.1X language on behalf of speaks the 802.1X language on behalf of
the client with the backend authentication serverthe client with the backend authentication server
The client will send EAPOL frames to the switch who The client will send EAPOL frames to the switch who
will in turn encapsulate EAP into a Radius frame and will in turn encapsulate EAP into a Radius frame and
will send off to the authentication server.will send off to the authentication server.LAN Switch
“Authenticator”
Laptop
“Supplicant”
RADIUS
“Authentication
Server”
Directory
Services
802.1X RADIUS
EAP
28
Technology Definition - Authentication ServerTechnology Definition - Authentication Server
RADIUS device - performs the actual authentication of
the client
The authentication server validates the identity of the
client and informs the authenticator (LAN switch),
which allows the client access to the switch
Authentication server accesses Directory ServicesLAN Switch
“Authenticator”
Laptop
“Supplicant”
RADIUS
“Authentication
Server”
Directory
Services
802.1X RADIUS
EAP
29
GlossaryGlossary
802.1X 802.1X –– Industry (IEEE) standard, protocol for access control and autheIndustry (IEEE) standard, protocol for access control and authenticationntication
ACS ACS –– Access Control ServerAccess Control Server
Authenticator Authenticator –– aka LAN switchaka LAN switch
Authentication Server Authentication Server –– aka RADIUS deviceaka RADIUS device
DHCP DHCP –– Dynamic Host Configuration ProtocolDynamic Host Configuration Protocol
DNS DNS –– Domain Name SystemDomain Name System
DR DR –– Disaster RecoveryDisaster Recovery
EAP EAP –– Extensible Authentication ProtocolExtensible Authentication Protocol
EAPOL EAPOL –– EAP over LANEAP over LAN
IEEE IEEE –– Institute of Electrical and Electronics EngineersInstitute of Electrical and Electronics Engineers
LAN LAN –– Local Area NetworkLocal Area Network
NAC NAC –– Network Access/Admission ControlNetwork Access/Admission Control
RADIUS RADIUS –– Remote Authentication DialRemote Authentication Dial--In User ServiceIn User Service
Supplicant Supplicant –– 802.1X compliant client software component802.1X compliant client software component
VLAN VLAN –– Virtual Local Area NetworkVirtual Local Area Network
WINS WINS –– Windows Internet Name ServiceWindows Internet Name Service