ITIL Overview Presented By: ADNAN ABBAS
Nov 14, 2014
ITIL Overview
Presented By: ADNAN ABBAS
Today’s TopicsIT Organizations Current ChallengesIT Organization focus Today vs TomorrowService & IT Service ManagementITIL
HistoryProblem DefinitionWHY ITILTen Core processes of ITILService Lifecycle
Key Concepts to understandCORE ITSM Components
•Service Strategy•Service Design•Service Transition•Service Operation•Continual Service Improvement•Benefits of These Core Components•Change Management Process explained in ITIL•Helpdesk Management Process explained in ITIL•Benefits of ITSM•Conclusions and Recommendations
Today’s Topics
Business Challenges
IT Responsibilities
Minimizing risk in a dynamic business scenario
Minimizing cost & time-to-market
Improving ROI
Increasing Business Performance
IT enables the business to meet its goals
Ensuring a stable & flexible IT environment
Optimizing resources & costs
Minimizing costs & complexity
Adapting quickly to changing needs
IT Organization Current Challenges
The IT organization of the future will have a different
focus
SERVICE
“ A service is a means of delivering value to customers by facilitating the outcomes that customers want to achieve without the ownership of specific costs and risks.”
What is an IT Service?
An "IT Service" is a set of IT-related functions (HW & SW)
User Web Server Application Server Database Server
What is IT Service Management?IT Service Management is the totality
of IT Service Provision, including the management of the infrastructure and the environment
IT Service IT Service IT Service IT Service
INFRASTRUCTURE ENVIRONMENT
Good IT Service Management ensures that Customerrequirements; and expectations are met with consistency.
IT Service Management Objectives
•To align IT Services with the current and future needs of the Business and its Customers•To improve the quality of the IT services delivered•To reduce the long term cost of service provision
Needs
Cost Quality
Key Elements
Customer / End UsersService Manager / Team
PEOPLE Production Acceptance
TeamExecutive Sponsor
Change Control
Hardware
Problem Management Software
PROCESS PRODUCTS
Project Manager / TeamSuppliers / Outsourcers
Capacity Planning
ConfigurationManagement
PARTNERS
Tools / Technology
ITIL : Information Technology Infrastructure Library
• Developed in late 1980s in the UK in response to growing dependence on IT
• Now a public body of knowledge for Service Management best practices
• Helps organizations improve service levels and reduce the cost of IT operations
• A framework, defining ten interlocking processes for service support and service delivery
• Also provides guidance on IT security, business management
• The ten ITIL processes are described in two volumes:
- Service Support focuses on management of essential operational processes
- Service Delivery on strategic management of the IT services
The History behind ITIL
1980s
1990s
2000s
ITIL Version 1 ITIL
Version 2
British civilservice
10+30 books2+N books
The NetherlandsRest of the
world
ITILVersion 3
2+N books
Defining the Problem
WHY ITIL? Because IT is critical to the Business
ITIL is process-oriented
Processes
Roles
People
Subtasks
Leaders
Middle mgmt
Employees
Areas of work
ITIL
Tra
dit
ion
ally
Top-down, controllingareas of responsibilityTask-oriented, non-hierarchical
Ten core processes of ITIL (… and one function)
Service Desk
Incident mgmt
Problem mgmt
Config. mgmt
Change mgmt
Release mgmt
Service Level mgmt
Financial mgmtfor IT-services
Capacity mgmt
IT Services Continuity mgmt
Availability mgmt
ITIL
What ITIL is not?A complete blue-print, but bricks and
material from which you can build your own building depending on your needs.
A quick fix, but a set of processes that you have to build into the mind-set of your employees, and which must be continually updated and improved.
Something you buy, although you can buy help to implement it, the core of the work is changing your own organization and how it thinks and functions.
Another method of control, but a way of setting up your organizaton so that it works towards the goals without controlling management.
ITIL Service Lifecycle
Five Phases of ITILv3
ITIL: the process improvement program
Typical program elements
People • Allocate roles and responsibilities (reorganization?)
• Align skills to business needs
• Organize ITIL training and motivation
• Project/change management
Processes • Define processes and process tasks and document
• Define process metrics/KPIs
• Integrate process information
• Initiate customer survey cycle
Tools • Process automation, process integration
• Asset management repository
• Configuration management database (CMDB)
• Business service definition and mapping
“ Think of ITIL not as a destination, but as a vehicle you can use to help you travel more quickly and efficiently on your ongoing journey of continuously improving service levels”
ITIL is a CATALYST for transforming IT.Traditionally IT has operated in functional silos with separate goals and objectives. But in Today’s environment, IT is changed with transforming itself into a service oriented culture, where cross functional teams are unified in the common pursuit of service excellence and business alignment.
ITIL is DESCRIPTIVE versus
PRESCRIPTIVE
ITIL describes what needs to be done to improve service,BUT
It does not explain how to do it.
Key ConceptsConfiguration Management System (CMS)
Tools and databases to manage IT service provider’s configuration data
Contains Configuration Management Database (CMDB)Records hardware, software, documentation and anything else
important to IT provision
ReleaseCollection of hardware, software, documentation, processes
or other things require to implement one or more approved changes to IT Services
Key ConceptsIncident
Unplanned interruption to an IT service or an unplanned reduction in its quality
Work-aroundReducing or eliminating the impact of an incident without
resolving itProblem
Unknown underlying cause of one or more incidents
Key Concepts
Processes(s): are structured sets of activities designed to achieve a specific objective. Function(s): are self-contained subsets of an organization intended to accomplish specific tasks. They usually take the form of a team or group of people and the tools they use.
“Processes help organizations accomplish specific objectives often across multiple functional groups”whereas“Functions add structure and stability to organization”
•Roles: are defined collections of specific responsibilities and privileges. Roles may be held by individuals or teams. Individuals and teams may hold more than one role. ITIL® emphasizes a number of standard roles include, most importantly: •Service Owner -- Accountable for the overall design, performance, integration, improvement, and management of a single service. •Process Owner -- Accountable for the overall design, performance, integration, improvement, and management of a single process. •Service Manager -- Accountable for the development, performance, and improvement of all services in the environment. •Product Manager – Accountable for development, performance, and improvement of a group of related services.
Key Concepts
More RolesBusiness Relationship ManagerService Asset & Configuration
Service Asset ManagerService Knowledge ManagerConfiguration ManagerConfiguration AnalystConfiguration LibrarianCMS tools administrator
CORE ITSM COMPONENTS
What are we going to provide? Can we afford it? Can we provide enough of it? How do we gain competitive advantage? Perspective
Vision, mission and strategic goals Position Plan Pattern
Must fit organisational culture
Resources Things you buy or pay for IT Infrastructure, people, money Tangible Assets
Capabilities Things you grow Ability to carry out an activity Intangible assets Transform resources into Services
Prioritises and manages investments and resource allocation
Proposed services are properly assessed Business Case
Existing Services Assessed. Outcomes: Replace Rationalise Renew Retire
Service Design
• How are we going to provide it?• How are we going to build it?• How are we going to test it?• How are we going to deploy it?
Processes in Service Design
• Availability Management• Capacity Management• ITSCM (disaster recovery)• Supplier Management• Service Level Management• Information Security Management• Service Catalogue Management
Service Level Management• Service Level Agreement
– Operational Level Agreements• Internal
– Underpinning Contracts• External Organisation• Supplier Management
– Can be an annexe to a contract– Should be clear and fair and written in easy-to-
understand, unambiguous language• Success of SLM (KPIs)
– How many services have SLAs?– How does the number of breaches of SLA change over
time (we hope it reduces!)?
Things you might find in an SLA
Types of SLA
• Service-based– All customers get same deal for same services
• Customer-based– Different customers get different deal (and
different cost)
• Multi-level– These involve corporate, customer and service
levels and avoid repetition
Right Capacity, Right Time, Right Cost!
• This is capacity management• Balances Cost against Capacity so minimises
costs while maintaining quality of service
Is it available?
• Ensure that IT services matches or exceeds agreed targets
• Lots of Acronyms– Mean Time Between Service Incidents– Mean Time Between Failures– Mean Time to Restore Service
• Resilience increases availability– Service can remain functional even though one or
more of its components have failed
ITSCM – what?
• IT Service Continuity Management• Ensures resumption of services within agreed
timescale• Business Impact Analysis informs decisions
about resources– E.g. Stock Exchange can’t afford 5 minutes
downtime but 2 hours downtime probably wont badly affect a departmental accounts office or a college bursary
Standby for liftoff...
• Cold– Accommodation and environment ready but no IT
equipment
• Warm– As cold plus backup IT equipment to receive data
• Hot– Full duplexing, redundancy and failover
Information Security Management
• Confidentiality– Making sure only those authorised can see data
• Integrity– Making sure the data is accurate and not
corrupted
• Availability– Making sure data is supplied when it is requested
Service Transition
Build Deployment Testing User acceptance Bed-in
Good service transition
Set customer expectations Enable release integration Reduce performance variation Document and reduce known errors Minimise risk Ensure proper use of services Some things excluded
Swapping failed device Adding new user Installing standard software
Knowledge management
Vital to enabling the right information to be provided at the right place and the right time to the right person to enable informed decision
Stops data being locked away with individuals
Obvious organisational advantage
Data-Information-Knowledge-Wisdom
Wisdom cannot be assisted by technology – it only comes with experience!
Service Knowledge Information Management System is crucial to retaining this extremely valuable information
Service Asset and Configuration Managing these properly is key Provides Logical Model of Infrastructure
and Accurate Configuration information Controls assets Minimised costs Enables proper change and release
management Speeds incident and problem resolution
Configuration Management System
BASELINE
A Baseline is a “last known good configuration”
But the CMS will always be a “work in progress” and probably always out of date.
Current configuration will always be the most recent baseline plus any implemented approved changes
Change Management – or what we all get wrong! Respond to customers changing business
requirements Respond to business and IT requests for
change that will align the services with the business needs
Roles Change Manager Change Authority
Change Advisory Board (CAB) Emergency CAB (ECAB)
80% of service interruption is caused by operator error or poor change control (Gartner)
Change Types
Normal Non-urgent, requires approval
Standard Non-urgent, follows established path, no
approval needed Emergency
Requires approval but too urgent for normal procedure
Change Advisory Board
Change Manager (VITAL) One or more of
Customer/User User Manager Developer/Maintainer Expert/Consultant Contractor
CAB considers the 7 R’s Who RAISED?, REASON, RETURN, RISKS,
RESOURCES, RESPONSIBLE, RELATIONSHIPS to other changes
Release Management
Release is a collection of authorised and tested changes ready for deployment
A rollout introduces a release into the live environment
Full Release e.g. Office 2007
Delta (partial) release e.g. Windows Update
Package e.g. Windows Service Pack
Phased or Big Bang?
Phased release is less painful but more work
Deployment can be manual or automatic
Automatic can be push or pull Release Manager will produce a release
policy Release MUST be tested and NOT by
the developer or the change instigator
Service Operation
• Maintenance• Management• Realises Strategic Objectives and is where the
Value is seen
Processes in Service Operation
• Incident Management• Problem Management• Event Management• Request Fulfilment• Access Management
Functions in Service Operation
• Service Desk• Technical Management• IT Operations Management• Applications Management
Service Operation Balances
Incident Management
• Deals with unplanned interruptions to IT Services or reductions in their quality
• Failure of a configuration item that has not impacted a service is also an incident (e.g. Disk in RAID failure)
• Reported by:– Users– Technical Staff– Monitoring Tools
Event Management
• 3 Types of events– Information– Warning– Exception
• Can we give examples?• Need to make sense of events and have
appropriate control actions planned and documented
Request Fulfilment
• Information, advice or a standard change• Should not be classed as Incidents or Changes• Can we give more examples?
Problem Management
• Aims to prevent problems and resulting incidents• Minimises impact of unavoidable incidents• Eliminates recurring incidents• Proactive Problem Management
– Identifies areas of potential weakness– Identifies workarounds
• Reactive Problem Management– Indentifies underlying causes of incidents– Identifies changes to prevent recurrence
Access Management
• Right things for right users at right time• Concepts
– Access– Identity (Authentication, AuthN)– Rights (Authorisation, AuthZ)– Service Group– Directory
Service Desk• Local, Central or Virtual• Examples?• Single point of contact• Skills for operators
– Customer Focus– Articulate– Interpersonal Skills (patient!)– Understand Business– Methodical/Analytical– Technical knowledge– Multi-lingual
• Service desk often seen as the bottom of the pile– Bust most visible to customers so important to get right!
Continual Service Improvement
• Focus on Process owners and Service Owners• Ensures that service management processes
continue to support the business• Monitor and enhance Service Level
Achievements• Plan – do –check – act (Deming)
Service Measurement
• Technology (components, MTBF etc)• Process (KPIs - Critical Success Factors)• Service (End-to end, e.g. Customer Satisfaction)• Why?
– Validation – Soundness of decisions– Direction – of future activities– Justify – provide factual evidence– Intervene – when changes or corrections are needed
Benefits of ITIL Service Strategy Alignment of new & changing services to
organizational strategy Supports business cases for investment Resolves conflicting demands for services Improves service quality by strategic planning Ensures that organizations can manage the costs
and risks associated with their Service Portfolios
Benefits of ITIL Service Design Agreeing service level agreements with
internal departments and external third party suppliers
Measuring IT quality in business terms Reduced total cost of ownership
Improved quality/consistency of service
Improved IT governance
More effective Service Management
Benefits of ITIL Service Transition Align the new or changed service with the
Organization’s requirements & business operations
Ability to adapt quickly to new service requirements
Improved success rate of changes Improved organisational agility and flexibility Provides a consistent & rigorous framework for
evaluating the service capability & risk before a new or changed service is released
Benefits of ITIL Service Operation• Delivering & managing services at agreed
levels to Organizational customers & users• Management & monitoring of the technology
that is used to deliver & support services• Management of Incidents, including Major
Incidents, & ensuring recovery of service• Ensuring the appropriate IT organisation is in
place to support the overall service requirements of the Organization
• Cost-effective Service Delivery
Benefits of ITIL Continual Service Improvement
Commitment to ongoing service quality Ongoing improvements to service & supporting
processes Review & implementation of appropriate
business-focused service measures ROI (Return on Investment) VOI (Value on Investment) Continual improvement becomes part of
“Business as Usual”
Change Management process explained in ITIL
• It is one of the most central and most important ITIL processes
• Everything that changes a status in a CI in CMDB in ITIL• Change mgr should have a good broad overview, some
in-depth knowlegde in key areas, and know lots of the local history.
Relationship to other processes
Changemgmt
Releasemgmt
Config.mgmt
Problem mgmt
Incident mgmt
Capacity mgmt
Availability mgmtIT servicecont mgmt
Service levelmgmt
Goal
• Ensure that all changes are performed in a structured, documented and well-planned process.
• Balance between flexibility (what needs to be done right now) and stability (so that changes does not break anything.
Rôles
• Change manager• Change coordinator• Change Advisory Board (CAB)
– Change mgr, Service Level mgr, repr/service desk, repr/problem mgmt, management, business rep, user reps, development rep, system administrators, vendor reps.
• CAB/Emergency Commitee (CAB/EC)– Only the most essential members of CAB.
ActivitiesRFC submission, Recording
Acceptance; filtering RFCs
Confi
gura
tion
mgm
t pro
cess
es in
fo
and
mon
itors
the
stat
us o
f CIs
Classification, category and priority
Urgent?
Planning; Impact and Resources
Coor
dina
tion
Build Test
Implement Working
Evaluation and Close
Rejection,possibly new RFC
Start back-outplan
Urgent procedures
Yes
No
Registration of an RFC
• Identification number• References to problems and known errors• Description and references to CIs involved• Rationale for the change• Current and future CIs that will be changed• Name and contact info for the person that
suggested the RFC• Date etc• Overview of resource usage and time estimates
Acceptance
The process of accepting an RFC, has as its goal to filter out proposed changes that are
incomplete, impractival, impossible, too expensive, unclear, that is untimely (must
wait to a better time), or that has unwanted consequences.
Further information in an RFC
• Data on categorization and priority• Estimate on how it will affect the rest of the system• Recommendations from change mgr• History of the handling of this RFC, including acceptance and
autorization• Plans for backup• Requirements for maintenance• Plan for implementation• Roles for the implementation phase, including casts• Timing for the implementation• Timing for evaluation• Test results and observed problems• If the change is rejected, a reason why• Information on scenarios and evaluation
Classification
Priority:• Low (postponable)• Normal • High • Urgent (must do
now)
Categories• Low impact• Significant impact• Great impact
Planning and Acceptance
Three levels of acceptance:• Financial (can we
afford this? Cost/benefit?)
• Technical (is it doable and is it smart to do it?)
• Business (is it constructive compared to focus of what we do as an organization?)
• Forward Schedule of Change (FSC): overview over future, planned changes
• CAB should discuss: 1. Unautorized changes2. Autorized changes that
shortcut the CAB3. RFCs for review in CAB4. Changes that is open or that
was recently closed. 5. Review of changes that have
been implemented.
Coordination
Key notions:• Iterative process• Should be tested in a
laboratory• Holistic view: SW, HW,
docs, procedures etc…• RFC is the plan that
controls the changes• No change without a RFC
Build
Test
Implement
Evaluation
There should be a Post-implementation Review (PIR) after the completion of the change. This must be governed by the CAB.
• Was the goals for the change achieved?
• What is (if relevant) the satisfaction of the users?
• Was any side effects discovered after this change?
• Was the change on budget and on time?
• Are there any points to follow up?
Standard changes
• For small, structured, frequent, trivial and easily understandable changes, it is possible to give acceptance in advance – as a standard change.
• Std chg are like templates or procedures which are to be used in certain, predefined situations with-out further process.
• Std chg must be logged, but Change mgr is not involved in each specific case.
Emergency changes
• If absolutely necessary, every non-essential, non-technical stage can be circumvented …
• … but the procedures for such must be defined for the organization in advance:– CAB/EC is a sub-set of CAB and it is easier to arrange for
a meeting – Change mgr can make decisions by himself– Testing, documentation etc can be done post factum.
• Important: all shortcuts must be evaluated afterwards.
Reporting
Reports:• Number of changes pr time
unit and pr CI• Overview of origin for
changes and RFCs• No of successful changes• No of back-outs• No of incidents that can be
related to changes• Graphs and trends
Performance indicators:• No of changes pr time unit.• Avg time to perform a
change• No of rejected changes• No of incidents that can be
related to changes• No of back-outs• Costs related to changes• Share of changes that is
within time and budget
Input and output
Changemgmt
RFC
CMDB
FSC (forward schedule of change)FSC
History
Reports
Triggers for other proc
HelpdeskIT-sysadmin-
staffCustomers
Single point ofentry
E-mailPhysicalaccess
TelephoneWebChatPorjects Interrupt-
controlled
To maintain control over the speed To make things more uniform for the users To prioritize between different tasks To get an overview over which tasks
remains To limit interruptions to a small part of
the organization Centralize expertize on user
communication
Not everybody is suitable for work there …
Consider interior and location Estimate sufficient staffing Announce it actively, target user groups Monitor it for performance Use relevant tools to support the
helpdesk
If we stopped caring about the customers, maybe they would stop bothering us?
Location An area where lots of people pass by Preferably a neutral area
Interior: Sufficient room (space and air) Friendly colors and furniture No ’hang-arounds’, ’old friends’ or
’pentioneers’
Ratio between helpdesk staff and users depends on the situation:
University environment (emploees): 50-100
Students: 300-2000 ISP: 5000-50000Note: these numbers are only examples
(and they change all the time)
“Nobody” read thedocumentation
Docs must beEspecially designed
Location
Timing
Repetition
Variation
Focus
Briefness
Comprehensible Relevance &Usefulness
Number of customers by helpdesk staffer
Volume of contact, and the change over time to this volume
Degree of fulfillment of SLA Need for personalized training and
education Share of incidents that is escalated
Problem
Symptom
Error message
First feedback
Analysis
Fixing Final feedback
Closure
1 minute
10 minutes
1 hour
Note: the timesgiven is just examples for discussion
Priority Ownership Contact-info and
customer info Timestamps Refs to CIs Status Categorizations History
Connect similar cases Close old cases Dispatch cases Make statistics Search in old cases Prioritize between
cases Escalate cases
Coverage – How many are covered by the error (1 – 5 – 100 – all)?
Severity – what is the consequence if the error is not corrected (beauty-error – inconvenience – error – crisis)?
Frequency – how often does this error ocurr? (continually – daily – monthly – once)?
Status – how important is the reporter of the error (your boss -- paying – non-paying)
New
Open
More info
Archived
ClosedWait
In work
Analysed
Which machines and applications Who can contact the helpdesk Where can they get help When can they get help How long must they expect to wait How is the incident escalated
WelcomeProblem
identificationPlanning and
execution Verification
Greet them ClassificationDescriptionVerification
AlternativesSelection a
SolutionImplementation
By sysadminBy userClosure
This phase is often under-estimated (But, it is just a nice ’hello’)
It is often a critical phase – it is a first impression, and some users can easily feel dismissed.
If done well, it will facilitate the next message from that user.
1. Classification – which area is this problem within. Might be partly automatic
2. Description – Make a short and explicit description of the incident,
3. Verification – check that the problem is reproducible
Suggest different solutions – maybe on temporary for ’today’ and a possible permanent for the future. Often a task for experts
Select a solution – prioritize between the solutions, involve the user, and a suitable solution.
Execution – let a sysadmin execute the solution if neccessary, or otherwise help the user
Sysadm-verification – Let those who have changed something or suggested a solution test it before forwarding it to the user
User-verification – Let the user himself test the solution, and come with feedback on whether the solution worked or not.
The bogeyman – frightens the user away … no workThe forwarder – sends the user somewhere elseThe assumptionist – knows what the problem is, even
without having studied the problem and symptomsThe conceptualist – who fixes minor things by
changing ’everything’ The typo-ist – who never is able to write docs,
commands, or scripts without typos.Hit-and-run-Sysadm – comes, writes commands, runs
(doesn’t tests)The Sandman – closes ticket – nice and quetly
The Benefits of ITSMCut IT costs•Streamline IT support through automation of processes•Optimize resource usage through better visibility and planning•Measure, monitor and reduce cost of service provision
Maximize productivity and customer retention through better services and support•External IT support is more responsive and consistent, increasing customer satisfaction and retention•Internal IT support is more effective, keeping business users productive and increasing capacity to generate revenue
Gain a competitive edge through increased agility•Become more responsive to the needs of the business•Streamline IT support and drive a transformation from reactive to proactive IT•Take new lines of business to market quicker through faster delivery of supporting IT services
Mitigate risk and ensure business continuity•Plan changes and assess impact•Escalate decision-making to management
Conclusions and recommendations
ITIL is an enabler for process improvementA combination of processes/people/tools is requiredOnly tools can provide effective automationThe tool investments will generate ROI, not the “ITIL
project”Always measure your progress by measuring before and
after process improvementsIT process planning tool — other departments may
already have a tool to plan/measure business processes
ITIL v3 Certification Roadmap
Thank You