Upload
debra-harper
View
215
Download
1
Tags:
Embed Size (px)
Citation preview
STORAGE MANAGEMENT/EXECUTIVE:
ITIL®
and Other Best Practices Frameworks
Jim DamoulakisCTO, GlassHouse [email protected]. 21, 2004
OutlineBest practices frameworks
• Drivers
• Benefits
ITIL®
• What is it?
• Who owns it?
• How do you use it?
Other “standards”
• CMM
• COBIT
• COSO
ITIL® is a registered trade mark of OGC
Outline (2)How does this fit with storage?
• Improving storage management – need more than tools
• Managing increasing complexity and controlling cost
• Realization that you can’t take advantage of new technology without fixing the process
• Better services at lower cost
GH SML
• What is it?
• How does it fit with the frameworks?
• Usage examples
Best practices frameworks
Process rediscovered?
Increased accountability – compliance
Aligning IT with business – more than lip service
Growth is too difficult to manage
Reduce risk
Improve effectiveness
Improve cost
ITIL: What?
IT Infrastructure Library (ITIL)
• “ITIL is the most widely accepted approach to IT
service management in the world.”
• A best practices approach for IT service
management
• A framework to structure new and existing methods
and activities
• De facto standard (Real standard is BS15000)
• Quality focus
ITIL: Who?UK Office of Government Commerce (OGC)
• Holder of copyright
• Also oversees PRINCE2
itSMF: IT Service Management Forum
• Drives much of the ITIL definition and qualification
criteria
Publications
Training
Certifications (people, not organizations)
ITIL framework publications
Source: Pink Elephant
Service delivery
Service level management
Financial management for IT services
Capacity management
IT services continuity management
Availability management
Service support
Incident management
Problem management
Configuration management
Change management
Release management
Capability maturity model: Carnegie Mellon SEI
Level Name Description
1 Initial Ad-hoc, reactive, “firefighting”
2 Repeatable Proactive, trained people
3 DefinedDocumented, standardized products and
procedures
4 Managed Metrics for deliverables and processes
5 Optimizing Continuous improvement with feedback
Control OBjectives for Information and related Technology (COBIT
®
)
Controlled by the IT Governance Institute (ITGI) and Information Systems Audit and Control Association (ISACA)
Framework for governance of IT
“Developed as a generally applicable and accepted standard for good Information Technology (IT) security and control practices that provides a reference framework for management, users, and IS audit, control and security practitioners”
CobiT domains:
Planning & organization
Acquisition &
implementation
Delivery & support
Monitoring
Compliance auditing
COSO internal control – Integrated
framework• Committee of Sponsoring Organizations of the
Treadway Commission
• Blessed by SEC and PCAOB as approved IT
governance framework
• Five components:
Control environment
Risk assessment
Control activities
Information and communication
Monitoring
How does this apply to storage?
ITIL, COBIT, COSO do not discuss storage
specifically
Goals of effectiveness and efficiency are
the same across IT
Storage adds the problem of persistence
Need for a storage-specific framework
The GlassHouse Storage Management Lifecycle™
A framework of best practice for the planning, management and operation of the storage environment
A guide to the steps needed to align, plan, design and purchase the storage infrastructure
A road map for the development of policies and standard operating procedures needed for efficient and compliant storage management
Supportive of international standards on compliance
Phase 1Planning
Phase 2 Provisioning
Phase 3Maintenance
Phase 4Customer
Care
Source: GlassHouse Technologies Inc. 2004
Storage Management Lifecycle
Phase 1: Planning
1.1Strategy
1.2 Policies
1.3Discovery
Phase 1.4Requirements
Source: GlassHouse Technologies Inc. 2004
Phase 2: Provisioning
2.1Purchasing
2.2 Change Control
2.3Activation
Phase 2.4Service
Acceptance
Source: GlassHouse Technologies Inc. 2004
Phase 3: Maintenance
3.1ServiceDelivery
3.2 InfrastructureManagement
3.3ServiceSupport
Phase 3.4Compliance
Source: GlassHouse Technologies Inc. 2004
Phase 4: Customer Care
4.1Service
Ordering
4.2 Service
Fulfillment
4.3ServiceQuality
Source: GlassHouse Technologies Inc. 2004
4.4Alignment
Check
Domain Activities Tasks Focus Areas
Planning 4 28 89
Provisioning 4 25 56
Operations & Maintenance
4 21 51
Client Care (end user)
3 16 16
Technical Requirements
PrimaryEnvironment
Reference Architecture
Example: Breakout of planning phase and tiered, detailed activities and tasks
PlanningPlanning
StrategyStrategy
PoliciesPolicies
Discovery of environment
Discovery of environment
Technical requirementsTechnical
requirements
Business Drivers, Service Levels required, Financial criteria
Demarcation lines, storage group roles, data classification, expense request, capacity planning, security, technology directions,
communications
Primary environment, server environment, storage network environment, data
identification, backup environment, DR environment, archiving environment, policies, procedure, tools environment, organization
structure, application environment
Group service levels, define COS attributes, develop reference architecture, establish financial parameters, establish standard
operating procedures
Phase TasksActivity
√ indicates match to GH SML activity
(BP) Business Perspective1. Business continuity √ 2. Partnerships and outsourcing3. Surviving change4. Transformation of business practice
(SD) Service Delivery1. Capacity management √2. Financial management √3. Availability management √4. Service level management √5. Service continuity management √
(SS) Service Support1. Service desk √2. Incident management √3. Problem management √4. Configuration management √5. Change management √6. Release management √
(IM) Infrastructure Management1. Network service management √2. Operations management √3. Management of local processors √4. Computer installation and acceptance √5. Systems management √
ApplicationManagement
Mapping the ITIL framework to the SML
Engagement objectives - Capability maturity model
SML CMM - Phase Activity Gap Analysis
0
1
2
3
4
5Discovery
Capacity Planning
Requirements Analysis
Storage Policies
Storage Procedures
Change Control
RequisitioningStorage Provisioning, Activation
Service Acceptance
Management
Operations
Cost Accounting
Service Assurance
Planning
Provisioning
Maintenance & Operations
Cust Care
------ Current State
------ Desired State
Key findings: Fragile storage utility model
Business unit concerns – Availability
Single tier of service – Cost & need mismatch
No service level agreements – Need & value mismatch
Cost model constraints – Not tiers, no penalties,
no BU$
Virtual storage team – Authority &
accountability mismatch
Mature management practices – Under development
One level data protection – Cost & need mismatch
No lab environment – Cost & risk mismatch
Overall maturity level
Short Term1.0 1.0Training
Long Term1.0 2.0Retirement
Immediate2.0 3.0Security
Long Term2.0 2.0Authorization
Immediate1.0 2.0Data Migration
Immediate2.0 2.0Data Protection
Long Term1.0 2.0Testing
Immediate1.0 2.0Asset Management
Immediate2.0 2.0Device Management
Short Term2.0 2.0Fault Response
Short Term2.0 2.0Monitoring
Long Term
Immediate
Immediate
Immediate
Short Term
Priority
1.0 2.0Quota Management
1.0 2.0Configuration Management
2.0 2.0Resource Management
2.0 2.0Reporting
3.0 3.0Change Control
MaturityActivity
Short Term1.0 1.0Training
Long Term1.0 2.0Retirement
Immediate2.0 3.0Security
Long Term2.0 2.0Authorization
Immediate1.0 2.0Data Migration
Immediate2.0 2.0Data Protection
Long Term1.0 2.0Testing
Immediate1.0 2.0Asset Management
Immediate2.0 2.0Device Management
Short Term2.0 2.0Fault Response
Short Term2.0 2.0Monitoring
Long Term
Immediate
Immediate
Immediate
Short Term
Priority
1.0 2.0Quota Management
1.0 2.0Configuration Management
2.0 2.0Resource Management
2.0 2.0Reporting
3.0 3.0Change Control
MaturityActivityCurrent TargetPrioritization of
process development plan by:
• Impact
• Level of effort
SLA Development SimulationDevelop & Publish draft SLA’s
Storage management road map
Foundation
Optimize
Compliance
Architecture
Key MetricsDevelop and
Implement Key Performance
Indicators and Key Risk Indicators
Base SOP’sDevelop key Standard operating procedures with compliance, completion and quality artifacts
ILM StrategiesDevelop ILM strategies for DB information, and email
Critical PrioritiesIdentify & Implement immediate compliance requirements
ILM ImplementationImplement ILM strategies for DB and email
Audit CapabilityDevelop & implement internal audit capability
Backup CompressionModel BU Strategies for closing window of opportunity
AutomationTools selection
3 Months 6 months 9 months 9+ Months
Cost Model SimulationDevelop model to include BU, Arch, DR and Dev costs
Data IdentificationApplication, Server, Storage, Business cross ref and inter dependency
Archiving Develop archiving compliance needs, refresh, recovery needs & priorities
Strategic Storage Architecture - Business needs, Policies, Service Levels, Backup, Archiving, DR, Reference Architecture, RFI/RFP, Acquisition, Implementation, Metrics, Tools, SOP’s, Operation,
Desired State:
Improved staff productivity
Continuous reduction in unit TCO of storage
Reduced risk to critical apps
Costs aligned with data criticality
Improved service levels to business units
Expansion and growth part of a planned strategy
Compliant with regulation, legislation and mandate
Pragmatic and usable Disaster Recovery plan
Cost ReductionConsolidation of Storage
Sample Tools – ProvisioningActivity Task
Ac
cou
ntin
g
Ap
plicatio
n M
an
agem
ent
As
set Ma
nag
emen
t
Ca
pa
city P
lan
nin
g
Co
nfig
uratio
n M
an
agem
ent
De
vice M
ana
gem
ent
Info
rmatio
n L
ifecycle
Ma
nag
emen
t
Pe
rform
an
ce M
an
ag
emen
t
Pro
visio
nin
g
SA
N D
esig
n
SA
N M
anag
em
en
t
Infrastructure Product Selection
Infrastructure Purchasing
Infrastructure Site Preparation
Infrastructure Equipment Staging X
Infrastructure Asset Management X
Requisitioning Change Request X
Requisitioning Optimization X X X X X
Requisitioning Change Control X
Activation Storage Allocation X x X X
Activation Backup Implementation X X x x x
Activation DR Implementation X X X x x
Activation Data Security X X X
Activation Data Migration X X X X X
Activation Retirement X X X X X X X X X
Activation Configuration Management X
Service Acceptance Testing X
Service Acceptance Go-Live
Service Acceptance SLA Acceptance
Summary – Why a best practices framework?
Promotes alignment of business needs with IT storage directions
Optimizes storage investment effectiveness and reduces
operational costs.
Ability to cost, migrate and manage data appropriate to its
value.
Provides speedy development of policy and procedure
Reduces risk and promotes manageability and predictability.
Creates a solid basis for identification and selection of appropriate
automation tools.
Supports compliance process validation.
Useful links
Official ITIL home page –
www.ogc.gov.uk/index.asp?id=2261
itSMF – www.itsmf.com
CobiT – www.isaca.org
COSO – www.coso.org
CMM – www.sei.cmu.edu/cmm/
GlassHouse SML – www.glasshouse.com