STORAGE MANAGEMENT/EXECUTIVE:

ITIL®

and Other Best Practices Frameworks

Jim DamoulakisCTO, GlassHouse Technologiesjimd@glasshouse.comSept. 21, 2004

OutlineBest practices frameworks

• Drivers

• Benefits

ITIL®

• What is it?

• Who owns it?

• How do you use it?

Other “standards”

• CMM

• COBIT

• COSO

ITIL® is a registered trade mark of OGC

Outline (2)How does this fit with storage?

• Improving storage management – need more than tools

• Managing increasing complexity and controlling cost

• Realization that you can’t take advantage of new technology without fixing the process

• Better services at lower cost

GH SML

• What is it?

• How does it fit with the frameworks?

• Usage examples

Best practices frameworks

Process rediscovered?

Increased accountability – compliance

Aligning IT with business – more than lip service

Growth is too difficult to manage

Reduce risk

Improve effectiveness

Improve cost

ITIL: What?

IT Infrastructure Library (ITIL)

• “ITIL is the most widely accepted approach to IT

service management in the world.”

• A best practices approach for IT service

management

• A framework to structure new and existing methods

and activities

• De facto standard (Real standard is BS15000)

• Quality focus

ITIL: Who?UK Office of Government Commerce (OGC)

• Holder of copyright

• Also oversees PRINCE2

itSMF: IT Service Management Forum

• Drives much of the ITIL definition and qualification

criteria

Publications

Training

Certifications (people, not organizations)

ITIL framework publications

Source: Pink Elephant

Service delivery

Service level management

Financial management for IT services

Capacity management

IT services continuity management

Availability management

Service support

Incident management

Problem management

Configuration management

Change management

Release management

Capability maturity model: Carnegie Mellon SEI

Level Name Description

1 Initial Ad-hoc, reactive, “firefighting”

2 Repeatable Proactive, trained people

3 DefinedDocumented, standardized products and

procedures

4 Managed Metrics for deliverables and processes

5 Optimizing Continuous improvement with feedback

Control OBjectives for Information and related Technology (COBIT

®

)

Controlled by the IT Governance Institute (ITGI) and Information Systems Audit and Control Association (ISACA)

Framework for governance of IT

“Developed as a generally applicable and accepted standard for good Information Technology (IT) security and control practices that provides a reference framework for management, users, and IS audit, control and security practitioners”

CobiT domains:

Planning & organization

Acquisition &

implementation

Delivery & support

Monitoring

Compliance auditing

COSO internal control – Integrated

framework• Committee of Sponsoring Organizations of the

Treadway Commission

• Blessed by SEC and PCAOB as approved IT

governance framework

• Five components:

Control environment

Risk assessment

Control activities

Information and communication

Monitoring

How does this apply to storage?

ITIL, COBIT, COSO do not discuss storage

specifically

Goals of effectiveness and efficiency are

the same across IT

Storage adds the problem of persistence

Need for a storage-specific framework

The GlassHouse Storage Management Lifecycle™

A framework of best practice for the planning, management and operation of the storage environment

A guide to the steps needed to align, plan, design and purchase the storage infrastructure

A road map for the development of policies and standard operating procedures needed for efficient and compliant storage management

Supportive of international standards on compliance

Phase 1Planning

Phase 2 Provisioning

Phase 3Maintenance

Phase 4Customer

Care

Source: GlassHouse Technologies Inc. 2004

Storage Management Lifecycle

Phase 1: Planning

1.1Strategy

1.2 Policies

1.3Discovery

Phase 1.4Requirements

Source: GlassHouse Technologies Inc. 2004

Phase 2: Provisioning

2.1Purchasing

2.2 Change Control

2.3Activation

Phase 2.4Service

Acceptance

Source: GlassHouse Technologies Inc. 2004

Phase 3: Maintenance

3.1ServiceDelivery

3.2 InfrastructureManagement

3.3ServiceSupport

Phase 3.4Compliance

Source: GlassHouse Technologies Inc. 2004

Phase 4: Customer Care

4.1Service

Ordering

4.2 Service

Fulfillment

4.3ServiceQuality

Source: GlassHouse Technologies Inc. 2004

4.4Alignment

Check

Domain Activities Tasks Focus Areas

Planning 4 28 89

Provisioning 4 25 56

Operations & Maintenance

4 21 51

Client Care (end user)

3 16 16

Technical Requirements

PrimaryEnvironment

Reference Architecture

Example: Breakout of planning phase and tiered, detailed activities and tasks

PlanningPlanning

StrategyStrategy

PoliciesPolicies

Discovery of environment

Discovery of environment

Technical requirementsTechnical

requirements

Business Drivers, Service Levels required, Financial criteria

Demarcation lines, storage group roles, data classification, expense request, capacity planning, security, technology directions,

communications

Primary environment, server environment, storage network environment, data

identification, backup environment, DR environment, archiving environment, policies, procedure, tools environment, organization

structure, application environment

Group service levels, define COS attributes, develop reference architecture, establish financial parameters, establish standard

operating procedures

Phase TasksActivity

√ indicates match to GH SML activity

(BP) Business Perspective1. Business continuity √ 2. Partnerships and outsourcing3. Surviving change4. Transformation of business practice

(SD) Service Delivery1. Capacity management √2. Financial management √3. Availability management √4. Service level management √5. Service continuity management √

(SS) Service Support1. Service desk √2. Incident management √3. Problem management √4. Configuration management √5. Change management √6. Release management √

(IM) Infrastructure Management1. Network service management √2. Operations management √3. Management of local processors √4. Computer installation and acceptance √5. Systems management √

ApplicationManagement

Mapping the ITIL framework to the SML

Engagement objectives - Capability maturity model

SML CMM - Phase Activity Gap Analysis

0

1

2

3

4

5Discovery

Capacity Planning

Requirements Analysis

Storage Policies

Storage Procedures

Change Control

RequisitioningStorage Provisioning, Activation

Service Acceptance

Management

Operations

Cost Accounting

Service Assurance

Planning

Provisioning

Maintenance & Operations

Cust Care

------ Current State

------ Desired State

Key findings: Fragile storage utility model

Business unit concerns – Availability

Single tier of service – Cost & need mismatch

No service level agreements – Need & value mismatch

Cost model constraints – Not tiers, no penalties,

no BU$

Virtual storage team – Authority &

accountability mismatch

Mature management practices – Under development

One level data protection – Cost & need mismatch

No lab environment – Cost & risk mismatch

Overall maturity level

Short Term1.0 1.0Training

Long Term1.0 2.0Retirement

Immediate2.0 3.0Security

Long Term2.0 2.0Authorization

Immediate1.0 2.0Data Migration

Immediate2.0 2.0Data Protection

Long Term1.0 2.0Testing

Immediate1.0 2.0Asset Management

Immediate2.0 2.0Device Management

Short Term2.0 2.0Fault Response

Short Term2.0 2.0Monitoring

Long Term

Immediate

Immediate

Immediate

Short Term

Priority

1.0 2.0Quota Management

1.0 2.0Configuration Management

2.0 2.0Resource Management

2.0 2.0Reporting

3.0 3.0Change Control

MaturityActivity

Short Term1.0 1.0Training

Long Term1.0 2.0Retirement

Immediate2.0 3.0Security

Long Term2.0 2.0Authorization

Immediate1.0 2.0Data Migration

Immediate2.0 2.0Data Protection

Long Term1.0 2.0Testing

Immediate1.0 2.0Asset Management

Immediate2.0 2.0Device Management

Short Term2.0 2.0Fault Response

Short Term2.0 2.0Monitoring

Long Term

Immediate

Immediate

Immediate

Short Term

Priority

1.0 2.0Quota Management

1.0 2.0Configuration Management

2.0 2.0Resource Management

2.0 2.0Reporting

3.0 3.0Change Control

MaturityActivityCurrent TargetPrioritization of

process development plan by:

• Impact

• Level of effort

SLA Development SimulationDevelop & Publish draft SLA’s

Storage management road map

Foundation

Optimize

Compliance

Architecture

Key MetricsDevelop and

Implement Key Performance

Indicators and Key Risk Indicators

Base SOP’sDevelop key Standard operating procedures with compliance, completion and quality artifacts

ILM StrategiesDevelop ILM strategies for DB information, and email

Critical PrioritiesIdentify & Implement immediate compliance requirements

ILM ImplementationImplement ILM strategies for DB and email

Audit CapabilityDevelop & implement internal audit capability

Backup CompressionModel BU Strategies for closing window of opportunity

AutomationTools selection

3 Months 6 months 9 months 9+ Months

Cost Model SimulationDevelop model to include BU, Arch, DR and Dev costs

Data IdentificationApplication, Server, Storage, Business cross ref and inter dependency

Archiving Develop archiving compliance needs, refresh, recovery needs & priorities

Strategic Storage Architecture - Business needs, Policies, Service Levels, Backup, Archiving, DR, Reference Architecture, RFI/RFP, Acquisition, Implementation, Metrics, Tools, SOP’s, Operation,

Desired State:

Improved staff productivity

Continuous reduction in unit TCO of storage

Reduced risk to critical apps

Costs aligned with data criticality

Improved service levels to business units

Expansion and growth part of a planned strategy

Compliant with regulation, legislation and mandate

Pragmatic and usable Disaster Recovery plan

Cost ReductionConsolidation of Storage

Sample Tools – ProvisioningActivity Task

Ac

cou

ntin

g

Ap

plicatio

n M

an

agem

ent

As

set Ma

nag

emen

t

Ca

pa

city P

lan

nin

g

Co

nfig

uratio

n M

an

agem

ent

De

vice M

ana

gem

ent

Info

rmatio

n L

ifecycle

Ma

nag

emen

t

Pe

rform

an

ce M

an

ag

emen

t

Pro

visio

nin

g

SA

N D

esig

n

SA

N M

anag

em

en

t

Infrastructure Product Selection

Infrastructure Purchasing

Infrastructure Site Preparation

Infrastructure Equipment Staging X

Infrastructure Asset Management X

Requisitioning Change Request X

Requisitioning Optimization X X X X X

Requisitioning Change Control X

Activation Storage Allocation X x X X

Activation Backup Implementation X X x x x

Activation DR Implementation X X X x x

Activation Data Security X X X

Activation Data Migration X X X X X

Activation Retirement X X X X X X X X X

Activation Configuration Management X

Service Acceptance Testing X

Service Acceptance Go-Live

Service Acceptance SLA Acceptance

Summary – Why a best practices framework?

Promotes alignment of business needs with IT storage directions

Optimizes storage investment effectiveness and reduces

operational costs.

Ability to cost, migrate and manage data appropriate to its

value.

Provides speedy development of policy and procedure

Reduces risk and promotes manageability and predictability.

Creates a solid basis for identification and selection of appropriate

automation tools.

Supports compliance process validation.

Useful links

Official ITIL home page –

www.ogc.gov.uk/index.asp?id=2261

itSMF – www.itsmf.com

CobiT – www.isaca.org

COSO – www.coso.org

CMM – www.sei.cmu.edu/cmm/

GlassHouse SML – www.glasshouse.com