• Full Name Full Name Comment goes here.
    Are you sure you want to
    Your message goes here
    Be the first to comment
No Downloads

Views

Total Views
519
On Slideshare
0
From Embeds
0
Number of Embeds
0

Actions

Shares
Downloads
25
Comments
0
Likes
1

Embeds 0

No embeds

Report content

Flagged as inappropriate Flag as inappropriate
Flag as inappropriate

Select your reason for flagging this presentation as inappropriate.

Cancel
    No notes for slide

Transcript

  • 1. Understanding the ITIL Trinity of Configuration, Change and Release Management June 28, 2007 2:00pm EDT, 11:00am PDT George Spafford, Principal Consultant Pepperweed Consulting, LLC “ Optimizing The Business Value of IT” www.pepperweed.com
  • 2. Housekeeping
    • Submitting questions to speaker
      • Submit question at any time by using the “Ask a question” section located on lower left-hand side of your console.
      • Questions about presentation content will be answered during 10 minute Q&A session at end of webcast.
    • Technical difficulties?
      • Click on “Help” button
      • Use “Ask a question” interface
  • 3. Main Presentation
  • 4. Agenda
    • The Trinity
    • Change Management
    • Configuration Management
    • Release Management
    • ITIL v3
    • For a copy of today’s webcast PPT, please email:
      • George at: [email_address]
      • Kendra at: [email_address]
  • 5. The Trinity
    • Change Management Is the set of standardized processes and tools used to handle change requests in order to support the business while managing risks. [Risk Management]
    • Release Management Uses formal controls and processes to ensure requirements are met and safeguard the production environment. [Quality Management]
    • Configuration Management Focuses on tracking and documenting configurations and then providing this information to other areas including Change and Release Management. [A combination of Knowledge Management and Information Broker]
    The three process areas must work together and share information.
  • 6. Change Management
  • 7. Human Error
    • Complexity is increasing, documentation is lacking, training is haphazard and there is an artisan mentality of learning on the job
    • All processes have a degree of inherent variation
    • Total Variation = Systemic + Human Error
    • You can reduce, but not eliminate human error
    • 80% of network availability incidents are caused by human error (IDC)
  • 8. Phase I: Ungoverned Change time Change rate Failed changes and/or Number of unauthorized changes Unplanned work (Unplanned work > 100%) Source: IT Process Institute, 2005 http://www.itpi.org
  • 9. Phase I: Stabilized Patient time Change rate Failed changes or Num of unauth chgs Unplanned work Source: IT Process Institute, 2005 http://www.itpi.org
  • 10. A Basic Change Management Process
    • Identify a potential change
    • Create Request For Change (RFC)
    • Seek Approval to Proceed
    • Plan the Change
      • Plan & Prepare
      • Test
      • Develop Rollback Plan
    • Peer Review
    • Seek Approval to Implement
    • Schedule the implementation
    • Negotiate if additional time is needed beyond defined window
    • Deploy the change
      • Rollback if needed
    • Review the next day to see if it installed as planned
    • Review in three months to determine outcomes
  • 11. Implement a Detective Control
    • To enforce the policy and drive cultural change, implement a detective control
    • At the outset, the rate of changes going through the process is often far smaller than the actual rate of changes going around the process
    • Integrity management systems specialize in monitoring key areas of systems for changes and reporting what is found
  • 12. Further Controls to Reinforce Change Management
    • Segregation of Duties – Protect key processes
      • Ex: Don’t allow developers access to production systems
    • Remove excessive permissions – limit rights to only those that are needed
      • Ex: Limit the number of system administrators and domain administrators to as few as possible and they should all be trusted parties.
    • Periodically audit production systems to the last known good build in order to identify configuration drift
      • Ex: Does the Oracle server still match the last known good state or were changes made that did not follow the defined process?
      • Highlights why an automated detective control can be so powerful
  • 13. Configuration Management
  • 14. Configuration Management Enables Integration
    • ITIL tells us that “Configuration Management provides a logical model of the infrastructure or a service by identifying, controlling, maintaining and verifying the versions of Configuration Items (CIs) in existence.”
    • Configuration Management provides information about CIs and their relationships to all the other processes
      • So Change Management can assess impacts
      • So Incident Management knows where to look next or who to notify
      • Etc.
    • The Configuration Management Database (CMDB) is the nerve center of IT
      • It relates all the data together, provides workflows, access to files, etc.
      • It can be one database or integrations into multiple sources (federated models)
    • The CMDB contains the data and processes that binds the ITSM processes, services and the organization together
  • 15. More Than Technology
    • Configuration Management is not just about technology
    • Need the right people
      • Culture
      • Tone from the Top
      • Training
      • Motivation
    • Need the right processes
      • Designed for the organization
      • Factoring in:
        • Organizational goals
        • Functional area objectives
        • Constraints
    • After you understand processes and requirements, then you need the right technology
    People Processes Technology Outcomes
  • 16. Configuration Items (CIs)
    • These are categories of data that you must track and are modeled using data tables
      • Hardware – PCs, Servers, Network Equipment, etc.
      • Software – Operating Systems, Applications, Tools, etc.
      • People – IT staff, business staff, vendors, etc.
      • Accommodations/Environment/Facilities – Locations, data centers, wiring closets, etc.
      • Data – tables, interfaces, etc.
      • Documentation – Policies, work instructions, SLAs, rollback plans, incident records, problem records, request for change, etc.
      • Services
        • Business Processes – sales, accounts receivable, etc.
        • IT Services – What IT provisions to enable the business
    • An ITIL “secret” is that nearly everything is a CI. The establishment of these CI-types, their attributes and relationships enable a logical model of IT
  • 17. Note – Never do Configuration Management First Either do Change and Configuration together or Change and then Configuration Management. Change Management must be present to control the updating of the CMDB
  • 18. Release Management
  • 19. What Is a Release?
    • A collection of authorized changes to an IT service
      • New services
      • Modifications to an existing service
      • Ending a service – sometimes decommissioning takes a lot of work and needs to be properly managed
    • Can contain new and revised hardware and software in three categories – Major, Minor and Emergency
    • Release Unit – describes the IT infrastructure portion that is released together
      • Hardware, Software, Documentation, Media, etc.
    • Type of Release
      • Full, Delta, Package
  • 20. Why Release Management Matters
    • 29% of projects delivered on-time with expected features, 53% were challenged and 18% outright failed outright 1
    • The majority of the causal factors are non-technical including:
      • Lack of project planning
      • Poor requirements definition
      • Correct stakeholders not involved, or not involved early enough
      • Poor communications
      • Insufficient management oversight
    • The Service Development Life Cycle (SDLC) and Project Management are part of Release Management
    1. “Third Quarter 2004 CHAOS Report”. The Standish Group.
  • 21. Release Management Provides Quality Assurance
    • Are the correct requirements identified?
      • Breadth and depth
    • Are the requirements met when tested?
      • What testing is needed? Unit, Integration, load?
    • Is the organization ready for the deployment?
      • Staffing, training
    • Can the release be deployed successfully?
      • Is there capacity? Is support ready? Is the business ready?
    • What did we just learn? (Post Implementation Reviews)
      • What went good? Bad?
      • What would we do again?
      • What would we change?
    • Plays an important role in regulatory compliance and security
      • All requirements need to be known, tested and deployed with a reasonable assurance of success
      • A great many Incident and Problems can be traced to human error that Change and Release Management can help safeguard against
  • 22. Major Release Mgt Activities
    • Roll-out Planning
    • Communication
    • Awareness
    • Training
    • Distribution
    • Installation
    • Beta Testing
    • Unit Testing
    • Integration Testing
    • Load Testing
    • Security Testing
    • User Acceptance Testing
    • Release Acceptance by Operations
    • Release Policy
    • Release Planning
    • Design, develop and/or buy services
    • Build and Configure the Release
    Preparation and Introduction to Production Testing & Approval Planning & Development
  • 23. Continuous Improvement is Key for All
    • Start and Learn
    • Evolve your processes over time
    • ITIL and process improvement are journeys – not destinations
    • Constantly strive to improve
    • Enable the organization to attain goals
    * Adapted from ITIL Service Support Graphic
  • 24. ITIL v3
    • Version three (ITIL v3) set was released on May 30th as planned
    • The core principles are the same
    • Five core books (11.4 pounds!) arranged as a lifecycle
      • Service Strategy
        • Value nets, adaptive strategies, managing uncertainty, strategy selection
      • Service Design
        • Policies, architecture, models, outsourcing
      • Service Transition
        • Transition Planning and Support
        • Change Management
        • Service Asset and Configuration Management
        • Release and Deployment Management
        • Service Validation and Testing
        • Evaluation
        • Knowledge Management
      • Service Operation
        • Incident and Problem Management, alerting, new functions
      • Continuous Service Improvement
        • Business cases, Portfolio Alignment, Metric selection
  • 25. Process References
    • For a definitive reference, see ITIL’s Service Support Volume http://www.itil.co.uk/
    • Microsoft’s Operations Framework http://www.microsoft.com/technet/itsolutions/cits/mo/smf
    • British Educational Communications and Technology Agency (BECTA) http://www.becta.org.uk/tsas
    • IT Process Institute’s Visible Ops Methodology http://www.itpi.org
    • PMI Project Management Body of Knowledge http://www.pmi.org
    • Projects in Controlled Environments version 2 (PRINCE2) http://www.prince2.org.uk/web/site/home/Home.asp
    • For additional material, use Google and search on keywords such as
      • “ SDLC template”
      • “ Project Management template”
      • “ Release Management template”
      • “ Release Plan”
      • “ Rollout Plan”
      • “ Fallback Plan”
  • 26. Thank you for the privilege of facilitating this webcast George Spafford Principal Consultant Pepperweed Consulting Optimizing the Value of IT [email_address] http://www.pepperweed.com Daily News Archive and Subscription Instructions http://www.spaffordconsulting.com/dailynews.html
  • 27. Questions?
  • 28. Thank you again for attending If you have any further questions, e-mail [email_address] For future ITSM Watch Webcasts, visit www.jupiterwebcasts.com/itsm