Oracle DBA Meets ITIL and COBIT

Oracle DBA Meets ITIL and COBIT Architecture and Infrastructure Track IOUG Collaborate 09 Mahesh Vallampati SmartDog Services Senior Practice Manager

About the Speaker

Mahesh Vallampati

Career

Senior Practice Manager at SmartDog Services

Senior Sales Consulting Manager at Hotsos (2 years)

Director of DBA Services at Eagle Global Logistics (2 years)

Practice Manager at Oracle in Consulting(9 years)

Papers

Several papers presented at User Groups

Published in Oracle Magazine

Education

Master’s in Electrical Engineering, Texas A&M University

Agenda

ITIL and COBIT Imperative

ITIL

What is ITIL and why should I care?

How does what I do map back to ITIL?

COBIT

What is COBIT and why should I care?

What does what I do map back to COBIT?

What do I do next?

Certification

Q&A

What is ITIL?

ITIL

ITIL Stands for

I nformation

T echnology

I nfrastructure

L ibrary

Developed

In the 1980’s

Developed as a framework

Started as a guide for the UK Government

Developed Primarily for IT Service Management

ITIL Evolution

ITIL V1

Not widely adopted

Developed by British Government

ITIL V2

Widely Adopted

Very Popular in large organizations

ITIL V3

Released in May 2007

Too early in the life cycle

More Strategic in its approach

We will focus on ITIL v2 for now

The Notion of IT as a Service – Technical Expertise to Service Delivery Before Now Corporate Department Mentality Service Mentality Employee Attitude Vendor Attitude Internally Focused Customer Focused Technical Focus Customer Focus Budgeted Cost Managed Cost Technology for Technology Sake Technology as a means of achieving competitive advantage Department Attitude Business Attitude

The Overall ITIL Framework

Service Management

What Service

Manage the Infrastructure

Method of Managing the Service

With Quality

Cost Effective

Business Objectives

Support Short Term and Long Term Requiremen t

Service Management

Measure

Control

Manage

A Process Perspective

Process Perspective - Effective and Efficient

Effective

For a given set of inputs, the output matches the prediction

Defined

Repeatable

Reliable

Efficient

Effective

Activities achieved with minimum effort and cost

Why should I care?

Question

As a DBA, what business are you in?

Answer

The Service Business

ITIL as a Service Framework

DBA activities map to a Service Framework

ITIL is the IT Industry Standard Service Framework

ITIL is also the current management thinking about IT in general

It is critical then that the DBA understands it

ITIL Mapping to DBA Responsibilities

Service Desk

A single point of contact for

Issue Resolution

Work Requests Tracking and Completion

Service Availability and Restoration Information

Service Desk Help Desk App Support DBA Support Business Users

Service Desk

Service Support

Service Delivery

Service Desk – Service Support

Service Support

Objectives

Sustain the Quality of Service

Minimize disruption

Effective Triaging

Emphasis on quick restoration of services

Capture Information

Document issues (incidents and problems)

Assign Ownership

Track Progress

Root Cause Resolution

Make Changes

Incremental

Group large changes

Manage Configuration

Identify infrastructure assets and the relationships between them

Service Support

Incident Management

Problem Management

Configuration Management

Change Management

Release Management

Incident Management

Incident Management

Defined from a Quality of Service perspective

Reduction

Interruption

Origination

Monitoring Tools (Any Layer)

Customers Calling Help Desk

Examples

Running out of tablespace

Performance Brownout

Database Crash

Response

Restore Normal Operation as soon as possible and determine root cause

Minimize Impact to Business

Post Incident

Document Root Cause

Statistical Trending

Problem Management

Problem Management

Definition

Unknown Underlying cause of one or more incidents

Origination

Incidents

Customers Calling Help Desk

Examples

ORA-0600 errors for which there is no root cause

Repeated crashes of a database

Response

Restore Service and Minimize Impact

Higher Emphasis on Root Cause

Post Problem

Root Cause

Procedures to eliminate recurrence of incidents and problems

Definition

Identify, Record and Report Infrastructure Components or assets

Relationship to Components

Origination

An Initiative to record these components

Examples

List of Servers, Databases etc.

Versions and Interdependencies, init.ora’s

Key Aspect

Relationship between assets

Benefits

Tie back to Incident Management and Problem Management and assist in the root cause analysis

Change Management

Change Management

Definition

Reactive - To fix a problem

Proactive – Improve quality of service

Move from one “Defined” state to another

Origination

Business Requests

Incidents/Problems

Examples

Code fixes

Database Patches

Key Aspect

Minimize impact on service quality

Drive Continuous improvement

Back-out Plan

Benefits

Minimize Risk

Add Value

Release Management

Release Management

Definition

Grouping of changes to problems

Enhance Quality of Service

Origination

Requests for Changes

Projects

Examples

Database Upgrades

Significant Enhancement to an IT Asset as used by the business

Key Aspect

More emphasis on testing

Increase functionality to enhance quality of service

Different Stream of Funding

Benefits

Add Value

Mitigate Risk

Service Support - The DBA Perspective

Issues

Characterize as

Incidents

Problems

Changes

Manage as

Change Management/Release Management

Context

Configuration

Configuration Items and Relationship to other configuration items

Is it always the database?

Database Changes Versus Non Database Changes

Rate of Change?

Service Support - Summary

Emphasis

Customer Focus

Quality of Service

Root Cause Resolution

Issue Lifecycle Management (Change Management)

IT Asset Lifecycle Management (Release Management)

Service Desk - Service Delivery

Service Delivery

Service Delivery is the framework that governs Service Support

Service Delivery manages the following aspects of Service Support

What Service?

What Service Levels?

What availability levels?

At what cost?

At what Capacity levels?

Service Delivery

Service Level Management

Availability Management

Continuity Management

Financial Management

Capacity Management

Service Level Management

Definition

Determine level of service needed to support the business

Provide Specific Targets

The notion of a Service Catalog

Objectives

Meet Service Level and Operational Level Agreements

Minimize adverse impact on Service Quality Levels

Manage

Expectations

Cost

Examples

Online store Application and Database should have 4 9’s availability

Payment with credit card should complete within 6 seconds by customer

Definition

The ability to use an IT Service without interruption

A key indicator of Service Quality

Objectives

Enhanced Reliability

Enhanced effectiveness of Support

Manage

Criticality of Information Needs

Process of restoration of Service effectively

Examples

Mean Time to Restore/Repair Financial Database should be under an hour

Physical Failover to a remote location for the online store should be under 2 minutes

Factors

Reliability

Resilience

Maintainability

Serviceability

Also encompasses security Management

C onfidentiality

I ntegrity

A vailability

Continuity Management

Definition

Tied to criticality of Business Continuity

Tied to cost of non-availability of services support

Objectives

Planning to mitigate risk of non-availability of services support

Mitigate impact of risks and threats

Manage

Time to restore services

Disaster Recovery Process

Examples

Failover to remote site for all IT Services

Definition

Cost effective method for delivering services

Objectives

Price IT Services

Cost Accounting of Services

Manage

Budgeting

Accounting

Charging

Example

Database Licenses

Application Usage Fees

Capacity Management

Definition

Managing the trade off between cost and capacity

Managing the supply of computing resources with demands placed against it

Objectives

Monitor Performance and Throughput of IT Services

Perform Tuning Services for efficient use of infrastructure for key business tasks

Manage Batch workload to achieve business objectives

Manage

Workload

Task Performance

Forecast Capacity Demand

Examples

Batch Processing for month end close in Financial Environments

Identify Key Business Transactions and Optimize them

What should I do next?

Service Delivery – The DBA perspective

SLAs

Think in term of SLAs

Especially around Database Availability

Document worst case and best case

Complete recovery from tape

Just Instance Recovery

Availability and IT Service continuity Management

Is 5 9’s really realistic?

Is there adequate head count?

Can 2 DBAs really support 7/24/365?

Who owns and manages the DR process?

Keep Cost in Mind

Ask what is the “unfunded mandate” is

Service Delivery – The DBA perspective

Capacity Management

Do you know?

Expensive Users

Expensive Applications

Expensive Modules

Don’t tune first (Eliminate, Re-schedule and Train first)

When tuning use response time as a guiding framework

Do you know when you server is going to max out from a capacity perspective?

Can you tie it back to business usage of the system?

Get Certified

ITIL Recap

ITIL is a technology framework

Brings about a service perspective

Aligns to Business criticality

It is important that DBA’s be able to articulate what they do in this framework

From a performance and capacity management perspective, consider adopting these as key strategies

Workload characterization

Response Time Optimization

COBIT

What is COBIT?

COBIT

Control Objectives for Information and related Technology ( COBIT )

Translated to control of access to data and its modification

Translates to security

COBIT Evolution

December 2005, COBIT 4.0

May 2007, COBIT 4.1

Available and Supported at ISACA.org

So what is COBIT anyway?

COBIT

An IT Governance framework

Bridge Gap

Control Requirements

Technical Issues

Business Risks

Enables

Clear Policy Development

Good Practice

Emphasizes regulatory compliance

Obtain increased value from IT

Enables alignment

Simplifies implementation

COBIT and RACI Charts

The good thing about COBIT is it tell us the accountability structure for the sub processes and steps.

Responsible

Accountable

Consulted

Informed

The benefit is clear accountability and ownership

COBIT Overview – Plan and Organize Plan and Organize Responsible Accountable Consult Inform PO1 Define a Strategic IT Plan and direction X PO2 Define the Information Architecture X X PO3 Determine Technological Direction X X PO4 Define the IT Processes, Organization and Relationships X PO5 Manage the IT Investment X PO6 Communicate Management Aims and Direction X PO7 Manage IT Human Resources X PO8 Manage Quality X PO9 Asses and Manage IT Risks X X PO10 Manage Projects X

COBIT Overview – Acquire and Implement Acquire and Implement Responsible Accountable Consult Inform AI1 Identify Automated Solutions X X AI2 Acquire and Maintain Application Software X X X AI3 Acquire and Maintain Technology Infrastructure X X X AI4 Enable Operation and Use X X X AI5 Procure IT Resources X X X AI6 Manage Changes X AI7 Install and Accredit Solutions and Changes X

COBIT Overview – Deliver and Support Deliver and Support Responsible Accountable Consult Inform DS1 Define and Manage Service Levels X X DS2 Manage Third-party Services X X DS3 Manage Performance and Capacity X X X DS4 Ensure Continuous Service X X X DS5 Ensure Systems Security X X X DS6 Identify and Allocate Costs X DS7 Educate and Train Users X DS8 Manage Service Desk and Incidents X DS9 Manage the Configuration X DS10 Manage Problems X DS11 Manage Data X DS12 Manage the Physical Environment X X DS13 Manage Operations X

COBIT Overview – Monitor and Evaluate IT Processes Monitor and Evaluate IT Processes Responsible Accountable Consult Inform ME1 Monitor and Evaluate IT Processes X X ME2 Monitor and Evaluate Internal Control X X ME3 Ensure Regulatory Compliance X X ME4 Provide IT Governance X

Quick Survey