2.1 Information Technology Infrastructure Library

In the late 1980s, having identified the need for a comprehensive, integrated life cycle for all areas of IT service management, the United Kingdom's Office of Government Commerce conceived the idea of the ITIL.

The ITIL was to be a set of books, documents, and information to provide-guidance on implementing a framework for delivering quality IT services. In addition to the Office of Government Commerce, many organizations and industry experts authored the books of the ITIL. For each book, a single organization wrote the book, with the Office of Government Commerce acting as editor, and other organizations and industry experts provided quality assurance for the processes described in the book. Because of the process used for writing, editing, and reviewing the books, they are not limited to any single person's knowledge or experience. They also are not limited to processes based on a single company's proprietary product.

The ITIL books are a comprehensive, integrated, publicly available framework for process-oriented best practices that provide guidance for improving strategic and tactical IT service delivery and infrastructure management excellence. Because ITIL describes a framework rather than prescribing a specific set of infrastructure management products, it is completely customizable for any enterprise's specific set of applications. ITIL represents best practices because the books are based on the collective knowledge and experience of many IT professionals and experts.

The Office of Government Commerce based ITIL on the principle that operations excellence is the result of a systematic approach to the complete IT environment, rather than merely attempting to optimize the individual pieces. Consequently, ITIL contains a comprehensive, consistent, and integrated description of the processes involved in managing IT infrastructures and the relations between processes.

The original goal for ITIL was to improve IT service management for the U.K. government, but its influence has spread considerably and major organizations-both in the public and private sector-throughout the world have adopted ITIL's principles and processes. The ITIL is now the most widely accepted framework for delivering and supporting IT services.

2.1.1 Information Technology Service Management

The ITIL Service Support and Service Delivery books describe key processes that are necessary for providing quality IT services. Service Support reviews the service desk function that coordinates all activities and five operational processes. Service Delivery reviews five tactical processes. This collection of 10 processes and 1 function is usually referred to as Information Technology Service Management. Information Technology Service Management helps deliver and support IT services that are essential for meeting the organization's business requirements.

Service support

Service support (Figure 2.3) consists of the five operational processes that, when applied across all IT services, support stability and flexibility by providing consistent and measurable IT service levels. Service support includes best practices for identifying and recording configuration information, incident reports, problems, and changes. Managing an effective IT organization requires discipline, and IT organizations that operate without ITIL-style service support processes tend to supply IT services in an inconsistent, unorganized, and inefficient fashion. The Service Support area includes the following functions and processes.

Figure 2.3: ITIL Service Management modules

• Service Desk. The Service Desk is a function-not a process-that provides a central point of contact between the user community and the IT service organization.

• Change Management. Changes to the IT environment-including changes to hardware, network, system software, application software, and operational procedures-are inevitable and can be problematic if they are not implemented in a thoughtful, deliberative manner. Some changes may be the reaction to reported problems, whereas others may be proactive changes to improve service quality, reduce costs, or add new capabilities. Regardless of the reasons for the change, you must review, test, and authorize all changes before you implement them in a production environment. The IT staff 's response to requested changes must be planned, efficient, and prompt. The goal of the Change Management process is to ensure conformance to authorized and documented procedures for requested changes. This procedure helps reduce any negative impact on service quality.

• Configuration Management. The Configuration Management process facilitates and controls changes to the environment by identifying, documenting, verifying, and controlling all IT infrastructure components and the dependencies between components. It provides both a logical and a physical view of the infrastructure and IT services.

  A key component of the Configuration Management process is a configuration management database that contains information about all IT infrastructure components (known as Configuration Items). This database includes the typical asset-type information, but it also includes historical information about problems, maintenance, and changes, and includes information about the relations and dependencies among Configuration Items.

• Incident Management. When an IT service does not work as expected, users call the help desk. For most enterprises, the help desk is the primary point of contact for all problems, complaints, and questions about IT services. In ITIL terminology, the typical call to the help desk is referred to as an incident. An incident is any nonstandard event that affects, or may affect, the quality of service. This includes application failures, hardware failures, printer failures, network performance issues, disk space capacity issues, and others. Incidents also include user requests for information or assistance, including requests such as resetting passwords. Many enterprises classify a request for new or additional services (e.g., a new application or a new server) as a change request rather than as an incident. However, ITIL includes requests for new services within the definition of an incident because the handling of these types of service requests is similar to other help desk requests. An automatically generated alert, such as exceeding a queue length threshold, is also considered to be an incident, even though these types of alerts are often considered 'normal.'

  The goal of the Incident Management process is to ensure the availability of IT services by resolving incidents and restoring normal acceptable service operations as quickly as possible, thus minimizing the negative impact on the enterprises business operations. The Incident Management process includes incident detection, classification, investigation, diagnosis, resolution, and documentation. It also includes communication with the user population and management.

• Problem Management. Problem Management and Incident Management are related but separate. In ITIL terms, a problem is the unknown underlying cause of an incident. Once you have identified the cause of an incident, the cause is referred to as a known error. There are two aspects to the Problem Management process: one reactive and one proactive.

  • The Problem Management process includes responding to incident reports to diagnose the underlying cause of the incident and to resolve the problem in an effort to return to normal acceptable IT service operations and to prevent recurrence of the incident.

  • The process also includes proactive problem prevention-that is, identifying and solving problems before incidents occur.

• Release Management. The Release Management process takes a complete system view of a proposed change to an IT service and ensures that you carefully consider all technical and non-technical impacts of the change to minimize the risk to business operations. The process includes the planning, design, development, testing, verification, installation, configuration, packaging, and support of changes to hardware and software components to the production environment.

Service delivery

IT services, such as electronic messaging, have become business-critical services for most organizations. Users expect these services to be available at all times, and most enterprises have created SLAs documenting the expected level of service. Delivering quality services that meet SLAs requires a structured set of operational processes and policies, combined with a disciplined IT staff and enterprise-ready products. Service Delivery describes best practices for the tactical processes required to manage the IT services in a cost-effective manner that matches the user community's business expectations. The Service Delivery area includes the following processes.

• Availability Management. The goal of Availability Management is to design, implement, and manage the availability of IT services. You must optimize the IT infrastructure capabilities, IT services, and IT organizational support to ensure that it is cost effective while still providing IT services to users in compliance with the approved SLAs. Effective availability management results in a cost-effective, sustained level of service availability that enables the business to meet its requirements. Availability Management involves management of availability, maintainability, reliability, serviceability, monitoring, and reporting.

• Capacity Management. ITIL designed the Capacity Management processes to ensure that the IT organization is currently providing the volume of resources required to meet defined SLAs. The processes also assist the organization in predicting future service level volume to strategically plan for future resource requirements. Capacity Management helps avoid problems caused by insufficient resources and helps tactically manage resources in times of crisis. Capacity Management involves application sizing, demand management, performance planning, resource management, and workload modeling.

• Financial Management for Information Technology services. Providing quality IT services is not cheap. For many enterprises, IT costs are some of the most rapidly growing expenses. The goal of the Financial Management for IT services is to ensure that IT services are provided at the most cost-effective price. This does not necessarily mean the least expensive price; the IT organization must achieve an acceptable balance between quality of service and cost of service. This process facilitates IT budgeting, IT accounting, and establishing an equitable method for recovering costs by charging for IT services. Financial management helps an enterprise understand the costs of its IT services and provides insight in planning and executing the enterprise's business objectives.

• Information Technology Service Continuity Management. All IT systems and services are potentially vulnerable to a wide variety of potential problems. These vulnerabilities fall into four general categories:

  • Software failures. These include failures in the operating systems, device drivers, authentication, name resolution, system limits, application code, and failure to protect against viruses.

  • Hardware failures. These include failure of servers, routers, hard disks, system memory, remote access, network access, backup devices, and others.

  • Operator errors. These include human error, sabotage, mail storms, flawed planning, inadequate monitoring, and inadequate security.

  • Environmental failures. These include data center power failures, fires, floods, earthquakes, tornados, heat, dust, and others.

  IT Service Continuity Management (sometimes referred to as Contingency Planning) is the process of developing the plans necessary to ensure that enterprises can quickly recover from an interruption of IT service and can continue to provide an acceptable level of IT services to the enterprise.

  The IT Service Continuity Management process involves several steps, including identifying IT assets, prioritizing threats and vulnerabilities, assessing the business impact that would result from a failure, creation of contingency plans that help minimize the effects of unexpected disruption, auditing the contingency plans, and periodic testing of the contingency plans.

• Service Level Management. The Service Level Management process is one of the keys to successfully delivering IT services, ensuring that agreed on services are delivered when and where those services are needed. The overall goal of Service Level Management is to maintain and improve the user's perception of IT service quality. The process helps IT managers become more service oriented, deliver a guaranteed quality of services defined by SLAs, and adopt a proactive-rather than reactive-approach to providing IT services. Service Level Management involves the following constant cycle:

  • The IT department works with the user community to agree on the definition of 'quality' services in user-understandable terms and identifies specific measurable metrics.

  • The IT department monitors the environment to measure the level of services that they are actually providing.

  • The IT department reports on achievements regarding service quality.

  • The IT department compares the actual service levels with the approved SLA.

  • The IT department initiates actions to correct unacceptable service levels.

  The Service Level Management process helps develop a more solid relationship between the IT organization and its customers.