An introduction to ITIL concepts
Written by Justin MurrayOctober 2005
Introduction... 2
Objective... 2
The ITIL books and processes ... 3
Service Management: a key part of ITIL... 4
Service Support ... 5
Service Delivery... 8
Summary ... 10
For more information... 11
Introduction
As the management of both IT services and business needs grows more complex in an increasingly global, competitive, and regulated environment, the need for standardized, proven practices for managing IT services has grown as well. This need drives the increasing popularity of the Information Technology Infrastructure Library (ITIL). ITIL in fact may well be the most widely accepted approach to managing IT services in the world today.
ITIL is popular because of the proven best practices that it offers. The demand for information about ITIL continues to grow. Among other reasons for investigating ITIL recommendations, one common motivation is to learn about knowledge and best practices necessary for achieving compliance with Sarbanes-Oxley and other IT governance requirements.
Objective
The objective of this article is to introduce the main concepts of ITIL best practice recommendations for managing IT services. This article is intended to show you the underpinnings of IT Service
Management (ITSM), whether your focus area is from a business, a consulting, or a technology perspective.
Note that in addition to the area of ITSM, ITIL also addresses a number of separate areas, including Planning to Implement Service Management, The Business Perspective, Application Management, Security Management, and ICT Infrastructure Management, as shown in Figure 1, below.
Figure 1. Areas addressed by ITIL.
This paper will not address these additional areas; however, at the end of this paper, you can find sources for learning about these areas as well as exploring ITSM itself in more depth.
Application Management Service Management
T T
Planning to Implement Service Management
h h e e B T The ICT u e Business Infrastructure s c I n e s s h n o l o g y Service Delivery
Perspective Service Support Management
Organizations that promote ITIL
Before we proceed with our exploration of ITIL, let’s review some common ITIL-related terminology and organizations.
ITIL provides a cohesive set of best practices derived from the public and private sectors
internationally. A qualifications scheme, accredited training organizations, and implementation and assessment tools support ITIL. The best practice processes ITIL promotes are supported by the British Standards Institution's Standard for IT Service Management (BS15000).
It’s important to understand that ITIL is not a collection of software, nor can any software claim to be “ITIL compliant,” as there is no compliance test or validation for this. Vendor software, such as HP’s Service Desk, can, however, be labeled “ITIL compatible,” meaning that it follows the best practices laid out in the ITIL guidelines.
In the ITIL literature, you will find reference to the IT Service Management Forum, or itSMF. This organization is a collection of industry players, with HP as one of the chief sponsors, aimed at promoting ITIL and IT service management in keeping with ITIL best practices.
IT Service Management (ITSM) is a combination of services, software, people and standard methodologies that improves the quality of IT services. In the longer term, it lowers the cost of those services. ITSM is based on ITIL and is often used as a synonym for it. Strictly speaking, however, ITIL is the description of the best practice only.
The ITIL books and processes
ITIL is made up of a set of books that contain best practice recommendations for managing IT as a business (as a stated goal). The currently available book titles, sometimes called “the colored books,” are:
• The Business Perspective • Software Asset Management • Service Support
• Service Delivery
• Planning to Implement IT Service Management • ICT Infrastructure Management
• Application Management • Security Management
Figure 1, above, shows the relationships among these books. The Office of Government Commerce (OGC) in the UK publishes these books and makes them available, along with some short demos for each area, on its ITIL publications site.
People from companies such as Microsoft, IBM, DMR Consulting (Canada), Fujitsu, Sonera and others have written the ITIL books. The UK OGC and itSMF are working together to scope the content of an update to ITIL publications, scheduled for 2006.
Service Management: a key part of ITIL
Let’s look first at a key part of ITIL: Service Management. ITIL Service Management (shown in the center of Figure 1) is concerned with the two main sub-areas of “service delivery” and “service support.” A key service support offering is the set of processes that are supported by the HP
OpenView Service Desk product, such as Incident Management and Problem Management. Service Delivery and Service Support are distinguished by their constituent processes and functions, shown further in Figure 2, below.
The ITIL processes making up Service Management are listed across the middle tier of the diagram shown in Figure 2. The Incident Management, Problem Management, Configuration Management, Change Management, and Release Management processes belong to the Service Support area, as does the Service Desk function. Configuration Management supports both sides of the Service Management area: delivery and support.
The five processes named Service Level Management, Availability Management, Capacity
Management, Financial Management and IT Service Continuity Management taken together comprise the Service Delivery side of the Service Management area.
We’ll look at each of the processes at a high level here. You can visit the OGC ITIL website for further information on these processes (see References below).
Figure 2. The ITIL processes that comprise Service Management.
Service Desk Service Level
Mgmt
Service Support Service
Is represented by
User Customer
Negotiate SLAs has prime contact
ITIL Foundation
Avail. Capacity Financial IT Svc
Incident Problem Change Release Mgmt Mgmt Mgmt Continuity
Mgmt Mgmt Mgmt Mgmt Mgmt
Configuration Mgmt
Service Support
Let’s delve into the Service Support side of the picture (see the left-hand side of Figure 2) first. It is important to realize that your company could implement any one of these processes
independently of all the others. Although they have multiple inter-relationships and hand-offs, each process brings benefits in itself. For instance, as a starting point, your organization may benefit from implementing the Change Management process only. By formalizing this one process, an
organization benefits from keeping track of changes made to the deployed systems. This helps in understanding those changes that may have caused problems or fixed problems over time. Without an adequate Change Management process, that type of understanding is dependent on human memory of changes made, which can be faulty in larger environments.
The user’s prime interface to IT is through the ITIL Service Desk function. It is worth noting that the Service Desk in ITIL is considered to be an essential “function” rather than an ITIL “process.” As a “function” it provides a human interface for other processes in the ITIL world, whereas the ITIL processes can be seen as formalized activities that are carried out by various people, including the Service Desk staff. Also, to avoid confusion, take note that the ITIL Service Desk is not the same as the HP OpenView Service Desk set of products, although HP OpenView Service Desk products in fact covers several of the areas described in ITIL.
Going briefly to the right-hand side of the picture, we see that the Customer negotiates Service Level Agreements (SLAs) with the Service Level Manager. These SLAs then apply to the levels of service the User will receive. All incidents that occur in the use of their IT facilities are reported to the ITIL Service Desk.
Let’s now look at each individual ITIL process under the Service Support umbrella. 1. Incident Management
An incident, in the ITIL definition, is “any event that is not part of the standard operation of a service and which causes, or may cause, an interruption to or reduction in the quality of that service”. An incident is not a problem (defined under “Problem Management,” below) in ITIL, but is separate from it. Incidents are logged as “records” in the Configuration Management Database (CMDB) quite separately from problem records, although of course there will be linkage between the two.
The ITIL Incident Management process is designed to protect service continuity. When an incident occurs, this process works to quickly restore normal service operation with the least possible impact on business operations.
The ITIL documentation calls the person in the organization who is responsible for this process the “Incident Manager.” Your organization may use different job titles for this role. This role title and other role titles such as Problem Manager, Change Manager, etc., in fact often have other names, such as “operations manager,” within real companies. Regardless of the name for these roles in any individual company, the roles themselves still follow the process under the name given in ITIL.
2. Problem Management
The CMDB itself is a collection of configuration items, or CIs. A CI can be anything that has meaningful attributes and that is required to be managed by the business. Let’s look at some examples. Incidents, problems, and known errors are all examples of a CI.
Incident attributes are associated with CIs. Incident attributes are distinguished by having no further descriptive attributes of their own; for example, think of a Social Security number for a United States citizen. An incident case number is an ITIL-related example of an attribute of a CI.
3. Configuration Management
The main goal of the Configuration Management process is to maintain and control all versions of all existing Configuration Items. Configuration management provides accurate information to support all the other service management processes.
The personnel and roles of the company, documentation, organization charts, the Definitive Software Library (DSL) and Definitive Hardware Library (DHL) for any released products are stored in the CMDB. This could be a very large set of things, so in practice the CMDB may contain pointers to other storage mechanisms for some of these items, such as a separate personnel database, for example.
The DSL is where the authorized versions of all software Configuration Items (and source code) are stored. The DSL contains both the software developed by the owning organization and master copies of any purchased software. The DSL may be physically made up of many storage places, but it is logically one store.
The Configuration Management process encompasses five main activities:
1. Planning – creating a plan for configuration management over the coming 3 to 6 months. This plan details the strategy and policy, CMDB design, tools, and other resource
requirements.
2. Identification – selecting and naming all Configuration Items, ownership, relationships to other CIs, versions, and identifiers.
3. Control – ensuring that only authorized CIs are accepted for use. This ensures that appropriate documentation (such as a “Request for Change,” described in the Change Management section below, is available for any CI that is modified, added, removed, or replaced in the CMDB.
4. Status Accounting – rather than referring to traditional financial accounting, this means reporting up-to-date and historical data for all CIs throughout their lifetime. This makes it possible to track state changes for CIs.
5. Verification and Audit – conducting reviews that assert that CIs actually exist, and checking that these CIs are correctly detailed in the CMDB.
Among the benefits of implementing the Configuration Management process fully are the following: • We now have accurate information on all CIs and their supporting documentation.
• We have tools for adhering to the legal and contractual obligations that govern the industry. • We have visibility of all software changes and a clear foundation for the Release
Management process.
4. Change Management
The ITIL Change Management process keeps the IT infrastructure in line with the needs of the business. This process formalizes the approach for handling any changes that could get in the way of allowing IT to deliver services through a single, centralized process of approval, scheduling and control. “Authorization” and “Approval” are key words in this process. The Change Advisory Board, or CAB, is a group of people who investigate and authorize or deny any proposed changes. The CAB produces a Forward Schedule of Changes that identifies any future changes and the actions to be taken on them. Anyone (such as a User accessing the Service Desk) can submit an RFC at any time, but the CAB controls these requests and what becomes of them.
5. Release Management
Release Management is the final ITIL process under the Service Support umbrella. The defenders and controllers of the production environment execute this process. The person playing the role of the Release Manager selects the pieces and parts to use for implementing an approved change. Remember that this change will have been approved previously by the Change Manager and the CAB as described above.
The Release Management process enforces effective use of any new or changed services that the organization plans to implement. This process spans the planning, designing, building, testing, and releasing of hardware and software components. Following this process ensures that only compatible, licensed, and appropriate releases take place. Releases that are not aligned with the organizational goals are minimized.
When you want to identify the Release Management group, the key words to look out for in
organizations are “implementation” and “deployment.” The Release Managers set policy on releasing anything, and they design and build the release as well as control configuration management. A Release is defined as a collection of authorized Changes to an IT service; the release is
characterized by the set of Requests for Change (RFCs) that it implements. A Release will be recorded separately from other items in the CMDB. The Definitive Hardware Store (DHS) is a secure area holding spare definitive hardware CIs that make up part of a Release. Details of these DHS components should be recorded in the CMDB.
Figure 3. Summary of the types of CIs discussed here.
ITIL Processes
You can find more information on the remaining processes in the Service Management area at the reference sites given below.
Service Delivery
Up to this point, we have focused on the direct interactions with the user from day to day relating to incidents and problems that comprise Service Support. Now we will shift our focus to the separate area of Service Delivery within the overall Service Management section of ITIL, as illustrated in Figure 1. Service Delivery addresses the ongoing delivery and control of the services being offered. This area is composed of five processes:
1. Service level management 2. Availability management 3. Capacity management 4. Financial management
5. IT service continuity management
We’ll examine each of these processes briefly below. 1. Service Level Management
Service Level Management is the process of ensuring that Service Level Agreements (SLAs) are documented with the Customer. This process monitors the actual supplied service levels to ensure that they conform to the SLAs.
The Service Level Management process describes the creation of a catalog of supplied services to the Customer. This document itself is stored in the CMDB. The catalog describes the key features of the services provided and forms the basis for understanding between the Customer and IT. We can look at the Service Level Management process as a way to provide the discipline between the service provider (the IT department, for example) and the service consumer or the Customer.
2. Availability Management
The Availability Management process ensures that services are available when the Customer needs them. This process is not concerned with extreme catastrophic events, such as the occurrence of a fire
causing the loss of a building containing parts of the IT infrastructure. Availability management instead addresses the more confined, day-to-day issues that prevent any service from being available and managing them to known levels. This process has various factors impinging on it.
Some of these factors include: • Business demand
upport vices available
ility of the IT infrastructure pport availability of service The y
• The percentage of agreed hours for which the service is available (its “Availability”)
m external suppliers
3. C p
is process addresses the current and future business needs of the Customer of the IT organization computing, storage and network capacity to handle potentially
to the Capacity Management process are:
• The SLAs (with any SLA breach events and trends) and the Service Catalog from the
• ment process, such as the Forward Schedule of Change
Amo
• The Capacity Plan
olds of the service ns
to the Change Management process It is p
apacity Management, but also Business Capacity Management (including the description of current
nancial Management as a process within ITIL has a clear objective: the cost-effective ownership and services. This is a key part of Service Management.
ent are the Budgeting and Accounting sub-rocesses, which are mandatory, and the Charging sub-process which is optional. Not all Service
n of s • Availability of human s
• Cost of making ser
• Level of redundancy and reliab • Level of maintenance required to su
ke elements of the Availability Management process are: • Its reliability, or the prevention of failure
• Its maintainability, or the ability to restore services back to normal functioning • Its serviceability, or support capability fro
• Its security, consisting of confidentiality, integrity and access controls a acity Management
Th
and ensures that there is enough
growing needs over time. The success of this process is very dependent on accurate forecasting of business needs, a good understanding of where technology is going, and good planning for IT capacity.
The inputs
Configuration Management process • Both the Business and IT future plans All outputs from the Change Manage • Outcomes from any Service Reviews
ng the outputs from the process are: • Baseline measurements and thresh • SLA recommendatio
• Changes for service improvement that are fed back in
im ortant to note that the Capacity Management process covers not just technical IT Resource C
and future SLAs) and Service Capacity Management. 3. Financial Management
Fi
handling of IT resources in order to provide IT
When done effectively, the Financial Management process reduces overall long-term costs and identifies the actual costs of providing services.
The main considerations within Financial Managem p
Costs are broken down into Capital Costs versus Operational Costs, Direct versus Indirect Costs and xed versus Variable Costs. The Financial Management Process produces a cost model or framework
Service Continuity Management addresses the types of interruption to service that are much more an those that are covered by the Availability
and
he business by effective analysis and risk management. The rocess thus prevents the loss of Customer confidence in the event of a catastrophic occurrence such
ss of a facility, people r critical support systems, such as power, as follows (listed in increasing order of cost and complexity
(sometimes, if rarely, applicable) • Manual back-up
tions agree to back each other up)
(having a “cold standby” that must be loaded before it can come into play)
Man d tion at a remote site that can take over from
em in the event of an emergency outage in one of the above forms. Characterizing the type and s pt
ave a good overall view of the various ITIL processes and the ITIL Service Desk function that we have introduced in this paper, along with a view of the benefits that accrue from
s –
s the full ITIL areas of interest. Fi
such that all known costs are identified. This makes it possible to calculate the overall cost of IT services to be allocated to different Customers. The resulting overall cost may be a theoretical charge or a real charge, depending on the organization.
4. IT Service Continuity Management IT
widespread and far-reaching in their effects th
Management process. The IT Service Continuity Management process considers the major negative events that could befall the IT service supporting systems. This process includes making plans
provisions for recovery from significant, potentially serious events so that service returns to normal as soon as possible, within cost constraints.
This process attempts to reduce the risk to t p
as a fire that destroys a data center. A risk analysis may be done during the execution of this process according to the Central Communications and Telecommunications Association (CCTA) Risk Analysis and Management Method (CRAMM for short). This analysis identifies the risks, associated threats, vulnerabilities and impacts, and it describes some potential countermeasures.
ITIL guidelines categorize the types of Recovery from a serious outage due to lo o
to the organization): • Doing nothing
• A reciprocal arrangement (where other organiza • Gradual recovery
• Intermediate recovery (having a “warm standby”) • Immediate recovery (having a “hot standby”)
y ata processing centers maintain another installa th
level of service that will be available in such events is the business of the IT Service Continuity proces and plan formation. The plan is itself a document that is required to be safely stored. It should be ke in an off-site location where it will be available when needed. Such a location should be remote from any susceptible site. The plan should of course be tested on a regular basis and adjusted as the needs of the business change over time.
Summary
You should now hintroducing these processes into an organization. As mentioned earlier in this article, organization can start by introducing one process from the whole set, such as the Change Management process and gain benefits quickly.
Table 1 (below) summarize
Service Support Service Delivery
Incident Management Service Level Management
Problem Management Capacity Management
Configuration Management Availability Management
Change Management Financial Management
Release Management IT Service Continuity Management Table 1. Summary of the processes within ITIL Serv vice Delivery.
ents in table 1 comprise the IT Servi the world of ITIL. erall ITIL here. You can also investigate the separate areas of Planning to Implement Service Management,
n.
ased on ITIL and offering services to customers to implement it. The HP ITSM Framework and the .
ith d determine which ITIL practices will best fit our business’s needs.
ice Support and Ser Together, the
Looking back at Figure 1, you can see that we have only addressed one area of the ovelem ce Management area within sp
The Business Perspective, Application Management, Security Management, and ICT Infrastructure Management. This information is available through the ITIL website and supporting documentatio HP has long held a leadership role in contributing to the development of ITIL guidelines and in offering ITIL-compatible solutions and services. HP has contributed by constructing its own ITSM Framework, b
Consolidated Service Desk solution include consulting practices and software products to help organizations build manageable systems that enable a closer linkage between IT and business needs HP’s professional services include access to experts who can assist clients with ITIL as well as with more traditional consulting and implementation needs.
ITIL best practices will be useful for anyone implementing service management in order to align IT w the business. We encourage you to investigate further an
y
For more information
ITIL OGC WebsiteitSMF Website
ITIL best practices for application development he application developer
How ITIL can help t (playback webcast, free registration required) ageable applications using ITIL processes
Developing man (free registration required)
HP ITSM portal (free registration required)
About the author
Justin Murray is a solution arch
Justin has consulted at a technical level on customer projects involving Java, J2EE and web services. itect. He has worked for HP in various consulting and teaching roles. Justin works in the management software domain at HP, linking the HP OpenView suite of
management tools with HP's alliance partners to create solutions for customers.
