?????%20???????%20???%20ITIL%20?-?'%20???%20Closed%20Loop

1
????? ??????? ??? ITIL ?-?' ??? Closed Loop
???? 5 ?? ???? ????? itSMF ??????
?????

• ?? ??????, CTO, ??????
• shaio_at_matrix.co.il

2
Agenda

• ????? ??????? ?! ??? ?
• ?? ?? Change Management ??? ITIL ?
• ???? ????? ITIL ????? ?? ?????? ????? ??????
  ??????? ?
• ????? ???? ?-ROI ?? Change Management ?
• ??? ????? Change Management
• ????? ???????
• ???? ?-Closed Loop Change Management
• Closed Loop Change Management Use Case

3
????? ??????? ?!??? ?
4
??????? ?????

• Hitachi Data Systems bi-annual survey of 800 IT
  directors in 21 countries in EMEA identified the
  top three business continuity concerns
• Fire 57
• Computer Viruses 55
• Human Error 50
• From Managing Automation, September 13,
  2005
• http//www.managinginformation.com/news/content_sh
  ow_full.php?id4255

5
?????

• Human error still counts for the majority of
  security incidents 79.3.
• 53 of organizations do not have written IT
  security policies.
• 50 have no plans to implement security awareness
  training.
• 63 have no plans to hire IT security personnel
  in the next year.
• 27 of firms polled require IT security training
  and only 12 require any form of certification.
• May 17, 2005 Third annual CompTIA
  study
• http//www.comptia.org/about/pressroom/get_pr.aspx
  ?prid611

6
??????
Operator Error 60
System Outages 20
5
Security Related
15
Non-Security Related
Application Failure 20
Data Source IDC, 2004. Graphic Source Tripwire
7
It is not necessary to change.  Survival is not
mandatory

• W. Edwards Deming

8
????? ?? ?? ?????... ?? ?????.

• ?-80 ??????? ?????? ?????? ???????? ?? ???????
  ????? -- ?????
• ?-50 ?? ???????? ???????? ??????? ??????? ?????
  ?????? ????? ????? ?? ??????? ???????
• ???? ????? ????? ?-IT ?? ???? ?????? ????
  ???????

9
??? ?????? ?? GAP.com
GAP annual revenue from .com site 236 million
Divide by 365
Daily revenue loss 646,000
10
It is not the strongest of the species that
survives, nor the most intelligent, but the one
most responsive to change

• Charles Darwin

Sometimes it's the smallest decisions that can
change your life forever
Bruce Barton
11
Business Needs vs. IT Needs

• Business needs flexibility
• Location
• Operating system
• User roles
• Response to change
• IT needs to standardize
• Reduce support costs
• Improve security
• Improve compliance
• Conflict Between Flexibility and Standardization

12
Conflict 2 IT Control vs. IT Responsiveness

• In the Business World change drives competitive
  advantage
• In the IT World working systems are best left
  alone
• The Paradox
• IT is often perceived as unresponsive but at
  the same time
• IT needs to increase control of the IT
  environment to deliver quality
• Achieving balanced state of responsive and
  controlled is crucial for IT to support modern
  business
• Current approaches usually optimize one or the
  other but not both!

The Answer? A Best-Practice Solution Integrate
and automate Change and Configuration Management
(CCM) practices into the IT organization
13
?? ?? ????? ??????? ?

• ????? ??????? ??? ITIL

14
Great things are not done by impulse but by a
series of small things brought together

• Vincent Van Gogh

15
Change Management by ITIL

• ITIL Change Management - ????? ??????
• To ensure that standardized methods and
  procedures are used for efficient and prompt
  handling of all requests for changes in order to
  minimize the impact of change-related incidents
  on service quality and to improve the day to day
  operations of the organization and the service
  levels.
• To make an appropriate response to a Change
  request entails a considered approach to
  assessment of risk and business continuity,
  Change impact, resource requirements and Change
  approval. This considered approach is essential
  to maintain a proper balance between the need for
  Change against the impact of the Change.
• It is particularly important that Change
  Management processes have high visibility and
  open channels of communication in order to
  promote smooth transitions when Changes take
  place.
• Apply ongoing continuous improvement techniques
  to the Change Management process

16
Change Management by ITIL

• ITIL Change Managements scope
• Hardware
• Communications infrastructure
• System software
• 'Live' applications software
• All documentation and procedures associated with
  the running, support and maintenance of live
  systems

17
Change Management by ITIL

• ITIL Change Management - ????? ??????
• Minimize The Impact Of Change-related Incidents
• ??????
• ????? ???? ????? ????? ??? ?????? ?????
• ???.....
• ????? ??????? ?????? ?????? ?
• ????? ??????? ?
• ????? ???? ??????

18
Change Management by ITIL

• ITIL Change Management - ????? ??????
• Efficient and prompt handling of all changes
• ??????
• ???? ????? ????? ?????? ????? ??????
• ????? ??????? ????? ?? ???? / ??????? ?????
• ???? ????? ?? ????????? ???????

19
Change Management by ITIL

• ITIL Change Management - ????? ??????
• Ensure that standardized methods and procedures
  are used
• ??????
• ??? ????? ????? ??????? ????
• ???? ????? ????? ??????
• ?? ????? ??? "????? ?? ????? ????"
• ????? ??????? ?????? ?? ???????? ???????????
  ??????? ??????
• ???? - ????? ????? ?? ????? ????? ????? ??????
  ??"?, ????? ?????? ?? ???????

20
Change Management by ITIL

• ITIL Change Management - ????? ??????
• A considered approach to assessment of risk and
  business continuity
• ??????
• ???? ????? ?-Impact ?????? ?? ????????
• ???? ????? ??????? ?????? / Batch ????????

21
Change Management by ITIL

• ITIL Change Management - ????? ??????
• Maintain A Proper Balance Between The Need For
  Change Against The Impact Of The Change
• ??????
• ???? ??????? ?????? ?? ?????? ???? ????? ??????
  ?? ??????
• ????? 20 ?????? ?? ??????? ???? ??? ????? ????
• ??? ?? ???? ????? ??? 100 K

22
Change Management by ITIL

• ITIL Change Management - ????? ??????
• Have High Visibility And Open Channels Of
  Communication
• ??????
• ???? ????? ?????? ??????
• ???? ?????? ????? ???? ?????
• ????? ?? ?????? / ???????? ?? ??????? ??? ???????
  ??????????

23
Change Management by ITIL

• ?????? ???????? ?? Change Management
• Improve the quality of the Change process through
  structured methods procedures.
• Minimize the negative impact of changes sharing
  of experience and communications.
• Establish efficient approval lines that cover the
  business, technical and support aspects of the
  change.
• Develop a variety of change processes to fit
  commonly occurring degrees of change.
• Apply ongoing continuous improvement techniques
  to the Change Management process.

24
Change Management ?? ?? ??? ??? ????'? ???

• ???? ????? ??? ????? ????? ???????? ???????
  Release Management ??? Assets Config Management

• Change Management Is the set of standardized
  processes and tools used to handle change
  requests in order to support the business while
  managing risks. (Risk Management)
• Release ManagementUses formal controls and
  processes to safeguard the production
  environment. Coordinates the rollout of changes.
  (Quality Control)
• Asset Configuration ManagementFocuses on
  tracking and documenting configurations and then
  providing this information to other areas
  including Change and Release Management.
  Configuration tracks relationships to understand
  who is affected and assess impact.

25
????? ????

• ??? ???
• Change - An action that results in a new status
  for one or more IT infrastructure configuration
  items
• Standard Change (Pre-approved)
• Request for Change (RFC)
• Impact Categories
• Urgent change (EC)
• Forward Schedule of Changes (FSC)
• Change Advisory Board (CAB)
• Change Advisory Board Emergency
• Committee (CAB/EC )

26
ITIL Change ManagementThe Change Control Process

• ????? ??????? ???? ??? ????? ???? ?????? ????
  ?????? ?????
• ITIL Handbook Change Management
• Goal A single centralized change process that
  manages the entire life-cycle of the change
  including
• Initiation Recording ? Filtering ? Assessment ?
  Categorization ? Authorization
• Review and closure ? Implementing ? Building
  Testing ? Scheduling

Source ITSMF Companion9. Change Mgmt, Page 41
27
????? ????? ??????? ??????? ????? ????? ?? ?

• Incident / Problem Management / Business / User
• Identify a potential change
• Create Request For Change (RFC)
• Change Manager
• Filters requests
• Prioritize - Determines urgency
• Determines if it is a standard change ?
• Categorize - Identifies the category based on
  business impact
• Minor Impact (Change manager authorizes,
  schedules notifies CAB)
• Significant Impact (Change manager sends RFC copy
  to CAB)
• Major Impact (Decided at a senior management or
  Board level)
• CAB
• Advises the change manager who chairs the CAB
• Change Manager
• Authorizes or Rejects the change
• Build the change
• Release management
• Engages to oversee testing, rollout planning,
  etc.

28
?? ???? ????? ??? ?-CAB

• Change Manager (ITIL role)
• Problem Manager (ITIL role)
• Service Level Manager (ITIL role)
• Affected customers and users
• Development staff
• Consultants / Vendors / Outsourcers
• Services Staff
• Service Desk
• IT Security
• IT Audit
• Note
• The CAB will be composed based on the changes to
  be considered
• Attendees can vary, even during a given meeting
• The CAB is a decision making body, not a forum
  for communications.
• Ask Does the potential attendee add a needed
  perspective?
• Use the Forward Schedule of Change (FSC) to
  communicate

29
????? ????? (Emergency Change)The EC Process

• Emergency changes still follow a process
• Change manager convenes the CAB or CAB/EC
• They then quickly review resources, impact and
  urgency to make a go/no-go decision.
• The change manager can authorize without the CAB
  or CAB/EC
• Emergency changes have higher risk as they follow
  an abbreviated process
• Follow a defined escalation list
• Follow a defined check list
• Test in greater detail afterwards
• Review in the next CAB meeting

30
???? ??????? ITIL ?????

• Incident Management
• Changes to address incidents must route through
  Change Management
• Incidents associated with changes
• Problem Management
• Changes arising from the generation of
  workarounds from known errors as well as final
  solutions are processed through Change
  Management.
• The Problem Manager sits on the CAB.
• Post Implementation Review
• Problems associated with changes
• Availability Management
• Projected Service Availability (really negotiated
  unavailability) for confirmation
• Forward Schedule of Change (FSC)
• Reports on implemented changes and their
  potential impact to availability

31
???? ??????? ITIL ????? - ????

• IT Service Continuity Management
• Proposed changes for ITSCM review
• Notification of implemented ITSCM related changes
• Capacity Management
• RFCs from Capacity Management
• Review of proposed changes for capacity impact
• Review of backed out changes
• Financial Management
• Financial assessment of proposed RFCs
• Financial review of implemented RFCs
• Security Management
• RFCs from Security Management
• Assessment of proposed RFCs

32
????? ???? ?-ROI ?? ????? ??????? ?
33
????? ?????? ????? ????? ????? ????????? ???
????? ??????? ?-MTTR

• MTTR is the average time it takes to recover a
  service to a level acceptable in the service
  level agreement.
• If we dont know what changed, the first part of
  dealing with an incident is trying to figure that
  out!!!!
• Groups with poor change management spend an
  inordinate amount (as high as 80 of time) of the
  MTTR simply trying to figure out what changed.
• Blame Storming meetings of all experts (expert
  cost a lot of )
• Phone calls, emails, running down the hall, etc.
• MTTR is impacted negatively by poor change
  management.

34
????? ????? ??????? ???????????? ??? ?????
??????? ?????? ????? ??????

• "Inspection with the aim of finding the bad ones
  and throwing them out is too late, ineffective,
  costly. Quality comes not from inspection but
  from improvement of the process" W.
  Edwards Deming
• Is IT paid to make changes or successful changes?
• Change management isnt about inspection its
  about having appropriate controls and processes.
• Change management is a control gate but it also
  generates data that can, and must, be used to
  improve processes.
• 80 of the fires IT fights are generated by IT!
• Even if that number is high, a very large
  percentage of unplanned work (45 in one clients
  case) is caused by failed changes.

35
????? ?????? ????? ???? ??? ????? ??????? ??????
?????? ?????

• Who here
• Has budget limitations?
• Has more work than what his/her IT organization
  can handle?
• Who has spare head count sitting idle?
• If we can reduce unplanned work
• Operating expenses are decreased
• Headcount is freed up from performing
  unproductive work
• Planned Projects can be addressed instead

36
??????? ?? ?????? ?????? ?????? - "???, ????
???? ?????????? ??? ?? ?????? ?? ?-Patch ????,
5 ????. GH - ?????? ??????"

• Getting things done quickly is vastly different
  than getting the right things done quickly.
• Beware the delusion of speed you may be moving
  quickly, but is it in the right direction?
• Gartner tells us that 70 of business executives
  believe that technology innovation is critical
  yet 80 of the actual investment is spent on
  infrastructure and core operations. 45 of
  business executives strongly agreed that IT was
  too focused on day-to-day IT requirements.This
  tells us that IT is losing attraction due to
  problems.
• This is the curse of firefighting investing too
  many resources in unplanned work.

37
?????????? ?? Deming

• ???? ?????????? ???????? ???? ????? ?????
• ?????? ???? ?????? ?????
• ???? ?????????? ???????? ???? ???? ?????
• ????? ???? ??????? ?????
• ???? ??? ?? ????? ????? ?? ????? ????? ?????????
• ?? ????? ????? ????? ???????? ???????
• ????? ??? ????? ?????? ??????

Quality
Cost
38
??? ??????? ?
39
Change Management ?? ?? ???? ?

• ??????? ???????
• ????? ??????? ???? ????? ???? ?????? ????????
  ??????
• ?????? ?? ?? ????? ?????
• ??????
• ?? "??? ????" ???????? ??????? ?? Change Manager
• ?? ???? ?????? ??????? ??? CAB
• ????? ?-IT ??????? ??????? ??????? ??????
• ????? ???? ??????
• ????? ?????
• ??????? ??????
• ????? ??????? ??????? ????? ????? ????
• ??????
• ????? ?????
• ????? ???? ????? ????? ??????? ?????? ???? ?????
  ??????
• ?????

40
The key to change... is to let go of
fear Rosanne Cash

• Risk Management

41
?? ???? ???? ?? ??????
100
You can spend a fortune and you will never truly
hit a 100 level of assurance. The objective is
to lower risk to an acceptable level, not
eliminate it because you cant!
??? ???????
??? ?????? / ?????
42
????? ?-CMDB ?????? ??????

• ????? ???? ?? ?-CI ?????? ??????
• ?? ????? ?-CI
• ??? ????
• ??? ?????? ?????? ?? ?-CI
• ??? ???? ????? ?-Compliance Policy
• ?? ????? - Service Model
• ??????? ??????
• ??????? ??????
• ??????? ?????? ??????? Batch
• ?? ????? - ???????? ?? ???????
• ??? ???? ??????? ?-CI ???
• Problems ??????
• ???????? ?? Incidents
• ????? ?????? - ??? ?????? ????? ???? ?-CI
• ?? ?-SLA ?? ?-CI / ?????? ??????
• ????? ????????? ?? ???? ????? / ??? ??????
  ??????

43
??? ????? ??? ???? ??? ??????????? ?? ???
Discovery ?????? ??????? ?????

• ??? Discovery ????? ??????? ??? ??????? ?????? ?
  
• ????? ?????? ???????? ?????? ?-CMDB
• ????? ??????? ????? ?????? ????? ????????
• ????? ????? ??? ????? ??????
• ????? ?????? ?-Compliance
• ?? ????? ??????
• ????? ???

All truths are easy to understand once they are
discovered. The point is to discover
them Galileo Galilei
44
?????. Change Management ! ?? ??? ?? ????
Workflow - ????... ??? ????? !
45
??? ???? ????? ?? Patch ???????????? ????? Patch
??"? Gartner
46
Chaos Regions??? ??? ????? ????? ?/?? ?? ?????
???? ?? ??????
47
"The problem with communication ... is the
illusion that it has been accomplished "

• George Bernard Shaw

48
Open Loop ???? ???? ???? ???????
Operator Error 60
System Outages 20
5
Security Related
15
Non-Security Related
Application Failure 20
Data Source IDC, 2004. Graphic Source Tripwire
49
????? ??????? ?????? ????? ?-Open Loop
Added time/cost to document compliance
(segregation of duties, changes, licensing)
Manual compliance reporting from multiple sources
Requests
Verification
Planning
Manual verification of change completion
- Expensive re-dos - Vulnerabilities remain
Approval
Implementation
- Systems break due to mismatch of testing,
targets, released software - Implementation
delays and errors
Manual, swivel-chair level integration between
change and implementation
50
I know what I gave them, I dont know what they
received

• Buddha

51
?? ?? ?? ?
52
????? ??????? - ?????????

• Closed Loop Change Management
• ????? ????? ????? ????
• ????? ????? ?????? ??????? ???? ????? ???? ???
  ?????? ?????
• ????? ??????? ???? CI / ??????? ??? ??????? /
  CMDB
• ????? ????? ???????? ?? ??????? ???? ?-CI ?????
  ??? ???"?
• ????? ????? ??????? ????? ????????? ????? CI
  ?????? ???? ?????? ?????
• ??????????? ?? ?????? ?????
• ????? ?-Templates ?????? ??????? ?????? ?????
  ???? Security Patch
• Impact Analysis
• ????? ?????? ?????? ??????? ????? ??????
• Notification ?? ?????? ??????? ????? ?????
• ????? ?????? ????? ????? ??? Notification ??
  ?????? ???????
• ????? ????? ??? ?????
• ????? ????? ??? ????? ?????? ?????? ?????
• ????? ??????? (Workflow)

53
????? ??????? ????????? ????

• ????? ???????? ?? ?-Risk ????? ??????
• ????? ???? ?? ??????
• ???? ??????? ????? ???????? ????? ???????
• ????? ????? ??? ??????? ???? ????? ????? ?????
  ????
• ??? ????? ??? ????? ????? / ????? ????? ?????
  ???? ?? ????????
• ??? ?-SLA ?? ?????? ????? ????? ??????? ????
  ?-SLA ???? ?????? ?????? ?? ??????
• ????? ???? ?? ?????? - ????? ???? ???? ?-Batch
• ???? ?????? Batch ???????? ???? ???? ????? ??????
• ????? ??????? ??????? ?? ????????
• ????
• ????? ?????? ?? Batch Job ?-Control-M
• ????? ????? ?? ????? / ????? ??? ??? ????? ?????
  ??????

54
????? ??????? ????????? ????

• ????? ??????? ?????? ????? ??????(Release
  Management)
• ????? ?? ?????? ?? ?-CIs ??????? ?-Change Request
• ????? ?? ?????? ?? ?-DSL package ?????? ??????
  ??????
• ????? ??????? ????? ???????Capacity Management
• ??????? ?? ????? Capacity ??? ???? ????? ??????
• What-If ?? ???? ??
• ???? ??????????
• ???? ????????????
• ???? ?????
• ????? ??????

55
Designing an effective approach

• Provide an integrated and automated change
  process that offers a flexible balance
• This solution would need to
• Manage the change lifecycle from request to
  verification
• Provide flexible deployment policies
• Continually monitor enforce deployments and
  polices
• Intelligently manage the update/patch process
• Offer management visibility approval
• Achieve better compliancy monitoring and goal
  attainment

56
Closed-Loop Change ManagementThe Process
Requests
Compliance
Planning
Verification
Approval
Implementation
57
Quick Fact

• Closed-loop managed PCs can save 268 per year,
  per PC as compared to unmanaged PCs
• Gartner

58
Closed-Loop Change ManagementThe Components
Discovery Solutions
59
Quick Fact

• Using a closed-loop, automated process to
  provision new users can reduce costs by 578 per
  new PC deployment.
• Gartner

60
Client Management Use Case Closed-Loop Change
Management

• New Vulnerability
• Employee Change
• System Refresh
• OS Migration

Planning/Scheduling Ensures assessment of
resources, costs and risks for the change
Compliance Reporting
Risk and Impact Analysis

• Verification
• Auto verify task
• Discovery Verification

Tasks assigned and worked
Approval (Governance)Ensures change
prioritization and resource allocation
ImplementationEnsures changes are deployed with
minimal infrastructure disruption
61
???? ?? Closed Loop Change Management
?????? ???????
??????
????? ?????
????? ????? ??????
?????? Online
?????? ???
?????? DB
?????? ?????
?????? WAS
EMC2
EMC1
DB_DHP1
BackBone Tel Aviv
BackBone Haifa
BackBone Jerusalem
DB_DHP2
SRVDB2
SRVDB1
SRVWAS1
SRVWAS2
62
???? ?? Closed Loop Change Management

• Change Management
• ????? ?????? ?? ???? ?-CMDB
• ????? ???????, SLA ?? ??????, ?????????
  ?????,????, ???? ?????
• Discovery
• ?????? ????? ???????? ??????? ?????? ??????
• CMDB Updated
• ??? ?????? ????????
• ???? ???? ?? ?????? (?????? / ?? ??????)
• ?????? ITSM ????????
• ????? ??????? ??????
• Dashboard ???????
• Service Desk
• ????? ???????
• ????? ?????
• ...

?????? ???????
??????
????? ?????
????? ????? ??????
?????? Online
?????? ???
?????? DB
?????? ?????
?????? WAS
EMC2
EMC1
DB_DHP1
BackBone Tel Aviv
BackBone Haifa
BackBone Jerusalem
DB_DHP2
SRVDB2
SRVDB1
SRVWAS1
SRVWAS2
63
???? ?? Closed Loop Change Management
?????? ???????
??????
????? ?????
????? ????? ??????
?????? Online
?????? ???
?????? DB
?????? ?????
?????? WAS
EMC2
EMC1
DB_DHP1
BackBone Tel Aviv
BackBone Haifa
BackBone Jerusalem
DB_DHP2
SRVDB2
SRVDB1
SRVWAS1
SRVWAS2
64
???? ?? Closed Loop Change Management
65
Closed Loop Change Management ??????

• Use Case

66
Use Case Configuration Update/Change
BMC Remedy Change Management

• A new configuration is required.
• A change request in Remedy Change Management is
  opened for its deployment.
• The change workflow ensures appropriate testing
  and approvals

67
Use Case Configuration Update/Change
BMC Remedy Change Management CCM Calendar

• Release plans are scheduled by looking at the
  Remedy Change Calendar
• Ensures that new changes do not adversely impact
  previously scheduled business and IT events

68
Use Case Configuration Update/Change
BMC Remedy Change Management Risk Report

• Risk assessment and decision making is aided by
  Remedy Change

69
Use Case Configuration Update/Change
BMC Configuration Management

• The change is automatically populated into BMC
  Configuration Management, along with the Change
  ID and Task ID
• Administrator initiates the approved change

70
Use Case Configuration Update/Change
BMC Definitive Software Library

• Configuration Management automatically pulls the
  correct certified software from the Definitive
  Software Library and deploys it to the end-points

71
Use Case Configuration Update/Change
BMC Configuration Management

• Configuration Management automatically verifies
  the task compliancy and reports that to the
  change ticket
• This auto-verification is what closes the loop in
  the change process

72
Use Case Configuration Update/Change
BMC Atrium CMDB

• Regular discovery automatically updates the CMDB
  via reconciliation
• Changes can be confirmed by reporting from the
  CMDB

73
Use Case Configuration Update/Change
Compliance Reporting

• Configuration Management automatically stamps the
  logs of each endpoint with the change activity

74
Use Case Configuration Update/Change
Compliance Reporting
Compliance

• Compliance reporting on ONE set of tasks is much
  more cohesive example, license management
  reporting

75
Use Case Configuration Update/Change
Compliance Reporting
Compliance

• . . . or for compliance to stated implementation
  policy goals

76
Quick Fact
Enterprises that can deploy patches to 80 percent
of their PCs within 96 hours of a vulnerability
announcement will experience an 80 reduction in
PC downtime (Gartner)
77
"He who rejects change is the architect of
decay.  The only human institution which rejects
progress is the cemetery"

• Harold Wilson

78
"When you are through changing, you are through

• Bruce Barton

79
??????
?

• ?? ??????
• CTO
• ???? shaio_at_matrix.co.il
• ???? (054) 434-9578

80
???? !

• ?... ??????? ????? ??? !!

????? 2007