DIGEST A vendor perspective of current IT management processes
vital digest
LEADER
1 Don’t forget the workers!
8 A more efficient future for the BBC
I
t is a fine old tradition in UK publishing circles to offer the reader something special for the summer holiday period – something you can take in your hand-luggage to sunnier climes, so you don’t lose your business-focus while you sip exotic cocktails and bask under foreign skies (if extravagant holidays are still on the agenda in these straightened times!) With this in mind here is the VitAL Digest, a round-up of the state-of-the-art in IT service products and services. While it seems IT security is hardly ever off the front covers these days, here we address the challenge of tackling the problem without disrupting your staff. Clearly business alignment has never been higher on the agenda, so we are focussing closely on business needs in the Digest too. The link between Olympic-standard hurdling and IT may not be obvious, but Dennis Adams makes it plain in his feature. From the customer experience to power consumption; from IT security to return on investment, there is something here that is bound to be of use to any IT professional in this the most challenging of business ages.
Corporate history is littered with tales of the disruption and woe caused by IT projects and there is a good chance that there is one just about to start near you. Andrew Smith shows you how to stop your IT security project from clogging up your helpdesk and frustrating your people.
3 Request fulfilment: Asking for a better service desk experience
When the world’s favourite broadcaster realised its service desk system was too restrictive to keep pace with its growing needs it turned to ICCM for the solution.
10 Conquering the hurdles of managing IT production
Mike Charles argues that implementing request fulfilment is easy, intuitive and a great way to show the business your service desk’s value especially in the current financial climate.
4 Can you improve efficiency and ROI in a recession? Yes you can! Is tackling service management like jumping a series of hurdles? Dennis Adams identifies a set of common principles inspired by a meeting with prospective Olympic hurdler Andy Howell.
Matt Bailey Editor
13 Counting the cost of energy consumption A newly unified approach to IT and business strategy is increasingly prevalent in the boardroom and converts to high-level IT business alignment are finding that efficiency now centres on using ITSM for revenue generation and to mitigate the cost of regulatory compliance.
II
6 How does ITIL v3 help improve IT services? Caroline Wyatt outlines the role ITIL v3 is playing in improving IT services across the service management sector.
VitAL : July / August 2009
Helping service managers to count the cost of PC energy consumption across your enterprise, NetSupport launches the latest version of its DNA v3 software.
vital digest
Don’t forget the workers! Corporate history is littered with tales of the disruption and woe caused by IT projects and there is a good chance that there is one just about to start near you. Emereo business development director Andrew Smith shows you how to stop your IT security project from clogging up your helpdesk and frustrating your people.
I
T security, be it end-point security (EPS) and/or data loss prevention (DLP), is an initiative possibly resonating in your organisation today. Some projects seek accreditation, such as to the UK Government’s Code of Connection, others may seek good governance under the auspices of ISO 27001 or compliance to Sarbanes Oxley. Many will simply be fearful of the impact lost or stolen data could have upon the reputation and/or competitiveness of their company. So baton down the hatches, lock those drives and blacklist those storage devices. Stop. If you want to avoid having your staff ‘keel hauling’ your IT helpdesk analysts, you need to re-appraise your IT security project roll-out now. Your organisation’s justification for deploying an EPS/DLP solution will be real. It should not be a knee-jerk reaction and certainly not one that stops your staff from working. Achieving governance, accreditation or compliance is also about a huge chunk of assurance that critical and sensitive information is secure and the reputation and integrity of staff and the organisation is intact to remain competitive and trusted.
Above all it has to be about productivity. There is absolutely no point undertaking any IT project if hindering your staff is the net result, because the burden it would place on support will be huge.
Robust security removes the shackles And here’s an interesting fact. Gartner Group recently reported that in over 33 percent of companies, where technology, such as DriveLock from Emereo, has enabled a robust IT security policy, significant increases in staff satisfaction due to greater mobile working capabilities have been experienced. Who would not want to see more of their staff being able to work from home, abroad, in fact anywhere? Only someone concerned about data loss. Planned and well implemented endpoint security will recognise how people want to work, the devices they will use and the data they will access, move and share. When solid data and device encryption is introduced on a profile basis staff will be able to go about their daily tasks as they would like to and also embrace more flexible working practices such as increased home-working. Happy workers tend not to be a burden upon IT support!
Protect your organisation against data loss, theft and unauthorised intrusion Invariably the issues facing IT are two-fold; how to design a security policy which is applicable to the user community and how to easily enforce the policy through enabling technology. Like most IT projects no one wants to be saddled with long lead times and no pragmatic response to protecting your organisation without hindering the productive working behaviour of staff. At the beginning of any project, regardless of its scale, Emereo’s consultants aim to provide a more informed picture of how data is used. A discrete audit examines device usage, storage and access rights and Emereo can quickly illustrate a real understanding of what risk factors truly exist. But risk has to be objectively assessed. According to Computing (November 2008), 56 percent of employees leak data unintentionally so the audit also examines working practices. As good as it is to achieve an IT security policy which protects your organisation it will soon become counter-productive if staff find it increasingly difficult to work. Without doubt in all instances with data
July / August 2009 : VitAL
D1
VITAL digest
So baton down the hatches, lock those drives and blacklist those storage devices. Stop. If you want to avoid having your staff ‘keel hauling’ your IT helpdesk analysts, you need to re-appraise your IT security project roll-out now. and information secure the opportunity for better decision making can be derived. So it’s no surprise that for all the implementations Emereo has completed every organisation’s security policy has been different. Some concentrate on restricting the use of mobile devices and storage, while others will aim to exert more granular control upon users and applications. Others may just need to prove that access to critical information sources is controlled, to satisfy compliance with an industry standard or requirement.
Project goals Emereo realises that data security and the need to intelligently control mobile devices, such as USB drives, is of paramount importance for those wishing to avoid data loss and theft. Emereo’s choice of solution, DriveLock can provide very granular control over the use of peripheral devices. Significantly permissions can be granted or denied in order to determine which devices users or groups are allowed to use. These types of scenarios are often where an implementation project for DriveLock begins as it encourages the debate between Corporate Governance and IT Governance: • Best practice for managing people; • Best practice for data security; • Best practice for managing information; • Best practice for protecting customers/ suppliers/strategic partners/stakeholdes. Regardless of which stakeholders sponsor the project (the business or IT) the implementation will be quick, easy to configure and user intuitive. An organisation’s security policy can be fully managed in days.
Scope & deploy
D2
The first phase of any end-point security project Emereo undertakes is to consult with the organisation to understand how they think their data and corporate information is managed and used. • What data exists, where and in what form; • Why data exists and what purpose does it serve; • What are the foreseeable future uses; • Who uses the data, how are they using it and how it is being shared amongst colleagues and 3rd parties.
VitAL : July / August 2009
This last point throws up many grey areas, Government use a plethora of ‘agencies’ and it is not uncommon in private sector organisations for the marketing department to share customer information with mailing houses and research companies. In fact looking at how an organisation interacts with its partners and suppliers can immediately reveal holes the organisation never knew existed in their information management processes. Consequently Emereo utilises an array of skills to understand how data is used and is moved. A device usage report is generated to illustrate peoples’ reliance on storage devices, often to legitimately do their job; a USB memory stick is many peoples’ preferred means of taking work home to do. As conscientious as this may be, a lost memory stick can sometimes be a window of opportunity for others to gain competitive advantage. The device usage report provides an accurate view of both peoples’ preferred working behaviour as well as their inappropriate use of devices to download or introduce files, such as MP3s, onto the corporate network and increase the threat of malware and viruses. Getting the balance between legitimate working practices and misuse of corporate resources is something the device usage report will highlight, while Emereo’s use of focus groups will provide a level of consultation with key workers to ensure their daily use of IT is no more inhibited than the time it takes to unlock and lock an encrypted USB device.
Once these findings and research is complete, it can be presented to management for analysis and discussion with the aim of achieving a realistic IT security policy. As a bi-product of this discussion Emereo has run risk awareness campaigns (RAC) as a way of PRing the introduction of a policy which although designed not to inhibit employees working practices, may be met with suspicion. The RAC can highlight the threats and risks facing the company in such a way to validate the introduction of the policy and enabling technology to protect the individual against the unscrupulous acts of others. The next phase doesn’t see any less consulting with the organisation and its people. Having established a draft IT security policy it then becomes necessary to establish the best way to involve as many people in the deployment. An IT security ‘task force’ is often pulled together, run by IT and using a crossfunctional mix of employees, to participate in a pilot exercise. This will help to test the scope of the technology and enable a realistic project plan to be produced which is both user- and information-centric. In short, publish a project initiation plan which is both acceptable to the people and achievable with technology. Once all of these activities are complete, Emereo moves into the implementation phase of the project and builds a configuration designed to protect the organisation and improve working behaviour. Emereo has fully deployed DriveLock in two days in smaller and less business-complex environments. For larger organisations or those where staff are more mobile and seeking more flexible working practices, project timescales can move to a couple of weeks but significantly never months.
Let the workers work! In conclusion if you wish to deploy EPS and/or DLP with the minimum of disruption to staff, the business and those providing IT support, seek an enabled IT security policy which is people- and data-centric. Productivity is assured and reputations will remain intact. This article is a synopsis of the Emereo whitepaper ‘Implementing End-point Security’. www.emereo.eu
VITAL digest
Request fulfilment: Asking for a better service desk experience Mike Charles, senior consultant at House-on-the-Hill Software argues that implementing request fulfilment is easy, intuitive and a great way to show the business your service desk’s value especially in the current financial climate.
A
re there any self-contained lessons I can implement from ITIL v3 without having to undertake a costly reorganisation? Is there any way I can better analyse the value of my service desk? These questions are being asked by an increasing number of IT and service desk managers. Thankfully some concepts are so intuitive that whatever position you are in it is well within your interest to take a serious look.
Appealing to common sense These days most people know the difference between an incident and a problem: they are concepts that have escaped the confines of ITIL and successfully permeated IT culture. Many organisations that have yet to implement ITIL in any formal way have recognised the benefits of drawing this distinction in their day-to-day work. The reasons are obvious: incident and problem management are simple processes to understand and are equally as intuitive. What is more, they offer immediate benefits to support staff and management trying to work under increased pressure. Another process that has the same magic qualities but appears to be far less ubiquitous is request fulfilment. The ITIL v3 framework does an excellent job of highlighting this more than in past versions and it can be a valuable and quick lesson to digest for all IT departments.
The devil in the detail The scope of a ‘service request’ can vary greatly from organisation to organisation but the basic concept remains the same – a request from a user for advice, information, or provision of a
standard service. Despite this being an obvious distinction from an incident (unplanned degradation or outage of an IT service) many IT departments still log and report on requests using the same key performance indicators (KPIs) as they do for incidents. When you formally acknowledge that your service desk is dealing with requests as well as incidents you can begin to produce better reports based on more focused KPIs. In my experience this almost always results in more positive results for the service desk - and if you have a proven tool, such as our SupportDesk ITSM solution, you should find it includes reports as standard that can show performance against a sensible set of KPIs at the touch of a button.
User adoption As request fulfilment is strong on the commonsense factor there is often little resistance from users. Few would argue that a request for a brand new service should be handled in the same way as the failure of an existing one.
And once users understand that making this distinction means more focused incident management and a separate agreed process for request fulfilment with its own service and operational level agreements, this should reduce any resistance even further. In order for request fulfilment to work best you must clearly define what sorts of requests you are able to handle and, equally as importantly, what are the SLAs covering them. Some service desk tools, including House-on-the-Hill’s SupportDesk, will allow you to easily set a separate SLA structure for request fulfilment based on the types of service requests available to the user rather than impact or urgency as with incidents. Being such a useful concept, I believe request fulfilment deserves to be understood in broader IT culture than I find currently. Perhaps it will one day be as omnipotent as incident management, but in the meantime I recommend staying ahead of the pack by acknowledging it now. www.houseonthehill.com
July / August 2009 : VitAL
D3
VITAL digest
Can you improve efficiency and ROI in a recession? Yes you can! According to John Murnane, IT service management specialist at EMC, a newly unified approach to IT and business strategy is increasingly prevalent in the boardroom. Converts to high-level IT business alignment are finding that efficiency now centres on using ITSM for revenue generation and to mitigate the cost of regulatory compliance.
T
oday’s ITSM process owners and service delivery managers are under unprecedented pressure from the business to gain insight and control over the IT function. They must also demonstrate value in providing business performance support at the same time as introducing complex resource-optimising technologies such as virtualisation, and all the while controlling and reducing spend, using process efficiency to minimise the component costs of each service, without reducing the level of service delivered. Furthermore, on the back of the fallout from the current recession and financial system disarray, a cost-effective means of achieving best practice governance and regulatory compliance is now essential. With the widespread adoption of ITIL, IT departments now generally embrace the idea that their role is to align the IT function to meet business objectives. However, what is the nature of the role of ITSM and process automation should fulfil in the quest for IT business alignment and business agility?
IT moves centre stage
D4
Without doubt, the IT department’s perceived contribution to the business has evolved significantly over the last few years, taking on a much more central role in driving business success through the provision of critical business infrastructure. In fact, in virtually every business, this role has arguably evolved to a point where the infrastructure provided by IT is the business - the infrastructure that enables the organisation to deliver goods and
VitAL : July / August 2009
services to the market and run its internal operations. The link between an efficient IT infrastructure and an efficient business has become increasingly self-evident. As a result ITSM, once ‘just’ a means of managing the IT function, is emerging as a key component of managing the business. Likewise, rather than simply offering a platform for negotiating with the business, the language of ITSM is subtly evolving to allow the business and IT to plan together symbiotically. Taking a unified approach creates a dynamic system that brings together the processes, IT infrastructure and ITSM functions in support of an ongoing cycle of improvement – indisputably the route to lower cost of service and an increased ability for businesses to respond rapidly to market change.
Rising to the challenge of IT business alignment In short, the mission of aligning IT with the business has seemingly become one of aligning the business to meet business objectives. Yet however productive it may be, such alignment comes with its own challenges. Firstly there is the technology issue. IT technology is immature, constantly throwing up a moving feast of cutting edge ideas and opportunities with the potential to create a sea change in the IT function. Virtualisation is a prime example of this: an innovative technology, compelling for both operational and cost reasons, but one that immediately changes things at every level of the business.
Without doubt, the IT department’s perceived contribution to the business has evolved significantly over the last few years, taking on a much more central role in driving business success through the provision of critical business infrastructure.
VITAL digest
IT should be accustomed to this uniquely rapid pace of fundamental change, whereas the ‘old school’ functions of HR, Finance and Sales etc. may not share this understanding. Placing IT at the heart of the business renders the methodologies provided by ITSM imperative to the successful planning and management of continual technology and process change. Similarly, the cost of such change must be planned for strategically and operationally, rather than in functional silos, particularly as the demand for IT services is likely to continue to outstrip the budget available. Having a universally understood strategy of maximising the amount of IT provided to the business for minimum cost is vital. The more efficiently the business is run, the more cost reductions there will be, yielding a higher return on every pound spend on IT – and in turn reducing the unit costs of the business functions they support.
Reducing costs through process automation ITSM is in a unique position to provide a mechanism to define, fulfil, manage and cost services (the concept of Service Portfolio Management), with the service catalogue and the service desk acting as a conduit between the activities that involve the business and IT, along with a high level view of what must be achieved. Once a service is defined, supporting infrastructure and processes can be layered into the equation to provide an end-to-end view of services. Automating processes is a key weapon in the quest for increased business efficiency
and ROI. Where manual processes can be standardised, they can be automated thus lowering that all-important cost of service delivery. Access to accurate and up-to-date data from across IT functions can also be automated using a federated CMDB. Crucially, this approach allows operational infrastructure such as network and application discovery tools, which have already been cost-justified, to deliver additional value over and above their original purpose. Using out-of-the-box integrations, as in the case of EMCs Ionix for Service Management solutions, the CMDB can seamlessly provide visibility and control of the entire IT environment, using latent data to drive alerts and manage incidents. Indeed, aligning services with processes and the automated CMDB in this way creates the ultimate ‘learning circle’ – a truly systemic approach. Processes are driven by the quality of the service catalogue and the CMDB, which in turn are controlled and managed by these processes. Flaws or potential improvements to any aspect of the circle can be rapidly identified, leading to the continual service improvement that is germane to the ITSM business strategy of improving efficiency, while simultaneously reducing costs.
IT management - value for all As an example, even a simple service such as printing an invoice shows how effective the combination of ITSM and a cross-functional planning strategy can be at providing all parts of the business with exactly what they need. The service user can print as required,
the business can easily assess the cost of this service and its impact on productivity, while IT can view all the infrastructural components involved – from the physical system requirements to the people and processes – and proactively maintain the service. ITSM is now about creating an environment where everyone gets as much as possible from the entire IT real estate, with standardisation and automation delivering cost efficiencies, service improvements and compliance; with unified planning providing a joined up approach to process improvement and execution: and with the crucial ability to manage change as technology innovations and the market demand. Business process owners can own, audit, measure and improve the process design, while service users can easily request and track services. In this unified scenario, the boundaries between IT service management and IT management all but disappear to create, from a strategic, operational and planning view, a much more coherent, efficient environment. Joined at the process level and geared up to execute according to business goals, this inclusive approach to IT management provides a platform where it is truly possible to do more for less – while allowing the business to choose how to exploit increased efficiency, in terms of higher margins, lower market costs and operational performance. For more information about EMC’s Ionix for Service Management solutions visit: www.emcitmanagement.com
July / August 2009 : VitAL
D5
VITAL digest
How does ITIL v3 help improve IT services? Caroline Wyatt, services manager at Pink Elephant outlines the role of ITIL v3 in improving IT services.
T
he ITIL v3 revised guidance was published on May 30th 2007, with updated content including new concepts, revised processes, terms and definitions pertaining to the management of IT services based upon a lifecycle approach. The intention, was to bring ITIL and IT fully up to date and in line with changing business needs as the industry matures, and business demands are greater than ever for high quality service delivery. With all that said, approximately 80 percent of IT budgets are still consumed by “keeping the lights on” – maintaining day-to-day operations, so it makes sense, particularly in these times of extreme cost challenges, to make this the slickest, leanest and most efficient area within IT.
Key benefits
D6
Through implementation of the ITIL Service Support processes, you can realise some of the key benefits of a best practice approach; which include elimination of re-work, downtime caused by unplanned changes and the resultant reactive and stressful workloads. How? By working to minimise the adverse effect of incidents, reducing the number of repeat incidents, and reducing the number of total incidents through the Problem & Change Management process. If 70 percent of Incidents are caused by changes you need to look at ways to reduce this percentage – think of the cost savings and reduction in downtime that could be achieved. Effective implementation of the ITIL processes really can reduce costs, reduce the risk of operational failure and increase customer satisfaction. So the content of the ITIL courses should be aimed at helping you to achieve this. IT management and service management teams need to identify the issues specific to your organisation, then understand what needs to be done to improve the current state, define and communicate the vision of the future and educate your teams to perform within a service-
VitAL : July / August 2009
Without doubt, the IT department’s perceived contribution to the business has evolved significantly over the last few years, taking on a much more central role in driving business success through the provision of critical business infrastructure. driven culture. Pink Elephant strongly believes that the purpose of ITIL education is to enable an organisation to empower its employees with specialist knowledge in order that they can return to the workplace with an understanding of the best practice framework and talking a common language. The Lifecycle courses are for management know-how with regards to the different stages of the lifecycle approach. Applying the principles and making ongoing service improvements, is the role of the professional practitioners and is required to sustain IT as a successful part of any organisation. This is where the Capability courses provide value.
What should you do? “Add value” means making practical improvements to IT services. Those improvements then enable the business to either reduce or contain costs, reduce risk (of downtime – which by its nature will reduce
costs), and increase customer satisfaction through making IT services more servicefocused. Adopting the ITIL framework can deliver all of these benefits, and people who understand ITIL can make it happen (needed especially in today’s economy!) But the emphasis should not be about driving people towards an overwhelming ‘Expert’ programme that will take at least two to three years – and probably longer for most people - to complete. Twenty two points for an individual does not equate to service Improvement for IT. So let’s get back on track with the ITIL Certification scheme – it’s not about the number of examinations the examination institutes can sell, it’s about delivering knowledge to individuals who can then make a difference in their organisations. And it’s not just about having an ITIL ‘Expert’ Certificate, it’s about gaining real, practical knowledge. What we need is more carefully targeted education and training aimed, primarily, at delivering value to the organisation.
Do you have an IT service management team? Any large organisation these days will have responsibilities spread across multi-person teams – so why not train them all up to be part of a ‘Management Expert Team’ or a ‘Practitioner Expert Team’, rather than focusing on individuals obtaining Expert status. These days, an organisation needs to see real and immediate benefits from their investment in education. Pink Elephant’s courses have all been designed to include practical and proven ‘how to’ and ‘recommended implementation plans’ that you can take away and start applying the day you return to work. We don’t just teach what needs to be done, we also show you how to do it. Our improved Capability courses aimed at the practitioners who perform the process roles, provide the detail, structure and exercises to enable improvements to be initiated upon return to work. With Pink Elephant you can be sure to receive
VITAL digest
top class training from the world’s best team of ITIL Experts. Remember, all Pink Elephant consultants have already attained the ITIL v3 Expert designation. We don’t have ‘lecturers’ – chalk and talk specialists who are just able to deliver a syllabus, we have ‘Consultative Trainers’ - people who have a practical knowledge of the subject, and who are able to help individuals with individual issues they may have ‘back at the ranch’.
Who are you? Your role and objectives both personal and professional will dictate which courses you need to attend and which will give you the most appropriate outcome. We see certification as being relevant for 3 distinct groups: 1. Teams: Depending on whether they have a strategic or tactical/operational focus. 2. Individual practitioners: Depending on their role or project. 3. Consultants or service management champions: Depending on whether they have a strategic or tactical/ operational focus. Pink Elephant has revised the titles of its ITIL v3 Intermediate courses to better reflect the roles individuals perform in organisations, and to help guide IT professionals along the most appropriate education path in the ITIL certification scheme. To simplify things, our recommendation for those seeking the ITIL Expert certification is to focus on the ITIL Manager path – where you will gain the widest breadth of ITIL knowledge and gain all the credits you’ll need. For those who need education to support a specific project or tactical role – choose the individual ITIL Practitioner courses.
ITIL v3 Intermediate – Lifecycle Stream The five lifecycle stream courses cover each book and are renamed ‘ITIL Manager’ courses, as follows:
• • • • •
ITIL Manager: Service Strategy ITIL Manager: Service Design ITIL Manager: Service Transition ITIL Manager: Service Operation ITIL Manager: Continual Service Improvement
ITIL V3 Intermediate – Capability Stream The four capability stream courses are renamed ‘ITIL Practitioner’ courses, as follows: • ITIL Practitioner: Operational Support & Analysis (Service Desk, Incident, Request, Access, Event, Problem Management. Includes Technical, Applications & Operations Management) • ITIL Practitioner: Release, Control & Validation (Change, Release & Deployment Management, Service Validation & Testing, Service Asset & Configuration Management, Service Evaluation & Knowledge Management)
• ITIL Practitioner: Service Offerings & Agreements (Service Portfolio Mgmt, Service Catalogue Mgmt, Service Level Mgmt, Demand, Supplier & Financial Mgmt) • ITIL Practitioner: Planning, Protection & Optimization (Capacity, Availability & IT Service Continuity Management. Information Security, Demand & Risk Management).
The qualification overlap Adding to all this confusion is a complex certification scheme that allows for the mixing and matching of v2 and v3 courses to earn credits – but with rules describing limitations because of content overlap. There is overlap which exists between v2 and v3 Practitioner courses, but also between v3 Manager (lifecycle) courses and the v3 Practitioner (capability) courses. This table has been designed to try and help you identify which courses should not be combined due to the overlap in content. www.pinkelephant.com
Manager Courses (Lifecycle Stream) Service Strategy
Practitioner Courses (Capability Stream)
V2 Practitioner Courses
N/A
N/A
Service Design
SOA: Service Offerings & Agreements
IPAD: Agree & Define SLM & Finance
Service Transition RCV: Release, Control & Validation
IPRC: Release & Control Change, Release, Configuration
Service Operations OSA: Operational Support & Analysis
IPSR: Support & Restore Service Desk, Incident, Problem
PPO: Planning, Protection Continuity & Optimisation
IPPI: Plan & Improve Availability, Capacity,
Continual Service Improvement
N/A
N/A
July / August 2009 : VitAL
D7
VITAL digest
A more efficient future for the BBC When the world’s favourite broadcaster realised its service desk system was too restrictive to keep pace with its growing needs it turned to ICCM for the solution.
A
s the head of service management at BBC Worldwide, Andrew Hutchinson is responsible for the provision of effective and efficient IT service desk operations. Having a service desk tool that operates smoothly is of the utmost importance to Hutchinson as his IT support staff use this systems throughout the day as their main way of logging Incidents. A staff survey of their existing IT service desk provider highlighted major dissatisfaction. They were using a system that was restrictive and hadn’t grown with the requirements of the company. This resulted in Hutchinson seeking a new tool that would not only satisfy the needs of his staff, but would also deliver complete business process management functionality.
The results D8
ICCM Professional Services Ltd (ICCM) was flagged to Hutchinson by a colleague, Emerson Freedman, service manager for BBC Worldwide, who had previously used ICCM’s e-Service Desk (e-SD). After reviewing several providers along with ICCM’s e-SD, Hutchinson decided that this was the right solution for the task. “e-SD copes with everything we aspire
VitAL : July / August 2009
to do. With the foundation in place we’re able to build different processes around our needs allowing us to leverage it in every aspect of our business,” he explained. By utilising e-SD’s processes, Hutchinson has made significant impact towards making the company’s whole operation run more efficiently. Less disruption to IT means employees in all departments operate with minimised distraction consequently increasing the whole organisations productivity and ROI. Hutchinson is also able to utilise the self-audit facility where end users can verify the assets they hold and update any discrepancies, resulting in dramatic cost saving as the need for physical audits are reduced. This mechanism supports cross charging and ensures that the compliance and governance obligations are met. Timing of the implementation of e-SD couldn’t have been better as Hutchinson was facing an internal audit. With thousands of Incident calls per month, e-SD has enabled him to consolidate all data on the demands that the business made on IT. Additionally, he is responsible for IT service operations for all BBC’s worldwide offices. e-SD is currently being rolled-out to all their locations.
“Being web-based has made the introduction of e-SD to our other locations very streamlined,” says Hutchinson. “Having the same service desk in our main hubs, London, New York and Sydney has also facilitated 24 hours IT support. This has allowed me to align processes globally.” Perhaps the most conclusive sign of improvement has been from Hutchinson’s own people. “I’ve never needed convincing about the quality and flexibility of e-SD. It’s 2,000 times better than our old system,” comments Tony Knight, application support for BBC Worldwide. “IT problems in this business can be catastrophic,” Hutchinson adds. “With e-SD we can identify single points of failure and instigate corrective management. e-SD also helps us identify IT problems before they happen allowing us to act proactively not reactively,”
Extraordinary service desk software ICCM was originally established in the mid 1990s to provide consultancy services to organisations wishing to improve their service desk function. ICCM realised most
VITAL digest
solutions on the market did not offer the level of functionality being demanded by the industry, and for that reason researched other technologies to deliver benefits over existing application vendors. ICCM identified Metastorm BPM as an exciting processenabling technology that seamlessly delivers a high performing orchestration engine and web interface that ensures compliance and adherence to any underpinning process. This enabling technology incorporating ICCM’s e-Service Desk truly transforms the way in which service management applications deliver value to a customer. Today, ICCM’s core objective is to provide revolutionary software and superior services to organisations aspiring to Best Practice Service Management. Rather than the legacy application development- driven approach that many vendors in the market have adopted, ICCM’s forward-thinking approach blends their first-class service desk tool with the functionality of business technology in the form of Metastorm BPM. This collaboration delivers unparalleled service mManagement capabilities across all industries and business functions in almost every geographical region.
The Company’s value proposition to customers is four-fold: Accelerated ROI: ICCM’s e-Service Desk can deploy more ‘out of the box’ products more efficiently and effectively than our competitors. Many vendors will sell solutions at a loss as they profit from reoccurring services and upgrade costs. At ICCM we believe customers who wish to be self-sufficient should have the tools to do so. Furthermore, we believe scalability and a solutions ability to grow and adapt with your business is essential to any investment. e-Service Desks BPM platform is developed around scalability and does not have the limitations of applicationdriven technology. Process-led technology: ICCM’s e-Service Desk tool, coupled with the business process functionality of Metastorm’s BPM solution, delivers a radically different approach to service management. By developing its technology from the process up around the ITIL framework ICCM’s solutions allow customers to tailor processes around their company’s actual needs giving better value and ensuring a smooth implementation into any environment. Flexibility: Working with ICCM our customers experience flexibility unprecedented by our competitors. Our system easily integrates into existing software but also evolves for future environments. Additionally, our flexible pricing modules allow companies of all dimensions to find a pricing structure that suits their needs, whether that be process, nNamed, concurrent or role-specific. Our flexibility goes further still; being 100 percent web-based technology allows full access for remote working service teams, including wireless PDAs and Blackberry devices. Our self-service portal gives customers a window into the status of their service request any time or place. Service and support: At ICCM we thrive on a culture that provides outstanding service and support to our customers. We deliver on this commitment from initial deployment through to everyday operation. Our ITIL best practice consultants deploy your software and are readily available to offer their acute technical knowledge and broad experience to your service management programme. In addition, we encourage an active user group community by providing regular user group sessions, customer days and forums. We rely heavily on input from our customers, enabling us to align customer feedback to our product road map. We also believe our customers are entitled to service and support when they need it. Our global support network and our extended support hours allow us to offer assistance around our customer’s schedule. www.iccm.co.uk
“Being web-based has made the introduction of e-SD to our other locations very streamlined,” says Hutchinson. “Having the same service desk in our main hubs, London, New York and Sydney has also facilitated 24 hours IT support. This has allowed me to align processes globally.” The BBC solution The solution: - e-Service Desk License model: - 250+ Licensed Service Desk Agents Notable features: - Customer portal self audit for CI s - MAC/PC supported environments - Major incident management Locations: - Global deployment - follow the sun - Integration to SMS & Microsoft Active Directory - Supporting 100+ active services Database: - MS SQL Server 2005 Phase 1 deployment: - Incident management - Major incident management - Problem management - Service requests - Service catalogue - Task & resource management - Customer portal
British institution The BBC was originally launched in 1922 and is now recognised as the world’s largest broadcasting corporation, employing over 28,000 people in the UK alone. The BBC offers radio, television and online broadcasting to more than 200 countries worldwide and is available to almost 300 million households. BBC Worldwide is the commercial arm of the BBC, offering a range of media business across the world.
July / August 2009 : VitAL
D9
VITAL digest
Conquering the hurdles of managing IT production Do you think that managing IT systems is a bit like trying to jump over a never-ending series of hurdles? The analogy may be more appropriate than you think. In this article, Dennis Adams, an experienced IT management consultant, identifies a set of common principles inspired by a meeting with prospective Olympic hurdler Andy Howell.
I
was recently speaking with Andy Howell about his training plans for the next few years. Andy (see breakout box) has a longterm dream to reach the 2012 Olympics. Andy’s photo is a powerful marketing image. But as I thought about what Andy was trying to achieve, I was aware of deeper similarities between his world, and the world of IT production management.
D10
Measure your progress Andy’s goal is initially to reduce his personal best (PB) time in the 400 meters hurdles, in order to qualify for the GB Olympic team. So keeping track of timings is essential. But it
VitAL : July / August 2009
goes beyond that. How much time he puts into different training tasks in his regime, how many calories he eats, how much sleep he gets – these are all factors in achieving his goal. In managing IT, particularly the area of IT production (the day-to-day, business as usual, or “BAU” tasks), we sometimes forget to have meaningful management metrics. It is a basic truism that you cannot manage what you cannot measure. As with all simplifications, this is not entirely correct, of course; the key soft skills that distinguish a good manager from a mediocre team leader are difficult to quantify. Nevertheless, it is
vital digest
correct to say that a significant proportion of our work as IT managers needs to be clearly quantified. Metrics, in the sense of management information, can be used for two purposes: to run the department, and to broadcast the achievements. As far as running the department is concerned, it is essential that IT production managers have metrics in place to capture what infrastructure the department is responsible for, what they are achieving and what resources are being consumed in order to reach their goals. Basic raw metrics, such as the numbers of servers in the data centre, their applications, uses and roles, are essential in order to understand where resources are being used. This information, properly presented, is also very valuable in demonstrating the ‘value add’ of IT to the business and sponsors. This can be extremely useful during the annual budget negotiations! Equally valuable for an IT Production department is a basic timesheet system. This helps managers identify ‘problem applications’ which are consuming excessive resources. Such knowledge helps facilitate discussions with development teams or business managers to identify efficiencies or alternative solutions. Just as Andy and his coach pay minute detail to every aspect of his hurdling (stride patterns etc), so as IT production managers we need to have information at our fingertips to help improve our departmental performance.
Use the right equipment No athlete these days would consider taking part without the necessary equipment (running shoes, clothing etc), and the understanding of how to use them. Similarly, the necessary software tools are essential to managing IT production, and training and experienced knowledge are essential in gaining the potential benefit.
Unfortunately, software can be relegated to the role of ‘shelf ware’ if its use within the organisation is not applied appropriately. Just as an athlete has to carefully watch his progress and be able to anticipate situations that may lead to injury, so as IT managers we need to have monitoring in place for systems to identify potential issues (shortage of disk space etc) ahead of time. Although the use of specialised running shoes and starting blocks was once considered a luxury, no athlete today would run without them. In the IT world, we are unable to run Production efficiently without our bread-and-butter operational software tools (backup management, patch release management, monitoring and alerting, remote console management, performance monitoring etc). And yet, we frequently deploy these tools in a relatively unsophisticated, uncontrolled way, without considering an overall operational tools strategy. As a result, we sometimes have tools that are using inconsistent naming conventions, reporting on common systems in different ways. How many times have we struggled with understanding what is the ‘correct’ answer to the questions about what servers are used for what application? We need to have a clear ‘referential’ or ‘master’ source of data for each relevant piece of information, be it definitive name for every server or application, to naming conventions for SAN storage. Use of the right equipment, in a structured, strategic way, is important in trying to reach our goals, be they 400 metres of hurdles, or 400 Linux servers.
Just as Andy and his coach pay minute detail to every aspect of his hurdling (stride patterns etc), so as IT production managers we need to have information at our fingertips to help improve our departmental performance.
D11
Have a systematic approach Athletes train hard and work hard. And we all aspire to a working life that is ‘smarter, not harder’. This concept is often misunderstood, however. Working smarter
July / August 2009 : VitAL
VITAL digest
Coaches can see the mistakes that are being made, often when you are not aware of them yourself, and help you improve your performance. In IT production management as well, an independent consultant can help clients identify the shortcomings in metrics, in operational tools, in processes and in technology standards, and advise them where their own performance can be improved. means eliminating ‘re-do’. Good athletes develop a rhythm, where every movement contributes in a smooth way to the overall result. There is no wasted effort, no need to continually correct or change course. In the IT world, we also need to deliver our services more efficiently, in a predictable, repeatable way. Hence, IT production managers rightly stress the importance of relevant and appropriate processes and procedures. But, like our athlete, we need to keep our end-goal in mind. Beautifully crafted processes are only valuable if they enable the organisation to deliver the correct service in the most appropriate way. Other people have struggled with similar challenges to us. Process improvement methodologies from industry generally (such as six-sigma) can aid us to achieve the speed and efficiency that we all want to deliver. Although I work with consultants who are frequently qualified in the ITIL approach to processes and procedures, we always stress with clients and colleagues that such processes must be implemented in a pragmatic way. Properly implemented, good practices, policies, processes and procedures are means to help us achieve our goals, rather than barriers to prevent us doing so.
Keep focused on what you are good at
D12
Although Andy is already a very fast sprinter, he has chosen to focus his attention on hurdling at just one distance – 400 meters. By concentrating on his ‘core skills’ he is not distracted by other challenges. In the world of IT production, however, we are continually faced with alternative challenges to our ‘core skills’. Most data centres these days are full of servers of all sorts of make, manufacture, operating system and configuration. A typical organisation today may have systems from IBM, Sun, HP / Compaq, Dell, not to mention the multitude of other manufacturers. Not only at the hardware level, but also in the choice of operating system, database,
VitAL : July / August 2009
middleware and messaging system, the technology mix proliferates. All of this diverse heterogeneous technology has to be supported and managed. And the more diverse the mixture, the greater the support costs. Unfortunately, the choice of new technologies can often be made without taking into account the ability of the IT production team to support the solution, once it is deployed. The solution is to encourage IT production teams to focus on ‘production supportable’ technologies. What technologies are they able to manage and support with their existing skill sets? All of this needs to be part of an overall IT production strategy or roadmap, identifying the technologies which are supportable in production and those which are not (or where support would become unduly expensive to the business). As with athletics, we can be more successful managing IT production systems if we focus on our core skills, instead of losing our competitive edge by spreading our commitments too widely.
Make use of experienced coaching Andy will be the first person to admit that his success is not solely due to his own efforts. The achievements he has already had in the AAA championships, running for Harrow, Middlesex and England, are also down to his coach and the support teams who work with him. Coaches can see the mistakes that are being made, often when you are not aware of them yourself, and help you improve your performance. In IT production management as well, an independent consultant can help clients identify the shortcomings in metrics, in operational tools, in processes and in technology standards, and advise them where their own performance can be improved. Maybe that’s where I came in. www.dennisadams.co.uk
Andrew Howell – Conquering hurdles Harrow born and bred, Andrew is one of a number of promising young athletes in his generation. He started hurdling at age ten, when he took part in the borough sports, representing his local school. He then started representing Harrow Athletics club in the under-13 group, where he took part in the 80-metre hurdles. It was as an under-15 that he began to be noticed at county level in the 400m hurdles. During the last few years, Andrew has demonstrated a strong commitment to his chosen sport, overcoming many obstacles. Now aged 21, and free from injury, he has continued to run while studying for a university degree. As a result, he has begun to realise his potential; He and his coach are now planning a training regime to culminate in the 2012 Olympics.
vital digest
Counting the cost of energy consumption Helping to count the cost of PC energy consumption across your enterprise, NetSupport launches DNA v3.
H
ot on the heels of the article in the May/June issue VitAL, ‘Delivering ecofriendly IT’, it’s nice to be able to report that vendors are starting to provide innovative additions to their solutions designed to give business leaders a helping hand towards delivering on their corporate social responsibility (CSR) strategy. Now in its 20th year, NetSupport is a leading player in the field of network management software and the latest update to its IT asset management offering, NetSupport DNA, builds on the product’s core Inventory technology to incorporate a new ‘Energy Monitoring’ component, more of which later. While this may be the headline grabbing feature of version 3, there’s plenty more to whet the appetite and draw you to the 30-day free trial available on the NetSupport website (see below). For many organisations IT asset management has become a critical function in recent years. The simple premise being that if you don’t know how many desktops you have, where they are located and what hardware and software is installed, it stands to reason that they can’t possibly be managed and supported efficiently. For those who still doubt the relevance of this sort of technology, seeing it as an expensive luxury rather than a necessity, you are overlooking one important factor: TCO (total cost of ownership). Companies who focus solely on the initial purchase price of IT assets
are ignoring the fact that this can pale into insignificance when compared to the ongoing support costs.
Managing your assets Asset management software can pay big dividends, automating the data gathering process and easily identifying areas of wastage and overspend, so how does NetSupport feel DNA3 will give it the edge in this competitive market? First off the company should be commended for not resting on its laurels. NetSupport’s established expertise in the remote PC support arena, thanks to products like NetSupport Manager, meant that when NetSupport DNA was introduced in 2003 it had a head start by being able to provide one of the most comprehensive and detailed hardware and software Inventory components available. But, coming back to the issue of this type of software being seen as an expensive luxury, NetSupport recognised that organisations have differing requirements so it made the product modular, enabling companies to buy only those features that were relevant. With version 3 NetSupport has identified some key areas where the role of network management has evolved in recent years. Established components such as hardware/ software inventory, system & PC alerting, software distribution and Internet and application metering & control still provide the
For many organisations IT asset management has become a critical function in recent years. The simple premise being that if you don’t know how many desktops you have, where they are located and what hardware and software is installed, it stands to reason that they can’t possibly be managed and supported efficiently.
July / August 2009 : VitAL
D13
VITAL digest
product’s backbone but these have now been supplemented with some new and highly relevant additions.
New additions The installation is neatly streamlined, even more so than in past releases, and the resource overheads are more modest than many competing products. So a network manager can run the NetSupport DNA ‘Console’ on their local Windows machine (including Vista) and still perform other tasks rather than setting aside a dedicated server! The first clue to version 3’s new functionality comes part way through the installation when you choose the program features. In addition to the usual options, Console, Client (the handy Deploy tool is best used to push out the Client program to end-user machines) and the location of the DNA Server, NetSupport have introduced their Internet Gateway technology, a connectivity feature users of NetSupport Manager will be familiar with. An IT Asset Management tool that only provides half the picture isn’t much use to anyone but with today’s dispersed networks it’s not always easy to gather the required data beyond the local environment. Realising the complexities of the modern enterprise, NetSupport’s communication Gateway enables you to manage any number of separate networks over the internet. By installing a dedicated Gateway Server, data can be communicated back to this central area from multiple locations. It’s certainly reassuring to know that decisions on upgrades and the rollout of new technology are being made from a completely informed position!
Gathering the information
D14
The installation complete and we’re ready to start collecting the asset information from the remote client machines. The fact that the NetSupport DNA Client program supports the major Linux distributions in addition to Windows platforms makes the product a lot more versatile than some. As soon as the remote clients have been loaded they start communicating with the server which in turn makes the information available at the DNA Console (which has
VitAL : July / August 2009
A lot of work has obviously gone into making DNA3 relevant for the modern enterprise and if you’re new to IT asset management or looking to upgrade, this is well worth a look. also undergone a complete transformation). Network managers are presented with a totally fresh and more appealing UI. Beyond just the physical appearance and the way onscreen reports are displayed, it now includes the introduction of separate PC and User tree views, making it easier to distinguish between the physical asset and items associated with the user (such as Internet and application usage), as well as a completely new navigation bar and dynamic component “action panels”. The initial, often time consuming, user management tasks such as grouping clients by department, have been simplified by the inclusion of active directory support. You can now configure the PCs and users within the DNA console to mirror their relative position within the AD container structure, with changes to that structure being immediately updated in DNA.
The interface NetSupport’s newly beautified interface is still as intuitive as ever. Access to features simply involves clicking the appropriate component tab and you are immediately presented with the relevant information. On-screen graphs make it easy to interpret the data and by clicking on the different levels in the User tree view, you can drill-down by specific groups, departments or users. DNA also includes a
great query-based reporting tool enabling you to produce your own customised reports. The Inventory component has traditionally been the mainstay of DNA and comes as standard in each of the different modular packs. Mainstay it may be but it hasn’t been ignored in the latest raft of enhancements. The Software Inventory tool now includes an ‘installed programs’ option which mirrors the ‘add/remove programs’ structure of your client machines, making it easier to identify and manage license levels.
Green IT To finish, we return to the new and innovative Energy Monitor component mentioned at the start of this piece. The efficient use of energy delivers two key operational requirements: cost reductions and improved environmental responsibility, the two elements combined being considered “Green IT”. There is much talk about reducing CO2 emissions and in the current economic climate, reducing energy bills is an equally appealing target. Industry analysts show that IT energy costs are often one of the highest on the company’s IT budget and one that is most overlooked for efficiency management. DNA’s Energy Monitor component enables you to identify potential areas of energy wastage, primarily because most of us are too lazy to power down our machines when we go home! By specifying the operational hours of systems across the enterprise, an average and customisable power consumption figure is calculated by DNA which, when combined with the company’s own energy rates, allows DNA to work out the overall cost of the identified systems. By providing managers with this high level summary of energy usage you can easily track where ‘out of hours’ usage is at its highest and decide if this is a result of diligent staff working late or simply systems that have been left switched on overnight. A lot of work has obviously gone into making DNA3 relevant for the modern enterprise and if you’re new to IT asset management or looking to upgrade, this is well worth a look. A free 30-day 50-PC trial can be downloaded at: www.netsupportdna.com