1. © 2007 Jupitermedia Corporation Understanding the ITIL Trinity of Configuration, Change and Release Management June 28, 2007 2:00pm EDT, 11:00am PDT George Spafford, Principal Consultant Pepperweed Consulting, LLC “Optimizing The Business Value of IT” www.pepperweed.com

2. © 2007 Jupitermedia Corporation Housekeeping Submitting questions to speaker –Submit question at any time by using the “Ask a question” section located on lower left-hand side of your console. –Questions about presentation content will be answered during 10 minute Q&A session at end of webcast. Technical difficulties? –Click on “Help” button –Use “Ask a question” interface

3. © 2007 Jupitermedia Corporation Main Presentation

4. © 2007 Jupitermedia Corporation Agenda The Trinity Change Management Configuration Management Release Management ITIL v3 For a copy of today’s webcast PPT, please email: –George at: George.Spafford@Pepperweed.comGeorge.Spafford@Pepperweed.com –Kendra at: webcasts@jupitermedia.comwebcasts@jupitermedia.com

5. © 2007 Jupitermedia Corporation The Trinity Change Management Is the set of standardized processes and tools used to handle change requests in order to support the business while managing risks. [Risk Management] Release Management Uses formal controls and processes to ensure requirements are met and safeguard the production environment. [Quality Management] Configuration Management Focuses on tracking and documenting configurations and then providing this information to other areas including Change and Release Management. [A combination of Knowledge Management and Information Broker] The three process areas must work together and share information.

6. © 2007 Jupitermedia Corporation Change Management

7. © 2007 Jupitermedia Corporation Human Error Complexity is increasing, documentation is lacking, training is haphazard and there is an artisan mentality of learning on the job All processes have a degree of inherent variation Total Variation = Systemic + Human Error You can reduce, but not eliminate human error 80% of network availability incidents are caused by human error (IDC)

8. © 2007 Jupitermedia Corporation Phase I: Ungoverned Change time Change rate Failed changes and/or Number of unauthorized changes Unplanned work (Unplanned work > 100%) Source: IT Process Institute, 2005 http://www.itpi.org

9. © 2007 Jupitermedia Corporation Phase I: Stabilized Patient time Change rate Failed changes or Num of unauth chgs Unplanned work Source: IT Process Institute, 2005 http://www.itpi.org

10. © 2007 Jupitermedia Corporation A Basic Change Management Process Identify a potential change Create Request For Change (RFC) Seek Approval to Proceed Plan the Change –Plan & Prepare –Test –Develop Rollback Plan Peer Review Seek Approval to Implement Schedule the implementation Negotiate if additional time is needed beyond defined window Deploy the change –Rollback if needed Review the next day to see if it installed as planned Review in three months to determine outcomes

11. © 2007 Jupitermedia Corporation Implement a Detective Control To enforce the policy and drive cultural change, implement a detective control At the outset, the rate of changes going through the process is often far smaller than the actual rate of changes going around the process Integrity management systems specialize in monitoring key areas of systems for changes and reporting what is found

12. © 2007 Jupitermedia Corporation Further Controls to Reinforce Change Management Segregation of Duties – Protect key processes –Ex: Don’t allow developers access to production systems Remove excessive permissions – limit rights to only those that are needed –Ex: Limit the number of system administrators and domain administrators to as few as possible and they should all be trusted parties. Periodically audit production systems to the last known good build in order to identify configuration drift –Ex: Does the Oracle server still match the last known good state or were changes made that did not follow the defined process? –Highlights why an automated detective control can be so powerful

13. © 2007 Jupitermedia Corporation Configuration Management

14. © 2007 Jupitermedia Corporation Configuration Management Enables Integration ITIL tells us that “Configuration Management provides a logical model of the infrastructure or a service by identifying, controlling, maintaining and verifying the versions of Configuration Items (CIs) in existence.” Configuration Management provides information about CIs and their relationships to all the other processes –So Change Management can assess impacts –So Incident Management knows where to look next or who to notify –Etc. The Configuration Management Database (CMDB) is the nerve center of IT –It relates all the data together, provides workflows, access to files, etc. –It can be one database or integrations into multiple sources (federated models) The CMDB contains the data and processes that binds the ITSM processes, services and the organization together

15. © 2007 Jupitermedia Corporation More Than Technology Configuration Management is not just about technology Need the right people –Culture –Tone from the Top –Training –Motivation Need the right processes –Designed for the organization –Factoring in: Organizational goals Functional area objectives Constraints After you understand processes and requirements, then you need the right technology People Processes Technology Outcomes

16. © 2007 Jupitermedia Corporation Configuration Items (CIs) These are categories of data that you must track and are modeled using data tables –Hardware – PCs, Servers, Network Equipment, etc. –Software – Operating Systems, Applications, Tools, etc. –People – IT staff, business staff, vendors, etc. –Accommodations/Environment/Facilities – Locations, data centers, wiring closets, etc. –Data – tables, interfaces, etc. –Documentation – Policies, work instructions, SLAs, rollback plans, incident records, problem records, request for change, etc. –Services Business Processes – sales, accounts receivable, etc. IT Services – What IT provisions to enable the business An ITIL “secret” is that nearly everything is a CI. The establishment of these CI-types, their attributes and relationships enable a logical model of IT

17. © 2007 Jupitermedia Corporation Note – Never do Configuration Management First Either do Change and Configuration together or Change and then Configuration Management. Change Management must be present to control the updating of the CMDB

18. © 2007 Jupitermedia Corporation Release Management

19. © 2007 Jupitermedia Corporation What Is a Release? A collection of authorized changes to an IT service –New services –Modifications to an existing service –Ending a service – sometimes decommissioning takes a lot of work and needs to be properly managed Can contain new and revised hardware and software in three categories – Major, Minor and Emergency Release Unit – describes the IT infrastructure portion that is released together –Hardware, Software, Documentation, Media, etc. Type of Release –Full, Delta, Package

20. © 2007 Jupitermedia Corporation Why Release Management Matters 29% of projects delivered on-time with expected features, 53% were challenged and 18% outright failed outright 1 The majority of the causal factors are non-technical including: –Lack of project planning –Poor requirements definition –Correct stakeholders not involved, or not involved early enough –Poor communications –Insufficient management oversight The Service Development Life Cycle (SDLC) and Project Management are part of Release Management 1. “Third Quarter 2004 CHAOS Report”. The Standish Group.

21. © 2007 Jupitermedia Corporation Release Management Provides Quality Assurance Are the correct requirements identified? –Breadth and depth Are the requirements met when tested? –What testing is needed? Unit, Integration, load? Is the organization ready for the deployment? –Staffing, training Can the release be deployed successfully? –Is there capacity? Is support ready? Is the business ready? What did we just learn? (Post Implementation Reviews) –What went good? Bad? –What would we do again? –What would we change? Plays an important role in regulatory compliance and security –All requirements need to be known, tested and deployed with a reasonable assurance of success –A great many Incident and Problems can be traced to human error that Change and Release Management can help safeguard against

22. © 2007 Jupitermedia Corporation Major Release Mgt Activities Planning & DevelopmentTesting & Approval Preparation and Introduction to Production Release Policy Release Planning Design, develop and/or buy services Build and Configure the Release Beta Testing Unit Testing Integration Testing Load Testing Security Testing User Acceptance Testing Release Acceptance by Operations Roll-out Planning Communication Awareness Training Distribution Installation

23. © 2007 Jupitermedia Corporation Continuous Improvement is Key for All Start and Learn Evolve your processes over time ITIL and process improvement are journeys – not destinations Constantly strive to improve Enable the organization to attain goals * Adapted from ITIL Service Support Graphic

24. © 2007 Jupitermedia Corporation ITIL v3 Version three (ITIL v3) set was released on May 30th as planned The core principles are the same Five core books (11.4 pounds!) arranged as a lifecycle –Service Strategy Value nets, adaptive strategies, managing uncertainty, strategy selection –Service Design Policies, architecture, models, outsourcing –Service Transition Transition Planning and Support Change Management Service Asset and Configuration Management Release and Deployment Management Service Validation and Testing Evaluation Knowledge Management –Service Operation Incident and Problem Management, alerting, new functions –Continuous Service Improvement Business cases, Portfolio Alignment, Metric selection

25. © 2007 Jupitermedia Corporation Process References For a definitive reference, see ITIL’s Service Support Volume http://www.itil.co.uk/ http://www.itil.co.uk/ Microsoft’s Operations Framework http://www.microsoft.com/technet/itsolutions/cits/mo/smf http://www.microsoft.com/technet/itsolutions/cits/mo/smf British Educational Communications and Technology Agency (BECTA) http://www.becta.org.uk/tsas http://www.becta.org.uk/tsas IT Process Institute’s Visible Ops Methodology http://www.itpi.org http://www.itpi.org PMI Project Management Body of Knowledge http://www.pmi.org http://www.pmi.org Projects in Controlled Environments version 2 (PRINCE2) http://www.prince2.org.uk/web/site/home/Home.asp http://www.prince2.org.uk/web/site/home/Home.asp For additional material, use Google and search on keywords such as –“SDLC template” –“Project Management template” –“Release Management template” –“Release Plan” –“Rollout Plan” –“Fallback Plan”

26. © 2007 Jupitermedia Corporation Thank you for the privilege of facilitating this webcast George Spafford Principal Consultant Pepperweed Consulting Optimizing the Value of IT George.Spafford@Pepperweed.com http://www.pepperweed.com Daily News Archive and Subscription Instructions http://www.spaffordconsulting.com/dailynews.html

27. © 2007 Jupitermedia Corporation Questions?

28. © 2007 Jupitermedia Corporation Thank you again for attending If you have any further questions, e-mail webcasts@jupitermedia.com webcasts@jupitermedia.com For future ITSM Watch Webcasts, visit www.jupiterwebcasts.com/itsm www.jupiterwebcasts.com/itsm