ITIL/MOF Service Management This describes how IT (Information Technologies) services can be managed using the ITIL Service Management standard and its derivative BS15000 and the MOF (Microsoft Operations Framework).

Topics This Page: What is ITIL? Disciplines MOF   Roles MOF Org. Assessments Individual Certs Business Functions Your comments???

Site Map   About this site   Enter your search terms Submit search form Web   wilsonmar.com

What is ITIL? ITIL (pronounced "eye-till") stands for "IT Infrastructure Library". It is called a "library" because effort began as a set of 5 books documenting the vocabulary/ Glossary around a "framework" of processes, and "best practice" guidelines for IT (Information Technology) Service Management. The books are published in Norwich, England, by The Stationery Office (TSO) of the UK OGC (Office of Government Commerce), which in the mid-1980's was called the British government's CCTA (Central Computer and Telecommunications Agency). Although ITIL hass been widely adopted as a de-facto standard used for self-assessments , in 1991 the independent non-for-profit itSMF (it Service Management Forum) was formed to formally define British Standard BS 15000 so that accessors such as BSI have a basis to evaluate Service Management vendor organizations in the UK. Its affliates in the US and other countries also certify individuals Although expensive as books go, ITIL books are not "proprietary" in that organizations need not have permission or license from the OGC to benefit from ITIL. Famous Daves 2910 Chain Bridge Rd 18 page $234.23 ISO 20000-1:2005 is based on BS 15000-1:2002 IT Service Management (Part 1: Specification for Service Management) 30 page $204.95 ISO 20000-2:2005 is based on BS 15000-2:2003 IT Service Management (Part 2: Code of Practice for IT Service Management) PD 0005:2003, IT Service Management - A Manager's Guide PD 0015:2002, IT Service Management - Self Assessment Workbook. The "ITIL Refresh" due to complete December, 2006 hope to be published Feb. 2007. The new version of ITIL will be organized around a life-cycle (Strategies, Design, Transition, Operations, Continual Improvement). ITIL books aim to be "descriptive" in that it describes the "what", not the "how" like the "prescriptive" "MOF", which Microsoft Operations Framework extends and adapts the 11 ITIL functions to 22 Service Management Functions (SMFs) MOF grouped into four Quadrants reminiscient of capability maturity levels separated by explicit management reviews

Differences between English spelling: British American Organisation Organization Catalogue Catalog Tyre Tire Tranche Track Portals itil.co.uk is the official home of the IT Infrastructure Library. ITIL Community Forum en.itsmportal.net ITIL and ITSM World was one of the very earliest ITIL related websites focusing on ITIL. 15000.net, the ITIL and ISO 20000 Forum is the first independent self styled user community dedicated to ITIL. IT Survival FREE ITIL Fundamentals 5-hour on-line class professionally developed and offered at HP

Certification of Individuals Since Oct. 2000, Individuals are qualified by the British ISEB (Information Systems Examinations Board) administered by two Examination Institutes: BCS (British Computer Society) ISEB EXIN (Examination Institute for Information Science) in the Netherlands (which also defined ASL, CMM, MOF, ISPL and DSDM exams). EXIN accredits training providers such as: BMC HP (which uses this simulation). InteQ's $495 ITSM Best Practices web-based online training course The tests are: EXIN ITIL Foundation Certificate entry-level qualification gained by taking a one hour, 40 question multiple choice $189 ($150+tax) exam EX0-100 administered by Prometric, usually at the end of a 3-day course. Foundation certification is a prerequisite to the $186+tax, 60 minute, 40 multiple-choice question Essentials Certificate in Microsoft Operations Framework exam introduced June 22, 2005 EXIN Practitioner's Certificates for 7 specific ITIL disciplines/processes are gained through a 2-3 day training and passing a 2 hour 40 multiple-choice question exam based on a case-study. EXIN Service Manager's Certificate is the master's qualification for experienced IT pros gained by passing two ( Service Support and Service Delivery) $220, three-hour, five-question, written exams taken after attending an accredited 10 day (two week) training program. On Dec 1, 2006, this itSMF US page notes that Current pass rates nationally are averaging 97% on Foundations, and 47% on the Managers exams. Other standards include COBIT (Control Objectives for IT) V4, Six Sigma, CMM, EFQM, eTOM (Enhanced Telecommunications Map), eSCM, ISO 12207, BS 8600, ISO 15505, COPC-2000, ISO 15288.

The book recommended by EXIN for exam preparations is: $50 Foundations of IT Service Management, based on ITIL, 2nd Ed. (Bernan Assoc, 15 September, 2005, 231 page paperback) by Jan van Bon (editor), M. Pieper, A. van der Veen is based on the latest edition of the ITIL books on Service Support, Service Delivery and Security Management. The book fully covers the official syllabus of the ITIL Foundations exam as set by the ITIL Certification Management Board. It contains a chapter on exam preparation. This book is the 2nd edition to: IT Service Management: An Introduction by Jan Van Bon, George Kemmerling, Dick Pondman Cap Mgmtr 3-day class for $1,695 New Horizona Minnesota PRINCE2 Process Model Wall Chart [Registration Required] ITIL Process Map Wallchart PRINCE2 Process Map Wallchart itSMF Pocket Guide MSP Templates PRINCE2 Templates 1-903494-00-1 APM (Association for Project Management) Body of Knowledge (Bok) version 4 1-903494-00-1 APM (Association for Project Management) Body of Knowledge (Bok) version 5 apm.org.uk 0113300174 Service Delivery, Capacity Management Norwich/London: OGC/ The Stationery Office, 2001 ITIL Service Support and Service Delivery Process Model double-sided Map Key Skills ILX (December 1, 2005) from Mindscope itSMF Pocket Guide - Introductory Overview of ITIL David Pultorak The ITIL Community Forum sells a $199 ITIL ToolKit Scott B's ITIL blog in the Real World

ITIL Product Certification Products for ITIL are certified by Pink Elephant at $60,000 per year

An ITIL Book for Each Discipline Conceptually, according to itSMF's Overview, ITIL "bridges" businesses with their information and communications technology infrastructure (Hardware, Environments, Networks, Processes, Databases, Software) through these broad disciplines: Planning to Implement Service Management Business Perspective ICT Infrastructure Management Security Management Application Management Service Delivery Management — [ITIL SD] — focuses on tactical planning and control Service Support — [ITIL SS] — focuses on operational execution. Each of these disciplines have organizational functions, similar to ISO's FCAPS: Fault management Configuration Accounting Performance management Security management At its core, ITIL is about effective IT Gonvernance controls: Preventive Controls: Separation of Duties Authorization Processes Enforcement of Policies Detective Controls: Reconciliation of Authorized vs. Actual Evidence when preventive controls failed Separation of Duties Corrective Controls: Recovery Processes

Microsoft Operations Framework (MOF) The Microsoft Operations Framework (MOF) (microsoft.com/mof) (V3 in 2003) is "prescriptive" in that it organizes stakeholders into 7 Role Clusters (organization "departments") within a Team Model. MOF and the Microsoft Team Model were defined based on ISO 15504 (also referred to as SPICE) from the International Organization for Standardization (ISO), to provide a normalized (common) approach to assessing software process maturity. MOF combines with Microsoft's Risk Management Discipline for Operations which integrates proven risk-management techniques and OGC Management of Risk products (M_o_R®) MOF combines with the Microsoft Solutions Framework (MSF) for project implementation guidance on software development to provide an integrated set of guidance share responsibilities and unified approach of common disciplines to the overall IT life cycle. The MOF extends and adapts the 11 ITIL processes to 22 MOF Service Management Functions (SMFs) grouped into four Quadrants reminiscient of capability maturity levels separated by explicit management reviews

MOF vs. ITIL Service Management Functions Here is my reconciliation of how MOF adds to ITIL's list of functions. MOF Quadrant Mission of Service SMFs (Service Management Functions) ITIL MOF Role Cluster MOF Exit Review 1. Changing Effectively and quickly introduce service solutions, technologies, systems, applications, hardware, processes and other approved changes into the IT environment with minimal disruption of service. ITIL Change Management ITIL Configuration Management ITIL Release Management SS Release Release Readiness Review 2. Operating Execute day-to-day operations tasks, both manual and automated, in a highly predictable and reliable way. MOF Directory Services Administration MOF Job Scheduling MOF Network Administration MOF Security Administration MOF Service Monitoring and Control MOF Storage Management MOF System Administration not ITIL, MOF Security Operations Operations Review 3. Supporting Resolve end-user inquiries, incidents, service requests, and other problems quickly. ITIL Service (Help) Desk ITIL Incident Management ITIL Problem Management SS Support Partner SLA (Service level agreement) Review 4. Optimizing [Identify and] Drive changes to optimize cost, performance, capacity, and availability in the delivery of IT services ITIL Service Continuity Management ITIL Service Level Management ITIL Availability Management ITIL Capacity Management ITIL Financial Management MOF Security Management MOF Infrastructure Engineering MOF Workforce Management SD Infrastructure Security Service Partner Support Change Initiation Review MOF, a pocket guide, 2nd Edition (Van Haren Publishing, 2004) by Dave Pultorak (of Fox IT), Pete Quagliariello and Rolf Akker is the book recommended by EXIN. Microsoft Operations Framework Essentials Instructor-led Two-day Course 1737 Microsoft Operations Framework Changing Quadrant instructor-led 3-day class 1787A

Business Functions and Ownership of Assets ITIL provides a conceptual (academic) organization of functions. Here I list functions by the assets each controls: Service (Help) Desk owns the Incident database which tracks user events, requests, and enquiries (British for inquiries). Incident Management issues Requests for Work (RFWs). Problem Management owns the Known Errors database (KEdb). Configuration Management (Software Control and Distribution) owns the CMDB. Change Management broadcasts the FSC (Forward Schedule of Change) and PSA (Projected Service Availability). Release Management owns the DHS and DSL. Capacity Management owns the Capacity Database (CDB).

Among Functions - Process Information Flows Disci- pline Business Function Individual Functions (below) Data items (right) CI's SLA End User Incidents Errors RFC MI Test Sec. SS Control Configuration Mgmt. C-U-R R R C-U-R     C-U-R x Change Mgmt. R R R R R C-U-R C-U-R x Release Release Mgmt. R-U R R     R-U C-U-R ITRC Resolution Incident Mgmt. (by Service Desk) R R R C-U-R R R C-U-R ITSR Problem Mgmt. R R R R C-U-R R C-U-R SD Service Delivery Service Level Mgmt. (SLM) R C-U-R U-R R R R C-U-R ITSLM Service Capacity Mgmt. C-U-R R   R R R C-U-R ITCAM Business & IT Service Continuity Mgmt. (BCM/ITSCM) U-R R   C-U-R U-R R C-U-R x Service Availability Mgmt. C-U-R R   R R R C-U-R ITAM - Financial (Cost) Mgmt. U-R U-R     R   C-U-R ITFM Other SD Budgeting & Accounting for IT Services R R R R C-U-R R C-U-R SD Info. Security Mgmt. R R R R C-U-R R C-U-R ITSECM - Network Mgmt. C-U-R R   C-U-R U-R U-R C-U-R SD Service Reporting C-U-R R   C-U-R U-R U-R C-U-R Relationship Business Relationship Mgmt. C-U-R R   C-U-R U-R U-R C-U-R X Supplier Mgmt. C-U-R R   C-U-R U-R U-R C-U-R

ITIL Organizational Assessments ITIL is not a "standard" like ISO 9000. Compliance to the BSO 15000 / ISO 20000 standards are based on itSMF's Self Assessment Questionaire The itSMF self-assessment areas are: 1   Pre-Requisites ascertain whether the minimum level of items are available to support the process activities. 1.5 Management Intent 2   Process Capability 2.5 Internal Integration 3   Products 3.5 Quality Control 4   Management Information 4.5 External Integration 5 Customer Interface - on-going external review and validation of the process to ensure that it remains optimised towards meeting the needs of the customer. itSMF developed a complementary book on Software Asset Management (SAM) and began development of ITIL version 3 on July 2004. Microsoft Operations Framework (MOF) Self-Assessment Tool (SAT) 2.0 provides a summary of the following: Is the problem primarily with a service or an operational process? Which one? Who (which stakeholder groups) Experiences the Problem? Why Is There a Problem from a Business Perspective? Missing or Inadequate: Customer's / User's expectation of the service Customer's / User's perception of the service Provider's perception of the customer's / user's expectations Service communicated by the provider Service specified by the provider Service delivered by the provider Due to: Between Customer's expectation of the service and Users' expectation of the service Between Customer's expectation of the service and Customer's perception of the service Between Customer's expectation of the service and Service communicated by the provider Between Users' expectation of the service and Customer's perception of the service Between Users' expectation of the service and Service communicated by the provider Between Customer's perception of the service and Service communicated by the provider Why Is There a Problem from an IT Perspective? Profit and value driven by the service Business need and customer satisfaction supported by the service Service level agreements (SLAs) for this service Services underpinning this service Service specification for this service Service delivery for this service Service level manager for this service Service management processes underpinning this service Systems / Applications / Databases / Networks underpinning this service Service management and monitoring tools underpinning this service Operational level agreements (OLAs) underpinning this service Underpinning contracts (UCs) underpinning this service Internal and external service providers underpinning this service What Aspects of the Technology and IT Life Cycle Contribute to the Problem? The platform of: Network / Computing / Storage devices Deployment / Network / Firewall / Directory / File and Print / Data / Web Application / Infrastructure Management / Backup and Recovery / Certificate / Remote Access / Middleware / Messaging Services (from the Service Catalog) The Life Cycle of: Evaluation / Procurement / Defining / Design / Development / Deployment / Delivery (Operations) / Decommissioning / Testing / Maintenance / Improvement / Support / Administration / Training

Benefits of ITIL According to ITIL experts Kevin Behr and Gene Kim on BetterManagement.com Many high-profile U.S. organizations have adopted the best practices described in ITIL and BS15000. Companies such as Proctor and Gamble, IBM, Caterpillar, Shell Oil, Boeing, and the Internal Revenue Service have all reported great success and significant operational cost savings as a direct result of ITIL adoption. Proctor and Gamble publicly attributes nearly $125 million in IT cost savings per year to the adoption of ITIL, constituting nearly 10% of their annual IT budget. Similarly, Shell Oil utilized ITIL best practices when they overhauled their global desktop PC consolidation project, encompassing 80,000 desktops. After this project was completed, they can now do software upgrades in less than 72 hours, potentially saving 6000 man-days and 5 million dollars.

MOF Role Clusters Role Cluster Functions Involvement Support Service desk / help desk Production / production support Problem management Service level management Changes enabling incident and problem resolution and changes to the help desk system. Service SLA drafting / negotiation Service catalog management SLA review Service improvement initiation Customer relationship management Service level management Changes driven by new service level requirements, service improvement projects, or business strategy. Infrastructure Enterprise architecture Infrastructure / systems engineering Capacity management Cost / IT budget management Resource and long-range planning New systems and improvements to existing systems and infrastructure. Release Change management Release engineering Configuration control / asset management Software distribution / licensing Quality assurance Changes to the change, configuration, and release management systems and processes. Security Intellectual property protection Network and system security Intrusion detection Virus protection Audit and compliance administration Contingency planning Changes to security processes-for instance, authentication or network security improvements. Operations Messaging operations Database operations Network administration Monitoring / metrics Availability management Changes that affect or improve day-to-day operations of the technology. Partner Managed service outsourcers Software / Hardware suppliers Maintenance vendors Environment support Training partners Third-party and supplier-related changes -for example, changes to an outsourced partner system affecting in-house systems. s

The Business Perspective The "Business Perspective" provides advice and guidance to help IT personnel understand how they contribute toward business objectives and how their roles and services can be better aligned and exploited to maximise that contribution. Business Strategies & Plans Business Requirements Business Security Policy Business Continuity Plans The MOF Continuous Improvement Roadmap (CIR) applies business perspectives to IT as a strategic asset.

The Business Perspective (OGC, 2004) The Business Perspective (OGC, 2004) Metrics for IT Service Management: ITSM Library (van Haren Publishing, 26 April 2006) by Peter Brooks Tier1 Ltd. in the UK

ICT (Information and Communications Technology) ICT (Information and Communications Technology), covers all aspects of Infrastructure Management from identification of business requirements through the tendering (development) process, to the testing, installation, deployment, and ongoing operation and optimisation of the ICT components and IT services. ICT Strategies & Plans ICT Design & Architecture Business Case Feasibility Studies Evaluation, SoR's & ITTs Service Catalog (Catalogue) Some examples of service solutions in a Service Catalog are: Domain specific knowledge. Line-of-business (LOB) applications Web services / Applications E-commerce Middleware (Rules) Messaging Knowledge management File and print services Information publishing Data storage Backup and Recovery Infrastructure Management (MOM) Deployment Network connectivity / Firewall Remote Access (RAS) Directory / Authentication Certificate

ICT Infrastructure Management (OGC, 2002)

CMDB (Configuration Management Data Base The CMDB (Configuration Management Data Base) contains data obtained from automated discovery or manual instantiation of these logical databases: HR Knowledge Base Definitive Hardware Store (DHS), a secure storage location that contains duplicate copies of hardware configuration items and assemblies, Definitive Software Library (DSL) (Media, Naming convention, Environments supported, Security arrangements, Scope, Retention period, Audit procedures, etc.) containing SCI (Software Configuration Items) — A configuration item that is software based and either developed internally or purchased externally. Incidents It is owned by the Configuration Librarian, who has authority to update configuration items (CI's) in the CMDB. Each CI can be Connected to, Part of, Copy of (have relationships with) other CI. Dennis Drogseth commented in a May 2005 Network World article: In the best of all possible worlds (don't hold your breath for at least 10 years on all of this being real) - it will enable a modular, federated approach to integrating different types of data stores in a single, cohesive, trusted system. Use the DCML (Data Center Markup Language) XML-based standard for interchange of data describing IT Service environments. Its maintenance by OASIS keeps it an open heterogenous vendor-neutral standard for interoperability. It provides a semantic structure to describe several types of relationships among Configuration items (CIs) elemental, process, and service-oriented DCML helps bridges the disparity using ontological and "like" meta-relationships: interrelationships, configurations, and dependencies. Domain specific knowledge. System Typology (roles of each server, Server farms, services across trust domains) Developer constraints IT policy Installation and directives Health model (root cause analysis, impact analysis) Monitoring Rules SLAs and end-to-end service level management Reports (Errors, trends) Feeds to upper layer standards and initiatives The Capacity Database (CDB) records activity within Capacity Management.

Providers of CMDB include: Metron-athene in the UK, co-author of the original ITIL Capacity Management definition. myCMDB by Tom Klein, a hosted application infra on MS.NET platforms ESS (Enterprise Service Suite) from Bouyant Products which proclaim themselves "ITIL-verified" simply means that they have given money to consulting company Pink Elephant to review their software according to minimal functional requirements" established by the consultants, not the ITIL organization.

Planning to Implement Service Management "Planning to Implement Service Management" examines the issues and tasks involved in planning, implementing and improving Service Management processes within an organisation. It also addresses the issues associated with addressing Cultural and Organisational Change, the development of a vision and strategy and the most appropriate method of approach. Vision & Strategy Culture, People, and Training Plans Programme & Project Plans Objectives, CSFs (Critical Success Factors) & KPIs (Key Process Indicators)

Planning to Implement Service Management (OGC, 2002) by Vernon Lloyd explains the steps to identify how an organization might expect to benefit from ITIL, and how to set about reaping those benefits. IT Infrastructure Library Practices in Small IT Units (CCTA, Aug 1995, Paperback) is being revised.

Visible Ops The four phases of Visible Ops (using TripWire tools) are: Electrify Fence: Modify First Response (Tripwire enforces the change process. and rules out changes as early as possible in the repair cycle) Catch and Release: Find Fragile Artifacts (Tripwire protects them and enforces change freeze and prevents configuration drift) Establish Repeatable Build Library (Tripwire captures know goodstate in preproduction and captures production changes that need to be baked into the build.)

$21.95 The Visible Ops Handbook: Implementing ITIL in 4 Practical and Auditable Steps (15 June, 2005 45 page pamphlet from the Information Technology Process Initiative (ITPI) by Tripwire consultants Kevin Behr, Gene Kim, and George Spafford The above is a new edition to: The Visible Ops Handbook: Starting ITIL in 4 Practical Steps June, 2004) by the same authors from the Information Technology Process Initiative (ITPI). Get this free after viewing a Jan. 26, 2004 Tripwire webcast

Service Delivery Management The ITIL defines these Service Delivery Management functions: Service Level Management Capacity Management, such as with load testing Availability Management Continuity Management - Contingency Planning Performance monitoring Workload monitoring Application sizing Resource forecasting Demand forecasting Modelling Financial Management for IT Services

Service Delivery (OGC, 2001)

Service Support

Service Support (OGC, 2000) focuses on ensuring that the customer has access to appropriate services to support the business functions. It expands the necessary interactions between these and other core IT service management disciplines, and updates best practice to reflect recent changes in technology and business practices. Help Desk Institute

Tasks from the Mindscope:

Service (Help) Desk	Incident Management	Problem Management	Change Management	Release Management	Configuration Management
-	Record, Classify, Investigate, Resolve, Close, Monitoring, Escalation	Identify, Classify, Solve, Raise KE, Review KE for Error, Analyze trends in KEdb Major activities involved with Problem Management: - Problem control - Error control - Prevention of problems - Identification of trends - Obtain information from Problem Management data - Complete review of major problems	Log/Filter, Categorize, Assess, Authorize, Schedule, Build, Test, Implement, Review	Define Policy, Schedule, Design/Develop, Build, Test, Accept, Plan Rollout, Distribute/Install, Activate	Plan, Identify, Control, Status accounting, Audit/Verification of CMDB

Application Management "Application Management" describes the management of applications from the initial business need, through all stages in the application lifecycle, up to and including retirement. It places emphasis on ensuring that IT projects and strategies are tightly aligned with those of the business throughout the application lifecycle, to ensure that the business obtains best value from its investment. Application Strategy Applications Policies Applications Architecture Development Programme

Application Management (OGC, 2002)

Security Management The Security Management function details the process of planning and managing a defined level of security for information and IT services, including all aspects associated with reaction to security Incidents. It also includes the assessment and management of risks and vulnerabilities, and the implementation of cost justifiable countermeasures. Security Risk Analysis Security Policies Security Strategies & Plans Note: Security risks are assessed using the ISO 17799 COBRA standard first published in Dec. 2000 based on BS 7799 first published in February 1995 and updated in May 1999.

Security Management (OGC, 1999) by Jacques A. Cazemier, Paul L. Overbeek, and Louk M. Peters focuses on the process of implementing security requirements identified in the IT service level agreement, rather than considering business issues of security policy. The book was developed taking into consideration the plans for consolidating and interlinking the ITIL Service Support and Service Delivery core guides. Tier1 Ltd. in the UK

Your rating of this page: Low High Your comments on this topic, please: Publish this comment publicly

Your first name: Your family name: Your location (city, country): Your Email address:  Email me updates

Top of Page Thank you!