The IT SERVICE MANAGEMENT (ITSM) OASIS

Saturday, November 7, 2009

Understanding Configuration Management System (CMS) and Configuration Management Database (CMDB) – Part 2

Is the Service Portfolio and Service Catalogue part of the Configuration Management System (CMS) in ITIL V3? Yes.

We can and should define a “Service” as a configuration item (CI) and build a logical configuration model for the Service, i.e. linking the “Service” CI to the other components or CIs that supports the Service. Such logical configuration models are useful when handling incidents, solving problems, assessing impact of changes or developing a cost model for a service.

Services are described using specification sheets (Service Specifications) and forms part of the Service Catalogue and Service Portfolio. Hence, the Service Specifications, Service Catalogue and Service Portfolio should be registered as controlled documents, subject to the Change Management process, and hence defined as CIs within the Configuration Management System (CMS).

In actual implementation, the Service Catalogue may take the form of a matrix, table or spreadsheet. Some may even document their services in an intranet and present it in the form of web pages, with drill down capability to show greater details as required. The Service Catalogue can be viewed as a "database”, which forms part of a federated CMDB, containing detailed information and attributes of the Services and has linkages or relationships with other physical CMDBs within the CMS.

Sunday, November 1, 2009

Announcement on ITIL V2 withdrawal

ITIL has formally announced the dates for the withdrawal of ITIL V2 certification. More details can be found in the link below:

http://www.exin-exams.com/content/news/ogc-announces-timeline-for-withdrawal-of-itil-v2.aspx

For those hoping to pursue the ITIL Expert certification via the V2 Manager route, note that the V2 Manager certification examinations will be withdrawn on 31 August 2010 and the V2 to V3 Manager Bridge will be withdrawn on 30 June 2011.

All of the above will be available for re-sits until 30 June 2011.

Do sign up for the next ITIL V2 Manager and V2 to V3 Bridge courses before it is too late.

Tuesday, October 20, 2009

Understanding Configuration Management System (CMS) and Configuration Management Database (CMDB) – Part One

In ITIL V2, the CMDB is described as a database that contains the relationships between all the system components, including Incidents, Problems, Known Errors, Changes and Releases. The CMDB also contains information about Incidents, Problems, Known Errors, corporate data about employees, suppliers, locations and business units. It also goes on to say that the CMDB is often used to store details of Services and relate them to the underlying components and may also be used to store contracts and licences.

ITIL V2 seems to imply that a configuration management system is a set of tools used to support the Configuration Management activities.

In ITIL V3, the definition of CMS and CMDB is slightly changed from that of ITIIL V2. According to the ITIL V3 Glossary:

CMS = A set of tools AND databases that are used to
manage an IT Service Provider's Configuration data. The CMS also
includes information about Incidents, Problems, Known Errors, Changes
and Releases; and may contain data about employees, Suppliers,
locations, Business Units, Customers and Users. The CMS includes
tools for collecting, storing, managing, updating, and presenting data
about all Configuration Items and their Relationships. The CMS is
maintained by Configuration Management and is used by all IT Service
Management Processes.

CMDB = A database used to store Configuration Records
throughout their Lifecycle. The Configuration Management System
maintains one or more CMDBs, and each CMDB stores Attributes of Configuration Items (CIs), and Relationships with other CIs.

In other words, a CMDB is a database within a CMS. At the data level, the CMS may take data from several physical CMDBs, which together constitute a federated CMDB. Other data sources will also plug into the CMS such as the definitive media libraries (DML). A SCD (Supplier and Contracts Database) which stores information on supplier and contracts used in service management is also a database within the CMS and can be considered a CMDB. A service catalogue is just a form of CMDB.

According to the ITIL V3 books, the CMS maintains the relationships between all service components and any related incidents, problems, known errors, change and release documentation and may also contain corporate data about employees, suppliers, locations and business units, customers and users.

Relationships are the mechanism for associating RFCs, incident records, problem records, known errors and release records with the services and IT infrastructure CIs to which they refer. All these relationships should be included in the CMS. Request for Change (RFC) and change and release records will identify the CIs affected.

What about the actual incident, problem, change and release records? Are the actual records stored in or forms part of the CMS? According to the ITIL Glossary, the CMS contains “information about” incident, problems, Known Errors and Releases.

I think actual incident, problem, change and release records should be considered as part of the CMS although the ITIL V3 Service Operation book does not explicitly mention about storing incident records in the CMS. However, it mentions that Problem Management uses the CMS to identify faulty CIs and also to determine the impact of problems and resolutions. The CMS can also be used to form the basis for the KEDB and hold or integrate with the Problem Records. This means CMS may or may not store Problem and Known Error records, but the relationships information should be captured in the CMS.

The ITIL V3 Service Transition book does explicitly mention that the change and release records are stored within the CMS.

As an RFC proceeds through its lifecycle, the change document, related records (such as work orders) and related configuration items are updated in the CMS, so that there is visibility of its status. Estimates and actual resources, costs and outcome (success or failure) are recorded to enable management reporting.
Release information is recorded within the CMS, supporting the release and deployment process.

In real-life implementations, off-the-shelf tools from vendors like HP (HP Service Center) and BMC (Remedy) provides an integrated toolset that contain integrated modules to support the Incident, Problem, Change and Configuration Management processes. It contains all incident, problem and known errors records with relationships and linkages to the services and CI details stored in a database.

Monday, October 12, 2009

Which ITIL processes include risk analysis and management activities?

There is often disagreement amongst the ITIL students (and also between ITIL trainers and practitioners) as to which ITIL processes include risk analysis and management activities. Of course, processes like Security Management, Change Management, Release & Deployment Management, Availability Management, Supplier Management and IT Service Continuity Management obviously include risk analysis and management activities. In some cases, they are explicitly mentioned in the ITIL books.

What about other ITIL processes? These may not be so obvious. How do we answer such questions (samples below) if they should appear in ITIL examinations?

Q1. Which of the following processes should include risk analysis and management activities?

IT Service Continuity Management
Information Security Management
Incident Management
Change Management

a. 1, 2 and 4

b. 3 and 4

c. 1 and 2

d. All of the above

Most of us would have selected (a) as the answer and I think this is probably the “best” or “obvious” answer. However, one could argue that Incident Management would include “risk analysis and management activities”. Examples, if there are two workarounds or potential solutions that could be used, Incident Management (or Service Desk staff) would have to analyse and consider which workaround or solution could potentially be more risky to use when restoring service. The question specifies “should include”. Hmm…, so maybe (d) is the correct answer.

Q2. Which of these processes includes a need to carry out Risk Analysis and Management?

1. IT Service Continuity Management
2. Information Security Management
3. Service Level Management

a) All of the above

b) 1 and 3 only

c) 2 and 3 only

d) 1 and 2 only

Again, most (including myself) would have answered (d) since Service Level Management (SLM) does not have a direct need to perform risk analysis. But one could say that SLM would have to consider risks and uncertainty of outcomes during drafting and negotiation of SLAs. For example, SLM would need to consider the risks that Service Level requirements could not be met and hence should not be committed to. However, one could also say that such activities could be delegated to the other processes like Availability Management, Capacity Management, Security Management, Supplier Management and IT Service Continuity Management.

So, should the answer be (a) or (d) in the questions above?

In general, I think that any Process that includes some form of “PLANNING” or "ANALYSIS" as an activity ought to have included some form of risk analysis and management since we need to take into account the uncertainty of outcome and hence risk when doing any form of planning and analysis.

Which answers you pick in the ITIL examination would depends on how you interpret the question asked and whether you think this is a straight-forward question or a question to test your deeper understanding.

Perhaps, such examination questions should have been better worded (or avoided) to reduce the risk that the students may have doubt about what the examiner is looking for.