SYNOPSIS

The information technology in an organization is a dynamic resource that is constantly adapted to meet changing needs. The rational practice of controlling that change is known as systems management. As with many other organizational practices, systems management has evolved from informal, ad hoc responses to immediate needs to a well understood, formalized practice. This book, The Definitive Guide to Service-Oriented Systems Management, examines best practices for systems management with an emphasis on a modularized approach known as services oriented management (SOM).

"Systems management responsibilities continue to grow in complexity - business alignment and compliance are now demanded as much as technical integrity and systems availability. The service oriented management (SOM) model has emerged as a method for managing that complexity," explains author Dan Sullivan. "The Definitive Guide to Service-Oriented Systems Management describes the key elements of SOM, including service delivery, service support, application and asset management, as well as governance and security management."

CHAPTER PREVIEWS

Chapter 1: The State of Systems Management

The information technology (IT) in an organization is a dynamic resource that is constantly adapted to meet changing needs. The rational practice of controlling that change is known as systems management. As with many other organizational practices, systems management has evolved from informal ad hoc responses to immediate needs to a well-understood, formalized practice. This guide examines best practices for systems management with an emphasis on a modularized approach known as service-oriented management (SOM).

Chapter 2: Core Processes in Systems Management

Systems management is a multifaceted practice. The responsibilities of this domain range from ensuring servers are up and running to planning for future growth, which requires meeting the needs of business within the constraints of IT budgets and resources. This chapter examines the core processes entailed in enterprise systems management including:

• Aligning business objectives and IT
• Planning and risk management
• Business continuity and operational integrity
• Security and compliance
• Capacity planning
• Asset management
• Service delivery

Chapter 3: Industry Standard Practices and Service-Oriented Management

Civilizations advance by preserving, passing on, and building upon existing knowledge. If we had not leveraged the advances of previous generations, our world would be a far different place. In a similar fashion, although on a far less expansive scale, IT practitioners have developed, formalized, and documented best practices in several areas related to managing IT services, particularly in the following arenas:

• Technology management
• Governance
• Security
• Risk management

Chapter 4: Moving to a Service-Oriented System Management Model

IT infrastructures are like ecosystems, they grow incrementally and in response to changing conditions. Usually, but not always, IT infrastructures grow in response to an emerging business or organizational need. Consider some typical scenarios:

• Is there an opportunity to expand into another geographical area? Remote offices, new staff, and expanded network services will be needed.
• Is the company growing through acquisitions? How does an acquiring company know the true value of the company being acquired? Can IT make the acquisition more seamless? The financial industry is a perfect example of this growth model.
• Is the company downsizing and realigning divisions in response to maturing market conditions? Hardware resources will have to be reassigned, software licenses re-allocated and retired, and access control and other security policies revised to account for changes in the organizational structure.
• Will a number of agency departments merge with another agency? The assets allocated to those departments must be inventoried, software licenses reassigned, hardware moved, and inventories updated.
• Has an audit discovered shortfalls in IT practices? New policies and procedures may be implemented, additional security countermeasures might need to be deployed, and a new monitoring process may need to be established.

Chapter 5: Implementing System Management Services Part 1: Deploying Service Support

Much of the work in systems management is service support—keeping devices and applications functioning and ensuring that they continue to meet the changing needs of the organization. This task entails managing changes as new assets are added and others are retired; reconfiguring systems in response to changes in the infrastructure, such as growing demands for network bandwidth; and releasing new versions of applications to geographically distributed users. Service support is especially challenging because of the breadth of services that are typically supported by IT operations and the depth of detailed information required for service support.

The breadth of operations, from upgrading operating systems (OSs) and reconfiguring routers to planning software releases and responding to security incidents, can be labor intensive. For example, upgrading the OS on one desktop computer might take one hour in a simple case. Coordinating times to install the upgrade with users and dealing with unexpected consequences of the change add to that time.

Ensuring the Quality of Service (QoS) delivery depends upon detailed information about the state of devices and processes running on those devices. A systems manager cannot simply install a new application or upgrade an existing application without understanding how the system is currently used. For example, a Java application server may depend upon one version of the Java runtime environment (JRE), but another application, about to be in installed on the same server, requires a different version of the same runtime environment. The systems manager cannot uninstall one version of the runtime environment and replace it with another without disrupting the application server operations.

Chapter 6: Implementing Systems Management Services Part 2: Managing Service Delivery

Service delivery is a complex mosaic of multiple processes and procedures that are required to introduce, manage, and develop information services. The previous chapter examined how service delivery is deployed with processes such as incident management, configuration management, change management, and release management. This chapter continues with service delivery, but turns your attention to management.

The deployment step focuses primarily on executing procedures to keep IT operations running smoothly and adapting to the changing needs of users. Management is more about planning, monitoring, and adjusting. In particular, this chapter will address:

• Service-level management
• Financial services management
• Capacity management
• Availability and continuity management

Chapter 7: Implementing Systems Management Services Part 3: Managing Applications and Assets

Networks, servers, and client devices alone do not address the information needs of an organization—applications, and their associated data, customize the functions of an otherwise generic infrastructure and allow IT to meet the information management requirements of businesses, agencies, and other organizations. The ability to finely customize software to meet particular needs makes it a key to aligning information services to business strategy. At the same time, the flexibility introduces a wide variety of management challenges. These challenges have by no means been completely mastered, and software developers continue to create and refine new development methodologies. There are, however, common elements to application management frameworks. This chapter will examine the challenges of application management from the perspective of application life cycle management and software asset management.

Application life cycle management entails how applications are created and deployed. Once constructed, or otherwise acquired, software applications are assets that must be managed as any other information asset. Of course, applications do not exist in a vacuum, and dependencies between applications must be understood to ensure they function properly. Another key to proper functioning is adequate security to protect the integrity of the application as well as the integrity and confidentiality of its related data. Finally, despite many differences with other kinds of assets, applications are assets and must be managed as such.

Chapter 8: Leveraging Systems Management Processes for IT Governance

Throughout, this guide has examined systems management processes as they apply to controlling assets, processes, and procedures; providing service support; delivering services; and managing applications. This chapter turns your attention to a higher level of management and asks: How do you control and manage the implementation of these systems management processes?

What Is Governance?

Governance is the process of setting long-term objectives, establishing controls that measure the progress toward those objectives, and monitoring to ensure controls are followed and objectives are being met. In short, governance is about deciding what an organization should do, how to ensure it will get done, and then making sure it does get done. As Figure 8.1 shows, the governance process encompasses all aspects of service-oriented management (SOM).

Figure 8.1: The governance process defines a framework in which SOM operations are controlled.

Chapter 9: Supporting Security with Systems Management

The security and systems management functions of an organization go hand in hand. Security professionals depend on the services and infrastructure maintained by application, server, and network administrators. Countermeasures such as firewalls, content filters, and anti-malware must be deployed, maintained, monitored, and integrated and these tasks fall into the domain of network and systems management. At the same time, systems managers have a wide array of responsibilities and they require a secure foundation upon which to do their work. We cannot expect application administrators to maintain a mission-critical application while the server is subject to Denial of Service (DoS) attacks or client devices are riddled with spyware and malware. There is much overlap between security and systems management, and this chapter will focus on how systems managers can support and help to improve the overall security of the IT infrastructure.

Information is a broad and challenging field. Several frameworks and organizing structures have been proposed. The ISO-17799 standard is popular among security professionals because it addresses the field from their perspective. Another approach, taken by the SANS Institute, is to think in terms of layered walls and defense in depth. This model is probably more similar to architecture models and infrastructure designs used by systems management. Although the topics addressed in this chapter span both the ISO-17799 standard and the SANS model, the SANS model will serve as an organizing principle.

The key areas of information security as it relates to system management are:

• Network security
• Host security
• Vulnerability management
• Authorized user support
• Security management

Chapter 10: Managing Risk in Information Systems

The focus of this guide has been on the practice of systems management with an emphasis on best practices for creating and maintaining IT infrastructure. As useful and effective as these practices are, they cannot guarantee that operations will always go as planned, that projects will stay on schedule, or that adverse events will not occur. Part of effective systems management is managing the risks inherent in IT operations. This chapter will examine the following topics within the broader area of IT risk management:

• The practice of risk analysis
• The impact of risks and their implications for risk management

Chapter 11: Benefits of Mature Systems Management Processes

The SOM model discussed throughout this guide touches on many aspects of IT infrastructure management, from risk analysis and asset management to patch management and service delivery. It has to; IT is a broad and varied discipline. Despite the variety of topics, a single theme links them all—process management. The information systems that run businesses, governments, and organizations long ago reached levels of complexity that could not be managed with ad hoc approaches. Formalized processes and procedures, aligned with organizational objectives, are the foundation upon which successful IT operations are built.

This chapter examines the benefits of mature systems management processes by examining two related questions:

• How can a mature systems management model help control IT costs?
• What are the costs of not controlling IT operations?

Chapter 12: Roadmap to Implementing Service-Oriented Systems Management Services

Service-oriented management is the platform for managing systems management functions across the diverse and wide-ranging needs of today’s enterprises. The platform takes a function- rather than device-specific focus for several reasons:

• The need to stay aligned with business objectives requires an agile management structure
• Demands on IT management, such as compliance, apply to IT services not to specific devices
• Devices accessing enterprise resources may be managed (owned by the enterprise), semi-managed (owned by employees but subject to some IT policies, such as smartphones), or unmanaged, such as public kiosks and customer PCs that access Internet-accessible services