In a post we will tell that such ITIL, ITSM, CobiT, DevOps as they are connected and why even system administrators of the small companies have to know something about these abbreviations.
Zoo of methodologies: very short overview
ITIL and ITSM
ITIL (IT Infrastructure Library) — the set of publications (library) containing the best practicians in the field of management of IT services. ITIL contains recommendations about providing qualitative IT services, processes, functions, and also other means necessary for their support. The structure of ITIL is based on life cycle of service which consists of five stages (strategy, design, conversion, operation and continuous improvement). Also there are additional publications entering ITIL and containing specific recommendations about the industries, types of the companies, models of work and technology architecture. This canonical determination of ITIL.
Actually, this library generated the whole paradigm of management of IT infrastructure of the company based on SLA (compliance of promises of the supplier of service to expectations of the client) and ITSM (IT Service Management, management of IT services). ITSM is a concept of the organization of work of IT division and its interaction with the external or internal customer, and also external partners.
ITSM the IT project in itself therefore, as well as all other projects, has the advantages and shortcomings. Use of the ITSM methods gives the chance to do service cheaper and more quickly, and work of IT division is more transparent that is especially valuable in the multifilial and holding organizations. Also there is one more moment which in a century of startups and literally the flash-like growth of new types of business went beyond interests of the large organizations - it is a possibility of certification on ISO 20000, the international standard for management and service of IT services. Useful piece if you apply for a piece of the market and you look for the investor.
Now about risks. It is clear, that the ITSM standards and ITIL library describe the best practicians and at acquaintance with them it seems that everything logically and quite so to work and has to.
- If to accept all provisions as is, without binding to the current situation in business in general and in IT service in particular, it is possible to come to excessive formalization and considerable violation of work. Process of implementation of the principles of ITIL has to be selective and adaptive.
- Besides, before change of approach to management it is necessary to carry out the deep analysis of the processes happening in IT infrastructure — if everything works also obvious ways and requirements of improvement is not present, it is better to approach ITSM selectively and to implement the most valuable and necessary principles: management of licenses (SAM), management of configurations or just to adjust monitoring.
- If there is no distinct purpose of use of the principles of ITIL, then it is better to refuse an invention. The distinct purposes are, for example, change of policy of management of licenses or a solution of the problem of use by employees of piracy software. The muffled purpose — to implement and apply what was imposed on top because heard at conference.
As a matter of fact, it is exactly ITIL we are obliged by creation and development of convenient systems of tiket, incident managements and Service Desk. Most of developers of similar software (and Alloy Software not an exception) when developing modules relied on recommendations of ITIL.
CobiT (Control Objectives for Information and Related Technologies, problems of management for information and adjacent technologies) — collecting of standards and manuals in the field of management of IT audit and safety; the manual and the collection the practician on management of IT processes. Connected about the ITIL tool which is continuously updated and it is intended in order that between the manual of the company, IT specialists and auditors (external and internal) the world and mutual understanding reigned. In other words, the manager has to understand all IT risks including connected with failure to act in the situations demanding correction, and also potential risks connected with use of this or that element of IT infrastructure of the company.
Let's consider two widespread situations.
Situation the first. The manual of the company can have no understanding of what occurs in IT space, but at the same time the complete understanding to be more whole and than mission of business, processes, a product and services. To the contrary, the Chief information officer can fanatically build ideal IT infrastructure, practically without being interested in how she fits into strategy of development of the company. Also there is it quite often in the most vulnerable layer — medium business which did not reach the new level of management yet (as the giant), but already endured growth of services and a rupture of the simple and distinct intra branded communications inherent in small business. And meanwhile, such state of affairs does not relieve from the head responsibility absolutely for all processes in the companies including occurring in IT.
Situation the second, inherent to the companies of any level: from microbusiness to multinational corporations — an inadequate assessment of risks. Almost each of us at least once met risks of the overestimated scale: for example, fear of DDoS in the small company or all the known and not become reality "problem 2000". These are risks to which attach huge significance and which do not bear objective threat. On the other hand, there are underestimated risks to which nobody pays attention, but they are capable to put all worker process or to bring commercial damage: unlimited period of validity of accounts and passwords of users from working PCs and enterprise information systems, the client banks; transfer of commercially significant data on the insecure channels; lack of antiviruses and so forth. To classify risks and to competently evaluate them, it is necessary to carry out internal and/or external IT audit. It, in turn, has to be not check of compliance to rules and not a push to observance of rules, namely observance of rules. Therefore audit has to be the regular and integrated to monitoring system process of obtaining and an assessment of objective data on a current status of an information system, the actions and events which are taking place in it.
In the light of these situations we will return to CobiT. In it the purposes, tasks and the principles of management, control objects, IT processes, instruments of work with IT infrastructure, and also IT safety questions are described. The actual CobiT version and articles on it can be read on the website ISACA (there are paid and free materials). CobiT can be defined as methodology of corporate management of IT which:
- it is oriented to real business requirements;
- supports process approach to management of IT infrastructure and controls processes;
- estimates efficiency of IT at the companies.
Besides, CobiT conforms to the ISO 9000 and ISO/IEC 17799 standards, an information security standard and management of IB. By means of the principles of CobiT it is possible to minimize risks and to control return of investments into IT. That it is pleasant to us in CobiT, so is that it is well structured and a viewing field of this set of rules planning, the organization, acquisition, implementation, operation and maintenance, and also monitoring and an assessment of five major elements of each company get (according to determination of CobiT, IT resources).
- Data — information in the company in any kind, media files, external information.
- Applications — a set of the automated and manual procedures.
- Technology — the software, hardware, DBMS, SU networks, OS.
- The equipment — the resources supporting technology.
- People — personnel with skills and abilities, including control and monitoring.
That is actually CobiT proceeds from understanding that the IT infrastructure is information management, and according to the code information is evaluated by several criteria:
- productivity — ensuring availability of information by means of the most economic and productive use of resources
- efficiency — relevance and timeliness of information
- confidentiality — ensuring information protection from illegal access
- integrity — reliability, completeness and accuracy of information
- coordination — compliance to the legislation, subordinate normative legal acts and local regulations (decrees, agreements, the charter, etc.)
- suitability and simplicity of access — a possibility of obtaining and use of information for business process management
- reliability — property of information to reflect the real situation necessary for acceptance managerial (including financial) solutions.
As CobiT and ITIL correspond? ITIL — library of the best the practician of rendering of services in the field of IT, and CobiT — is more in management and audit of IT. Respectively, all processes described in ITIL can be controlled and be exposed to audit by the CobiT standard.
It is connected with ITIL (in some sources it is considered a direct consequence), CobiT becomes covered, but approach to system administration of DevOps has absolutely other paradigm. However, interpretation of the name indicates that it is a hybrid on a joint of administration and development (development and operations). The methodology of DevOps unites work of developers and IT engineers (it can be the created commands, certain people or even one person), thereby providing fast rates of expansion, reliability and safety of the production-environment (including testing). Speaking more simply, this methodology excluded the widespread phrase which became a meme: "Problem on the party of iron/software".
DevOps perfectly fitted into Agile-methodology with frequent bilda and releases, well works in case of development and testing of cloud services, and also continuously developing user applications (enterprise systems, games, schedulers, aggregators, etc.) for this reason since 2009 he well developed and got accustomed in many commands as a peculiar type of IT cooperation. The additional benefit of DevOps-methodology is felt when using by developers and test engineers of virtual computers, configuration files, integration and continuous testing. For example, when testing the IP telephony services the tester writes and uses automatic tests, itself configures the scheme, virtual computers, replication of the database — actually it and there is DevOps.
As the methodology of DevOps gives a set of benefits among which:
- standardization and automation of an environment
- high speed of development, deployment and testing
- an opportunity to often release updates
- minimization of problems at implementations at the customer, etc.
As you can see, DevOps is not approach purely to system administration, respectively, about its application there is a speech, generally in the companies developers.
Ok, my company is not included into world TOP 100 what to do to me with this information?
Really, ITIL and CobiT mention and describe several tens IT processes, there are no many of which in the majority of the organizations. However it is not an occasion to refuse acquaintance with fundamentals of methodologies to implement some ideas in life of your IT infrastructure. Here the approximate list of what gives use of some principles of the listed methodologies.
- Distribution of responsibility in command and understanding of interrelations of all divisions. So, for example, the sales department cannot separately live from IT service as it is a user of services and information which is provided to IT. Especially it is noticeable in those companies where data are collected in the centralized base, and then are distributed on request (for example, the companies having billing from which information is unloaded by means of special reports according to access rights). Plus to everything, in the command of IT service it is also worth distributing accurately duties — it will provide coordination of actions.
- Growth of attentiveness and responsibility. If the personnel know of continuous monitoring and periodic IT audit, many incidents manage to be avoided as it becomes obvious to the user that any tricks will be revealed.
- Growth of speed of reaction to problems. If in the company there is a system of tiket and requests, then efficiency of service of internal customers considerably increases, and the speed of a solution is controlled by the initiator of the request.
- Simplicity and transparency of identification of problems. The system of work with incidents in combination with the software allowing to perform monitoring of a network helps to set quickly the origin of a problem and objects involved in a problem. And, so to receive authentic data for search of a solution.
- Simplification of utilization of resources. System administrators and engineers by means of special programs can physically set far off both obsolete program and hardware and either to update it, or to replace new. At the same time it is possible to perform planning of replacement of elements of IT infrastructure, and it is a guarantee of stable work of employees without sudden idle times.
From use of the principles of the listed methodologies the manual of the company has the benefit also. First of all, it is aspect of economy and planning.
- Management of licenses softwares, verification of presence of free licenses — one of notable articles of economy on IT infrastructure. Establishment of a profile of use of licenses helps to correct the amount of the purchased or rented products, to redistribute software on real requirements. Classical example: sales department from 7 people from whom three constantly "in fields", and one more — unloads data of times a month for the analysis. In department seven licenses CRM, and would be fashionable to manage five. Same history repeats itself and in departments of logistics and design where it is set and quite often software stands idle expensive.
- The regulated operating procedure in IT service reduces the number of the broken terms and unrealized projects.
- The understanding of the current cut hardware and the software in the company allows to make reasonably the budget on acquisition of IT assets, quickly and precisely to evaluate requirements of the company for upgrade of IT infrastructure.
- The exact understanding of features of the organization of IT infrastructure helps to optimize a ratio of capital and operating expenses. For example, making the choice for benefit of lease of software on the SaaS models or uses of virtual computational capabilities in a cloud.
In principle, practically each system administrator faced separate elements of methodologies and actively used them in the practice. However an integrated approach and gradual implementation new the practician without fail will give the effect, regardless of the size of the company. We were influenced by it — and in development process of our systems, and in management of the company. To the clients we always repeat: yes, our systems are designed taking into account the principles of ITIL, but their use and implementation does not oblige to submit to the principles blindly at all. On the contrary, we always note that the Alloy Software programs are flexibly configured practically for any infrastructure:
Alloy Navigator — a complex control facility work of IT infrastructure of the enterprise. The product represents the simple and multifunction Service Desk system, with ample opportunities on management of assets and support of all range of tasks of division of IT. It is aimed at requirement of medium and large business. For small business there is Alloy Navigator Express.
Alloy Discovery — system of data collection and processing about computer hardware and the software of the company. The product is developed especially for network administrators and service providers, is suitable for small and medium business. For absolutely small business there is Alloy Discovery Express.
Alloy Navigator Express — from 20 000 rub / user, from the 150th a rub / host
Alloy Navigator Enterprise — from 83 000 rub / user, from the 150th a rub / host
The post about Alloy Navigator on Habré lives here.
Alloy Discovery Express — from 12 000 rub / user, from the 150th a rub / host
Alloy Discovery Enterprise — from 19 000 rub / user, from the 150th a rub / host
The post about Alloy Discovery on Habré lives here.
There comes new year. Undoubtedly, as well as any other, it will bring new challenges and progress to the companies and all IT industry. Therefore the Alloy Software command wishes all success and development. Let you will not be brought by reliable and controlled IT infrastructure of your business. With coming!
This article is a translation of the original post at habrahabr.ru/post/274167/
If you have any questions regarding the material covered in the article above, please, contact the original author of the post.
If you have any complaints about this article or you want this article to be deleted, please, drop an email here: firstname.lastname@example.org.
We believe that the knowledge, which is available at the most popular Russian IT blog habrahabr.ru, should be accessed by everyone, even though it is poorly translated.
Shared knowledge makes the world better.