从管理和运营的角度看it3ppt课件

/china/technet 从管理和运营的角度看从管理和运营的角度看 IT 3. MOF理论基础理论基础 -下下 /china/technet 从管理和运营的角度看从管理和运营的角度看 IT系列讲座介绍系列讲座介绍 u 1. MOF简介简介 u 2. MOF理论基础理论基础 -上上 u 3. MOF理论基础理论基础 -下下 u 4. MOF 过程模型过程模型 u 5. MOF团队模型团队模型 u 6. MOF 风险管理原则风险管理原则 /china/technet 今日议程今日议程 u 服务提供服务提供 (Service Delivery) u 服务级别管理服务级别管理 ( Service Level Management) u IT服务财务管理服务财务管理 ( Financial Management) u 能力管理能力管理 ( Capacity Management) u IT服务持续性管理服务持续性管理 ( IT Service Continuity Management) u 可用性管理可用性管理 ( Availability Management) /china/technet 服务提供概述 u 主要任务 考察组织的服务需求，根据需求设计合理的资源组合、服务级别目标以提供客户 满意的 IT服务。 u 要解决的问题 客户需要什么？ 为满足客户的需求，需要哪些资源？ 这些资源的成本是多少？ 如何在服务成本和服务效益 (达到的服务级别 )之间权衡？ u 服务提供的特点 面向用户 以组织业务和客户需求为出发点 服务提供流程侧重于与客户代表或客户高层 (为此服务付费的人 )确定 IT服务的级别 战术性流程 全局性问题 不涉及具体的运营层面 /china/technet 服务提供概述 u 服务级别管理 结合组织的业务需求，协商确定服务级别目标 u IT服务财务管理 对服务进行收费和成本核算，便于确定 IT服务的成本效益 u 能力管理 对业务能力、服务能力和资源能力进行规划，实现 IT资源和组织业务的有效整合 u IT服务持续性管理 通过有效的持续性管理和风险管理确保组织业务的持续运营 u 可用性管理 优化 IT基础设施的可用性，为组织提供持续的符合成本效益原则的可用性级别 /china/technet /china/technet 服务级别管理 Mission: Align service provision with business requirements by quantifying, negotiating, and monitoring service provision qualities and instigating actions to remove poor service in line with business or cost justification. Objective: To ensure agreement to and monitoring of an optimal level of IT service in close co-operation between provider and customer 通过对 IT服务绩效的协商、监控、评价和报告等一套相对固定的 运营流程来维持和改进 IT服务的质量，使之既符合业务需求同时 又满足成本约束的要求 采取适当的行动来消除或改进不符合级别要求的 IT服务 提高客户满意度以改善与客户关系 /china/technet 服务级别管理中的主要概念 u 服务级别管理 (SLM) u IT服务提供方和外部供应商 u 服务级别协议 (SLA) u 运营级别协议 (OLA) u 支持合同 (Underpinning Contract, UC) u 服务级别需求 (Service Level Requirement, SLR) u 服务质量计划 (Service Quality Plan, SQP) u 服务改进计划 (Service Improvement Programme, SIP) u 服务目录 (Service Catalogue) /china/technet Types of Agreements Internal/External Customers IT Service Service Level Management Internal Suppliers and Maintenance Personnel External Suppliers and Maintenance Personnel Service Level Agreements Operational Level Agreements Underpinning Contracts Source: ITIL- CCTA Crown Copyright 2000 /china/technet 管理的范围 u Service Level Agreements (SLAs) should be established for all IT services being provided u Underpinning Contracts (UCs) and Operational Level Agreements (OLAs) should be in place with suppliers (external and internal) on whom service delivery is dependent /china/technet 服务级别管理的主要活动 u Establish - 计划 u Implement SLAs - 执行 u Manage the ongoing process - 检查 u Periodic Reviews - 控制 /china/technet 规划服务级别管理的主要流程和考虑 u Appoint Service Level Management and any necessary supporting staff u Produce a mission statement u Define the objectives and scope of the function u Prepare an awareness campaign to win support u Define roles, tasks and responsibilities u Quantify activities, resources, funding and quality criteria u Identify risks u Create a Service Catalogue and SLA structure u Draft a pilot SLA format u Identify support tools, particularly for SLA monitoring u Set and agree on Incident priority levels and escalation paths, with Customers, internal and external providers u Adequate monitoring is critical to the success of Service Level Agreements (SLAs) (A review of the existing tools and techniques should be done.) u Establish the initial perception of the services /china/technet SLA管理的实施和执行 uImplementation of Service Level Management (and all the other processes) usually takes the form of a formal project utilizing a structured project management methodology /china/technet 服务级别协议 (SLA) 的结构 u Service Based - One Service Level Agreement for a specific service for all customers of that service u Customer Based - One Service Level Agreement for a specific customer for all services u Multi-Level Corporate Level - covering all generic Service Level Management (SLM) issues that would be appropriate for all customers Customer Level - covering all Service Level Management (SLM) issues relevant to a specific customer group for all services used Service Level - covering all Service Level Management (SLM) issues relevant to a specific service for a specific customer group /china/technet 服务级别协议的内容 u Scope of the agreement u Service description u Signatories u Date of next review u Service hours u Service availability u Support levels u Performance u Security u Functionality u Charges u Change procedure u Contingency u Anticipated growth u Restrictions u Training u Change procedure for the Service Level Agreement Include in agreements only those metrics that can be measured /china/technet 服务改进计划 (Service Improvement Programs, SIPs) u Initiate whenever an underlying difficulty is identified which adversely impacts service quality u Work in conjunction with Problem Management and Availability Management to implement whatever actions are necessary to restore service quality /china/technet SLM过程中可能遇到的问题 u 没有验证服务目标是否可实现，在签约前缺乏核实过程 u 对服务级别管理重视不够，投入的资源和时间太少 u 服务协议没有得到足够的运营级别协议或支持合同的支持 u 各方的责任定义不明确，从而可能会导致各方推卸责任 u 服务级别协议根据 IT而不是结合业务需求来签订，尤其在业务不清楚 其业务需求时更是如此 u 对关键流程或业务关注不够 u 拟提供的服务级别未能很好的传递给客户 /china/technet IT服务财务管理 Objective: To identify costs involved, monitor and if necessary, recover costs of providing IT services. /china/technet IT服务财务管理的目标 u To provide cost-effective management of the IT assets and resources used to provide IT services u To be able to account fully for the cost of IT services and to attribute these costs to the services delivered to the organizations Customers u To assist management decisions on IT investments by providing detailed business cases for changes to IT services u 全面核算 IT服务运营成本，并按照向客户提供的服务项目进行分摊 u 为管理层提供 IT投资决策所需要的详细资料 u 对支持 IT服务运营的 IT资产和资源进行成本效益管理 /china/technet IT服务财务管理的主要活动 u 预算 Predicting and controlling the expenditure of funds u IT核算 To account fully for the way funds are spent (particularly the ability to identify costs by Customer, service and activity u 定价 /计费 Billing Customers for services supplied Note: Responsibility often shared with the Finance area /china/technet 预算 u Enables an organization to: Predict the money required to run IT services for a given period Ensure that actual spend can be compared with predicted spend at any point Reduce the risk of overspending Ensures that revenues are available to cover predicted spending (where charging is in place) /china/technet IT核算 u Enables an organization to: Account for the money spent in providing services Calculate the cost of providing IT service to both internal and external customers Perform cost-benefit or Return on Investment (ROI) analysis Identify the cost of changes Current value of assets (depreciation) /china/technet 定价 /计费 u Enables an organization to: Recover the costs of the IT services from the Customers of the service Operate the IT organization as a business unit if required Influence User and Customer behavior /china/technet 定价 /计费的策略和方法 u 市场价格法 the price charged by external suppliers u 现行价格法 comparable to other internal organizations u 成本加成法 input cost plus uplift u 成本法 total cost of ownership u 固定价 negotiated price for a fixed period /china/technet 定义 u Differential charging variable charging rates in order to influence usage u Notional charging presenting a bill to customers for services used, but not charging them u 成本模型 (cost model) A framework in which all known costs can be recorded and allocated to specific Customers, activities or other categories Several types Costs by Service, by Customer or location /china/technet 成本类型 u 硬件成本 u 软件成本 u 人力成本 u 后勤成本 u 外部服务成本 u 直接成本 Can be traced to a product, service, cost centre, or department u 间接成本 Cost incurred in the course of making a product, providing a service, or running a cost centre or department (often called Overheads) u Capital Costs 固定资产 (可以被折旧 ) u Computer equipment u Building and plant u Software packages u Operational Costs - Overhead (租赁 , 保险 , 等等 .) u Staff u Maintenance of computer equipment and software u Consultancy services or rental fees for equipment u Software license fees u Accommodation costs /china/technet 实现 IT财务管理的主要过程 u 组建管理团队 u 可行性研究 u 系统实施准备工作 u IT服务工作量预测及预算项目成本预测 u 预算编制 u 确立责任中心 u 计算 IT服务项目的成本 u 投资估价 u 后续运营活动 u 收费 u 制作管理报告 /china/technet IT财务管理的可能问题 u IT人员对成本结构、收费机制等缺乏了解，只是 IT会计核算系统无效 u 检测、计算、补偿成本都需要非 IT服务部门的相关计划信息 u 缺少既懂 IT又熟悉会计知识的人员 u 组织缺乏明确的信息系统发展战略目标，使得估计 IT需求和确定它们 的投资成为难点 u 高管对 IT服务的财务缺乏知识，导致各部门不能有效地协同 u 缺少管理层认可，使得财务管理过程不能严肃认真地执行 u 一旦考虑成本，可能导致 IT部门跟不上用户需求的变化 u IT财务管理过程本身的成本可能会超出其产生的效益 u 成本监测工具可能不准确、信息不相关、或是成本太高 /china/technet 能力管理 Mission: Ensure IT capacities are optimized to support business requirements. Objective: Ensuring care of the optimal use of IT resources to meet performance levels agreed to with the customers “The right capacity at the right place at the right price” /china/technet 目标和范围 u 目标 分析当前的业务需求和预测未来的业务需求，并确保这些需求在制定能力计划时 得到了充分的考虑 确保当前的 IT资源能够发挥最大的效能，提供最优的 IT服务绩效 确保组织的 IT投资按计划进行，避免不必要的资源浪费 合理的预测技术的发展趋势，从而实现服务能力与服务成本、业务需求与技术可 行性的最佳组合 u 范围 所有硬件设备 所有网络设备 所有软件系统 人力资源 /china/technet 关于能力管理的两大定律 摩尔定律 In 1965 Gordon Moore, one of the founders of Intel, observed that each new memory chip produced contained about twice as much processing Capacity as its predecessor, and that new chips were released every 18 - 24 months. This trend has continued ever since, leading to an exponential increase in processing power. 帕金森定律 We all know that work expands to fill the time available to complete it, but a variation on that law is that data expands to fill the space available for storage. /china/technet 能力管理的子流程 u 业务能力管理 Trend, forecast, model, prototype size and document future business requirements u 服务能力管理 Monitor, analyze, tune, and report on service performance, establish baselines and profiles of use for services, manage demand for services u 资源能力管理 Monitor, analyze, run and report on the utilization of components, establish baselines and profiles of use of components /china/technet Capacity Management Activities u text Business Capacity Management (BCM) Service Capacity Management (SCM) Resource Capacity Management (RCM) Iterative Activities Demand Management Modeling Application Sizing Storage of Capacity Management Data Production of the Capacity Plan CDB Covering all aspects of BCM, SCM and RCM /china/technet 迭代式的活动 u 监控 gather utilization and performance statistics on all service components, establish thresholds and baselines u 分析 comparing monitoring results with baselines and SLA requirements u 优化 analysis may identify opportunities to balance workloads and traffic or alter configurations u 实施 done under the control of Change Management /china/technet Demand Management u Used to influence the demand for computing resources and the use of those resources Concurrent use, scheduled availability, etc. Differential charging based on off-peak utilization /china/technet Modeling u Trend Analysis Modeling Analysis based on historical data of resources utilization and service performance u Analytical Modeling Mathematical analysis of computer systems (queuing theory) u Simulation Modeling Analysis of discrete events (transactions, arrival rates, etc.) u Baseline Models Current performance achievements are used to determine predictive behaviors (What if?) /china/technet Application Sizing u Understanding the requirements from both a service and component perspective allows for the development of adequate capacity during the design and implementation /china/technet Capacity Database (CDB) u Used to store all capacity and performance data from all the necessary system components u All the data required and produced by each of the sub-processes is stored in the Capacity Database (CDB) Strongly linked with the CMDB /china/technet 能力计划的内容 u Introduction and comments including scope of the plan and methods used u Assumptions made u Management summary u Business scenarios u Service Summary including current and recent service provision and forecasts u Resource Summary including current and recent resource usage and forecasts u Options for service improvement u Cost Model u Recommendations /china/technet 能力管理可能遇到的问题 u 缺乏实施能力管理所必需的资金和技术 u 需求管理不力，客户对服务的期望超出了 IT部门的技术能力 u 对从服务绩效调整中获得的收益寄予了过高的期望 u 设备制造商或供应商提供了不真实的设备性能参数 u 由于业务或安全方面的原因而使得必要的业务信息无法取得 u 不准确的业务预测信息使得能力规划不能满足未来的服务需求 u 系统的监控难以有效进行 /china/technet IT服务持续性管理 Mission: Ensure capability to restore services in the event of a disaster according to business requirements as well as reduce vulnerability of disasters. Objective: To plan to cope with, and recover from, an IT crisis which requires that work is moved to an alternative system in a non- routine way /china/technet IT服务持续性管理的目标 u To support the overall Business Continuity Management process by ensuring that the required IT technical and services facilities can be recovered with required, and agreed, business time scales u 通过确保服务运营所需的 IT技术和服务措施能够在要求 和约定的时间内得到恢复，从而为总体的业务持续性管 理提供支持。 /china/technet Impact of Contingencies u 93% of companies that suffer a significant data loss are out of business within five years (The U.S. Bureau of Labor) u 98% of CIOs polled agree on the importance of a disaster recovery plan, 25% of them do not have one (RHI Consulting survey) u The FBI estimates that computer crime in 1996 cost $10 billion in the US u Disgruntled employees are the largest and most damaging single risk source, and growing every year (National Computer Security Association) u Under US Federal Law, senior management is personally liable for the effective protection of all vital corporate assets, including data /china/technet Average Financial Impact (One-Hour Data Centre Down Time) u Telephone Ticket Sales $69,900 u Airline Reservation Centres $89,500 u Retail Catalog Sales Centres $90,000 u Infomercial 800-Number $199,500 u Credit Card Sales Authorization $2.6 M u Retail Brokerage Firm $6.5 M u NYSE $3.2 M/Minute Industry norms suggest that 99.5% service availability or up to 43 hours of unplanned downtime and 50 hours of planned downtime per year is “Outstanding.” 2001 Gartner Group, Inc. report /china/technet 范围 u Varies from organization to organization but is affected by The organizations dependence on technology, its infrastructure and external providers of support services The number and location of offices and the services performed at each The number of critical business processes and the level of integration between them The level of services that need to be provided to the business to support those critical business processes Any limitations in the provision of IT Service Continuity Management mechanisms (requirements) The organizations attitude towards risk u The risks covered by ITSCM tend to be those that could result in serious disruption to business processes u ITSCM does not usually cover longer-term risks directly such as those from changes in business direction, restructuring, etc. Similarly it does not usually cover minor technical faults unless there is the possibility of a material impact on a business process /china/technet 危机 (Crisis)的定义 uAn unplanned situation in which unavailability of one or more IT services will exceed time period threshold values agreed to with the customer /china/technet IT服务持续性管理的主要活动 u 定义需求和战略 业务影响度分析 风险评估 业务持续性战略 u 执行风险管理 u 形成 Contingency Plan u 测试 /china/technet Business Impact Analysis Business Impact Analysis (BIA) How much the organization stands to lose as a result of a disaster or other service disruption and the speed of escalation of those losses u Identifies Critical business processes The potential damage or loss that may be caused to the organization as a result of a disruption to a critical business process The form that the damage or loss may take including lost income, additional costs, damaged reputation, loss of goodwill, loss of competitive advantage How the degree of damage or loss is likely to escalate after a service disruption The staffing, skills, facilities and services necessary to enable critical and essential business processes to continue operating at a minimum acceptable level The time within which minimum levels of staffing, facilities and services should be recovered The time within which all required business processes and supporting staff, facilities and services should be fully recovered /china/technet 风险评估 (Analysis) u Identify risks from a component perspective (e.g., risks to particular IT service components (assets) that support the business process which cause an interruption to service) u Assess threats, vulnerabilities and assumption Threat what could happen? Vulnerability what is the likelihood and effect? ALL assumptions are your risk! u Assess the levels of risk /china/technet 业务持续性战略 u 侧重预防还是侧重快速恢复 ? u This drives the selection of risk reduction measures An organizations strategy is a balanc