1、,从管理和运营的角度看IT 3. MOF理论基础-下,从管理和运营的角度看IT系列讲座介绍,1. MOF简介 2. MOF理论基础-上 3. MOF理论基础-下 4. MOF 过程模型 5. MOF团队模型 6. MOF 风险管理原则,今日议程,服务提供 (Service Delivery) 服务级别管理 ( Service Level Management) IT服务财务管理 ( Financial Management) 能力管理 ( Capacity Management) IT服务持续性管理 ( IT Service Continuity Management) 可用性管理 ( Ava
2、ilability Management),服务提供概述,主要任务 考察组织的服务需求,根据需求设计合理的资源组合、服务级别目标以提供客户满意的IT服务。 要解决的问题 客户需要什么? 为满足客户的需求,需要哪些资源? 这些资源的成本是多少? 如何在服务成本和服务效益(达到的服务级别)之间权衡? 服务提供的特点 面向用户 以组织业务和客户需求为出发点 服务提供流程侧重于与客户代表或客户高层(为此服务付费的人)确定IT服务的级别 战术性流程 全局性问题 不涉及具体的运营层面,服务提供概述,服务级别管理 结合组织的业务需求,协商确定服务级别目标 IT服务财务管理 对服务进行收费和成本核算,便于确定
3、IT服务的成本效益 能力管理 对业务能力、服务能力和资源能力进行规划,实现IT资源和组织业务的有效整合 IT服务持续性管理 通过有效的持续性管理和风险管理确保组织业务的持续运营 可用性管理 优化IT基础设施的可用性,为组织提供持续的符合成本效益原则的可用性级别,服务级别管理,Mission:Align service provision with business requirements by quantifying, negotiating, and monitoring service provision qualities and instigating actions to remo
4、ve poor service in line with business or cost justification. Objective:To ensure agreement to and monitoring of an optimal level of IT service in close co-operation between provider and customer通过对IT服务绩效的协商、监控、评价和报告等一套相对固定的运营流程来维持和改进IT服务的质量,使之既符合业务需求同时又满足成本约束的要求采取适当的行动来消除或改进不符合级别要求的IT服务提高客户满意度以改善与客户
5、关系,服务级别管理中的主要概念,服务级别管理(SLM) IT服务提供方和外部供应商 服务级别协议(SLA) 运营级别协议(OLA) 支持合同(Underpinning Contract, UC) 服务级别需求(Service Level Requirement, SLR) 服务质量计划(Service Quality Plan, SQP) 服务改进计划(Service Improvement Programme, SIP) 服务目录(Service Catalogue),Types of Agreements,Internal/External Customers,IT Service Ser
6、vice Level Management,Internal Suppliers and Maintenance Personnel,External Suppliers and Maintenance Personnel,Service Level Agreements,Operational Level Agreements,Underpinning Contracts,Source: ITIL- CCTA Crown Copyright 2000,管理的范围,Service Level Agreements (SLAs) should be established for all IT
7、services being provided Underpinning Contracts (UCs) and Operational Level Agreements (OLAs) should be in place with suppliers (external and internal) on whom service delivery is dependent,服务级别管理的主要活动,Establish - 计划 Implement SLAs - 执行 Manage the ongoing process - 检查 Periodic Reviews - 控制,规划服务级别管理的主
8、要流程和考虑,Appoint Service Level Management and any necessary supporting staff Produce a mission statement Define the objectives and scope of the function Prepare an awareness campaign to win support Define roles, tasks and responsibilities Quantify activities, resources, funding and quality criteria Id
9、entify risks Create a Service Catalogue and SLA structure Draft a pilot SLA format Identify support tools, particularly for SLA monitoring Set and agree on Incident priority levels and escalation paths, with Customers, internal and external providers Adequate monitoring is critical to the success of
10、 Service Level Agreements (SLAs) (A review of the existing tools and techniques should be done.) Establish the initial perception of the services,SLA管理的实施和执行,Implementation of Service Level Management (and all the other processes) usually takes the form of a formal project utilizing a structured pro
11、ject management methodology,服务级别协议 (SLA) 的结构,Service Based - One Service Level Agreement for a specific service for all customers of that service Customer Based - One Service Level Agreement for a specific customer for all services Multi-Level Corporate Level - covering all generic Service Level Man
12、agement (SLM) issues that would be appropriate for all customers Customer Level - covering all Service Level Management (SLM) issues relevant to a specific customer group for all services used Service Level - covering all Service Level Management (SLM) issues relevant to a specific service for a spe
13、cific customer group,服务级别协议的内容,Scope of the agreement Service description Signatories Date of next review Service hours Service availability Support levels Performance Security,Functionality Charges Change procedure Contingency Anticipated growth Restrictions Training Change procedure for the Servic
14、e Level Agreement,Include in agreements only those metrics that can be measured,服务改进计划 (Service Improvement Programs, SIPs),Initiate whenever an underlying difficulty is identified which adversely impacts service qualityWork in conjunction with Problem Management and Availability Management to imple
15、ment whatever actions are necessary to restore service quality,SLM过程中可能遇到的问题,没有验证服务目标是否可实现,在签约前缺乏核实过程 对服务级别管理重视不够,投入的资源和时间太少 服务协议没有得到足够的运营级别协议或支持合同的支持 各方的责任定义不明确,从而可能会导致各方推卸责任 服务级别协议根据IT而不是结合业务需求来签订,尤其在业务不清楚其业务需求时更是如此 对关键流程或业务关注不够 拟提供的服务级别未能很好的传递给客户,IT服务财务管理,Objective:To identify costs involved, mon
16、itor and if necessary, recover costs of providing IT services.,IT服务财务管理的目标,To provide cost-effective management of the IT assets and resources used to provide IT services To be able to account fully for the cost of IT services and to attribute these costs to the services delivered to the organizatio
17、ns Customers To assist management decisions on IT investments by providing detailed business cases for changes to IT services 全面核算IT服务运营成本,并按照向客户提供的服务项目进行分摊 为管理层提供IT投资决策所需要的详细资料 对支持IT服务运营的IT资产和资源进行成本效益管理,IT服务财务管理的主要活动,预算 Predicting and controlling the expenditure of funds IT核算 To account fully for t
18、he way funds are spent (particularly the ability to identify costs by Customer, service and activity 定价/计费 Billing Customers for services suppliedNote: Responsibility often shared with the Finance area,预算,Enables an organization to: Predict the money required to run IT services for a given period En
19、sure that actual spend can be compared with predicted spend at any point Reduce the risk of overspending Ensures that revenues are available to cover predicted spending (where charging is in place),IT核算,Enables an organization to: Account for the money spent in providing services Calculate the cost
20、of providing IT service to both internal and external customers Perform cost-benefit or Return on Investment (ROI) analysis Identify the cost of changes Current value of assets (depreciation),定价/计费,Enables an organization to: Recover the costs of the IT services from the Customers of the service Ope
21、rate the IT organization as a business unit if required Influence User and Customer behavior,定价/计费的策略和方法,市场价格法 the price charged by external suppliers 现行价格法 comparable to other internal organizations 成本加成法 input cost plus uplift 成本法 total cost of ownership 固定价 negotiated price for a fixed period,定义,
22、Differential charging variable charging rates in order to influence usage Notional charging presenting a bill to customers for services used, but not charging them 成本模型(cost model) A framework in which all known costs can be recorded and allocated to specific Customers, activities or other categorie
23、s Several types Costs by Service, by Customer or location,成本类型,硬件成本 软件成本 人力成本 后勤成本 外部服务成本 直接成本 Can be traced to a product, service, cost centre, or department 间接成本 Cost incurred in the course of making a product, providing a service, or running a cost centre or department (often called Overheads)Cap
24、ital Costs 固定资产 (可以被折旧) Computer equipment Building and plant Software packages Operational Costs - Overhead (租赁, 保险, 等等.) Staff Maintenance of computer equipment and software Consultancy services or rental fees for equipment Software license fees Accommodation costs,实现IT财务管理的主要过程,组建管理团队 可行性研究 系统实施准
25、备工作 IT服务工作量预测及预算项目成本预测 预算编制 确立责任中心 计算IT服务项目的成本 投资估价 后续运营活动 收费 制作管理报告,IT财务管理的可能问题,IT人员对成本结构、收费机制等缺乏了解,只是IT会计核算系统无效 检测、计算、补偿成本都需要非IT服务部门的相关计划信息 缺少既懂IT又熟悉会计知识的人员 组织缺乏明确的信息系统发展战略目标,使得估计IT需求和确定它们的投资成为难点 高管对IT服务的财务缺乏知识,导致各部门不能有效地协同 缺少管理层认可,使得财务管理过程不能严肃认真地执行 一旦考虑成本,可能导致IT部门跟不上用户需求的变化 IT财务管理过程本身的成本可能会超出其产生的
26、效益 成本监测工具可能不准确、信息不相关、或是成本太高,能力管理,Mission:Ensure IT capacities are optimized to support business requirements. Objective:Ensuring care of the optimal use of IT resources to meet performance levels agreed to with the customers“The right capacity at the right place at the right price”,目标和范围,目标 分析当前的业务需
27、求和预测未来的业务需求,并确保这些需求在制定能力计划时得到了充分的考虑 确保当前的IT资源能够发挥最大的效能,提供最优的IT服务绩效 确保组织的IT投资按计划进行,避免不必要的资源浪费 合理的预测技术的发展趋势,从而实现服务能力与服务成本、业务需求与技术可行性的最佳组合 范围 所有硬件设备 所有网络设备 所有软件系统 人力资源,关于能力管理的两大定律,摩尔定律 In 1965 Gordon Moore, one of the founders of Intel, observed that each new memory chip produced contained about twice
28、as much processing Capacity as its predecessor, and that new chips were released every 18 - 24 months. This trend has continued ever since, leading to an exponential increase in processing power. 帕金森定律 We all know that work expands to fill the time available to complete it, but a variation on that l
29、aw is that data expands to fill the space available for storage.,能力管理的子流程,业务能力管理 Trend, forecast, model, prototype size and document future business requirements 服务能力管理 Monitor, analyze, tune, and report on service performance, establish baselines and profiles of use for services, manage demand for
30、services 资源能力管理 Monitor, analyze, run and report on the utilization of components, establish baselines and profiles of use of components,Capacity Management Activities,text,Business Capacity,Management (BCM),Service Capacity,Management (SCM),Resource Capacity,Management (RCM),Iterative,Activities,De
31、mand,Management,Modeling,Application,Sizing,Storage of,Capacity,Management,Data,Production of the,Capacity Plan,CDB,Covering all aspects of,BCM, SCM and RCM,迭代式的活动,监控 gather utilization and performance statistics on all service components, establish thresholds and baselines 分析 comparing monitoring r
32、esults with baselines and SLA requirements 优化 analysis may identify opportunities to balance workloads and traffic or alter configurations 实施 done under the control of Change Management,Demand Management,Used to influence the demand for computing resources and the use of those resources Concurrent u
33、se, scheduled availability, etc. Differential charging based on off-peak utilization,Modeling,Trend Analysis Modeling Analysis based on historical data of resources utilization and service performance Analytical Modeling Mathematical analysis of computer systems (queuing theory) Simulation Modeling
34、Analysis of discrete events (transactions, arrival rates, etc.) Baseline Models Current performance achievements are used to determine predictive behaviors (What if?),Application Sizing,Understanding the requirements from both a service and component perspective allows for the development of adequat
35、e capacity during the design and implementation,Capacity Database (CDB),Used to store all capacity and performance data from all the necessary system components All the data required and produced by each of the sub-processes is stored in the Capacity Database (CDB) Strongly linked with the CMDB,能力计划
36、的内容,Introduction and comments including scope of the plan and methods used Assumptions made Management summary Business scenarios Service Summary including current and recent service provision and forecasts Resource Summary including current and recent resource usage and forecasts Options for servic
37、e improvement Cost Model Recommendations,能力管理可能遇到的问题,缺乏实施能力管理所必需的资金和技术 需求管理不力,客户对服务的期望超出了IT部门的技术能力 对从服务绩效调整中获得的收益寄予了过高的期望 设备制造商或供应商提供了不真实的设备性能参数 由于业务或安全方面的原因而使得必要的业务信息无法取得 不准确的业务预测信息使得能力规划不能满足未来的服务需求 系统的监控难以有效进行,IT服务持续性管理,Mission:Ensure capability to restore services in the event of a disaster accor
38、ding to business requirements as well as reduce vulnerability of disasters.Objective:To plan to cope with, and recover from, an IT crisis which requires that work is moved to an alternative system in a non-routine way,IT服务持续性管理的目标,To support the overall Business Continuity Management process by ensu
39、ring that the required IT technical and services facilities can be recovered with required, and agreed, business time scales通过确保服务运营所需的IT技术和服务措施能够在要求和约定的时间内得到恢复,从而为总体的业务持续性管理提供支持。,Impact of Contingencies,93% of companies that suffer a significant data loss are out of business within five years (The
40、U.S. Bureau of Labor) 98% of CIOs polled agree on the importance of a disaster recovery plan, 25% of them do not have one (RHI Consulting survey) The FBI estimates that computer crime in 1996 cost $10 billion in the US Disgruntled employees are the largest and most damaging single risk source, and g
41、rowing every year (National Computer Security Association) Under US Federal Law, senior management is personally liable for the effective protection of all vital corporate assets, including data,Average Financial Impact (One-Hour Data Centre Down Time),Telephone Ticket Sales $69,900 Airline Reservat
42、ion Centres $89,500 Retail Catalog Sales Centres $90,000 Infomercial 800-Number $199,500 Credit Card Sales Authorization $2.6 M Retail Brokerage Firm $6.5 M NYSE $3.2 M/Minute Industry norms suggest that 99.5% service availability or up to 43 hours of unplanned downtime and 50 hours of planned downt
43、ime per year is “Outstanding.”2001 Gartner Group, Inc. report,范围,Varies from organization to organization but is affected by The organizations dependence on technology, its infrastructure and external providers of support services The number and location of offices and the services performed at each
44、 The number of critical business processes and the level of integration between them The level of services that need to be provided to the business to support those critical business processes Any limitations in the provision of IT Service Continuity Management mechanisms (requirements) The organiza
45、tions attitude towards risk The risks covered by ITSCM tend to be those that could result in serious disruption to business processes ITSCM does not usually cover longer-term risks directly such as those from changes in business direction, restructuring, etc. Similarly it does not usually cover mino
46、r technical faults unless there is the possibility of a material impact on a business process,危机(Crisis)的定义,An unplanned situation in which unavailability of one or more IT services will exceed time period threshold values agreed to with the customer,IT服务持续性管理的主要活动,定义需求和战略 业务影响度分析 风险评估 业务持续性战略 执行风险管
47、理 形成Contingency Plan 测试,Business Impact Analysis,Business Impact Analysis (BIA) How much the organization stands to lose as a result of a disaster or other service disruption and the speed of escalation of those lossesIdentifies Critical business processes The potential damage or loss that may be ca
48、used to the organization as a result of a disruption to a critical business process The form that the damage or loss may take including lost income, additional costs, damaged reputation, loss of goodwill, loss of competitive advantage How the degree of damage or loss is likely to escalate after a se
49、rvice disruption The staffing, skills, facilities and services necessary to enable critical and essential business processes to continue operating at a minimum acceptable level The time within which minimum levels of staffing, facilities and services should be recovered The time within which all req
50、uired business processes and supporting staff, facilities and services should be fully recovered,风险评估 (Analysis),Identify risks from a component perspective (e.g., risks to particular IT service components (assets) that support the business process which cause an interruption to service) Assess threats, vulnerabilities and assumption Threat what could happen? Vulnerability what is the likelihood and effect? ALL assumptions are your risk! Assess the levels of risk,
