Showing posts with label Sean McClean. Show all posts
Showing posts with label Sean McClean. Show all posts

Thursday, November 06, 2008

Implementing ITIL Requires Log Management and Analytics to Help IT Operations Gain Efficiency and Accountability

Transcript of BriefingsDirect podcast on the role of log management and systems analytics within the Information Technology Infrastructure Library (ITIL) framework.

Listen to the podcast. Download the podcast. Find it on iTunes/iPod. Learn more. Sponsor: LogLogic.

Dana Gardner: Hi, this is Dana Gardner, principal analyst at Interarbor Solutions, and you’re listening to BriefingsDirect. Today, a sponsored podcast discussion on how to run your IT department well by implementing proven standards and methods, and particularly leveraging the Information Technology Infrastructure Library (ITIL) prescriptions and guidelines.

We’ll talk with an expert on ITIL and why it’s making sense for more IT departments and operations around the world. We’ll also look into ways that IT leaders can gain visibility into systems and operations to produce the audit and performance data trail that helps implement and refine such frameworks as ITIL.

We’ll examine the use of systems log management and analytics in the context of ITIL and of managing IT operations with an eye to process efficiency, operational accountability, and systems behaviors, in the sense of knowing a lot about the trains, in order to help keep them running on time and at the lowest possible cost.

To help us understand these trends and findings we are joined by Sudha Iyer. She is the director of product management at LogLogic. Welcome to the show, Sudha.

Sudha Iyer: Thank you.

Gardner: We’re also joined by Sean McClean. He is a principal at KatalystNow in Orlando, Florida. It's a firm that handles mentoring, learning, and training around ITIL and tools used to implement ITIL. Welcome to the show, Sean.

Sean McCLean: Thank you very much.

Gardner: Let's start by looking at ITIL in general for those folks who might not be familiar with it. Sean, how are people actually using it and implementing it nowadays?

McCLean: ITIL has a long and interesting history. It's a series of concepts that have been around since the 1980, although lot of people will dispute exactly when it got started and how. Essentially, it started with the Central Computer and Telecommunications Agency (CCTA) of the British government.

What they were looking to do was create a set of frameworks that could be followed for IT. Throughout ITIL's history, it has been driven by a couple of key concepts. If you look at almost any other business or industry, accounting for example, it’s been around for years. There are certain common practices and principles that everyone agrees upon.

IT, as a business, a practice, or an industry is relatively new. The ITIL framework has been one that's always been focused on how we can create a common thread or a common language, so that all businesses can follow and do certain things consistently with regard to IT.

In recent times, there has been a lot more focus on that, particularly in two general areas. One, ITIL has had multiple revisions. Initially, it was a drive to handle support and delivery. Now, we are looking to do even more with tying the IT structure into the business, the function of getting the business done, and how IT can better support that, so that IT becomes a part of the business. That has kind of been the constant focus of ITIL.

Gardner: So, it's really about maturity of IT as a function that becomes more akin to other major business types of functions or management functions.

McCLean: Absolutely. I think it's interesting, because anyone in the IT field needs to remember that we are in a really exciting time and place. Number one, because technology revises itself on what seems like a daily basis. Number two, because the business of IT supporting a business is relatively new, we are still trying to grow and mature those frameworks of what we all agree upon is the best way to handle things.

As I said, in areas like accounting or sales, those things are consistent. They stay that way for eons, but this one is a new and changing environment for us.

Gardner: Are there any particular stumbling blocks that organizations have as they decide to implement ITIL? When you are doing training and mentoring, what are the speed bumps in their adoption pattern?

McCLean: A couple of pieces are always a little confusing when people look at ITIL. Organizations assume that it’s something you can simply purchase and plug into your organization. It doesn't quite work that way. As with any kind of framework, it’s there to provide guidance and an overall common thread or a common language. But, the practicality of taking that common thread or common language and then incorporating it or interpreting it in your business is sometimes hard to get your head around.

It's interesting that we have the same kind of confusion when we just talk. I could say the word “chair,” and the picture in your head of what a chair is and the picture in my head of what a chair is are slightly different.

It's the same when we talk about adopting a framework such as ITIL that's fairly broad. When you apply it within the business, things like “that business is governance,” “that business is auditing compliance rules” and things like that have to be considered and interpreted within that framework for ITIL. A lot of times, people who are trying to adopt ITIL struggle with that.

If we are a healthcare industry, we understand that we are talking about incidents or we understand that we are talking about the problems. We understand they we are talking about certain things that are identified in the ITIL framework, but we have to align ourselves with rules within the Health Insurance Portability and Accountability Act (HIPAA). Or, if we are an accounting organization, we have to comply to a different set of rules. So it's that element that's interesting.

Gardner: Now, what's interesting to me about the relationship between ITIL and log and systems analytics is that ITIL is really coming from the top-down, and it’s organizational and methodological in nature, but you need information, you need hard data to understand what's going on and how things are working and operating and how to improve. That's where the log analytics comes in from the bottom-up.

Let's go to Sudha. Tell us how a company like LogLogic uses ITIL, and how these two come together -- the top-down and the bottom-up?

Iyer: Sure. That's actually where the rubber meets the road, so to speak. As we have already discussed, ITIL is generally a guidance -- best practices -- for service delivery, incident management, or what have you. Then, there are these sets of policies with these guidelines. What organizations can do is set up their data retention policy, firewall access policy, or any other policy.

But, how do they really know whether these policies are being actually enforced and/or violated, or what is the gap? How do they constantly improve upon their security posture? That's where it's important to collect activity in your enterprise on what's going on.

There is a tight fit there in what we provide as our log-management platform. LogLogic has been around for a number of years and is the leader in this log management industry. It allows organizations to collect information from a wide variety of sources, assimilate it, and analyze it. An auditor or an information security professional can look deep down into what's actually going on, on their storage capacity or planning for the future, on how many more firewalls are required, or what's the usage pattern in the organization of a particular server.

All these different metrics feed back into what ITIL is trying to help IT organizations do. Actually, the bottom line is how do you do more with less, and that's where log management fits in.

Gardner: Back to you, Sean. When companies are trying to move beyond baseline implementation and really start getting some economic benefits, which of course are quite important these days from their ITIL activities, what sort of tools have you seen companies using? To what degree do you need to dovetail your methodological and ITIL activities with the proper tools down in the actual systems?

McCLean: When you’re starting to talk about applying the actual process to the tools, that's the space that's the most interesting to me. It's that element you need some common thread that you can pull through all of those.

Today, in the industry, we have countless different tools that we use, and we need common threads that can pull across all of those different tools and say, “Well, these things are consistent and these things will apply as we move forward into these processes.” As Sudha pointed out, having an underlying log system is a great way to get that started.

The common thread in many cases across those pieces is maintaining the focus on the business. That's always where IT needs to be more conscious and to be constantly driving forward. Ultimately, where do these tools fit to follow business, and how did these tools provide the services that ultimately support the business to do the thing that we are trying to get done?

Does that address the question?

Gardner: I think so. Sudha, tell us about some instances where LogLogic has been used and ITIL has been the focus or the context of its use. Are there some findings general use case findings? What have been some of the outcomes when these two bottom-up, top-down approaches come together?

Iyer: That's a great question. The bottom line is the customers, and we have a very large customer base. It turns out, according to some surveys we have done in our customer base, that the biggest driver for a framework such as ITIL is compliance. The importance of ITIL for compliance has been recognized, and that is the biggest impact.

As Sean mentioned earlier, it's not a package that you buy and plug into your network and there you go, you are compliant. It's a continues process.

What some of our customers have figured out is that adopting our log management solutions allows them to create better control and visibility into what actually is going on on their network and their systems. From many angles, whether it's a security professional or an auditor, they’re all looking at whether you know what's going on, whether you were able to mitigate anything untoward that's happening, and whether there is accountability. So, we get feedback in our surveys that control, and visibility has been the top driver for implementing such solutions.

Another item that Sean touched on, reducing IT cost and improving the service quality, was the other driver. When they look at a log-management console and see this is how many admin accesses that were denied. It happened between 10 p.m. and midnight. They quickly alert, get on the job. and try to mitigate the risk. This is where they have seen the biggest value return on investment (ROI) on implementations of LogLogic.

Gardner: Sean, the most recent version of ITIL, Version 3 focuses, as you were alluding to, on IT service management, of IT behaving like a service bureau, where it is responsible on almost a market forces basis to their users, their constituents, in the enterprise. This involves increasingly service-level agreements (SLAs) and contracts, either explicit or implicit.

At the same time, it seems as if we’re engaging with the higher level of complexity in our data center's increased use of virtualization and the increased use of software-as-a-service (SaaS) type services.

What's the tension here between the need to provide services with high expectations and a contract agreement and, at the same time, this built-in complexity? Is there a role for tools like LogLogic to come into play there?

McCLean: Absolutely. There is a great opportunity with regard to tools such as LogLogic from that direction. ITIL Version 2 focused on simply support and delivery, those two key areas. We are going to support the IT services and we are going to deliver along the lines of these services.

The ITIL Version 2 has started to talk a lot about alignment of IT with the business, because a lot of times IT continues and drives and does things without necessarily realizing what the business is and the business is doing. An IT department focuses on email, but they are not necessarily looking at the fact that email is supporting whatever it is the business is trying to accomplish or how that service does.

As we moved into ITIL Version 3, they started trying to go beyond simply saying it's an element of alignment and move the concept of IT into an area where its a part of the business. Therefore it’s offering services within and outside of the business.

One of the key elements in the new manuals in ITIL V3 is talk to service strategy, and its a hot topic amongst the ITIL community, this push towards a strategic look at IT, and developing services as if you were your own business.

IT is looking and saying, “Well, we need to develop our IT services as a service that we would sell to the business, just as any other organization would.” With that in mind, it's all driving toward how we can turn our assets into strategic assets? If we have a service and its made up of an Exchange server, or we have a service and it’s made up three virtual machines, what can we do with those things to make them even more valuable to the business?

If I have an Exchange server, is there someway that I can parcel it out or farm it to do something else that will also be valuable?

Now, with LogLogic's suite of tools we’re able to pull that log information about those assets. That's when you start being able to investigate how you can make the assets that exist more value driven for the organization's business.

Gardner: Back to you, Sudha. Have you had customer engagements where you have seen that this notion of being a contract service provider puts a great deal of responsibility on them, that they need greater insight and, as Sean was saying, need to find even more ways to exploit their resources, provide higher level services, and increase utilization, even as complexity increases?

Iyer: I was just going to add to what Sean was describing. You want to figure out how much of your current investment is being utilized. If there is a lot of unspent capacity, that's where understanding what's going on helps in assessing, “Okay, here is so much disk space that is unutilized. Or, it's the end of the quarter, we need to bring in more virtualization of these servers to get our accounting to close on time, etc. That's where the open API, the open platform that LogLogic is comes into play.

Today, IT is heavily into the services-oriented architecture (SOA) methodology. So, we say, “Do you have to actually have a console login to understand what's going on in your enterprise?” No. You are probably a storage administrator or located in a very different location than the data center where a LogLogic solution is deployed, but you still want to analyze and predict how the storage capacity is going to be used over the next six months or a year.

The open API, the open LogLogic platform, is a great way for these other entities in an organization to leverage the LogLogic solution in place.

Gardner: Another thing that has impressed me with ITIL over the years is that it allows for sharing of information on best practices, not only inside of a single enterprise but across multiple ones and even across industries and wide global geographies.

In order to better learn from the industries' hard lessons or mistakes, you need to be able to share across common denominators, whether its APIs, measurements, or standards. I wonder if the community-based aspect to log behaviors, system behaviors, and sharing them also plays into that larger ITIL method of general industry best practices. Any thoughts along those line, Sean?

McCLean: It's really interesting that you hit on that piece, because globalization is one of the biggest drivers I think for getting ITIL moving and going on. More and more businesses have started reaching outside of the national borders, whether we call them offshore resources, outshore resources, or however you want to refer to them.

As we become more global, businesses are looking to leverage other areas. The more you do that, the larger you grow your business in trying to make it global, the more critical it is that you have a common ground.

Back to that illustration of the chair, when we communicate and we think we are talking about the same thing, we need some common point, and without it we can't really go forward at all. ITIL becomes more and more valuable the more and more we see this push towards globalization.

It’s the same with a common thread or shared log information for the same purposes. The more you can share that information and bring it across in a consistent manner, then the better you can start leveraging it. The more we are all talking about the same thing or the same chair, when we are referring to something, the better we can leverage it, share information, and start to generate new ideas around it.

Gardner: Sudha, anything to add to that in terms of community and the fact that many of these systems are outputting the same logs. I’s making that information available on a proper context that becomes the value add.

Iyer: That's right. Let's say you are Organization A and you have vendor relationships and customer relationships outside your enterprise. So, you’ve got federated services. You’ve got different kinds of applications that you share between these two different constituents -- vendors and customers.

You probably already have an SLA with these entities, and you want to make sure you are delivering on these operations. You will want to make sure there is enough uptime. You want to grow towards a common future where your technologies are not far behind, and sharing this information and making sure that what you have today is very critical. That's where there is actual value.

Gardner: Let's get into some examples. I know it's difficult to get companies to talk about sensitive systems in their IT practices. So perhaps we could keep it at the level of use-case scenarios.

Let's go to Sean first. Do you have any examples of companies that have taken ITIL to the level of implementation with tools like log analytics, and do you have some anecdotes or metrics of what some of the experiences have been?

McCLean: I wish I had metrics. Metrics is the one thing that seems to be very hard to come up with in this area. I can think of a couple of instances where organizations were rolling out ITIL implementations. In implementations where I am engaged, specifically in mentoring, one of the things I try to get them to do is to dial into the community and talk to other people who are also implementing the same types of processes and practices.

There’s one particular organization out in the Dallas-Fort Worth, Texas area. When they started getting into the community, even though they were using different tools, the underlying principles that they were trying to get to were the same.

In that case they were able to start sharing information across two companies in a manner that was saying, “We do these same things with regard to handling incidents or problems and share information, regardless of the tool being set up.”

Now, in that case I don't have specific examples of them using LogLogic, but what invariably came out in this set of discussions was what we need underneath is the ability to get proactive and start preventing these incidents before they happen. Then, we need metrics and some kind of reporting system where we can start doing the checking issues before they occur and getting the team on board to fix it before it happen. That's where they started getting into log-like tools and looking at using log data for that purpose.

Iyer: That corroborates with one of the surveys we developed and conducted in the last quarter. Organizations reported that the biggest challenge for implementing ITIL was twofold.

The first was the process of implementation, the skill set that they needed. They wanted to make sure there was a baseline, and measuring the quality of improvement was the biggest impediment.

The second one was the result of this process improvement. You get your implementation of the ITIL process itself, and where did you get it? Where were you before and where did you end up after the implementation?

I guess when you were asking for metrics, you were looking for those concrete numbers, and that's been a challenge, because you need to know what you need to measure, but you don't know that because you are not skilled enough in the ITIL practices. Then, you learn from the community, from the best-of-breed case studies on the Web sites and so forth, and you go your merry way, and then the baseline numbers for the very first time get collected from the log tools.

Gardner: I imagine that it's much better to get early and rapid insights from the systems than to wait for the SLAs to be broken, for user surveys to come back, and say, “We really don't think the IT department is carrying its weight.” Or, even worse, to get outside customers or partners coming back with complaints about performance or other issues. It really is about early insights and getting intervention that seems to really dovetail well with what ITIL is all about.

McCLean: I absolutely agree with that. Early on in my career within ITIL I had a debate with a practitioner on the other side of the pond. One thing we had a debate about was about SLAs. I had indicated that it's critical to get the business engaged in the SLA immediately.

His first answer was no, it doesn't have to happen that way. I was flabbergasted. You provide a service to an organization without an SLA first? I thought “This can't be. This doesn't make sense. You have to get the business involved.”

When we talked through it and got down to real cases, it turned out that what he was saying is that it’s not that he didn't feel that the SLA didn’t need to be negotiated with the business. What he meant was that we need to get data and reports about the services that we are delivering before we go to the customer, the customer, in this case, being internal.

His point was that we need to get data and information about the service we are delivering, so that when we have the discussion with a business about the service levels we provide, they have a baseline to offer. I think that's to Sudha's point as well.

Iyer: That's right. Actually, it goes back to one of the opening discussions we had here about aligning IT to the business goals. ITIL helps organizations make the business owners think about what they need. They do not assume that the IT services are going to be there or its not an afterthought. It’s a part of that collective, working toward the common success.

Gardner: Let's wrap up our discussion with some predictions or look into the future of ITIL. Sean, do you have any sense of where the next directions for ITIL will be, and how important is it for enterprises that might not be involved with it now to get involved, so that they can be in a better position to take advantage of the next chapters?

McCLean: The last is the most critical. People who are not engaged or involved in ITIL yet will find they are starting to drop out of a common language. That enables you to do just about everything else you do with regard to IT in your business.

If you don't speak the language and the vendors that provide the services do, then you have a hard time getting the vendors to understand what it is the vendors are offering. If you don't speak the language and you are trying to get information shared, then you have a hard time getting forward in that sense.

It’s absolutely critical for businesses and enterprises to start understanding the need for adopting. I don't want to paint it as if everybody needs to get on board ITIL, but you need to get into that and aware of that, so that you can help drive its future directions.

As you pointed out earlier, Dana, it's a common framework but it's also commonly contributed to. It's very much an open framework, so if a new way to do things comes up and is shared, that makes sense. That would be probably the next thing that's adopted. It’s just like our English language, where new terms and phrases are developed all the time. It's very important for people to get on board.

In terms of what's the next big front, when you have this broad framework like this that says, “Here are common practices, best practices, and IT practices.” If the industry matures, I think we will see a lot of steps in the near future, where people are looking and talking more about, “How do I quantify maturity as an individual within ITIL? How much do you know with regard to ITIL? And, how do I quantify a business with regard to adhering to that framework?”

There has been a little bit of that and certainly we have ITIL certification processes in all of those, but I think we are going to see more drive to understand that and to formalize that in upcoming years.

Gardner: Sudha, it certainly seems like a very auspicious pairing, the values that LogLogic provides and the type of organizations that would be embracing ITIL. Do you see ITIL as an important go-to market or a channel for you, and is there in fact a natural pairing between ITIL-minded organizations and some of the value that you provide?

Iyer: Actually, LogLogic believes that ITIL is one of those strong frameworks that IT organizations should be adopting. To that effect, we have been delivering ITIL-related reporting, since we first launched the Compliance Suite. It has been an important component of our support for the IT organization to improve their productivity.

In today’s climate, it's very hard to predict how the IT spending will be affected. The more we can do to get visibility into their existing infrastructure networks and so on, the better off it is for the customer and for ourselves as a company.

Gardner: We’ve been discussing how enterprises have been embracing ITIL and improving the way that they produce services for their users. We’ve been learning more about visibility and the role that log analytics and systems information plays in that process.

Helping us have been our panelists, Sudha Iyer. She is the director of product management at LogLogic. Thanks very much, Sudha.

Iyer: Thank you, it's a pleasure, to be sure.

Gardner: Sean McClean, principal at KatalystNow, which mentors and helps organizations train and prepare for ITIL and its benefits. It’s based in Orlando, Florida. Thanks very much, Sean.

McCLean: Thank you. It’s been a pleasure.

Gardner: This is Dana Gardner, principal analyst at Interarbor Solutions. Thanks for listening and come back next time.

Listen to the podcast. Download the podcast. Find it on iTunes/iPod. Learn more. Sponsor: LogLogic.

Transcript of BriefingsDirect podcast on the role of log management and systems analytics within the Information Technology Infrastructure Library (ITIL) framework. Copyright Interarbor Solutions, LLC, 2005-2008. All rights reserved.

Thursday, July 10, 2008

ITIL's Influence Extends Beyond IT Operations to Enhance SOA, Portfolio Management and Change Management

Transcript of BriefingsDirect podcast recorded at the Hewlett-Packard Software Universe Conference in Las Vegas, Nevada the week of June 16, 2008.

Listen to the podcast here. Sponsor: Hewlett-Packard.

Dana Gardner: Hi, this is Dana Gardner, principal analyst at Interarbor Solutions, and you’re listening to a special BriefingsDirect podcast recorded live at the Hewlett-Packard Software Universe Conference in Las Vegas. We are here in the week of June 16, 2008. This sponsored HP Software Universe live podcast is distributed by BriefingsDirect Network.

We now welcome to the show two folks who are dealing with the implementation of the Information Technology Infrastructure Library (ITIL) in enterprises. We are joined by Sean McClean. He is a principal at KatalystNow in Orlando, Florida. Welcome to the show, Sean.

Sean McClean: Hi. Thanks. Pleasure to be here.

Gardner: We are also joined by Hwee Ming Ng, she is a solution architect in the Consulting and Integration (C&I) unit in HP. Welcome to the show.

Hwee Ming Ng: Hi, glad to be here.

Gardner: We've been talking about ITIL quite a bit this week at the conference. For those who might not be familiar with it, why don't you give a quick overview one of what KatalystNow does and also perhaps a very brief primer on ITIL?

McClean: Okay, thank you. KatalystNow handles mentoring and learning and training solutions for ITIL and tools, principally in the HP Service Manager service support space. ITIL itself is a broad set of process concepts, much like many types of businesses. It's about the business of doing IT. It's a set of concepts focused on how do we frame and format the business of doing IT.

Gardner: And Hwee Ming, why don't you tell us a little bit about your role at HP?

Ng: I am a consultant with C&I and I focus primarily on delivering solutions at customer sites, and recently I've been working on updating the HP Reference Model to make sure it's in line with the recommendation in ITIL, version 3.

Gardner: First, let's give our listeners a little bit of history of ITIL. We've basically taken this from a technology-centric to a business-centric capability and focus, from version 2 to version 3. Can you tell us a little bit more about the progression and history of ITIL?

McClean: Sure, ITIL has kind of have an interesting level of development and actually it started out in England with the original organization, the Office of Government Commerce (OGC). In version one, what people started realizing was, whether you're talking about your faxes, your daisy-wheel printers, or your laptops of today, we still have infrastructure elements to support the business. At that point, they were simply focused -- let's make sure that we keep those fax machines or the copiers and the big computers running.

They started saying, "Well, maybe we need to get a process around how to keep them running in a way that's consistent with all of the other businesses." OGC did a great job of looking at the ongoing tasks. No matter what the organization, you do it the same way.

Gardner: The group that handles a lot of the government functions?

McClean: Yes, and essentially they were working with lots of organizations through contract who have IT, and in those engagements they started realizing more-and-more often, we're all doing the same stuff with the same equipment. So, why can't we standardize the processes?

Every other element of business has a set of rules and standards. Financial is the one we all go back to. Mostly, financial has been the same way since the abacus. We follow that set of processes, and we all agree on them.

Now, obviously, there have been some changes in that recently, but the ITIL process is the same kind of growth curve. Initially they were just going to handle the technology. Then, they started saying, "Well, the technology in an organization really supports the business." And then they started saying, "Let's take that a step a further and let's start strategically meeting the IT piece with the business. Instead of how to do the service, how do we do the service to support the business to get the job done?"

Gardner: I suppose in its history, IT sort of created an ongoing dissonance with business, because a lot of times products come out, technologies evolve, and they get adopted. Then you say, "How can we make the best use of this in the business?" It isn't always from, "Here are our business goals. Now let's go find the right processes and the right systems to support that." So, we've had it kind of backwards.

McClean: I think it's interesting how that's evolved, because I think there has been some of that. And some of it has been the case of technology is obviously complex, and so a lot of times the translation from "here is the business" to "here is the piece in the business" gets disconnected, because it becomes so involved.

If I could draw it on a map, we tend to look at knowledge evolving in pyramids. It becomes higher and higher, as you reach the apex of that area of knowledge. Maybe we're talking about biology or we're talking about IT. Even within IT, we move to the apex of networking, say, TCP/IP. You have to know all of those pieces.

By the time you get to the top of that, it's a little hard to keep track of what's going on on the other side of the world, which is the business of whatever we're doing. In the presentation we talked about today, I was saying we're in the business of selling.

A company I worked with was in the business of selling shoes. A guy used to walk around the organization, in the IT department specifically, and say, "What's your job?" If the person's answer was, "I do e-mail," they were out of the job, because the real answer is, "I do e-mail, that's supports communication between the organizations, so we can sell shoes." That piece gets disconnected over time, because it gets to higher and higher technology levels.

Gardner: I listened to your presentation earlier today and enjoyed it. One of the things that seems to be recurring theme was this notion of cultural change, and how there is a business culture and there is an IT culture, and ITIL is starting to move towards a sharing of culture or a common ground between these cultures. Why don't we get into a little bit about why and how cultures can shift, even as technologies perhaps stay the same?

Ng: With ITIL v3, there is a lot of emphasis in looking at IT as a strategic partner with business. Instead of having technology drive IT, we are really looking at what value IT delivers to the business. One of the main drivers that we see is the IT organization having to demonstrate the value that they are providing and justifying the investment in IT.

A good way to do that is to ensure that whatever the IT organization is doing aligns very closely with the overall business strategy. When you really look at ITIL v3, they start by managing the full lifecycle of service, managing it through the strategy piece of it, taking it through design, looking at the transitioning, the operation piece of it, and then having a process assuring continuous improvement to the service. So, we are looking at much broader view of the end-to-end lifecycle management of our service.

Gardner: And, when we talk about cultural change, are we talking about having the culture within the IT organization change? Are we talking about having the culture in business change towards IT or both?

Ng: I think it's a combination of both. The business would have to see that value add that is being provided by IT and that the technology that's being provided does drive a lot of the business outcomes. For example, in a bank, the technology or the infrastructure that is needed to support the bank is quite complex, and a new innovation in the IT department could generate a lot of new revenue streams. So, you want to make sure that there is that alignment between business and IT. The whole planning and strategy pieces need to come together. It's really a combination of both sides.

Gardner: Okay, we also heard you talking a little about services-oriented architecture (SOA). Now, that also requires cultural change. I have seen some studies, particularly Summit Strategies did a study, that showed the folks who had embarked upon ITIL methods and appreciate IT as a managed and matured business function were seemingly better off when it came to implementing SOA methodologies and concepts. Why do you think that's the case?

McClean: Hwee Ming and I just talked about this yesterday, and I want to have her opinion first, because I think it was one of those areas where she's got more of an understanding than I do.

Gardner: Okay, Hwee Ming?

Ng: When you talk about SOA or the infrastructure, you really need to view it not as individual IT components that you're working with or individual components that you're trying to piece together, but from the end user point of view. They want to view it as a service. So, that kind of mindset is quite important, if you are moving from an infrastructure-centric or technology-centric to a more open interface, providing value, and aligning that to a service, and that's why there is a lot of alignment in the two.

McClean: So, if you perceive IT as supporting a bunch of products, SOA may become a little bit more difficult, maybe it'll be a little bit counter-intuitive, but if you think of IT as delivering services, then SOA perhaps has a bit more continuity and alignment.

Ng: And, you also come down to the fact that when IT organization or the technical people are talking about interfacing with each other, they are no longer looking at it as point-to-point connection or an interface protocol level. They look at it as wrapping the technology in an open interface as a service, and they provide that to another organization in the same IT organization. So, it really does drive that.

McClean: In my mind, it's kind of interesting as well, because I think at this point, we transition to the idea of looking at IT as providing services. A moment ago, Hwee Ming talked about the idea that we're moving into that concept of IT providing the services. You can almost put it in the front and say that potentially now you create a technology service, which used to be simply to support the business.

Nowadays, if you look strategically, you can create new IT services that help drive the business. We're looking at, as Hwee Ming mentioned, interfaces for things that we are doing on the Web. So, we start architecting new things, which creates new business opportunities in the business of whatever you are in business of. And, you look at all the different interfaces to drive new business that wasn't there before.

Gardner: Okay, we talked about services, but there are still products out there and underneath there that allow a lot of this to take place. You brought HP Service Manager to market. I believe it's been updated this week. Can you tell us a little bit about how HP Service Manager fits into this progression and the shifts going on in IT?

Ng: With Service Manager, one of the big shifts is in closer alignment to the data processes, and we're also looking at some of the SOA piece of it to wrap service interfaces. So, one of the great pushes is to federate the model like a CMS or distributing a process. As IT organizations get more complex, maybe a change management process will not be in one single tool. So, you really look at Service Manager 7 as bringing together configuration management and project and portfolio management (PPM) and things like that.

So you really look at individual products providing the services, the Web-service interface that other products had leveraged. Previously, we were doing a lot of point-to-point integration at the application level or the data level. Now, we are trying to bring it up and integrate it through the other service level.

Gardner: How about you, Sean? Do you have anything to offer on the role of HP Service Manager, particularly the newest edition?

McClean: If you look at HP Service Manager, and also the processes -- as Hwee Ming being the senior architect of the reference model was starting to get to that point -- previously we would provide a tool and we would ask you, "Now what do you need?" and we would architect that tool.

Now we are really driving more and more towards an area where business are saying, "Look, we need to continue doing the business. We don't have time to tell you what we need. Why don't you do it the way you did it in whatever other organizations you gave us this product for?"

If you start combining the ITIL processes, and the more detailed level of ITIL processes you see in ITIL v3 with the Service Manger tool, you are starting to see people saying, "Okay, instead of one piece over here and one piece over here, let's integrate them, even if they are separate tools. Let's look at them and how do they fit into the larger picture of the processes of ITIL v3 and maturation process of that. And, let's make sure that Service Manger matches and aligns with that bigger picture so that the businesses don't have to go through all the detail of bit-by-bit designing something for themselves."

Gardner: In your presentation today here at the Software Universe conference, you said that subscriptions are key for supporting life cycle, what did you mean by that?

Ng: If you really look at it, to be able to manage your service efficiently you really need to know the service that you are offering is adding value to your business. One good way of measuring that is by being able to look at who is using the service and the demand for the service.

Having a subscription managed through the whole lifecycle of a service is key. When you are rolling out new services, subscribers actually subscribe to it, requesting changes to the subscriptions, and managing that all the way to the end of the service lifecycle. They cancel their subscription, when they no longer need the service due to changes in business environment or just changes in the role.

Gardner: I see. So, it's the business model that shifts how IT conceives of itself, and with subscriptions, where people can opt-in or opt-out, there is even a market force in effect. It's supply and demand, and if you're not offering the value that people think is commensurate with the subscription, then they cancel it. That really creates a whole new dynamic of response and refinement in IT.

Ng: It's actually quite a key communication of management of service from the IT point of view. It also helps in planning services. If you see a pick-up in the subscription, you could actually plan for expansion of the service, having the infrastructure and the capacity to support that. And, the reverse. If you see a service having not enough subscription, you might want to scale down the infrastructure that's behind that supporting it. The other aspect is in planning or budgeting -- which areas you should focus in, where you're seeing demand, and things like that.

Gardner: And, that's little different from a customer perspective, as well, instead of just having an application or a set of applications thrown at them, saying "Here, use it, you are going to get charged for it no matter what." That might even leave people with a little sour taste from the start, when it comes to IT.

McClean: I always find it interesting. IT has grown and matured. We always looked at the IT department as a black box. Someone wanders into the organization and says, "We need 'X' amount of dollars for a server that does this." And, you go, "Uh-oh. They are IT. I don't know what they do, but it must be important."

When you start move into this model, as Hwee Ming explained, where we are going through subscriptions, we're just trying to get to people being able to focus on, "Oh, they do work just like the rest of the business." And, that has to happen, because it helps the businesses embrace IT as well. Once everybody starts realizing it's an aspect of business, that makes more sense to everybody.

Gardner: It's a more natural relationship. This is how most people actually do business?

McClean: Yeah.

Gardner: You also mentioned that knowledge management (KM), in the context of ITIL, is important. I didn't know what you meant by KM. Are you talking about KM like we need to know who is good at what in our company, or we need to take both structured and unstructured content and data and make it available for people when they are doing research, or is this KM in the context of IT something else?

Ng: A quote we have been using quite often is that the focus on KM is really to be able to get the right content to the right people at the right time. This is what we are trying to do. We're trying to provide the information that is needed by the service desk to perform their work, or provide the information via Web to the end user, so that they can troubleshoot their own problem. It's about providing the right information to the right people.

Gardner: I see. So, it's the knowledge for more self-help, which takes the burden off the help desk, and then it's more knowledge in the right context to the help desk, so that they can better provide services to the people when they call in.

McClean: Yeah, I think it's interesting, because people will say "Well, we're in the information age." Then, you go forward with that and say, "Okay, if information were moving a little bit faster, then knowledge is becoming more of a commodity." What do you do with a commodity? You have to organize it and make it easily distributable, because you've got to get it to everybody that wants it.

Gardner: It's the information age, where I still can't get my VPN to work.

McClean: Right. So, we need to be able to put that in such a way in an organizational structure that you can get it as quickly as possible when you need it.

Gardner: Okay. I guess we should close up our discussion of ITIL, where we look at what's to come next? Obviously, there is a lot of adoption going on, different companies and regions and industries, and verticals adopting these things at different rates. We hear a lot about version 3 of ITIL, what should we expect with something around version 4 and when?

McClean: I think whether we are talking ancillary tools. In ITIL version 2, the thing that people constantly would drive back in training classes was, "Okay, this all makes sense to me." Some people would even say, "Well, this is common sense. So how do I do it? I get that it's important to do these certain aspects of a process, and it makes sense, but how."

Now, in ITIL version 3, we're saying, "Here's how we need to apply it more to the business." Now we're going to start seeing the design of those concepts and processes and alignment of those to the tools, so that when you look at a tool and you go to use this tool, you can quickly check here's how and here's why. We'll see that with the solutions like the blueprint and solutions like the Reference Model, where we're diving down into the ITIL process and getting more in depth. Other architects are looking at the tools and saying, "Here is where that tool connects to this process." So, the business can see those connections as well.

Gardner: Hwee Ming, where do you see the next advances in ITIL coming?

Ng: I see v3 is still relatively new in the adoption phase, and we are seeing a lot more customers wanting to go to ITIL and adopt v3. The next iteration, if we want to do it, will be driven from the field experience, collaboration, and leveraging the best practices that people see in the field. So, I see that as a more collaborative effort in the next revision.

Gardner: I see, so more toward how to manage the teams that you've already put in place that are more business-oriented and more process-oriented?

Ng: I think the next revision of ITIL probably would get a lot of content from consultants or the organization, looking at how ITIL v3 has been used in the organization and what are the best practices and improvements, and driving that back to the business model.

McClean: It's new to me, because that again drives you back to the business model where you say, "We have to figure out what our constituents want so we can continue to provide it to them." When you start researching, the business needs drive more of that.

Gardner: And, that makes sense, rather than "We'll figure out what you are supposed to do and tell you what to do. Maybe we'll have a discussion about it and come up with the best solution."

McClean: Right, and we'll take the information that you provide us in terms of the business and start applying it to what we do on our side to support that.

Gardner: Well great, we've been looking at ITIL through the lens of people who are in the field implementing it and some of the issues that customers for HP and KatalystNow are adjusting to ITIL and perhaps what they'll be doing with their future IT departments culturally and in terms of process.

Well, I want thank Sean McClean, he is a principal at KatalystNow. Thank you for joining and sharing your insights.

McClean: Thanks very much. It was a pleasure.

Gardner: We've also been talking with Hwee Ming Ng, a solution architect in the Consulting and Integration Group at HP in San Francisco. Thanks.

Ng: Thanks a lot. Glad to be here.

Gardner: This comes to you as a sponsored HP Software Universe live podcast recorded at the Venetian Resort in Las Vegas. Look for other podcast from this HP event at hp.com website, under "Software Universe Live Podcasts," as well as, through the BriefingsDirect Network. I would like to thank our producers on today’s show, Fred Bals and Kate Whalen, and also our sponsor Hewlett-Packard.

I'm Dana Gardner, principal analyst at Interarbor Solutions. Thanks for listening, and come back next time for more in-depth podcasts on enterprise software infrastructure and strategies. Bye for now.

Listen to the podcast. Sponsor: Hewlett-Packard.

Transcript of BriefingsDirect podcast recorded at the Hewlett-Packard Software Universe Conference, in Las Vegas, Nevada. Copyright Interarbor Solutions, LLC, 2005-2008. All rights reserved.