Upload
others
View
5
Download
0
Embed Size (px)
Citation preview
www.ITinvolve.com
USE CASE SCENARIO Using ITinvolve to:
Achieve Infrastructure Change Agility
www.ITinvolve.com
The Business ChallengeIT infrastructure and Operations organizations are under
tremendous pressure to execute changes faster while also
minimizing (or even eliminating) risk. As if this objective
wasn’t challenging enough, IT complexity is increasing
at a rapid pace. Making matters worse, IT often relies on
scattered and tribal knowledge about their environments,
which means critical information can be overlooked and
critical stakeholders left out.
That’s why achieving the objective of infrastructure change
agility with low risk is getting harder every year and why
most IT organizations can point to the fact that 80% of their
service-impacting issues are as a result of well-intentioned
changes that have unintended consequences.
Despite a lot of investment in process and automation tools,
these challenges remain. We believe that harnessing your
people’s IT knowledge and combining it with visual analysis
and collaboration is the key to avoiding unintended business
impacts from changes and reducing unplanned work.
How ITinvolve Can Help
Only ITinvolve brings together knowledge, analysis and collaboration in one solution to:
• Visually assess change impact and risk across infrastructure,
services, policies, and more
• Identify and proactively engage all relevant stakeholders
and experts
• Automatically promote key settings, tribal knowledge, and
other often overlooked information
With ITinvolve, you will:
• Execute changes faster
• Identify and minimize business risk
• Increase change throughput
• Reduce unplanned work from IT changes
• Improve IT performance, reliability, and security
• Increase change success rate
Achieve Infrastructure Change Agility
“Through 2015, 80% of outages
impacting mission-critical services will be
caused by people and process issues, and
more than 50% of those outages will be
caused by change/configuration/release
integration and hand-off issues.”
R. Colville and G. Spafford,
“Top Seven Considerations for Configuration
Management for Virtual and Cloud
Infrastructures”, 27 October 2010
1
1 www.ITinvolve.com
The ScenarioA large enterprise company has hundreds of databases that
support their business critical applications. Some of these
databases run in company-owned and staffed datacenters
while others run in the cloud (especially development and
test instances).
In this scenario, Microsoft has just recently issued a
security patch for MS SQL Server, and the database team
has proposed a change to roll out the patch across over a
hundred different database instances.
Patty McGee is the change planner assigned to manage the
change, and John Hopkins is the DBA team lead responsible
for MS SQL Server management.
What Happens Without ITinvolveFollowing a traditional approach, Patty would likely create a
change record in her change process management system.
If that system also includes, or works with, a Configuration
Management Database (CMDB) she may have also added the
Configuration Items (CIs) for each of the SQL Server databases
to the change record. Most likely she would have then added
John to the change as a stakeholder, and then called a
meeting with John and as well as anyone she knew who might
have a vested interest in the change (e.g. she knows that
the company’s business intelligence reporting system uses
a MS SQL Server database so she invites the administrator
responsible for it as well).
In the meeting, Patty, John, and anyone else who was
invited (and actually had time to attend) strategize about the
change, what they thought the potential impacts were, and
then following the meeting she likely updated the change
record with the summary from the meeting and added a few
more stakeholders to the change record. Perhaps there were
several more meetings over the following days or weeks as the
group expanded to include others that might have a potential
interest – with some being able to attend the meetings and
some who were not. Patty may have also sent out an email
blast to an even wider group of potentially interested parties
to ask them for their inputs and any risks they might see,
and this probably spawned multiple other email threads and
hallway conversations across the organization. Some of those
involved may have even had access to the CMDB to leverage
the dependency relationships modeled there when providing
their risk assessment.
Achieve Infrastructure Change Agility
2
While this scenario focuses on a database
infrastructure change, the approach and
value applies equally to manage other
frequent and common infrastructure
changes such as updating of firewall
settings, rolling out new virtual machines,
upgrading or replacing server or storage
hardware components. In short, all of
the many hundreds or thousands of
infrastructure changes that take place in
an enterprise IT organization every week
and that result in business impacting
incidents far more often than IT or the
business would like.
Finally after many days or even weeks, Patty and John
summarize what they found from their research and prepare
their findings for the Change Advisory Board (CAB) meeting
coming up the following week. The day finally arrives for Patty
to present her recommendation on the MS SQL Server patch,
the risks, the mitigation strategy, and the planned time for
implementation. The CAB thoughtfully considers the request
for several minutes, and then one member asks Patty whether
a key resource in the storage team has been included in the
risk assessment. Patty responds that he has not been and
asks why they would be relevant to the decision. The CAB
member explains how earlier in the meeting they had just
approved a request to upgrade a Storage Area Network (SAN)
device for the same day as Patty’s change and how that might
include one or more SQL database instances with the risk of
a conflict if the two changes are performed at the same time.
Patty makes a note of this and agrees to follow up with the
storage expert, and her change approval gets rescheduled for
the next CAB meeting in a week.
Meanwhile, the security holes that are closed by the patch
remain open.
A week later, Patty confirms that the change plan has been
adjusted so the SAN upgrade will be completed first before
the patch is applied to the dozen or so SQL instances running
in the SAN. Finally, after all this effort, the change takes place.
Everything appears to go as planned, with the automation of
the patches executing on time across all databases. Then an
hour later, the head of Service Support calls Patty, “Something
has gone wrong,” he says. “We are getting calls from folks in
the Finance department that the reports they run daily aren’t
accessible or are timing out. What changes have you been
making recently?” he asks with barely muted anger in his
voice. Patty replies, “We’ve recently applied a security patch to
our SQL Server databases. We thought we had identified all the
risks and accounted for them. Obviously, we haven’t. I’ll get on
this right away and get back to you as soon as I can.
How Change Risks are Identified and Avoided with ITinvolveWith ITinvolve, Patty still creates the change record in her
company’s change process management system. However,
she now uses ITinvolve to identify the right stakeholders
and engage them in a collaboration process to quickly and
accurately assess risks and identify mitigation strategies.
First, Patty defines a Scenario in ITinvolve for the MS SQL
Server patch, and then she works with John to create an
initial set of associations with each MS SQL Server instance
that’s been defined in ITinvolve by John’s team. Using this
information, and the relationships between the SQL Server
instances and other objects in ITinvolve (such as physical
servers, SANs, applications, policies and business services)
she can instantly see a list of recommended stakeholders.
She can then add other stakeholders as needed (including
relevant business stakeholders such as the IT point of contact
in the Finance departments) and publish the Scenario for
collaboration.
Achieve Infrastructure Change Agility
3
Figure 1: Visual Impact Analysis in ITinvolve
www.ITinvolve.com
3
Each Stakeholder then is notified through email, the ITinvolve
application, or their ITinvolve mobile app that there is a new
Scenario awaiting their risk assessment. Using the visual
impact analysis in ITinvolve, each stakeholder can quickly and
easily see the potential upstream and downstream impacts of
the patch, they can also investigate pertinent impact factors
such as policies that might be affected by the change, relevant
knowledge articles, as well as key settings and captured
tribal knowledge about non-standard configurations and best
practices accumulated in the organization.
Everyone’s risk assessment is logged in ITinvolve and each
stakeholder is automatically notified of what the other
stakeholders recommend. If there are questions, they can
engage one another for clarification—right in ITinvolve—
helping to keep a log of their discussion for future reference
and audit purposes.
Using this approach, each stakeholder can engage at a time
and place that’s convenient for them instead of trying to get
everyone together at the same time and place which could
take days or weeks to accomplish.
What’s more all stakeholders are proactively engaged so no
key contributors are accidentally overlooked and no one’s key
input is left out because a meeting was missed.
After everyone has provided their risk assessment, Patty and
John prepare the consensus recommendation in ITinvolve
including the need to schedule the patch to take place after
the SAN upgrade. They also document that the Finance
department’s reporting application requires some non-
standard configuration settings which will need to be reset
after the patch because they will be overwritten during the
patch process.
In the CAB meeting, the committee members review the
recommendation Patty and John have prepared as well as the
risk analysis and mitigation strategies. No objections are raised
and the patch is scheduled for the following day. What would
have taken four to eight weeks using their old method (and
still resulted in a negative business impact) was accomplished
in less than a week using ITinvolve, resulting in no negative
business impact and no unplanned work in IT to resolve it.
Achieve Infrastructure Change Agility
4
Figure 2: Access to Relevant Impact Factors in ITinvolve Figure 3: Stakeholder Risk Assessment in ITinvolve
www.ITinvolve.com
Summary of Benefits
Achieve Infrastructure Change Agility
• Significant reduction in negative business impacts from IT infrastructure changes
• More reliable IT services
• Significant reduction in negative business impacts from IT infrastructure changes
• Ability to rollout necessary infrastructure changes faster (to improve performance, reliability, and security)
• Ability to handle more infrastructure changes with same staff
• Reduction in unplanned work from IT changes (so resources can remain focused on other priorities)
• Easy access to relevant, accurate and trusted information when evaluating the risks from IT changes
• Ability to collaborate virtually with other stakeholders and at a convenient time and place
• Reduced time spent fixing problems caused by changes
BUSINESS
IT LEADERSHIP
IT PROFESSIONALS
Going Further with ITinvolve for Change ManagementITinvolve can also be your change process management system. In addition to the benefits described above, we can record,
analyze, assess risk, and handle all approvals for your changes including facilitating virtual CAB meetings to further accelerate your
infrastructure change agility.
Learn MoreExplore more resources on the problems we solve at www.itinvolve.com
or email us at [email protected] to discuss how ITinvolve can help you
improve infrastructure change agility.
MAIN 877-741-8944FAX 832-201-8104WEB www.itinvolve.comEMAIL [email protected]
2925 Briarpark Drive Suite 270Houston, Texas 77042
11200 Richmond Avenue, Suite 350Houston, Texas 77082