the itil and cmmi dance: a play in three acts · 2 integrate 2010 – hayes/phifer act 1: we learn...
TRANSCRIPT
Integrate 2010 – Hayes/Phifer 1 1
THE ITIL® AND CMMI® DANCE: A PLAY IN THREE ACTS
Bill PhiferTed Hayes
Integrate 2010
.
Integrate 2010 – Hayes/Phifer 2
Act 1: We learn about the CMMI and its process areas.
Act 2: We learn about ITIL V3 and the Service Management Lifecycle
Act 3: We explore the common ground between CMMI and ITIL and review the interactions that must take place for organizations (not just IT) to realize benefit.
2
PLAYBILL
.
SEPG 2010 – Hayes/Phifer 4
A BRIEF HISTORY OF IT
4
Client/Server
Mainframe
Internet, IntranetE-Business …
• Servers begin to proliferate
• A few big servers
• More apps, servers, and users
Massive complexity
Rigid Environments
More operational problems
The Result
We can no longer consider applications separately from the environment in which they operate!
.
Integrate 2010 – Hayes/Phifer 5
CURRENT PITFALLS
– Applications are not being designed to run in a complex, distributed environment
– Application practitioners view ITIL as an infrastructure-only model and CMMI as an application-only model
– Communication gaps exist between Apps and Infrastructure groups (plus terminology, standards)
– End-to-end Change Management is not effective
– Apps and Infrastructure don't integrate and don't learn from one another
5..
Integrate 2010 – Hayes/Phifer 6
CURRENT PITFALLS (CONT’D)
– Infrastructure does not have the same project management culture as applications
– Standards for application design do not properly include both apps and infrastructure components
– Applications don’t transition well from development to the live environment
– Costs and complexity to manage apps are increasing
6..
Integrate 2010 – Hayes/Phifer 7
BACKSTAGE - A PROBLEM
– A large non-profit organization has replaced an old mainframe system that is used to register and add new members
– The newly developed application now takes nearly 15 minutes to add a new member, and field offices have been complaining loudly about how long it takes
7
YOUR TURN: What could be some reasons for this problem?
.
Integrate 2010 – Hayes/Phifer 9
ACT 1: WE LEARN ABOUT CMMI
What is CMMI V1.2? • What it is and is not• Scope and Disciplines • Maturity & Capability Levels
9..
Integrate 2010 – Hayes/Phifer 10
CMMI - WHAT IT IS / WHAT IT IS NOT
10
What It Is NOT• A “certification”• Methodology• A silver bullet• A guarantee of success• Easy to implement• Easy to achieve levels• Only for the Federal
Government• Only used in the USA• It does not specify how to
perform the activities
..
What It Is• A set of best practices • A quality reference model• A set of critical behaviors
common for success• A guideline for continuous
improvement• A measurement and rating
system of process capability• A risk indicator• It does specify what is
necessary to be performed
Integrate 2010 – Hayes/Phifer 11
CMMI-DEV V1.2 PROCESS AREAS
Optimizing
QuantitativelyManaged
Defined
Managed
Initial
Continuous processimprovement
Process measured andcontrolled
Process characterizedfor the organization andis proactive
Process characterizedfor projects and is oftenreactive
Causal Analysis and ResolutionOrganizational Innovation and
Deployment
Quantitative Project Management Organizational Process Performance
Requirements DevelopmentTechnical SolutionProduct IntegrationValidationVerificationOrganizational Training Organizational Process FocusOrganizational Process DefinitionDecision Analysis and ResolutionIntegrated Project ManagementRisk Management Requirements ManagementProject PlanningProject Monitoring and ControlSupplier Agreement ManagementMeasurement and AnalysisProcess and Product Quality AssuranceConfiguration Management
Productivity & Quality
IS
K
R
Maturity Level Characteristic Process Areas Result
55
44
33
22
11Process unpredictable,poorly controlled, reactive
Optimizing
QuantitativelyManaged
Defined
Managed
Initial
Continuous processimprovement
Process measured andcontrolled
Process characterizedfor the organization andis proactive
Process characterizedfor projects and is oftenreactive
Causal Analysis and ResolutionOrganizational Innovation and
Deployment
Quantitative Project Management Organizational Process Performance
Requirements DevelopmentTechnical SolutionProduct IntegrationValidationVerificationOrganizational Training Organizational Process FocusOrganizational Process DefinitionDecision Analysis and ResolutionIntegrated Project ManagementRisk Management Requirements ManagementProject PlanningProject Monitoring and ControlSupplier Agreement ManagementMeasurement and AnalysisProcess and Product Quality AssuranceConfiguration Management
Productivity & Quality
IS
K
R
Maturity Level Characteristic Process Areas Result
55
44
33
22
11Process unpredictable,poorly controlled, reactive
SEPG 2010 – Hayes/Phifer 14
ITIL V3 LIFECYCLE MODEL & COMPONENTS
Continual Service Improvement
Financial Management
Service Portfolio Management
Demand Management
Strategy Generation
Service Level Mgt
Information Security Mgt
IT Service Continuity Mgt
Availability Management
Capacity Management
Supplier Management
Service Catalogue Mgt
Change Management
Release and Deployment Management
Knowledge Management
Evaluation
Service Validation & Testing
Transition Planning and Support
Problem Management
Incident Management
Event Management
Access Management
Request Fulfilment
Application Management
IT Operations Management
Technical Management
Service Desk
Service Strategy
Service Design
Service Transition
Service Operation
Service Asset and Configuration Mgt
Service Measurement Service Reporting Service Improvement
Service Architecture
Service Engineering
Application Development
Legend:
■ Additional disciplines for design, engineering & apps development
SEPG 2010 – Hayes/Phifer 15
– Most widely accepted quality framework world-wide
– Leverage ITIL lexicon to establish a common language for IT
– 5 stage lifecycle– intuitive, comprehensive, accommodates other models
– Orchestrates IT components, projects & services aligned to the business
– Map your integrated model to CMMI for appraisal needs
Use CMMI to strengthen ITIL V3 model
LEAD WITH THE ITIL SERVICE LIFECYCLE
Integrate 2010 – Hayes/Phifer 16 16
Act 3: CMMI & ITIL Dance TogetherThese two models bring out the best in each other…
.
Integrate 2010 – Hayes/Phifer 17
BENEFITS OF AN ITIL-CMMI APPROACH
– Exploit the strengths of each model for further effectiveness
– Design applications to run effectively in their intended environment
– Common terminology and lexicon– As compliance and regulation
become more prevalent and pervasive, the need for broader process capability and (especially) governance is essential
17
YOUR TURN: What ITIL processes might support improved design of the
Membership application?
.
Integrate 2010 – Hayes/Phifer 18
WHY ITIL V3 & CMMI?– ITIL V3 provides substantial how-to guidance where CMMI does not
– CMMI driven by applications & DoD stakeholders where ITIL is not
– ITIL V3 defines an end-to-end framework to manage all IT services
– CMMI provides a benchmark for organizational maturity
– ITIL Integrates applications and infrastructure in same enterprise service framework, end-to-end
– CMMI provides best practices for systems engineering (apps & infra.)
CMMI
ITIL V3
Integrate 2010 – Hayes/Phifer 19
APPLICATIONS AND IT SERVICES
19
Infrastructure
Applications
Business Processes
Technical ServicesScope
Operational Processes
(enables)
(enables)
(manages)
Business ServicesScope
Designed for Operation
Applications must be designed with operational support requirements in mind - focus must not be limited to development costs, but on Total Cost of Ownership (TCO) for sustaining the application throughout its useful life.
.
Integrate 2010 – Hayes/Phifer 20
PUTTING ITIL AND CMMI TO WORK
ITIL
Strong management of IT environment, but weak in application development
Business Requirements – ITIL Service Strategy
leveraging CMMI
Design and Development –Service Design leveraging
CMMI
Transition & Operations – ITILService Transition & Service
OperationCMMI
Strong in systems and software engineering, but weak in transition
1 2
3
These are complementary frameworks –each making the other stronger
.
SEPG 2010 – Hayes/Phifer 22
Service Strategy
Service Design
Service Transition
Service Operation
Cont. Service Imprv
CMMI & THE ITIL SERVICE LIFECYCLE
Project Planning
Project Monitoring& Control
RequirementsManagement
Process & Product QA
Measurement & Analysis
Supplier Agreement Mgmt
Configuration Management
Organizational Process Focus
Causal Analysis & Resolution
Org Process Performance
Service System Development*
Service System Transition*
Strategic ServiceManagement*
Service Continuity*
Service Delivery*
Capacity & Availability Mgmt*
Decision Analysis& Resolution
Incident Resolution & Prevention*
Organizational Training
Organizational Process Definition
Quantitative Project Mgmt
Org Innovation & Deployment
Categories: • Service Establishment & Delivery•Process Management•Project Management•Support•Engineering
*Unique to CMMI-SVC
Requirements Development
Technical Solution Product Integration
Verification
Validation
SEPG 2010 – Hayes/Phifer 23
ITIL V3 PROCESSES & FUNCTIONS BY LIFECYCLE STAGE
23
Continual Service Improvement
Adopted from Pultorak & Associates and itSMF ITIL V3 Pocket Guide
IT Financial Management
Service Portfolio Management
Demand Management
Strategy Generation
Service Level Mgt
Information Security Mgt
IT Service Continuity Mgt
Availability Management
Capacity Management
Supplier Management
Service Catalogue Mgt
Change Management
Release and Deployment Management
Knowledge Management
Evaluation
Service Validation & Testing
Transition Planning and Support
Problem Management
Incident Management
Event Management
Access Management
Request Fulfilment
Application Management
IT Operations Management
Technical Management
Service Desk
Service Strategy
Service Design
Service Transition
Service Operation
Service Asset and Configuration Mgt
The SDLC easily maps to the ITIL V3 service lifecycle!
Service Measurement Service Reporting Service Improvement.
SEPG 2010 – Hayes/Phifer 24 24
Continual Service Improvement
Adopted from Pultorak & Associates and itSMF ITIL V3 Pocket Guide
IT Financial Management
Service Portfolio Management
Demand Management
Strategy Generation
Service Level Mgt
Information Security Mgt
IT Service Continuity Mgt
Availability Management
Capacity Management
Supplier Management
Service Catalogue Mgt
Change Management
Release and Deployment Management
Knowledge Management
Evaluation
Service Validation & Testing
Transition Planning and Support
Problem Management
Incident Management
Event Management
Access Management
Request Fulfilment
Application Management
IT Operations Management
Technical Management
Service Desk
Service Asset and Configuration Mgt
Service Strategy defines thecustomer need and approach for the
application project
Service Measurement Service Reporting Service Improvement.
Service Strategy
Service Design
Service Transition
Service Operation
ITIL V3 PROCESSES & FUNCTIONS BY LIFECYCLE STAGE
SEPG 2010 – Hayes/Phifer 25 25
Continual Service Improvement
Adopted from Pultorak & Associates and itSMF ITIL V3 Pocket Guide
IT Financial Management
Service Portfolio Management
Demand Management
Strategy Generation
Service Level Mgt
Information Security Mgt
IT Service Continuity Mgt
Availability Management
Capacity Management
Supplier Management
Service Catalogue Mgt
Change Management
Release and Deployment Management
Knowledge Management
Evaluation
Service Validation & Testing
Transition Planning and Support
Problem Management
Incident Management
Event Management
Access Management
Request Fulfilment
Application Management
IT Operations Management
Technical Management
Service Desk
Service Asset and Configuration Mgt
Service Design determines the architecture, design, standards &
components for the application project including coding
Service Measurement Service Reporting Service Improvement.
Service Strategy
Service Design
Service Transition
Service Operation
ITIL V3 PROCESSES & FUNCTIONS BY LIFECYCLE STAGE
SEPG 2010 – Hayes/Phifer 26 26
Continual Service Improvement
Adopted from Pultorak & Associates and itSMF ITIL V3 Pocket Guide
IT Financial Management
Service Portfolio Management
Demand Management
Strategy Generation
Service Level Mgt
Information Security Mgt
IT Service Continuity Mgt
Availability Management
Capacity Management
Supplier Management
Service Catalogue Mgt
Change Management
Release and Deployment Management
Knowledge Management
Evaluation
Service Validation & Testing
Transition Planning and Support
Problem Management
Incident Management
Event Management
Access Management
Request Fulfilment
Application Management
IT Operations Management
Technical Management
Service Desk
Service Asset and Configuration Mgt
Service Transition validates, documents and promotes the final
application to operations, including knowledge transfer
Service Measurement Service Reporting Service Improvement.
Service Strategy
Service Design
Service Transition
Service Operation
ITIL V3 PROCESSES & FUNCTIONS BY LIFECYCLE STAGE
SEPG 2010 – Hayes/Phifer 27 27
Continual Service Improvement
Adopted from Pultorak & Associates and itSMF ITIL V3 Pocket Guide
IT Financial Management
Service Portfolio Management
Demand Management
Strategy Generation
Service Level Mgt
Information Security Mgt
IT Service Continuity Mgt
Availability Management
Capacity Management
Supplier Management
Service Catalogue Mgt
Change Management
Release and Deployment Management
Knowledge Management
Evaluation
Service Validation & Testing
Transition Planning and Support
Problem Management
Incident Management
Event Management
Access Management
Request Fulfilment
Application Management
IT Operations Management
Technical Management
Service Desk
Service Asset and Configuration Mgt
Service Operations manages the applications, technology and
infrastructure that was produced by the application project
Service Measurement Service Reporting Service Improvement.
Service Strategy
Service Design
Service Transition
Service Operation
ITIL V3 PROCESSES & FUNCTIONS BY LIFECYCLE STAGE
SEPG 2010 – Hayes/Phifer 28 28
Continual Service Improvement
Adopted from Pultorak & Associates and itSMF ITIL V3 Pocket Guide
IT Financial Management
Service Portfolio Management
Demand Management
Strategy Generation
Service Level Mgt
Information Security Mgt
IT Service Continuity Mgt
Availability Management
Capacity Management
Supplier Management
Service Catalogue Mgt
Change Management
Release and Deployment Management
Knowledge Management
Evaluation
Service Validation & Testing
Transition Planning and Support
Problem Management
Incident Management
Event Management
Access Management
Request Fulfilment
Application Management
IT Operations Management
Technical Management
Service Desk
Service Asset and Configuration Mgt
Continual Service Improvement is focused on maintaining value forcustomers through the continual
evaluation and improvement of the quality of application services
Service Measurement Service Reporting Service Improvement.
Service Strategy
Service Design
Service Transition
Service Operation
ITIL V3 PROCESSES & FUNCTIONS
Integrate 2010 – Hayes/Phifer 29
HOW CMMI STRENGTHENS ITIL
– Use of CMMI Project Management process areas for service management projects
• PP, PMC, IPM, RskM– Organizational process areas can
reinforce organizational capability in process management, training and metrics
• OPF, OPD, OT, OPP plus MA– Enhance decision making
• DAR– Supplement Problem Management root
cause analysis• CAR
– Enhance objective-based innovation• OID
29.
Integrate 2010 – Hayes/Phifer 30
IMPROVED ORGANIZATIONAL PERFORMANCE– Helps prioritize improvement opportunities– Applies process management and quality
improvement concepts to the entire IT Service Life Cycle
– Describes stages through which IT service providers evolve as they define, implement, measure, control and improve their processes
– Leads to a culture of engineering and operational excellence
– Provides market credibility
30.
Integrate 2010 – Hayes/Phifer 31
INTEGRATION BENEFITS – ENCORE
– CMMI provides best practices that complement and improve ITIL-based delivery
– Everyone in IT speaks the same language– Exploits the strengths of each model
– The tactical and operational service management of ITIL
– The systems & software engineering practices of CMMI
31.
Integrate 2010 – Hayes/Phifer 32
A CALL TO ACTION– Establish a cross-functional action team to plan and
manage the service life cycle approach– Seek awareness and cross-training between
Applications Services and Service Management / Infrastructure groups in ITIL and CMMI
– Everyone works together (no more silos)– Establish your own meaningful ITIL-based IT
management model, then engineer and position applications within that resulting framework
– Start now. Think in V3 lifecycle phases. – Integration is hard work, but worth it and necessary!
32
YOUR TURN: What other actions might you take to leverage CMMI & ITIL processes together?
.
Integrate 2010 – Hayes/Phifer 33
Contacts
Bill PhiferHP Enterprise Services+1 [email protected]
Ted HayesHP Enterprise Services+1 [email protected]
Integrate 2010 – Hayes/Phifer 34 34
Outtakes –“An Application Change” ScenarioGet your feet moving and let’s hit the dance floor…
.
Integrate 2010 – Hayes/Phifer 35
SCENARIO – “AN APPLICATION CHANGE”– The business has requested a major change to the billing
application. Web application logic changes will be made to allow customers to enter credit card information to pay their outstanding balances.
– What flow will the change take – and what will you do?
35.
Integrate 2010 – Hayes/Phifer 36
SCENARIO “BOOK ANSWER”
The business has requested a major change to the billing application. Web application logic changes will be made to allow customers to enter credit card information to pay their outstanding balances.
Service Desk/Request Management: The business support area contacts the Service Desk and selects the option to initiate a project to improve the billing application functionality. The Service Desk authenticates the Request and verifies the requester is entitled to the service. They raise the request for change (RFC) with Change Management.
[Comment: in ITIL, this would be Incident Management or Request Fulfillment (smaller, common requests); however at EDS we have developed a single process (Request Management) to handle all user requests (issues and Changes).]
36.
Integrate 2010 – Hayes/Phifer 37
SCENARIO (CONT’D)
Change Management: does an impact assessment on the proposed project by engaging the relevant stakeholders – Information Security, Design (including architecture), Financial Management (to support the business case), Capacity, Availability, Service Level, IT Service Continuity Management. Change Management approves the project and it proceeds to the Design and Planning activity.
[The assumption is that a Service Design Package needs to be created to specify all aspects (technical and non-technical) of the billing service. Also assume that this application will run on existing hardware and network.]
Service Design determines:
That the proposed billing system can fit within the current infrastructure architecture (Availability Management)
What service components are required in order to achieved the required application response times (Capacity Management/Application Sizing)
37.
Integrate 2010 – Hayes/Phifer 38
SCENARIO (CONT’D)
The service targets with representatives of the business and how delivery of the service will be demonstrated through monitoring and reporting (Service Level Management)
What type of security/privacy measures must be included to comply with PCI standards (Information Security Management)
A financial forecast the operational cost of adding the credit card capability is estimated (IT Financial Management)
What is needed to ensure that the required encryption capability is available at the designated failover sites (IT Service Continuity Management)
[The assumption is that no external supplier is involved. (Supplier Management)]
Development of the credit card processing logic code for the billing application (Technical Solution)
38.
Integrate 2010 – Hayes/Phifer 39
SCENARIO (CONT’D)
Service Asset & Configuration Management: updates the Configuration Management Database (CMDB), with the new credit card billing Configuration Items (CI) and related data (locations, business users, server and network components, etc.) The CI itself is promoted to the software repository. This also includes before and after baselines to verify capacity changes to the environment.
Change Management: performs a post-implementation review and determines that the authorized objectives for the Change are achieved by the Release. Trigger billing and close the Change.
Financial Management: invoices and obtains payment from the business that authorized the services to be performed.
39.
Integrate 2010 – Hayes/Phifer 40
SCENARIO (CONT’D)
A Service Design Package is created to specify all that is required to successfully the value of the service; including:
• People: how operations will support it (staffing levels, skills, user or operations training materials, troubleshooting documentation, etc.)
• Products: supporting tools (encryption for credit card data) and other technology and management systems used
• Processes: updates to existing processes to accommodate credit card handling and processing including roles (e.g., credit card fraud detection steward), and metrics to measure success and value realization
• Partners: defining agreements and required relationships with credit card companies and PCI auditors
• Details about implementing the credit card application into the live environment
40.
Integrate 2010 – Hayes/Phifer 41
SCENARIO #1 (CONT’D)Change Management: reviews and approves the Service Design Package and initiates Release and Deployment ManagementRelease planning (including scheduling) Preparation for Build, Test and Deployment (establish test environment, test data, scripts and processes)Release & Deployment Management covers:Build (component assembly and integration) per Service design Package, unit test encryption at controlled pilot sitePlan and prepare for Deployment of the system for all sitesImplement the new encryption capability at designated failover sites (IT Service Continuity Management)
Release planning (including scheduling) Preparation for Build, Test and Deployment (establish test environment, test data, scripts and processes)Release & Deployment Management covers:Build (component assembly and integration) per Service design Package, unit test encryption at controlled pilot sitePlan and prepare for Deployment of the system for all sites
41.
Integrate 2010 – Hayes/Phifer 42
SCENARIO #1 (CONT’D)
Implement the new encryption capability at designated failover sites (IT Service Continuity Management)Update the Service Level Agreement and service reports with the associated credit card system performance targets (Service Level Management)Conduct service verification and validation that credit card application satisfies original business requirementsPerform transfer deployment (implement) and retirement (of old modules); includes managing organization and stakeholder change about risks and importance of credit card security and PCI compliance (security awareness training) – IT Security ManagementVerify deployment (the application functions as expected in the live environment)Early life support (applications development project team provides support for early operations)Review and close the deployment (determine if there are any outstanding items that were deferred for subsequent release)
42.