Building an IT Infrastructure That Actually Serves Customers
Rich Schiesser has worn many hats: senior executive, consultant, and educator. He wrapped the wisdom gained from those experiences into his book, IT Systems Management. Now in its second edition, the book is used by IT managers and educators alike to teach the design, implementation, and management of IT infrastructure. Lynn Greiner recently had the opportunity to ask Schiesser about his views on IT infrastructure management, the adoption of ITIL, and the importance of knowledge transfer.
Lynn Greiner: What do you consider the most important components in IT infrastructure management?
Rich Schiesser: Hiring and retaining the right people whose skills are matched to the requirements of the job. Successful IT infrastructure management involves primarily two things. One is providing services to customers that provide them value, meet their business needs, and are reliable, responsive and secure. The second is providing the infrastructure and support processes that will enable successful delivery and operation if these services. People are the most important resource in providing these services and infrastructures.
Lynn: What is the most neglected area of IT infrastructure management, and what should people do about it?
Rich: In my opinion, the most neglected area of IT infrastructure management is lack of knowledge transfer. Talented engineers, analysts, administrators, and technicians often develop and implement innovative techniques to manage their segments of the infrastructure very efficiently. But because these techniques are seldom documented or shared in depth with others, the value is lost when these innovators leave the company.
Other pieces of knowledge about an aspect of the infrastructure may be acquired uniquely over time by an individual simply because the person is the only one who is familiar with it. When this person leaves, so also may leave the knowledge.
Two other areas of IT infrastructure management that are frequently neglected are service level agreements and business continuity. Many shops do not have effective service level agreements (SLAs) in place. This results in mismanaged expectations between IT and its customers. These two parties need to agree that SLAs will be negotiated in good faith, and regularly reviewed, to promote a trusting and collaborative relationship.
Recent cutbacks in company budgets often lead many firms to cut back on business continuity plans. This can be a false economy of cost savings because the expense of maintaining effective business continuity plans can be insignificant when compared to the cost of not being able to recover from a major disaster.
Lynn: You've added a chapter on ITIL (V3, I assume, since V2 is retired?). Where are you seeing the most/best adoption?
Rich: The book discusses both versions 2 and 3 of ITIL because the first edition was often compared to version 2, and the first draft of the second was submitted before the announcements that version 2 would be retired later this year.
ITIL is being adopted across all industries. In 2009 there were over 210,000 IT professionals certified in ITIL Foundations (approximately 45,000 in version 2 and 165,000 in version 3). The most prevalent adoptions are in the financial services sectors (fostered in part by Sarbanes-Oxley), technology companies such as Cisco and Hewlett-Packard, health care services, and government agencies.
I have worked with three government agencies directly that have totally embraced the ITIL framework. These are Clark County in Southern Nevada, the Federal Reserve Banking System (particularly the St. Louis branch) and the U.S. Coast Guard. For several years Microsoft trained hundreds of its employees in the fundamentals of ITIL and adopted its use. More recently, they have developed their own version called the Microsoft Operations Framework (MOF) for use by their employees and clients.
Lynn: What are the most interesting implementations of the framework you've seen?
Rich: I have seen several interesting implementations of ITIL. Pacific Life Insurance dedicated a small staff to the effort and coupled it with Quality Management.
Clark County trained a majority of its IT staff, and a few key business users, on the fundamentals of ITIL. The County also did a very thorough evaluation of tools after determining which processes would be implemented first. Both of these organizations first conducted a total ITIL assessment of their IT infrastructure environment to determine their maturity levels. This helped to focus on which process would benefit them the most in the shortest time.
Lynn: How about the worst? What are the biggest mistakes you've seen?
Rich: Some of the worst implementations involve firms who train only the lower level technicians, with little or no management support. Some the best start with training several of the key managers who champion the cause of ITIL.
The five biggest mistakes I have seen are:
- Not doing some type of management awareness at the start.
- Not conducting an initial infrastructure assessment to determine maturity levels and to identify best areas to improve.
- Embarking on the ITIL journey without management support.
- Trying to implement too many processes at the outset.
- Rushing to automate before streamlining processes.
Lynn: Which of the ITIL processes do you find offer the most bang for the buck? Where (and how) should novices start?
Rich: I find that Change Management (CM) and Service Level Management (SLM) offer the most bang for the buck. The dynamic nature of most IT environments presents the daunting challenge of implementing maximum quantities of changes with minimal adverse impact. The ITIL model for CM helps to meet this challenge. Plus, CM integrates closely with several other processes such as configuration, release, incident and problem management. Shops that have a robust CM in place, even if weak in other processes, often have a reasonably stable environment.
SLM focuses on establishing a meaningful business relationship with customers, one built on trust and collaboration. This then leads to manageable expectations for service targets and service level agreements (SLAs) that can be negotiated in good faith.
Those who are just starting out with ITIL should consider have key managers attend some type of awareness class to familiarize them with the basic concepts, benefits, and requirements of an ITIL implementation. This should be followed up with an overall assessment of their infrastructure environment to determine maturity levels and to identify areas needing improvements the most.
Lynn: Business continuity is an oft-neglected component of IT management, as you mentioned. What would you suggest to businesses as first steps in remedying this? Are there any things companies mistakenly do for business continuity purposes that they perhaps shouldn't be doing?
Rich: The first step in business continuity should be to establish policies as to the scope, responsibilities, and reporting structure of the group that be held accountable for this effort. These policies should also clearly describe IT’s role in business continuity. The next step is to conduct a thorough business impact analysis (BIA) to determine recovery times of business processes (and the IT Services that support them) in the event of a sustained outage. Other steps include a risk assessment to identify threats, vulnerabilities and countermeasures; determining appropriate recovery strategies based on the BIA and the risk assessment; and developing and testing of recovery plans.
Mistakes made by companies consists of not involving IT as a partner in a BIA to quantify the costs of recovery, and not validating with executives the need for short recovery times which business users often request. Another mistake is not testing recovery plans on a regular basis. Finally, some companies only have IT determine recovery times of IT services without asking business users their requirements of recovery for business processes.
Lynn: You mentioned that you'd revamped the book to be more student- and instructor-friendly, because it's being used as a textbook. Was that your intent with the original volume, or was its educational use a pleasant (or unpleasant) surprise? Is its new direction an indication of gaps in IT education?
Rich: No, my original intent with the first edition was to offer a management reference book for IT infrastructure managers and practitioners. I had written several short articles for industry periodicals on what I had learned about designing and implementing infrastructure processes. These experiences came from my 20 years of experiences managing large, complex computer environments for four major organizations. The articles were very well-received.
A representative from Prentice Hall saw the articles and felt they could become part of a book on infrastructure processes. That is what led to the first edition. Its subtitle was “Designing, Implementing and Managing World-Class Infrastructures.”
It was a very pleasant and gratifying surprise when I learned that several universities around the world were using it as a textbook. A few of the professors using the book contacted Prentice Hall to inquire about classroom materials for the book, and suggested a second edition that would better suit the needs of instructors and students. I collaborated on the second edition with eight professors around the world who were using the first edition for business and management IT classes.
I do not know if the new direction is an indication of gaps in IT education. I do know that instructors and students enjoy the many real-life experiences that I use in my books. So it may indicate less a gap and more a preference for practical examples to enhance the learning experience.