ITIL TRAINING “Flash-Cards” Note: This is a set of “flash-cards” put together to help you study for the ITIL Certification exam. The information was taken from existing material, presentations and sample tests. Please use in conjunction with the attached slides. Hope it helps! • • • • • • • • • • • • • • • • • • • • • • • • • • • •
ITIL = Best practices for “IT Service Management” “IT Service Management” monitors the “IT Service Process” Describes goals, activities, inputs and outputs of processes Not a “Standard” – only best practices – Library of books to hold these practices Standards will vary from organization to organization to create “Best Practices” “Open Approach” framework that provides “Guidance” Allows for significant “Cost Reduction” ITIL Fundamentals deals with “IT Service Management” “IT Service Management” aligns IT Services with the needs of the business and its customers, continuously improves the quality of IT Services and reduces the long term costs of IT Services. IT Services are specific functions provided such as e-mail, printing, Internet, etc. “System Management” configures and manages computer resources IT INFRASTRUCTURE: All components employed to deliver IT Services (HW, SW, people, documentation and physical facilities “IT Service Management” is divided into two (2) main processes – SERVICE SUPPORT PROCESS and SERVICE DELIVERY PROCESS. A third division has now been created from Service Delivery called SECURITY MANAGEMENT Each process is sub-divided further into MANAGEMENT areas A CUSTOMER is the person paying for the IT Service Customer Relationship Management is the process to liaison with customers Users are the persons using the IT Service Process Owner (WHAT) responsible for the goals and results of the process Process Manager (HOW) responsible for the design and structure of the process Process Operatives (WHO) responsible for conducting defined activities in the process DEMING QUALITY CYCLE: Plan, Do, Check, Act. SPOC = Single Point of Contact – function of the Service Desk Configuration Items – (CIs) – Any component subject to Change Control under the control of the CMDB CI level: The degree of detail that defines an individual CI CMDB = Configuration Management Database – Tracks and records all CIs – Relationships Scope: The amount of CIs tracked in the CMDB Depth: Level of decomposition that will be done from a high level CI to its lowest level component CI. (Ex. Record PCs vs. recording their components – results in a “deeper” CMDB Attributes: The unique details of a CI
• • •
• • •
•
•
•
• • • • • •
Relationships: Describes the unique details of a CI Baseline: A snapshot that allows for a rebuild or back-out procedure SERVICE SUPPORT PROCESS: o Service Desk (a function not a process) o Incident Management o Problem Management o Configuration Management o Change Management o Release Management Service Desk: is a FUNCTION not a process that acts as a SPOC to handle incidents and requests effectively and efficiently. Part of Configuration Management and is the liaison between users and the providers of the Service Service Desk Activities: Receive and record all calls from users, initial incident assessment, monitors incidents to meet expectations, keeps users informed, and provides management information Service Desk Models: o Local: Located with the users that it serves in only one location o Central: Supports multiple geographic locations from a single point o Virtual: May be located at multiple geographic locations, but appears to users as a single entity. All locations have access to all information – 24X7 – “Follow the sun” coverage Service Request: MINOR requests that do NOT require investigation and where knowledge engineering (KE) is available, ex: re-setting passwords, creating e-mail account, etc. The change must be easily made under previously, well-defined, strict procedures. CONFIGURATION MANAGEMENT: Provides a logical model of the IT Infrastructure, controls the IT Infrastructure by recording relationships and attributes in the CMDB. It is NOT Asset Management. It controls CIs, Incidents, Problems, Change and Release Management. It is responsible for planning, identification of CIs, Control of CIs, status accounting, verification and audit of the CMDB records and ensures that the CMDB is always updated CONFIGURATION MANAGER: Has specific functions in CHANGE MANAGEMENT, which are: o Initial recording of the RFC o Updates change record – every step of progress o Informs users on a regular basis o Issues new RFCs when necessary o Closes RFC and updates final record (PIR) Incident: anything that causes or may cause interruption in service and is not a part of the operation of a service Incident Management: Provide continuity by restoring normal services as soon as possible and accumulate meaningful information related to the incident Impact: Degree to which services are interrupted Urgency: How urgent normal operation must be restored Prioritization: A value given to an incident to indicate its relative importance to other incidents. Determined by looking at impact and urgency Expected Effort: Amount of resources, time and cost needed to restore normal operation
• • • •
• • • • •
• • • • • • • • • • •
Escalation: Mechanism to facilitate timely resolution of interruptions Functional Escalation: Escalation within the technical arena Hierarchical Escalation: Escalation through management The role of SERVICE DESK in INCIDENT MANAGEMENT: o Primary role, records and updates incidents, keeps users informed and updated and is the SPOC o Owns, monitors, tracks and communicates incidents o Detection and Recording – issues incident tracking number o Classification and Support – categorization and prioritization based on impact and urgency o Investigation and Diagnosis – analyze and attempt resolution o Resolution and Recovery o Closure – confirms and records resolution with user Problem: unknown root cause of an issue with multiple incidents Known error: When the root cause of an incident has been determined Work around: Temporary solution Known error database: Database in which solutions to known errors are kept PROBLEM MANAGEMENT: Analyzes all incidents, but does NOT investigates all incidents. Designed to reduce the adverse impact of incidents and problems on the business and to prevent recurrence of incidents related to errors within the IT Infrastructure. o Controls Problems and Errors o Assists in the handling of major incidents o Performs Root-cause analysis o Resolves problems effectively o Proactive in the prevention of problems o Completes major problem reviews o Uses lessons learned o Identify, record, classify/categorize, diagnosis/investigate, resolve/close problems o Record, categorize, develop solution, submit RFC, confirm solutions Problem Control: Identification, recording, classification, diagnosis, resolution and closure Error Control: Identification, recording, assessment, resolution, recording, RFC, closure Interrelationships within Problem Management: Incident, problem, known error, RFC, closure Change: Any action that results in the change in status of a CI Request for Change (RFC): Details a requested change Standard Change: Pre-approved, recurring and well known change Minor Change: Minimal impact and requires few resources Significant Change: Significant impact and/or requires significant resources Major Change: Major impact and/or requires major resources – typically impacts multiple parts of the organization Urgent change: Immediate change required – testing is optional CAB – Change Advisory Board: Group of IT representatives with decision authority responsible for reviewing the technical and business aspects of proposed changes (high impact RFCs)
• • • •
• • • • • • • • • •
•
CAB Emergency Committee: Also known as IT Emergency Committee (ITEC) - Subset of CAB in an emergency meeting to review urgent, high impact changes Management Board: Management group that approves major changes Forward Schedule of Changes: Schedule of approved changes CHANGE MANAGEMENT: To minimize the occurrence of change-related incidents o Acceptance and filtering of RFCs – Approve / Reject o Classification – Assigns priorities based on Impact and Urgency o Change Approval – Change Manager / CAB / Management Board o Change building, testing, implementation o Post implementation review – Solution Confirmation CHANGE MANAGER: Coordinates implementation of Changes (RFCs) and issues the final PIR. Release: Collection of authorized changes that are tested and introduced into production together. Implementation of RFCs (Fixes /Enhancements) Release Policy: Rules for release implementation Release Unit: Portion of the IT Infrastructure normally released together (Fix-Pack for example) Full Release: All (CIs) components updated Delta Release: Only makes changes to certain (CIs) components Package Release: Combination of full and delta releases, or a set of HW and/or SW release units introduced into production together – Reduces frequency of changes DSL – Definitive Software Library: Secured physical library where quality controlled versions of all software CIs are stored – Tracked in the CMDB DHS – Definitive Hardware Store: Physical storage for hardware spare parts whih are equivalent to those currently in production RELEASE MANAGEMENT: Ensures success of large scale changes and works closely with the change manager to maintain CMDB accuracy. o Interacts with CMDB and DSL o Updates Configuration Management with details o Functions in three distinct environments: Development Environment: Apply release policy, plan for release, develop or buy software (confirm, plan, design, develop) Control and Test Environment: Build and configure, test release, release acceptance, plan for roll-out, communicate, train, and prepare for roll-out (build, configure, test, plan, communicate expectations) Production (Live) Environment: Distribute and install release Service Delivery Process: o Service Level Management Availability Management – Availability Management Capacity Management – Capacity Management Continuity – IT Service Continuity Management Cost – Financial Management of IT Services o Primary interface between Service Delivery Process and the customer – negotiates with the customer o Measures and reports o Balances customer requirements with the capabilities and cost constrains of the provider
•
• • • • • • •
•
•
•
o Proactively improves IT Services within imposed cost constrains o Aligns IT Services with business objectives o Maintains and improves IT Service quality trough a constant cycle of agreeing, monitoring, reporting and reviewing IT achievements o Produces, maintains and reviews the Service Catalog (SLA) - Service Level Agreement: Between the IT Service provider and customer that defines expectations and requirements by both parties: o Customer-based: One customer, multiple services o Service-based: Multiple customers, one service SLA Structures: types of SLAs that exists (OLA) – Operational Level Agreement: between the IT Services provider and an INTERNAL department that supports them (UC) – Underpinning Contract: with and EXTERNAL organization who plays a role in delivery of IT Services to the IT service provider’s customer Service Level Requirements: List of specific requirements from the customer that goes into the SLA Service Catalog: A menu of the services provided by an IT service provider Service Improvement Program: Project undertaken by the service level management that focuses on customer satisfaction in IT service delivery Multi-level SLA structure: o Corporate level – generic issues that apply to every customer within the organization o Customer level – all issues that relate to a specific customer group o Service level – all issues that relate to a specific service being used by a customer Components of a SLA: o Service Deliverables o Response times o Targets o Hours of service o Critical business periods and exceptions o Customer responsibilities o Provider responsibilities o Review dates o Results review Availability Management: Optimize the capability of the IT infrastructure and supporting organizations to deliver a cost effective and sustained level of availability to satisfy business objectives o Deliver sustained, cost-effective services o Collect, analyze, and report availability data o Proactively develop strategies for future requirements o Determine requirements o Create a plan o Implement and monitor the plan o Monitor external suppliers against the SLA and UC o Minimizing un-availability o Implements security policies developed by Security Management Availability: % of the service hours that a service is available
• •
• • •
• •
•
• • • • • • •
• • • • •
Reliability: Freedom from operational failure Maintainability: Ability to be restored to an operational state o Corrective: Repair AFTER disruption o Preventive: Repair or maintenance to PREVENT disruption o Inspective: Prevention of disruption Serviceability: Ability to get service when needed, even when third party is involved to provide service Resilience: Ability for service to function even though not all components are functioning correctly Security: Ensures that services are used by the proper people in the proper way o Confidentiality o Integrity o Availability (AMDB) – Availability Management Database: records availability data and produces performance metrics Incident Life Cycle: as it relates to availability – o DOWNTIME: Meantime to repair o UPTIME: Meantime between failures and/or meantime between system incidents o Availability is calculated against unplanned outages Capacity Management: Ensures that IT resources meet the needs of the evolving business in a cost effective manner, understands the current capacity performance and knows the capacity status of individual components. It has overall responsibility for performance, and is focal point for IT performance and capacity issues o Business Capacity Management: Current and future needs of the business o Service Capacity Management: Monitors performance within the SLA guidelines o Resource Capacity Management: Focuses on individual resources and emerging technologies Capacity Planning: Current and future needs of the business Modeling: Predicts future consumption (trend analysis) Application sizing: Estimates requirements to support new and changing applications before they are introduced into the environment Demand Management: Arranges with users to use certain services only outside peak periods Performance Management: Ensures the best use of current capacity is being utilized Workload Management: Monitoring workloads Continuity Management: Ensures that the required IT technical and service facilities can be recovered within required and agreed upon business time scales o Concerned with significant outages o Reduce the impact of disaster or major outages o Prevent loss of customer confidence Business Continuity Management: Anticipation and preparation for disaster recovery (business function) IT Service Continuity: Focused on continuity of IT services Crisis: When service is unavailable for periods longer than defined in the SLA Risk: Likelihood of business disruption and the loss from that disruption Risk Analysis: Assets, threats, vulnerabilities
• •
•
• • • • • • • • • • •
Risk Management: Countermeasures – o Prevention & Protection o Recovery & Restoration Recovery or Countermeasure options: o Do nothing (not good for critical services) o Manual back-up or workaround (minimal use of technology) o Reciprocal arrangement (organizations back each other up during emergencies) o Gradual recovery – Cold Standby – empty room with power to install equipment o Intermediate recovery – Warm Standby – 24-72 hours – equipped room – frequently outsourced o Immediate recovery – Hot Standby – 0-24 hours – mirrored data equipment – can be outsourced Disaster Recovery Plan o Should be tested initially, annually and each time the plan changes o Invoked by senior management o The biggest challenge is that this type of plan can be costly for something that may never happen IT Financial Management: Monitor and fully account for all expenditures, make costs apparent, and enable allocation of service costs by justifying proper charges to customers Direct costs: Costs related to a specific group or customer Indirect costs: Costs related to several customers Fixed costs: Costs that don’t change Variable costs: Costs that do change depending on situation and/or use Capital costs: Equipment, servers, routers, etc. Operational costs: Day to day operations Cost model: Framework for recording costs of an IT service provision. Allows specific charging Budgeting & Accounting: Ensures that correct finance is available and not over-spent. Predicts costs, accounts for expenditures Charging: Recover costs from customer – requires cost model Security Management: Protection of any IT function or data from unauthorized access, minimize security exposure or vulnerability, reduce impact of security breaches, and develop security policies that can be implemented by Availability Management.