
- •About the Authors
- •Dedication
- •Authors’ Acknowledgments
- •Contents at a Glance
- •Table of Contents
- •Introduction
- •About This Book
- •Foolish Assumptions
- •How This Book Is Organized
- •Part I: Introducing Service Management
- •Part II: Getting the Foundation in Place
- •Part VI: The Part of Tens
- •Icons Used in This Book
- •Where to Go from Here
- •Knowing That Everything Is a Service
- •Looking at How the Digital World Has Turned Everything Upside Down
- •Implementing Service Management
- •Managing Services Effectively
- •Seeing the Importance of Oversight
- •Understanding Customers’ Expectations
- •Looking at a Service from the Outside
- •Understanding Service Management
- •Dealing with the Commercial Reality
- •Understanding What Best Practices and Standards Can Do for You
- •Using Standards and Best Practices to Improve Quality
- •Finding Standards
- •Getting Certified
- •ITIL V3: A Useful Blueprint for Enterprise Service Management
- •Seeing What Service Management Can Do for Your Organization
- •Starting with the Service Strategy
- •Creating a Service Management Plan
- •Defining a Service Management Plan
- •Automating Service
- •Getting to the Desired End State
- •Four Key Elements to Consider
- •Federating the CMDB
- •Balancing IT and Business Requirements
- •Measuring and Monitoring Performance
- •Making Governance Work
- •Developing Best Practices
- •Seeing the Data Center As a Factory
- •Optimizing the Data Center
- •Managing the Data Center
- •Managing the Facility
- •Managing Workloads
- •Managing Hardware
- •Managing Data Resources
- •Managing the Software Environment
- •Understanding Strategy and Maturity
- •Seeing How a Service Desk Works
- •Managing Events
- •Dividing Client Management into Five Process Areas
- •Moving the Desktop into the Data Center
- •Creating a Data Management Strategy
- •Understanding Virtualization
- •Managing Virtualization
- •Taking Virtualization into the Cloud
- •Taking a Structured Approach to IT Security
- •Implementing Identity Management
- •Employing Detection and Forensics
- •Encrypting Data
- •Creating an IT Security Strategy
- •Defining Business Service Management
- •Putting Service Levels in Context
- •Elbit Systems of America
- •Varian Medical Systems
- •The Medical Center of Central Georgia
- •Independence Blue Cross
- •Sisters of Mercy Health System
- •Partners HealthCare
- •Virgin Entertainment Group
- •InterContinental Hotels Group
- •Commission scolaire de la Région-de-Sherbrooke
- •CIBER
- •Do Remember Business Objectives
- •Don’t Stop Optimizing after a Single Process
- •Do Remember Business Processes
- •Do Plan for Cultural Change
- •Don’t Neglect Governance
- •Do Keep Security in Mind
- •Don’t Try to Manage Services without Standardization and Automation
- •Do Start with a Visible Project
- •Don’t Postpone Service Management
- •Hurwitz & Associates
- •ITIL
- •ITIL Central
- •ISACA and COBIT
- •eSCM
- •CMMI
- •eTOM
- •TechTarget
- •Vendor Sites
- •Glossary
- •Index

126 Part IV: Nitty-Gritty Service Management
Accelerated technology change (new technologies usually are difficult to integrate and tend to be disruptive)
The automation of business processes across highly distributed environments encouraged by the introduction of a service oriented architecture (SOA)
The need for service management to manage processes to support corporate goals directly
The need for this approach is even more urgent than you may think, because the needs of businesses change constantly. An organization often has a network of relationships with partners, suppliers, and customers that must be managed in a holistic manner. As companies become more and more dependent on these networks, it is imperative to manage the underlying technology that supports them in a predictable and dynamic manner.
What organizations now want most from their data centers are efficiency and predictability: predictable costs, staffing levels, and performance service levels for IT users and customers bound together in an efficient integrated operation.
In Figure 11-2, earlier in this section, we present a set of service management processes. In the following sections, we discuss these processes and explain how they may participate in the optimization of data center activities.
Managing the Data Center
At the highest level, organizations have to take a businesscentric view of optimizing the data center. You may have the best-looking data center in the world, but if it doesn’t meet the performance needs of the organization or support the right customer experience, it will be a failure.
The top layer of Figure 11-2 (refer to “Optimizing the Data Center,” earlier in this chapter) is data center management, containing two processes: supplier management, and governance and compliance. These two activities tend to strongly influence all the activities in the layers below to some degree.
Supplier management
Supplier management is about determining and maintaining relationships and contracts with key IT suppliers. Depending on how much money your company spends with these vendors, you can establish significant discounts

Chapter 11: Managing the Data Center 127
for both purchases and support. Normally, any given business area works with more than one vendor, using a secondary supplier to provide a credible negotiating position with the primary supplier, for example. The conundrum in supplier management is that commitment to one supplier’s strategic technology direction may make it impossible to implement alternative innovative technology in the data center when that technology comes from other sources.
Supplier management isn’t a technology-supported activity (beyond the use of office software) and isn’t likely ever to be well defined; generally, it’s an art form. Who can know which vendors and what technology will dominate the market in five years’ time? If the chief information officer (CIO) and his team are good at choosing technology winners and negotiating contracts, they will do well in this activity. The CIO might also work with vendors to establish a more predictable schedule for maintenance releases, patches, and back version support. Normally, however, they also need the confidence and assistance of the chief financial officer and chief executive officer to acquit themselves well. The decisions they make determine or constrain many technology choices at lower levels, and these constraints need to be known and understood when decisions are made.
The key performance indicators (KPIs) for supplier management are expressed in terms of the unit cost of specific units of technology, the discount the company achieves against list price, and the actual useful life cycle of
the technology purchased.
Governance and compliance
Governance and compliance is the other key issue that has a big effect on data center strategy and many data center activities.
Compliance
Depending on your industry and even your subsection of your industry, you need to focus on different compliance initiatives.
Compliance can be awkward because it imposes rules and processes that may be expensive and rarely pay for themselves. You may incur criminal penalties for failing to abide by some regulations. Your CEO won’t thank you when you tell her, as she walks away in handcuffs, that you saved thousands of dollars by ignoring regulations. For that reason, all compliance processes should be mandated by the board of directors, and all costs should be clear and visibly accounted for. The board will mandate specific costs and impose some constraints on how flexible some processes are, but these processes are mandatory.

128 Part IV: Nitty-Gritty Service Management
Governance
IT governance is about implementing, maintaining, and improving IT management and support processes. In theory, it doesn’t necessarily involve automation, although in practice, implementing IT governance effectively is difficult without a good deal of help from software. IT governance involves setting policy in all areas of IT activity. Especially in highly technical areas such as software security, not automating the implementation of policy is ineffective.
In many areas of IT, Information Technology Infrastructure Library (ITIL) standards can be implemented with little variance, and the implementation of the standard can be partly or wholly automated. (For more information on ITIL, see Chapter 5.)
It would be ideal if all IT policies and processes could be defined in a central repository and their implementation automated with little human intervention. Reality is far from that ideal, but in most data centers, much more could be done in this area. Typically, only a few elements of IT governance are automated. We discuss governance in greater depth in Chapter 10.
Managing the Facility
The second layer in Figure 11-2 (refer to “Optimizing the Data Center,” earlier in this chapter) depicts service management processes that concern the data center facility as a whole. This layer contains three primary processes: asset optimization, facility management, and disaster recovery.
Asset optimization
This service management process is served by the asset management application that we discuss as part of the service management infrastructure in Chapter 9. There, we focus on the need to capture accurate information about the assets that are deployed in the corporate IT network or possibly used on a cloud basis, which is part of what the application is intended to do. (We discuss clouds in Chapter 15.)
The application’s role is much bigger than just data gathering, however. Such an application also should be able to record and monitor the whole life cycle of any element of hardware or software, or combination of the two. In some organizations, this information is made freely available to at least some IT users so that they appreciate the costs and are able to calculate the return on investment associated with specific projects.

Chapter 11: Managing the Data Center 129
Ultimately, the IT asset management application (depending on what it does and how it’s used) can contribute information to many important activities, including the creation and implementation of specific policies or service levels. It can also help with the assessment of risk and with meeting specific performance objectives of the business.
All these activities can be counted as asset optimization activities of a kind. Multiple dimensions are involved in the use of any given asset; hence, other KPIs may be associated with asset optimization.
Traditionally, optimizing physical assets, such as in manufacturing environments, has been viewed as being entirely separate from optimizing digital assets. That situation is changing under the umbrella of service management. As IT begins to align more closely with business processes, the management of IT assets and business assets is likely to merge into a single activity. Data centers are becoming part of a larger ecosystem of service management; therefore, they need to integrate with sensor-based systems and process automation systems.
Facility management
Facility management is the activity of caring for and feeding the physical data center. It embraces everything from disaster protection (such as sprinkler systems and fire-retardant materials) to environmental controls (such as air conditioning and power management) to physical security.
Speaking of physical security, an increasingly important innovation is for organizations to tie their physical security (such as doors with passcodes) to a systems-based security system. If an employee is fired, for example, automated systems typically are in place to remove that employee’s passwords and prevent him from accessing systems. That same alert should trigger a change in the passcodes for the data center, as well as access to other physical environments that may need protection.
Significant economies of scale are involved in running a data center. When a data center runs out of space, the organization incurs a sudden, large, and unwelcome change in costs caused by the need to acquire a new, appropriately built facility to house more servers, which will need communications connections, power supply, air conditioning, security, and so on.
Data center space is the most expensive type of office space, so optimizing its use is important.

130 Part IV: Nitty-Gritty Service Management
A good KPI for keeping an eye on facility costs and efficiency is average workload per square foot of floor space. There are many ways of defining workload in terms of hardware resources. Maintaining a KPI of this sort is useful for many purposes, particularly when you examine the cost of using a hosting provider or cloud computing (see Chapter 15).
Disaster recovery
The ability to recover from disasters is vitally important, and most organizations have rules of governance that dictate the provision of specific disasterrecovery capabilities. If a disaster befalls the corporate data center, which has no disaster-recovery capability, the company is unlikely to survive. Therefore, having business continuity procedures is a necessity. From a service management perspective, disaster recovery is a combination of the process, corporate policies, and readiness to act when the data center fails.
Disaster recovery can be expensive, especially in very large data centers with thousands of servers. Full disaster recovery mandates having an identical data center somewhere, ready to go into action immediately, complete with staff, operating procedures, preloaded applications, and up-to-data data.
For most organizations, however, this plan is neither affordable nor feasible. Consequently, disaster-recovery plans normally provide for recovering only critical systems.
Disaster recovery can be complex, because as systems change and are upgraded, the disaster-recovery systems need to stay in step. The advent of SOA, for example, has posed some awkward problems for disaster-recovery systems. SOA-based systems typically are composed of services that are reused in different situations. Therefore, IT has to know the dependencies of these services across the organization. A related nuance is that disasterrecovery systems are rarely tested and sometimes not tested at all until a disaster occurs.
Luckily, technology developments make it increasingly easy to provide disaster recovery through the use of either cloud services or dual sites, with each data center providing disaster recovery for the other. (For details on clouds and virtualization, take a look at Chapter 15.)
Like any other IT activity, disaster recovery involves optimization issues. A company needs to link its service-level agreements and its asset optimization activities with the need for disaster recovery. As with everything in the service management world, compromises are likely to occur in terms of the disaster-recovery service-level targets and the necessary systems.