7 steps to mission critical IT services by usvoruganti

VIEWS: 214 PAGES: 19

									7 STEPS

TO

MISSION-CRITICAL IT SERVICES

Don’t Assume. Assess.
What’s on your 2007 wish list?
N MEETING SERVICE
LEVEL AGREEMENTS

N ADDING BUSINESS
VA L U E W I T H S T R AT E G I C A P P L I C AT I O N S

N COMPLIANCE,
SECURITY AND D ATA I N T E G R I T Y

N BUSINESS SERVICE
CONTINUITY

N INCREASING
PRODUCTIVITY

N REDUCING
COSTS

First of a six-part series from Stratus Technologies

THE CIO’s WISH LIST

PART 1

CONTINUOUS SERVICE AVAILABILITY
7 Steps to Mission-Critical IT Services
CIOs today are being called upon to interpret business strategy and priorities, then add value through information technology initiatives. At a time when “critical to the business” translates to “mission-critical IT,” how do you ensure end-to-end availability and reliability of the IT resources that enable your company’s essential business processes? This e-book offers seven steps for achieving continuous service availability to support key business processes. We’ll also examine the financial and other impacts posed by business service downtime. This series comes to you from Stratus Technologies, a leader in mission-critical availability for more than 25 years.

Uptime Supports Business Processes

Step 1: Don’t assume. Assess.
At the same time expectations for service delivery are rising, CIOs are taking steps to bring IT into closer alignment with the business. And the more intrinsic IT applications and services become to business processes, the more they become mission-critical. These increasing demands mean it’s probably time to reassess your mission-critical environment against the job you are being asked to do. For example, tougher mandates for information security and regulatory compliance require complete,auditable data. Not to mention that more users, more customers and more partners are probably counting on your IT services. If so, every hour of downtime will cost your company more.

N Supports SLA targets N Alleviates downtime costs N Enables auditable

compliance
N Improves worker

productivity
N Builds customer loyalty

and retention
N Protects your company’s

brand/image
N Strengthens competitive

advantage

THE CIO’s WISH LIST

PART 1

CONTINUOUS SERVICE AVAILABILITY
Maximizing the end-to-end availability of your mission-critical environment involves more than technology, of course. Procedures, policies and how people carry them out every day are vital. The same goes for security measures. It is important to understand the state of these elements and the dependencies between them. An up-to-date audit of your IT environment provides a baseline for staying in step with business needs.
The High Cost of Downtime
Hourly impact by industry: $ in millions $0.0 $0.5 $1.0 $1.5 $2.0

Infrastructure Analysis
N Hardware & software component integrity N Architectural design N Network design N Power, heating, cooling N Failures/trouble tickets N Wiring and cabling N Capacity and performance

Procedure & Policy Analysis
N Preventative/routine maintenance N Change control N Performance monitoring N User account management N Backup process N Configuration management N Problem management N Business continuity/ disaster recovery N Lifecycle management

Security Analysis
N Anti-virus protection N Firewall policies N Penetration testing N Security policy N Perimeter security N Personnel access control N Vendor access control N Testing

Telecom

Manufacturing

Phamaceuticals

$0.9

Banking

Transportation

Even when you believe your IT infrastructure is delivering optimal availability, a review can reveal new or overlooked information. Perhaps incremental changes such as software patches have introduced risk factors that have escaped notice. An assessment can also show whether previous efforts were as successful as they could be.
$1.0 $1.5 $2.0

COMING NEXT!
N Avoid a common pitfall:

the wrong metrics
Stay tuned to this six-part series from Stratus Technologies

Healthcare

$0.0

$0.5

Source: Meta Group

7 STEPS

TO

MISSION-CRITICAL IT SERVICES

Succeed by the Numbers.
What’s on your 2007 wish list?
N MEETING SERVICE
LEVEL AGREEMENTS

N ADDING BUSINESS
VA L U E W I T H S T R AT E G I C A P P L I C AT I O N S

N COMPLIANCE,
SECURITY AND D ATA I N T E G R I T Y

N BUSINESS SERVICE
CONTINUITY

N INCREASING
PRODUCTIVITY

N REDUCING
COSTS

Second of a six-part series from Stratus Technologies

THE CIO’s WISH LIST

PART 2

CONTINUOUS SERVICE AVAILABILITY
Step 2: Get the metrics right.
After taking stock of your current mission-critical IT environment, make sure you are measuring the right things. When response time is of the essence but throughput is slow, users won’t care that you can prove the application, the servers, and the network are all up and running. When customers go to the ATM and can’t withdraw cash, neither they nor your VP of self-service banking will be impressed by everything that is working. They only see a problem. That’s why thinking like “the IT guy” is no longer enough these days. The business drives what was once directed and measured primarily in terms of technology.

Looking to ITIL disciplines
Many companies look to the best ® practices known as ITIL , the Information Technology Infrastructure Library, as a starting point. Our scope here can’t do justice to the topic of ITIL. But we would like to borrow a concept: Understanding the business needs of your organization is indispensable. That knowledge provides a base for understanding what continuous service availability means in terms of your business processes. Take the vital step of communicating with your users to make certain you understand their requirements. When your goals involve existing IT services rather than new ones, you will want to know how expectations have changed over time. More than just users’ concerns go unattended when you measure the wrong things. Your staff will be

ALIGNING WITH BUSINESS GOALS

“Of 167 CIOs and other senior IT executives who participated in the survey, 95 percent said they had budgeted for or approved ITIL projects during 2005, and 85 percent said their ITIL plans included business goals as well as technical priorities.”

Most Companies Adopting ITIL Practices CIO Magazine March 1, 2006

monitoring and reporting on metrics that may not have much relevance — time they could put to more productive use. Staff attention and IT policies may also be misdirected.

THE CIO’s WISH LIST

PART 2

CONTINUOUS SERVICE AVAILABILITY
How many nines?
The gold standard of five nines, or 99.999%, availability is a familiar one. Designing individual components that can measure up to five nines — say, a server — is entirely possible. Now consider the chain of service delivery from end to end, and it is reasonable to expect the typical IT shop sees less uptime than that. You can’t count on all the links in the chain playing well, and you can’t count on them playing well together. Each additional nine of end-to-end uptime for an IT service comes at a cost. Not to mention that it’s challenging to maintain. On the other hand, downtime has consequences that range from disgruntled users, to gaps in regulatory compliance, to financial losses. Managing that risk is why missioncritical applications call for greater

AVA I L A B I L I T Y
Availability Level
Conventional High Availabiliity Contiinuous Availabiliity

BY THE

NUMBERS
To obtain a true service level measurement, you must examine the entire spectrum of a given business transaction including: • infrastructure • performance • IT processes and support services

Average Yearly Downtime
99% 99.9% 99.95% 99.99% 87 hours, 36 minutes 8 hours, 46 minutes 4 hours, 23 minutes 52 minutes, 33 seconds 5 minutes, 35 seconds 31.5 seconds

99.999% 99.9999%

availability protection. Striking the right balance requires determining how much uptime your organization truly needs, along with how much spending is reasonable to get there.

COMING NEXT!
N Matching business

continuity needs to your budget
Stay tuned to this six-part series from Stratus Technologies

7 STEPS

TO

MISSION-CRITICAL IT SERVICES

Business Continuity. Think Big.
What’s on your 2007 wish list?
N MEETING SERVICE
LEVEL AGREEMENTS

N ADDING BUSINESS
VA L U E W I T H S T R AT E G I C A P P L I C AT I O N S

N COMPLIANCE,
SECURITY AND D ATA I N T E G R I T Y

N BUSINESS SERVICE
CONTINUITY

N INCREASING
PRODUCTIVITY

N REDUCING
COSTS

Third of a six-part series from Stratus Technologies

THE CIO’s WISH LIST

PART 3

CONTINUOUS SERVICE AVAILABILITY
Step 3: See the big picture of business continuity.
Mission-critical IT services are defined by being available when and where they are needed. Protecting them with a business continuity plan ensures that an organization continues to function as much as possible under almost any adverse circumstances. Every company has its own requirements, depending on the service levels necessary to satisfy internal and external users and applications. Identifying what really matters to your business in the first place is fundamental to a business continuity strategy. Your assessment of your technology, staff, IT processes and business processes should inform your continuity plan. Disaster recovery has drawn a lot of attention because of recent natural catastrophes. Of course, business

E VA L U AT I N G B U S I N E S S C O N T I N U I T Y N E E D S

N What risks do you need to plan for? N Which mission-critical applications do you need

to protect?
N What impact would an interruption of these IT

services have?
N How fast does the IT service need to recover? N Is it acceptable to operate at reduced capacity?

How long?
N Which personnel will be responsible? N How will you ensure data integrity and security at the

alternate site?
N Where will the backup site be located? N How will you test and reevaluate business continuity

procedures to keep them current?

THE CIO’s WISH LIST

PART 3

CONTINUOUS SERVICE AVAILABILITY
continuity is not limited to preparing for huge but relatively rare disruptions such as devastating hurricanes. Threats come in many forms: natural disasters, security breaches, ordinary mishaps. Don’t forget that something as mundane as accidentally unplugging a power cord can knock out critical IT systems, too. Prudent, cost-effective continuity measures mitigate the risks of interruptions to your business and damage to your company’s reputation or brand. A thorough plan encompasses more than your servers or your network. A more thoughtful approach considers business service availability from an information lifecycle perspective. Let’s say you need to assure business service availability on a 24x7 basis. You will get more value from your business continuity plan by not only considering day-to-day sustaining activities, but also how to address changes in business requirements as your company’s markets and competition evolve. For example, many companies now impose a year-end freeze period on critical application environments. While this practice ensures a period of stability during a highly active business season, it impedes flexibility and a quick reaction to unexpected events. In these cases, a well-coordinated change control and testing process can maintain the ability to execute change -- even during critical processing periods. Mapping your objectives against your budget provides a reality check. Simple data replication may be the cost-justifiable answer for some services. Other mission-critical environments justify enterprise-level business continuity at a backup data center. When your needs are at the higher end, an outsourced managed service can offer a means of safeguarding business continuity without the full carrying costs of expanding your own headcount and physical facilities. The true goal is to put in place the people, processes and technologies to enable management that anticipates and adapts to changing business circumstances. Think of business continuity planning as another dimension of keeping IT services aligned with business needs — come what may.

COMING NEXT!
N The dangers of

under-estimating planned downtime and the human factor
Stay tuned to this six-part series from Stratus Technologies

7 STEPS

TO

MISSION-CRITICAL IT SERVICES

Mind the Gaps.
What’s on your 2007 wish list?
N MEETING SERVICE
LEVEL AGREEMENTS

N ADDING BUSINESS
VA L U E W I T H S T R AT E G I C A P P L I C AT I O N S

N COMPLIANCE,
SECURITY AND D ATA I N T E G R I T Y

N BUSINESS SERVICE
CONTINUITY

N INCREASING
PRODUCTIVITY

N REDUCING
COSTS

Fourth of a six-part series from Stratus Technologies

THE CIO’s WISH LIST

PART 4

CONTINUOUS SERVICE AVAILABILITY
Step 4: Plan for planned downtime.
In working with customers over the past 25 years, we have found that planned downtime can be as disruptive as unplanned downtime. A recent study by the Independent Oracle Users Group, where 39% of the respondents reported yearly planned downtime of 10 or more hours, echoes our experiences.
Hours of Planned Downtime per Year

We’ve found that immature processes and practices for proactively reducing and managing planned downtime are usually to blame in the case of such harmful consequences. For example, operating system patches and hardware upgrades are routine instances of planned downtime. The common practice is to schedule these events during periods of low service usage. Patches and upgrades often must be completed within a brief window of time, following an orderly sequence of steps. Particularly in a mission-critical environment, best practices call for executing the update beforehand in a test environment that simulates the production environment. This testing helps you avoid unanticipated effects on performance and availability. Software upgrades and reorganization of databases are less frequent, but involve similar considerations. Changes to applications are generally

more complicated. While many of the same issues apply, the scope of an application update merits a more formal change control and approval process for authorizing, stress testing, and quality assurance of changes before you roll them out on production systems — during scheduled downtime, of course. Good coordination between application developers and data center operations personnel will smooth out the process. Because planned downtime events have a way of spawning unplanned downtime, managing planned downtime to reduce possible complications is essential. A structured problem-management process not only helps to resolve the unforeseen event, but also provides for a corrective action feedback loop. The feedback lets your organization integrate lessons learned from each event to achieve continuous improvement of the process.

2 hours or less

2-5 hours

N/A

5-10 hours

10-24 hours 24+ hours

39% down 10 hours or more
Source: The 24x7 Challenge, IOUG 2006 Survey on High Availability Trends; n=265

THE CIO’s WISH LIST

PART 4

CONTINUOUS SERVICE AVAILABILITY
Other actions may include limiting the amount of scheduled maintenance performed at any one time, or running a newly upgraded production system in parallel with a non-upgraded system before cutting over. Of course, investing in technologies that limit the need to take the system offline in the first place is likewise valuable. Choosing and configuring technology to perform predictably is something that most IT executives understand well. With people, things are trickier. So it comes as no surprise that human error ranks as the number one cause of downtime in most studies we read.

PEOPLE AND PROCESS A N A LY S I S

Maturity of internal processes and controls is undoubtedly important. But we also find that better results come when IT staff members see their roles as being about business objectives rather than technology. Making the shift usually requires education and rewards. But with the right focus and the necessary integration between people, processes and technology, service capabilities for business users can improve dramatically.

N Training N Cross-training N Accountability N Authority N Escalation process N Certification N Backup coverage

Step 5: Consider the human factor.
Many mission-critical IT services can benefit from an upgrade in staff training and an update in policies and procedures. Reduce your exposure to mistakes by making sure policies and

procedures are well-crafted and documented. Then train people how to use them. Change control, incident and problem management, backup processes and configuration management are a few areas where small improvements can pay off in big results.

COMING NEXT!
N Getting from reactive

to proactive
Stay tuned to this six-part series from Stratus Technologies

7 STEPS

TO

MISSION-CRITICAL IT SERVICES

Go from Reactive to Proactive.
What’s on your 2007 wish list?
N MEETING SERVICE
LEVEL AGREEMENTS

N ADDING BUSINESS
VA L U E W I T H S T R AT E G I C A P P L I C AT I O N S

N COMPLIANCE,
SECURITY AND D ATA I N T E G R I T Y

N BUSINESS SERVICE
CONTINUITY

N INCREASING
PRODUCTIVITY

N REDUCING
COSTS

Fifth of a six-part series from Stratus Technologies

THE CIO’s WISH LIST

PART 5

CONTINUOUS SERVICE AVAILABILITY
Step 6: Limit firefighting
No CIO wants to increase the odds of unscheduled downtime. But that is what happens if you are not proactive enough in areas such as incident management and capacity planning. The agility of your company is likely to suffer as well. The more time your IT staff must spend reacting to issues and dealing with unhappy users, the less time they have to accomplish larger goals. Your team simply won’t have cycles to spend on adding business value. Improvements in system and network monitoring can alert your team to smoldering issues before they become five-alarm problems. Automate where possible for ongoing effectiveness and operational efficiency. Such tools can make sense of the enormous amount of monitoring data that is collected faster than a person can. Appropriate monitoring is a prerequisite for root-cause analysis, one of the most effective ways to reduce firefighting in your IT environment. A thorough approach will determine the cause of software errors down to the line of code and isolate hardware problems to the discreet component level. Root-cause analysis can also enable the proper error handling so valuable for averting problems often mistakenly attributed to software, but actually caused by transient hardware errors. You also need a means for forecasting capacity needs before systems and networks hit their limits, which causes availability problems and performance bottlenecks. some form of system redundancy must be part of the approach. Take scalability into account as well. While a number of strategies can help you effectively manage this situation, our experience leads us to recommend designing in availability requirements whenever possible. Although this involves time and effort in the design phase, research indicates that building in availability is still much cheaper and more effective than trying to remediate later. Mission-critical design principles Appraise the cost of downtime for your critical operations. Include lost revenue, the time and money required to resolve serious issues, and any penalties associated with failing to meet service level or regulatory compliance mandates. When it comes to service availability, the less left to chance, the better. If services must be accessible 24x7, Address single points of failure in your IT infrastructure. For more effective

Step 7: Simplify, simplify.

THE CIO’s WISH LIST

PART 5

CONTINUOUS SERVICE AVAILABILITY MISSION-CRITICAL DESIGN PRINCIPLES
reliability and availability without relying on operator intervention. Leverage best practices to reduce human error and improve efficiency. In growing numbers, companies are looking to the ITIL (Information Technology Infrastructure Library) documentation for insight and guidance in services management. As noted earlier, develop strategies that address unplanned as well as planned downtime. With our heritage of availability innovations, we can’t help but think of the many advantages a combination of fault tolerance and on-demand, remote access services can provide. Not every company has in-house expertise in mission-critical IT services, and training takes time. In these situations, managed services can add another level of value — reducing costs and time-to-implementation. Or you may simply want short-term assistance for a specific project without having to hire people with skills that command a premium. Throughout a solution’s lifecycle, plan to periodically measure results, assess deficiencies and make technology or procedural adjustments to avoid future problems. A single source of accountability for design, implementation and lifecycle support can simplify the long-term management of complex inter-related IT environments.

N Understand downtime

costs for your critical business operations
N Address single points

of failure in your IT infrastructure
N Leverage best practices

e.g. ITIL
N Develop strategies to

address all causes of downtime
N Assess results and

COMING NEXT!
N Fulfilling your wish list for

adjust accordingly
results and simpler operation, consider technologies that provide redundancy and automatically protect

mission-critical IT services
Stay tuned to this six-part series from Stratus Technologies

7 STEPS

TO

MISSION-CRITICAL IT SERVICES

How to Get Started Today.
What’s on your 2007 wish list?
N MEETING SERVICE
LEVEL AGREEMENTS

N ADDING BUSINESS
VA L U E W I T H S T R AT E G I C A P P L I C AT I O N S

N COMPLIANCE,
SECURITY AND D ATA I N T E G R I T Y

N BUSINESS SERVICE
CONTINUITY

N INCREASING
PRODUCTIVITY

N REDUCING
COSTS

Last of a six-part series from Stratus Technologies

THE CIO’s WISH LIST

PART 6

CONTINUOUS SERVICE AVAILABILITY
Step 7: Get what’s on your wish list
Whatever your wish list for the year ahead, you probably find yourself with an ambitious list of priorities. Also true: Those goals won’t become reality unless your IT infrastructure has the reliability and availability you need for the applications essential to your business processes. Yet not all companies have the time or the skills to optimize the end-to-end availability of mission-critical IT services. Nor is it a typical focus of traditional IT infrastructure or business process consulting firms. Stratus Technologies consults with clients to assess, design, implement and manage end-to-end IT availability solutions. Because continuous availability has been our only business for more than 25 years, you can look to us for uncommon insight and professional expertise. Our Solutions Services team is prepared to address every aspect of your mission-critical environment from an availability perspective to ensure uninterrupted performance that supports the entire business process. We offer you a focused Continuous Availability Lifecycle Management approach for must-not-fail environments. Our model delivers infrastructure integrity, performance assurance, and lifecycle management through consultative engagements and a combination of professional, remotely managed and on-demand services. Stratus goes beyond the traditional sales and service relationship. We work with you as a true availability business partner. We apply our specialized knowledge of the intricacies of failsafe computing, helping your technology resources deliver maximum business value. By drawing on the right team of information
N

technology architects, software and hardware engineers, project managers and business analysts, we bring real-world experience to bear on your specific challenges.

A D VA N TA G E S F O R YOUR BUSINESS

N

Focuses on Continuos Availability of your mission-critical IT environment across the entire business transaction

N

Flexible support model uses your business processes as the starting point — no preset model

N

Ensures seamless, secure workflow integration with other enterprise management tools End-to-end holistic monitoring maximizes the performance of your IT infrastructure against specified business metrics

THE CIO’s WISH LIST

PART 6

CONTINUOUS SERVICE AVAILABILITY
An end-to-end approach The Stratus Continuous Availability Lifecycle Management methodology assesses your IT infrastructure’s every facet and recommends remediation where necessary. The solutions process verifies that the appropriate environment is in place for continuous operations — even through disruption, disaster and endof-life of individual components. Peak performance of critical solutions is assured through monitoring, alerting, incident management and problem resolution services. Proactive lifecycle management helps you structure and implement process and architectural changes designed to sustain continuous availability. Our technology-enabled delivery platform and program combine to provide 24/7 online analytics and

Stratus Continuous Availability Framework
Solutions Process
Assess
Recommend

Delivery Platform
Sustain Remote Managed Services Service Management Availability Dashboard/Portal

Implement

Infrastructure Integrity Performance Assurance Lifecycle Management

Service Program
The Stratus Continuous Availability Lifecycle Management methodology assesses your IT infrastructure’s every facet, recommends remediation where necessary, implements process and architectural changes, and sustains continuous availability through proactive management.

support for all of your applications and end-to-end business transactions. Contact your Stratus representative to learn more about the Stratus Continuous Availability Lifecycle Management program.

C O N TA C T S T R AT U S T O D AY.
N Because your wish list

can’t wait
www.stratus.com

7 STEPS

TO

MISSION-CRITICAL IT SERVICES
N N N N N N
N Last of a six-part series from Stratus Technologies

7 Steps to Mission-Critical IT Services is an e-book authored by Stratus Technologies. Stratus is a leading global solutions provider focused on one thing: helping customers achieve and sustain the availability of their information systems in support of their critical business processes.

www.stratus.com
Stratus is a registered trademark and the Stratus Technologies logo, the Continuous Availability Framework logo, and Stratus Continuous Availability Framework are trademarks of Stratus Technologies Bermuda Ltd. ITIL is a registered trademark, and a registered community trademark of the Office of Government Commerce, and is registered in the U.S. Patent and Trademark Office. All other trademarks and registered trademarks are the property of their respective holders. © 2006 Stratus Technologies Bermuda Ltd. All Rights reserved.


								
To top