TECHNOLOGY brief: Event Management. Event Management. Nancy Hinich-Gualda

Similar documents
Vendor: ISEB. Exam Code: BH Exam Name: ITIL V3 Foundation Certificate in IT Service Management. Version: Demo

Vendor: Peoplecert. Exam Code: CMS7. Exam Name: ITIL V3 Foundation. Version: Demo

Exin ITIL Exam Topic 1, Volume A QUESTION NO: 1. Which of the following is NOT an example of Self-Help capabilities?

ITIL V3 Foundation (Classified Questions) Page 1 of Which of the following questions does Service Strategy help answer with its guidance?

EXIN.ITIL _by.getitcert.com Mine Modified

EXIN ITIL Exam Questions & Answers

ITIL from brain dump_formatted

Building a CMDB You Can Trust in a Complex Environment

2014 new ITIL Foundation exam (2011 syllabus) Practice sample questions (220+) PDF file download

EXIN ITIL Exam Questions & Answers

ITIL Foundation v.3. Number: Passing Score: 800 Time Limit: 120 min File Version: 1.0.

Glossary 1. For a complete glossary of support center terminology, please visit HDI s Web site at HDI Course Glossary

HP Service Manager. Software Version: 9.40 For the supported Windows and Unix operating systems. Processes and Best Practices Guide (Classic Mode)

1. You should attempt all 40 questions. Each question is worth one mark. 3. The pass mark for this exam is 26 out of 40 (65%).

EXIN ITIL. Exam Name: Exin ITIL Foundation

EX Exam : Title : ITIL Foundation v.3. Ver :

CA Network Automation

Pass4sure.ITIL-F.347.QA

EX0-114_Wins_Exam. Number: Passing Score: 800 Time Limit: 120 min File Version: 1.0

IT Service Management Foundation based on ISO/IEC20000

Guide: Using FitSM to achieve compliance with ISO/IEC

CENTRE (Common Enterprise Resource)

Introduction to Novell Service Desk

The ITIL Foundation Examination

Implementing ITIL Best Practices

Part 0: Overview and vocabulary

EX q. IT 认证题库专家 QQ:

ITIL Foundation Examination

Contents An Introductory Overview of ITIL Service Lifecycle: concept and overview...3 I. Service strategy...6 The 4 P's of ITIL Service

The Future of Workload Automation in the Application Economy

PARTNER SOLUTION BRIEF

Incident Management Process

Incident Management Process

White Paper. Delivering ITIL Best Practices Through Unicenter ServicePlus

ITIL Qualification: MANAGING ACROSS THE LIFECYCLE (MALC) CERTIFICATE. Sample Paper 2, version 5.1. To be used with Case Study 1 QUESTION BOOKLET

ITIL Foundation Examination

Topic 1, Main(95 Questions)

BMC FootPrints. Service Management Solution Overview.

Service Strategy Quick Reference Guide

SESSION 607 Thursday, April 14, 2:45pm - 3:45pm Track: Metrics and Measurements. The Good, Bad and Ugly of Service Desk Metrics. Session Description

Service management solutions White paper. Six steps toward assuring service availability and performance.

How do we assure service availability at levels that make the IT infrastructure function so well it becomes transparent to our business?

AGILE ITIL SOFTWARE. Data Sheet AGILE ITIL SERVICE DESK AND ITSM JUMP START YOUR SERVICE DESK ITIL CERTIFIED PROCESSES WHOSE ITIL?

How Can I Better Manage My Software Assets And Mitigate The Risk Of Compliance Audits?

Vendor: EXIN. Exam Code: EX Exam Name: ITIL Foundation (syllabus 2011) Exam. Version: Demo

ITIL CSI Intermediate. How to pass the exam

Demand Management User Guide. Release

Unleash the Power of Mainframe Data in the Application Economy

Information Technology Engineers Examination. Information Technology Service Manager Examination. (Level 4) Syllabus

CA FAQS Production Control System for z/vse r5.0

Itaú BBA to safeguard business operations and financial transactions with CA Service Assurance solutions

RELEASING LATENT VALUE DOCUMENT: CA TLMS TAPE MANAGEMENT R11.2. Releasing the Latent Value of CA TLMS Tape Management

EX0-117 Exin ITIL Certification Exam

Moving Beyond Information Life Cycle Management

PINK ELEPHANT THOUGHT LEADERSHIP WHITE PAPER. Identifying & Implementing Quick Wins

Part 3: Recommended role model

SOLUTION BRIEF EU GENERAL DATA PROTECTION REGULATION COMPLIANCE WITH RSA ARCHER

Testinside. Exam : EXIN EX Title : ITIL Foundation v.3 Certification. Version : V3.88. Testinside -help you pass any IT exam!

QUESTION 1 What is known as a temporary solution that enables the user to continue working? A. Known Error B. Request For Change (RFC) C. Service Requ

ITIL Exam Questions Follow:

The Uber Orchestrator from CA Technologies

CWDS. Service Desk ITIL High-Level Design Plan. Created by:

Micro Focus Service Desk 7.4 System Planning, Deployment, and Best Practices Guide. November 2016

Best Practices For Complex IT Environments. James Dorney Technology Strategist Development

SapphireIMS 4.0 Business Service Monitoring Feature Specification

Keep All of Your Business-Critical Jobs On Track. CA Workload Automation idash Helps You Reduce Missed SLAs and Lower Costs

Here are the snapshots of the changes recorded in the three-month period

Microsoft Operations Framework

A technical discussion of performance and availability December IBM Tivoli Monitoring solutions for performance and availability

Annexure 1: Scope of work for the Information Service Management Tool (Help desk Tool)

Journey Up the IT Management Process Maturity Model To Assure IT Service Quality, Availability and Performance

Appendix A - Service Provider RACI Model

Achieve Your Business and IT Goals with Help from CA Services

IBM Tivoli Monitoring

SOLUTION BRIEF EU GENERAL DATA PROTECTION REGULATION COMPLIANCE WITH RSA ARCHER

Meeting the New Standard for AWS Managed Services

Exam : EX Title : ITIL Foundation v.3. Ver :

Dramatically Improve Service Availability Prioritize issues and prevent problems with consolidated event monitoring and service automation.

can I consolidate vendors, align performance with company objectives and build trusted relationships?

ITIL Intermediate Lifecycle Stream:

UNDERSTANDING THE NEED FOR A HELP DESK SOLUTION. How to select the right help desk solution for your organization

QUESTION: 1 What is known as a temporary solution that enables the user to continue working? A. Known Error B. Request For Change (RFC) C. Service Req

Fujitsu Philippines, Inc. Technology Infrastructure Services Catalog

ITIL: Operational Support & Analysis (OSA) (Revision 1.6)

CA Cloud Service Delivery Platform

Achieving Application Readiness Maturity The key to accelerated service delivery and faster adoption of new application technologies

RELEASING LATENT VALUE DOCUMENT: CA VANTAGE STORAGE SREOURCE MANAGER RELEASE Releasing the Latent Value of CA Vantage SRM Release 11.

Gain strategic insight into business services to help optimize IT.

Simplify and Secure: Managing User Identities Throughout their Lifecycles

CA SOLVE:Operations Automation Release r11.9

IBM Tivoli OMEGAMON XE for. WebSphere Business Integration. Optimize management of your messaging infrastructure. Highlights

Why You Should Take a Holistic Approach

ITILSC-OSA Exam. ITILSC-OSA. ITIL Service Capability Operational Support and Analysis Exam. Version 1.0

MOF Service Management Function Job Scheduling

Safer Pipeline Operations: Smart Notifications for Faster Incident Response

ITIL Foundations. Introduction. May 14, 2007

Management Pack Plus for Identity Management

CA SOLVE:Operations Automation r11.9

BMC - Business Service Management Platform

Service Operation. Scenario One

Transcription:

TECHNOLOGY brief: Event Event Nancy Hinich-Gualda Principal Consultant CA s

Table of Contents Executive Summary 1 section 1: Challenge 2 Simplifying ITIL How to Use the CA Process Maps Section 4: Conclusions 10 Section 5: References 10 About CA Back Cover section 2: Opportunity 4 Event Detect (Includes Fault Detection) Filtering and Correlation Select Response Review and Action section 3: Benefits 9 Realizing the Benefits of Event Copyright XXXX CA. All rights reserved. All trademarks, trade names, service marks and logos referenced herein belong to their respective companies. This document is for your informational purposes only. To the extent permitted by applicable law, CA provides this document As Is without warranty of any kind, including, without limitation, any implied warranties of merchantability or fitness for a particular purpose, or non-infringement. In no event will CA be liable for any loss or damage, direct or indirect, from the use of this document including, without limitation, lost profits, business interruption, goodwill or lost data, even if CA is expressly advised of such damages.

Executive Summary Challenge To achieve effectiveness and efficiency in the delivery of services (a struggle for many organizations), a formalized Event process helps contribute to controlled and repeatable operations. The goal of the Operation lifecycle is to effectively manage the technology used to deliver and support services which ensure value for the customer and for the provider of services. Strategic objectives can be realized thru service operations, therefore the proactive capabilities of event management are critical. Organizations struggle with providing and managing well designed processes for the daily operation of IT services such as monitoring service performance, assessing metrics and gathering data to support service improvement initiatives and activities. Most organizations today are drowning in data, with little to no information relevant to managing operations, let alone proactive delivery of this information. Opportunity Even though it wasn t until ITIL v3 that Event was specifically called out as a process, most organizations have been monitoring service components and managing events for many years. As the world of IT has changed and become more complex, managing the enormous volume of events without understanding the critical business services can leave an organization vulnerable and at risk. A sound and repeatable event management process provides an organization with the ability to quickly detect events, understand them, and then decide on an appropriate control activity or action to prevent an incident and/or service interruption from occuring. A key opportunity that event management provides is the ability for an organization to act in a proactive manner which increases operational efficiency and can reduce unnecessary cost due to preventable service disruptions. CA has developed a unique approach to representing the ITIL framework and its interdependent IT processes across the service lifecycle at in the form of an easy-to-navigate process subway map. This map is an ideal starting point for understanding and communicating about ITIL and helps you to successfully plan and implement Operations processes, including Event. Benefits When formally integrated with other processes such as Incident, Problem, Availability, Capacity and Level, Event can proactively signal expected or unexpected status changes allowing an organization to conduct early responses to improve overall performance. Formally adopted good Event practices as outlined with CA s process map helps an organization realize the following benefits: Increased ability to conduct proactive incident and problem management with early detection of incidents and potential service interruptions Increased operational efficiencies Improved risk management capabilities Increased speed of impact analysis Better allocation of resources ready to respond to expected or unexpected state changes Technology Brief: event MANAGEMENT 1

Assess & Classify Assets Monitor Demand Maintain Policy Analyze Performance Build Plan Manage Issues Meet Business Requirements Report Achievements Monitor s Methods/ Techniques Assess Risk Determine Vulnerabilities Build Specify Continuity Requirements Set Security Controls Forecast Model/Trend Requirements Document Definition Portfolio Build Catalog Analyze Contents Test Proactive Revise SLAs / OLAs Demand Review Business Views Technical Views Publish Live s Catalog Operational s Financial Customer Satisfaction Test Adjust and Tune Monitor Performance Maintain Business s Optimize Availability Manage Security Incidents Review and Audit Mitigate Risk Design SLA Framework Catalog Level IT Continuity Capacity Info. Security Availability Deliver Required Resources Key Intersections Strategic Controls Strategic Inputs Continual Improvement Validation and Testing Asset and Configuration Change Transition Planning and Support Release and Deployment RFC Analysis Planning Prioritize Schedule Change Key Intersections Strategic Controls Strategic Inputs Continual Improvement Develop Strategy Preparation and Planning Evaluation/ Decision Knowledge Transfer Categorize Impact Analysis CAB Review Execute (Emergency/ Standard) Build Schedule Monitor and Report Coordinate Resources Maintain Accurate Configurations Business Responsiveness Preparation Audit Status Reports Portfolio Demand Financial Configuration Control Manage Build/Release Identify Configurations Manage and Plan Assure Quality Report/ Closure Perform Tests Verify Deploy Adopt Best Practices Validate & Verify Ensure Release Value Problem Incident Event Request Fulfillment Knowledge Access Request (Incl. Self-) Provide Rights Verify Access Request Key Intersections Strategic Controls Strategic Inputs Continual Improvement Secure Access Prevent and Eliminate Problems Monitor / Track Informed Decisions Resolve Record Executive Policy Problem Control Deliver Standardized s Error Control Transfer/ Disseminate Transform to Usable Knowledge Demand Portfolio Store Info. Review/ Action Known Errors Automate and Control Financial Capture Info. Approval (Financial, Compliance) Fulfillment Resolve/ Recover Restore Raise Incident Filter / Detect Correlate (Incl. Fault Detection) Select Response Record Investigate Diagnose Escalate Work Around Section 1: CHALLENGE Simplifying ITIL The ITIL V3 process framework focuses on the service lifecycle and the way that service management components are structured and linked. It embodies critical guidance for IT organizations that are seeking to improve service quality and align more closely with business goals to create value for their business and its customers. But, the ITIL V3 best-practice guidelines across the five stages of the service lifecycle are complex and challenging to interpret. Moreover, they are not designed to provide definitive advice about implementing ITSM processes. Many IT organizations consequently undertake an ITIL journey without a firm idea of their goals and the path to achieve those goals. CA ITSM Process Maps illustrate at a high level how best to navigate a journey of continual service improvement guided by strategic controls throughout the service lifecycle. Each map describes the relevant ITIL processes and activities you ll need to work with to reach your goals. CA has developed a unique approach to charting the ITIL journey through a visual representation of the ITIL framework and its interdependent ITSM processes in the form of a subway map. These maps present an easy-to-navigate, high-level view of the ITIL terrain. IT executives, strategists and implementers can use these ITSM process maps along with the family of CA ITSM Process Map Technology Briefs that expands on them. The maps and technology briefs provide a common reference point for understanding and communicating about ITIL and help you with program planning and implementation. How to Use the CA Process Maps CA s process maps illustrate every process (or track), each activity (or station) and the key relationships that are relevant to navigating continuous IT service improvement. The ITIL quality cycle takes the form of a circle with each Plan-Do-Check- Act (P-D-C-A) step as a process integration point (junction) on the line. Junctions serve both as reference points when assessing process maturity, and as a means to consider the impli cations of implementing a process in isolation. CA has developed three maps (see Figure?) that portray the critical ITIL disciplines that most ITSM discussions focus on. They are: Design, Transition and Operation. Figure A Design, Transition, Operations Maps CA has developed three maps: Design, Transition and Operation since most ITSM discussions focus on these critical ITIL disciplines. Design Info. Security Capacity Catalog Availability PLAN DO CHECK ACT Level Transition Change Release and Deployment Transition Planning and Support PLAN DO CHECK ACT Validation and Testing Operation Request Fulfillment Access PLAN DO CHECK ACT Incident Event Problem IT Continuity Asset and Configuration Knowledge 2 Technology Brief: event MANAGEMENT

Figure B Design map The Operations map (Figure?) represents a journey of improving dayto-day IT service support operations processes that lay the necessary operational foundation upon which to build your business value. Operation Secure Access Prevent and Eliminate Problems Incident Monitor / Track Request Fulfillment Informed Decisions Record Resolve Raise Incident Event Request (Incl. Self-) DO Error Control Portfolio CHECK Filter / Correlate Detect (Incl. Fault Detection) Verify Provide Rights Executive Policy Transfer/ Disseminate Transform to Usable Knowledge Review/ Action Record Select Response Access Request Automate and Control Investigate Demand Store Info. Financial Diagnose Escalate Problem ACT Access PLAN Problem Control Known Errors Capture Info. Approval (Financial, Compliance) Work Around Fulfillment Deliver Standardized s Resolve/ Recover Problem Incident Event Key Intersections Strategic Controls Restore Knowledge Request Fulfillment Strategic Inputs Knowledge Access Continual Improvement This map depicts the major ITIL processes as the stations en route to an organizational process destination or goal. The ITIL process stations are served by tracks, which are positioned relative to one another to illustrate how they support the goal of continuous improvement. The ITIL continuous improvement cycle takes the form of a circle or central line, with each Plan- Do-Check-Act (P-D-C-A) step as a process integration point or junction on the line. Junctions serve both as reference points when assessing process maturity and as a means to consider the implications of implementing a process in isolation. This paper is part of a series of ITSM Process Map Technology Briefs. Each technology brief explains how to navigate a particular ITIL process journey, reviewing each process activity that must be addressed to achieve process objectives. Along each journey, careful attention is paid to how technology plays a critical role in both integrating ITIL processes and automating ITIL process activities. The ability of an organization to monitor events across the infrastructure and to understand the normal status of service components and have the capability to detect deviations from a baseline is paramount for effective service operations. This also acts as the foundation for enabling other service management processes like incident and availability management. Many organizations struggle with understanding normal service behavior (and often forget to benchmark to measure improvements). It is also common for organizations to struggle with managing the data they are collecting with technology; drowning in data with no information is a challenge all too often faced by organizations today. Technology Brief: event MANAGEMENT 3

Section 2: opportunity Event A good repeatable event management process provides an organization with the ability to detect Events, understand them, and then decide on an appropriate control activity or action to prevent an incident and/or service interruption. Appropriate activities or actions can include an action to dismiss an event or to record an incident. Efficient service operations rely on the timely handling of the many activities required to prevent incidents and service outages. An event as defined with the ITIL, can be considered an expected or unexpected change of state that could negatively impact service availability, service reliability and security. An event can also be triggered by an alert or notification created by an IT service, Configuration Item (CI), or monitoring tool based on business rules and referential data. Events typically require IT personnel to take action and often will lead to an incident record being created either manually or automatically. An alert is a warning that can be set up for notification that action may be required; basically it is a systematic message that demands attention for some reason. The alert could be an indication that a threshold has been reached or is about to be reached, something has changed either expectedly or unexpectedly or a failure has occurred. Alerts should be managed by an event management process because events sometimes lead to incidents which would then be managed by a controlled incident management process. There is a strong link between event management and incident management (as we saw in ITIL v2 where it was assumed that events were part and parcel with incident management). As we can see in Figure? below, Event intersects almost immediately with Incident. Figure C Track illustrates where Incident and Event processes integrate Process integration with Incident 4 Technology Brief: event MANAGEMENT

This snapshot illustrates how Event activities are a critical input to the Incident process. Event outputs to Incident providing Incident with the timely detection of events. This in turn allows Incident to act proactively and optimize the Problem process (for more information on Incident, please refer to the Incident Technology Brief can we provide a reference here??) Because Event provides the ability to detect incidents early, an organization can configure technology to support an event management process to trigger an incident after it has been automatically detected and be automatically assigned to the appropriate resolver group for action before any actual service interruption or outage occurs. Using technology to support an event management process makes it possible for some activities to be monitored by exception which can help eliminate the need for expensive and resource intensive real time monitoring, while at the same time, reducing unavailability or down time. Within Event there are several different types of events to manage which include: Many IT organizations spend too much time defining the service bottom-up, i.e. concentrating on the technical and operational aspects of the service. SLM can enhance IT s value to the business by gathering first the SLRs from the customer/ consumer and then working their way down to the technology. By mapping SLRs to SLAs and further down to existing/known technical and operational metrics (part of Operation Level Agreements OLAs) the gap between the is and to be state becomes transparent and can be closed (top down design, bottom up construction). Normal Operation Events these types of events can include an automatic notification that a scheduled workload job has completed as expected or a user has logged into an application that they had the right level of access to, or an email has reached an intended recipient. Normal operation events are important to monitor because they could represent a breach of policy or non compliance to a process. Exception Events these types of events could include user attempts to access an application with an incorrect password too many times or, a device s CPU is above an acceptable utilization rate or a PC scan reveals the installation of unauthorized software. Unusual Events these types of events usually represent something unexpected and require immediate attention such as a server memory utilization within 5% of the highest expected performance level, or the completion time of a transaction 10% longer than normal. The key point with any of these event types is that immediate action should occur in order to either raise an incident record or a dismiss and log of the event for further monitoring and trending. Before we move on to the key activities of an Event process as outlined by CA s process map, there are several important inputs to the event management process and key outputs of the process. These are key activities for optimal efficiency and have the highest potential for automated support eliminating the need for intensive resources and manual support (meaning more room for human error and slowed response times). Inputs to Event include: Event monitoring systems CMS (Configuration System) Identity and Access systems When we look at a generic process model, we see that data enters a process (an input), that data is processed, and then that data becomes an output. Inputs to the event management process can include data gathered from an Event monitoring system where we configure technology to continually look at critical components that make up a service and tell us (or alert us) when something is expected or something is not expected and requires action. Technology Brief: event MANAGEMENT 5

Inputs to event management can also come from a Configuration System (CMS). Configuration delivers an organization a logical model of services, assets and the infrastructure by recording the relationships between Configuration Items (for more information on Configuration, please reference the Configuration technology brief). The CMS holds all of the information for CIs within a designated scope. The CMS maintains the relationships between all service components and any related service management records and documentation. A CMDB is a Configuration database that is used to manage configuration records throughout their lifecycle and keeps a record of the attributes and relationships of CIs. Thru verification and audit activities, a CI may be discovered missing or incorrect which is an event type and would follow the event management process. We also see inputs to event management from security management or specifically identity and access management systems. This involves monitoring of user access to systems to ensure the right people are accessing only those systems or applications that they are entitled to. An organization would want to monitor user access and be alerted to any unexpected access attempts to the network or business critical systems to take immediate action to protect critical information. Outputs of Event : Notified resources Incident records Updated log files The main outputs from a process should be driven by the objectives of the process (in this case, to detect events, make sense of them, and determine the appropriate control action) and should always include process measurements, reports and process improvement. The outputs produced by a process should conform to operational norms that are derived from the business objectives. The main outputs of the event management process include the right resources notified in a timely manner to take controlled action. Automatic notification ensures quick reaction times in response to events that require attention in the form of a page out or in the form of automatic incident record creation, classification and assignment to the appropriate resolver group. In the case of an incident record not automatically created, and an alert dismissal is the only required action based on business rules, the output is an updated log file. Updated log files are necessary to build an accurate record of activity. Proactive problem management for example would look at the log files during trend analysis activities and reactive problem management would examine log files during root cause analysis activities (for more information on Problem, refer to the Problem Technology Brief). Now let s review the Event process journey (see Figure?), assessing each critical process activity (or station), and examining how technology can be applied to optimize each stage of the journey, ensuring arrival at the last stop on the track. 6 Technology Brief: event MANAGEMENT

Detect (Includes Fault Detection) Most organizations today have invested in monitoring tools configured with business rules and referential data to monitor critical business services and components for potential activity that requires immediate attention. Most often these are event monitoring systems, a Configuration System (CMS) and identify and access management systems. Event monitoring systems are configured with rules to monitor thresholds, i.e. security thresholds, capacity thresholds and availability thresholds. A CMS is also used to detect events by monitoring unexpected (or expected) CI changes of state. Identity and access management systems are used to monitor unauthorized access to the environment or password attempts (denial of service or unauthorized access detection). In all of these areas the goal is to configure the systems to monitor and raise alerts according to the rules set in place and set remediation activity in motion. It is through automation of event monitoring that IT organizations can quickly detect events and potentially raise an incident record before the incident has negatively impacted services. Detecting events early (including faults) allows for increased speed of incident resolution before service levels are impacted. Early alerting of detected events helps ensure that those events can be correlated quickly and remediated quickly before a service failure occurs and service availability is compromised. Monitoring tools can be configured with business rules to continuously examine critical business services and their underlying IT components to detect faults in the network or specific systems and applications. The benefit to using monitoring tools to monitor critical services is the reduction of resources required to watch for alerts, reduction of human error monitoring service components and the ability to integrate with other service management systems (like an incident management system and CMDB) for quicker response times and timely data processing. However, organizations are often challenged with the generation of large amounts of trivial events sent to multiple consoles, requiring multiple staff resources to monitor those consoles and manually assess critical events from non critical events. For this reason, it is crucial to understand the business and the business impacts in order to effectively manage (and prioritize) events. Once we understand the business requirements, a benefit of automated monitoring is the ability to quickly correlate the data the system is monitoring to take appropriate action. That brings us to the next station on CA s event management process track: Filter and Correlate events. Filtering and Correlation: Once alerts are raised within an event monitoring system, there is an event correlation based on business rules. Many organizations struggle today with data correlation due to their complex IT environments and lack of formalized process and understanding of the critical needs of the business. The sheer volume of data produced from event monitoring systems can become unmanageable if the proper process controls are not formalized and well understood. Once critical services are defined and mapped to the component level, it then becomes more manageable to make well informed decisions on correlating event information based on those service components. Rules are configured within monitoring systems that require a certain amount of activity to occur before an alert is generated or is based upon criticality of the service or components being monitored. The pre-defined system logic reaches a decision point to raise an incident Technology Brief: event MANAGEMENT 7

record (or not) in an incident management system. For optimal efficiencies this decision point should be automatic to reduce the amount of manual intervention to filter and correlate the data to take immediate action. Effective event filtering and correlation will help identify the originating point of events and a subsequent incident and disregard of non-critical events or expected events. Once a correlation of the data occurs, a response is required. Select Response: Once the business services are well understood and the children components are mapped, it is possible to select the most appropriate response to events in a more efficient and quick manner because prioritization of events is possible. The decision to respond to an event can involve a decision to create an incident record based on the event type and the event rules. This activity is at the CHECK junction of the PDCA cycle with Incident. An event type may require a page out to an on-call resolver group and/or an incident record created depending on SLAs in place. If an incident record is not required, the system log file is updated with the course of activity which enables traceability and the ability to examine activity at a later time (for Root Cause Analysis activities as an example). When an incident record is required, the action is automated; an incident record is automatically raised in the Desk application (incident management system). Automatic incident creation includes automatic classification and prioritization of the incident (again, based on predefined business rules) based on the CI/affected Asset. Once the incident record is classified/categorized, the incident is also automatically assigned to the appropriate resolver group. This automatic assignment requires a mapping of services to subject matter experts and/or technical resolver groups. In order to maintain service levels and adhere to SLAs, upon assignment to resolver groups, the SLA clock would be started to capture the most accurate mean time to restore services. This brings us to the last stop on the event management track; review and action. Review and Action: The process terminus on the Event track involves aggregating all of the collected data; reviewing that data and then appropriately acting upon the data. Depending on the nature of the event and the criticality of the service being monitored, a resulting automatic incident record may also require a review and set of actions by a SME and/ or technical resolver group. As an example, if a business critical application experienced an unexpected utilization rate causing slow performance that was in breach of an SLA, an event threshold could trigger multiple actions that could include an alert generation and creation of an automatic incident record. Event monitoring systems integrated with incident management systems may also automatically page IT personnel upon incident record creation. If an alert and subsequent incident raised was security based, the Security process may be triggered. At this point, the technician/sme reviews the incident record and determines the next course of action. 8 Technology Brief: event MANAGEMENT

These actions then result in the initial support and diagnosis of the incident (see Incident process activities) and progression of the course of actions to restore services. Revisiting our critical business application example with the unexpected utilization rate causing slow performance, this demonstrates how an input into the capacity management activity to assess demand of IT resources can proactively plan for future adequate capacity (for more information on capacity management refer to the Capacity technology brief). The review and action activity also includes a review of the string of activities: was the course of activity still appropriate? Do the business rules need to be changed? Is the event management process as efficient as possible? Am I monitoring the right business service components? This ensures continual improvement of the process and ensures the goals of the process are being achieved. Section 3: benefits Realizing the Benefits of Event : By formally implementing these key activities of an event management process, organizations are able to increase operational efficiencies by becoming more proactive at managing operations that experience faults and service outages. In today s complex IT environments, the volume of data being produced on a daily basis can be overwhelming and unmanageable without controlled and repeatable processes and the technology to support those processes. Millions of business transactions that rely on IT support are conducted every day. Without an understanding of critical business processes, managing events becomes an inefficient bestguess effort. Effectively managing events can speed data correlation and the time it takes to raise an incident record, allowing an IT organization to take immediate action to restore services before an end user or SLA is affected. Effective event management also helps risk reduction; by proactively monitoring critical services and deploying business rules to take immediate action, an organization is better poised to respond to potential threats and vulnerabilities. Other efficiencies include: Increased customer satisfaction levels with more consistent availability of services Elimination of process silos (event management directly integrated with incident and problem management) More efficient use of resources (with use of automated systems) aligned to the business objectives Technology Brief: event MANAGEMENT 9

Section 4: conclusions Conclusions: With the complexities of IT organizations today, the need for good event management practice is important and the need for technology enabled processes is critical for optimal operational efficiencies. The objective of an event management process is to detect events of critical service components and take immediate action to manage those events. Today we need data collected, correlated, processed and analyzed as quickly and accurately as possible. Efficiencies begin with prior planning to determine which services are critical and require monitoring along with regular review sessions to keep these rules defined, accurate and relevant. Technology plays a critical role in optimizing the Event process by automating the actual process activities themselves (such as event detection, event notification and automatic incident creation), and by accessing the outputs from other related processes (like Configuration ). Integration with other processes (especially Incident, Problem, Availability, Configuration and Level ) is vitally important to ensure that events are managed effectively and that the highest levels of availability and service are maintained. By utilizing CA s process map for event management, you are well on your way to understanding the key process steps and the automation opportunities to help you achieve your goals. Section 5: About the Author Nancy Hinich-Gualda Principal Consultant, CA s About the Author: Nancy Hinich-Gualda is a Principal Consultant for CA s where she advises senior management of customer organizations to identify opportunities for ITIL best practices and implementation programs for business service improvements. She has 10 years of IT experience and holds a Manager s Certificate in IT (ITIL v2) and ITIL v3 Foundations. She was a contributing author to CA s Process Maps: Your route to service excellence book (2007) and a contributing editor of ITIL and the Software Lifecycle: Practical Strategy and Design Principles (2008). To learn more about the CA ITIL solutions, visit ca.com/itil.

CA, one of the world s largest information technology (IT) management software companies, unifies and simplifies the management of enterprise-wide IT for greater business results. Our vision, tools and expertise help customers manage risk, improve service, manage costs and align their IT investments with their business needs. MP34509

2024 © businessdocbox.com Privacy Policy | Terms of Service | Feedback