An overview of IBM Service Management

With the rapid growth of information technology (IT) as an enabler for businesses, companies in all industries increasingly depend upon its power for competitive advantage and business growth. This dependency has evolved significantly from the initial use of the mainframe to perform well-defined, repetitive “back office” activities, such as invoicing, inventory control, or payroll, to the expectation today that business services will be delivered over Internet, making them accessible at any time and anywhere in a globally integrated fashion.¹ In this new era, the concept of a business service is itself evolving. There are many views among analysts, vendors, and customers about what constitutes a business service. We define a business service as a value delivered to any customer, partner, or user by applying a group of IT and non-IT assets that together provide a comprehensive, end-to-end business process, transaction, or product.

The quality of IT-enabled business services is a key factor in customer retention, because competition is omnipresent. At the same time, as shown in Figure 1, the complexity of the infrastructure needed to deliver these IT-enabled business services has been increasing rapidly. The IT presence and function of a company can sometimes extend into the customer's location, allowing the customers of the company to view product information, order goods and services, track shipments, and pay bills over the Internet.

Figure 1

To support these business services and the processes behind them, the IT organization now collects, controls, and helps analyze large amounts of data, which may influence the future direction of the business. Data-mining practices have helped companies increase market share, identify new market opportunities, and optimize business processes. Increasingly, IT is involved in the relationship of a business with other businesses. Order and supply relationships are established and controlled, invoices are issued and paid, and collaborative projects are created and executed, all as needed through the use of IT resources. The process of transforming businesses to operate in this way has been called the transition to “on demand” business.²

An on demand business requires alignment and optimization of its technological infrastructure with the demands of its business design. People, information, and processes need to be integrated, and often the IT infrastructure becomes an impediment to rapid adaptation to new business challenges. The following are some of the key challenges faced by businesses in their transformation:

• Complexity—The root cause of the problems IT organizations face lies in the dramatic increase of business complexity due to heterogeneity of environments and the interconnection of applications (composite applications). Architectural and organizational issues, accelerating the proliferation of composite applications and hardware entities, and worldwide operations spanning multiple time zones all contribute to reducing the efficiency and effectiveness of the IT organization.

• Change—Complexity makes for very brittle, hard-to-manage infrastructures that often break under change and whose management requires a discipline that few customers achieve without flaws. Increasing workloads, more stringent service-level assurance requirements, staff turnover, and new market opportunities all lead to pressure for change in the IT organization. Change is the leading cause of service or application disruption today, and it often results in visible business impact. In fact, our experience suggests that nearly 80 percent of all critical outages can be traced to faulty change management.

• Cost—Currently, operational IT labor cost constitutes almost 70 percent of the total IT budget of businesses.³ In the late 1990s, half of the IT labor budget was devoted to new application development and half was devoted to operations. As IT budgets have been held flat, the chief information officers of IT organizations have faced two unappealing choices: shift resources from new application development or reduce the level of support for current applications. Both options serve to reduce the efficiency and effectiveness of IT.

• Governance and compliance—The introduction of government regulations, such as the Sarbanes-Oxley Act (SOX)⁴ and the Health Insurance Portability and Accountability Act (HIPAA)⁵, have put an additional burden on the IT organization to support the needs of the business to audit for compliance through the institution of better process controls and the maintenance of audit trails for IT infrastructure changes. This requires careful consideration because of the penalties of noncompliance, including criminal and civil liabilities and adverse public opinion.

The challenges previously described are moving the relationship between the business unit and the IT organization from one of customer and technology provider to one of partners in applying technology to address business needs in a financially responsible manner. A new working relationship aligning the IT organization with the needs of the business is the major theme of the IBM Service Management approach to IT management.⁶ The IBM Service Management methodology advocates managing the IT organization as a business. Though an IT organization may be operating entirely within the confines of a single company, the IBM Service Management approach recommends that it conduct its management by defining its market or its customers and the customer's needs or requirements and developing solutions or services to meet those needs.

As the IT organization works with its newly defined business-unit customers to identify their needs at a business level, consistent patterns of requirements typically emerge. Examples of such common patterns are the need to develop, deploy, and manage software applications in support of business services, manage security, backup, and recovery, and provide network services. At this level, many business-unit needs may become common and can be satisfied through the creation of common IT services. Once realized through the necessary hardware and software elements, these services can be made available in a service catalog that can be accessed by business units with IT requirements. As the selection of standard offerings grows, the need for special projects decreases. The service catalog provides, as a secondary benefit, an easy reference for the services that the IT organization provides and by inference, those it does not provide. This operating model improves the capability of the IT organization to be fiscally responsible; it includes the costs of providing standard services and can assist in identifying and negotiating requirements that are not addressed by standard services.

Once standard services can be offered on a repeatable basis, metrics can be developed to measure efficiency and cost in providing the services. These metrics can be used to continually provide insights into areas where service costs can be decreased, efficiency in delivery increased, and service quality improved. Technology-related metrics (such as processor speed or memory) can be replaced by business-relevant metrics related to the services provided (such as end-to-end cycle time to provide a service and the number of requests handled every quarter). Standard services and the metrics and controls put in place to support their delivery also aid in supporting audits and compliance with government regulations. If a large percentage of IT operations are based on standard services (and exceptions are handled in a prescribed manner), many of the checks and balances, roles and responsibilities, and metrics required for auditing will be inherent or will easily be created in the infrastructure.

The goals of the IBM Service Management strategy are to do the following:

1. Take advantage of the years of industry and domain expertise of several thousand practitioners in the areas of ITIL** (Information Technology Infrastructure Library**),^7,8 eTOM** (Enhanced Telecommunications Operations Map**),⁹ COBIT** (Control Objectives for Information and Related Technology),¹⁰ and CMMI** (Capability Maturity Model Integration)¹¹ and technologies like service-oriented architecture (SOA) and autonomic computing to define best practices for service management.

2. Create an integrated approach to service management for development and operations teams, addressing the full life cycle of a service, from concept to full production.

3. Create an architecture for organizational and task automation consistent with SOA principles, based on a service management platform that allows for the integration of people, processes, information, and technology into a coherent, integrated runtime.

4. Invest in autonomic-computing technologies to improve automation and reduce the need for human involvement in repetitive and mundane tasks.

5. Create an adoption model and deployment reference architecture to help customers deploy service management in an incremental way.

6. Create and drive standards in the area of service management.

Achievement of these goals would result in an agile and adaptable business with a means for the clear expression of its services. The following sections explain in more detail the elements of this strategy.

One of the key success criteria for service management is to ensure a comprehensive and cohesive view of the entire service-management life cycle. To do this, IBM has taken advantage of the expertise of field practitioners to create a consolidated and comprehensive perspective on service management. This is documented in the IBM Process Reference Model for IT (PRM-IT)⁶ for process and organizational components, and the Common Data Model¹² for resources and data components. Figure 2 provides an overview of the solution areas covered by PRM-IT.

Figure 2

Content for PRM-IT is available through the IBM Rational Unified Process* and the IBM Tivoli* Unified Process, which cover both the solution development and operations disciplines of service management.

IBM provides not only documentation of processes embodying best practices, but also a runtime environment in which these processes can be actualized in running applications that can be used by an organization on a day-to-day basis. Figure 3 shows the major components of this integrated service-management approach.

Figure 3

Service management is enabled by two major focus areas: the creation and delivery of supporting software for IT-enabled business services and the delivery and support of these services in production. The first focus area, shown on the left side of Figure 3, is oriented toward improving the productivity and efficiency of geographically distributed teams within a development organization that need to collaborate with each other to create, manage, compile, and test changes to the source code of application software. Integrated change and configuration management of source code is needed to ensure that quality software is created and delivered to the operations team for deployment into production. Process management for software delivery involves requirements analysis and tracking, procedures for source code access, software test case management, and software-defect life-cycle management. Various process management applications are needed (e.g., Rational ClearCase*) to ensure that multiple developers and testers can efficiently record defects, update source code, compile and test the code, and close out defects in a timely and efficient manner.

The second focus area, shown on the right side of Figure 3, is oriented toward delivering high-quality services with attention to service-level commitments, financial management, and business continuity while improving the productivity and efficiency of geographically distributed operations organizations managing multiple data centers worldwide. The service delivery teams deliver IT services with appropriate commitments to the business to ensure that all elements of the service satisfy business requirements. They also have to ensure that the architecture supports the required levels of “failover” and recovery to provide IT service continuity. Necessary software is developed internally or acquired from vendors. When the service is ready for deployment, the operations teams have to ensure that impacts are assessed, the appropriate stakeholders are notified, and the deployments to production servers are scheduled in the appropriate change windows. These functions are accomplished through a combination of process management products that focus on workflows which integrate multiple operations staff and operational management products. These products focus on the automation of specific tasks (e.g., service-level agreement management and software distribution). All of this is centered on a service management platform that leverages a configuration management database (CMDB), a workflow runtime, and collaboration technologies.^12–15

A best-practice perspective of services is provided by the IBM SOA model.¹⁶ SOA provides a methodology and reference architecture for expressing business services to ensure that no matter how much their supporting systems and technologies may differ, services are able to interoperate. SOA makes it possible to share information not only throughout an enterprise but with customers, suppliers, and partners.

As depicted on the left side of Figure 4, SOA supports business services during their entire life cycle by means of development services that facilitate service design, business services that improve operations and decision making with real-time business information, management services that monitor and manage business services and include capabilities that relate to scale and performance, and infrastructure services that optimize throughput, availability, and performance.

Figure 4

The SOA reference architecture also contains a set of services that are oriented toward the integration of people, processes, and information: interaction services that provide the capabilities required to deliver IT functions and data to end users; process services that provide the control functions required to manage the flow and interactions of multiple services in ways that implement business processes; and information services that provide the capabilities required to federate, replicate, and transform data sources that may be implemented in a variety of ways.

The reference architecture also contains a set of partner services that provide the document-, protocol-, and partner-management capabilities required for business processes that involve interactions with outside partners and suppliers; business application services that provide runtime services required for new application components to be included in the integrated system; and access services, which connect existing enterprise applications and enterprise data. Communication between SOA services is facilitated by the enterprise service bus, an architectural construct that offers interconnectivity.

Depicted on the right side of Figure 4 is the innovative three-layer view of IBM Service Management comprising: (1) process-management capabilites, which are responsible for expressing higher-level organizationally oriented activities within a particular domain; (2) a service-management platform, which provides an integrated and modular service-management architecture; and (3) operational-management capabilities, which provide automation-friendly, lower-level resource control. This service-management viewpoint maps seamlessly with the SOA viewpoint, and, in fact, is an instantiation of SOA for the business of managing IT.

The process-management layer uses service-management processes realized as service-management business services and exploits, where needed, SOA process services. Service-management processes (e.g., change and configuration management) are made available to services in other service-management domains, subject to typical authorization and request-refinement functions. Thus, a service request for additional storage within an enterprise may result in a change request to particular storage elements within the environment. Necessary process-management interactions that involve organizational interaction with external entities (e.g., network services provided by a wide area network carrier) can be accommodated by using partner services as needed.

The ISM platform expresses SOA management services from a service-management perspective and can be both the receiver and provider of interaction services and information services. The platform provides not only a conduit for integrating service-management functionality within an explicitly recognized value proposition (e.g., change management), but also a common metadata-driven framework for cross-domain integration. The platform incorporates the IBM Change and Configuration Management Database (CCMDB), which reflects the technological elements of the infrastructure, their relationships, and current and desired states, and provides a means to share configuration data among diverse services and processes. Finally, the operational-management layer provides the opportunity for control and interaction, through SOA-conforming interfaces, of an extraordinarily rich set of capabilities to provide automated control of the managed environment.

Autonomic computing is one of the key technology initiatives for helping to reduce the cost and complexity of owning and operating the IT infrastructure. This initiative is directed toward maximizing the value that customers can achieve from IT investments by minimizing the operational burdens that are commonly associated with managing components, systems, networks, software, and derived information services. In an autonomic environment, IT infrastructure components (from desktop computers to mainframes and systems management software) are self-configuring, self-healing, self-optimizing, and self-protecting. These attributes are the core values of autonomic computing.

IBM has been working with the IT industry to create autonomic technology conforming to the “monitor-analyze-plan-execute” architecture.¹⁷ Figure 5 shows how autonomic technology can be used to create autonomic behavior in virtualized resources and, at the same time, maintain a higher layer of IT management processes to control the behavior of these virtualized resources through policy and delegation.

Figure 5

The efficiency and effectiveness of IT management processes are typically measured using metrics such as the elapsed time of a process, percentage of process executed correctly, skill requirements, and the average cost of service execution. Autonomic computing technology can help improve the efficiency and speed with which these processes can be implemented by automating some steps in the process and allowing the user to delegate routine tasks to the system to be performed automatically. Most IT management processes tend to be largely manual today, with a few automated steps. Within the context of delivering business processes, the goal of IBM Service Management is to enable customers to automate more and more of these processes. Initially, customers are not comfortable with trusting automation to take the correct actions. Over time, as the level of automation maturity and confidence improves, it should become easier for customers to delegate more and more routine tasks to automation. This is the road map for implementing autonomic behavior throughout the IT environment.

To support this road map, IBM is including, as part of IBM Service Management, the capability to support progressive delegation to automation. Thus, tasks can initially be performed manually, and as the user becomes more comfortable with the automated assistance provided by the system, he or she can then choose to delegate those tasks to the system. This allows the system to perform those tasks on behalf of the user at the appropriate point in the process and to provide notifications and create the appropriate logs. With this approach, we ensure that the overall process is still being followed, even though more and more of the steps in that process are automated.

To facilitate the adoption of service management, it is necessary for customers to have a clear idea of their current status and where they would like to go. The adoption model is a way to assist customers in making this assessment and in building their road map. Figure 6 shows one of the possible perspectives provided by the adoption model. In this perspective, the customer view of service-management adoption is organized along four management domains (IT business management, IT governance, IT development, and IT operations).

Figure 6

The core value proposition of the IT business-management domain is IT-business alignment, including IT operations and IT development capabilities. The management capabilities in this domain include managing IT customer relationships, the IT direction, and IT administration.

IT governance is both a framework and a life-cycle process. The core value proposition of IT governance is to provide clarity and transparency in directing and controlling the IT service management (ITSM) capability and in achieving desired behavior and business-aligned decision making within IT. IT governance includes managing the decision rights and accountability framework for directing, controlling, and executing ITSM. It also includes the governance life cycle—planning, designing, implementing, monitoring, assessing, and improving governance.

The core value proposition of IT development is business-driven development. It includes managing the solution-development life cycle resulting in software delivery. The core value proposition of IT operations is managing operations from a service perspective. This domain includes managing IT deployment, IT service operations, and IT resilience.

The different levels of adoption are shown along the bottom axis of the figure, with a progression from an environment with discrete IT silos to dynamic collaboration across organizations. The progression from level to level represents the most common approach to adopting service-management best practices and applying them for progressively more valuable purposes. The levels are cumulative—each level requires the continuation of effective capabilities from the previous levels.

IBM is also creating deployment reference architectures to help customers deploy service-management solutions. These reference architectures codify the common patterns of service-management deployments and provide architecture, design, and code integration assets that help a customer deploy a particular combination of service-management products and integrate them with common third-party and vendor products in the customer's environment.

IBM Service Management is an open architecture that uses standards to foster integration. Our customers have legacy tools from multiple vendors and internal tools with which our solutions must be integrated. To facilitate this integration, IBM is actively working with standards bodies to promote infrastructure and content standards for service management as well as many open-source reference implementations. These initiatives span a wide array of topics, including the expression of policy, configuration information and interchange formats, application-artifact descriptions, event formatting, resource-management interfaces, modeling languages, and consistent content representations. These efforts have strong linkage to best-practice initiatives such as ITIL, eTOM, COBIT, and CMMI.

IBM Chairman and CEO Sam Palmisano has long recognized that businesses are changing to embrace a globally integrated environment and has noted “Because new techology and business models are allowing companies to treat their different functions and operations as component pieces, firms can pull those pieces apart and put them back together again in new combinations, …”¹ This appreciation makes service management as we have described it in this paper of tremendous importance, since management of these enterprises requires greater flexibility than was required in the past.

Similarly, the service-management capabilities emerging with this new model pose rich and exciting challenges. How can a business be managed when many of the components within that business are not under its direct control? How will businesses provide management interaction points so that their infrastructure can be managed by others in fulfillment of their business goals? How will service management extend to provide an integrated vision for a variety of different service sectors? Even within the context of IT, for example, the integrated management of mobile environments, telecommunications, transparent computing, and pervasive devices is a daunting challenge. As the integrated environment increases in complexity, management tools will be required which reduce the problems created by this complexity.

Businesses now compete in an increasingly service-oriented environment, the effective and efficient management of which is of paramount importance. The days in which systems-management technologies could completely accommodate a complex service, with its interconnected and distributed elements, are in the past. In today's business environment, it is an absolute necessity to have management systems that provide visibility as well as confidence and reliance on autonomic or self-managing elements, all seamlessly linked with necessary best-practice processes that accommodate both business and automation. Such a service-management system must encompass people, processes, technology, and organization in order to completely fulfill its mission.

The system must provide a flexible framework which offers customers ready-for-use best practice experiences and management capabilities for a wide variety of managed entities, yet do so in a manner that is both flexible and easily reconfigured. This is a difficult balance to strike, but one that must be mastered by service-management product vendors and the vendors of services who use these products in order for customers to reap the full benefits of tomorrow's service-oriented capabilities.

The authors wish to thank members of the IBM team too numerous to mention for their contributions to IBM Service Management, but, in particular, C. J. Paul and Christopher Ward for their hard work in coordinating the development of this special issue of the IBM Systems Journal on IBM Service Management.

*Trademark, service mark, or registered trademark of International Business Machines Corporation in the United States, other countries, or both.
**Trademark, service mark, or registered trademark of the United Kingdom Office of Government Commerce, Telemanagement Forum Corporation, Information Systems Audit and Control Association, or Carnegie Mellon University in the United States, other countries, or both.

Accepted for publication April 26, 2007; Published online August 2, 2007.