How much time do you spend fixing unplanned outages? If IT firefighting and last-minute changes often sap your nights and weekends, and you don't know where to begin when a critical system fails, there's hope. The prescription for this chaos is ITIL (IT Infrastructure Library), a set of best practices for running an IT organization.

ITIL is really common sense. It's what many successful organizations already do--the processes we've learned from the school of hard knocks. ITIL forges a bond between IT, management and external customers by offering them a single language and defined channels for communicating with one another.

ITIL normalizes the language describing best practices. For example, a resolution process like incident management indicates a single failure in ITIL parlance. Problem management, another ITIL resolution process, stitches together all incidents that relate to a particular problem.

The United Kingdom's Office of Government Commerce created the ITIL framework. But ITIL is no bureaucratic glacier--rather, it continues to morph, evolve and be redefined by real organizations using it. The OGC's site provides information on how to get ITIL documentation. There's also a handbook for implementing ITIL (see "Up Close and Personal With ITIL,").

Dig Deeper (on-site search queries) IT Compliance ITIL Read On Service Management Saves the Enterprise ITIL certification standard ITIL demo books ITIL IT Service Management Zone Office of Government Commerce (OGC) ITIL User group in the United States

Consultants and contractors with ITIL expertise, as well as nonprofit organizations like itSMF (IT Service Management Forum) and ITPI (Information Technology Process Institute), say the benefits of ITIL include lower IT operating, start-up and resource costs, fewer network and system errors, shorter MTTR (mean time to repair) and longer MTBF (mean time between failures).

Taxing Taxonomy

ITIL has a well-defined but complex taxonomy. This Workshop offers an overview of the ITIL framework--to serve business needs successfully and predictably, you must commit ample time and resources toward studying, implementing and maintaining ITIL.

ITIL's best practices fall into seven groups: service support, service delivery, infrastructure management, planning to implement service management, application management, business perspective and security management. We'll delve deepest into service support and delivery--these offer the best way to begin understanding ITIL.

Service support is the set of day-to-day operational tasks needed to keep track of change in an IT organization. It comprises five basic disciplines: configuration management, problem management, change management, helpdesk and software control and distribution.

Configuration management involves placing all IT configuration data in a repository called the CMDB, which may be either a single database or a confederation of databases. This data includes information about an asset's importance, such as whether it's a centralized router, a server in a pool or an edge switch.

Like most inventory systems, the CMDB will typically use "make," "model" and "serial number" fields. Other fields may include "status" and "relationship."

Status describes the procurement life of an asset, using terms like "ordered," "testing," "obsolete" and "stolen." Such classifications help you track whether an asset is doing meaningful work, or whether it requires attention or is no longer involved in production operations.

Relationship mapping defines the asset's importance and impact, telling you, for example, what the asset is connected to, where it's resident and whether it's being used by another device. Often, the knowledge of how network devices are connected, or what server is running which applications, is held only by IT staffers. This CMDB relationship connection at the highest level attempts to map services, such as e-mail, onto a supporting infrastructure like Microsoft Exchange or SMTP. These services are then mapped onto servers, which rely on operating systems, hardware and network connections. Documenting relationships lets senior IT folks devote more time to development, while making it easier for less experienced IT people to handle incidents.

Vendors can create and leverage the CMDB database. Opsware and Tripwire, for example, both create asset entries with the CMDB in mind. Asset-management vendors, which scan and inventory desktops, servers and network infrastructures, will use CMDB to create targets for configuration backup and software delivery. Service-management vendors such as Managed Objects already leverage their data integration and collection across third-party vendors to create CMDBs. And service-support products such as FrontRange Solutions' HEAT service-desk package can read an existing CMDB to identify impact, send alerts and track changes.

The second ITIL best-practice task for configuration management is access control. This specifies who can change a record in the CMDB for a device or group of devices. The third task is recording and maintaining the status of every asset in the CMDB, an obvious task and one that should be automated using network- and systems-management software. The final task is auditing and verifying the CMDB to assure its accuracy.

ITIL incident and problem management maps closely to what operators in an NOC do all day--identifying, finding and fixing faults. Remember: Incidents are single events that are indicative of a larger problem. The root cause of an incident is resolved and recorded during the problem-management process, and it can help you sleuth a real underlying problem. The goals of ITIL's problem-management discipline are preventing recurrences and doing preventive maintenance to avoid failures.

Change management, meanwhile, is something many IT organizations currently employ. It involves planning for change and recognizing its impact and benefit. In addition, change management encompasses testing, as well as devising backout plans in case a change fails.

Helpdesk is the front line of IT service, and many organizations already have helpdesks in place. It's part incident coordination and logging, and part diagnostics. This discipline puts a face on IT and gives users a voice.

The final ITIL service-support discipline is software control and distribution, aka release management (depending on who you talk to). It involves software-feature development, installation and software-distribution planning. This may sound like a desktop-management suite, but it isn't. Rather, it's about the IT tasks that use desktop management.