Beruflich Dokumente
Kultur Dokumente
BMC
Automation
Passport
2nd Edition
Maximizing the Business Value
of IT Automation
Executive Summary
Examples include:
2.
3.
How can I radically reduce IT costs while increasing responsiveness to the business?
How can I shift my limited internal resources to the highest-value activities while also taking advantage of external
resources for flexibility?
How do I achieve these goals without exposing the company to the risks inherent in changing a complex IT environment?
Some analysts predict a massive shift away from central IT, as functional departments take advantage of new cloud-based
services that promise to replace internally developed applications, faster, better, and cheaper. Pundits theorize that shadow
IT will overshadow corporate IT as public clouds bloom, and IT decentralizes and is subsumed into business units.
Importantly, the roadmap factors in the changes in people (skills, roles, and organization) and processes (business and
technical) required to fully capture the benefits of automation technology, matching organizational readiness with increasing
technology sophistication.
The Automation Passport explains the three critical solution areas for high-value automation:
Cloud services
Each solution area level can be mapped to the Automation Value Model described within this text to gain greater clarity on the
potential automation value at each level and the organizational readiness required to achieve it. This measured approach is
the way to maximize automation value.
Cloud Services
Automated Cloud Services Roadmap
The appendices should be read by IT professionals responsible for understanding automation value or architecting and
delivering an IT organizations automation strategy. This materials augments the core content, expanding on specific areas (e.g.,
Appendix B: Provisioning & Configuration Value Metrics Formulas) and providing information that supports the overall content
(e.g., Appendix A: Automation Specialist Roles).
Automation Strategy
IT is accountable for delivering business value. Automation enables IT to optimize resources and increase efficiencies,
lowering costs and improving quality of service. This translates to business value by accelerating the delivery of services to
customers or internal groups, decreasing the cost to provide those services, and reducing risk. The challenge is in developing
an automation strategy and the discipline to measure value, so that you can systematically achieve all the benefits that
automation can provide across your IT organization.
Automation typically starts with an IT team that uses a familiar tool to solve a specific need. Because of this, automation
efforts are typically uncoordinated across an organization, employ many different tools, and lack any mechanism to measure
the comprehensive value they create.
As a company grows, automation procedures often remain ad hoc. The basics of automating manual IT activities seem easy,
yet when IT attempts to scale automation across a complex environment, results can fall short of expectations. Tactical,
short-term automation decisions can either become a long-term automation enabler or an expensive inhibitor. Piecemeal
initiatives using simple, makeshift tools can create bottlenecks elsewhere or management headaches that negate the return
on investment. When it works, automation is often ignored; when it fails, it can be catastrophic.
Because new automation is typically integrated and used to augment existing automation, building an automation
environment with weak underpinnings can result in serious reliability and support issues. Modern organizations have large,
complex cloud infrastructure and constant pressure to control costs, increase quality of service, and meet compliance
requirements. In these environments, an ad hoc approach is likely to lead to unacceptable outcomes. It is important to
approach your automation strategy in a holistic way to maximize total business value.
Figure 1 shows how the three critical solution areas for production data centersprovisioning and configuration; patching
and compliance; and cloud servicesfit in the model, which illustrates the increasing levels of automation and business
value. The model starts where most companies begin, with tactical, ad hoc automation, and plots paths to advanced, ondemand IT services. Each level of automation improves quality of service and reduces cost, which in turn justifies and funds
further automation.
After identifying the key solution area(s), baseline your companys automation level and maximize value at that level
before progressing to the next one. By measuring and documenting the value realized along the way, each
automation project can justify investment for the next one, creating a virtuous cycle of business value. While it is not
necessary to complete the value path for one solution area before tackling another, the highest automation levels
cannot be easily achieved without attaining at least the related solution areas process levels.
The remaining sections in Part I elaborate on how to assess your level and maximize value, including a customer case
study. Part II explores detailed best practices and lessons learned by solution area level.
10
Automation processes are initially focused on tactical operations and development needs (the Ad Hoc level). Examples include
server and application startup procedures, file movement, and procedures to test application software. As automation
sophistication increases, the need to plan, document, design, develop, and support automation dictates greater controls,
broader IT infrastructure coverage, increased organizational collaboration, and roles specifically aimed at delivering
automation and cloud services.
Successful BMC customers have achieved automation value by balancing technology adoption with organizational readiness
and process maturity. A short-term tactical decision made with medium-to-long term objectives in mind ensures automation
adopted today does not inhibit strategic automation objectives.
IT organizations that make tactical automation decisions for both technology and process without a strategy often fail to move
beyond their current automation states or incur significantly higher costs. The costs include ongoing development and support
of procedures, the re-evaluation of automation tools, the move to new tools, the training and re-training of staff, skills
retention, and the risks and impact of automation procedures unable to keep up with changes in IT and the business.
Use this framework to assess your overall automation level. Different IT teams may be at different levels. However, to ascend
to higher levels as a company, these teams must eventually be normalized and integrated. Also, value may not be maximized
within a level due to discrepancies between the adopted technology and the various teams organizational readiness.
11
Value
IT Objectives
Metrics
Speed
Increase responsiveness by
removing manual activity
Improved IT responsiveness to
business needs
Cost
Using the automation value measurement, IT organizations are able to understand current automation value,
identify areas requiring further improvement, and plan and justify new investments. Note that its important to
collect current data for existing manual or semi-automated processes to get an accurate picture of the before
state prior to implementing the new automation project in order to capture the incremental value.
12
2.
3.
Each level balances increasingly sophisticated people, process, and technology and often leverages orchestration technology
for integration.
13
Automating just the execution stage is easier, and many IT departments stop there. It does not require a collaborative
organization or integration between tools and automation workflows. However, effective IT transformation must accelerate
services to the businessnot just reduce IT workload. This requires more sophisticated automation with pre- and postexecution stages. Higher levels of organizational collaboration, automation roles, and tools/procedure integration, including
orchestration, are necessary to achieve on-demand and self-service goals.
The Automation Passport explains how to deliver the execution stage and enhance it through functionality and integrations
that deliver greater business value by incorporating pre-execution and post-execution automation.
Lessons learned: Automation value is diminished and unappreciated if the time- and effort-consuming parts of a procedure
are not automated, reducing overall benefits to the business.
Recommendations: When automating a complex and labor-intensive procedure, automation should consider all the tasks,
including those required before and after the execution stage to fully automate the process.
14
Emerging automation tasks include automation workflow design, development and testing, deployment, monitoring, and
support. Each company may have different job titles and descriptions (e.g., automation specialist, automation architect or
cloud architect) assigned to the tasks, but the automation objectives will be the same. However, to be successful, automation
roles must also include the ability to work closely with different organizations, promoting teamwork and collaboration to
support overall automation objectives.
Roles focused on automation must be both hired externally and nurtured from within. It is important to provide career
ladders for traditional IT professionals who can transition to new automation roles.
The people required to fulfill new automation roles will emerge from across the IT organization, including development, IT
operations, and IT service management. The skills necessary to fulfill these roles include project management, process
design, process management, workflow development, scripting, IT tools integration, and knowledge management.
Three types of roles with typical titles are specified at each automation level for each key solution area:
An automation enabler supports key automation activities (e.g., cloud service justification, design, release, service
support, automated task authorization, and activity surrounding security and compliance)
An automation operator executes the automation activities and process (e.g., providing step authorization,
deployment monitoring, or capacity optimization)
An automation stakeholder may be a user or approver and is involved in the automation design, delivery, and
usage
As automation sophistication and importance increases, not only do new roles emerge, but existing responsibilities can
change, which results in a shift in the number of personnel involved with automation. For example, the advent of widely
available public cloud options collapses many roles into one (e.g., software development).
15
Essentially anyone can be the user, justifier, designer, release manager, and IT manager. With the availability of free public
cloud provider tools, the need to get cheap resources fast may meet a tactical need. But it may create longer-term IT
management challenges if the build-up, tear-down use case evolves to a production cloud service that must be integrated
with existing IT governance and compliance processes (and touched by more roles).
Once automation is an established IT practice, the number of people involved in automation increases, while other roles
previously concerned with manual processes disappear. At the lower automation levels, processes are likely to be
fragmented and owned by a number of different people and teams. As automation maturity increases, the automation
processes consolidate, expand, and start to cross organizational silos. When this occurs, new automation roles and
responsibilities emerge to take ownership of the process as it crosses organizational boundaries. This allows IT to scale its
services as access to automation increases.
Because automation increases productivity by removing the need for manual interaction, it is often justified by a reduction
in staff. But few IT professionals willingly participate in initiatives designed to eliminate aspects of their jobs. An automation
strategy must align incentives by including career paths for key personnel who have the right skills to transition. As
automation sophistication increases, the contributions of existing roles can change, with new roles emerging to drive
automation initiatives.
Lessons learned: Successful automation transformations consider personnel aspects as much as tools and other aspects.
Automation strategies that dont consider future roles for IT staff may face resistance or even sabotage.
Recommendations: It is important to establish cross-functional automation specialist roles (including automation and cloud
architects) early to ensure short-term, tactical automation decisions and activities support a longer-term automation
strategy. The people required for the new roles typically emerge from IT administration and service management, bringing
with them the skills for process management, workflow management, and tools integration.
The BMC IT organization also has new career paths for automation specialists and engineers,
drawing from the existing IT team. Their role is to design, support, and deliver automation
solution areas and to ensure that they are enterprise-ready. They create dashboards to
calculate real-time automation value from time, effort, and cost savings.
This has fostered over 50 end-to-end automation use cases that automatically run when
required. This approach has enabled the BMC IT organization to show value to the business
and justify further investment in automation.
16
Automation is, in essence, a number of actions run on the infrastructure and applications executed in a specific order to
support an IT process. For example, automation can start with discovering infrastructure, then assessing the discovered
infrastructure, making changes to any irregularities, and then reporting results.
Example Automation Actions
Discover
Create
Inspect
Provision
Monitor
Deploy
Revert
Track
Install
Move
Configure
Report
Image
Patch
Snapshot
17
Orchestration acts as an abstraction layer that simplifies workflow design at the higher levels of automation by sequencing
and integrating actions that run across a broad range of infrastructure and applications. This allows companies to break
free of domain, hardware, or software-specific automation and deliver end-to-end IT automation services.
Orchestration provides two automation functions:
Task or machine orchestration: Creates well-defined automation workflow that extracts data from systems and
triggers execution of several different tools or scripts as part of a single procedure.
Process orchestration: Handles dynamic workflows that often require human judgment and intervention. This type
of orchestration is most appropriate for processes that require exception handling or where workflows are
dependent on multiple variables.
Orchestration software helps organizations leverage previous investments and tie different systems together to maximize
value as the automation technology footprint expands across a complex IT environment.
Lessons learned: Automation tools and procedures will emerge from different IT teams to solve specific challenges and
increase overall automation value. However, with short-term value realized, the different teams will be required to
consolidate and rationalize automation tools and procedures in support of more advanced requirements and value. Longerterm IT automation objectives will be difficult to achieve if the short-term tool decisions are not aligned across the IT
organization. The detrimental impacts of bringing together established but disparate automation initiatives include the
time, effort, and costs associated with automation consolidation, rationalization, and integration of competing toolsets.
Recommendations: Systematically expand the technology footprint to include major IT components and platforms,
factoring in the integration required between tools to support automation initiatives as they grow in sophistication.
Consider using orchestration technology to both provide greater control and visibility over the process, as well as the
integration it provides between different IT management tools and procedures.
18
Communicated an overall vision for automations strategic role in transforming IT and creating
business value throughout IT.
Continually measured the outcome of each automation project to prove the value and help justify
further investment.
The companys automation environment consists of over 100,000 servers on different platforms, including Linux, Microsoft
Windows, IBM AIX, HP-UX, and Sun Solaris, supporting 12 lines of business (LOB) across 2 continents. The automation
includes provisioning, software deployment, change discovery, and audit and compliance for servers, networks, databases,
and middleware.
The companys approach ensures the investment in automation is tracked, proven, and then used to justify further
investment.
To measure value, automation activity is continually captured and logged. The activity is broken down by automation
activity, automation execution, time taken, and the savings attributed to the execution. It is critical to understand what is
run, when it is run, and how long it took. With this data, the company associates automation activity with time and cost
savings. Over a 12-month period, this customer recorded a total of over 6 million end-user automation jobs.
19
Figure 11: Number of End-User (LOB) Jobs Run over a 12-Month Period
Understanding how long a manual activity took before being automated has allowed the company to show how many hours
are saved each month with automation. This data is then broken down by automation process.
Not surprisingly, the most significant savings are in complex operations, such as change discovery and compliance and audit,
which involve time-intensive troubleshooting and cross-functional coordination if executed manually.
20
The company achieved automation benefits over time using a strategy aligned with an automation readiness state. An
automation focus area was chosen, value was associated with the automation, and value was proven and used to justify
investment in new automation projectspart of the companys path toward IT transformation.
For a case study on the Bank of New York Mellon, please see a recent Forbes article, Cloud Computing Gets Real for the
Enterprise.
For automated provisioning and configuration management, IT organizations should start with a specific solution area and then
expand it once they have realized its initial value. This ensures the IT organization is ready and the technology is aligned and
able to serve as the foundation for the next automation value level. Otherwise, process and technology choices made
expediently in the short-term may not advance the longer-term objectives.
21
Automation capabilities required to meet the primary objective (e.g., the ability to automatically deploy)
The Provisioning & Configuration roadmap also provides detail on what each level should deliver and what is required to
ensure successful delivery. This includes:
The justification for the primary objective and the benefits expected
22
Provisioning starts with choosing the IT configuration ingredients needed for the image (the completed image is typically
referred to as a baseline or golden image). Components can be added to the image to meet a requesters specific needs. If the
image is to be loaded into an existing environment, available capacity must be checked and allocated. The image will be
installed and verified to ensure it was a success.
Provision Objectives
Create images or commands for installation.
Configure them for deployment.
Deploy them to the targeted environments.
Install them, verify installation success, and load additional software.
Lessons learned: There are many options for provisioning data center
and cloud environments, resulting in different teams choosing multiple
technologies to solve specific needs. This may satisfy short-term
requirements, but it creates longer-term issues associated with having
disparate, non-integrated technologies, increasingly higher automation
development costs, and an inability for the automation to keep up with
changes to the IT infrastructure and the companys service demands.
Recommendations: Assume the IT environment will evolve, requiring increasingly sophisticated automation to keep up with
change, increase efficiencies, and drive down costs. Choose automated provisioning technology that can provide the following
capabilities:
1.
Automate provisioning irrespective of the different types of data center or cloud platforms.
2.
Work as an abstraction layer, allowing the business to choose different hardware, software, and services without
incurring costs or having to retool and retrain.
3.
Provision and de-provision infrastructure elements (virtual and physical, on-premises, or cloud-based) no matter
what elements are chosen.
4.
Unify and bring control to existing automation provisioning tools and procedures (e.g., scripts, open source, and
server/OS provided).
23
Value Factor
Speed
IT Objectives
*Metrics
Accelerate provisioning of IT
infrastructure resources
Cost
Risk
*Detailed value metrics formulas for the Provision level can be found in Appendix B.
Provision Process
24
Provision Roles
IT administrators deliver automated provisioning across specific IT component silos, decreasing manual support and
workflow creation (scripting) activity required at the Ad Hoc level. Capacity managers can be involved in the process to
ensure reliable provisioning.
Provision Technology
Provisioning
Capacity
Management
25
The initial value of configuration management is realized by focusing on specific IT components (e.g., servers, networks, and
databases). As in the Provision level, the addition of capacity management allows better decision-making with respect to
what is actually available for use. Configuration management is added to collect and group configuration data; monitor for
configuration change; and install and update configurations and software.
The process for configuration management entails automatically collecting configuration attributes across all IT components.
This includes all types of servers, networks, and databases irrespective of platform or vendor, which results in a consolidated
Vehicle Market Research Company
set of configuration data that can then be logically grouped (e.g., by
device type or location). Managing configuration holistically allows
This BMC customer improved service levels for 17
companies to attain the standardization needed to reduce the
million unique online visitors every month by
complexities associated with making changes to the IT infrastructure.
reducing downtime caused by configuration issues
and compressing server provisioning time by over
All server, network, and database types will be configured and
90 daysdoubling staff efficiency.
managed consistently. Changes made to configurations are captured
and reported.
Configure Objectives
Inventory IT infrastructure configurations.
Capture configuration changes for all IT infrastructure components.
Change configuration settings on all IT infrastructure components.
Install and configure software.
Update software.
Lessons learned: An objective of configuration management is to create an ideal state by making changes to the existing IT
infrastructure. A common approach is to develop a configuration model, which is then used to make the changes. The
problem with this approach is that a new model will change both working and nonworking configurations, which can create
new problems when used in production. This often results in ongoing model changes and constant reconfigurations.
Recommendations: Automated configuration tools must assess what is working and what must change in production without
making widespread alterations that can create problems and break working configurations. Automation should apply
configuration changes surgically only to IT components with configuration issues.
26
Value Factor
IT Objectives
*Metrics
Speed
Cost
Risk
*Detailed value metrics formulas for the Configure level can be found in Appendix B.
Configure Process
The Configure automation procedure for provisioning with configuration management collects and organizes configuration
data to provide a detailed IT inventory that can then be grouped. The groupings allow an IT organization to better understand
how the IT environment is configured and enable changes to be made with greater logic (e.g., by location or device type). The
automation tools also monitor the IT environment for configuration updates and report changes that occur without
authorization or conflict with configuration policy.
Capacity management technology can be used at this level to ensure that provisioning or configuration changes are made
successfully with available resources.
27
Configure Roles
IT administrators continue to be automation operators, enablers, and users/stakeholders with significantly reduced manual
effort. Automation specialists emerge with responsibility for supporting and driving automation across the IT infrastructure.
Configuration managers add automation that shows how configurations across elements support applications and services.
Capacity managers can be involved in the process to ensure reliable provisioning.
Configure Technology
Technology
Provisioning &
Configuration Automation
Capacity Management
28
Interdependencies between IT components are important to understand, as configuration settings on different components
may be needed to support a shared IT purpose. Making changes without this knowledge will cause issues. Discovery and
configuration management technology provides visibility into component relationships, preventing misconfigurations.
Company policy may not permit unauthorized additions or changes to the IT infrastructure. However, the discovery
technology will capture all new devices. Configuration agents are loaded on servers with network devices and software is
added into the configuration model.
Including change management allows better planning and control, ensuring all changes are authorized, verified, and
recorded. This is typically accomplished with orchestration technology, which provides overall automation delivery through
integration and automated process visualization. Capacity management enables better decision-making by verifying what is
available or utilized.
Coordinate Objectives
Recommendations: Using technology that combines orchestration and integration allows greater control, visibility, and
reporting over the entire automated process, with management through a single interface and unified integration for all
workflows and data sources.
29
Value
Factor
Speed
Cost
Risk
IT Objectives
*Metrics
Manage IT infrastructure
change control
*Detailed value metrics formulas for the Coordinate level can be found in Appendix B.
Coordinate Process
The automated process supports some basic steps. A service request is made, evaluated against available capacity, and
then approved. The requested service items (e.g., server, middleware, and database) are then packaged for
deployment, targeted, and installed. Upon completion, the installation is checked and, if successful, updates are made
to the configuration management model and the service request is updated and closed.
The automated process requires the technology to deliver and integrate specific capabilities to ensure the automation
executes seamlessly, without manual intervention. This level includes the technology that addresses all three process
automation stages: pre-execution, execution, and post-execution.
Automation Pre-Execution
The service desk triggers the automation to provision a new service, while the tools that discover, configure, and
organize IT configurations enable the automation. The first part of the automation also runs the pre-deployment
checks, including confirming that the request is valid and that the required capacity is available on all required IT
components.
30
Automation Execution
Once the pre-execution automation completes, the provisioning and configuration execution are orchestrated,
ensuring changes are made in the right order.
Automation Post-Execution
The post-execution automation includes verifying successful installation and closing the service request.
Coordinate Roles
This level requires a high degree of organizational collaboration, with roles aligned specifically to drive automation. Job titles
may differ depending on organizational design, and several roles may be combined into a single position. IT administration
resources continue to be optimized. Additional automation specialists form a competency team focused on using automation
to increase IT efficiencies and reduce complexity. Change managers coordinate change automation with auditors and IT
executives who are new stakeholders of automation deliverables. Capacity managers are mandatory at this level to ensure
reliable provisioning.
Coordinate Technology
The tools used at the Coordinate level are augmented with products that enhance automation capabilities in the execution
stage, while introducing automation in the pre-execution and post-execution stages.
31
Technology
Discovery
Orchestration
Orchestrates overall process, manages the productto-product handoffs, coordinates the different
configuration tools, and integrates the tools for data
passing and activity activation
Capacity Management
Change Management
32
To accelerate the process, the automation workflow has pre-authorized and agreed-upon reserved capacity to ensure
requests are delivered when required. Service requesters are kept up-to-date via the service portal or alerts are sent to their
preferred devices.
On-Demand Objectives
Enable on-demand self-service requests through common portals with options delivered from a service catalog.
Pre-approve service requests and/or automation step authorization to expedite automation process.
2.
3.
Orchestration tools to coordinate the provisioning of components across multiple automation technologies
33
Once justified, the high-level value achieved must be recorded and reported. The following chart shows how value is realized
for on-demand service provisioning.
*Metrics
Speed
IT services on demand
Cost
Risk
*Detailed value metrics formulas for the On-Demand level can be found in Appendix B.
34
On-Demand Process
The automated process supports several basic steps. The business chooses a service from a menu and requests any
customization. The request is approved and the automated provisioning process commences. With the IT environment
targeted, the required capacity is checked. The automation tools install the IT environment or make changes to an
existing environment. During the post-automation stage, updates are made to the configuration management model
and the service request is updated and closed.
The automated process requires the technology to deliver and integrate specific capabilities to ensure the automation
executes seamlessly without needing manual intervention. This includes the technology that addresses all three
process automation stages: pre-execution, execution, and post-execution.
Automation Pre-Execution
A new service is triggered by the service request or through the self-service portal. This is enabled by the tools that
discover, configure, and organize the automation to provision.
The orchestration product manages the overall automation procedure. The first part of the automation runs the predeployment checks, including taking the request and ensuring it is approved (change management), associating the
request with a service level (service level management), and confirming the required capacity is available for all
required IT components (capacity management).
Automation Execution
Once the pre-execution automation completes, the automation tools (server, network, database, and middleware
automation) deploy and install all the required IT components.
Automation Post-Execution
The post-execution automation includes verifying successful installation, closing the service request, and
creating/publishing the service report.
35
On-Demand Roles
This level requires a high degree of organizational collaboration, with roles aligned specifically to drive automation. Job titles
may differ depending on organizational design, and several roles may be combined into a single position. IT administrators
and change managers are now primarily initiating automation activities, with automation specialists, configuration managers,
and capacity managers taking over automation design and delivery. The line-of-business (LOB) managers become key
automation users/stakeholders, as automation is integral to digital service delivery.
On-Demand Technology
At this level:
Configuration management is required to unify the configuration components and their relationships.
Service level management is used to associate priority and ensure service delivery meets business expectations.
The service catalog is required to manage the services offered to the business.
36
Technology
Service
Orchestration
Orchestrates adding, managing, and removing the service Cloud Lifecycle Manager
and supporting infrastructure
Provisioning &
Configuration
Automation
Discovery
Orchestration
Orchestrates overall process, manages the product-toproduct handoffs, coordinates the different
configuration tools, and integrates the tools for data
passing and activity activation
Capacity Management
Change Management
Configuration
Management
Service Level
Management
Service Request
Management
Service Catalog
37
Figure 28: Provisioning & Configuration Levels Mapped against the Automation Value Model
Each automation level along the path builds on the value from the previous one. However, as the automation increases in
sophistication, the requirement for IT organizational readiness increases too. Whereas provisioning may reside entirely in
one IT operations team, service provisioning may require the involvement of development, all flavors of IT administration
(e.g., server, network, database, storage, and application), service managers, change managers, application release
managers, and representatives from the lines of business. The diagram above matches the Provisioning & Configuration
levels against the five levels from the Automation Value Model.
38
The core capabilities for delivering automated configuration compliance and patching are:
1.
2.
Define the relevant company policies and compliance to which each component should be compared for
adherence
3.
Audit all configurations against the specified policies and standards to reveal unauthorized changes to
hardware/software configuration, configuration drift, and configuration change anomalies
4.
Remediate by addressing the policy or compliance violation, either through corrective action or by tagging it as
an authorized exception
The entire process should be governed with integrated change management for a truly seamless effort.
39
There are a broad number of technologies that provide some compliance auditing functions. However, most focus on specific
software or element type (e.g., Windows servers), creating a fragmented, non-integrated view of the IT environments true
compliance state. Worse, most tools stop short of the real challenge, which is to remediate non-compliant IT components as
quickly as possible.
Each level has a set of attributes associated with it. The attributes include:
Automation capabilities required to meet the primary objective (e.g., the ability to manage)
The Patching & Compliance roadmap also provides detail on what each level should deliver and what is required to ensure
delivery. This includes:
The justification for the primary objective and the benefits expected
40
While patch management is mandatory, it is accomplished with different levels of efficiency by different organizations. The
objective is not simply to do it, but to do it better. Effective patch management should ensure that the IT infrastructure is
secure and policy-compliant, while delivered quickly and cost-effectively.
Lessons learned: Based on industry data verified by BMC customers, it costs thousands of man-hours per month for the
average 10,000-server organization to keep up with patching its environment. Even in small 30-50 IT server environments, it
can take 120 hours a month to patch, which is significant when there are only a few people supporting the servers. Costs
rapidly escalate with manual patching, easily running into the
hundreds of thousands of dollars for patching each month.
IT Services Company
Additionally, a realistic assumption that approximately 5% of the
This BMC customer realized ROI goals within 6 months
patches will fail adds additional recovery time and cost.
by implementing a single solution for auditing system
status, generating alerts for unpatched servers, and
Recovering from a failed installation can be twice as long as the
assuring consistent patch levels. This automation
original failure time.
value was achieved with no increase in staff.
Patch Objectives
Install patches.
Recommendations: An automated patching process is a basic requirement to address security vulnerabilities and
performance issues speedily and cost-effectively. The most efficient processes include technology that seamlessly recovers
from failed patch applications.
41
Value Factor
IT Objectives
*Metrics
Speed
Accelerate patching of IT
infrastructure
Cost
Risk
*Detailed value metrics formulas for the Patch level can be found in Appendix C.
42
43
Patch Roles
IT administrators deliver automated patching by IT component type and gain efficiencies through less manual, support and
workflow creation (scripting) activity. Patches are delivered faster and with lower risk than at the Ad Hoc level. Security
officers receive patch reports and request patching activity.
Patch Technology
Automation patch management tools need to be deployed across the IT infrastructure for the greatest value. However,
most IT organizations start with network and server patching automation.
Technology
Patch automation
Automation Activity
Description
Automates patch deployment,
installation, and reporting
44
Automatically collecting configuration attributes across all IT components, including all types of servers, networks,
databases, and middleware, ensures configuration policy information is consistent to realize time and cost savings across
the entire IT infrastructure. Configuration managed holistically delivers a higher level of cross-platform standardization,
which reduces the complexities associated with making changes to the IT infrastructure.
Assess Objectives
Inventory IT components.
Group IT components into logical groupings (e.g. type, location, and service).
Capture and evaluate change against policy.
Report changes and policy adherence.
Recommendations: Use technology that runs automatically and routinely discovers, consolidates, and
reports IT configurations for all managed components to allow IT organizations to understand their
configuration state in an unobtrusive, ongoing way. This information can be used to satisfy an audit
without any additional cost, effort, or disruption to IT operations.
45
Value Factor
Speed
Cost
Risk
IT Objectives
*Metrics
On-demand configuration
compliance status reports
Compare the
compliance assessment
time before vs. after
automation
Reduce risk of u n d i s c o v e r e d
c o n f i g u r a t i o n issues
*Detailed value metrics formulas for the Assess level can be found in Appendix C
Assess Process
The automation procedure for patching and compliance collects and organizes configuration data to provide a detailed IT
inventory that can then be grouped. The groupings allow an IT organization to better understand how the IT environment
is configured and enable patch and configuration changes to be made with greater logic (e.g., by location or device type).
The automation tools also monitor the IT environment for patch and configuration updates and report changes that are
done without authorization or that are in conflict with company compliance policy.
46
Assess Roles
IT administrators continue to deliver patches and make changes to IT configurations with fewer resources. Supported by
tools, configuration managers consolidate IT infrastructure configuration compliance. Automation specialists emerge to
coordinate and manage the automated patch and configuration processes across the IT infrastructure. Auditors can easily
use consolidated patching and configuration reports.
Assess Technology
Technology
Automation
47
To achieve policy or regulatory compliance, IT needs to discover and update all key components, including servers,
networks, databases, and middleware. To gain the most value from automation, it is important to gather configuration
data irrespective of platform or software and apply updates using tools that provide remediation capabilities for these
components. If data is collected in disparate ways using multiple approaches and technology, the costs and effort saved in
collection are lost when consolidating the output to demonstrate overall IT compliance. Bringing components into
compliance automatically eliminates a series of time-consuming, manual steps.
Comply Objectives
Discover new IT components.
Apply regulatory and corporate policy to IT infrastructure components.
Monitor for changes and policy adherence.
Remediate non-compliant components to conform with regulatory and corporate policy.
48
Value
Factor
IT Objectives
*Metrics
Speed
Respond rapidly to
compliance violation
issues
Improved coverage of
compliance with policies
across business
applications
with policy.
Cost
Risk
Minimize cost of
operations or cost to
compete
*Detailed value metrics formulas for the Comply level can be found in Appendix C.
49
Comply Process
The compliance report includes detail on how required software, patches, and configurations adhere to company policy
and government regulations, such as the Health Insurance Portability and Accountability Act (HIPAA), the Payment Card
Industry-Data Security Standards (PCI-DSS), the Sarbanes-Oxley Act (SOX), and the Federal Information Security
Management Act (FISMA).
Comply Roles
At the Comply level, IT administration resources continue to be optimized. The automation specialist role assumes
responsibility for patching and compliance automation, and additional automation specialists form a competency team to
deliver increased efficiency. Security officers can now automatically initiate patching. Capacity managers provide additional
understanding of added/new or removed IT capacity. Change managers can initiate configuration management requests. IT
executives receive consolidated IT infrastructure patching and configuration status and compliance reporting.
50
Comply Technology
51
Technology
Provisioning & Configuration
Automation
Discovery
Orchestration
Service Desk
Change Management
52
This capability requires a high degree of infrastructure standardization and an organization willing to pre-approve key
configuration remediation changes (e.g., reversal of the last known change or a restore to a steady state). Integration with
change management, the service desk, the configuration database, application discovery, and dependency mapping are
added at this level. Each is required to contribute to automating the decision-making process.
Change management is enforced at this level. Intelligent compliance controls what, how, who, and when changes can be
made on parts of or to the entire IT infrastructure. Granular permissions control what is changed and by whom on specific
components. Each component is aligned with its contribution to applications and other components. The more critical the
component, the greater the enforcement needs to be.
Intelligent Objectives
Align with business priorities by mapping IT component configurations to IT services.
Assure compliance through ongoing, controlled, automated change and remediation.
Prevent non-compliant changes through standardized interfaces and controlled change management.
Pre-approve changes to allow automatic remediation on non-compliant components.
53
Lessons learned: No matter how much rigor is put into IT change control,
assumptions should not be made about the IT infrastructures state of
configuration compliance. This is particularly true since IT experiences constant
change and is spread across different organizations, locations, and
environments (e.g., data center and cloud). Assuming 100% compliance across
the entire IT infrastructure without making frequent checks on configuration
state will likely result in ongoing availability issues and discrepancies when
audited.
Recommendations: Assume that there will be configuration issues and plan accordingly. Building on the best practice
outlined in the previous Comply level, the Intelligent level brings additional IT configuration compliance hardening
capabilities.
1.
2.
3.
Establish ongoing discovery of configuration changes for all IT components and report compliance adherence.
4.
5.
Value
Factor
Speed
Cost
Risk
IT Objectives
*Metrics
Achieve ongoing
compliance discovery,
monitoring, remediation,
and change management
Ongoing security,
operational, and
regulatory configuration
compliance with controls
and reporting
*Detailed value metrics formulas for the Intelligent level can be found in Appendix C.
54
Intelligent Process
At this level, the automation has three fully automated activities:
1.
2.
3.
This level provides the ability to automate and fully track the compliance process from discovery to compliance remediation.
55
Intelligent Roles
This level requires a high degree of organizational collaboration, with roles aligned specifically to service automation. Job
titles may differ depending on organizational design. IT administrators and change managers are now primarily only
initiating automation activities, with automation specialists, configuration managers, and capacity managers taking over
automation design and delivery. Line-of-business (LOB) managers are updated on compliance reporting as it pertains to
their business systems.
Intelligent Technology
56
Technology
Provisioning & Configuration
Automation
Application Discovery
Configuration Management
Orchestration
Change Management
57
Figure 44: Patching & Compliance Mapped Against Automation Value Model
58
Cloud Services
Whether motivated by the promise of faster service delivery with self-service, the cost savings from paying for
infrastructure only when needed, or the risk mitigation from high availability, enterprises have many reasons to embrace
the cloud. But almost 10 years into the cloud revolution, companies are still struggling to find the optimal strategy for
harnessing the cloud and realizing its potential for increased speed, lower cost, and reduced risk.
Experienced companies have moved beyond proof-of-concept pilots and are tackling the challenge of offering and
managing more complex, production cloud services. In the process, theyve discovered that just like ad hoc data center
automation projects, poorly planned cloud implementations can dramatically increase the management costs and risks,
ultimately obviating the speed benefits.
59
User Services: This consists of all the ways a cloud service may be requested, such as a selfservice portal, via email, or through a mobile app.
Core Functions: These include all the functions required to provision and deploy a cloud service,
which can be provided by a cloud management platform (CMP), independent APIs, or tools.
Supporting Functions: These include additional functions called by a cloud management platform
to manage and monitor a deployed cloud service.
The cloud delivery process figure below illustrates how a cloud service request is actually executed in this ecosystem. A user
requests a cloud service from a catalog presented through a service portal or other user interface. The core functions first assemble
the service, e.g., the appropriate cloud infrastructure components (which can be a cloud platform or cloud stack), options, and
revisions. Then, they deploy it in the correct order based on the service model. A cloud governor (i.e., a function that makes
decisions based on request and cloud preparedness) makes the placement decisions, verifies the readiness of the environment, and
initiates the automation process.
60
For clouds that span different providers and environments, the decisions for placement and optimized management require greater
visibility into the cloud infrastructure configurations, available capacity, and the levels of service required. In short, companies with
multi-cloud or hybrid-cloud environments require access both to more sophisticated core and supporting functions. Appendix D
explores how and where a cloud derives its value and delves into the management capabilities required. Cloud management tools
aimed at providing support for a single cloud, environment, instance, or type are unlikely to scale to meet the needs of a multi-cloud
environment. Appendix E provides detail on critical supporting functions and how they must scale with cloud sophistication.
61
The following is an example of the capabilities a large user needed to configure and manage their production service in a public
cloud environment.
User Services:
Cloud Service Requests: The mechanism to interact with the cloud infrastructure and request cloud services (portal,
API call, script, third-party catalog)
Core Functions:
Loading the Application: Getting the business applications in the cloud run-time environment (e.g., install, deploy,
etc.)
Integration & Connectivity: Connecting the company cloud components together (e.g., via an abstraction layer,
orchestration template, or script). Enabling components in a multi-tier application to communicate and be
accessible from outside the cloud (e.g., public IP address)
Supporting Functions:
Configuration: Configuring the businesses cloud applications and components
Capacity: Determining the capacity needed to run the applications. Decisions on compute, memory, storage,
network, ancillary services, etc.
Performance Management: Ensuring performance visibility and determining if additional performance is needed
(e.g., caching, load balancing, content delivery network)
Security: Security and compliance of cloud components (e.g., hardened Linux, firewall configurations)
IT Operations: Ongoing management of the business cloud components (e.g., starting/stopping servers, provisioning
new servers, defining scale-out rules, taking snapshots, ensuring leases are persistent, etc.)
o
o
o
o
To address the gaps and create a manageable public cloud environment, the user had to employ many IT operations tools. This
particular company required 40 additional tools and functional enhancements, which were all integrated with the cloud
environment using the providers APIs to cover key areas, including:
Usage monitoring (e.g., cost, usage, and trends)
There is a clear division of labor between the cloud service provider and the cloud user. Public cloud providers refer to this
as shared responsibility. The division of labor must be clearly understood, as it determines the effort, skills, and costs
required to augment the services and tools available from the cloud service provider. It also helps to determine potential
privacy, policy, and security challenges using a public cloud for sensitive company applications and services.
62
A cloud management platform addresses cloud provider management tools disparity (see Figure 48) and should provide the
following capabilities:
Provide consistent cloud management capabilities, filling gaps (e.g., tools functionality/missing tools) left by the
public cloud service providers.
Enable unified cloud automation that executes in a uniform, standard way irrespective of the underlying cloud
environment.
Integrate cloud management activity, allowing seamless process automation.
Enable an organization to establish itself as a digital services broker where services are offered, provisioned, and
managed irrespective of the cloud or data center environment chosen to meet the service need.
Leverage existing/provided cloud silo management technology to optimize management capabilities and realize
value that may be unique to different cloud environments.
Reduce complexity by providing an abstraction layer that normalizes management across different cloud
management tools.
Reduce risks associated with cloud silos by using common change management processes and uniform compliance
management.
Without a flexible cloud management platform, using more than one public cloud provider multiplies the management
effort, which can defeat the advantages of multi-sourcing.
63
User Services:
Cloud Service Requests: The mechanism to interact with the cloud infrastructure and request cloud services (e.g.,
portal, API call, script, and third-party catalog)
Core Functions:
Loading the Application: Getting the business applications in the cloud run-time environment (e.g., install, deploy,
etc.)
Integration & Connectivity: Connecting the cloud components together (e.g., via an abstraction layer,
orchestration template, or script)
Supporting Functions:
Configuration: Configuring the businesses cloud applications and components
Capacity: Determining the capacity needed to run the applications, including decisions on compute, memory,
storage, network, ancillary services, etc.
Performance Management: Ensuring performance visibility and determining if additional performance is needed
(e.g., caching, load balancing, and content delivery network)
Security: Security and compliance of cloud components (e.g., hardened Linux and firewall configurations)
IT Operations: Ongoing management of the business cloud components (e.g., starting/stopping servers, provisioning
new servers, defining scale-out rules, taking snapshots, ensuring leases are persistent, etc.)
Cloud Service Options: Provide more IT cloud services to the business, not less.
Ongoing Evaluation: Constantly evaluate cloud service options and offer new ones.
o New options could include better costs, support, infrastructure options, etc.
Business Alignment: Understand the way the business uses cloud services, measure and monitor user experience,
and seek continual improvement.
Performance: Ensure cloud service performance meets business expectations and/or service level agreements.
Guidance: Make recommendations on cloud service options based on business needs, expectations, and
corporate policy.
Education: Educate the IT users of cloud services to help them make the best cloud decisions for their business
units.
Simplification: Allow focus on the business service requirements, while masking the details of which underlying
cloud service is used to support it.
64
cloud management silos, each using different tools with varied levels of integration (see Figure 49).
As cloud sophistication increases (e.g., mixed/multiple cloud service environments hybrid clouds) and maturity grows,
companies look for ways to provide greater management control over multiple cloud environments. This is typically
addressed using a cloud management platform (CMP), which acts as a resource abstraction layer that provides cloud
orchestration across different cloud environments. Large organizations may require their CMP to manage the services their
corporate data center provides. This ensures the IT services utilize as many common skills and resources as possible,
providing a level of user consistency while optimizing complexity and cost.
The CMP provides the integration with management tools, automation products, workflows, and scripts to deliver
automation and management activities while masking the underlying tools complexities (see Figure 50). Using a CMP also
consolidates different tools functions, allowing IT organizations to create a standard method for delivering cloud
automation even if the underlying cloud environment changes.
A CMP enables the automation of cloud activity across a shared infrastructure (e.g., compute, memory, storage, network,
and ancillary services). This allows a company to manage the cloud as a set of building blocks that create the companys
base services. Even though infrastructure as a service (IaaS) and platform as a service (PaaS) can be described as units of
cloud, a CMP manages beyond the units and across different units, and integrates with a broader set of management
technology to deliver greater cloud automation value (e.g., change management, problem management, end-user
performance monitoring, and tools that enable cloud brokering). As cloud needs evolve, IT organizations may seek to
automate the movement of workloads across different clouds (e.g., for cost or performance reasons). That automation will
require CMP management technology capable of orchestrating the process and interoperating with a broad range of cloud
service provider management tools.
65
Each level has a set of attributes associated with it. The attributes include:
Primary objective (e.g., provision)
Automation capabilities required to meet the primary objective (e.g., the ability to automatically deploy)
The cloud services roadmap also provides detail on what each level should deliver and what is required to ensure successful
delivery. This includes:
An overview of the level objectives
Lessons learned and recommendations
The justification for the primary objective and the benefits expected
The value required and the way the value is realized
A typical process diagram
The IT personnel required to support the objective
The technology required to meet the objective
66
Image Objectives
Lessons learned: For some, this level has meant virtualization plus automation, however this overly simplistic view does not provide
a path beyond server provisioning. Cloud deployment and service model choices will determine the options for cloud provisioning.
This will result in different teams using multiple technologies (e.g., provided with OS/hypervisor, cloud service, in-house
development, or purchased from a software vendor) to solve a common task of adding and removing IT resources. This may satisfy
short-term requirements but creates longer-term issues due to inconsistent processes and disparate, non-integrated provisioning
technology.
Recommendations: Assume the cloud environment will evolve, requiring increasingly sophisticated automation to keep up with
change, increase efficiencies and drive down costs. Choose automated technology that can provide the following capabilities:
1. Automate cloud service delivery irrespective of the different cloud models.
2. Treat cloud provisioning as an abstraction layer allowing the business to choose different hardware, software, and
services without incurring costs or having to re-tool and re-train.
3. Unify and bring control to existing cloud services provisioning tools and procedures (e.g., scripts, open source, public
cloud tool APIs, and server/OS provided).
67
Value Factor
IT Objectives
Reduce time to deliver
Speed
cloud services
Install cloud images on
demand
Enable changes to cloud
environment quickly
Cost
Increase IT
administrator-to-cloud
component ratio
Decrease cloud management
manual activity
Decrease time to provide
business IT services
Risk
Metrics
68
Image Process
At the Image level, the cloud service begins with the service request and extends to service activation. The service can be the
loading of software, the creation and deployment of an image, the allocation of infrastructure resources, or the loading of an entire
application stack. The following process is an example of an automated cloud service process.
Automation Pre-Execution
The cloud service image is created and packaged
The cloud service image is loaded into an image library
Cloud services are offered through a portal/menu (cloud services can be requested through other methods, e.g., via
email)
Cloud service requests are configured and patched
The request is approved (if not already pre-approved)
Cloud resources are checked (e.g., available capacity)
The network address is applied with the appropriate network access
Automation Execution
The packaged image is distributed to the cloud and installed
Upon completion, the installation is checked and verified
The cloud service is activated
Post-Execution Tasks Automation
Product licenses are assigned
69
Image Roles
At the Image level, multiple teams may be involved in cloud deployments and usage. Internal IT may provide a private cloud
environment, while software development and application testing teams may use public cloud services. The challenge is to manage
the cloud environment in a consistent and controlled manner to ensure costs are in line and skills applied when and where it makes
the most sense from a company perspective.
Image Technology
70
Technology
Network Automation
Server Automation
Database Automation
Middleware Automation
Cloud Provisioning
Orchestration
Cloud Service Portal
Image Library
Service Catalog
Capacity Management
71
The Manage level includes pre-packaged cloud services delivered by orchestrated workflows that describe components, capacity
required, and deployment order. Integrated with a catalog of services, the cloud package includes the service parameters (e.g.,
requester, entitlements, and costs). This allows increased control over the environment and further expedites the release
management process.
The services are submitted with the configurations and parameters applied and authorized against agreed priorities and service
level. At this level, the requested service can be aligned against a type of cloud environment (e.g., a service for application testing
can be provisioned in a public, low-cost cloud).
Services are provisioned with capacity automatically verified to ensure that the cloud environment is able to support the service
request. The requested service is delivered in-line with internal policy and external compliance regulations.
This process supports both cloud service delivery models (i.e., native and migrant cloud environments), allowing change to occur
prior to release or once the environment is established.
Manage Objectives
Lessons learned: Cloud choices made at this level can create significant management challenges, especially when the requirement
is to apply common processes across clouds and enforce company policy and regulatory compliance. The challenges are caused by
treating every cloud or cloud service as a unique instance, with each requiring different levels of infrastructure control, different
tools for management, and different levels of infrastructure visibility. This scenario contributes to increased organizational
complexity (i.e., cloud-specific management silos) and increased business risk through the inability to consistently manage
regulatory compliance for all parts of the IT infrastructure that supports the business applications.
Recommendations: Control of a companys cloud environment should factor in both current cloud usage as well as new use cases
and cloud options likely to appear in the future. For example, as companies move from private and/or public to multi-cloud
environments, from software as a service (SaaS) to PaaS, and from migrated cloud applications to native cloud applications, the
management technology must be able to adapt and encompass the cloud flavors to maintain control and IT resilience while
providing the cloud service options the business needs to prosper.
This implies the following requirements:
1. Cloud management technology that allows holistic and consistent cloud control for all business cloud services choices
2. A cloud management strategy that factors in the key integrations required to support the automation of processes
across different cloud service and delivery options
3. The adoption of a cloud services tools strategy that integrates and orchestrates all required cloud management
componentsincluding public cloud tool APIsfor service options, packaging and delivery, cloud monitoring, change
management, and service management
72
Provide the business with cloud service options while masking underlying cloud complexity.
Accelerate automation execution through consistent management tools and architecture.
Reduce business risk through consistent IT compliance management across cloud services.
Increase business efficiencies by providing cloud service options without sacrificing control and IT visibility.
Optimize IT resources through the abstraction of cloud service diversity, the removal of repetitive manual activity and the
elimination of cloud management silos.
Value Factor
Speed
IT Objectives
Cost
Cloud environments
managed in a consistent
way
Issues managed through an
integrated service
management process
Cloud monitored against
availability policies
Managed cloud
infrastructure change
control
Cloud monitored against
availability policies
Consistent cloud
orchestration
Issues managed through an
integrated service
management process
Risk
Metrics
Compare execution time
before vs. after the menu
(cloud service) consolidation.
Compare the time taken to
create and request cloud
services before vs. after the
implementation of
standard/common service
options
Time and effort saved
The number of IT staff no
longer needed to manage
every cloud type
Compare downtime cost
before vs. after the
automation of the cloud
service mgmt. process
Change managed and
measured against historic
regulatory configuration
compliance reports
Compare cloud downtime
statistic before vs. after the
implementation of service
management process
integration
Visibility into cloud service
irrespective of type or location
73
Manage Process
At the Manage level, the automated activities expand to include resource checking, service levels, network connectivity, and final
deployment packaging and verification procedures. Steps noted in italics below are incremental to the previous level.
Automation Pre-Execution
The cloud service image is created and packaged
The cloud service image is loaded into an image library
The catalog of services provides the applications and required resources
The service deployment is delivered via the service orchestration
Cloud services are offered through a portal/menu (cloud services can be requested through other methods, e.g., via
email)
Cloud service requests are configured and patched
The request is approved (if not already pre-approved)
Automation Execution
Cloud resources are checked (e.g., available capacity)
Service levels (e.g., entitlement, performance measurement, and service termination agreement) are associated with the
requester and the service requested
The network address is applied with the appropriate network access
Package configurations and policies are applied to the cloud service
The packaged image is distributed to the cloud and installed
Upon completion, the installation is checked and verified
The cloud service is activated
Cloud configuration is updated as part of a new image (ongoing activity)
Patches are applied to the cloud service as part of a new image (ongoing activity)
Post-Execution Tasks Automation
Product licenses are assigned
Service request is closed (part of the change management process)
Problems are managed through the service desk
Cloud infrastructure component issues are monitored
Cloud infrastructure application transaction performance monitored
74
Manage Roles
The Manage level starts to include different IT professionals, teams, and members of the user community. Multiple teams can be
involved in cloud deployments and usage. Internal IT may be providing private cloud environments while software development
and application testing teams may be using public cloud services. Capacity management may be involved in the planning for the
cloud, with the security officers and auditors involved in identifying risks and compliance irregularities.
Manage Technology
75
Technology
Network Automation
Server Automation
Database Automation
Middleware Automation
Cloud Provisioning
Orchestration
Capacity Management
Availability Monitoring
Image Library
Service Catalog
Change Management
Service Management
Applications
Performance
Management
76
After cloud services have been delivered, IT user performance and IT infrastructure health is monitored, measured, and reported.
This information is used to ensure service levels are maintained. The impact of change is understood. Service usage is metered and
costs are recognized and used to justify further investment.
Govern Objectives
Provide intelligent service placement, resource availability, and automation execution.
o Analyze user behaviors to identify usage patterns and deliver better cloud services.
Define service levels to deliver and measure cloud services.
o Increase cloud infrastructure resilience in-line with agreed service levels.
Recognize cloud service value and aid investment decisions through cost-aware (show-back) services.
Monitor user experience against cloud infrastructure performance.
Lessons learned: As different cloud service models are adopted to meet the needs of the business, the costs associated with
customization and managing the increasing complexity grows rapidly. In addition, deploying cloud services without measuring
performance blinds IT organizations from the impact of change and the value being provided to the business.
Recommendations: Using cloud service automation technology, such as a service governor supported by a service catalog and
configuration management, allows intelligent placement of cloud services aligned with the appropriate delivery model and cloud
service usage requirement without the need for manual intervention or an increase in costs and effort. We have found that a cloud
strategy that includes monitoring the cloud service from both the IT infrastructure and the end-user perspective ensures the
supporting IT infrastructure is configured and performing within policy and to expectations, and that end users have a positive
experience.
Respond faster to cloud service change with smarter placement and resource utilization.
Reduce cloud service down time while increasing end-user satisfaction.
Understand cloud service user experience.
Demonstrate cloud service costs and value.
Compare cloud service value and costs across company cloud environment.
Automate the provisioning and decommissioning of cloud services.
Fully automated IT cloud services available through multiple self-service options.
77
Value Factor
IT Objectives
Reduce time to deliver cloud
Speed
services from request to
delivery
Identify and respond faster to
service issues
Cost
Risk
Metrics
Service delivery times
monitored and measured
through change management
process reporting
Compare before vs. after
service request time
Costs metered and reported
Compare costs between different
cloud environments in an
ongoing fashion
Govern Process
At the Govern level, the automated execution activities expand to include configuration management and cloud governance,
making placement decisions, cloud service verification, and automation execution initiation. End-user monitoring, usage metering,
and the process for service retirement are now embraced to support post-execution activities. Steps noted in italics below are
incremental to the previous level.
Automation Pre-Execution
The cloud service image is created and packaged
The cloud service image is loaded into an image library
The catalog of services provides the applications and requires resources
The service deployment is delivered via the service orchestration
Cloud services are offered through a portal/menu (cloud services can be requested through other methods, e.g., via
email)
Cloud service requests are configured and patched
The request is approved (if not already pre-approved)
78
Automation Execution
Cloud resources are checked (e.g., available capacity)
Service levels (e.g., entitlement, performance measurement, and service termination agreement) are associated with the
requester and the service requested
Configuration management stores cloud component configurations and component cloud service relationships, aiding
cloud governance decisions and the service management process
Cloud governance makes placement decision and cloud service verification, and initiates automation execution
The network address is applied with the appropriate network access
Package configurations and policies are applied to the cloud service
The packaged image is distributed to the cloud and installed
Upon completion, the installation is checked and verified
The cloud service is activated
Product licenses are assigned
Cloud configuration is updated as part of a new image (ongoing activity)
Patches are applied to the cloud service as part of a new image (ongoing activity)
Post-Execution Tasks Automation
Service request is closed (part of the change management process)
Problems are managed through the service desk
Cloud infrastructure component health monitored
Cloud infrastructure services health monitored (service-grouped cloud components)
Cloud infrastructure application transaction performance monitored
End-user performance monitored and experience captured
Cloud service usage tracked and evaluated against costs for investment justification and showback purposes
Cloud services are retired in-line with SLAs, usage, and activity
Govern Roles
At the Govern level, cloud roles start to change. With effective and flexible cloud service offerings, application developers and
testers can leave the job of managing cloud resources and focus on using cloud resources. With better-managed, more costeffective cloud options, line-of-business managers will find more reasons to use the services offered.
79
Govern Technology
80
Technology
Network Automation
Server Automation
Database Automation
Middleware Automation
Cloud Provisioning
Orchestration
Cloud Service Portal
Image Library
Service Catalog
Capacity Management
Availability Monitoring
Service Level Mgmt.
Component Container
Change Management
Service Management
Applications Performance
Management
Cloud Governance
Cost Recognition
End-User Monitoring
Configuration Mgmt.
CLM
81
Optimizing cloud usage requires a holistic and vendor-neutral view across an organizations IT environment. Optimization
should allow comparison of both internal and external cloud service alternatives.
Optimize Objectives
Analyze cloud services and dynamically adjust resources to optimize performance and usage (e.g., bursting to available or costeffective cloud environments).
Reclaim inactive or underutilized virtual resources to reduce costs associated with software licensing and
management effort.
Optimize virtual resource costs by enforcing expiration dates for virtual machine reclamation (e.g., through SLAs
and workload types).
Implement process to automatically retire temporary, underutilized, or abandoned cloud resources.
Analytics provide workflow data patterns, enabling decision-making and optimizing process execution (e.g., higher
performing workflow paths that cross networks and servers).
Broker cloud services with user guidance.
Align costs by charging for cloud service usage to appropriate units managed to SLAs.
Lessons learned: Cloud service usage and activity that is not monitored has caused companies to experience increased costs, effort,
and risk. IT resources that are not used, misconfigured, or underutilized will continue to incur costs to the business (e.g., license and
management). An inability to aid cloud users on the resources required to fulfill their service requirement creates waste and
additional costs, as many will choose to over-provision if they are not guided.
Recommendations: IT organizations wishing to drive down cloud service costs and increase business satisfaction should monitor
how cloud services are being used and ensure optimal resources are chosen by guiding users on the appropriate resources required
to fulfill their cloud need while leveraging, where possible, existing IT resources.
Cloud services are continually monitored to ensure resources are optimized to maximize performance and reduce unused capacity,
including cloud bursting to available or more cost-effective cloud resources when necessary. Resources that are not used or are
underutilized are reclaimed to reduce costs. Service costs based on usage by options chosen are attributed, tracked, and charged.
The ability to optimize the cloud requires the orchestration of tools that provide the information required to make these
decisions, such as understanding capacity, cloud infrastructure component utilization, performance bottlenecks, usage
patterns, services cost profiles, and user experience.
Guiding business units on the most appropriate cloud service options for their needs, moving workloads (on an interim or
temporary basis), removing redundancy (e.g., underutilized cloud infrastructure), analyzing usage patterns (e.g., high/low
performance/usage peaks), and continually evaluating cloud options allows cloud service costs and resources to be
82
optimized. To achieve this objective, the tools that enable cloud optimization need to be applied differently and, in some
cases, enhanced. See Appendix D for further detail on the evolution of supporting functions at the Optimize level.
Cost
Risk
Reduce configuration
compliance risk through better
cloud service delivery and
optimizing existing resources
Cloud infrastructure change
made with greater accuracy
Metrics
Compare time to assess, choose,
and configure cloud service
before vs. after automated,
guided assessment and options
Compare time to monitor,
analyze, and make changes
before vs. after automation of the
cloud optimization process
Compare ongoing operating
expenses (opex) costs before vs.
after optimized cloud
infrastructure resources by cloud
service
Compare cloud infrastructure
license costs before vs. after
optimization
3rd-party cloud service costs
managed with greater accuracy
and accountability to the
business, measured over time
Cloud services charges managed
more effectively, measured over
time
Risk reduced by compliance
factored in to the cloud service
delivery options and managing
compliance on optimized
resources, over time. Compare the
number of resources used before
vs. after optimization
Reduction in cloud service issues
due to errors made when making
changes to the cloud
infrastructure, measured over time
83
Optimize Process
At the Optimize level, automated execution activities expand to include greater visibility into how cloud resources are being used,
allowing the cloud governance to make recommendations on capacity, infrastructure allocation, and workload distribution. The
post-execution activities now include full cost management. When tied to a companys financial applications, this view will provide
cloud expense management and chargeback. Steps noted in italics below are incremental to the previous level.
Automation Pre-Execution
The cloud service image is created and packaged
The cloud service image is loaded into an image library
The catalog of services provides the applications and required resources
The service deployment is delivered via the service orchestration
Cloud services are offered through a portal/menu (cloud services can be requested through other methods, e.g., via
email)
Cloud service requests are configured and patched
The request is approved (if not already pre-approved)
Automation Execution
Cloud resources are checked (e.g., available capacity)
Service levels (e.g., entitlement, performance measurement, and service termination agreement) are associated with the
requester and the service requested
Configuration management stores cloud component configurations and component cloud service relationships, aiding
cloud governance decisions and the service management process
Cloud governance makes placement decisions and cloud service verification, and initiates automation execution
Cloud usage and capacity is analyzed with the data provided to cloud governance to make change recommendations on
workload movement and capacity allocation
The network address is applied with the appropriate network access
Package configurations and policies are applied to the cloud service
The packaged image is distributed to the cloud and installed
Upon completion, the installation is checked and verified
The cloud service is activated
Product licenses are assigned
Cloud configuration is updated as part of a new image (ongoing activity)
Patches are applied to the cloud service as part of a new image (ongoing activity)
84
Optimize Roles
At the Optimize level, more roles become stakeholders as the cloud environment increases in stability and service breadth. An
internal IT cloud organization focused on brokering cloud services, both internal and external, provides the business with greater
options at a known cost and value.
Optimize Technology
85
Technology
Network Automation
Server Automation
Database Automation
Middleware Automation
Cloud Provisioning
Orchestration
Cloud Service Portal
Applications
Performance
Management
Cloud Governance
CLM
Cost Recognition
Configuration Mgmt.
Cost Management
Image Library
Service Catalog
Capacity Management
Availability Monitoring
Service Level Mgmt.
Component Container
Change Management
Service Management
End-User Monitoring
86
Figure 65: Cloud Service Automation Levels Mapped against the Automation Value Model
Each automation level along the path builds on the value from the previous one; however, as the automation increases in
sophistication, the requirement for IT organization readiness increases. Whereas provisioning may reside entirely in one IT
operations team, service provisioning may require the involvement of development, all flavors of IT administration (e.g., server,
network, database, storage, and application), service managers, change managers, application release managers, and
representatives from the lines of business. The diagram above matches the Cloud Services Automation levels against the five levels
from the Automation Value Model.
87
Automation Strategist
An automation strategist may be responsible for the development of IT automation strategy and/or automation processes
and solutions to implement strategy. Actual job titles may vary by organization and depth of responsibility, such as
automation strategy architect, automation architect, automation specialist, or automation evangelist.
The automation strategist is a relatively new position reporting to the director of operations or, in IT organizations where
automation is a competency, the automation director. Automation strategists in large organizations often act as the bridge
between enterprise (solutions) architects, application architects, and cloud architects.
The automation strategist is a highly seasoned IT professional who has successfully led projects in either software
development, IT operations, or IT service managementideally in a variety of roles. The automation strategist is primarily
focused on strategic design considerations of the automation environment and is instrumental in the design of tactical
decisions such as the development of automation processes. As such, the automation strategist must be able to share and
communicate ideas clearly, both orally and in writing, to executive staff, business sponsors, and technical resources in
concise language that is the parlance of each group. Accordingly, the automation strategist role is not designed to deal with
day-to-day operational issues, but to help business units leverage automation for the greatest value.
The automation strategist has skills spanning process, people, and technology. These include:
Working with different teams to ensure the automation is embraced and supported across the organization
Identifying and selecting the right technology to enable automated processes with all the required integrations and
controls
IT organizations will need to prioritize the hiring of automation strategists based on primary automation objectives.
Companies that need to build automation around a specific IT domain area will recruit from personnel with domain-specific
technical background, whereas companies requiring the development of cross-domain automation processes will need to
look to personnel from service management.
Key Responsibilities:
Define and document the automation processes, best practices, standards, automation frameworks, and
implementation strategy.
Communicate the business case for automation initiatives to executive and business sponsors.
Analyze current state of IT processes and prioritize automation projects according to business value.
Maintain, improve, and implement an automation framework across the IT organization, including clear value
metrics.
Collaborate with project teams to strategize and align long-term solutions for automation including roadmap, tools,
framework, and approach.
Create white papers and technical documentation, and communicate automation processes to project teams and
testers.
Provide leadership, guidance, training, and mentoring to project teams and automation engineers for the
implementation of automation processes and best practices.
88
Desired Experience:
IT automation knowledge, including familiarity with a range of automation technology (e.g., workload brokers,
orchestration tools, and script toolkits) and how each is used to support an automated process
Experience working with product development teams to ensure future versions of specific products have the
functionality required to support strategic automation objectives
Research, test, and recommend new and/or complementary technologies offered by various vendors that can
contribute to automation initiatives
Establishment of best-practice frameworks to automate specific tasks, procedures, and activities that are optimally
suited to automation products
Experience and comfort with complex heterogeneous IT infrastructure, including existing IT platforms, as well as a
variety of operating systems, middleware, and applications
Familiarity with how IT automation is used to support development, IT operations, and IT service management
Organizations planning to redesign IT service processes to better serve the business should consider experienced
personnel in the IT service management organization.
Organizations planning to automate IT infrastructure activities should consider experienced, proven personnel in the
IT operations team with expertise and knowledge of scripting, management tools, integration methods, and
practices.
Organizations planning to automate processes for application development, testing, and deployment should
consider experienced personnel in software engineering.
Then build out your automation competency team with subject-matter expert (SME) specialists who have the experience to
add value for critical solution areas.
89
Automation Engineer
The purpose of this position is to implement, operate, and improve the automation infrastructure and processes. Actual job
titles may vary by organization and depth of responsibility, such as automation architect, automation specialist, automation
administrator, or automation lead.
This position is responsible for the day-to-day operations involving the automated deployment of software and
configuration packages. This position will identify repetitive tasks and activities that may be performed more efficiently
through automation. He/she will also identify critical workflows, such as system failover and fallback during disaster
recovery operations, which could be performed in a more reliable/predictable fashion through automation.
The automation engineer plays a pivotal role in achieving quantifiable operational benefits through the implementation of
automation best practices. The position automates repetitive/critical workflows within IT operations and collaborates with
operations managers and staff in replacing those processes with automated practices. The on-going objectives of the
automation engineer position are to facilitate the migration of operational work to progressively lower tiers of the support
organization enabled by automation, the wholesale elimination of existing work practices, and the reduction of operational
risks that could potentially impact business operations.
Key Responsibilities:
Identify existing operational tasks, procedures, and activities that could benefit from automation.
Collaborate with key members of IT, specifically those individuals responsible for incident, problem, and change
management, to identify chronic operational issues that require extensive staff time to remediate. The problem
and change managers will assist in identifying historical situations where human error triggered or prolonged
operational outages.
Assist in the creation of business cases for automating specific processes that clearly delineate prospective
benefits in terms of labor savings, incident reduction, risk reduction, etc.
Install and configure specific automation solutions.
Drive adoption of automation solutions throughout IT and mentor staff members in using specific automation
tools.
Monitor the efficiency and effectiveness of automation practices post implementation, and validate achievement
of business case benefits.
Desired General Experience:
IT automation knowledge and skills, both broad and deep, including familiarity with a range of automation
technology (e.g., workload brokers, orchestration tools, and script toolkits) and how each is used to support an
automated process
Experience and comfort with complex heterogeneous IT infrastructure, including existing IT platforms, as well as a
variety of operating systems, middleware, and applications
Familiarity with how IT automation is used to support development, IT operations, and IT service management
Desired SME Experience:
Depth with specific IT components and related tools is required to ease implementation. The following describes several
specific SME roles to fill out the automation competency team.
Provisioning & Configuration
General systems knowledge and experience, including:
UNIX and Windows knowledge: Application server administration
Network knowledge: The ability to log into network devices to troubleshoot connection and command actions
Must understand the different kinds of devices within their own environments
Specific systems knowledge and experience, including:
Platform-specific network installs: Oracle Solaris Jumpstart, AIX network installation manager (NIM), HP-UX
Ignite/UX
Multi-tier application design and support: For server automation for initial deployment and then ongoing support
90
Networking knowledge: To support remote agent connection problems and more importantly network boot
protocols (PXE)
Patching specialist: Patches from vendors for servers operating systems and applications
Specific systems knowledge and experience, including:
Windows specialist: To create patching update packages, jobs, and other content in server automation
UNIX specialist: Create patch update packages, job, and other content in server automation
Orchestration
Patching and compliance as well as provisioning and configuration solution areas require specific orchestration knowledge
and experience, including:
Scripting languages: ability to leverage existing scripts and also to create new ones
Windows specialist: To create packages, jobs, and other content in server automation
UNIX specialist: To create packages, job, and other content in server automation
91
A basic network automation course presents information on how to use network automation to administer networks on a
day-to-day basis. This course provides extensive hands-on exercises with the software user interface and covers all major
aspects of using the software. It familiarizes the student with different troubleshooting techniques and effective
administration techniques. Students should receive in-depth presentations and demonstrations by expert instructors.
Hands-on lab exercises in a virtual environment provide the opportunity for practical application of the presented concepts,
methods, and procedures.
Basic Server Automation: This course should introduce students to the core components that comprise the server
automation environment and the user interface used to provide end-user functionality. Through examples, students learn
about key benefits and features of the software. Students will also learn about the architecture of the server automation
solution, and concepts and terminology related to product functionality.
Advanced Server Automation: This course is designed for administrators responsible for administering and maintaining the
server automation environment. Students should learn how to plan and scale the server automation environment using
best practice techniques; plan and apply best practice techniques to security and access management; perform application
release management; configure a PXE-based provisioning solution, NSH scripts, and the command line interface (CLI).
92
93
Provision
The table below summarizes the key calculations required to quantify the metrics for the Provision level.
Metrics Factors
Data/Formulas
IT component build
process steps
IT component build
process step time
Number of annual IT
component builds
Annual provisioning
time
Labor rate
Percentage of labor
time provisioning
Work hours/year
Number of provisioning
errors found during
validation check
Total number of
provision configuration
changes
Number of
provisioning-related
incidents
Total number of
production incidents
Cost
Calculate the
cost to
provision
environment
Risk
Determine
provisioning
quality/consi
stency risks
Time
45 minutes
30 minutes
30 minutes
25 minutes
4 hours
94
Not
Not
95
Configure
The table below summarizes the key calculations required to quantify the metrics for the Configure level. The examples
below introduce the concept of component groups: logical groupings of IT infrastructure that share a similar operating
system, service/function, configuration, location, support team, etc. There are many ways within IT to logically group
infrastructure. We have left this exercise to the reader, as you will know how to best apply the following calculations, based
on your unique logical groupings. What you must understand is all of the groups, and the components within each group,
that fall under IT operations management.
Value Factor
Measurement
Objectives
Metrics Factors
Speed
Calculate total
time to audit &
configure
environment
Cost
Calculate the
cost to audit &
configure
environment
Risk
Determine
change risks
Data/Formulas
Number of IT components
Number of audit cycles/year
Time to audit configuration
state per component
Number of package
deployments/year
Time to install & verify
package
Number of incidents
resulting from change
Total number of production
incidents
Total number of changes
Number of changes rolled
back due to failure
96
Before After Annual Component Group Audit Time: 600 10 = 590 hours
Before After Total Annual Audit Time: 2,600 43 = 2557 hours
Before After Package Annual Package Deploy Time: 35 0.5 = 34.5 hours
Figure 72: Configure Speed Metrics Example
Not
Before After Annual Component Group Audit Cost: $24,000 - $100 = $23,900
Before After Total Annual Audit Cost: $104,000 -$440 = $103,560
Before After Annual Deployment Cost: $2,450 - $35 = $2,415
Figure 73: Configure Cost Metrics Example
Auditability of changes
97
Change Incident Rate: (24 change-related incidents/ 83 total incidents) x 100 = 29%
Failure Rate: (11 changes rolled back / 230 total changes) x 100 = 4.7%
Figure 74: Configure Risk Metrics Example
Coordinate
The table below summarizes the key calculations required to quantify the metrics for the Coordinate level.
Value Factor
Measurement
Objectives
Metrics Factors
Data/Formulas
Speed
Number of IT
components
Time to audit
component
configuration
Number of
component audits
cycles/year
Number of manual
pre-execution steps
Time per preexecution step
Time to perform ad
hoc capacity analysis
Number of ad hoc
capacity analyses
required per year
Annual
Configuration
Discovery Time
Total Pre-Execution
Time
Annual Ad Hoc
Capacity Evaluation
Time
Labor rate
Number of failed
requests
Total number of
requests
Calculate time
to increase
integration
across request
process
Cost
Calculate the
cost of request
fulfillment
Risk
Reduce error
rate in request
fulfillment
Annual Configuration
Discovery Time: Components
x Audit time x Audit cycles
Total Pre-Execution Time:
Step time1 + Step time2 + Step
time3 +
Annual Ad Hoc Capacity
Evaluation Time: Analysis
time x analysis frequency
Annual Configuration
Discovery Cost: Annual
Configuration Discovery Time
x Labor rate
Pre-Execution Cost: Total PreExecution Time x Labor rate
Annual Capacity Evaluation
Cost: Annual Ad Hoc Capacity
Evaluation Time x Labor rate
Request Failure Rate: (# of
failed requests / total # of
requests) x 100
98
Before After Annual Configuration Discovery Time: 80 hours - 40 minutes = 79+ hours
Before After Total Pre-Execution Time: 8.75 - 1.5 = 7+ hours
Before After Annual Ad Hoc Capacity Evaluation Time: 42 hours - 6 minutes = 41+ hours
Figure 76: Coordinate Speed Metrics Example
Not
99
On Demand
The table below summarizes the key calculations required to quantify the metrics for the On-Demand level. Note that at
this level, the company must evaluate more than just the direct labor costs associated with offering the service. Other
direct/indirect costs must be included to accurately reflect the full cost of providing the service. Direct service costs include
support, problem, change, and release activities. Indirect costs include other supporting functions for the service such as
shared infrastructure and LAN; job scheduling; monitoring; and discovery and configuration management activities. It may
be easier to evaluate these costs on a monthly basis or other budget interval.
Value
Factor
Speed
Measurement
Objectives
Metrics Factors
Data/Formulas
Calculate total
time for request
fulfillment
Cost
Calculate the
cost to provide
on-demand
services
Risk
Determine
efficacy of ondemand
capabilities
100
Not
101
Not
Time spent reviewing existing processes for continual improvement, changing business needs
102
Patch
The table below summarizes the key calculations required to quantify the metrics for the Patch level.
Value
Factor
Speed
Measurement
Objectives
Metrics Factors
Data/Formulas
Calculate total
time to patch
environment
Cost
Calculate the
cost to patch
environment
Risk
Determine
patching
compliance
# of elements currently
meeting the policy (in
compliance)
# of elements that require
compliance
103
Time
5 minutes
10 minutes
10 minutes
15 minutes
40 minutes
104
Before After Annual Component Group Patch Cost (simple): $48,930 - $525 = $48,405
Before After Annual Component Group Patch Cost: $35,000 - $7,000 = $28,000
Before After Total Annual Patch Cost: $129,000 - $26,400 = $102,600
Figure 86: Patch Cost Metrics Example
Not
105
Assess
The table below summarizes the key calculations required to quantify the metrics for the Assess level. Assessment can be
performed against a policy on a component, on a group of components, and across the entire enterprise. The examples
below demonstrate assessment performed against components and component groups. To understand the speed, cost, and
risk across the enterprise, perform the example calculations below for each applicable policy and to all applicable
component groups, and then add the times and/or costs for each group together to solve for the entire environment. Risk
should be evaluated not across the enterprise as a whole, but in chunks no larger than component policy groups. This is so
proper risk assessment and, later, remediation can be planned to address the highest/higher risk areas first.
Value
Measurement
Factor
Objectives
Speed Calculate total
time to audit
environment
Metrics Factors
Data/Formulas
Number of IT components
Number of policy
configurations per
component
Average audit time for each
configuration
Number of audit cycles
Cost
Risk
Determine risk of
undiscovered
configuration
issues
106
Before After Component Policy Audit Time: 3.75 hours - 7.5 minutes = 3.6 hours
Before After Component Policy Group Audit Time: 93.75 3.1 = 90.65 hours
Before After Total Annual Policy Audit Time: 1247.5 58 = 1189.5 hours
Figure 89: Assess Speed Metrics Example
107
Comply
The following table summarizes the key calculations required to quantify the metrics for the Comply level. Compliance can
be performed against a policy on a component, on a group of components, and across the entire enterprise. The examples
below demonstrate compliance performed against individual components. To understand the speed, cost, and risk across
component groups or the enterprise, perform the example calculations below for each applicable policy and to all
applicable component groups, and then add the times and/or costs for each group together to solve for the entire
environment. Risk should be evaluated not across the enterprise as a whole, but in chunks no larger than component policy
groups. This is so proper risk assessment and remediation at this maturity, can be planned to address the highest/higher
risk areas first.
Value
Factor
Speed
Measurement
Objectives
Metrics Factors
Data/Formulas
Number of components
currently meeting policy
Number of components
that must meet policy
Number of failed
remediations per cycle
Total remediations per
cycle
Calculate time
to identify outof-compliance
configurations
and bring them
back into
compliance
Cost
Calculate the
cost of
compliance
violation
discovery and
remediation
Risk
Calculate
configuration
compliancerelated
exposure risk
108
Before After Component Policy Remediation Time: 6.75 hours - 4.5 minutes = 6.7 hours
Before After Component Policy Verification Time: 4.5 hours - 2.3 minutes = 4.5 hours
Before After Component Policy Compliance Time: 11.4 hours 14.3 minutes = 11.1 hours
Figure 93: Comply Speed Metrics Example
109
110
Intelligent
The following table summarizes the key calculations required to quantify the metrics for the Intelligent level. Note that at this
level, compliance is an on-going process where new components are discovered, existing infrastructure is monitored for
violations, pre-approved remediation occurs, and all phases are governed by change management, automatically. To
determine the value of this process, it must be compared to a more typical compliance process that is kicked off with an audit
and includes many manual handoffs between automation steps, including approvals. With intelligent compliance, tickets are
automatically created and manual intervention is limited to managing exceptions, reviewing reports, and refining the
process.
Similar to the example calculations in earlier levels, the examples below show how to solve for value not at the enterprise
level, but at a smaller subset. Knowing the totals for each of these subsets (i.e., by process, by logical component grouping, or
by policy) relevant to business need, an enterprise-wide view can be determined.
Value
Factor
Speed
Cost
Risk
Measurement
Objectives
Metrics Factors
Data/Formulas
Number of handoffs in
overall process today
Average cycle time
incurred during each
handoff
Time to create, update,
and close change ticket
Approval time
Component Policy
Compliance Time
Labor rate(s)
Cycle Time
Component Policy
Compliance Cost
Change Record Time
Calculate
configuration
compliance-related
exposure risk to the
IT environment and
the IT services
provided to the
business
Number of components
that must meet policy
Components by service
Number of compliant
components
Policy type (e.g.,
regulatory, operational,
or security)
111
112
113
Cloud Characteristics
Cloud descriptions can vary wildly. Some consider the cloud a remote IT service provisioned through a self-service portal,
whereas others may consider the cloud to be a mix of virtualization and scripting. According to the U.S. National Institute of
Standards and Technology (NIST), cloud computing is:
a model for enabling ubiquitous, convenient, on-demand network access to a shared pool of
configurable computing resources (e.g., networks, servers, storage, applications, and services) that can
be rapidly provisioned and released with minimal management effort or service provider interaction
This NIST cloud description is widely accepted as an accurate middle ground containing all the key characteristics.
114
Greater detail on the five NIST cloud computing characteristics descriptions are reproduced below (figure 101) for
convenience.
Cloud Characteristics
On-Demand
Self-Service
Broad Network Access
Resource Pooling
Rapid Elasticity
Measured Service
Definition
A consumer can unilaterally provision computing capabilities, such as server time and network
storage, as needed automatically without requiring human interaction with each service provider.
Capabilities are available over the network and accessed through standard mechanisms that
promote use by heterogeneous thin or thick client platforms (e.g., mobile phones, tablets, laptops,
and workstations).
The provider's computing resources are pooled to serve multiple consumers using a multi-tenant
model, with different physical and virtual resources dynamically assigned and reassigned according
to consumer demand. There is a sense of location independence in that the customer generally has
no control or knowledge over the exact location of the provided resources but may be able to
specify location at a higher level of abstraction (e.g., country, state, or data center). Examples of
resources include storage, processing, memory, and network bandwidth.
Capabilities can be elastically provisioned and released, in some cases automatically, to scale
rapidly outward and inward commensurate with demand. To the consumer, the capabilities
available for provisioning often appear to be unlimited and can be appropriated in any quantity at
any time.
Cloud systems automatically control and optimize resource use by leveraging a metering capability
at some level of abstraction appropriate to the type of service (e.g., storage, processing,
bandwidth, and active user accounts). Typically this is done on a pay-per-use or charge-per-use
basis. Resource usage can be monitored, controlled, and reported, providing transparency for both
the provider and consumer of the utilized service.
Figure 101: NISTs Essential Characteristics Definitions (source: SP800-145.pdf)
Cloud Drivers
Cloud drivers are the motivations for delivering a cloud service. The cloud use case and cloud user drive the type of cloud
environment required and how it must be managed.
Cloud Driver
Cloud Use Case
Cloud User
Definition
Influences the deployment, management, measurement, compliance requirement, and cost for each cloud
service. This can range from clouds that are low/no cost and short-term/disposable, with minimal IT
component options (e.g., single OS/hypervisors), to long-term strategic clouds for mission-critical applications,
with multiple cloud providers and significant IT component heterogeneity.
Can include both internal and external users, software developers, IT operations personnel and service
managers.
Figure 102: Cloud Driver Definitions
115
Definition
Provisioning
Adding and removing IT infrastructure components. This can be the loading of an operating system or
hypervisor, or a full-stack (a golden image clone) deployment that includes all relevant software and
databases.
Configuration
Collecting, organizing, analyzing, changing, and reporting configuration data. Configuration management
can also actively monitor the IT environment for configuration updates and report changes that are made
without authorization or are in conflict with configuration policy.
Capacity
Cloud service capacity is planned and optimized in-line with availability and usage requirements. Capacity is
assessed holistically across all cloud components, allowing capacity to be managed as it relates to IT
services. Capacity managed dynamically provides the information needed to ensure accurate resource
allocation and workload placement.
Service Level
Assigns priority and ensures service delivery meets agreed business expectations.
Service Cataloging
Change
Provides the ability to manage, approve, track, and report changes occurring in the cloud environment.
Service
Monitoring
Monitors the health and performance of the IT infrastructure, application, transactions, and end-user
experience. Aids root-cause analysis and supports the remediation process. At advanced automation levels,
monitoring contributes to the process for adding/removing cloud services, moving resources dynamically,
and providing the intelligence to aid decision-making for cloud service delivery.
Compliance
Ensures adherence to both internal and regulatory policy compliance across different cloud environments,
encompassing cloud configurations and software patch levels.
Orchestration and
Governance
Orchestrates overall process, manages the product-to-product handoffs, coordinates the different
configuration tools, and integrates the tools for data passing and activity activation. As sophistication
grows, the orchestration starts to govern how the cloud environment is managed (e.g., dynamic workload
placement and workload movement).
Costing
Charging against the usage of particular services. Costing includes showback typically used to show IT
service value when an organization is not ready or required to charge for services. Cost management is
integrated with a companys financial applications and used to control, plan, and evaluate IT spend.
Figure 103: Cloud Management Capabilities Definitions
116
Manage
APIs, consolidated
menus with
customization
options.
Cloud capabilities
available over the
network through
different nonstandard
interfaces.
Resource Pooling
Rapid Elasticity
Measured Service
Resources
allocated within
specific cloud
environment.
Resources and
capacity added
when needed
either manually or
through manual
execution of an
automated
process.
Cloud service
measured against
reports from
service
management,
responsiveness,
and customer
satisfaction.
On-Demand SelfService
Broad Network
Access
Govern
Optimize
Cloud User
Image
Manage
Govern
Optimize
Short-term cloud
usage/longer-term business
use cases for capacity, IT
resources, and applications.
Operations, development,
and test.
Operations, development,
test, and lines of business.
117
Manage
Govern
Optimize
Provisioning
Automated deployment
and installation of
resources and capacity.
Configuration
Basic component
configuration. Network
configuration (including
IP addresses) applied
with appropriate cloud
service network access.
Capacity
Service Catalog
Capacity managed as
cloud services and
planned in support of
multi-cloud and hybrid
cloud usage.
Service levels used for
entitlement, workload
placement, performance
measurement, and
service termination.
Service catalog provides
options for workload
placement.
Service Level
Automated package
configurations and policies
applied to cloud service. When
applicable, the cloud
configuration is updated and
patches are applied ongoing
(to new cloud image or live
environment). In some cloud
environments, a component
container is used to group
cloud components to aid cloud
service delivery.
Capacity management
consolidated across all cloud
infrastructures, managed, and
planned across public and
private clouds.
Service levels used to define
cloud service entitlement,
performance measurement,
and service termination.
Change
Change extends
capabilities to include
pre-approval. Change
process includes cloud
service retirement in line
with SLAs.
Service
Monitoring enhanced to
include performance and
availability of the application
from back-end IT infrastructure
transactions to end-user
response times.
Dynamic change
monitored and
associated with service
models. IT infrastructure
health and performance
correlated with end-user
activity and performance.
Cloud configurations that
break compliance are not
deployed; once deployed
are monitored against
regulatory compliance
and corp. policy.
Monitoring
Compliance
118
Orchestration &
Governance
Costing
Configuration, workload
packaging, and service
level data enables
governance for cloud
service placement
decisions (e.g., resource
availability, cloud service
verification, and
automation execution).
Cloud service usage
tracked and evaluated
against costs and budget.
Private cloud cost may be
recognized through
showback but not
charged.
Service Level
Service
Catalog
Change
Service
Monitoring
Compliance
Orchestration
& Governance
Costing
Provisioned environment
(live/image)
configurations updated
Provisioned cloud
services delivered with
pre-defined, optioned, or
requested capacity
Cloud services
provisioned in-line with
service level
Provisioned cloud
services offered through
the service catalog
Provisioning managed
through the change
management process
Configuration
Cloud service
configurations or
configuration
changes delivered
with pre-defined,
optioned, or
requested capacity
Configurations and
configuration updates
made in-line with
service level
Configuration options
and changes offered
through the service
catalog
Configuration
managed through the
change management
process
Capacity
Capacity allocation
and capacity updates
made in-line with
service level
Capacity options and
changes offered
through the service
catalog
Capacity requests and
modifications
managed through the
change management
process
Provisioning processes
requested and supported
through service
management
Configuration
update/change
processes requested
and supported
through service
management
Availability and
performance data
used to guide
configuration
decisions.
Performance data
used to help tune
configuration setup
and changes
IT resources
performance
monitored with data
leveraged to support
capacity decisions
Configurations set
and updated in-line
with corporate policy
and government
compliance.
Configuration
technology used to
monitor for
configuration
compliance drift
Unified configuration
of cloud services
resources across all
cloud types
Cloud services
provisioned in-line with
corporate policy and
government compliance
Unified provisioning of
cloud services (e.g.,
resources, software, and
applications)
orchestrated across
different cloud types.
Capacity
management provides
cloud process
automation with the
data required to
provision, change,
configure, and move
workloads
dynamically across
different cloud
environments
Costs associated with
capacity allocated
and used
Service Level
Services offered
in-line or with
service level
options
Change managed
in-line with
agreed service
levels
Service
Catalog
Services
delivered as
part of the
change
management
process
Offered
services
include the
support
agreement
Service
catalog offers
monitoring
options
Change
Changes
managed
through
service
support to
agreed service
levels
Change
process
incorporates
monitoring
requirements
Services
offered with
corporate
policy and
compliance
regulations
Compliance
regulations
incorporated
into change
processes
Chosen cloud
services
orchestrated
through to
delivery
Change
process
aligned with
orchestrated
cloud service
delivery
Costs aligned
with service level
Costs
associated
with cloud
service
offerings
Service
Faults and
performance
issues
automatically
reported and
managed by
service
management.
Monitoring data
used to aid rootcause and
remediation
processes
Compliance
policies
incorporated into
support
management
activity (e.g.
changes and
updates)
Service support
uses orchestration
to provide
customer support,
diagnose, and
remediate
common issues
and provide
customer services
Service supported
in-line with
price/cost of cloud
service
Monitoring
Compliance
state is
monitored,
measured, and
reported across
all cloud
services
irrespective of
where service is
sourced
Monitoring data
integrated with
the automated
cloud processes
and used to
evaluate cloud
service
availability and
performance and
end-user activity
and satisfaction
IT service
monitored inline with service
cost
Compliance
Orchestration
and governance
used to automate
the processes for
identifying and
remediating
policy and
compliance
issues
Compliance
factored into
cost of cloud
service
Orchestration
& Governance
119
Figure 105: Supporting Function Requirements Must Scale with Cloud Sophistication
Capacity Management
Capacity management is a critical function for successful cloud management. At the lowest value level, capacity
management provides cloud administrators and capacity planners with the ability to monitor cloud component
capacity usage and effectively plan the resources required for additional cloud services. As cloud sophistication
increases, capacity management becomes a critical input to ensure cloud services are automatically provisioned
quickly and reliably. This value is best realized when the capacity technology is able to encompass and group
disparate cloud components, viewing them logically as services (this may include integration with a configuration
database) that span cloud environments. This may mean integrating directly or via a CMP with a public cloud
providers capacity tool APIs. The value capacity management provides cloud includes:
120
Performance Monitoring
Cloud performance monitoring includes monitoring the health of the cloud infrastructure and the performance of
the applications. The output from both contributes to how services are measured (against SLAs) and delivered.
Application performance will include component diagnostics (e.g., the performance of a database), transaction
tracing (e.g., the application-related communication between cloud infrastructure components), synthetic
transaction monitoring (e.g,. a basic response-time measurement between cloud and cloud user), end-user
experience monitoring (e.g., the ability to monitor each application transaction from source to user), and end-user
activity monitoring (e.g., the ability to monitor the IT cloud users application experience from their IT devices). As
the cloud environment grows in sophistication, infrastructure and backend transaction performance monitoring
extends its reach towards the IT cloud user. Monitoring the user provides a more holistic view of overall cloud
service health no matter where the cloud service is sourced, providing visibility into 3rd-party cloud service
performance as show in Figure 106 below.
Figure 106: Cloud Performance Focus Changes with Increasing Cloud Sophistication
Availability Monitoring
Tools that monitor cloud infrastructure health move from component to cloud services spread across different cloud
environments. As cloud environments may change frequently, monitoring tools must discover change as it occurs
and alter their monitoring policies accordingly. The IT infrastructure health status is used to assess the impact on
cloud services measured against SLAs.
At lower levels of cloud sophistication, basic monitoring may be provided as part of the cloud service. As
sophistication increases, basic monitoring contributes to an enterprises overall understanding of the entire cloud
environment and to how cloud services are managed (e.g., an exceeded threshold starts the automation to alter the
allocation of cloud resource).
121
Glossary
This glossary includes definitions of common data center automation and cloud terminology, as well as
other terms used in this document. For many of these words or phrases, BMC builds on and extends the
work of the U.S. Department of Commerces National Institute of Standards and Technology (NIST)
Special Publications (SP) and references these sources where appropriate.
Automation Value Model: BMCs schema that organizes automation into multiple levels of increasing
business value. Examples include Provisioning & Configuration, Patching & Compliance, and Cloud
Services Automation.
Automation level: Refers to the level of practice, procedure, and technology deployment for a given
problem area for execution of business needs. Each automation level is a precursor for the next one,
creating a virtuous cycle of business value.
Broad network access: Capabilities are available over the network and accessed through standard
mechanisms that promote use by heterogeneous thin or thick client platforms (e.g., mobile phones,
laptops, and personal digital assistants (PDAs)). This is one of five essential characteristics of cloud
computing, as defined by NIST SP 800-145.
Cloud Management Platform (CMP): The source for consistent management and delivery of automated
cloud services such as provisioning, configuration management, change management, problem
management, end-user performance monitoring, and tools.
Cloud computing: A model for enabling ubiquitous, convenient, on-demand network access to a shared
pool of configurable computing resources (e.g., networks, servers, storage, applications, and services)
that can be rapidly provisioned and released with minimal management effort or service provider
interaction.
Cloud infrastructure: The collection of hardware and software that enables the five essential
characteristics of cloud computing. The cloud infrastructure can be viewed as containing both a physical
layer and an abstraction layer. The physical layer consists of the hardware resources that are necessary
to support the cloud services being provided, and typically includes server, storage, and network
components. The abstraction layer consists of the software deployed across the physical layer, which
manifests the essential cloud characteristics. Conceptually, the abstraction layer sits above the physical
layer. Defined in NIST SP 800-145.
Cloud native application: An application that was conceived and created to exist as a cloud-based
application.
Cloud migrant application: An application that has ported to exist partially or in its entirety in a cloud
instance but was not originally a cloud-based application.
122
Cloud service brokerage (CSB): A cloud service brokerage objective assumes that an organization,
internal or external, will offer a broad range of cloud services, off-the-shelf and custom, from both
private and public sources. According to Gartner A cloud services brokerage (CSB) plays an intermediary
role in cloud computing. CSBs make it easier for organizations to consume and maintain cloud services,
particularly when they span multiple providers.
Community cloud: The cloud infrastructure is shared by several organizations and supports a specific
community that has shared concerns (e.g., mission, security requirements, policy, and compliance
considerations). It may be managed by the organizations or a third party and may exist on premise or off
premise. It is one of four cloud deployment models, as defined by NIST SP 800-145.
Digital services broker: This is the future of ITs role in pushing the business forward, objectively
evaluating both internal and external services that best allow business units to push out production
applications to customers quickly at the lowest cost, without crashing servers or introducing
vulnerabilities in the corporate network.
Hybrid cloud: The cloud infrastructure is a composition of two or more clouds (private, community, or
public) that remain unique entities but are bound together by standardized or proprietary technology
that enables data and application portability (e.g., cloud bursting for load balancing between clouds).
This is one of four cloud deployment models, as defined by NIST SP 800-145. It is often used incorrectly
in laymans terms to describe a multi-cloud environment.
Infrastructure as a Service (IaaS): A capability provided to the consumer to provision processing,
storage, networks, and other fundamental computing resources, allowing them to deploy and run
arbitrary software, which can include operating systems and applications. The consumer does not
manage or control the underlying cloud infrastructure but has control over the operating systems,
storage, and deployed applications, and possibly limited control of select networking components (e.g.,
host firewalls). This is one of three service models, as defined by NIST SP 800-145.
Measured service: Cloud systems automatically control and optimize resource use by leveraging a
metering capability at some level of abstraction appropriate to the type of service (e.g., storage,
processing, bandwidth, and active user accounts). Resource usage can be monitored, controlled, and
reported, providing transparency for both the provider and consumer of the utilized service. This is one
of five essential characteristics of cloud computing, as defined by NIST SP 800-145. This is also a BMC
cloud management capability that delivers different value at different automation levels.
Key Performance Indicator (KPI): A performance indicator or key performance indicator (KPI) is a type of
performance measurement. KPIs evaluate the success of an organization or of a particular activity in
which it engages. Often success is simply the repeated, periodic achievement of some levels of
operational goal (e.g., zero defects, 10/10 customer satisfaction, etc.). Sometimes success is defined in
terms of making progress toward strategic goals. Source: Wikipedia.
Multi-cloud: An environment where a company has a mix of private, public, hybrid, and community
clouds used and managed in isolation from each other.
123
124
five essential characteristics of cloud computing, as defined by NIST SP 800-145. This is also a BMC
cloud management capability that delivers different value at different automation levels.
Self-service: See on-demand self-service.
Service Level Agreement (SLA): An operational-level agreement (OLA) is a contract that defines how
various IT groups within a company plan to deliver a service or set of services. OLAs are designed to
address and solve the problem of IT silos by setting forth a specific set of criteria and defining the
specific set of IT services that each department is responsible for. Source: whatis.com
Software as a Service (SaaS): A capability provided to the consumer to use the providers applications
running on a cloud infrastructure. The applications are accessible from various client devices through a
thin client interface such as a Web browser (e.g., Web-based email). The consumer does not manage or
control the underlying cloud infrastructure including network, servers, operating systems, storage, or
even individual application capabilities, with the possible exception of limited user-specific application
configuration settings. This is one of three service models, as defined by NIST SP 800-145.
Solution area: Focus areas within the Automation Value Model that demonstrate increasing business
value over multiple automation levels. Examples include Provisioning & Configuration, Patching &
Compliance, and Cloud Services.
125
To learn more about how BMC can help you automate your business, visit bmc.com/passport or call 800.841.2031
126
127