January 2008 - Posts - CA on Service Management

This Blog

Home
Contact

Syndication

January 2008 - Posts

CMDB and Provisioning

Published: January 25 2008, 12:50 PM | no comments
by Robert Stroud

Of course I was delighted when CA CMDB r11.1 received a gold award in SearchDataCenter.com's Data Center Products of the Year 2007. I did think that the title of the award category, "CMDB and provisioning," was quite interesting, especially after just coming off of some itSMF USA planning meetings where we discussed, among other topics, the continued and growing interest in the CMDB and the need for automation to ensure the correct focus, timely updating, and ultimately value, of a CMDB initiative.

"Provisioning" refers to the solution's ability "to supply" or "to fit out" the CMDB-that is to automate to ensure that the appropriate data is loaded and managed. The fact that the other award category titles (i.e. Data Center Automation and Performance Management Tools) did not include the "and provisioning" modifier, though they could have, makes me wonder why CMDB was singled out in this manner. In a way, it was a nod towards an idea I blogged about that beyond the CMDB there is a Configuration Management System or CMS that provides the automated functionality that supports the provisioning of the CMDB.

Whether or not there was a real need to include "and provisioning," there is no doubt that CMDBs devoid of the tools needed to provision are apt to become outdated quickly. Automation of the CMDB is more than advantageous--it is essential to ensure the integrity and practicability of the CMDB.

Share this post:

Tags: CMDB

By: Robert Stroud
Robert Stroud serves as VP and as Service Management, Cloud Computing and Governance Evangelist at CA Technologies. Robert also serves as an International vice president of ISACA, is part of the Framework committee and was the former chair of the COBIT Steering Committee. Robert also serves on the itSMF...
Read More..

CML: Another milestone in the push for interoperability

Published: January 25 2008, 12:44 PM | no comments
by Marvin Waschke

Followers of my blog know that I am sucker for a good standard. I am a shameless idealist. My personal mission is to make IT organizations hum (picture the current VISA commercials) and to ensure that when the inevitable hiccups do occur, the cause is not incompatible solutions from different vendors. While you've seen me blog often about the CMDBf, I've also been working on CML (Common Model Library), another standards initiative that will go a long way towards smoothing the integration bumps that IT organizations may experience.

The CML (Common Model Library) working group, consisting of BEA Systems, Inc.; BMC Software; CA, Inc.; Cisco Systems, Inc.; Dell Inc.; EMC Corporation; HP; IBM Corporation; Intel Corporation; Microsoft Corporation; and Sun Microsystems, has announced the publication of a white paper that describes its plans for specifying a common library of models for use in IT management.

CML is another piece in the vendor neutral IT management puzzle. (You can read the white paper on the CML web site CML Project - Home.) CML is based on SML (Service Modeling Language), developed by a consortium similar to the CML group. The SML consortium has handed off the spec to the W3C (World Wide Web Consortium), which focuses on interoperable technologies to lead the web to its full potential. The W3C is in the midst of their process that will lead to endorsement of SML as a W3C standard. Microsoft began development of the language, then lead formation of the consortium for further inter-vendor development. Microsoft originated SML as a language for describing data center configuration. SML is based on XML Schema and Schematron and is able express constraints on configurations as well and the configuration itself.

SML documents have two parts. One part is a sort of abstract template. For instance, a very simple server might be modeled as an entity with several attributes, like name, physical memory, and disk size. This first part of an SML document is the model. The second part is instances of the model. An instance of our simple server model could be "name: Shasta; phys mem: 8 GB; disk: 100GB." Another instance could be "name: Rainier; phys mem: 16 GB; disk: 300GB." ... and so on. In SML, both the model and the instance are expressed in XML.

SML provides the language to express these models and instances, but not the models themselves.

CML proposes to provide a core set of models and building blocks. The CML group could provide a basic server model, for example. The existence of a universally acknowledged basic service model has important implications. First, each time a server has to be modeled, the modeler could go to the CML server model instead of inventing a new model on the spot. Second, models from the CML will provide some level of interoperability. If a vendor uses a private model of a server, another vendor may not have access to documentation of the first vendor's model. At the very least, the second vendor has to seek access to the proprietary documentation. At worst, the second vendor may be denied access to the first vendor's model because the first vendor has designated it to be private intellectual property. This can be a real obstacle to interoperability.

Interoperability of IT management systems is the real driver for SML and CML, so that the model of an IT component modeled by one vendor is comprehensible to a system built by a different vendor. CML, like the CMDBf, is an acknowledgement by the major IT management software vendors that interoperability is a serious goal for the industry.

Share this post:

By: Marvin Waschke
Marv Waschke is a senior principal architect at CA Technologies. He has represented CA Technologies in several standards groups including the Cloud Management Working Group and Configuration Management Database Federation working groups of the Distributed Management Task Force (DMTF). He is also a member...
Read More..

Sample Implementations Ease Adoption: A Parallel between CMDBf and SNMP

Published: January 15 2008, 09:52 AM | 2 Comment(s)
by Marvin Waschke

To quote Yogi Berra, "it's déjà vu all over again." I could not shake that feeling after reading an article entitled "Providing a CMDBf Query and Registration Service" that appeared in the Eclipse Wiki on the COSMOS project page. Eclipse is an open source community and COSMOS (Community-driven Systems Management in Open Source) is an Eclipse incubator group for building open source systems management tools. (A number of CA developers contribute code to COSMOS.) The Wiki article includes an open source implementation of the CMDBf Query and Registration services. I believe this implementation will go a long way toward promoting the adoption of the new CMDBf specification for federating CMDBs.

Quicker than you can say "disco ball," I was transported back to the eighties, working with one of the most successful standards I have ever worked with: SNMP (Simple Network Management Protocol). The IETF (Internet Engineering Task Force) published the RFCs (Request For Comment) for SNMPv1 in 1988. Around that time, I was consulting at a large aero-space corporation, writing network management software. Of course, RFC 1065, RFC 1066, and RFC 1067 became hot topics soon after they came out and the "yellow book"--Marshall Rose's The Simple Book: Introduction to Network Management--showed up in every cubical. The best part of SNMP was the sample implementation documented for reference that was available over something new: the Internet. I don't remember who wrote it, but I do remember FTPing the sample code down to my work station, poring over it, compiling it, and finally writing it into the tools I was working on.

Without that reference implementation, SNMP probably would not have made it into our tools. We were under no compulsion to follow any particular standard. We were more worried about SNA than TCP/IP at that time anyway. But SNMP was not only simple, it was easy to implement by following the lead of the sample implementation. If it had not been so easy, we probably could not have justified including it in our tools.

I see a lot of similarity between SNMP twenty years ago and the CMDBf spec today. The CMDBf is a great idea, but no one is holding a gun to anyone's head about implementing it. The success of the spec depends on the bang for the buck. The vendors in the consortium have already put money and IP on the table by writing the spec. It's in their interest to implement it. But the rest of the community has to make up their minds based on the return on their investment.

The return is there. I don't think anyone questions that configuration item (CI) management data must be federated, and that vendor-neutral federation makes tremendous sense. The problem is on the investment side. Until there is a critical mass of implementations working together, there won't be much return on any single implementation of the CMDBf services.

Just like the SNMP reference implementation, an open sample CMDBf implementation reduces the investment required to implement CMDBf services, smoothing the way for acceptance.

Share this post:

Meet me in Oman

Published: January 03 2008, 11:10 AM | 2 Comment(s)
by Robert Stroud

For those of you interested in taking the title of my blog literally ("Travels with Rob Stroud"), I invite you to meet me in Muscat, Sultanate of Oman, at the Shangri-La, Barr Al Jissah Resort and Spa on January 21 and 22. I'll be delivering the keynote at the Asia-Pacific Computer Audit, Control and Security (CACS) Conference hosted by ISACA. With more than 65,000 members in more than 140 countries, ISACA is a recognized worldwide leader in IT governance, control, security and assurance, and I'm proud to be a board member. The keynote will feature my thoughts on "Harmonizing COBIT, Val IT, ITIL® and ISO 20000: Best Practices for IT Governance."

I couldn't resist showing you this gorgeous venue. I'll bring you news from the conference in a future blog.

ITIL® is a Registered Trade Mark, and a Registered Community Trade Mark of the Office of Government Commerce, and is Registered in the U.S. Patent and Trademark Office.

Share this post:

Tags: Best Practices Guidance, ITIL, security

ITIL and Security

Published: January 02 2008, 01:35 PM | no comments
by Robert Stroud

The commingling of ITIL® and security has drawn increased attention at the conferences I've attended recently. No doubt security is a hot topic, fueled by highly publicized security exposures.

Though ITIL v3 formally introduces the security concept of Access Management to ITIL for the first time, ITIL processes have dealt with security issues for several years. Five years ago, IT service desks everywhere faced a huge issue in the ever-mounting numbers of password resets needed--a problem caused by the large number of passwords, draconian password change rules and lack of self help capabilities. Password resets represented up to 60% of all service desk incidents in many organizations. Today we have a self help capability for resetting passwords and automated processes to request and automate access. These automated processes are similar to the ITIL v3 processes from the Service Operations volume for Access Management and Self Help and are great examples of business driven automation now promoted by ITIL v3.

Within the security arena there are evolving standards in the ISO 27000 series (the series of standards have been specifically reserved by the International Organization for Standardization (ISO) for information security matters). ISO 27001 is an accepted standard currently in use and is intended to be used in conjunction with the coming ISO 27002, which will replace ISO 17799. ISO 17799 is a generic set of best practices for the security of information systems, considered by some to be the foremost security specification document in the world.

The IT Governance Institute, of which I am a board member, worked with the Office of Government Commerce (OGC) on a paper exploring the relationship between the best practice frameworks COBIT and ITIL with security management as described in IS0 17799. The joint publication on "Aligning COBIT, ITIL and ISO 17799 for Business Benefit" is available for download and is one of ITGI's most requested publications.

I am pleased to advise that a refresh of this document is currently underway and is scheduled for release in the first half of 2008. The new version will provide additional guidance on leveraging COBIT and ITIL to address security issues.

ITIL® is a Registered Trade Mark, and a Registered Community Trade Mark of the Office of Government Commerce, and is Registered in the U.S. Patent and Trademark Office.

Share this post:

Tags: ISACA, IT Governance, IT Service Management, ITIL, ITSM, security

CA Community

January 2008 - Posts

CMDB and Provisioning

Leave a comment

CML: Another milestone in the push for interoperability

Leave a comment

Sample Implementations Ease Adoption: A Parallel between CMDBf and SNMP

Leave a comment

Meet me in Oman

Leave a comment

ITIL and Security

Leave a comment