oracle dba meets itil and cobit

Oracle DBA Meets ITIL and COBITArchitecture and Infrastructure Track

IOUG Collaborate 09

Mahesh Vallampati

SmartDog Services

Senior Practice Manager

About the Speaker

• Mahesh Vallampati– Career

• Senior Practice Manager at SmartDog Services• Senior Sales Consulting Manager at Hotsos (2 years)• Director of DBA Services at Eagle Global Logistics (2

years)• Practice Manager at Oracle in Consulting(9 years)

– Papers• Several papers presented at User Groups• Published in Oracle Magazine

– Education• Master’s in Electrical Engineering, Texas A&M University

Agenda

• ITIL and COBIT Imperative

• ITIL– What is ITIL and why should I care?– How does what I do map back to ITIL?

• COBIT– What is COBIT and why should I care?– What does what I do map back to COBIT?

• What do I do next?

• Certification

• Q&A

What is ITIL?

ITIL• ITIL Stands for

• Information• Technology• Infrastructure• Library

• Developed• In the 1980’s• Developed as a framework• Started as a guide for the UK Government• Developed Primarily for IT Service

Management

ITIL Evolution• ITIL V1

– Not widely adopted– Developed by British Government

• ITIL V2– Widely Adopted– Very Popular in large organizations

• ITIL V3– Released in May 2007– Too early in the life cycle– More Strategic in its approach

• We will focus on ITIL v2 for now

The Notion of IT as a Service – Technical Expertise to Service Delivery

Before Now

Corporate Department Mentality Service Mentality

Employee Attitude Vendor Attitude

Internally Focused Customer Focused

Technical Focus Customer Focus

Budgeted Cost Managed Cost

Technology for Technology Sake

Technology as a means of achieving competitive advantage

Department Attitude Business Attitude

The Overall ITIL Framework

Service Management• What Service

– Manage the Infrastructure

• Method of Managing the Service– With Quality– Cost Effective

• Business Objectives– Support Short Term and Long Term Requirement

• Service Management– Measure– Control– Manage

• A Process Perspective

Process Perspective - Effective and Efficient

• Effective

– For a given set of inputs, the output matches the prediction

– Defined

– Repeatable

– Reliable

• Efficient

– Effective

– Activities achieved with minimum effort and cost

Why should I care?

Question

• As a DBA, what business are you in?

Answer

• The Service Business

ITIL as a Service Framework

• DBA activities map to a Service Framework• ITIL is the IT Industry Standard Service

Framework• ITIL is also the current management thinking

about IT in general• It is critical then that the DBA understands it

ITIL Mapping to DBA Responsibilities

Service Desk

Service Desk

• A single point of contact for– Issue Resolution– Work Requests Tracking and Completion– Service Availability and Restoration Information

Service Desk

Help Desk

App Support

DBA Support

Business Users

Service Desk

• Service Support• Service Delivery

Service Desk – Service Support

Service Support• Objectives

– Sustain the Quality of Service• Minimize disruption• Effective Triaging• Emphasis on quick restoration of services

– Capture Information• Document issues (incidents and problems)• Assign Ownership• Track Progress• Root Cause Resolution

– Make Changes• Incremental• Group large changes

– Manage Configuration• Identify infrastructure assets and the relationships between them

Service Support

• Incident Management• Problem Management• Configuration Management• Change Management• Release Management

Incident Management• Incident Management

– Defined from a Quality of Service perspective• Reduction• Interruption

– Origination• Monitoring Tools (Any Layer)• Customers Calling Help Desk

– Examples• Running out of tablespace• Performance Brownout• Database Crash

– Response• Restore Normal Operation as soon as possible and determine root cause• Minimize Impact to Business

– Post Incident• Document Root Cause• Statistical Trending

Problem Management• Problem Management

– Definition• Unknown Underlying cause of one or more incidents

– Origination• Incidents• Customers Calling Help Desk

– Examples• ORA-0600 errors for which there is no root cause• Repeated crashes of a database

– Response• Restore Service and Minimize Impact• Higher Emphasis on Root Cause

– Post Problem• Root Cause• Procedures to eliminate recurrence of incidents and problems

Configuration Management• Configuration Management

– Definition• Identify, Record and Report Infrastructure Components or assets

• Relationship to Components

– Origination• An Initiative to record these components

– Examples• List of Servers, Databases etc.

• Versions and Interdependencies, init.ora’s

– Key Aspect• Relationship between assets

– Benefits• Tie back to Incident Management and Problem Management and assist in the

root cause analysis

Change Management• Change Management

– Definition• Reactive - To fix a problem• Proactive – Improve quality of service• Move from one “Defined” state to another

– Origination• Business Requests• Incidents/Problems

– Examples• Code fixes• Database Patches

– Key Aspect• Minimize impact on service quality• Drive Continuous improvement• Back-out Plan

– Benefits• Minimize Risk• Add Value

Release Management

• Release Management– Definition

• Grouping of changes to problems• Enhance Quality of Service

– Origination• Requests for Changes• Projects

– Examples• Database Upgrades• Significant Enhancement to an IT Asset as used by the business

– Key Aspect• More emphasis on testing• Increase functionality to enhance quality of service• Different Stream of Funding

– Benefits• Add Value• Mitigate Risk

Service Support - The DBA Perspective• Issues

– Characterize as• Incidents• Problems

• Changes– Manage as

• Change Management/Release Management• Context

– Configuration• Configuration Items and Relationship to other

configuration items• Is it always the database?• Database Changes Versus Non Database Changes• Rate of Change?

Service Support - Summary

• Emphasis – Customer Focus– Quality of Service– Root Cause Resolution– Issue Lifecycle Management (Change

Management)– IT Asset Lifecycle Management (Release

Management)

Service Desk - Service Delivery

Service Delivery

• Service Delivery is the framework that governs Service Support

• Service Delivery manages the following aspects of Service Support– What Service?– What Service Levels?– What availability levels?– At what cost?– At what Capacity levels?

Service Delivery

• Service Level Management• Availability Management• Continuity Management• Financial Management• Capacity Management

Service Level Management• Definition

– Determine level of service needed to support the business– Provide Specific Targets– The notion of a Service Catalog

• Objectives– Meet Service Level and Operational Level Agreements– Minimize adverse impact on Service Quality Levels

• Manage– Expectations– Cost

• Examples– Online store Application and Database should have 4 9’s

availability– Payment with credit card should complete within 6 seconds

by customer

Availability Management• Definition

– The ability to use an IT Service without interruption– A key indicator of Service Quality

• Objectives– Enhanced Reliability– Enhanced effectiveness of Support

• Manage– Criticality of Information Needs– Process of restoration of Service effectively

• Examples– Mean Time to Restore/Repair Financial Database should be

under an hour– Physical Failover to a remote location for the online store

should be under 2 minutes

Availability Management

• Factors– Reliability– Resilience– Maintainability– Serviceability

• Also encompasses security Management– Confidentiality– Integrity– Availability

Continuity Management• Definition

– Tied to criticality of Business Continuity

– Tied to cost of non-availability of services support

• Objectives– Planning to mitigate risk of non-availability of services

support

– Mitigate impact of risks and threats

• Manage– Time to restore services

– Disaster Recovery Process

• Examples– Failover to remote site for all IT Services

Financial Management• Definition

– Cost effective method for delivering services

• Objectives– Price IT Services– Cost Accounting of Services

• Manage– Budgeting– Accounting– Charging

• Example– Database Licenses– Application Usage Fees

Capacity Management• Definition

– Managing the trade off between cost and capacity– Managing the supply of computing resources with demands placed against

it

• Objectives– Monitor Performance and Throughput of IT Services– Perform Tuning Services for efficient use of infrastructure for key business

tasks– Manage Batch workload to achieve business objectives

• Manage– Workload– Task Performance– Forecast Capacity Demand

• Examples– Batch Processing for month end close in Financial Environments– Identify Key Business Transactions and Optimize them

What should I do next?

Service Delivery – The DBA perspective• SLAs

– Think in term of SLAs– Especially around Database Availability– Document worst case and best case

• Complete recovery from tape• Just Instance Recovery

• Availability and IT Service continuity Management– Is 5 9’s really realistic?– Is there adequate head count?

• Can 2 DBAs really support 7/24/365?– Who owns and manages the DR process?

• Financial Management– Keep Cost in Mind– Ask what is the “unfunded mandate” is

Service Delivery – The DBA perspective• Capacity Management

– Do you know?• Expensive Users• Expensive Applications• Expensive Modules

– Don’t tune first (Eliminate, Re-schedule and Train first)

– When tuning use response time as a guiding framework

– Do you know when you server is going to max out from a capacity perspective?

– Can you tie it back to business usage of the system?

• Get Certified

ITIL Recap

• ITIL is a technology framework

• Brings about a service perspective

• Aligns to Business criticality

• It is important that DBA’s be able to articulate what they do in this framework

• From a performance and capacity management perspective, consider adopting these as key strategies

– Workload characterization

– Response Time Optimization

COBIT

What is COBIT?

• COBIT– Control Objectives for Information and related

Technology (COBIT) – Translated to control of access to data and its

modification– Translates to security

• COBIT Evolution– December 2005, COBIT 4.0– May 2007, COBIT 4.1– Available and Supported at ISACA.org

So what is COBIT anyway?• COBIT

– An IT Governance framework

– Bridge Gap

• Control Requirements

• Technical Issues

• Business Risks

– Enables

• Clear Policy Development

• Good Practice

– Emphasizes regulatory compliance

– Obtain increased value from IT

– Enables alignment

– Simplifies implementation

COBIT and RACI Charts

• The good thing about COBIT is it tell us the accountability structure for the sub processes and steps.– Responsible– Accountable– Consulted– Informed

• The benefit is clear accountability and ownership

COBIT Overview – Plan and Organize

Plan and OrganizeResponsi

bleAccountab

leConsult Inform

PO1 Define a Strategic IT Plan and direction

X

PO2 Define the Information

Architecture X X

PO3 Determine Technological

Direction X X

PO4 Define the IT Processes,

Organization and Relationships

X

PO5 Manage the IT

Investment X

PO6 Communicate

Management Aims and Direction

X

PO7 Manage IT Human

Resources X

PO8 Manage Quality X

PO9 Asses and Manage IT

Risks X X

PO10 Manage Projects X

COBIT Overview – Acquire and Implement

Acquire and Implement

Responsible

Accountable

Consult Inform

AI1Identify Automated

SolutionsX X

AI2Acquire and

Maintain Application Software

X X X

AI3Acquire and

Maintain Technology Infrastructure

X X X

AI4Enable Operation

and UseX X X

AI5Procure IT Resources

X X X

AI6 Manage Changes X

AI7Install and Accredit

Solutions and Changes

X

COBIT Overview – Deliver and Support

Deliver and SupportResponsib

leAccountabl

eConsul

tInfor

m

DS1Define and Manage Service

LevelsX X

DS2 Manage Third-party Services X X

DS3Manage Performance and

CapacityX X X

DS4 Ensure Continuous Service X X XDS5 Ensure Systems Security X X XDS6 Identify and Allocate Costs XDS7 Educate and Train Users X

DS8Manage Service Desk and

IncidentsX

DS9 Manage the Configuration XDS10 Manage Problems XDS11 Manage Data X

DS12Manage the Physical

EnvironmentX X

DS13 Manage Operations X

COBIT Overview – Monitor and Evaluate IT Processes

Monitor and Evaluate IT Processes

Responsible

Accountable

Consult

Inform

ME1Monitor and Evaluate IT

ProcessesX X

ME2Monitor and Evaluate

Internal ControlX X

ME3Ensure Regulatory

ComplianceX X

ME4 Provide IT Governance X

Quick Survey

• What Controls does your company subscribe to?– COBIT– SOX Subset of COBIT– ITIL– COSO– Homegrown– No control framework

So what do I do about COBIT?

• As a DBA, start thinking about what your RACI is.

• Does the security system you have pass COBIT muster?

• Can you pass a COBIT audit?

• Do the people in your organization believe that change control belongs to the DBA team?

• Who keeps tracks of changes?

• Can you prove that you made a change?

• Sit down with your management and understand what the expectation is

• Can the expectation be met?

• Will the expectation change?

Certification

Certification

• ITIL Certification– Several web resources– Get Basic certification– Is not that difficult– Higher levels can be career boosters

• COBIT Certification– Having COBIT is a bonus– Is little bit more harder than ITIL Basic

• Enables camaraderie with auditors and senior staff

AQ&Q U E S T I O N SQ U E S T I O N SA N S W E R SA N S W E R S