oracle dba meets itil and cobit
DESCRIPTION
This paper describes how ITIL and COBIT are relevant for the Oracle DBA.TRANSCRIPT
Oracle DBA Meets ITIL and COBITArchitecture and Infrastructure Track
IOUG Collaborate 09
Mahesh Vallampati
SmartDog Services
Senior Practice Manager
About the Speaker
• Mahesh Vallampati– Career
• Senior Practice Manager at SmartDog Services• Senior Sales Consulting Manager at Hotsos (2 years)• Director of DBA Services at Eagle Global Logistics (2
years)• Practice Manager at Oracle in Consulting(9 years)
– Papers• Several papers presented at User Groups• Published in Oracle Magazine
– Education• Master’s in Electrical Engineering, Texas A&M University
Agenda
• ITIL and COBIT Imperative
• ITIL– What is ITIL and why should I care?– How does what I do map back to ITIL?
• COBIT– What is COBIT and why should I care?– What does what I do map back to COBIT?
• What do I do next?
• Certification
• Q&A
What is ITIL?
ITIL• ITIL Stands for
• Information• Technology• Infrastructure• Library
• Developed• In the 1980’s• Developed as a framework• Started as a guide for the UK Government• Developed Primarily for IT Service
Management
ITIL Evolution• ITIL V1
– Not widely adopted– Developed by British Government
• ITIL V2– Widely Adopted– Very Popular in large organizations
• ITIL V3– Released in May 2007– Too early in the life cycle– More Strategic in its approach
• We will focus on ITIL v2 for now
The Notion of IT as a Service – Technical Expertise to Service Delivery
Before Now
Corporate Department Mentality Service Mentality
Employee Attitude Vendor Attitude
Internally Focused Customer Focused
Technical Focus Customer Focus
Budgeted Cost Managed Cost
Technology for Technology Sake
Technology as a means of achieving competitive advantage
Department Attitude Business Attitude
The Overall ITIL Framework
Service Management• What Service
– Manage the Infrastructure
• Method of Managing the Service– With Quality– Cost Effective
• Business Objectives– Support Short Term and Long Term Requirement
• Service Management– Measure– Control– Manage
• A Process Perspective
Process Perspective - Effective and Efficient
• Effective
– For a given set of inputs, the output matches the prediction
– Defined
– Repeatable
– Reliable
• Efficient
– Effective
– Activities achieved with minimum effort and cost
Why should I care?
Question
• As a DBA, what business are you in?
Answer
• The Service Business
ITIL as a Service Framework
• DBA activities map to a Service Framework• ITIL is the IT Industry Standard Service
Framework• ITIL is also the current management thinking
about IT in general• It is critical then that the DBA understands it
ITIL Mapping to DBA Responsibilities
Service Desk
Service Desk
• A single point of contact for– Issue Resolution– Work Requests Tracking and Completion– Service Availability and Restoration Information
Service Desk
Help Desk
App Support
DBA Support
Business Users
Service Desk
• Service Support• Service Delivery
Service Desk – Service Support
Service Support• Objectives
– Sustain the Quality of Service• Minimize disruption• Effective Triaging• Emphasis on quick restoration of services
– Capture Information• Document issues (incidents and problems)• Assign Ownership• Track Progress• Root Cause Resolution
– Make Changes• Incremental• Group large changes
– Manage Configuration• Identify infrastructure assets and the relationships between them
Service Support
• Incident Management• Problem Management• Configuration Management• Change Management• Release Management
Incident Management• Incident Management
– Defined from a Quality of Service perspective• Reduction• Interruption
– Origination• Monitoring Tools (Any Layer)• Customers Calling Help Desk
– Examples• Running out of tablespace• Performance Brownout• Database Crash
– Response• Restore Normal Operation as soon as possible and determine root cause• Minimize Impact to Business
– Post Incident• Document Root Cause• Statistical Trending
Problem Management• Problem Management
– Definition• Unknown Underlying cause of one or more incidents
– Origination• Incidents• Customers Calling Help Desk
– Examples• ORA-0600 errors for which there is no root cause• Repeated crashes of a database
– Response• Restore Service and Minimize Impact• Higher Emphasis on Root Cause
– Post Problem• Root Cause• Procedures to eliminate recurrence of incidents and problems
Configuration Management• Configuration Management
– Definition• Identify, Record and Report Infrastructure Components or assets
• Relationship to Components
– Origination• An Initiative to record these components
– Examples• List of Servers, Databases etc.
• Versions and Interdependencies, init.ora’s
– Key Aspect• Relationship between assets
– Benefits• Tie back to Incident Management and Problem Management and assist in the
root cause analysis
Change Management• Change Management
– Definition• Reactive - To fix a problem• Proactive – Improve quality of service• Move from one “Defined” state to another
– Origination• Business Requests• Incidents/Problems
– Examples• Code fixes• Database Patches
– Key Aspect• Minimize impact on service quality• Drive Continuous improvement• Back-out Plan
– Benefits• Minimize Risk• Add Value
Release Management
• Release Management– Definition
• Grouping of changes to problems• Enhance Quality of Service
– Origination• Requests for Changes• Projects
– Examples• Database Upgrades• Significant Enhancement to an IT Asset as used by the business
– Key Aspect• More emphasis on testing• Increase functionality to enhance quality of service• Different Stream of Funding
– Benefits• Add Value• Mitigate Risk
Service Support - The DBA Perspective• Issues
– Characterize as• Incidents• Problems
• Changes– Manage as
• Change Management/Release Management• Context
– Configuration• Configuration Items and Relationship to other
configuration items• Is it always the database?• Database Changes Versus Non Database Changes• Rate of Change?
Service Support - Summary
• Emphasis – Customer Focus– Quality of Service– Root Cause Resolution– Issue Lifecycle Management (Change
Management)– IT Asset Lifecycle Management (Release
Management)
Service Desk - Service Delivery
Service Delivery
• Service Delivery is the framework that governs Service Support
• Service Delivery manages the following aspects of Service Support– What Service?– What Service Levels?– What availability levels?– At what cost?– At what Capacity levels?
Service Delivery
• Service Level Management• Availability Management• Continuity Management• Financial Management• Capacity Management
Service Level Management• Definition
– Determine level of service needed to support the business– Provide Specific Targets– The notion of a Service Catalog
• Objectives– Meet Service Level and Operational Level Agreements– Minimize adverse impact on Service Quality Levels
• Manage– Expectations– Cost
• Examples– Online store Application and Database should have 4 9’s
availability– Payment with credit card should complete within 6 seconds
by customer
Availability Management• Definition
– The ability to use an IT Service without interruption– A key indicator of Service Quality
• Objectives– Enhanced Reliability– Enhanced effectiveness of Support
• Manage– Criticality of Information Needs– Process of restoration of Service effectively
• Examples– Mean Time to Restore/Repair Financial Database should be
under an hour– Physical Failover to a remote location for the online store
should be under 2 minutes
Availability Management
• Factors– Reliability– Resilience– Maintainability– Serviceability
• Also encompasses security Management– Confidentiality– Integrity– Availability
Continuity Management• Definition
– Tied to criticality of Business Continuity
– Tied to cost of non-availability of services support
• Objectives– Planning to mitigate risk of non-availability of services
support
– Mitigate impact of risks and threats
• Manage– Time to restore services
– Disaster Recovery Process
• Examples– Failover to remote site for all IT Services
Financial Management• Definition
– Cost effective method for delivering services
• Objectives– Price IT Services– Cost Accounting of Services
• Manage– Budgeting– Accounting– Charging
• Example– Database Licenses– Application Usage Fees
Capacity Management• Definition
– Managing the trade off between cost and capacity– Managing the supply of computing resources with demands placed against
it
• Objectives– Monitor Performance and Throughput of IT Services– Perform Tuning Services for efficient use of infrastructure for key business
tasks– Manage Batch workload to achieve business objectives
• Manage– Workload– Task Performance– Forecast Capacity Demand
• Examples– Batch Processing for month end close in Financial Environments– Identify Key Business Transactions and Optimize them
What should I do next?
Service Delivery – The DBA perspective• SLAs
– Think in term of SLAs– Especially around Database Availability– Document worst case and best case
• Complete recovery from tape• Just Instance Recovery
• Availability and IT Service continuity Management– Is 5 9’s really realistic?– Is there adequate head count?
• Can 2 DBAs really support 7/24/365?– Who owns and manages the DR process?
• Financial Management– Keep Cost in Mind– Ask what is the “unfunded mandate” is
Service Delivery – The DBA perspective• Capacity Management
– Do you know?• Expensive Users• Expensive Applications• Expensive Modules
– Don’t tune first (Eliminate, Re-schedule and Train first)
– When tuning use response time as a guiding framework
– Do you know when you server is going to max out from a capacity perspective?
– Can you tie it back to business usage of the system?
• Get Certified
ITIL Recap
• ITIL is a technology framework
• Brings about a service perspective
• Aligns to Business criticality
• It is important that DBA’s be able to articulate what they do in this framework
• From a performance and capacity management perspective, consider adopting these as key strategies
– Workload characterization
– Response Time Optimization
COBIT
What is COBIT?
• COBIT– Control Objectives for Information and related
Technology (COBIT) – Translated to control of access to data and its
modification– Translates to security
• COBIT Evolution– December 2005, COBIT 4.0– May 2007, COBIT 4.1– Available and Supported at ISACA.org
So what is COBIT anyway?• COBIT
– An IT Governance framework
– Bridge Gap
• Control Requirements
• Technical Issues
• Business Risks
– Enables
• Clear Policy Development
• Good Practice
– Emphasizes regulatory compliance
– Obtain increased value from IT
– Enables alignment
– Simplifies implementation
COBIT and RACI Charts
• The good thing about COBIT is it tell us the accountability structure for the sub processes and steps.– Responsible– Accountable– Consulted– Informed
• The benefit is clear accountability and ownership
COBIT Overview – Plan and Organize
Plan and OrganizeResponsi
bleAccountab
leConsult Inform
PO1 Define a Strategic IT Plan and direction
X
PO2 Define the Information
Architecture X X
PO3 Determine Technological
Direction X X
PO4 Define the IT Processes,
Organization and Relationships
X
PO5 Manage the IT
Investment X
PO6 Communicate
Management Aims and Direction
X
PO7 Manage IT Human
Resources X
PO8 Manage Quality X
PO9 Asses and Manage IT
Risks X X
PO10 Manage Projects X
COBIT Overview – Acquire and Implement
Acquire and Implement
Responsible
Accountable
Consult Inform
AI1Identify Automated
SolutionsX X
AI2Acquire and
Maintain Application Software
X X X
AI3Acquire and
Maintain Technology Infrastructure
X X X
AI4Enable Operation
and UseX X X
AI5Procure IT Resources
X X X
AI6 Manage Changes X
AI7Install and Accredit
Solutions and Changes
X
COBIT Overview – Deliver and Support
Deliver and SupportResponsib
leAccountabl
eConsul
tInfor
m
DS1Define and Manage Service
LevelsX X
DS2 Manage Third-party Services X X
DS3Manage Performance and
CapacityX X X
DS4 Ensure Continuous Service X X XDS5 Ensure Systems Security X X XDS6 Identify and Allocate Costs XDS7 Educate and Train Users X
DS8Manage Service Desk and
IncidentsX
DS9 Manage the Configuration XDS10 Manage Problems XDS11 Manage Data X
DS12Manage the Physical
EnvironmentX X
DS13 Manage Operations X
COBIT Overview – Monitor and Evaluate IT Processes
Monitor and Evaluate IT Processes
Responsible
Accountable
Consult
Inform
ME1Monitor and Evaluate IT
ProcessesX X
ME2Monitor and Evaluate
Internal ControlX X
ME3Ensure Regulatory
ComplianceX X
ME4 Provide IT Governance X
Quick Survey
• What Controls does your company subscribe to?– COBIT– SOX Subset of COBIT– ITIL– COSO– Homegrown– No control framework
So what do I do about COBIT?
• As a DBA, start thinking about what your RACI is.
• Does the security system you have pass COBIT muster?
• Can you pass a COBIT audit?
• Do the people in your organization believe that change control belongs to the DBA team?
• Who keeps tracks of changes?
• Can you prove that you made a change?
• Sit down with your management and understand what the expectation is
• Can the expectation be met?
• Will the expectation change?
Certification
Certification
• ITIL Certification– Several web resources– Get Basic certification– Is not that difficult– Higher levels can be career boosters
• COBIT Certification– Having COBIT is a bonus– Is little bit more harder than ITIL Basic
• Enables camaraderie with auditors and senior staff
AQ&Q U E S T I O N SQ U E S T I O N SA N S W E R SA N S W E R S