Simple advice, big payoff

"U.K.'s Office of Government Commerce ITIL"

Don’t be surprised if you’ve never heard of it.

It is, after all, simply a set of books published by a rather unlikely imprint of technology must-reads, the British government. And it’s not as if its name — the Information Technology Infrastructure Library — would catch your eye.

But ITIL, as it’s called, is the spark behind a growing number of IT improvement projects in the U.S. government, with followers in the military, civilian agencies, and many state and local offices. In the technology industry, ITIL’s emphasis on coupling what are typically disconnected IT management routines has been the blueprint for a number of software products and professional services.

It all goes back to the books, the eight titles that methodically describe best practices for keeping IT operations humming and supporting the business processes that rely on them. ITIL’s appeal and value, its proponents say, lie in its avoidance of the fuzzy consultant-speak and all-or-nothing re-engineering agendas that are often the downfall of other improvement schemes.

“When you look at ITIL, it’s really just a collection of IT common sense,” said Andy Atencio, manager of information and technology for Greenwood Village, Colo. “It’s all stuff we knew and said we’d do but never did because no one ever showed us exactly how.”

One example of that IT common sense is tracking help-desk calls for later analysis so employees can identify recurring problems and solve them more quickly. Another example is creating a way to recognize that a rash of problems might be related to a recent software upgrade on a key server.

ITIL might be simple advice, but its application can result in big payoffs. For example, with the help of an ITIL-based consulting service from Microsoft, the Air Force’s Air Combat Command (ACC) has made changes to its IT operations that have increased network availability from a percentage rate in the mid-80s to the high 90s.

Such results are driving the government’s growing interest in ITIL, said Bill Bennett, chief operating officer of the consulting firm Zenetex and president of the Washington, D.C.-area chapter of the IT Service Management Forum USA, an ITIL user education group. Citing industry research, he added that nearly 20 percent of agencies have some sort of ITIL program.

“There’s a good base, and it’s growing like wildfire,” said Bennett, whose firm is working on ITIL projects at the Army Materiel Command and the Pentagon’s Command Communications Survivability Program.

Those who want to hop on the ITIL bandwagon can find plenty of help in the form of training courses, user groups, and ITIL-based software and consulting services. But for many, the journey still begins at the beginning, with the ITIL books.

Something for everyone

Hitting the books is how Atencio got his start with ITIL. A few years ago, he attended a conference on techniques for improving IT operations, and ITIL was on the agenda.

Unfortunately, his department couldn’t afford to hire a consultant or buy one of the new ITIL-based software packages. However, the books were within his budget, so he bought and read them, then started to apply what he had learned.

Now plenty of ITIL resources exist, but if Atencio had been looking 15 years ago, the books would have been his only option. At that time, the British government had just published the first version of the library, with the intention that the books would be for internal use only.

“The idea was to just write down what the best people in industry did [in terms of IT services management] and encourage the U.K. government to do the same,” said Ivor Macfarlane, one of the original authors and now an independent ITIL trainer and consultant. “If it helped the government get one-quarter of 1 percent more efficient, we could save millions of pounds.”

The original authors never guessed how far ITIL would spread. Not long after the books’ release, the principles began to catch on beyond the British government, among companies in the United Kingdom then in Europe and Asia. The ITIL wave finally reached U.S. shores a couple of years ago. Meanwhile, it has become a cottage industry for consultants, training firms and software vendors.

A common refrain for ITIL adherents is that its strength lies in the flexibility and inherent value of the books themselves. “In terms of ITIL commitment, you can do it a little or a lot,” Macfarlane said. “You don’t have to buy anything, you don’t have to sign up with anybody making money on you from this.”

Indeed, Atencio’s use of ITIL underscores that point. “With ITIL, you can take one chapter of one book and implement it, and it can be effective,” he said.

Like most who adopt ITIL’s principles, Atencio first tackled incident and problem management, two of the 11 service management components discussed in the library. The two activities refer to the IT help desk and the systems and procedures used to track calls about IT problems, document fixes and make that information available to other support staff.

Before ITIL, the Greenwood Village IT staff used commercial help-desk software only in a limited fashion, almost as a reminder that users had called with problems, Atencio said.

Now his staff tracks problems and solutions in more detail, categorizing them and linking them to specific equipment and system configurations. The information is saved in a database for easier analysis and retrieval.

“We haven’t quantified it yet, but we know that we’re getting problems resolved much faster because of the increased communication,” he said. “If you don’t document [the fixes], you’re always reinventing the wheel.”

Next on his agenda is finishing work on change management procedures — how the IT staff patches, upgrades, modifies or replaces systems — and then he’ll tackle capacity management, business continuity and financial management operations.

Expanding the principles to those other areas highlights another essential feature of ITIL: Because the processes are related in many ways, organizations can reap significant benefits from integrating them.

“ITIL tries to bring these processes together so that they’re not in separate silos,” Atencio said. “For example, we’ll track everything that goes on with a particular server. If we apply a patch in a change management procedure then see in incident management that we have users on that server who no longer can print, we know why that happened. These relationships are the core of what you’re trying to do.”

Consulting help

While some hit the books, others get their entree to ITIL via a consulting service. That’s the route officials at ACC took when they adopted ITIL principles about two years ago.

Officials at the command’s Network Operations and Security Center were grappling with the complexity of managing networks that support about 95,000 users at 15 air bases. At the time, a servicewide initiative was under way to transfer responsibility for managing equipment such as firewalls, servers and messaging systems from individual air bases and consolidate it at the service’s 10 major commands, ACC being one of them.

The upside of such a consolidation is greater efficiency, but it also comes with risks because simple administration errors can be compounded across many users and systems, said Maj. Joseph Arthur, deputy commander of the 83rd Communications Squadron.

Recognizing that their network support procedures were not always standardized or robust enough to support a higher-stakes role, ACC officials sought help in adding more rigor and discipline to the routines, Arthur said.

They hired Microsoft to assess support operations in the context of the Microsoft Operations Framework (MOF), a collection of best practices, principles and models that draws extensively from ITIL, though it differs in one important way.

“ITIL is descriptive. It describes best-practice processes in an IT operation,” said Steve Larson, operations leader of the Air Force services team at Microsoft. “MOF is prescriptive. It says, ‘Here’s how you do it,’ for our customers using our platforms.”

In February 2004, Microsoft consultants descended on ACC’s operations center for a one-week assessment of help-desk procedures for managing problems, changes, configurations and upgrades. The Microsoft team then issued a report, 10 percent of which was a snapshot of observations and 90 percent of which offered recommendations the command could act on, Larson said.

Center officials immediately started implementing the recommendations, and their work continues. Among the improvements:

• IT managers are better able to identify and prioritize resources for the most critical IT infrastructure problems.


• Managers can track relationships between system changes and network availability.


• A formalized process now exists for requesting, analyzing and approving configuration changes.

“The new processes jumped us up to the next level of professionalism on the network,” said Capt. Jason Cruthirds, ACC’s chief of network services. “The MOF and ITIL process have matured how we handle our network.”

Microsoft consultants have since completed MOF assessments for the network operations and security centers at five other major Air Force commands and are preparing a consolidated report to give top service officials a view of procedures and problem areas at all the commands, Larson said.

Besides Microsoft, dozens of other consultants and IT companies offer ITIL assessments, support and training. For example, Peregrine Systems, which Hewlett-Packard recently acquired, develops software for IT services and asset management, and it also offers free ITIL assessments to prospective customers.

“We’ll go in and do an assessment of where they are from an ITIL perspective, overlay our evolution model, then give folks a road map of how to get there,” said Shannon Erman, general manager of Peregrine’s federal practice.

ITIL software

Using IT management software that supports ITIL best practices is another way for agencies to get started. Peregrine’s ServiceCenter is a suite of nine applications that help organizations implement many of the guidelines spelled out in ITIL, such as best practices for managing incidents and configurations.

BMC Software also incorporates ITIL guidelines in its products, such as the Remedy line of service management applications. Last year the company introduced the Atrium Configuration Management Database, a central repository for information on the configurations of and relationships among items in an IT environment. Using a federated database approach, Atrium can access data from different ITIL service management functions that various BMC applications handle.

“In ITIL terms, the [configuration management database] is the central core,” said Ken Turbitt, BMC’s global best practices director.

The database “is your IT infrastructure source of reference to enable you to understand what you have, where you have it, how it’s operating, and how it influences and connects to the other components,” Turbitt said.

Such databases are one of the hotter topics in ITIL circles. ITIL-related press releases rarely fail to mention the vendor’s database product or strategy for delivering one.

But Bennett said IT managers shouldn’t assume that they need to create a gigantic database in which all configuration data resides. Having separate databases for different processes, such as incident management and change management, is fine as long as they can share important data.

“You don’t have to have a monolithic database, but what you do want to have are databases that have a common terminology and share connections where appropriate,” Bennett said. “Then only keep track of those things that you care about and are going to be meaningful to your business. If you want to query across the enterprise, then there are connecting points to the primary data.”

Organizations interested in buying commercial ITIL software will likely come across so-called ITIL-certified products. For example, a Toronto company called Pink Elephant offers a fee-based product-certification program called PinkVerify, which measures vendors’ products against a set of minimum functional requirements as determined by Pink Elephants’ take on ITIL.

However, as its Web site states, the company’s certification process does not measure compliance because ITIL is not a standard. Instead, Pink Elephant assesses a product’s compatibility with the best practices described in the ITIL framework.

In the end, ITIL comes down to how you do it, as opposed to what you use to get it done.

“There is no such thing as ITIL compliance because ITIL is not a rigid set of rules,” said Atencio, who plans to upgrade to a software package that was modeled on ITIL principles. “It’s not the product, it’s the processes that you use. You can put one of these [certified] products on top of a bad process, but it’s just not going to help you if you don’t have the right process behind it.”