An ancient story talks about four blindfolded people who were asked to describe what an elephant looks like by touching the elephant.  The first person touches the elephant’s body and says that an elephant is like a wall.  The second person touches the elephant’s tusk and says that an elephant is like a spear.  A third person grabs the elephant’s nose and says that the elephant is like a snake.  The fourth person grabs the elephant’s leg and says that the elephant is like a tree.

How does this relate to Identity and Access Management (IAM)? Since the introduction of IAM 15-20 years ago, different vendors and customers have “touched” IAM from different angles and define it differently.  Application administrators (customer and vendors) view it as a foundational component, CSOs view at it as a sub-area of security, business owners are more focused on meeting compliance requirements through entitlement and role management, and finally IT operations look at the operational efficiency that can be obtained through automation and self request of access rights.

BMC was one of the first vendors to introduce “User Provisioning” with its Control-SA product line, which has since evolved into a powerful IAM solution.  As a result of that product line, we have adjusted our definition of IAM through the years.  Finally, with the coming of age of the IT Service Management market and the introduction of Business Service Management (BSM), the focus of IT management has shifted from IT administration to the efficient alignment of IT with the business.

Customers adopting BSM as an IT strategy are doing so to reach operational efficiency for IT, ensure IT objectives are aligned with business goals and compliance requirements, and improve end-users experience and satisfaction. Can IAM help an IT organization achieve operational IT efficiency?  Of course!  Improve customer satisfaction?   Yes!  Help comply with regulations?  You bet!   Like the four men and the elephant, by taking off our blindfolds, BMC has placed IAM correctly as an integral part of a larger BSM strategy, and not some set of standalone solutions to disconnected point problems.

As CTO of BMC, customers often ask me how they can integrate their BSM and IAM initiatives.  In this way, they are effectively validating our approach and helping us refine it. Moreover, with the publication of ITIL v3 last year, it was finally acknowledged that “Access Management” (aka IAM) is part-and-parcel of Service Operation, alongside Incident, Problem, Request and Event Management.

For the last several years BMC has been actively engaged in integrating IAM into its service support framework (a core component of our overall BSM offering).  If BMC’s recent financial results are any indication, this more integrated approach has been enthusiastically embraced by our customer base.  We see the IT market shifting to BSM, and much greater acceptance to our vision of IAM being part of BSM than as a standalone offering.  There really is one elephant with multiple parts.

First, let’s be clear about one thing – Business Service Management is neither fast nor easy. BMC introduced BSM to the market in 2003, and over the last 5 years we’ve improved both the way we define BSM and how we go about providing it. But we’re the first to acknowledge that BSM is a journey, not a destination.  We’re also the first to acknowledge that there are multiple routes one can take to complete this journey.

It is important to note that the core components of BSM vary drastically depending on which vendor you ask. At BMC, we focus our BSM strategy around three primary disciplines – Service Support, Service Assurance and Service Automation – all of which integrate with a CMDB. This means a bunch of their data is federated into the CMDB, and they each leverage federated data accessed through the CMDB.

InformationWeek editor Michael Biddick recently published an article dissecting the BSM market. In the article, the author contrasts the approach of  two “niche vendors,”– Compuware Vantage and Managed Objects – with that of the traditional larger IT service management companies, a la CA, HP and IBM.

The article echoes what we hear consistently from customers – BSM is an impossibility without first having solid processes in place. That’s why we’ve invested heavily to ensure our products align with ITIL best practices. In fact, if there were such a thing as “ITIL out of the box,” we think we have it.  At BMC, we firmly believe that successful IT initiatives balance people, process, and technology. As the adage goes, “there is more than one way to skin a cat.”  And there are any number of IT shortcuts capable of temporarily resolving service issues and outages.  But an IT management architecture built on well-defined processes will always result in a more agile, resilient, and secure IT environment.  And it’s certainly is a prerequisite to one of the critical volumes in ITIL v3 – Continual Service Improvement.

The article also makes an incorrect generalization by suggesting that smaller vendors do a better job of “playing well with others.” BMC – a charter member of the ‘Big Four’ management vendors – provides solutions that operate well in heterogeneous environments and integrate with the broadest range of technologies possible.  This allows organizations to utilize current IT investments instead of replacing and beginning anew.  As we tell our customers every day, a correct implementation of BMC’s BSM strategy makes our competitor products better.  This is a fundamental difference between BMC and our competitors.

Skeptics will always say that there is no such thing as a ‘one-stop IT shop’ that can solve all your problems. That may very well be true.  But reality is that more and more organizations are looking to consolidate vendors and want integrated suites of solutions that do more and require less in terms of resource allocation, time-to-value, etc.  Our experience, and certainly our customers, tell us BMC delivers exactly that.

There's a lot of activity in the marketplace around IT automation, the automation of a wide variety of IT activities.  Unfortunately not all of it is helpful.  Many vendors and not a few IT organizations are assuming that, if automation in general is a good thing, then any automation is better than no automation and automation in any form is good.  So they end up automating IT processes and activities in a relatively undisciplined way, and without any clear or objective sense of what they hope to achieve other than to "lower cost" and "reduce the amount of manual effort involved." 

While these are clearly good objectives, I'm hearing from the more mature IT organizations a much better and more discplined way to think about this.

First, it all starts with process.  IT organizations who are thinking seriously about automation must first think seriously about process.  Identify those key IT processes, document them, train people on how to follow them, and then put measurement mechanisms in place to capture a number of key performance indicators to track how well people are following these processes and how well these processes are working.  Also identify process owners, because this is what they do.  This is Process 101, and any decent process engineer can help you set this up.  This initial set of processes should be good processes (or "good practice") but don't try to make them perfect; we'll get to that in a moment.

As an aside here, you can even use some process tools (either generic process tools or IT-specific process tools) built for this purpose.  There are some good ones available, they have the ability to collect the essential key metrics already built-in, and many come with good IT processes out-of-the-box.  Some also have the ability to support the automation of elements of these processes, and that's a clear bonus; more on this in a moment.

Second, start using the metrics collected to do two essential things:

1. Determine where the processes are not working and fix the process.

2. Determine where people are not following the process and fix the people.

Let the organization run a bit, and then do the second step again, and again, and again, and don't ever stop.  This second step is called "Continuous Process Improvement," and it's at the heart of what Dr. Deming tried to teach us so many years ago.  You may also find you're not collecting the right metrics, so you can fix that along the way as well.

Now, several things should be clear from this description.  The first is that Deming was right: good practice is what you can get from others (in books, in software, in tools, etc); best practice is what a process-mature IT organization gets after plugging good practice into the above CPI algorithm.

The second is why you shouldn't spend too much time trying to fine-tune the processes in their initial implementation.  Let your CPI program do that for you.  Overwhelming experience teaches us that.

The third is that automating good practice (i.e. automation purchased out-of-the-box) isn't nearly as effective in the long run as automating best practice.  So we get the real payoff when we add a third step to the CPI activity above:

3. Using these same all-important key metrics, identify those processes or process steps that can be automated and that are expensive (time, money, people), error-prone (lots of human error), or both, and automate them.  With this approach, it's now possible to approach the automation of most IT activity in a disciplined, thoughful, and goal-oriented way.

So, what we learn is that buying automation out-of-the-box may have short-term benefits, but is ultimately short-sighted, since you've traded off best practice for good practice where automation is concerned.  Second, automation isn't something you buy but something you do when paired with the right approach, the right metrics, and plugged into a larger process improvement paradigm.  Third, the IT industry is still in its infancy at learning how to do this correctly, but we have the benefit of seeing how others industries did this, and there are many of them.  More on this in a future post.

_____
tags: Deming |  IT |  automation |  improvement |  maturity |  process

If your company isn’t using an IT and business dashboard, they should consider it. Executive dashboards, which we refer to as BSM dashboards, can help different parts of an IT organization and different lines of business, who are the business stakeholders in IT, make better, more informed decisions. It can give them a set of views that break down the barriers, not only within IT, but between IT and the business. But not any dashboard will do. It should be based on ITIL processes. One of the benefits is that it can provide a much more mature IT process view for IT based on ITIL best practices. Think of the dashboard as the vehicle by which both IT and business stakeholders can, through using subsets of data that come out of the CMDB, get a consistent view of what's happening in IT across all the various stakeholders.

What a difference the right dashboard can make…what a view.

_____
tags: Atrium |  BSM |  CMDB |  IT |  dashboard

Several major factors are driving the emerging industry trend of “greening” the data center. First, many IT organizations have reached — or are approaching — the power and cooling capacity limits of their data centers. As a result, it’s difficult to accommodate or expand the IT infrastructure. They still have to respond to continually increasing demands for business services that require more servers, more storage, and more network elements. Another concern is that energy costs are high and rising to the point where power and cooling now account for a significant portion of IT operations costs. Finally, organizations are coming under increasing pressure to become good corporate citizens by reducing their power consumption to conserve energy.

Over-provisioning is a major contributor to excessive power consumption in the data center is. Organizations have created dedicated, siloed environments for individual application loads, resulting in extremely low utilization rates. The result is that data centers are spending a lot of money powering and cooling many machines that individually aren’t doing much useful work. Some are even sitting idle. The business benefit of “greening” the data center through consolidation and virtualization is optimizing power efficiency to gain maximum work output per watt consumed. This will help reduce operations costs. It will also permit organizations to continue to expand services to meet increasing business demands without requiring additional power and cooling. This is particularly important to organizations that have already reached the power and cooling limits of their data centers.

_____
tags: IT |  data center |  greening |  power |  trends

What makes people successful? Early in my career, I was given the guidance to make listening to customers a priority. I think listening has a lot to do with being more effective. For me, learning how to listen to customers, and really understand the customers’ problems, has helped make it possible to solve them. It’s critical that I spend as much time, or even more time, in an active listening mode, and hear about the challenges our customers face and learn about some of the things they're trying to accomplish. By actively listening, I can make sure that what we're doing for them as a company remains business relevant, and continues to deliver value. Really listening can also help you in areas well beyond your job, and a make a difference in the way you relate to people who are important to you. If you don’t believe me, just ask my wife.

_____
tags: CTO |  career |  customer service

There is a lot of “ITIL® talk” and buzz about Business Service Management (BSM) on conference calls and in boardrooms these days. It’s not like the dot-com bubble. This is real.  But what are the CIO and their teams doing about it? They should be asking “What do we need to do to get the full value from our Business Service Management initiatives? How do we streamline, link and optimize our IT and business functions?”

What’s in it for you? It amounts to huge efficiencies for your operation. Then come bonuses, career advancement, and glowing compliments from your team. (Okay, that was a stretch). Or how about, your competition may be implementing BSM right now? Does that do it for you?

Because having one place to go to get a “single version of truth” about the underlying configuration of your IT environment is rapidly evolving from a “nice to have” to a “must have” for all kinds of reasons.  I mean, imagine what the Internet would be like without having a set of top-level authoritative Name Servers (the Internet’s single version of truth).  Chaos, that’s what.

So, even without ITIL, a new CMDB can offer IT a much greater level of control over what’s happening in their organization. A well-configured CMDB can automatically monitor configuration items (CIs) — their location, status, and relationships to each other — and consolidate diverse data sets, while ensuring compliance. This capability ensures assets are used effectively (not overbuilt). That function alone greatly reduces costs.

Going even further, a BSM-oriented CMDB offers an accurate picture of available assets and their use, and serve as a true synchronization and coordination point for all IT processes. This capability ensures assets are used effectively (not overbuilt).

A recent Forrester Research report (April, 2006), titled ‘Implementing BSM,’ states “As 76 percent of the IT budget goes to operations, firms that implement BSM can potentially save 25 percent of their overall IT budget.” They went on, “Developing true BSM systems requires understanding the metrics business users employ to decide if IT is providing value, and linking these metrics and their associated business services to IT infrastructure components.”

Forrester predicts the number of large companies (with revenues over $1 billion) implementing BSM will triple over the next two years.

It’s connecting the dots

ITIL has a number of goals for configuration management.  Some of the most important ones are: account for all the IT assets and configurations within your organization and its services; provide accurate information on relationships and documentation to support all Business Service Management processes; build a sound basis for Incident Management, Problem Management, Change Management, and Release Management;  provide verification of the configuration records against the infrastructure, and correct any exceptions swiftly and easily.

If you build it, the benefits will come – right off the bat

CMDBs are available with ITIL-compatible, preconfigured tools that integrate easily with varied supporting applications. This capability greatly lowers the time and cost to deploy services. Next, identify your current IT data collection processes. Create a list of services that your IT group provides to end users. This is critical, because with it you go to key business areas to determine the services that the business department sees IT providing. Once you know what services IT is doing for your business units, you’ll have a good idea of what you are not currently providing and what you’ll need to add to populate your new CMDB. Without a CMDB, organizations run the risk of over-provisioning because they cannot track which assets are used for which purposes, or which are available for much more use. 

Here is a small real-world example: the service desk, help desk, or run-time monitoring tools capture events from a variety of different sources. Those events are filtered, standardized, and prioritized based on severity, scope, or impact on the business using information contained in the CMDB. This automatic action opens a trouble ticket that the support staff can further prioritize, based on the goals and priorities of the ITIL business processes used to filter events. The process is automated and much more repeatable, and eliminates the slow, manual burden typically used with prioritizing and filtering which can also bring in human error.

A good “training manual” is available to get you up to speed -- Innovation: Information Technology and Business – now available in PDF. It includes articles by each member of BMC’s Thought Leadership Council and covers a large selection of IT/business topics.

Let’s talk. Give me your comments.  Is your IT department on the right track with BSM? And let’s get together for some stories at BMCUserWorld in San Francisco, August 28 – September 1.

_____
tags: BSM |  CIO |  CMDB |  Change Management |  Forrester |  ITIL |  Problem Management |  Release Management

Remember the classic line by Humphrey Bogart in “Casablanca,” "Louie, I think this is the beginning of a beautiful symbiotic relationship."  Well, the line was “beautiful friendship,” but I’m making a point about open source technologies.

The point is that IT companies big and small “in all the world” exist in symbiosis with mutually satisfying relationships, whether we want to recognize it or not.

The smaller, newer, more agile, and perhaps more innovative vendors need the larger, more stable incumbents with their robust products and solutions applied to tried and true business functions, and the incumbents need the smaller, newer, startups for their new ideas. We each benefit from the other. Trying to spin this as survival of the fittest is faulty thinking and could very well stifle the innovations that will come from open source technologies.

What is BMC’s stance on open source engineering?

At BMC, we believe the open source approach is a critical and vital part of a high-tech, innovation-driven landscape.

We’re an active supporter of the open source community: We support and manage all the leading open source technologies, including Apache, JBOSS, and Linux, among others.

We’re a customer too. We use a large number of open source technologies within a number of our solutions.

We plan, on a regular basis, when to release parts or all of our solutions into the open source community, believing the open source players are one of a number of viable mechanisms for creating, extending, and strengthening the systems management solutions available to the market.

We look forward to the efforts of the Open Management Consortium being successful, and we look forward to exploring ways to engage with the member projects and companies in ways that benefit us all – beautiful friendships.

We will always have Paris by the bay. That is...if you come to BMCUSERWORLD in San Francisco, August 29 through September 1st, for five days of learning, networking and idea swapping. Visit http://www.bmc.com/userworld2006/ for details.

For more details on open source trends, including a snippet from a recent Forrester paper, visit http://open-management.com/2006/05/18/yes-bmc-agrees-that-we-exist-in-symbiosis/

_____
tags: Linux |  Open Source |  Open Standards |  Open Systems |  UserWorld

Houston – BSM has landed

As Business Service Management (BSM) continues to attract new followers in Fortune 500 steel blue canyons and fresh, Bermuda green corporate campuses, BMC Software this week launched its second generation Atrium Configuration Management Database (CMDB) and Automated Discovery products from its Houston headquarters. These are the BSM foundation technologies that enable customers to implement a business/IT network.

BSM not only began here at the BMC Houston testing grounds, it has been ‘genetically altered’ the past 18 months. (In IT years, that is a lifetime).  It’s a full generation ahead in scope and function of other software solutions. I like to say it is pre-integrated, out-of-the-box software. BMC’s foundation technologies include proven, light-weight, customer-validated second generation software. BMC has the entire package. These are not buzz words about products on the horizon. These are working solutions, available now and succeeding now all over the world where we have implementations. We are activating business with the power of IT today. Our BMC marketing slogan is pure fact.

We took the BS out of BSM

Let me simplify, BSM is managing IT from the perspective of business.

And at BMC, we deliver BSM benefits to customers faster than any other software company. Many of the top IT companies, our competition, have found out the magnitude of importance of BSM. There ads are starting to sound a lot like BSM. In reality, they are still working on these areas in their labs, and their CMDBs are really just retrofitted monolithic databases and more versions of slow, top-heavy data barges.

At BMC, we understand what data should be in a CMDB, and what data shouldn’t be there. BMC labs know that customers want a robust, practical, fault-tolerant CMDB that won’t be a single point of risk in their datacenter like the ‘frameworks’ of 10 years ago. Working directly with customers, BMC knows organizations need a single, consolidated view of an IT infrastructure from a single graphical dashboard. With BSM, you will reduce service and help desk costs, lower the risk of business shut downs, and gain an IT infrastructure built to support your business growth and flexibility.

Here is the closest I get to a marketing pitch

The cornerstone of our new BSM products is BMC Atrium CMDB 2.0. It unifies the sharing of IT configuration and business priority information. BMC Automated Discovery works with BMC Atrium CMDB 2.0 to model all IT-supporting elements – the technology to business processes to the people, managers, staff, partners and customers, and – delivers a single, unified, business-focused view into the IT environment. Taken together, these foundation technologies deliver a detailed, clear insight into how IT supports the business that is not available from any other vendor. As a result, customers can make more educated and calculated IT decisions in support of business goals, which is the essence of BSM. This week’s launch is the first of some 60 new BMC products and solutions taking off this year.

Meet me at BMCUSERWORLD in San Francisco, August 29 through September 1st for five days of learning, networking and idea swapping. Visit http://www.bmc.com/userworld2006/  for details.

_____
tags: Atrium |  BMC UserWorld |  BSM |  Business Service Management |  CMDB |  CMDB Implementation |  ITIL |  ITIL Process |  ITIL certification

I was interviewed a while back by BMC’s E-Business Director, Mike Smith. He helped me dig up some of the reasons I dove into the computer software field and I remembered some important lessons from early in my career that have stuck with me.

My high school in Hampton Virginia actually had a computer on the campus which was rare in those days, the early ‘70s. I developed a date matching program on FORTRAN for a fundraiser and fell in love with computer science.

I enrolled at Cornell and the first day I looked for a professor in the engineering school and told him “I want a computer science degree.” Few schools had that kind of specialization then, but Cornell had a college scholar curriculum where I worked with an academic sponsor to combine some engineering classes with computer programming classes.  I was among the first to graduate with a computer science degree. A guy in my fraternity designed course work in agriculture, botany and some chemistry and ended up with one of the first degrees in winemaking.

I graduated with a BA and a “checked box Master’s degree”. That was the consolation prize for those who didn’t perform a dissertation for a Doctorate. That was fine with me. I enjoyed all the esoteric theories of computer science, but I wanted to apply the systems in the real world. A Bell recruiter who was one of my professors looked me up and, of course I was blown away (late ‘70s speak) and was hired on the spot.

The first task I was given at Bell Labs was to develop a patch in a running C program. At Bell, you could never take the switch down. If you take the switch down, no phone calls will occur in that neighborhood, “not gonna happen” (‘80s lingo).

It took us a couple of months. We modified the operating system, modified the micro system, the stacks. It was a perfect problem, it covered multi-disciplines. I had to look across the whole set technical areas, how the compiler works, how assemblers work, how linkage editors work, how the process image sits in the memory during run time.

We got our solution patented in record time, just 18 months. The Bell attorney said it was the fastest patent he’d every worked on. It was my first patent, and one I’m still proud of. I worked at Bell for a total of 12 years. I thought I’d be a 35-year employee, and I’d never leave, I loved the management solutions we created.  About six years into my career, divestiture hit. We were split up. We had to search for other business models. Bell/AT&T next went into the computer business.

Western Electric did all the manufacturing in phenomenal facilities in Okalahoma City. Engineers from across around the world would study the plant. Bell designed things well, with Total Cost of Ownership (TCO) in mind.  We designed equipment to last 15, 20, even 30 years. That extra engineering would improve the TCO with a dramatic drop in service and recall issues downstream. For example, our engineers would use 100 mil gold coating on switches. That type of quality helped build Bell into the world’s best telephone system, but this was a new world. Computers have a 3- to 5-year life span, so gold plating standards are 10 mil. Meanwhile, back at the OK ranch, the top engineers wouldn’t budge. They had the power to say “We use 100 mil plating and that’s it!

It was part of the organization’s DNA.

We did the market research to find out what we could sell our computers for and found that we would lose more than $100 on each unit. Our products couldn’t compete.  The economics had changed. So the state-of-the-art Oklahoma plant was shut down. The very values that created the mighty company became fatal.

That has stuck with me. Be mindful of the DNA of your organization. I have a filter now running a program in my head. Among the first things I’ve looked into here at BMC was to ask, “What are the givens? And why?” Be very mindful of your company’s answers. Do those values and mission statements still serve us or do they harm us?

If you have a few minutes, visit TalkBMC and listen the “Hidden Podcasts”, Part 1 and Part 2. I think you’ll enjoy them and get something out of them. Let me know what you think.

_____
tags: Bell Labs |  CTO |  Open Source |  Open Standards |  Open Systems