Malcolm Fry | Enterprise architecture, European style

While U.S. federal agencies scurry to get their enterprise architectures in line, their British counterparts have been deploying another framework altogether for managing IT—the IT Infrastructure Library.<@SM>

While U.S. federal agencies scurry to get their enterprise architectures in line, their British counterparts have been deploying another framework altogether for managing IT—the IT Infrastructure Library. ITIL is a set of best-practice recommendations and common IT definitions covering incident, problem, configuration, change management and other IT functions.ITIL may be catching on stateside as well. Earlier this month, IT professionals packed the rooms of a modest ITIL conference in Washington. One of the best-attended talks was by Malcolm Fry, a Colchester, England-based consultant, and an adviser for BMC Software Inc. of Houston, who is considered the creator of ITIL. GCN caught up with Fry afterward.Fry: I was working at a business that did consulting, and I was frustrated about service management. It seemed to me that these were things we should be doing, but no one was. And so I wrote some books. They’re obviously out of print now—since they were published in the Middle Ages—on service desks, problem management, change management, that sort of thing. And one day, the folks who were writing the first ITIL book contacted me and asked to use my books as a reference point. Since then I have been involved on and off with ITIL throughout the last 20 years.Fry: The British government was the driving factor. The government had many computer centers, and each one was audited. Auditors were finding it very difficult to go from one center to another, as they had to relearn everything. Each computer center was doing the same things, but in a different way. [Officials] wanted to agree on a common set of processes with a common terminology. It had to be flexible enough to work in different environments, but at the same time be rigid enough so that you wouldn’t want to change it too much.Fry: Say you wanted to upgrade some software, and I was a person who was assigned the request for the change. The first thing I would do is to go to the configuration management database, the CMDB, and see who else is using the server where the software [to be upgraded] resides, and what other services are on that server. I want to get the potential impact. I can tell which of the workstations have version 6 of the software, and which have version 7.I can see the scope of my work immediately. We may have 400 workstations, and 70 of them have the wrong version. Now, it may not just be a case of changing the versions. Maybe the reason the older version of that software is there is that the machines aren’t capable of running the new version. So suddenly your little project that was only going to cost $1,000 would involve replacing 70 workstations.Now what would happen [before ITIL] is that we would do the change and find that the upgrade doesn’t work on those 70 workstations. We then have go back to the old version and 330 people are not happy because the [new software] they have been using for half a day has been taken back out again.If you’ve got CMDB and good change management, you ask questions at the right time.Fry: With companies like BMC Software [], the software is so good and so well designed around ITIL that you almost have ITIL out of the box. I think you still need to look at your processes, but I don’t think you need to go to the level of depth that you went to 10 years ago when most of this software didn’t exist.Maybe what we’re seeing is a slowly moving trend in IT, where you realize you have to work out of the box. If you bought a payroll package of software, and it wasn’t quite the same as you do payroll now, you probably would just change the way they do payroll a little bit to utilize the software. You wouldn’t design from scratch what you think would be the perfect payroll system. Chances are you’ll just go with what is there. So you take Microsoft Word out of the box and you can run it. You can do a lot of tailoring to Word, but no one ever does it.Fry: Exactly. And if you change it too much, when a new version comes out, you’ll have to do a lot of work to make that new version work. Ideally when a version 8 comes out, and if I use version 7 more or less out of box, I can just upgrade with little problem.Fry: To my mind, ITIL is, to some degree, enterprise architecture. I don’t see a reason [why], when you have six different service desks in an organization, you can’t have one process that they all follow and one database that they all put their incidents into.Fry: Credibility. ISO’s credibility is huge. An independent auditor is going to measure against a given standard, so I, as a business manager, can know the standard and get an independent auditor to see that it’s carried out. Nothing against my IT department, but it makes me feel comfortable to know that they are working on something I can understand.It’s also a much better target. Rather than having a project to just improve things, it is much better if I have a deliverable. Basically, your mission statement is right there in front of you—ISO. So in a year or two, we want to apply for an auditor to come in and measure us against ISO. It is a very clear target.Fry: The speed of growth of ITIL in the States at the moment is phenomenal. The best thing to do is look at the local interest groups, the ITIL Service Management Forums. Five years ago, there were three, if I remember. Now there are nearly 40. One or two a month are signing up, rather than one or two a year.




GCN: How did you start ITIL?



GCN: Why was there a need for ITIL at the time?



GCN: In your talk, you mentioned how ITIL could be used in change management, where an application could be upgraded without affecting its users. How would that work?









GCN: How well does the commercial software industry support ITIL?

www.bmc.com



GCN: A lot of agencies don’t want to customize too much so that they can stay within the upgrade cycle of the software. ...



GCN: How similar is ITIL to enterprise architecture?



GCN: In December 2005, the International Organization for Standardization ratified ISO 20000, a set of specifications for auditing and certifying IT management processes through ITIL. What will the ISO certification offer?





GCN: Do you see ITIL growing more popular in the U.S.?

NEXT STORY: Army to require built-in security