IT Management for a New Style of IT

world collide.pngA collision is occurring. A collision between the old world if ITSM and the worlds of cloud, of agility and continuous deployment, and of mobility.

 

In the “old world”, the apps all ran in the data center. In the “old world”, we did four releases per year and no-one really complained if each release “sat at the door of the datacenter” for a month or two.

 

In the “old world”, the apps ran either as fat clients on a PC or as thin clients within a web browser. In the “old world” the idea that a toothbrush would contain an app, an app which connects to the internet at that, would be considered laughable.

 

This is all changing.

 

Whole apps or parts of apps are being delivered by cloud service providers. 

 

Apps are being revised weekly, and the business demands that the modifications get released within days of the testing completing.

 

Everyone wants mobile apps – with support for Android tabs and phones and iOS tabs and phones. And now, everyone is talking about smart devices and arrays of remote smart sensors.

 

So, as cloud, agility and mobility crash into our traditional datacenter-controlled world, what is the impact on IT management? What does IT management “post collision” look like?

 

Let’s take a step back and look at the business’s view of this “collision of four worlds”. Their view is, “regardless of how IT decides to deliver the solutions we use, we still need them to be performant, secure and compliant. We require them to look after our the Enterprise’s data without losing it. And we require that changes be made without loss of uptime or performance”.

 

And how does IT deliver all of the above? Through availability and performance management systems, through automated compliance monitoring systems, through security systems, through automated change and change control. But these systems have to take into account the “new worlds”.

 

Availability and Performance

We need to be able to manage availability and performance in a “hybrid environment” where some application components run in the data center and some run in the cloud.

 

It’s the interrelationship between the application components that is important here. We need a model of the application, and we need to be able to figure out, should there be a performance problem, which component is causing it. Naturally, the model of our hybrid application must be discovered – if it’s a manual modeling process, it just isn’t going to happen.

 

Part of this will include the ability to continuously check the performance of cloud providers. If, for example, you use a cloud provider for your blogging platform, you’ll need to check that the service is hitting its SLAs for page viewing, new blog posting, and so on.

 

We need to be able to manage availability and performance of both “traditional” apps (web or thick PC client) and of mobile apps. And, importantly, we need to manage the link to the back-end systems and the back-end systems themselves. I was on the HP stand at the Mobile World Congress recently. And a number of people came up to us and asked, “how do I manage the performance of mobile apps?”  Not a single one wanted just this. What they wanted was the performance of all apps, and the link to the back-end systems that fed the apps.

 

Change Management

Change management needs to be able to automate provisioning across a hybrid environment. We at HP believe in “late binding”. By this, we mean that you shouldn’t have to choose what your apps is going to run on until the very last minute. In other words, you need modeling and automation tools that allow you to choose the “run-time binding” as you deploy, switching at will depending on business need. Thus, you might bind to a cloud infrastructure today, but bring things back in house into the data center in 2 weeks’ time.

 

You need “continuous deployment”. Continuous deployment is the necessary sibling of agile development. It allows you to get your app into production fast so that you can complete the agile feedback loop in a timely manner (Agile breaks down if you don’t get feedback from production systems quickly). Continuous deployment includes…

 

  • Reuse of models across the whole app development lifecycle. So, anything created during design and build is reused in testing, and is reused again in deployment, and is used again in putting the app under management
  • Automation of much of the process as possible – moving from dev into test and from test into production. And automatically putting the application under management. This last step is very important and unless it takes place, there will always be tension between the app dev team and the IT operations team

Change management needs to work with “digital suppliers” – cloud providers. The responsiveness and accuracy of change requests needs to be monitored and managed. Hopefully, you will have an SLA with the cloud provider as regards change. This SLA needs to be managed.

 

Security

“Hardening” of applications using code scanning needs to be able to understand calls out to cloud services.

 

At runtime, security must be managed across hybrid applications.  You need to setup a central security management system that takes all security events, correlates them and gives them overall context. This must include security events from your cloud suppliers.

 

State changes needs to be coordinated very quickly between you and your cloud suppliers. For example, if someone leaves you organization, you need to tell your cloud suppliers so that they can terminate the person’s access.

 

When an application goes from test into production, it needs to be automatically put into the security management models so that its security can be managed.

 

You may also want to have periodic audits on the security of your cloud providers.

 

Compliance

Companies have both regularity compliance and internally imposed compliance standards to adhere to. The compliance requirements are modeled and then automatic compliance scanning is done periodically. This saves a huge amount of manpower and it reduces the duration of any lapse in compliance.

 

When apps go from test into development, the compliance models need to be updated so that the appropriate scanning is done to the application.

 

You need to ensure that your cloud providers adhere to the compliance rules to which the overall application is subject. Compliance is only as strong as the weakest link – if your cloud supplier doesn’t adhere to a compliance regulation, then your whole application doesn’t comply.

 

You may also feel you need the ability to periodically audit your cloud provider to check their compliance claims. The cloud provider may agree to this, but only if an independent body is used.

 

A word on SaaS’ed applications

We are increasingly seeing organizations SaaS’ing their non-core applications – those application that are generic that don’t differentiate the business.

 

One might assume that once an application is SaaS’ed, all management responsibility then goes to the SaaS provider. This is, to a certain extent, true. But Enterprise IT retains some responsibility …

 

Performance

The business doesn’t care that you’re taking the apps they use from a SaaS provider – they still expect IT to find them a service that has good performance.

 

So, you need to monitor the performance of the SaaS provider using the application performance tools you use for your own applications

 

Support Ticket handoff

Do you have a way of handing off incident and change request tickets to your SaaS provider? Do you have an SLA with your SaaS provider for response to tickets? Are you monitoring this SLA to ensure that it is adhered to?

 

Security

Security hand-shakes are important. For example, if someone leaves your Enterprise, you need to ensure the SaaS providers block access to their apps as fast as possible.

 

Compliance

Most SaaS applications will be storing corporate data – data on your employees and data on your customers. In many industries, this data is under compliance regulations. You need to ensure that the compliance regulations are adhered to.

 

Summary

Cloud allows Enterprise IT to focus on creating solutions that differentiate the business, allowing someone else to do what is generic and doesn’t give the business differentiation.

 

Mobile apps increase the value of apps to your customers. And they increase customer loyalty.

 

Agility and continuous deployment allow you to use your applications “as a competitive weapon”, providing new functionality that your competitors can’t match.

 

You can’t use the same performance and availability, compliance, security and change management solutions that you used 10 years ago. They need to evolve the embrace this “new world” of cloud, mobility and agility.

 

But the requirements from the business remain the same, regardless of how applications are delivered, what they run on and what development and deployment methodology is used. Applications must perform, the must comply, they must be secure and changes must be done quickly and to a high level of quality. 

 

Author : Mike Shaw

Leave a Comment

We encourage you to share your comments on this post. Comments are moderated and will be reviewed
and posted as promptly as possible during regular business hours

To ensure your comment is published, be sure to follow the Community Guidelines.

Be sure to enter a unique name. You can't reuse a name that's already in use.
Be sure to enter a unique email address. You can't reuse an email address that's already in use.
Type the characters you see in the picture above.Type the words you hear.
Search
About the Author
Mike has been with HP for 30 years. Half of that time was in R&D, mainly as an architect. The other 15 years has been spent in product manag...


Follow Us
The opinions expressed above are the personal opinions of the authors, not of HP. By using this site, you accept the Terms of Use and Rules of Participation