Revision #2

You are currently reviewing an older revision of this page.
Go to current version

When you move from an on-premise environment to a cloud-based one, there is be a fundamental shift in how you think about provisioning and managing your IT services. Because of the increased involvement of third parties such as a CSP (cloud service provider), you have to address areas such as the shift in responsibilities, ownership of components, increased automation and standardization, integration with on-premise systems, effective operational security, comprehensive disaster recovery and delivery of these cloud-based IT services to your users.

The most effective way to address these changes is to use a recognised IT service lifecycle that connects service management principles to everyday IT tasks and activities, and ensures alignment between IT and your business. Although several frameworks exist that can support cloud-based migrations and operations, the foremost of these are the IT Infrastructure Library (ITIL) and Microsoft Operations Framework (MOF).

What Is ITIL?

ITIL offers a broad approach to the delivery of quality IT services. ITIL was initially developed in the 1980s and 1990s by CCTA (Central Computer and Telecommunications Agency, now the Office of Government Commerce, OGC), under contract to the UK Government. Since then, ITIL has provided not only a best practice based framework, but also an approach and philosophy shared by the people who work with it in practice.

ITIL Version 3 (2007) approaches service management from the lifecycle of a service. The Service Lifecycle is an organization model providing insight into the way service management is structured, the way the various lifecycle components are linked to each other and to the entire lifecycle system.

The Service Lifecycle consists of five components. Each volume of the ITIL V3 core books describes one of these components:

A key element of ITIL is that it is both vendor- and solution-agnostic—meaning, the practices encouraged by ITIL can be applied across the board regardless of the underlying technology. The result is that ITIL focuses on the management structure that makes IT successful, rather than on the technology.

What Is MOF?

First released in 1999, Microsoft Operations Framework (MOF) is Microsoft’s structured approach to helping its customers achieve operational excellence across the entire IT service lifecycle. MOF was originally created to give IT professionals the knowledge and processes required to align their work in managing Microsoft platforms cost-effectively and to achieve high reliability and security. The new version, MOF 4.0, was built to respond to the new challenges for IT: demonstrating the business value of IT, responding to regulatory requirements and improving organizational capability. It also integrates best practices from Microsoft Solutions Framework.

Figure 11: Microsoft Operations Framework

MOF consists of a service management lifecycle with three phases and one layer:

This structure comes about because management is something that applies to all phases.

Within that lifecycle are service management functions (SMFs) that relate to those phases. The items in the diamond shapes are management reviews, which focus on key management control points.

With the adoption of cloud-based services, you are looking to provide the following:

  • Reduced IT service costs
  • Improved business agility

MOF can help you achieve these goals by providing a structured framework and process for migrating from your current on-premise environment to the cloud while minimizing risks.

Although all the MOF SMFs apply to cloud migrations to some extent, ones that are particularly appropriate to cloud security are:

  • Policy SMF – this SMF covers security, privacy and acceptable use policies.
  • Team SMF – this SMF helps identify and define roles and responsibilities within the joint team of cloud vendor and your own personnel
  • Governance, Risk and Compliance SMF – this SMF enables you to create an IT Services risk characterization report, which details possible threats and vulnerabilities to your organization’s data and helps you prioritize the risks and create the necessary controls to counterbalance those risks.

Monitoring and Reporting

Monitoring and reporting in cloud-based systems is even more important than with on-premise environments, as you will not have the same level of access to the operating system or the underlying hardware. Hence, you must plan your monitoring and reporting strategy much more carefully and consider closely what monitoring information you need to provide and to whom will this information be disseminated.

However, cloud early adopters such as Microsoft report that if you do move to a cloud-based environment, then the fact that you do not have such close access to the underlying environment can result in an unexpected benefit. Assuming that you do implement an effective monitoring and reporting configuration, the unexpected benefit is the fact that reports about performance, costs, transactions and the like become much easier to access. Rather than waiting for a manager to report to you, you can use a dashboard to extract data directly from the cloud environment.

Factors that you may need to consider when creating an effective monitoring plan for a cloud-based environment include:

  • What information does your organization require to support effective business decisions?
  • Why do you need that information?
  • Where can you get that information from in a cloud-based environment?
  • What mechanism can you implement to extract this information?
  • Who requires access to that information (and who should not get access to it)?
  • How should that information be displayed?

MOF helps you to create a structured monitoring plan through the Service Monitoring and Control SMF.

Contoso provides an example of how this strategy might be implemented with their SaaS payment processing system. The company needs to know information such as:

  • What is the cumulative value of all transactions to date?
  • What is the current transaction value rate?
  • What is the current and cumulative profit from the service?
  • How much is the company being charged for the cloud hosting?
  • What is the rate of return on investment when accounting for income and costs?
  • How long are transactions taking on average?
  • How many transaction failures have there been and what was the cause?

Note that information such as processor loadings, memory usage, data storage and network card statistics are no longer required, as these areas are all handled by the cloud service provider.

Using MOF guidance, the developers implemented comprehensive application instrumentation that enabled end-to-end transaction monitoring. By tying in to the existing monitoring facilities that their cloud provider offered, the company created a bespoke dynamic dashboard that displays different default data according to which logged-on user views the information. In consequence, the organization now has enhanced visibility of its business processes and can deliver real-time monitoring information from its cloud-based environment straight to the right level of management.

Return to Table of Contents

Revert to this revision