Current ideas about the use of ITIL in EGEE and at CERN

1. Current ideas about the use of ITIL in EGEE and at CERN Alistair Mills Grid Deployment Cern - 18/07/2007

2. Content • EGEE reviews and recommendations • Review recommendations for JRA2 affecting SA1 • What else is happening within CERN? • What is ITIL (separate presentation)? Alistair Mills - Cern - 19/07/2007

3. EGEE Reviews and recommendations • There is a formal EU review of EGEE about once per year • This is a serious matter, and it takes up a lot of the activities leader’s time to prepare for it and to react to recommendations. The reviewers provide an assessment and a set of recommendations. • Recommendations cannot be ignored. They have to be done unless there is a very good reason! • At the last review (May), SA1 received only two recommendations, both relating to the management and support for VOs • At the last review, JRA2 (QA) received four recommendations, two of them relating to SA1 Alistair Mills - Cern - 19/07/2007

4. Recommendation 41 • JRA2 and project-wide. Review and assess existing best practices for IT service management and information security, such as relevant ISO standards and ITIL. Feed this into any proposals for successor projects to EGEE-II. • Follow-up industry standards and best practices for IT service management, such as ISO/IEC 20000-1/-2:2005 and ITIL will continue during the second period of the project. For instance a dedicated session will be organised with ETICS during EGEE’07. • An EGEE ITIL group has been set-up. The goal is to start to assess ITIL best practices. One of the concrete case study is the ITIL evaluation for ENOC. Then we will further evaluate some ITIL process [1] such as Incident & Problem Management, Availability Management. • The work EGEE-III proposal will contain proposals to extend this work. [1]ITIL Service support & Service delivery • Service support: Service Desk; Incident Management; Problem Management; Change Management; Release Management; Configuration Management. • Service Delivery: Service Level Management; Availability Management; Capacity Management; IT Service Continuity Management; Financial Management. Alistair Mills - Cern - 19/07/2007

5. Recommendation 42 • Introduce further measures of robustness and reliability beyond the current metrics of job success and bug numbers. In particular, consider (a) introducing timeseries data as well as snapshot data and (b) providing more finely-grained data. The aim should be to produce data on a per component basis to really assess the increased stability of each gLite component over time. • The project is currently progressively implementing the metrics defined in MSA1.1. A webpage will be available by October 2007 in order to gather available metrics: • Size metrics (CP, KSpecInt/VO, Storage, users, etc) • Operation metrics (Availability, ROC ticketing, etc) • Usage metrics (Job, data transfer, CPU, storage) • User support tickets • Services metrics ( RB, LFC, SRM, FTS, VOMS, DBII, CE, R-GMA, Myproxy) • http://egee-docs.web.cern.ch/egee-docs/list.php?dir=./mig/test_implementation/& • The QAG and MIG (Measurements Implementation Group) of SA1 in collaboration with Dashboard team will ensure that the program of metrics is defined and implemented as described in recommendation 42. Alistair Mills - Cern - 19/07/2007

6. What EGEE is doing - summary • There were two sessions about this at EGEE06 with external speakers • There will be at least one session at EGEE07 • A lot of interest from Gabriel Zaquine of JRA2 • A lot of interest from Mathieu Goutelle of SA2 • Formed an ITIL interest group with ‘volunteers’ • Group has met twice, and will meet again in September • Meets in Lyon – strong French influence • Trial implementation of some ITIL ideas in SA2 in 2007 • Things will be added to the EGEE-III proposal Alistair Mills - Cern - 19/07/2007

7. What is CERN doing about ITIL • Alan Silverman is leading an interest group • I have been ‘volunteered’ to this by Ian • Mail list available- anyone can subscribe • it-itil-interest@cern.ch • 13 members of the mailing list • No meeting yet • The mail discussion (not logged) has discussed: • Pervasive nature of ITIL • Need for training • Cultural changes required to make it work • Not something to be undertaken lightly • Need for strong management commitment if it is to be successful • Resource contraints Alistair Mills - Cern - 19/07/2007

8. That’s all for the background Questions • Questions? Alistair Mills - Cern - 19/07/2007

9. That’s all for the background • Questions? Alistair Mills - Cern - 19/07/2007

10. Recommendation 43 • Introduce internal auditing in the quality assurance and related activities (IT service management, information security) to fully implement the PDCA process. • wrt Security Management System (ISMS) , the milestone MJRA2.2.1 “Security audit, strategy and Pan”, has been provided and progressively implemented (security code review : VOMS, RGMA, FTS, glexec, etc). • wrt IT Service Management (ITSM), several assessment mechanisms have been set up • At the project level: • PEB weekly meeting and All-activity meetings (AAM) on a quarterly basis • Quarterly and Periodical reports; • Users survey • EU reviews • On demand of the PEB, specifics audits could be required • At the activity level (e.g. SA1): • ROC weekly meeting • Activity metrics • Partner reviews • Deliverables: starting with Plan and followed with Annual assessment reports (GGUS, Security, Operations) • Each activity can organise dedicated internal audit Alistair Mills - Cern - 19/07/2007

11. Recommendation 44 • Present software quality statistics in detail at the next review meeting. • The quality software statistics have been provided in JRA1 QRs. • These statistics have to be refined in order to take into account the notion of incremental releases and as well the distinction between defects in the code and enhancement features. This will be presented for QR? (to be defined with Claudio). • The Defect/kSLOC chart during the life of the project is used to monitor the general quality of the code. The trend is measured on the total number of defects (pre-release quality index) and on the current number of open defects (post-release quality index). If QA is properly applied, the pre-release quality index tends to settle on a constant value that can be taken as measure of the quality of the software development process, whereas the post-release quality index tends to zero following a Rayleigh curve as the software reaches maturity. Sudden downward jumps are normally due to injections of untested code. As a comparison, the typical value of the pre-release quality for a CMM2-level software development company is conventionally assumed to be 3.2 Alistair Mills - Cern - 19/07/2007

12. Plans for the second period • Continue the work with SA1 related to MSA1.1 metrics webpage • Work in close relationship with MIG (Measurements Implementation Group) of SA1 and Dashboard team to ensure that the program of metrics is defined and implemented as described in recommendation 42. • Organise with ETICS a QA session for EGEE’07 • Continue ITIL evaluation for the ENOC and continue ITIL assessment through the EGEE ITIL group Alistair Mills - Cern - 19/07/2007