Slashdot Mirror
Free or Open Source ITIL Tools?
alister writes "Like a lot of people, I've completed an ITIL (what's that?) Foundation Certificate and am looking to put it into practice. Picking the right tool for an ITIL implementation makes life a lot easier, but I can't find many around. I'm wondering if there are any free or open source software that helps an ITIL implementation, or if not, recommendations on a tool for a medium-sized (40 IT staff, 1200 users) organisation. There's a lot of software out there, but most of it is designed for organisations with hundreds of IT staff... and priced accordingly."
I like people who do things and get things done.
I despise people who spend all of their time developing, re-developing, refining or recreating standards, policies, mission statements, or anything else. There is so much money wasted on a lot of silly organizational ISO adherance and Six Sigma crap that people would be just better implementing a policy of "get shit done and do it right". Besides, as soon as you're done implementing... whatever... some other brown noser will want to make a name for himself within the organization by tearing down the current/last strategy and creating his own. It's what they do.
Before you mod this a troll, go read up on ITIL. On the surface it doesn't look bad, but the extremes the consultants can push it to are ludicrous. And the consultants almost always will...
Never use an acronym without defining it. Telling someone they can look it up doesn't count.
ITIL, Six-Sigma, and PMBOK are all tools. Unfortunately they are also words that can be used on the uninformed into thinking something else is of value by virtue of its association with one of the above.
Basically the pushers and consultants were committing an association fallacy.
(Admittedly I'm running on a CRT at 1600x1200 with a largeish font, but still...)
-WolfWithoutAClause
"Gravity is only a theory, not a fact!"Our new IT ops director came from a place with well-defined practices and policies. We're really just a few steps from the wild, wild west, but with SOx controls. I think he sees ITIL as a Rosetta Stone of processes so that a handful of silos can't hold the business hostage. In that context, I understand it. I can't say I agree with it fully, but I can try to meet him halfway.
Fortunately, he's not the sort to let consultants come in and manage us. My (barely informed) opinion of ITIL is that it's a lot like butter, sun or beer... it's fine in moderation. Few things work well in unmanaged excess.**
** So help me, if I have one more vendor ask me "are you considering server consolidation," I will lose my ever-loving mind.
Amateurs discuss tactics. Professionals discuss logistics.
You can also get some sort of overview at http://www.itil-itsm-world.com, though a lot of the "meat" requires you to purchase their documents.
I started reading the overview (work-related), and let me just say it's one of the BEST somnambulents around.
Having dodged the ISO9001 bullet, and having been through the throes of CMM (before there was a CMMi), I can completely understand the skepticism that ITIL's being greeted with around here. Like anything else of this ilk, it's really really easy to go overboard to the point where it's useless. However, I'm hopeful I can reign in my manager and his boss to the point where we take the good (like examining what we currently do, and putting effort into what we should but don't), while avoiding the bad (like months of meetings everyone sleeps through and paperwork that no one ever reads).
The fact of the matter is that the higher-ups are hearing more and more about ITIL, and so it WILL eventually be coming down the pipe to those of us that will have to implement or live with it. And even though there's currently no free (beer/speech) or open source software that does everything, a lot of tools out there already do support at least some aspects of ITIL. The trick is to know how to tie them together, or at least use each for those aspects of ITIL to which they're suited.
Now that a few posts have better describe what you are asking for (a documentation library), can't you just use a wiki? Does this magical ITIL acronym require something more complex to match it's buzzword nature?
Google: itil "open source"
Now stop and determine what your goal is, what you want to accomplish by implementing ITIL. *Then* go looking for software solutions, or develop one in-house. Looking for a piece of software to drop ITIL, COBIT, or any of those other IT risk/product management frameworks leads you to a line of vendor gas-bags who have no idea what the framework is actually there for.
I'm not specifically familiar with ITIL, but I am going to assume it's similar to COBIT. In this light, you should be able to pick one or two of your organization's largest risks as identified by your ITIL assessment, and work to solve those problems first. There is not now, nor will there ever be, a project that will make your organization "ITIL Compliant" without more work on your behalf than your vendors & contsultants, etc. You (as an individual who will have to live with this, and as a company) will be better off if you approach this project with an understanding of what ITIL is, what it will give you, and what your risks are. Forget consultants. This is especially important because you're trying to use an enormous enterprise tool for a medium-sized business.
All that said, one guy I've talked to that may or may not know crap (I've no idea, as I didn't talk long)but had a strong interest in compliance via open source tools can be found at tosta.org.
Good luck.
Linux: The world's best text-adventure game.
Yeah, I apologize, it looks like TOSTA isn't so much worth anything. The guy talked up something totally different than is on their webpage. Forget I added that link.
Linux: The world's best text-adventure game.
I'll bet you won't find anything for free, but believe it or not, Microsoft bases its Operations Fraework (MOF) loosely on ITIL. Here's the overview: Microsoft Operations Framework.
It's not the end-all of systems management, but it's a whole lot better than no guidance at all. I'm still surprised at the skill level of some Windows system administrators...I thought the whole dotcom thing was shaking out most of them.
I'm far from a "grizzled old veteran", but I've been expsed to IT since the early 80s and have studied and worked on systems that are much older. Large-installation machines like the VAX/VMS and mainframe world revolved around procedures, which is one of the reasons uptime is so high compared to the commodity server world. ITIL tries to frame up those procedures into a usable model, and it mostly does a good job. The big problem, as mentioned by others in this thread, is that one of these things tend to happen: (1) No one buys into the "new order" and circumvents everything, making the whole ITIL thing a useless layer of paperwork, (2) One of the consulting companies gets their paws on your CIO. Your company then spends 7 figures on EDS/IBM/Accenture/ "consultants" who are "IT operations experts" that just graduated from college. (Have I seen this before? Naah. :-))
Actually, that's a pretty cynical view. Just be careful about screening anyone or any company/tool you bring in to help you out.
"Before you mod this a troll, go read up on ITIL. On the surface it doesn't look bad, but the extremes the consultants can push it to are ludicrous. And the consultants almost always will..."
That's why we should get rid of the Sarbanes-Oxley act. Damn consultants.
from the linked article what's that?
"The ethos behind the development of ITIL is the recognition that organisations are becoming increasingly dependent on IT in order to satisfy their corporate aims and meet their business needs. "
One possible translation:
"IT is important"
I recall a Slashdot comment that referred to Forbes magazine as "capitalist porn". This link seems to point at more of the same thing -a place where those of a management-mindset can go to have their sense of importance stroked.
There might, in fact be something useful buried in the biz-speak on the linked website, but any real value seems likely to be lost 'mongst a million mind-numbing meetings and micromanaging memos in an overblown orgy of organizational onanism. The danger sign is the repetitively redundant overuse of reference to "corporate" aims and "business" needs. What other sort of "aims" and "needs" can a company or organization have? (Assuming that than an inanimate construct can have "needs" at all!)
A truely effective technique does not need a lot of structured promotion -no one "hypes" basic book-keeping practices, but they work and therefore, they are used.
Anyone who mentions something specific about ITIL, or uses the phrase "best practice", is almost invariably a wanker. How about you do your job in a sensible way, before we all sit around circle-jerking about acronyms, Process (with the capital P) and org charts?
I want to delete my account but Slashdot doesn't allow it.
When I think about an ITIL toolset, or any IT toolset, I look at open and not so open tools...
Service Desk -- phone system + ticketing system integrated with email -- I don't know about the open source space here
Incident Management -- a non-technology system like ICS is very helpful, but then using a general tracking/ticketing system to record stuff is crucial - remedy, bugzilla, rt... they all work
Configuration Management -- you just need a database - excel can perform the function sometimes, but later mysql, oracle, heck, even ldap can be useful Release Management -- to me, this is mainly documentation, for which wikis, html, and yes, even word documents can be useful. This ties in with financial management strongly - it is an asset database too, or close to it.
Service Level Management -- Making sure the other tools you use let you track this is about all you generally need. On the reporting front, well, you need integration of tools - more on that later...
Capacity Management -- mrtg/cacti let you look at how much your systems are getting used, and you need some method to load up your systems to your mrtg/cacti, in a test environment, can tell you how much capacity you have
Problem Management -- use the same tracking for incident and problem management to make it easy... bugzilla or rt for example
Change Management -- 2 main bits - have a policy - that's documentation (wiki, html with apache, heck, even word docs can work) with plans and docs about the changes to be made.
Continuity Management -- planning (docs)
Availability Management -- ties strongly to SL management - monitoring is a big part of this - nagios is a great open source monitoring tool with a little help to have it handle different kinds of escalations you might wanna do.
Financial Management -- I generally take this back to configuration management, some documentation about policy...
Security Management -- configuration management database is a biggie here of course, but further than that there are myriads of tools (snort with extra stuff for intrusion prevention, for example)
The biggie in the end open source or purchased, is work-flow and tying it all together. Do your systems get in your way or help you out? If they get in your way for the most part, then that is all wrong! If people using the systems hate them, that's a clear sign that it is all wrong, even if some managementy folks like aspects of them.
You have to do custom work with any of these systems, purchased, open source, or home-grown, to tie them together and help you do what you need done.
ITIL is just a framework to make sure you don't forget anything. If you do anything often enough, you need to proceduralize, document, and automate it so you don't have to any more or so it is easy.
This tying together helps connect other bits - like for reporting. You have to get reports using your monitoring with load generation tools to see about capacity reporting. SLA reporting comes from monitoring reports, but outages and tracking for problem management requires looking at, categorizing those incidents...
Wow apparently Cliff has decided that instead of getting a B.S. or even better a M.S. that he would rather go global in his search for worthless crap to hang on his wall. I for one commend you Cliff (better known in beer comericials as MR. Never get a real education spend all my money on Certs because they don't require me to actually learn any thing man ) For those of you across either pond that relates to a series of stupid beer comericials running here in the states, other such comercials have honered Mr. 68 SPF warer man, and Smelly hot dog salesman. Any way Cliff great job I hope you hang that cert on the fridge next to your #1 dad cert that your daughter gave you to cheer you up after you lost your favorite blue crayon up your nose.
I was out of the office for a couple of days last week. While I was gone, the team needed to get something to Prod "right away." They forgot to attend the CCB meeting, so they went around procedure because this was 'so important.'
In the process, they ended up using an old version of the promote to production process which is the old version BECAUSE IT DESTROYS DATA in certain circumstances.
All of the people who could have caught it were in the CCB meeting, so no one saw the problem until - you guessed it - data was destroyed in prod. (and dev and test BTW)
Why must we document processes to the nth degree? Why must we assume that our people are not going to know what they are doing? Because if we don't, this kind of thing happens.
In this case, documentation did not help, because the 'urgency' dictated that documented procedures be ignored as 'red tape.'
ITIL and RUP et al provide a mechanism for people to follow when developing the specific procedures that prevent this kind of foul up. I also agree with the poster that suggested that these things provide a common vocabulary for the organization to use when referring to process.
For what it's worth, I work for a Fortune 500 company. YMMV.
But Herr Heisenberg, how does the electron know when I'm looking?