Advertisment

Managing IT as a Service: Are you Ready?

author-image
PCQ Bureau
New Update

Your investments in information technology exist to aid your organization's

business goals. The facilities and capabilities that these investments offer you

are services to your business. Once that separation is made, you can set up

demands on your IT such as the level and quality of service, availability,

reliability and timeliness of problem resolution to name a few. Now, you can

carry on with evolving a successful business leveraging the services provided by

IT rather than divert attention to the nitty-gritties of how that IT is managed.

This may range from managing your basic hardware and infrastructure (like

managing your servers, workstations, networking, data centers and so on) to

application management where the service provider would manage your business

applications for uptime and efficiency and also bring in their own improvements

to its performance. The service provider who provides you with managed services

is known as an MSP.

Advertisment

'Connected workplace' is an oft-used phrase today. More enterprises are

going online in different ways, and we are not talking merely about having an

Internet connection or having a Web presence. As businesses expand globally,

they need to establish reliable communication systems and post 9/11 and the

Tsunami, they need to ensure that their infrastructure and communication are

robust and secure. Two of the biggest happening things in this area are: WANs

and voice services. IP-based networks are converging to provide the connected

enterprise with multiple services on one (increasingly cheap) pipe. And,

enterprises are taking the help of outsiders to manage their business

applications (the CRMs, the ERPs and the BIs to name a few) and their security.

Why

look to an MSP?
  • Split your IT operations from the

    services enabled by that IT
  • Gain the ability to demand levels of

    service and performance from your IT, bound by penalties for

    non-performance
  • Reduce your OpEx, viz salaries of IT

    staff, training costs, technology upgradation costs
  • Get a single point of contact for all

    your IT infrastructure and solution vendors
  • Leverage the experience of your MSP

    and hsi manpower to solve your IT problems
What

to look for in an MSP?
  • Sufficient and qualified man power for

    your needs
  • Presence at all your locations
  • Ability to provide you a consistent

    and qualified single point of contact person
  • Ability to work in an ecosystem of

    your IT vendors
  • Have sufficient experience and track

    record with other enterprises in your line of business
  • Financial standing to commit to the

    deal
  • Reputation and standing in the

    industry

Dedicated or shared?



A popular trend in managed services is the concept of shared services. You go in
for outside management of your IT to decrease your OpEx. When an MSP can create

a common pool of resources for all his customers and provide his services out of

that pool, the cost of running those resources goes down which are subsequently

passed on to you (as the customer). For instance, an MSP providing managed

network or security services can create an external NOC from where all the input

data from the MSP's clientele can be monitored at the same time. Several MSPs

have created their own such NOCs for this purpose. Similarly, application and

data-center services also work well with the shared model where several clients

of an MSP have their servers and applications hosted in a common data center

(co-location) allowing for better manageability. The shared model also lets the

MSP divert idle resources to other jobs.

Advertisment
HCL
Anant Gupta, COO,

Infrastructure Services Div, HCL Technologies




A badly-planned outsourcing strategy could result in erosion of service
value and cost escalation, whereas a well-planned outsourcing decision

helps you sleep sound, knowing that the responsibility of deliverables is

in safe hands.



Say NO to long-term contracts: When you have no idea of where the
economy would be in 5 years time, don't draw up a contract for that

long. There is no sense to have a long and rigid agreement.



Define your boundaries clearly: Without this, neither side knows
with certainty what it should be doing. The result is that each side

blames the other when things inevitably don't get done.



Define the measurable: How do you measure the success or failure of
your venture? Put it in your contract along with how you're going to

measure it. Use the SLAs to guarantee performance and link penalties for

sub-par results. CIOs should define acceptable levels of performance in

terms of business relevance.



M Ashok Kumar, VP & Head of

Operations, HCL InfiNet Ltd




The most important time during implementation of managed services
is the transition period. When an MSP takes over, there are multiple

vendors who already exist. The challenge will be to ensure that there's

a smooth transition, else the customer suffers. The customer plays a very

key supporting role at that time. That's where the people at the top

level, CIO or even the business people, will have to get involved. Second,

from an end-user perspective, they're used to a certain level of

service. A level of relationship has already been built. Also, certain

comfort levels are there. Earlier, you could call a specific engineer to

come and support. Going for managed IT services perspective, the end user

wants to be right, and has to be comforted. During this transition period,

there could be a dip in the service levels. But as this is a long-term

deal, then the top management of the customer must work closely with the

MSP to make it a success.

Why managed?



When you need to do the management yourself, you need an IT staff in house who
is well trained to handle the technologies, platforms, hardware and software

that you use. And for this staff, you have direct and indirect costs: like

salaries and training. Further, because IT is an area that faces a large

turnover of the workforce, when workers leave the company, your organization

needs to spend time finding new people with sufficient skill-sets and training

them. Not to mention that while this is happening, the technology outside is

changing. If you change your deployed technologies, you need to re-train your

workforce. If you don't, your existing workforce may leave to update

themselves. After that, you have factors like multiple vendors and their

associated AMCs and costs to consider. The more the vendors in your IT soup, the

more complicated things become when you have trouble, with all the finger

pointing.

Other services
Web presence: Web

hosting, domain management



E-mail: Externally hosted mail service for companies


Data centers: All your data center needs are taken care of


Business continuity: Replication and Disaster Recovery


Networks: End-to-end network management with QoS, security


Voice: Pay-per-use models here make it ideal for large call-out
volume users




Advertisment

In contrast, your MSP can act as a single-point contact for all your needs.

Quite a number of vendors provide end-to-end solutions while some vendors

specialize in one or two areas (like, networking). The end-to-end providers will

take on other down-level MSPs to provide specific services. There is, thus, a

transfer of tasks that don't match your core competencies to entities that

have more experience, manpower and skills to get the job done.

Multi-play networks



Why do enterprises go for WANs? One, this offers them a dedicated pipe
(regardless of distance) between its offices, data centers and other points of

presence. Two they also let the enterprise enjoy additional benefits like

utilizing the extra available bandwidth for VoIP. One example of such a

deployment was in our last month's survey of the best enterprise IT

implementations: SBI Connect. State Bank of India connected its 10,000 plus

branches all over India using a WAN that used leased-line circuits. This network

is the lifeline of the SBI group since it now carries all their applications

including core banking, treasury and ATM along with their internal mail service.

SBI have also made use of this backbone to deploy VoIP at all these branches,

thus, bringing down the cost of their communications. This implementation was

done by Datacraft India Ltd and is also managed by the same MSP. Datacraft uses

leased lines by BSNL to provide connectivity to SBI. Now, SBI can forget the

worries of managing the leased-line circuits, maintaining QoS across its

networks and so forth and simply get on with the business of banking. In return

for off-loading this worry to Datacraft (because now it has more resources to

spare for its real business activities), SBI gets the capability to develop and

offer its customers better services and newer products.

HP Services
Kallol Hazra, Practice

Director, HP Services

Managed IT Services is creating a

paradigm shift in the way IT is managed and the way it delivers requisite

benefits. IT is becoming the group that enhances productivity, reduce cost

and adds to the bottom-line. Managing IT services is becoming critical for

all organizations. In India there is a gradual acceptance of these

services, not because of cost alone. The benefits of dealing with one

specialist organization with a skeletal IT staff, maintaining the SLAs

with the business and also improving the over all service levels are

genuine reasons why companies are going in for this.



The CIO can expect a smooth transition of services to the MSP. The
balance sheet can be made cleaner by moving IT assets to the MSP. People

can be transferred from the IT division to the MSP and this enhances the

morale of the team, besides reducing the overall costs of IT operations.

This transplanted manpower can expect more rewarding careers. There will

be transformational initiatives to take care of new projects/requirements.

The most important expectation of the CIO will be a predetermined IT cost

over time and a single point of accountability for SLA management.

Advertisment

Another favorites are managed voice services where an MSP provides an

enterprise with VoIP along with security features, redundancy and quality

levels. Call Centers and ISPs in India (Tata Indicom) are providing such

services on a pay-per-use model. Increasingly, WANs in India use MPLS networks.

MPLS is popular due to its friendliness to triple-play networks that let

enterprises converge data, voice and video in a single pipe. In the past year,

IBM tied up with AirTel. IBM offers their customers its Level III+ command

centers, data-center services and help desks while AirTel takes over the

communication needs of the client. This means customers of their combined deal

get a single point of contact for both their IT and telecommunication needs and

problems while the expertise of both companies can be leveraged to solve their

problems.

Similarly for managed VPN services. Rather than setting up your own

infrastructure for VPN connectivity, an MSP can provide you connection end

points while managing the 'how' of it transparently. Common SLA parameters

include round-trip times, the supported protocols (IP-MPLS, PPP, HDLC and ATM),

security (IPSec), redundancy, reporting and so on. Examples of providers of

managed IP VPNs in India are: HCL InfiNet and Sify. As an interesting aside,

when we were doing the audits for the Best IT Awards two months ago, we learnt

that the entire network of FCI was centered around VPNs. All the FCI nodes that

logged on to the network/application that the project was did so using secure

VPN connections.

Now, even though the VPN lines are taken from a variety of providers across

India, FCI does not need to either track or manage this since NIC (who did the

project for them) does this automatically. Also, NIC had developed a unique

tracking system, which enabled their on-site personnel to know, well before

hand, about VPN link status before the engineers at the VPN providers' did.

Advertisment
HP India Sales
Heera John, Country

Manager Services & Solutions Mktg, Technology Solutions Group

A customer will have multiple vendors,

who would be supporting the IT infrastructure. The SLAs should clearly

define how the vendors work together vis-a-vis their roles and

responsibilities. A good governance model is critical. The customer should

get his own IT team and his vendors involved in defining this and lay down

a clear review methodology.

There isn't much of a change

that's required to be made to the existing infrastructure. If a company

has legacy systems, and it makes sense for the customer to go for IT

consolidation to save costs and improve performance, then the MSP will

play an advisory role in getting this done. So the change will depend upon

the customer's infrastructure, and even the customer would expect more

technology ideas to come from the vendor. He expects the vendor to play a

tech advisory role. If a customer has too many servers running too many

applications, and it would make sense to consolidate, both from cost as

well as performance, then we will advise the same.

Security



While it is easy to say that securing an enterprise would be as easy as
implementing a firewall, security in an enterprise has many facets including

identity management, intrusion detection, information security, etc. Even

rolling out security-in-a-box solutions has its own challenges. Identity

management today comes in several forms, starting with user authentication and

ending with signing him off. In the interim, the process also needs to ensure

smooth and transparent hand offs to external applications and devices.

Enterprises have a lot of choices today in what they can implement. Monitoring

and proactive control of the security deployments vis-a-vis their health and

performance is now on an online basis. Here, the MSPs are tasked with managing

the security of the servers and clients, along with the network and the

applications that run on it. on this front are based around uptime, performance,

capacity planning and even on-demand actions. Security devices are now built

around the Integrated Services Architecture, a model that allows networks and

equipment to converge. This with the demand that data centers be both Internet

and carrier agnostic is driving the need for better security implementations.The

problem with security is, if there is an outage, the enterprise can have big

losses that are not confined to just the business part. Therefore, enterprises

going in for managed security should first quantify the types and value of their

losses and then evaluate the prospective MSP on the basis of this. They should

also make such terms a part of the SLA which makes the MSP responsible and more

interactive.

IPv6 and IPSec has outgrown its larval stage and started making an appearance

in the cores of popular OSs. After the Indian IT Act has come into existence, a

number of Digital Certification authorities based abroad as well as

organizations in India have taken up the task of issuing digital certificates to

the Indian user. The complete list of such authorities is available on

cca.gov.in, and they include the likes of MTNL, TCS, NIC and IDRBT. Using SSL to

encrypt both corporate communications (like e-mail) and secure Web applications

is now much easier.

Advertisment
Sun Microsystems
Joyjit Chatterji, Country

Director, Services

The customer might already be doing

risk mitigation and cost management, but would be doing it at the discrete

level. He might buy a server and build redundancy into it for maximum

uptime. He buys an application for it and does the same thing. He would

manage both of these separately for the entire lifecycle of the solution.

He might sign the most stringent of SLAs with the server and application

vendors, but at the end of the day, if he goes back to each one with a

problem, both can convince him that the problem is not with them. This

puts availability at risk, which is where an external expert is required.

This is why he would go in for managed services.

The key issues with current service

models are that we react to incidents (or complaints). When an incident is

raised, you find out what caused it, and then try to resolve it. At Sun,

we look at various components and monitor the changes happening. Based on

them, we define KPIs and then shortlist 25 different things to be

constantly monitored. This lets you be pro-active. The solution would

filter out all the messages that are not of high importance and only

bother about the most critical ones. Say the customer's NMS generates

1000 messages a day. Chances are that only 1% of 10 of these are of

consequence to the customer. Our solution would recognize this, and by all

probability, solutions to 50% of these would already be in our knowledge

base and would, therefore, get rectified immediately. Only the remaining

would need further exploration and action.

Applications



We are not talking about managing updates and patches of applications. We are
talking about managing the enterprise applications themselves. The new age model

seems to be SaaS (Software as a Service) where the application is hosted with an

ASP. In such cases, the background of the application (its upgrades,

maintenance, and so on) is completely transparent to the user enterprise. The

most successful of them is perhaps the CRM Service Provider: SalesForce.com who

have also evolved a VAR model where partner organizations (like TCS, Wipro and

Satyam in India) can provide customized versions of their application to their

customers.

Top reasons for outsourcing IT
  • The increasing need to provide

    consistency and quality of service to internal and external users of

    the system
  • Manpower retention for managing IT

    infrastructure is a problem
  • Multitude of technologies, platforms

    and applications being deployed in the enterprise-complexity of

    managing them

Compared to the costs that used to be at

the top on the CIO's mind when deciding on outsourcing IT management a

few years back, today it is the requirement of service quality levels that

are driving this requirement.

Advertisment

Not only do MASPs (Managed Application Service Providers) manage their own

applications, but some of them like IBM and HP also help you manage your SAP,

Siebel and PeopleSoft applications. With such applications, the application

consultant often works with you on understanding your problems and demands off

the software and tries to solve them by releasing custom modules or patches to

them. MSPs can pull in their existing expertise and manpower to work on such

projects and come out with their own releases of patches for your enterprise

applications.

Infrastructure



Traditional orthodox models of managing IT infrastructure involves AMC

arrangements that include servicing, upgrades and replacement of IT products and

maintenance of software. Providers can take up your entire IT workplace

environment including desktops, printers, servers, routers and switches and the

like, and manage it as one solution for you. Your parameters here include

workplace conditions that you can specify. If required, these MSPs can also

determine for you the right kind of software and, hence, the hardware required

for your users if given the desired end product.

Bank of Baroda's 'transformation' is quite well known. BOB did not want

the hassles of setting up, maintaining, operating and finding support for its

multi-level IT deployments. First, there was the infrastructure at the branch

level with all the terminals, then the various servers both locally as well as

their central data center for the CBS. Bank of Baroda called in HP to set up

their IT (across 126 branches in India and abroad) including the workplace, data

center as well as networking infrastructure. Even the CBS solution has been

implemented by HP. What BOB gets is a single point of contact for all their IT

requirements. This lets BOB grow their banking business without getting bogged

down managing their IT.

Anil Chopra and Sujay V Sarma

Advertisment