Managing IT as a Service: Are you Ready?

Trends Watch

by PCQ Bureau July 16, 2006 0 comments

Your investments in information technology exist to aid your organization’s
business goals. The facilities and capabilities that these investments offer you
are services to your business. Once that separation is made, you can set up
demands on your IT such as the level and quality of service, availability,
reliability and timeliness of problem resolution to name a few. Now, you can
carry on with evolving a successful business leveraging the services provided by
IT rather than divert attention to the nitty-gritties of how that IT is managed.
This may range from managing your basic hardware and infrastructure (like
managing your servers, workstations, networking, data centers and so on) to
application management where the service provider would manage your business
applications for uptime and efficiency and also bring in their own improvements
to its performance. The service provider who provides you with managed services
is known as an MSP.

‘Connected workplace’ is an oft-used phrase today. More enterprises are
going online in different ways, and we are not talking merely about having an
Internet connection or having a Web presence. As businesses expand globally,
they need to establish reliable communication systems and post 9/11 and the
Tsunami, they need to ensure that their infrastructure and communication are
robust and secure. Two of the biggest happening things in this area are: WANs
and voice services. IP-based networks are converging to provide the connected
enterprise with multiple services on one (increasingly cheap) pipe. And,
enterprises are taking the help of outsiders to manage their business
applications (the CRMs, the ERPs and the BIs to name a few) and their security.

Why
look to an MSP?

Split your IT operations from the
services enabled by that IT
Gain the ability to demand levels of
service and performance from your IT, bound by penalties for
non-performance
Reduce your OpEx, viz salaries of IT
staff, training costs, technology upgradation costs
Get a single point of contact for all
your IT infrastructure and solution vendors
Leverage the experience of your MSP
and hsi manpower to solve your IT problems

What
to look for in an MSP?

Sufficient and qualified man power for
your needs
Presence at all your locations
Ability to provide you a consistent
and qualified single point of contact person
Ability to work in an ecosystem of
your IT vendors
Have sufficient experience and track
record with other enterprises in your line of business
Financial standing to commit to the
deal
Reputation and standing in the
industry

Dedicated or shared?
A popular trend in managed services is the concept of shared services. You go in
for outside management of your IT to decrease your OpEx. When an MSP can create
a common pool of resources for all his customers and provide his services out of
that pool, the cost of running those resources goes down which are subsequently
passed on to you (as the customer). For instance, an MSP providing managed
network or security services can create an external NOC from where all the input
data from the MSP’s clientele can be monitored at the same time. Several MSPs
have created their own such NOCs for this purpose. Similarly, application and
data-center services also work well with the shared model where several clients
of an MSP have their servers and applications hosted in a common data center
(co-location) allowing for better manageability. The shared model also lets the
MSP divert idle resources to other jobs.

HCL

Anant Gupta, COO,
Infrastructure Services Div, HCL Technologies
A badly-planned outsourcing strategy could result in erosion of service
value and cost escalation, whereas a well-planned outsourcing decision
helps you sleep sound, knowing that the responsibility of deliverables is
in safe hands.
Say NO to long-term contracts: When you have no idea of where the
economy would be in 5 years time, don’t draw up a contract for that
long. There is no sense to have a long and rigid agreement.
Define your boundaries clearly: Without this, neither side knows
with certainty what it should be doing. The result is that each side
blames the other when things inevitably don’t get done.
Define the measurable: How do you measure the success or failure of
your venture? Put it in your contract along with how you’re going to
measure it. Use the SLAs to guarantee performance and link penalties for
sub-par results. CIOs should define acceptable levels of performance in
terms of business relevance.

M Ashok Kumar, VP & Head of
Operations, HCL InfiNet Ltd
The most important time during implementation of managed services
is the transition period. When an MSP takes over, there are multiple
vendors who already exist. The challenge will be to ensure that there’s
a smooth transition, else the customer suffers. The customer plays a very
key supporting role at that time. That’s where the people at the top
level, CIO or even the business people, will have to get involved. Second,
from an end-user perspective, they’re used to a certain level of
service. A level of relationship has already been built. Also, certain
comfort levels are there. Earlier, you could call a specific engineer to
come and support. Going for managed IT services perspective, the end user
wants to be right, and has to be comforted. During this transition period,
there could be a dip in the service levels. But as this is a long-term
deal, then the top management of the customer must work closely with the
MSP to make it a success.

Why managed?
When you need to do the management yourself, you need an IT staff in house who
is well trained to handle the technologies, platforms, hardware and software
that you use. And for this staff, you have direct and indirect costs: like
salaries and training. Further, because IT is an area that faces a large
turnover of the workforce, when workers leave the company, your organization
needs to spend time finding new people with sufficient skill-sets and training
them. Not to mention that while this is happening, the technology outside is
changing. If you change your deployed technologies, you need to re-train your
workforce. If you don’t, your existing workforce may leave to update
themselves. After that, you have factors like multiple vendors and their
associated AMCs and costs to consider. The more the vendors in your IT soup, the
more complicated things become when you have trouble, with all the finger
pointing.

Other services

Web presence: Web
hosting, domain management
E-mail: Externally hosted mail service for companies
Data centers: All your data center needs are taken care of
Business continuity: Replication and Disaster Recovery
Networks: End-to-end network management with QoS, security
Voice: Pay-per-use models here make it ideal for large call-out
volume users

In contrast, your MSP can act as a single-point contact for all your needs.
Quite a number of vendors provide end-to-end solutions while some vendors
specialize in one or two areas (like, networking). The end-to-end providers will
take on other down-level MSPs to provide specific services. There is, thus, a
transfer of tasks that don’t match your core competencies to entities that
have more experience, manpower and skills to get the job done.

Multi-play networks
Why do enterprises go for WANs? One, this offers them a dedicated pipe
(regardless of distance) between its offices, data centers and other points of
presence. Two they also let the enterprise enjoy additional benefits like
utilizing the extra available bandwidth for VoIP. One example of such a
deployment was in our last month’s survey of the best enterprise IT
implementations: SBI Connect. State Bank of India connected its 10,000 plus
branches all over India using a WAN that used leased-line circuits. This network
is the lifeline of the SBI group since it now carries all their applications
including core banking, treasury and ATM along with their internal mail service.
SBI have also made use of this backbone to deploy VoIP at all these branches,
thus, bringing down the cost of their communications. This implementation was
done by Datacraft India Ltd and is also managed by the same MSP. Datacraft uses
leased lines by BSNL to provide connectivity to SBI. Now, SBI can forget the
worries of managing the leased-line circuits, maintaining QoS across its
networks and so forth and simply get on with the business of banking. In return
for off-loading this worry to Datacraft (because now it has more resources to
spare for its real business activities), SBI gets the capability to develop and
offer its customers better services and newer products.

HP Services

Kallol Hazra, Practice
Director, HP Services

Managed IT Services is creating a
paradigm shift in the way IT is managed and the way it delivers requisite
benefits. IT is becoming the group that enhances productivity, reduce cost
and adds to the bottom-line. Managing IT services is becoming critical for
all organizations. In India there is a gradual acceptance of these
services, not because of cost alone. The benefits of dealing with one
specialist organization with a skeletal IT staff, maintaining the SLAs
with the business and also improving the over all service levels are
genuine reasons why companies are going in for this.
The CIO can expect a smooth transition of services to the MSP. The
balance sheet can be made cleaner by moving IT assets to the MSP. People
can be transferred from the IT division to the MSP and this enhances the
morale of the team, besides reducing the overall costs of IT operations.
This transplanted manpower can expect more rewarding careers. There will
be transformational initiatives to take care of new projects/requirements.
The most important expectation of the CIO will be a predetermined IT cost
over time and a single point of accountability for SLA management.

Another favorites are managed voice services where an MSP provides an
enterprise with VoIP along with security features, redundancy and quality
levels. Call Centers and ISPs in India (Tata Indicom) are providing such
services on a pay-per-use model. Increasingly, WANs in India use MPLS networks.
MPLS is popular due to its friendliness to triple-play networks that let
enterprises converge data, voice and video in a single pipe. In the past year,
IBM tied up with AirTel. IBM offers their customers its Level III+ command
centers, data-center services and help desks while AirTel takes over the
communication needs of the client. This means customers of their combined deal
get a single point of contact for both their IT and telecommunication needs and
problems while the expertise of both companies can be leveraged to solve their
problems.

Similarly for managed VPN services. Rather than setting up your own
infrastructure for VPN connectivity, an MSP can provide you connection end
points while managing the ‘how’ of it transparently. Common SLA parameters
include round-trip times, the supported protocols (IP-MPLS, PPP, HDLC and ATM),
security (IPSec), redundancy, reporting and so on. Examples of providers of
managed IP VPNs in India are: HCL InfiNet and Sify. As an interesting aside,
when we were doing the audits for the Best IT Awards two months ago, we learnt
that the entire network of FCI was centered around VPNs. All the FCI nodes that
logged on to the network/application that the project was did so using secure
VPN connections.

Now, even though the VPN lines are taken from a variety of providers across
India, FCI does not need to either track or manage this since NIC (who did the
project for them) does this automatically. Also, NIC had developed a unique
tracking system, which enabled their on-site personnel to know, well before
hand, about VPN link status before the engineers at the VPN providers’ did.

HP India Sales

Heera John, Country
Manager Services & Solutions Mktg, Technology Solutions Group

A customer will have multiple vendors,
who would be supporting the IT infrastructure. The SLAs should clearly
define how the vendors work together vis-a-vis their roles and
responsibilities. A good governance model is critical. The customer should
get his own IT team and his vendors involved in defining this and lay down
a clear review methodology.

There isn’t much of a change
that’s required to be made to the existing infrastructure. If a company
has legacy systems, and it makes sense for the customer to go for IT
consolidation to save costs and improve performance, then the MSP will
play an advisory role in getting this done. So the change will depend upon
the customer’s infrastructure, and even the customer would expect more
technology ideas to come from the vendor. He expects the vendor to play a
tech advisory role. If a customer has too many servers running too many
applications, and it would make sense to consolidate, both from cost as
well as performance, then we will advise the same.

Security
While it is easy to say that securing an enterprise would be as easy as
implementing a firewall, security in an enterprise has many facets including
identity management, intrusion detection, information security, etc. Even
rolling out security-in-a-box solutions has its own challenges. Identity
management today comes in several forms, starting with user authentication and
ending with signing him off. In the interim, the process also needs to ensure
smooth and transparent hand offs to external applications and devices.
Enterprises have a lot of choices today in what they can implement. Monitoring
and proactive control of the security deployments vis-a-vis their health and
performance is now on an online basis. Here, the MSPs are tasked with managing
the security of the servers and clients, along with the network and the
applications that run on it. on this front are based around uptime, performance,
capacity planning and even on-demand actions. Security devices are now built
around the Integrated Services Architecture, a model that allows networks and
equipment to converge. This with the demand that data centers be both Internet
and carrier agnostic is driving the need for better security implementations.The
problem with security is, if there is an outage, the enterprise can have big
losses that are not confined to just the business part. Therefore, enterprises
going in for managed security should first quantify the types and value of their
losses and then evaluate the prospective MSP on the basis of this. They should
also make such terms a part of the SLA which makes the MSP responsible and more
interactive.

IPv6 and IPSec has outgrown its larval stage and started making an appearance
in the cores of popular OSs. After the Indian IT Act has come into existence, a
number of Digital Certification authorities based abroad as well as
organizations in India have taken up the task of issuing digital certificates to
the Indian user. The complete list of such authorities is available on
cca.gov.in, and they include the likes of MTNL, TCS, NIC and IDRBT. Using SSL to
encrypt both corporate communications (like e-mail) and secure Web applications
is now much easier.

Sun Microsystems

Joyjit Chatterji, Country
Director, Services

The customer might already be doing
risk mitigation and cost management, but would be doing it at the discrete
level. He might buy a server and build redundancy into it for maximum
uptime. He buys an application for it and does the same thing. He would
manage both of these separately for the entire lifecycle of the solution.
He might sign the most stringent of SLAs with the server and application
vendors, but at the end of the day, if he goes back to each one with a
problem, both can convince him that the problem is not with them. This
puts availability at risk, which is where an external expert is required.
This is why he would go in for managed services.

The key issues with current service
models are that we react to incidents (or complaints). When an incident is
raised, you find out what caused it, and then try to resolve it. At Sun,
we look at various components and monitor the changes happening. Based on
them, we define KPIs and then shortlist 25 different things to be
constantly monitored. This lets you be pro-active. The solution would
filter out all the messages that are not of high importance and only
bother about the most critical ones. Say the customer’s NMS generates
1000 messages a day. Chances are that only 1% of 10 of these are of
consequence to the customer. Our solution would recognize this, and by all
probability, solutions to 50% of these would already be in our knowledge
base and would, therefore, get rectified immediately. Only the remaining
would need further exploration and action.

Applications
We are not talking about managing updates and patches of applications. We are
talking about managing the enterprise applications themselves. The new age model
seems to be SaaS (Software as a Service) where the application is hosted with an
ASP. In such cases, the background of the application (its upgrades,
maintenance, and so on) is completely transparent to the user enterprise. The
most successful of them is perhaps the CRM Service Provider: SalesForce.com who
have also evolved a VAR model where partner organizations (like TCS, Wipro and
Satyam in India) can provide customized versions of their application to their
customers.

Top reasons for outsourcing IT

The increasing need to provide
consistency and quality of service to internal and external users of
the system
Manpower retention for managing IT
infrastructure is a problem
Multitude of technologies, platforms
and applications being deployed in the enterprise-complexity of
managing them

Compared to the costs that used to be at
the top on the CIO’s mind when deciding on outsourcing IT management a
few years back, today it is the requirement of service quality levels that
are driving this requirement.

Not only do MASPs (Managed Application Service Providers) manage their own
applications, but some of them like IBM and HP also help you manage your SAP,
Siebel and PeopleSoft applications. With such applications, the application
consultant often works with you on understanding your problems and demands off
the software and tries to solve them by releasing custom modules or patches to
them. MSPs can pull in their existing expertise and manpower to work on such
projects and come out with their own releases of patches for your enterprise
applications.

Infrastructure
Traditional orthodox models of managing IT infrastructure involves AMC
arrangements that include servicing, upgrades and replacement of IT products and
maintenance of software. Providers can take up your entire IT workplace
environment including desktops, printers, servers, routers and switches and the
like, and manage it as one solution for you. Your parameters here include
workplace conditions that you can specify. If required, these MSPs can also
determine for you the right kind of software and, hence, the hardware required
for your users if given the desired end product.

Bank of Baroda’s ‘transformation’ is quite well known. BOB did not want
the hassles of setting up, maintaining, operating and finding support for its
multi-level IT deployments. First, there was the infrastructure at the branch
level with all the terminals, then the various servers both locally as well as
their central data center for the CBS. Bank of Baroda called in HP to set up
their IT (across 126 branches in India and abroad) including the workplace, data
center as well as networking infrastructure. Even the CBS solution has been
implemented by HP. What BOB gets is a single point of contact for all their IT
requirements. This lets BOB grow their banking business without getting bogged
down managing their IT.

Anil Chopra and Sujay V Sarma