by April 10, 2002 0 comments

The larger and more IT enabled the organization, the more the nightmares faced by the CIO in ensuring an efficient systems infrastructure. The problems of employee turnover and the pressure to adapt to changing technology mean that maintaining an in-house EDP support organization is often not a good idea. In such cases, outsourcing the hosting and operation of enterprise systems to a specialist is a good bet to ensure best practices, economy, availability of professional skills and business continuity.

The OSP (Outsourcing Service Provider) can be a complete application service provider. This means that software development and maintenance and infrastructure maintenance (including data-center and call-center services) will be provided by a single entity. But, how do you rate the capabilities of the OSP you are checking out? 

Data center
If you’re looking to place all your back-end at the OSP’s premises, then check out his data center. A centralized data center means significant cost savings in terms of capital required for setting up separate power systems, security systems, networking equipment, floor space, temperature and humidity-control systems and in making it earthquake and disaster proof. Disaster-recovery servers for critical systems should always be housed at geographically distant locations, for which a WAN with sufficient backup links and bandwidth are required.

Call center, help desk
The call center has to deal with requests for support by either handing it off their support databases, routing it to different in-house entities or passing it on to the different vendors contracted to handle specific aspects. The call-center’s staff should be able to understand the nature of calls. Or a request may end up being bounced from one entity to another, till it finally reaches its intended destination. The staff should be able to prioritize calls, but this would depend on the nature of the contract. When the call center handles multiple customers, accurate segregation of the calls is very important. Electronic logging, routing and tracking of calls is typically done using help desk software like Action Remedy and Track-It.

For or against?

One can convincingly argue in favor of or against the fully outsourcing model. 
The positives. The reduced cost of owning and maintaining resources; freeing up of personnel (positions) to concentrate on strategy and business goals instead of being hampered by day-to-day fire-fighting operations; cost of high-end equipment, technical skills, common tools and licenses being shared among multiple customers; and the availability of a stronger technical team. 
The negatives. The establishment of a single vendors stronghold on the account, leading to excessive dependence on that vendor; and the cost of maintaining WAN links. 

The best way to check out a call center is to check from both sides–make inward calls and then demand to see the trace of how the call was logged and actioned upon, inside.

Whether to own your servers and host them in the OSP’s data center or host your servers in your own data center and have them managed by the OSP or lease space on servers owned by the OSP are choices. This depends on the level of trust on the OSP and on the bandwidth or connection possible to the data center. Regular monitoring of disk space, load patterns and growth patterns per application per server need to be in place to ensure the servers are able to cope with current and projected demands. Capacity monitoring should be done regularly to ensure that you are not caught unaware by unexpected surge in volumes. The segregation of applications on servers to prevent resource hogging is done using resource managers that have predefined percentages allocated for each application.

A centralized data center means robust physical security can be provided with electronic access systems, video surveillance, etc, since the cost is shared among the many customers using its services. Segregation of racks housing different customers’ systems and a strict access procedure would help strengthen customers’ confidence. A security policy with clear definition of server, network and database security standards and rigid enforcement and monitoring is also essential. Installation of patches, anti-virus and firewall updates, security warnings by the OS/application/database vendors/security websites, bug fixes, monitoring of unsuccessful login attempts, auditing of critical activities are some aspects that need to be implemented. Since a data center would cater to multiple customers, it is essential to completely tunnel each customer’s network and data from those of the others. 

Network, server, database monitoring
A technical team to provide second and third-level support is needed, with the first-level support being provided by the call-center staff, as 24×7 support is essential where systems are used across time zones. The use of monitoring tools like Tivoli, TNG and Ecotools will help identify, isolate and rectify faults within predefined resolution windows. Whether 24×7 support is ensured by having staff on site or working from home depends on the reliability of the WAN, the local telephone network and also company policy and contractual stipulations. 

Desktop services
In spite of having remote troubleshooting tools like PC Anywhere, this is the most visible service at the customer end. They are responsible for all software distribution, including anti-virus, for maintaining desktop hardware and software inventories and would need to be conversant with client setups and troubleshooting.

Operations center
Primary responsibilities could be to monitor the video screens, change tapes in the juke boxes and arrange for the previous day’s tapes to be dispatched to a safe location, perform any end-of-day operations or check tapes by restoring to disk. All jobs for which scripts can be provided and which need infrequent execution typically get offloaded to the operations team.

Many models

A good workable model is where the infrastructure is outsourced to a single vendor, but software services are not a part of that bundle. Backend maintenance is with the OSP. Another variants is the remote outsourced model, where the infrastructure is owned by and located at the customer site, but the service provider manages it from a remote location. The facilities management service provider is the traditional model, in which the vendor’s staff is placed at the customer’s site. 

Disaster recovery
It is essential that DR documentation be generated for each application and any changes recorded. DR space should be kept available for critical applications at all times, either on other production boxes or dedicated DR boxes. Escalation procedures also need to be clearly defined. It’d be good to identify criteria for qualification as a disaster example. If a disk controller crashes and spares are available only after two days, would you wait for the availability of the spare or start DR procedures? For fault-tolerant systems with failover mechanisms, this is not a major issue. But for non-fault-tolerant systems where tapes are at distant locations, the recalling of tapes and restoring gigabytes of data could mean one and a half to two days. It might make more sense to wait two days than to invoke DR. Identification of DR managers with authority to take such decisions should be part of DR documentation.

Standards and policy documents need to be defined for almost everything which is included in the SLA(Service Level Agreement). An OSP should be able to
show sample documentation generated for previous customers. Demonstrable levels of expertise in maintaining and adhering to standards should be one of the prerequisites for awarding the contract to a vendor. To retain flexibility in changing vendors and maintain uniform documented parameters, sufficient expertise and time should be expended on drafting the standards. Development of a uniform desktop standard would be done by the OSP in consultation with the customer. 

Service-level agreement 
The SLA is at the heart of the relationship between the customer and the OSP. ‘No assumptions, only documentation’ should be the motto when it comes to drafting an SLA. There is a services SLA between the customer and the OSP that provides the umbrella for the individual application SLAs. The SLA defines the infrastructure, scope of services provided, expected uptime, number and cost of resources expected to be utilized, financial penalties, problem resolution times, maintenance windows applicable for each environment, cost per application or per server or per database, reporting requirements, frequency of meetings, escalation procedures within the customer and OSP, etc. The application SLA details the service level expected for each application, type of coverage (24X7, 24X5, working hours only), servers to be utilized for each application, DR parameters, backup criteria, machine resources usage etc. The SLA should also list exclusions, ie, the work not covered which could be performance tuning, sundry project work, ad-hoc reporting, upgrades.

Asset management
Managing racks, servers, switches, hubs, routers, desktops, laptops, modem servers and all the other equipment in a large organization means either having an asset management software
or creating your own. Whether to hand this responsibility to the OSP or keep it within the
customer setup is a crucial decision.

Annie John Mathew

No Comments so far

Jump into a conversation

No Comments Yet!

You can be the one to start a conversation.