1 2 Page 2
Page 2 of 2

Meet the configuration management database (CMDB), the technical underpinning of all ITIL projects.

"The CMDB is the core of ITIL," says Christine Rose, director of global IT at Finisar, a computer hardware manufacturer that adopted ITIL in 2002. "It allows you to track your assets and gives you a running history of everything that you have done." The CMDB is essentially a map of every piece of technology a company owns—systems, routers, servers, PCs and so on—as well as a catalog of every change made to each asset, the incidents linked to the asset, and the asset’s relationship to the larger technology environment.

For example, Rose ran a report against the CMDB that found Finisar’s FTP server was responsible for several recent incidents. This server was used to provide technical support to end users, and heavy usage was overwhelming its hard drive. Rose was able to solve the problem by simply adding more storage space. "If we did not have a history of the server, we would not have noticed the trend, since the business didn’t convey its needs to IT," she says.

Most of the CMDB products commercially available now have incident-, problem- and change-tracking built in, but even if they don’t, says McGrane, it is easy enough to link these processes together. MeadWestvaco’s original configuration management system was actually built by seniors at the University of Dayton as part of a school project. "We didn’t realize how critical [the CMDB] was at first," says McGrane. (The company has subsequently bought a configuration management product from BMC Software.)

A CMDB can help with what-if planning to find out if a proposed change could have unintended consequences on any other systems in the environment. ITIL’s change management methodology also requires alerting business users 72 hours before a major change is made. That way the finance department, for instance, can request a delay to an ERP change if it needs the system up to close the books. "There are a lot of things that the business does that IT just doesn’t know about," says Rose. "This allows us to align ourselves with the business instead of just making them angry when something they need isn’t available."

What ITIL Can’t Do

The biggest fault that users find with ITIL is that while it contains best practices for IT management, it is essentially just a list of things companies should be able to do. "You don’t implement ITIL," says Johnson, the member of the original ITIL team. "You use it to help create organizational change." Translation: ITIL doesn’t offer guidance on how to actually apply the best practices it catalogs; each organization must design its own processes based on ITIL principles.

"Since ITIL is only a framework, it puts you in a situation where you need to rely on somebody to fill in the gaps," says Strande. The College Board hired consultants from Noblestar and Booz Allen Hamilton to help with its ITIL implementation.

This situation might not be accidental. While the original version of ITIL published in the 1980s was written by British government workers, all of the current version was written by consultants or vendors—the same people whose livelihood depends on companies needing help to implement the practices described.

"People need to have an ulterior motive for producing the material," concedes Aidan Lawes, CEO of the IT Service Management Forum (ITSMF), the organization with day-to-day oversight of ITIL (the British government still owns the ITIL trademark, but for all practical purposes, the ITSMF manages ITIL). Lawes is trying to come up with a way of compensating authors before the next version of ITIL is published in about 18 months, in hopes of widening the pool of contributors.

Neither McGrane nor Rose hired consultants, but they admit that the trade-off is dedicating time and staff resources to building up ITIL expertise in-house. At MeadWestvaco, that meant a year of informal training, delaying the IT department’s reorganization until the third quarter of 2004.

And that is just the start, quite literally. Designing new processes may only take months, but the amount of change required can be so substantial that most IT organizations will need several years to implement them. MeadWestvaco, which is currently using only the service support and service delivery books, won’t launch some ITIL processes until the end of 2005—nearly two years after beginning with the framework. Even after the launch, McGrane advises, "it will be 18 to 24 months from the time you introduce it to the time you actually start seeing adoption of it as the way you do business." Tom Thompson, MeadWestvaco’s director of process transformation, is more candid. "You could probably do it in four months but you would have a bunch of dead bodies," he says.

Another drawback: Old habits are hard to break. Rose says that she had to give her entire IT staff new cell phone numbers to prevent users from bypassing the service desk and calling staff directly. Also, most CIOs say that layoffs are inevitable because some IT people just can’t adapt to the new processes. (Strande, on the other hand, hired several staffers after his ITIL project revealed gaps in how his IT department handled service-level and problem management.

But for many CIOs, the pain of ITIL is worth it. Since Finisar’s service desk was standardized, customer satisfaction rates have risen from 33 percent to 95 percent. And Rose has cut the amount Finisar spends on IT from 4 percent of revenue to 2.4 percent.

"To run IT like a business, you need to understand the key services that go into it," says McGrane. "ITIL makes that work visible. It allows you to measure what is important, so you can emphasize the things that add value and take out the things that don’t."

Senior Writer Ben Worthen ( writes about business process in IT.

Copyright © 2005 IDG Communications, Inc.

1 2 Page 2
Page 2 of 2
The CIO Fall digital issue is here! Learn how CIO100 award-winning organizations are reimagining products and services for a new era of customer and employee engagement.