Purpose of Capacity Management

The purpose of the capacity management process is to understand the current and future capacity needs of a service and to ensure that the service and its supporting services are able to deliver to this level. The actual capacity requirements will have been agreed upon as part of service level management; capacity management must not only meet these, but also ensure that the future needs of the business, which may change over time, are met.

Objectives of Capacity Management

The objectives of capacity management are met by the development of a detailed plan that states the current business requirement, the expected future requirement, and the actions that will be taken to meet these requirements. This plan should be reviewed and updated at regular intervals (at least annually) to ensure that changes in business requirements are considered. Similarly, any requests to change the current configuration will be considered by capacity management to ensure that they are in line with expectations or, if not, that the capacity plan is amended to suit the changed requirement. Those responsible for capacity management will review any issues that arise and help resolve any incidents or problems that are the result of insufficient capacity. This helps ensure that the service meets its objectives.

An essential objective is to make sure capacity is increased in a timely manner so the business is not impacted.

As part of the ongoing management of capacity and its continual improvement, any proactive measures that may improve performance at a reasonable cost are identified and acted upon. Advice and guidance on capacity and performance-related issues are provided, and assistance is given to service operations with performance- and capacity-related incidents and problems.

Scope of Capacity Management

The capacity management process has responsibility for ensuring sufficient capacity at all times, including both planning for short-term fluctuations, such as those caused by seasonal variations, and ensuring that the required capacity is there for longer-term business expansion. Changes in demand may sometimes actually be reductions in that demand, and this is also within the scope of the process. Capacity management should ensure that as demand for the service falls, the capacity provided for that service is also reduced to ensure that unnecessary expenditure is avoided.

The process includes all aspects of service provision and therefore may involve the technical, applications, and operations management functions. Other aspects of capacity, such as staff resources, are also considered.

As the example in the case study “Capacity Management” illustrates, an increase in capacity requirements may have repercussions across the infrastructure and on the IT staff resources required to manage it. Although staffing is a line management responsibility, the calculation of resource requirements in this area is also part of the overall capacity management process.

Capacity management also involves monitoring “patterns of business activity” to understand how well the infrastructure is meeting the demands upon it and making adjustments as required to ensure that the demand is met. Proactive improvements to capacity may also be implemented, where justified, and any incidents caused by capacity issues need to be investigated.

Capacity management may also recommend demand management techniques to smooth out excessive peaks in demand.

Capacity Management Value to the Business

Capacity management provides value to the business by improving the performance and availability of IT services the business needs; it does so by helping to reduce capacity- and performance-related incidents and problems. The process will also ensure that the required capacity and performance are provided in the most cost-effective manner.

All processes should be contributing in some way to the achievement of customer satisfaction, and capacity management does this by ensuring all capacity- and performance- related service levels are met.

Proactive capacity management activities will support the efficient and effective design and transition of new or changed services. This will include the production of a forward-looking capacity plan based on a sound understanding of business needs and plans.

As with availability management, capacity management will have the opportunity to improve the ability of the business to follow an environmentally responsible strategy by using green technologies and techniques.

Capacity Management Policies

Capacity management is essentially a balancing act. It ensures that the capacity and performance of the IT services and systems match the evolving demands of the business in the most cost-effective and timely manner. This requires balancing the costs against the resources needed. Capacity management needs to ensure that the processing capacity that is purchased is cost justifiable in terms of business need. It ensures that the organization makes the most efficient use of those resources.

Capacity management is also about balancing supply against demand. It is important to ensure that the available supply of IT processing power matches the demands made on it by the business, both now and in the future. It may also be necessary to manage or influence the demand for a particular resource.

The policies for capacity management should reflect the need for capacity management to play a significant role across the service lifecycle.

It is important to ensure that capacity management is part of the consideration for all service level and operational level agreements, and of course any supporting contracts with suppliers. These agreements will capture the service requirements of the business, and capacity management should consider these for the current and future business needs.

Capacity Management Process Activities, Methods, and Techniques

We are not going to explore the process in detail, but you should make sure you are familiar with all the aspects of the process and the management requirements for each.

In Figure 14.1, you can see the full scope of the subprocesses, techniques, and activities for the capacity management process.

Capacity management is an extremely technical, complex, and demanding process, and in order to achieve results, it requires three supporting subprocesses: business capacity management, service capacity management, and component capacity management.

Business capacity management is focused on the current and future business requirements, while service capacity management is focused on the delivery of the existing services that support the business and component capacity management is focused on the IT infrastructure that underpins service provision.

It is important to ensure that the tools used by capacity management conform to the organization’s management architecture and also integrate with other tools used for the management of IT systems and automating IT processes.

The monitoring and control activities within service operation should provide a basis for the tools to support and analyze information for capacity management. The IT operations management function and the technical management departments (such as network management and server management) may carry out the bulk of the day-to-day operational duties. They will participate in the capacity management process by providing it with performance information.

Like availability management, capacity management has both reactive and proactive activities. In Figure 14.2, you can see the activities relating to both reactive and proactive capacity management and the interaction between the subprocesses.

Capacity management should include the following proactive activities:

• Preempting performance issues by taking the necessary actions before the issues occur
• Producing trends of the current component utilization and using them to estimate the future requirements and for planning upgrades and enhancements
• Modeling and trending the predicted changes in IT services (including service retirements)
• Ensuring that upgrades are budgeted, planned, and implemented before service level agreements and service targets are breached or performance issues occur
• Actively seeking to improve service performance wherever the cost is justifiable
• Producing and maintaining a capacity plan addressing future requirements and plans for meeting them
• Tuning (also known as optimizing) the performance of services and components

Capacity management should include the following reactive activities:

• Monitoring, measuring, reporting, and reviewing the current performance of both services and components
• Responding to all capacity-related “threshold” events and instigating corrective action
• Reacting to and assisting with specific performance issues

There are a number of ongoing activities that form part of the capacity management process. These activities provide the basic historical information and triggers necessary for all of the other activities and processes within capacity management. These can be seen in Figure 14.3.

Monitoring should be established on all the components and for each of the services. The data from the monitoring systems should be analyzed using expert systems to compare usage levels against thresholds. The results of the analysis should be included in reports and used to make recommendations for management of the systems. Control mechanisms should then be put in place to act on the recommendations.

There are many different approaches to managing capacity, including balancing services, balancing workloads, changing concurrency levels, and adding or removing resources. The information accumulated during these activities should be stored in the capacity management information system (CMIS).

This is a cyclic activity, and any changes should be monitored to make sure they deliver a positive benefit. These iterative activities are primarily performed as part of the service operation stage of the service lifecycle.

Capacity Management Triggers, Inputs, and Outputs

Let’s consider the triggers, inputs, and outputs for the capacity management process. Capacity management is a process that has many active connections throughout the organization and its processes. It is important that the triggers, inputs, outputs, and interfaces be clearly defined to avoid duplicated effort or gaps in workflow.

Capacity Management Interfaces

As we have already explained, capacity management has strong connections across the service lifecycle with a number of other processes. The key interfaces are as follows:

• Availability management works with capacity management to determine the resources needed to ensure the required availability of services and components.
• Service level management provides assistance with determining capacity targets and the investigation and resolution of breaches related to service and component capacity.
• IT service continuity management is supported by capacity management through the assessment of business impact and risk, determining the capacity needed to support risk reduction measures and recovery options.
• Capacity management provides assistance with incident and problem management for the resolution and correction of capacity-related incidents and problems.
• By anticipating the demand for services based on user profiles and patterns of business activity, and by identifying the means to influence that demand, demand management provides strategic decision-making and critical related data on which capacity management can act.

Information Management and Capacity Management

The CMIS is used to provide the relevant capacity and performance information to produce reports and support the capacity management process. The reports provide information to a number of IT and service management processes. These should include the reports described in the following sections.

Measures, Metrics, and Critical Success Factors for Capacity Management

The following list includes some sample critical success factors for capacity management and some key performance indicators for each.

• Critical success factor: “Accurate business forecasts.”
  • KPI: Production of workload forecasts on time
  • KPI: Accuracy (measured as a percentage) of forecasts of business trends
• Critical success factor: “Knowledge of current and future technologies.”
  • KPI: Timely justification and implementation of new technology in line with business requirements (time, cost, and functionality)
  • KPI: Reduction in the use of old technology, causing breached SLAs due to problems with support or performance
• Critical success factor: “Ability to demonstrate cost effectiveness.”
  • KPI: Reduction in last-minute buying to address urgent performance issues
  • KPI: Reduction in the overcapacity of IT
• Critical success factor: “Ability to plan and implement the appropriate IT capacity to match business needs.”
  • KPI: Reduction (measured as a percentage) in the number of incidents due to poor performance
  • KPI: Reduction (measured as a percentage) in lost business due to inadequate capacity

Challenges for Capacity Management

One of the major challenges facing capacity management is persuading the business to provide information on its strategic business plans. Without this information, the IT service provider will find it difficult to provide effective business capacity management. Where there may be commercial or confidential reasons this data cannot be shared, it becomes even more challenging for the service provider.

Another challenge is the combination of all of the component capacity management data into an integrated set of information that can be analyzed in a consistent manner. This is particularly challenging when the information from the different technologies is provided by different tools in differing formats.

The amount of information produced by business capacity management, and especially service capacity management and component capacity management, is huge, and the analysis of this information is often difficult to achieve.

It is important that the people and the processes focus on the key resources and their usage, without ignoring other areas. For this to be done, appropriate thresholds must be used, and reliance must be placed on tools and technology to automatically manage the technology and provide warnings and alerts when things deviate significantly from the norm.

Risks for Capacity Management

The following list includes some of the major risks associated with capacity management:

• A lack of commitment from the business to the capacity management process.
• A lack of appropriate information from the business on future plans and strategies.
• A lack of senior management commitment to or a lack of resources and/or budget for the capacity management process.
• Service capacity management and component capacity management performed in isolation because business capacity management is difficult or there is a lack of appropriate and accurate business information.
• The processes become too bureaucratic or manually intensive.
• The processes focus too much on the technology (component capacity management) and not enough on the services (service capacity management) and the business (business capacity management).
• The reports and information provided are too technical and do not give the information required by or appropriate for the customers and the business.

Purpose of IT Service Continuity Management

The purpose of the IT service continuity management process is to support the overall business continuity management (BCM) process. It is not a replacement for business continuity, even though many organizations could not survive without their IT service provider. It is important that this process understands the business continuity requirements. The service provider can then support these requirements by ensuring that, through managing the risks that could seriously affect IT services, the IT service provider can always provide the minimum agreed business continuity-related service levels.

To support and align with the BCM process, ITSCM uses formal risk assessment and management techniques to reduce risks to IT services to agreed acceptable levels. The service provider will plan and prepare for the recovery of IT services to meet these agreed levels.

Objectives of IT Service Continuity Management

A key objective of IT service continuity management is to produce and maintain a set of IT service continuity plans that support the overall business continuity plans of the organization. This will require complete and regular business impact analysis exercises to ensure that all continuity plans are maintained in line with changing business impacts and requirements.

A further objective is to conduct regular risk assessment and management exercises to manage IT services within an agreed level of business risk. This should be completed in conjunction with the business and the availability management and information security management processes.

As with all the service design processes, this process has an objective to provide advice and guidance to all other areas of the business and IT on all continuity-related issues.

IT service continuity should also ensure that appropriate continuity mechanisms are put in place to meet or exceed the agreed business continuity targets. This will require the assessment of the impact of all changes on the IT service continuity plans and supporting methods and procedures.

Working with availability management, the process should ensure that cost-justifiable proactive measures to improve the availability of services are implemented.

Service continuity management should also negotiate and agree on contracts with suppliers for the provision of the necessary recovery capability to support all continuity plans in conjunction with the supplier management process.

Scope of IT Service Continuity Management

When we consider the scope of IT service continuity management, it is important to understand that the process focuses on events that the business considers significant enough to be treated as a disaster. Less significant events will be dealt with as part of the incident management process.

Each organization will have its own understanding of what constitutes a disaster. The scope of IT service continuity management within an organization is determined by the organizational structure, culture, and strategic direction (both business and technology) in terms of the services provided and how these develop and change over time.

IT service continuity management first considers the IT assets and configurations that support the business processes. The process is not normally concerned with longer-term risks such as those from changes in business direction or other business-related alterations. Similarly, it does not usually cover minor technical faults (for example, noncritical disk failure) unless there is a possibility that the impact on the business could be major.

The IT service continuity management process includes the agreement of the scope of the ITSCM process and the policies adopted to support the business requirements. The process will also carry out business impact analysis to quantify the impact that the loss of IT service would have on the business.

It is important to establish the likelihood of potential threats taking place by carrying out risk assessment and management. This also includes taking measures to manage the identified threats where the cost can be justified. The approach to managing these threats will form the core of the ITSCM strategy and plans.

Essential to the process is the production of an overall IT service continuity management strategy that must be integrated into the business continuity management strategy. This should be produced by using both risk assessment and management and business impact analysis. The strategy should include cost-justifiable risk reduction measures as well as selection of appropriate and comprehensive recovery options.

As part of the strategy, there should be the requirement to produce an IT service continuity plan, which should integrate with the business continuity plan. These plans should be tested and managed as part of the ongoing operation. This will require regular testing and maintenance to ensure that they are in alignment with business continuity management.

IT Service Continuity Management Value to the Business

IT service continuity management is a vital part of the assurance and management of IT service provision for an organization because it supports the business continuity process. It can often be used to provide the justification for business continuity processes and plans by raising awareness of the impact of failures to the organization.

The process should be driven by business risk as identified by business continuity and ensure that the recovery arrangements for IT services are aligned to identified business impacts, risks, and needs.

IT Service Continuity Management Process, Methods, and Techniques

IT service continuity management is a repeating, cyclic process. As the needs of the organization change, so will the requirements for continuity and recovery, so the process must be continually reviewed and the output verified for effectiveness. The process is shown in Figure 14.4.

Initiation The process is structured in four stages. The first is initiation, where the policies and scope of the continuity requirement are established in alignment with the business continuity requirements. It is during this stage that, if the scope requires it, a project management approach will be adopted.

Requirements and Strategy In the next stage, requirements and strategy, the activities of business impact analysis and risk assessment and management are carried out. This will allow the strategy for continuity to be developed.

Implementation Implementation of the strategy requires the development of the IT service continuity plans, including the recovery plans and procedures. This stage is where the risk reduction measures are implemented and the initial testing of the plans is carried out. Once these are found to be successful in supporting the business requirements, the operational stage begins.

Ongoing Operation During the operational stage, it will be important to ensure that there is adequate information delivered to the organization, through education, awareness, and training. The plans should be regularly reviewed and audited to ensure that they meet the ongoing requirements of the business. This will require an association with the change management process, and the plans and procedures for continuity should be subject to change procedures. Regular testing is part of this stage, and the results of testing will be fed back into the process.

Invocation It is important to ensure that there is a clearly understood mechanism and definition of when to invoke the continuity plans. This is not a stage of the process, as such, but it is a vital part of the process, because the establishment of the trigger for implementing the continuity plan is very important.

IT Service Continuity Management Triggers, Inputs, and Outputs

We will now review the triggers, inputs, and outputs of IT service continuity management.

IT Service Continuity Management Interfaces

IT service continuity should have interfaces to all other processes across the whole service lifecycle.

Important examples are as follows:

• Change management, because all changes need to be considered for their impact on the continuity plans. The plan itself must be under change management control.
• Incident and problem management require clear criteria that is agreed on and documented for the invocation of the ITSCM plans.
• Availability management undertakes risk assessment, and implementing risk responses should be closely coordinated with the availability process to optimize risk mitigation.
• Recovery requirements will be agreed and documented in the service level agreements. Different service levels that would be acceptable in a disaster situation could be agreed on and documented through the service level management process.
• Capacity management should ensure that there are sufficient resources to enable recovery to replacement systems following a disaster.
• Service asset and configuration management provides a valuable tool for the continuity process. The configuration management system documents the components that make up the infrastructure and the relationship between the components.
• A very close relationship exists between ITSCM and information security management. A major security breach could be considered a disaster, so when the service provider is conducting business impact analysis and risk assessment, security will be a very important consideration.

Information Management

ITSCM needs to record all of the information necessary to maintain a comprehensive set of ITSCM plans. This information base should include the following items:

• Information from the latest version of the BIA
• Comprehensive information on risk within a risk register, including risk assessment and risk responses
• The latest version of the BCM strategy and business continuity plans
• Details relating to all completed tests and a schedule of all planned tests
• Details of all ITSCM plans and their contents
• Details of all other plans associated with ITSCM plans
• Details of all existing recovery facilities, recovery suppliers and partners, recovery agreements and contracts, and spare and alternative equipment
• Details of all backup and recovery processes, schedules, systems, and media and their respective locations

All the preceding information needs to be integrated and aligned with all BCM information and all the other information required by ITSCM. Interfaces to many other processes are required to ensure that this alignment is maintained.

IT Service Continuity Management Critical Success Factors and KPIs

The following list includes some sample critical success factors for ITSCM.

• Critical success factor: “IT services are delivered and can be recovered to meet business objectives.”
  • KPI: Increase in success of regular audits of the ITSCM plans to ensure that, at all times, the agreed recovery requirements of the business can be achieved
  • KPI: Regular and comprehensive testing of ITSCM plans achieved consistently
  • KPI: Regular reviews, at least annual, of the business and IT continuity plans with the business areas
  • KPI: Overall reduction in the risk and impact of possible failure of IT services
• Critical success factor: “Awareness throughout the organization of the business and IT service continuity plans.”
  • KPI: Increase in validated awareness of business impact, needs, and requirements throughout IT
  • KPI: Increase in successful test results, ensuring that all IT service areas and staff are prepared and able to respond to an invocation of the ITSCM plans

IT Service Continuity Management Challenges and Risks

We’ll begin with looking at the key challenges for the process and then look at the risks.