How Servicenow aligns with ITIL Event Management Best Practice
Events, Events Events!! Everything in our environment, in some way, correlates to an Event.
- - CPU is high
- - Memory Low
- - Application up/down
- - Network port has changed to half duplex
- - Coke machine is out of Coke, etc..
I literally can go on forever on what what an event consist of. The real question is what do we do with it once we receive them and who is responsible for them. ITIL v3 says Event Management is:
- "The process that monitors all events that occur through the IT infrastructure. It allows for normal operation and also detects and escalates exception conditions."
And Event is defined as:
- "Any detectable or discernible occurrence that has significance for the management of the IT Infrastructure or the delivery of IT service and evaluation of the impact a deviation might cause to the services. Events are typically notifications created by an IT service, Configuration Item (CI)
(https://en.wikipedia.org/wiki/Event_Management_(ITIL))
Let's now dissect this ITIL process and make it the Servicenow way!
1 — What is an event, who is responsible and what are the challenges?
First off, I hope we all know that Monitoring DOES NOT mean the same as Event Management from an IT perspective.
Monitoring is the act of understanding how something is performing or available. With this, it initiates an event in various forms and there are hundreds of monitoring tools out there that generate events.
- - Informational Events
- - Exception/threshold Events
- - Incidents
So who looks at all of these events? Who deciphers what they mean and acts on them? Roles include but not limited to:
- - Service Desk/Help Desk
- - IT Operators (Network/Infrastructure)
- - Application Owners/Management
- - Security (SOM)
With all the events, in any environment, we can have thousands if not millions of events in a day. IT professionals are troubled by.
- - the number of interfaces they need to page through to understand what the event means and where the issue truly lies.
- - they need to ensure that the correct events are be generated by the right monitoring tool.
- - How do they handle too many events?
- - How do they identify/handle common manual tasks?
2 — Structuring our events
The challenges above really depict real world issues that IT face on a day to day basis. So let's take a look at our challenges again and put context around how Servicenow can assist to structuring how events get handled to eliminate duplicate events, create dependency correlation, understand root cause analysis and automate remediation processes.
- - the number of interfaces they need to page through to understand what the event means and where the issue truly lies (correlation/consolidation).
- Which events are serious enough so that an Alert and incident need to be created?
- Are we monitoring the right CI's?
- Are we establishing baselines and reconfiguring thresholds?
- - they need to ensure that the correct events are be generated by the right monitoring tool. (duplication)
- Why are 40% of incidents are being reported by end users?
- Why is monitoring not generating these events?
- Do we have enough monitoring?
- - How do they handle too many events? (event storms)
- Are we doing event de-duplication?
- Are specific events handed off to the correct teams?
- Are we categorizing and prioritizing events?
- - How do they identify/handle common manual tasks? (Automation)
- Have we established repeatable processes for common tasks?
- Have we established these process for L1/L2 technicians?
3 — Servicenow/ITIL Event Management Alignment
ITIL has made suggestions of how the industry should adopt to it's methodology. Now let's see how Servicenow has embraced this mantra with key capabilities.
Consolidate events from multiple monitoring tools
- - Event Rules for filtering and normalizing events and threshold crossing for accurate alerting
- - Automatic de-duplication and flapping detection for assurance when multiple monitoring tools alert on the same issue
- - Automatically bind alerts to CIs for accurate business impact notifications
- - Use Alert Rules to automate alert actions such as creating incidents and running remediation tasks
- - Visualize alerts in operational dashboards, service maps and geographic locations for visualization to multiple personas
Event rules for filtering and threshold crossing
Alert Correlation Rule
Event Visualization by Business Services
Manager of Managers (MOM) - Consolidate events from different monitoring tools and event sources
- - Use a single console to manage alerts sent from multiple monitoring tools
- - ITIL Benefits:
- Reduce time to identify problems by looking in one place as opposed to having many disparate dashboards of the source on the issue
- Reduce confusion by transforming events from different sources in various formats into a consistent format which helps to identify if we are monitoring the right CI's
- Speed time to resolve problems by managing alerts in one console
Single source of Alerts
Automatically link Alerts to a Service Map
- - Automatically bind to Alerts to CIs
- - Alerts can then be shown for CIs in service topologies
- - Service impact relationships automatically built
- - ITIL Benefits:
- Better prioritization through accurate determination of the severity of a service impact
- Reduce MTTR through improved analysis of root causes
Alert and CI Remediation — rapidly restore impacted Services
- - Combine Alert Rules and Orchestration workflows to remediate Alerts
- - Flexibility to remediate manually or automatically
- - ITIL Benefits:
- Fix problems faster by automating corrective actions and incident/problem creation
- Access to knowledge database for previously used/discussed solutions
- Reduce reliance on technical SMEs
- Add resilience to business services
- Help meet SLAs
Business Service Impact Map
Remediation options
Remediation Workflow with Change Request Practices
Conclusion
As stated above, ITIL has stated its methodology for Event Management and there are various types customers that are on their own path to achieve their Event Management goal. Customer maturities are all over the board constrained by management, cost, resources and knowledge. Servicenow Event Management assists in defining solutions to common challenges and constraints for quick adoption.
