Search
Topics
  Create an account Home  ·  Topics  ·  Downloads  ·  Your Account  ·  Submit News  ·  Top 10  
Modules
· Home
· Content
· FAQ
· Feedback
· Forums
· Search
· Statistics
· Surveys
· Top
· Topics
· Web Links
· Your_Account

Current Membership

Latest: LettieNei
New Today: 6
New Yesterday: 55
Overall: 148128

People Online:
Visitors: 78
Members: 0
Total: 78

Languages
Select Interface Language:


Major ITIL Portals
For general information and resources, ITIL and ITSM World is the most well known for both ITIL and ITIL Books. A shorter snapshot approach can be found at ITIL Zone

Related Resources
Service related resources
Service Level Agreement
Outsourcing

Note: ITIL is a registered trademark of OGC. This portal is totally independent and is in no way related to them. See our Feedback Page for more information.


The Itil Community Forum: Forums

ITIL :: View topic - Change Management Q&A
 Forum FAQForum FAQ   SearchSearch   UsergroupsUsergroups   ProfileProfile   Log in to check your private messagesLog in to check your private messages   Log inLog in 

Change Management Q&A

 
Post new topic   Reply to topic    ITIL Forum Index -> Change Management
View previous topic :: View next topic  
Author Message
Dris
Newbie
Newbie


Joined: Apr 16, 2008
Posts: 3

PostPosted: Thu Apr 17, 2008 9:01 am    Post subject: Change Management Q&A Reply with quote

Today I was in a meeting and we were discussing how one computer was on the wrong network segment(VLAN) giving it Internet Access. What we wanted to accomplish was putting this computer on another VLAN which blocked port 80 not allowing it to get on the Internet.

The Impact:
Service of the unit is not affected as it has nothing to do with Internet
VLAN change has minimal impact
Business is not aware of the service affected.

I was thinking based on the information that I would classify this as more of an incident request then a change? Am I wrong and why?

Dris
Back to top
View user's profile
Diarmid
Senior Itiler


Joined: Mar 04, 2008
Posts: 1884
Location: Newcastle-under-Lyme

PostPosted: Thu Apr 17, 2008 3:59 pm    Post subject: Reply with quote

Hi Dris,

when you say "incident request" do you mean "service request"? Is this a defined service? What does "minimal impact" mean? What about risk? How do you ensure that it is performed correctly? What are you going to do when the change is executed incorrectly? How do you ensure that the CMDB is amended? How do you ensure that it does not happen again? ...

This is certainly an incident. It has the potential for serious implications. You need to know why it happened. I doubt if you have a defined process for moving a server from the wrong vlan. If you do not correct it under change management, then what is change management for?
_________________
"Method goes far to prevent trouble in business: for it makes the task easy, hinders confusion, saves abundance of time, and instructs those that have business depending, both what to do and what to hope."
William Penn 1644-1718
Back to top
View user's profile Send e-mail
Skinnera
Senior Itiler


Joined: May 07, 2005
Posts: 121
Location: UK

PostPosted: Thu Apr 17, 2008 6:05 pm    Post subject: Reply with quote

It's definitely a Change, and it you want an Incident to generate the RFC from, that would be fine too.
_________________
When I say 'CCR', please read 'RFC'.
Back to top
View user's profile Send e-mail
Mark-OLoughlin
Senior Itiler


Joined: Oct 12, 2007
Posts: 306
Location: Ireland

PostPosted: Thu Apr 17, 2008 6:46 pm    Post subject: Reply with quote

Hi,

I think you have to ask - who and how many people use the PC?

If it is only 1 user you could take the opinion that this is an IMAC Request (logged as Service Request) - Instalation, Move, Add, Change) - moving the PC from one VLAN to another.

If more that one person uses the PC 0 say it is a shared PC for a number of workers to use systems e.g. print invoices for dispatching goods - you are looking at a chnage as the knock on effect of moving the PC may affect a business function (service).

Also if its more that one person you may cause confusion as people who could access the internet now cannot and are likely to call the Service Desk and report incidents.
_________________
Mark O'Loughlin
ITSM / ITIL Consultant
Back to top
View user's profile
Dris
Newbie
Newbie


Joined: Apr 16, 2008
Posts: 3

PostPosted: Mon Apr 21, 2008 11:13 pm    Post subject: Reply with quote

Thanks guys for the update. We do not have all ITIL steps in place at this moment however your input is very useful. Currently the steps we have in place are incident, problem and change management.

I agree with you if it is Server that a change needs to be put in place but as for a business PC I believe it is a Service Request and here's the breakdown:

Who? Business Users

Impact? 0. We are killing the Internet on the machine. No matter what VLAN the unit is on it can still perform its daily function this is why i was leaning towards Service request or an incident to have the information logged.

CMDB? We are currently migrating our data.

Organization size 30K+. 5000 - 10000 PC's.


Thanks for your feedback I'm sure I'll be posting more and learning Smile

Dris
Back to top
View user's profile
Diarmid
Senior Itiler


Joined: Mar 04, 2008
Posts: 1884
Location: Newcastle-under-Lyme

PostPosted: Mon Apr 21, 2008 11:50 pm    Post subject: Reply with quote

Hi Dris,

just a couple of points you have to consider:

1. Who makes the service request? It does not seem to be the service user; so how do you audit your performance against service requests if you can set them up yourself "on behalf" of users?

2. When you conduct service management review (without incident records because you raised a service request instead), how do you know that the incident happened, how often it happened and whether anything was done to prevent it happening again?
_________________
"Method goes far to prevent trouble in business: for it makes the task easy, hinders confusion, saves abundance of time, and instructs those that have business depending, both what to do and what to hope."
William Penn 1644-1718
Back to top
View user's profile Send e-mail
UKVIKING
Senior Itiler


Joined: Sep 16, 2006
Posts: 3318
Location: London, UK

PostPosted: Tue Apr 22, 2008 12:01 am    Post subject: Reply with quote

the use of service requests or standard change request should not cause pain

however, if you dont haev a robust and intergrated CCR (change configuration and release),

answering the following question would be difficult

where is machine X
what is its IP address
who uses it
what work has been done to it
why is the machine in room y
who authorized the move of the machine
how many times has this machine been moved

you need some way to track the work when you make changes

that is pragmatic changemgmt
_________________
John Hardesty
ITSM Manager's Certificate (Red Badge)

Change Management is POWER & CONTROL. /....evil laughter
Back to top
View user's profile
UrgentJensen
Senior Itiler


Joined: Feb 23, 2005
Posts: 458
Location: London

PostPosted: Tue Apr 22, 2008 1:03 am    Post subject: Reply with quote

Hi Diarmid,

In relation to your last post I thought I'd mention something I've introduced for situations like this.

I doubt this applies in all organisations but here where I work I have a couple of different fields to demonstrate the provenance of the change.

Incident, project and reference document. The logic for this is that sometimes work is generated in IT as a result of a policy or procedure. The IT teams don't want to replicate the information twice, so they can put in the name/location of the document that is effectively initiating the change.

I have to evidence for 5 different audits and this seems to work ok.

The scenario being raised by Dris could easily be covered by a referencing a policy document and therefore negating the whole incident/service request discussion.

And YES, I have taken my pills.

Cheers,

UJ
_________________
Did I just say that out loud?

(Beige badge)
Back to top
View user's profile
Dris
Newbie
Newbie


Joined: Apr 16, 2008
Posts: 3

PostPosted: Tue Apr 22, 2008 8:47 am    Post subject: Reply with quote

Hi Diar,

I'm not sure I understand your comments

Quote:

Hi Dris,

just a couple of points you have to consider:

1. Who makes the service request? It does not seem to be the service user; so how do you audit your performance against service requests if you can set them up yourself "on behalf" of users?

2. When you conduct service management review (without incident records because you raised a service request instead), how do you know that the incident happened, how often it happened and whether anything was done to prevent it happening again?


I guess I would complete the service request or incident. This way the information is recorded and the CMDB would be updated. I don't know if I would treat it as an incident however a service request based on current policy states that this machine belongs on this VLAN. Now nothing is moved. The only thing that is happening is the VLAN on the switch will be switched to the appropriate VLAN.

I'm just looking at a change as impacting the infrastructure. Example of this is when our security decide well this PC at all our properties belongs on this VLAN and needs to be changed. I can relate to this cause you are impacting the infrastructure as you are changing the way it was.

Please continue the discussion cause your points of view are valid and I see why. I just want to know is my train of thought totally out to lunch or are my conclusions valid?

Dris
Back to top
View user's profile
asrilrm
Senior Itiler


Joined: Oct 07, 2007
Posts: 441
Location: Jakarta, INA

PostPosted: Tue Apr 22, 2008 2:15 pm    Post subject: Reply with quote

Hi Dris,

Refer your first post, if you wanted to set this as incident request, my question is how would it be triggered? No one will complain because of any service outage.

The question is also valid on Diarmid's question, who's originating the service request, and in what process is it logged into?
Unless you have a process that deals with service request

To my opinion, it is a change no matter how small the scope or impact it causes.

I guess ...

Cheers,
Asril
Back to top
View user's profile
Diarmid
Senior Itiler


Joined: Mar 04, 2008
Posts: 1884
Location: Newcastle-under-Lyme

PostPosted: Tue Apr 22, 2008 5:32 pm    Post subject: Reply with quote

Hi Dris,

my own view is that it is a change, and that if you make it a change then all bases are covered. But UJ shows that you can do things slightly differently and still achieve a sound system. Whichever, you do need to have a system with no cracks for things to fall through.

Here is how I see your specific example:

1. A network engineer notices that a machine is on the wrong vlan according to policy for its characteristics.
2. He logs an incident to your service desk.
3. Investigation confirms this situation and generates a work request to rectify it.
4. At an appropriate moment in terms of risk and work priorities the machine is switched to the correct vlan.
5. The network engineer is notified and confirms that all is well, allowing the call to be closed.
6. At periodic incident review meeting the question is asked, why was a machine on the wrong vlan.
7. Steps are taken to ensure that it does not happen again.

If it was raised as a service request, you have to have another way of getting to the actions in steps 6 onward because service requests do not automatically trigger investigations. I also feel it is a bit abstract to say a service request comes into existence automatically as a consequence of an observed breach of policy.

Now, I realize that a) this is possibly a very trivial incident, b) the network engineer is probably going to do the fix him/herself and c) there may be little risk of impact to service.

But a) how do you ensure that the model, once set up continues to be used only for such trivial incidents, b) in a large infrastructure it may occur many times and putting it through incident management rather than service request should lead to earlier identification of it as a problem and c) it may be symptomatic of generally poor understanding of your infrastructure policies and thus be an early warning of other issues.

You may notice that I have been talking about incident versus request rather than change versus request. this is because I am concerned about the issues of non-conformance. I often have problems with terminology in these situations. Sometimes ITIL offers a series of terms and people try to do everything with just these terms. also sometimes it is the software that tries to apply the straitjacket.

Once you have established the incident as an incident, I see no reason why it cannot be passed to a process that makes the change with the correct controls defined by a procedure for switching the vlan of a machine. This may mean that you do not need, for example, to invoke a CAB. You can have pre-determined authority and procedure for the task. However this is not well named as a "standard change request" because the request is not standard and to retain what I think is needed in incident status, you would probably have to enter everything twice in order to treat it subsequently as a request.

PS asrilrm is correct. Change is change. Impact may be small, but even then it gets much larger if the change is done incorrectly or has further, unanticipated consequences or if it is a cost without a benefit.
_________________
"Method goes far to prevent trouble in business: for it makes the task easy, hinders confusion, saves abundance of time, and instructs those that have business depending, both what to do and what to hope."
William Penn 1644-1718
Back to top
View user's profile Send e-mail
Display posts from previous:   
Post new topic   Reply to topic    ITIL Forum Index -> Change Management All times are GMT + 10 Hours
Page 1 of 1

 
Jump to:  
You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot vote in polls in this forum

Powered by phpBB 2.0.8 © 2001 phpBB Group
phpBB port v2.1 based on Tom Nitzschner's phpbb2.0.6 upgraded to phpBB 2.0.4 standalone was developed and tested by:
ArtificialIntel, ChatServ, mikem,
sixonetonoffun and Paul Laudanski (aka Zhen-Xjell).

Version 2.1 by Nuke Cops 2003 http://www.nukecops.com

Forums ©

 

Logos/trademarks property of respective owner. Comments property of poster. Rest 2004 Itil Community for Service Management & Foundation Certification. SV
Site source copyright (c)2003, and is Free Software under the GNU / GPL licence. All Rights Are Reserved.