Home > Blogs > VMware Operations Transformation Services

Organization Transformation for Network Function Virtualization Infrastructure-as-a-Service

Enrico MontarioloBy Enrico Montariolo

Network Function VirtualizationThe evolution of technology can have significant influence on the future success, or failure, of companies that operate within an industry. Traditional communications service providers face this challenge today. The technologies driving this transformation are Cloud, Network Function Virtualization (NFV) and Software Defined Networking (SDN). Communications service providers (CSPs) look at the NFV model and see new ways to accelerate innovation, create competitive advantages, reduce cost and drive new business models.

Successful transformation requires that CSPs also evolve their operating model: evolving related roles, organizational structure, skill sets, processes and culture to reflect the reorientation of the company. We strongly believe that the “As-a-Service” cloud-based operating model is the right operating model to achieve the full benefits of agility, operational efficiency, faster time-to-market and cost reduction, as successfully demonstrated by early adopters like Google, Facebook and Amazon. These early movers are at a tremendous advantage. CSPs may be at risk if they don’t aggressively embrace As-a-Service capabilities.

Read this white paper for a thorough examination of the impact Network Function Virtualization will have on organizational structure and guidance on operating model transformation to NFV Infrastructure as-a-Service.


Enrico Montariolo is an Operations Architect with the VMware Global Professional Services and is based in Milan, Italy.

IT Transformation and Organizational Process Maturity

John WorthingtonBy John Worthington

Regardless of what process framework you use, and especially if you’ve done some ‘adaptation’ of processes, building process capability over the long haul goes hand-in-hand with building the organization’s process maturity.

Having thought about my comment, ‘so go ahead, adopt and adapt’, in one of my previous posts I thought further discussion might be in order.

Measuring Organizational Process Maturity

Based on the ISO standard[i], an organization’s process maturity is measured by establishing base and extended process sets at each stage of maturity. These base and extended process sets are tailored based on the domain and scope of the assessment and/or client-specific requirements.

For example, if a company decided that process A, B and C are critical to achieving organizational objectives they may determine that these represent the base process set. They could not achieve a process maturity of Level 1 (Basic) unless process A, B and C all met a Level 1 process maturity.

At Level 2, the organization may determine that there are additional processes that must be established. These would represent the ‘extended process set’ at a Level 2. To reach an organizational maturity of Level 2 (Managed), both the base and extended process sets would need to achieve Level 2 process maturity. Additional extended process sets might be added at higher levels of maturity as shown in the figure below.

Process Maturity

Process Capability versus Maturity


Process capability is focused on the ability of the process to achieve its desired outcomes based on business objectives. The process ‘base’ practices are directly related to the process objectives; which means the base practice attributes of a process are different for each process. So rating the degree to which each process expected outcome is met (or not) is a quick way to provide insight to its capability, which may (or may not) be adequate for a given organization’s business objectives. An example for Incident Management is given below. (Note: A formal process assessment will also review the process inputs/outputs, supporting people/technology and other evidence

Process Maturity

Process Capability Attribute  – Incident Management
(i.e., objectives/process desired outcomes)
An incident and service request management strategy is defined and implemented
Incidents are reported, prioritized, analyzed for business impact, classified, resolved and closed
Customers are kept informed of the status and progress of their incidents or service requests
Management of potential service level breaches are communicated to and agreed with the customer
Incidents which are not progressed according to agreed service levels are escalated by customers

If all the objectives of the process are either Largely or Fully achieved, the process will meet Level 1 (performed) requirements.


Process maturity attributes apply to all processes, and are considered ‘generic’ attributes. These ratings are usually taken across a group of processes (such as the base and extended process set). Each level of process maturity builds on the next:

  • Level 1 – Performed (Process Performance)
  • Level 2 – Managed (Process Performance Management, Work Product management)
  • Level 3 – Established (Process Definition, Process Deployment)
  • Level 4 – Predictable (Process Measurement, Process Control)
  • Level 5 – Optimizing (Process Innovation, Process Optimization)

How mature are your processes?

Download this simple exercise using the ISO standard generic process attributes. Identify what you feel would be your ‘base process set’, and if you want a ‘extended process set’ as well. Then answer these questions for each process.

Organizational Process Maturity and ITaaS Transformation

Each organization has different starting points, different goals and objectives, and different levels of capability/maturity. So while we can effectively leverage our extensive experience with ITaaS transformations, each transformation path will be unique.

As processes are adapted along an ITaaS transformation path, changes in process boundaries, roles, controls and supporting technology can dilute organizational process maturity. This is another reason why ‘slow and steady’ may win the IT transformation race; frantic attempts to speed up the hill (again and again) increase the costs associated with the transformation effort an ultimately exhaust IT staff.

So go ahead, ‘adopt and adapt’, but be careful to maintain your hard-earned gains in organizational process maturity.

[i] ISO15504 – http://www.iso.org/iso/catalogue_detail.htm?csnumber=54175


John Worthington is a VMware transformation consultant and is based in New Jersey. Follow @jMarcusWorthy and@VMwareCloudOps on Twitter.

5 Steps to Build a Security Strategy for the Digital Enterprise

From team bonding to micro-segmentation: a 5-step journey to develop a proactive security mindset in your cloud organization.

Pierre Moncassin-cropBy Pierre Moncassin

Only a few years ago security was at best an afterthought for some cloud teams., Everyone in the team thought that security was someone else’ s problem. For some less-fortunate organizations, this mindset did not change until a major security breach occurred with resulting financial losses, reputational damage not to mention job cuts. By that point security did becomes everyone’s problem – but that realization happened far too late.

To avoid this sort of less-than-optimal scenario, let me share here what I see as some key steps to develop security mindset right at the core of your cloud organization

First, why is security in the cloud specifically challenging?

IT security risks have of course existed well before the cloud era. However cloud technologies have brought along a new dimension to the risk. Reasons include:

  • Due to unprecedented ease and speed to provision infrastructure, a new population of business users have become able to provision their own cloud infrastructure. They may not all be fully aware of the corporate IT security guidelines (or may not feel bound to follow them strictly).
  • Fast provisioning in the cloud has often led to a proliferation of “temporary” workloads – many of which are not rigorously controlled.
  • Data in the cloud can be stored anywhere. Users are usually not aware of where their data is located physically, or have no control over that location. Therefore protecting confidential data becomes an additional challenge. Some country legislation, for example, mandate that confidential data from their nationals must remain within designated geographies.

Step 1: Build a broad awareness and knowledge base.

All cloud team members need to understand the basics of security for their cloud platform. That includes not only the enterprise security policy, but also a broad awareness of relevant laws (e.g. data protection) and compliance requirements (e.g. PCI, Sarbanes Oxley).  It also helps to build some basic awareness of common security breaches. In order to incentivise this learning, consider including security training in personal objectives (also known as ’MBO’); include security awareness in new hire onboarding and individual training plans.

Step 2: Break down technical silos

As I explained in on my recent blogs, technical silos occur quite naturally as specialists organize themselves along groups of expertise (networks and servers, operating systems and hardware). However entrenched silos can easily cause gaps in security coverage. This is because hackers are experts at finding fault lines between silos – those tiny gaps or fault lines from which they can launch an intrusion.  They will look for the ‘weakest link’ wherever it might be found (e.g. access password too simple, un-patched operating system patch, lax email security, defective firewall  – the list of risks is long).

Instead of relying on a silo mentality, the team needs to consider security end-to-end, and assume that breaches can occur in any layer of the infrastructure. In the same way as cloud services need to be designed end-to-end across silos, teams need to work together to manage security risks.

Step 3: Involve the business stakeholders

Part of setting up a cloud organization with VMware’s model, involves building close working relationships with business stakeholders. Specific roles within VMware’s cloud organization model will be in place to liaise with the business (eg Service Owner, Customer Relationship Manager).  And security is a key part of this cooperation. Some key aspects are:

  • Establish clearly responsibilities (e.g., who patches the workloads? who checks compliance?)
  • Document the responsibilities and expectations e.g. within the service level agreements;
  • Ensure regular communications about security between business users and cloud team (e.g. are there security-critical applications? Confidential data? What level of confidentiality?)

Step 4: Automate day-to-day security & compliance checks.

As part of operating a VMware cloud, the team will most likely be using tools such as VMware’s vRealize Automation and vRealize Operations Manager. These tools can be configured and leveraged to enhance some of your security and compliance procedures – adding much-needed automation to routine, day-to-day activities that otherwise consume effort and attention. Here are some examples of steps your teams can take to leverage these tools for security & compliance.

  • Ensure that provisioning blueprints are up-to-date with the latest security policy (e.g. patch levels).
  • Configure vRealize Operations Manager’ dashboards to display an aggregate view of compliance risk across your virtual infrastructure. For example, vRealize Operations Manager can be configured with extensions and third party integrations that allow to extend its analytical capabilities across a broad variety of sources including VMware Cloud Air, VMware NSX, Amazon AWS, NetApp Storage (for further details check out: http://www.vmware.com/files/pdf/vrealize/vmware-vrealize-operations-management-packs-wp-en.pdf).
  • Leverage vRealize Operations Manager’ ability to automate and report on compliance checks (the technical capabilities are described in more detail in this VMware blog: https://blogs.vmware.com/management/2015/03/compliance-in-vrealize-operations-6.html).
  • Leverage the potential of automated integration with your support desk. Once detected, compliance or risk issues must be acted upon. These events can be automatically associated to the creation of an incident ticket. I have outline the potential of such integrations in an earlier blog  https://blogs.vmware.com/cloudops/2015/09/cloud-itsm-integration.html
  • From an organizational point of view, what we want is to automate as far as possible the bulk of routine compliance checks and security monitoring, so that the teams can focus on the ‘big picture’ work pro-actively to identify emerging security threats

Step 5: Shift paradigm on network security with micro segmentation.

Whilst the expression “paradigm shift” has been much over-used, it still fits perfectly to describe the evolution from traditional network security to micro-segmentation.

The traditional approach to securing a private cloud’s network is to setup strong security (firewalls) at the perimeter. This is the fortress model of security – highly protected boundaries (perimeter) and a gate to control traffic at the entrance.

The downside is that all “fortresses” share a weakness by construct. To understand why, let’s consider the typical stages of a data breach:

  • Intrusion: attacker finds a breach in the perimeter
  • Lateral Movement: the intrusion is expanded for example, by compromising neighboring workloads or applications.
  • Extraction: potentially sensitive data from the compromised systems.
  • Cleanup/deletion: the intruder attempts to remove traces of the intrusion (deleting log files etc.).

Security Data BreachIn the event where an intruder manages to pass through the security gate, moving from room to room within the fortress becomes relatively easy. In IT terms, once a network’s perimeter is breached and a first workload is compromised, the intruder can often move “laterally” to compromise other workloads with little or challenge, then locate potentially sensitive data to retrieve (‘Exfiltrate’).  There may be other lines of defense within the fortress (traditional network) – but these tend to be static, and once broken the same problem of “lateral mobility” occurs again.

Micro-segmentation allows fine-grained network security that can prevent not only the initial intrusion, but challenge attempts the other stages i.e. Lateral Movement Exfiltration, Cleanup.  The reason is that each ‘room’ (or workload) can be isolated from the other. We could compare this new model to the layout of submarine where each section of the ship is partitioned by watertight doors. Each compartment  (micro-segment) can contain an intrusion. The would-be intruder is just as challenged to move from one compartment to the other, as getting past the entrance door in the first place.

However micro-segmentation means more than fine-grained network isolation. It offers the possibility to tailor security policies down to the workload level, therefore increasing to a new level the control over cloud security.

For example, network security rules can be associated to logical objects like a workload. When the workload is moved from a network location to another, the security rules are maintained – they ‘follow’ the workload rather than being attached to a fixed network address.

Security Rules

Leveraging that potential requires a new mindset – shifting from a static security model to dynamic, fine-grained security. It also requires the cloud team to develop new skills. For example to replace routine configuration skills with automation, traditional network skills need to be complemented with design and programming skills.

Key take aways:

  • Think of security as by essence, teamwork. Encourage your team to coordinate security across silos – users, cloud engineers, security teams.
  • Leverage your automation tools such as VMware vRealize Automation and vRealize Operations Manager – they will help automate some of your security and compliance procedures.
  • Transform your team’s perspective on network security by leveraging micro-segmentation, moving from the traditional ‘fortress’ security model to a dynamic, fine-grained approach.

Pierre Moncassin is an operations architect with the VMware Operations Transformation global practice and is based in the UK.

Increasing the Adoption of vRealize Operations Across Your IT Organization

Alberto Martinez-cropBy Alberto Martinez

As I visit customers, I have heard similar feedback about vRealize Operations (vROPs): “It’s a great product but we are not getting the best out of it.” The unfortunate reality is that they are probably right! There is often a large gap between the wide range of possibilities and functionalities that vROPs can offer to the SDDC/Cloud environment and the real way in which it´s being consumed. This could be preventing your IT organization from getting the best from the product and impacting your investment.  For many companies that investment is not insignificant, as it includes licensing, professional and educational services, and dedicated resources to manage it.

The challenges are often related to more than just technology and require looking at the operational aspects of the solution such as your specific operating model / environment, how your IT organization is structured or what IT processes you have defined and are running.

Our proposed approach to maximize the vROps usage within your environment

A consistent methodology is crucial if you want to maximize your investments in vROPs, and this will include the identification of improvement areas (formulated into a set of actionable recommendations) and the subsequent implementation of them into your IT organization:

vRealize Operations

  1. Understand your specific environment through a set of discovery workshops with the key stakeholders focused on your IT strategy & organization, your existing roles & responsibilities and your defined processes related to performance and capacity.
  2. Produce an assessment report with the key findings & early state recommendations.
  3. Consolidate & transform the assessment report content into a comprehensive set of proposed recommendations and roadmap.
    • Present assessment findings & roadmap to the executive team as a sponsorship checkpoint. This will reinforce commitment and will identify key initiatives.
  4. Implementation of the agreed recommendations across your IT organization.
    • Measure and validate the success of the implemented recommendations focusing on the utilization of vROps and the stakeholder´s feedback!

Based on our experience delivering this methodology across many customers, we have been able to identify some key common considerations that will drive the success of this initiative:

  • Every customer environment is specific: We see different levels of maturity across processes, political issues across the teams, change readiness of the IT organization, teams in siloes with collaboration issues, etc. That´s why the initial phases of the approach are critical for the success: the better we understand you, the better we will articulate the improvement recommendations and engage with the required impacted people!
  • Sponsorship is crucial to promote the benefits and break the resistance to change across the IT organization. Motivate your IT organization using a top-down approach. Effective communication is the key to success.
  • Stakeholder identification and involvement during the early stages of the assessment is key to ensure involvement and commitment and capture their unique viewpoint. Miss a key stakeholder and you will miss a key input!
  • Leverage existing initiatives that are in place or planned to start in the organization that can have an impact on vROps (e.g. application monitoring, log management, cloud transformation). This will facilitate expanding the adoption of vROps by integrating smoothly into your ecosystem.

What typical areas do we focus on when identifying recommendations for our customers?

After reading about the methodology and key considerations some of you might be thinking that this is nothing really new.  You may wonder what concrete examples of operational recommendations we can offer to enhance the adoption of vROps.

It is important that you first understand the methodology and how we normally get to those recommendations. It is a journey in which we discover information about our customers while at the same time educating and inspiring them to do things differently. If we present the recommendations directly missing this critical inspirational element, it is less likely that the transformation will be absorbed, and more likely that the implementation will fail.

Having reviewed the methodology and the key considerations, a high-level example of operational areas that we normally focus on may include:

  • Expanding the information in vRealize Operations across other teams in the IT organization (e.g. Level 1 Operators, Level 2 Admins, Business teams, DevOps groups).
  • Defining workflows in VMware Orchestrator that automate the execution of repetitive tasks and / or the resolution of detected events in vRealize Operations.
  • Expanding vRealize Operations across your existing monitoring architecture.
  • Standardizing the reactive capacity process to support incoming project demand requests (e.g. capacity policy, capacity & scalability plan, What-If scenarios).
  • Defining a business right sizing capability to drive the proactive capacity management including resource reclamation (undersized VMs), VM recertification (idle or powered off VMs) and hot spot identification (oversized VMs).
  • Defining a governance model to support the IT Infrastructure Capacity and foster the collaboration across systems, storage and networks teams.
  • Identifying any specific recommendations across the SDDC/Cloud environment (e.g. upgrade paths, backup & recovery strategy, training needs).
  • Identifying other future initiatives that could be critical to the success of your SDDC/Cloud strategy (e.g. cost models and IT business management strategy, disaster recovery strategies).

Sometimes it is important to step back from the day-to-day activities, analyze your current environment (including both the good practices and the areas of development), and then think about different ways to bring value to your existing solutions. And this is exactly why VMware offers our Ops Transformation Performance & Capacity Management services – to help our customers to maximize their vRealize Operations investments by driving them towards different ways of doing things…because if you do what you’ve always done, you’ll always get the same results!

Alberto Martinez is an operations architect with the VMware Operations Transformation EMEA practice and is based in Spain.

Build Your Operations Transformation Agenda for VMworld Barcelona 2015

dc2105-150x150By: Andy Troup

For those of you fortunate enough to attend VMworld Barcelona from October 12 to October 15, here is the Operations Transformation breakout session agenda, to help you plan your schedule.

As a reminder, the track is focused on helping you understand how the VMware Software-Defined Data Center is redefining IT infrastructure, and how it enables IT organizations to combine technology and a new way of operating to become more service-oriented and focused on business value. This track offers unique opportunities to learn the latest best practices and key considerations from experienced VMware experts and practitioners transforming their IT infrastructures and operational processes.

In Barcelona, the Operations Transformation track is offering 3 different types of sessions. There are 7 breakout sessions and one Group Discussion session all of which last for an hour. In addition, and new for this year, there are also 2 Quick Talk sessions which last for 30 minutes and are available on Monday October 12.

Operations Transformation

VMworld 2015

VMworld 2015

The track as a whole is all about how to transform the way that you operate so that you can really start to get the benefits of your technology investment and become a service provider to your customers. There are a number of sessions that cover how transformation is achieved. This includes a session covering VMware’s own transformation and our “OneCloud” implementation. Some of VMware’s transformation specialists who have helped many customers undertake a transformation will also be providing you with details of best practices and pitfalls to watch out for. Check out the following sessions:

  • OPT4682-QT – A Roadmap for Transformation – Planning Your Future State and Ensuring Governance
  • OPT5361 – Best Practice Approaches to Transformation with the Software-Defined Data Center
  • OPT5814-QT – AGILE for Infrastructure: Utilizing Agile Methods to Drive Iterative Infrastructure Development and IT Service Delivery
  • OPT5972 – 80,000 VM’s and Growing! VMware’s Internal Cloud Journey Told by the People on the Frontline

vRealize Suite

The vRealize suite of products features in the OPT track this year, covering vRealize Automation, vRealize Buisness, vRealize Operations and vRealize CodeStream and how they have been instrumental in enabling operational transformation. How vRealize Business can be used to help you become service focused and really manage IT as a business will be covered as well as how to build effective cost models.

Other sessions will show how the implementation of vRealize Operations has enabled customers to undertake their transformation and manage the services that they are offering. How close integration between vRealize Operations and vRealize Automation has meant a clearer understanding of the service provision process and the operational benefits will be covered in another session.

Check out the following sessions:

  • OPT4680 – Advanced  Automated  Approvals Use Case—Using vRealize Operations and vRealize Automation to Seize Back the Approval Charter
  • OPT4992 – VMware vRealize Code Stream:  Is DevOps about Tools or Transformation?
  • OPT5029 – How to Use Service Definitions in VMware vRealize Business to Build Highly Effective, Service-Based Cost Models
  • OPT5075 – 6 Steps to Establish Your IT Business Management Office (ITBMO) with VMware vRealize Business


NSX is become front of mind for many people, and there is realization that this technology product is having a big impact on the way that IT groups operate. The OPT track is offering a session that will provide real world experiences of how this takes shape.

  • OPT4953 – Operationalizing VMware NSX:  Practical Strategies and Lessons from Real-World Implementations


The impact that the implementation of the Software Defined Datacenter has on organizational structure is a common discussion point, and this year the OPT track offers a group discussion with leading organizational change specialists who have a vast amount of experience with many customers.

  • OPT4743-GD – Organizational Change Group Discussion

Use the Schedule Builder tool at vmworld.com to locate these sessions and schedule into your VMworld agenda. Hope to see you there.


Andy Troup is a Cloud Operations Architect with over 25 years of IT experience. He specializes in Cloud Operations and Technology Consulting Service Development. Andy is also a vCAP DCA and VCP. Andy possesses a proven background in design, deployment and management of enterprise IT projects. Previously, Andy co-delivered the world’s first and subsequent vCloud Operational Assessments (Colt Telecomm & Norwegian Government Agency) to enable the early adoption of VMware’s vCloud implementation.


Adopt Before You Adapt Your IT Processes

worthingtonp-cropBy John Worthington

Many people familiar with ITSM have heard the expression ‘adopt & adapt’ as a good practice, but it’s worth noting the order in which these words are placed. You must adopt before you can adapt. This leads to the question, when has a process been ‘adopted’?

Incomplete Process [i]

If a process doesn’t have a purpose, or if the process purpose is not understood by the organization, it is hard to consider it implemented. If a process is performed so inconsistently or irregularly over time or in different business units, that it does not systematically achieve its purpose, it has not been adopted.

At this level, more efforts are needed to adopt the process. This may require transitional change efforts that may include strategy, structures, and/or systems.

Performed Process

If the process achieves its purpose it’s normally considered ‘adopted’, even if the relative maturity is low. The organization understands the purpose of the process and there is evidence that the outcomes of the process are achieved, such as the production of a document, change of state or meeting a goal.

Reviewing the base practices associated with the process can help determine whether all the desired outcomes of the process are achieved, even if some specific outputs (i.e., work products) are not in evidence.

At this level of maturity, the process can be adapted and improved. This requires developmental change efforts; project plans that should communicate the changes and provide knowledge transfer to key stakeholders.

Why is this important?

When we are adapting multiple processes as part of an ITaaS or SDDC transformation, even a single incomplete process can significantly increase the scope of the effort. You cannot adapt what has not been adopted!

ITaaS Transformation and Established Processes

Incident Management is typically a process that has been adopted. For example, all these objectives[ii] may be met:

  • Process AdoptionEnsure that standardized methods and procedures are used for efficient and prompt response, analysis, documentation, ongoing management and reporting of incidents
  • Increase visibility and communication of incidents to business and IT support staff
  • Enhance business perception of IT through use of a professional approach in quickly resolving and communicating incidents when they occur
  • Align incident management activities and priorities with those of the business
  • Maintain user satisfaction with the quality of IT services

Even if the process documentation is not elaborate the process may be achieving its purpose and providing its expected outcomes. It’s not uncommon for organizations to have this process formally described, have trained practitioners, be well supported by tools and standardized across the organization. These would characterize this as Level 3 (Established) maturity.

In this case, vRealize Operations can integrate easily with the process (i.e., by automatically creating Incident records in the tool) as appropriate.

ITaaS Transformation and Incomplete Processes

In an ITaaS transformation, capacity management can be an example of an incomplete process. For example, the following objectives[iii] of capacity management may be difficult to achieve:

  • Produce and maintain an appropriate and up-to-date capacity plan, which reflects the current and future needs of the business
  • Ensure that service performance achievements meet all of their agreed targets by managing the performance and capacity of both services and resources
  • Assist with the diagnosis and resolution of performance and capacity related incidents and problems

If IT services are not well defined, if the problem management process is not established, or if the capacity management process is not well supported (by people and technology) then it is common that it would not meet Level 1 (Performed) requirements.

The use of vRealize Operations can address the technology process support requirements, but you will still need to define services to manage service performance and you will still need to establish problem management as a process in order to assist with capacity related problems. You may also need to establish roles associated with capacity and performance management that are not currently well defined in the organization.

[Note: it is not required that an ITIL-based process be in existence, but the process will still need to be considered performed (adopted) in order to adapt.]

Adopt or Adapt is not a matter of choice

You do not choose developmental, transitional or transformational change; you discover what change is required based on organizational demands[iv]. This is why assessment and discovery activities are so important. These activities make sure your implementation plans have the inputs needed to ensure a complete plan, and the appropriate developmental, transitional and/or transformational strategies.

In the examples provided, we can easily adapt the existing incident management process to ITaaS. However, there may be more work needed to establish capacity management and related processes. The level of effort needed to achieve this can vary significantly based on organizational requirements, objectives and your starting point.

Understanding this is key to establishing a transformation path that minimizes effort and maximizes the value out of the people, processes and technology — in other words, developing ITaaS organizational capabilities.

[i] Process Assessment and ISO/IEC 15504, Van Loon
[ii] ITIL© Incident Management
[iii] ITIL© Capacity Management
[iv] Beyond Change Management: How to Achieve Breakthrough Results Through Conscious Change Leadership, by Dean Anderson and Linda Ackerman Anderson


John Worthington is a VMware transformation consultant and is based in New Jersey. Follow @jMarcusWorthy and@VMwareCloudOps on Twitter.

Building a Resilient Integration from Your Cloud to your IT Service Management Platform

Pierre Moncassin-cropBy Pierre Moncassin

In the vast majority of cloud implementations the integration between the self-service provisioning workflow and the configuration management system (CMS) will need to be addressed.

On the surface the use case is a ‘no brainer’. Once a cloud infrastructure service has been provisioned we want to ensure that the newly created configuration items are recorded in the CMS so that IT can support the new service. Incidents occurring in the newly created infrastructure need to be detected, managed and resolved.

In most cases the IT Operations team will be relying on an IT Service Management toolset for its day-to-day activities. In this typical scenario, we would need a technical integration between the provisioning workflow engine and the IT Service Management toolset.

In order to enable IT Support with Event and Incident Management, we need the newly created workloads (or applications) to be “visible” from the Service Management toolset. This means creating the configuration items in the service management toolset’s configuration management system (CMS). Vendors of service management tools have various approaches to their configuration management system, but in principle this will require the creation of configuration records in their CMS.

Here’s the simplified diagram:

Cloud ITSM Integration

However the range of integration scenarios is by no means limited to event/incident management. There is actually a broad range of possible scenarios including:

  • Change Management – tracking updates to the configuration items that have been created
  • Financial Management – being able to evaluate the cost of newly created item, which In turn will enable chargeback, billing and more broadly help meet the financial requirement
  • Compliance & security – being able to verify that the infrastructure meets corporate policy and security standards as appropriate
  • Business Continuity Management – ensuring resilience, disaster recovery, backups/archiving etc.

Given the number of possible use cases, it is important to decide early on which the key scenarios will be. Which processes do you want to enable as a priority?

That initial decision will drive the complexity of the technical integration, especially the number of parameters and values being passed around.

The Technical Side of Integration: Tools & Guidance

Fortunately when it comes to the technical side, there are many options to integrate VMware vRealize Operations into a third party tool. The typical avenue is to leverage the connectivity features of VMware vRealize Orchestrator.

On the other side of the integration, we will have an IT Service Management (ITSM) toolset (from vendors such as BMC, HP, CA, ServiceNow, and many others).

Here are some example resources for the some commonly used toolsets:

The integration workflow reflects the process requirements: typically, creating Configuration Items (CI’s) in the Service Management toolset and passing on CI information.

However one aspect that can be easily overlooked when first setting up the integration, is to build in resilience. For example, the ability for this integration to handle exceptions and errors.

Another key to resilience is to consider the operational aspects of the integration itself.

  • Maintenance is often where integrations fail over the long run – the organization lacks the resources or roles to keep the integration up to date. It is recommended to assign someone the responsibility for maintaining this integration.
  • The skills to maintain the integration may need to be developed and refreshed.

Your Take-Aways

These three angles must be covered to produce a robust integration SDDC-ITSM:

  • People: decide how your organization will maintain this integration for the long term (and who will maintain it). Ensure than the relevant skills (and knowledge) is retained to keep the integration up to date in the future.
  • Process: decide on the key process (use cases) for the integration – and document them.
  • Technology: Leverage exiting tools and know-how – no need to re-invent the wheel. Build in resilience early on: plan for exception handling, testing and future version upgrades early in the development of the technical integration.

Pierre Moncassin is an operations architect with the VMware Operations Transformation global practice and is based in the UK.

Top 3 Tips for Optimizing DevOps

More collaboration is a noble goal. Make the reality match the promise.

Optimizing DevOpsThe concept of DevOps is so appealing. Who wouldn’t agree that better communication between development and operations teams will expedite release cycles, improve software quality, and make the business more agile? Just one question: why is DevOps still a “concept” at most companies rather than an operational reality? The short answer is that DevOps requires new ways of working, and that can create cultural upheaval.

Download 3 Top Tips for Optimizing DevOps from our Consultant Corner for guidance around addressing the people and process issues of DevOps in a VMware environment—so you can reap the business benefits sooner.

Staffing Your Cloud Organization – A Heuristic Model

Approximating staffing ratios in a cloud organization as a logarithmic function of infrastructure metrics.

Pierre Moncassin-cropBy Pierre Moncassin

Customers who want to establish true cloud services based on VMware’s SDDC solution (or any other provider for that matter), realize that in order to fully leverage the technology, they need to adapt their IT organization.

More specifically, they need to setup a dedicated team – a cloud Center of Excellence (COE) to manage and operate their cloud services.

The structure and roles of that team are described in detail in ‘Organizing for the Cloud’.

During practically all Operations Transformation projects, a question frequently asked is: what is the optimum staffing level to setup this cloud organization (FTE a.k.a. Full Time Equivalent)?

The standard consultant answer is of course  ‘it depends’. But in this blog, I will explain in more detail what “it depends” means in this context.

In an earlier blog, I described “10 key factors to estimate staffing ratios to operate platforms with vRealize Automation and vRealize Operations Manager”.

  • Number of lines of business
  • Number of data centers
  • Level staff skill/experience
  • Number of cloud services
  • Workflow complexity
  • Internal process complexity (includes support requirements eg 5 days/5 or 24 hour/7)
  • Number of third party integrations
  • Rate of change
  • Number of VM’s
  • Number of user dashboards/reports

Now these 10 factors, and probably hundreds of other factors will determine the complexity of the tasks that the cloud organization needs to perform and therefore, the staffing level. Clearly there are thousands of possible combinations of these factors. But if I want to see how the FTE count evolves with a single , easy-to-quantify parameter (such as number of virtual machines or any other ‘simple’ infrastructure metric’), we need to make strict assumptions to ‘tie down’ the other factors.

So let’s assume that we are looking at a single organization evolving over time; as time passes the number of virtual machines gradually increases, but so does the number and complexity of the services, as well as the demand for support coverage:

  1. Between 1 and 100 VM’s, the COE is running as a pilot, there are no support requirements, only a small number of services to run.
  2. Between 100 and 1000 VM’s., the COE is running cloud services regionally with some basic service levels.
  3. Over say, 30,000 VM’s, the COE is now running a global operation with 24/7 support requirement and a broad range of services.

Cloud Organization Staffing

Practical observation of a number of real-life examples suggests an evolution broadly similar to the logarithmic curve in figure 1. Now this is still a model that deliberately simplifies and ‘smooths out’ the FTE curve, but there are two practical implications:

  • The staffing levels may rise most steeply at the beginning of the curve. When the organization transitions from a pilot to a fully operating COE, the staffing need levels rise significantly.
  • The FTE curve flattens out then the organization matures and can handle high volumes. Once the COE is operating with a high level of automation with experienced staff, adding workload only requires a marginal increase to the FTE’s count.

In reality of course the complexity – i.e. the demand on FTE – never grows quite linearly.

We would see threshold effects. For example when we reach 300 worksloads, a new 24×7 service may be added to the portfolio, which requires a rapid increase in FTE.


  • The faster rise in FTE will occur in the early stages of build-up of cloud services; this is ‘normal’ given that we see an increase altogether of the number of services and the service levels and therefore significantly increasing the demands on the cloud organization;
  • Once well established and automated, the FTE level should only increase marginally with rising infrastructure volumes – your organization will have learned to cope with increasing quantities.
  • We need to caveat that although the FTE curve may look broadly logarithmic, threshold effects are inevitable: new demands on service level (eg new compliance requirements, 24×7 etc) can create an ‘uptick’ in FTE without necessarily a prior ‘uptick’ in volumes.

What we have presented here in an intuitive model to understand how increasing volumes impact FTE. You are welcome to share your experience and perhaps refine this heuristic model.

Pierre Moncassin is an operations architect with the VMware Operations Transformation global practice and is based in the UK.

VMworld 2015 – Day 4 Recap

Wednesday Sept 2

dc2105-150x150By Andy Troup

Kevin Lees, our principal architect in our Operations Transformation Services practice, spoke today about Best Practice Approaches to Transformation with the Software Defined Data Center. Kevin speaks from experience, spending most of his time with customers on-site with transformation projects. Kevin has seen firsthand what works and what certainly doesn’t. Recommendations he shared this morning included:

  • Start with a formal service definition process—include all stakeholders (LoB, Ops, Infrastructure, Dev, Finance)
  • Include Security and Compliance right off the bat
  • A 360 degree service definition exercise drives technology decisions, not the other way around
  • Look at the new roles that will be needed: e.g. Business Relationship Manager, Service Owner
  • Create a Service Marketing Plan for key stakeholders in the organization
  • Assume change will be constant—adopt an agile planning methods (e.g. 2 week sprints); release features on a regular basis rather than waiting for final project completion
  • Take an iterative approach rather than a sequential approach. Start simple, gradually expand (this applies to the process side as well as the service offering side.)
  • Merge workstreams: technical workstream, operations transformation workstream, cloud service management
  • Break down silo’s (Kevin has some really good advice here arming and rewarding champions or change agents in the functional groups to help this happen. Exec sponsorship is also critical.)

You can find the session recording on the VMworld mobile app or vmworld.com to get the benefit of all of Kevin’s insights.

Last day of the conference is tomorrow! Here’s what to attend:

  • 10:30 AM
    OPT 5029 How to Use Service Definitions to VMware vRealize Business to Build Highly effective, Service-Based Cost Models
  • 10:30 AM
    OPT 4707 Integrating vRealize Automation with ITSM and Service Catalog
  • 12:00 PM
    OPT5709 Building a SDDC with CIT (customer presentation)
  • 1:30 PM
    OPT 5369 Proactive Monitoring of a Service: People, Process and Technology

Don’t forget to use the VMworld mobile app to easily locate these final day sessions.

And, thanks for sharing the week with us! Please do reply to this post with any observations about the subject of transformation of your own, either from your own experiences or as a result of any the Operations Transformation sessions you attended this week. Looking forward to hearing from you.

Andy Troup is a Cloud Operations Architect with over 25 years of IT experience. He specializes in Cloud Operations and Technology Consulting Service Development. Andy is also a vCAP DCA and VCP. Andy possesses a proven background in design, deployment and management of enterprise IT projects. Previously, Andy co-delivered the world’s first and subsequent vCloud Operational Assessments (Colt Telecomm & Norwegian Government Agency) to enable the early adoption of VMware’s vCloud implementation.