Tag Archives: vCAC

From “Routine” Patch Management to Compliance-as-a-Service: How Cloud Transforms a Costly Maintenance Function into an Innovative Value-Adding Service

By: Pierre Moncassin

You might not think of Patch Management as the coolest part of running an IT operation (cloud or non-cloud). It is a challenging, often time-consuming part of keeping infrastructure secure. And in many industries, it is a critical dependency for meeting regulatory requirements. As a result, IT managers can be forgiven for thinking of it as hard work that just needs to get done.

But recent discussions with global vCloud customers have given me a new perspective on the Patch Management function. These customers’ service owners have quickly grasped some new possibilities that come with an automated cloud infrastructure, one of which involves exploring how to offer patch management services to their end users. While this is not a new concept for managed providers, it’s a step change for an internal IT department – and one that turns Patch Management into a pretty exciting role.

Let us look at the key elements of that change:

To start with – we now see the patching toolset as a key component of end-user service. There is no point in offering patching services in a cloud environment without reliable automation to deliver them – the core toolset for patch reporting is of course VMware’s vCenter Configuration Manager, complemented by vCenter Orchestration for automation of specific remediation workflows.

But beyond the automated patch level checking and deployment, VCM also opens the possibility of adapting compliance reports for each user. Without going into too much detail here, it’s relatively straight forward to configure VCM in a ‘service-aware’ structure. VCM allows administrators to define virtual machine groups that match, for example, the virtual servers assigned to a specific division. Filters can be further set to extract only the patch information relating to that end user. Then your VCM reports can be exported into customer-facing reporting tools to provide customized compliance reports.

Make that switch to a service mindset. Of course, bringing the idea of ‘service’ into the patching activity means a mindset shift. It implies service levels and well-defined expectations on both sides. And it invites a financial perspective, too: the cost of delivering the services can be evaluated and potentially communicated back to the consumer. As the cloud organization matures, it may consider charging for those specific services.

Moving to a service approach for patching, then, can be a stepping-stone towards delivering further value-added services to the end user: not just routine patching, but other compliance services that can become more and more visible. Again, patching has moved well beyond its traditional role.

Next, integrate patching with Self-Service capabilities. As with any on-demand service, patching-as-a-service will need to be published in the Service Catalog. In all likelihood, patch management would be offered as an option complementing another service (e.g. server or application provisioning). There are many ways to publish such a service – on the service portal, for example, (if there is such a dedicated portal), or directly within vCenter Automation Center (vCAC). In vCAC, a patch management service could be made available either at provisioning time, or, potentially, at runtime when a machine is already running (vCAC for example can issue a ticket to the service desk to make the request).

Beyond the Service Catalog, there is also interesting integration potential if patching requirements are ‘pre-built’ into the vCAC blueprint. In a nutshell, vCAC can be configured to select the patching option that will be applied by vCenter Configuration Manager at runtime. In my view, that type of integration has considerable potential – potential I’ll explore in a separate blog in the near future.

Lastly, communicate. It’s an obvious part of a service mindset, but also one that’s easy to overlook: if you are adopting this new way of looking at patch management, you need to ensure that two-way communication takes place with your end users, whether to define the service, to publish it, or during its delivery. This is an extended, if not new function for the service owners.

In sum:

Patch Management – often associated with ‘hard work’ done in the background – is transformed with Cloud Operations:

  • ‘Hard work’ becomes ‘service design work’ – a common theme across VMware Cloud Operations
  • Team focus shifts from ‘keeping the servers running’ to a more creative activity closely engaged with consumers – offering a new, value-adding service
  • Patching services set the foundation for more comprehensive services under the umbrella of Compliance-as-a-service
  • Technical integrations between self-service provisioning and patch management can be leveraged to open new avenues for self-service automation

Follow @VMwareCloudOps and @Moncassin on Twitter for future updates, and join the conversation by using the #CloudOps and #SDDC hashtags on Twitter.

The Secret to Avoiding the Portfolio Management Bottleneck: Simplicity

By: David Crane  

Delivering a set of standardized infrastructure services is a critical dependency as IT becomes more service oriented. Getting application owners who are used to custom infrastructure to agree to only use standard service configurations may be the defining problem of the cloud era.

The lifecycle of defining new service elements, adding them to the service portfolio, then formally releasing them for use by adding to service catalog is the very heart of the problem when getting multiple developers and application owners to agree to use standard services.

The process is critical.  And the process must be streamlined and oriented to the needs of users and funders of the service, and not the internal machinations of the IT organization.

However, traditional ITSM Service Portfolio Management is a cumbersome process geared to the needs of the IT organization.  IT includes numerous points of IT management sign-off, and the process is not optimized for actually developing and releasing new services into use.  The traditional approach tends to be heavy on oversight, and light on actually doing work. This approach reduces agility and wastes scarce resources. Not good in an era where increased agility and reduced operating costs are key measures of success.

Things are different within a virtual cloud ecosystem like VMware’s vCloud Automation Center (vCAC). With vCloud Automation Center, authorized users can access standardized services through a secure self-service portal, as vCAC acts as a service governor to help enforce business and IT policies throughout the service lifecycle. In this environment, a radically simplified design lets IT service managers focus their energy on the needs of users and funders and helps them get their work done with minimal internal IT process overhead and friction.

vCAC simplifies portfolio management in two main ways:

  • Policy-based service definition – Through vCloud Automation Center, users can request and manage their compute resources within established operational policies – cutting IT service delivery times. Users can build specifications into vCAC that contain the automation policies that specify the inputs needed and actions required to maintain your portfolio.
  • Improved service transition – Moving a new service out of the portfolio and into the catalog where it can be used requires keeping the portfolio and catalog elements up-to-date and aligned with each other. With vCAC, release and ongoing management functions are built into the tool set, and thus both automated and massively simplified.

One way to think of what’s changed here is in terms of oversight versus enablement. Traditional ITSM can be geared as much as 80% towards oversight, with just a 20% focus on the people who actually go and do the work. The vCAC approach flips that around.

Oversight is still essential, and it’s built in to the new model.  Prior to vCAC, traditional ITSM involved significant initial investment, top heavy input requirements, with repetitive multiple touch points to senior management., vCAC presents fewer, better-designed gates to your workflow, so you can work both safely and fast while gaining the agility that comes with a true cloud environment.

It’s About Standardization

The key to giving cloud consumers the services they want as quickly as possible, while still keeping the necessary corporate controls in place, is standardization.

Under vCAC’s blueprint model, service elements (e.g. backup, capacity, and provisioning requirements, security and other policies etc.) are preapproved to sit in the catalog and are thus ready to be deployed in new ways whenever they’re needed. In other words, if an item is in the catalog, and you have authority to access it, then you can provision at will – without having to go up the chain of command every time you want to respond to customer demand.

The result:

  • Fast efficiency processes focused on quickly and efficiently delivering new services to users, so that users don’t feed the internal IT machine.
  • Simplified processes with policy-based service definition capability and improved service transition, business agility and time to market.
  • Automated interfaces between the service portfolio and service catalog, with minimal resources and overhead required.

And you do it with higher quality, and at scale. With a set of preapproved blueprints and policies, it’s much easier to address increases in either the volume or variety of demand that you want to meet, and do it in a way that is more deterministic and improves service quality over time.

What’s more, you’ve done all that while reducing your company’s overhead and the resources you need to draw on.

With the help of vCAC, your portfolio management is simpler, more agile, more efficient and faster-to-market, too.

This is the first in a series of posts we’ll be writing about service portfolio management in a vCloud ecosystem. Next up, we’ll go deeper in to the simplified, three-step process of vCloud portfolio management.

Be sure to follow @VMwareCloudOps for future updates, and join the conversation by using the #CloudOps and #SDDC hashtags.