What is Policy-Driven Self-Service™?
Dave Malcolm, Sr. Vice President and CTO, Surgient
Executive Summary
The IT Operations team has the primary mission and responsibility for delivering and maintaining business critical applications and systems in production for their users. The management emphasis is on high availability, performance, security, and tightly controlling change. This mission cannot be compromised because downtime has a significant negative financial impact to the business. However, another vital mission for IT operations is to provide systems and infrastructure to support the application lifecycle process, an activity which consistently takes a back seat to the mission critical production environment. These application lifecycle users often suffer due to the more pressing priorities of IT. This “service gap” between the needs of non-production “lifecycle users” and the support that IT operations can provide them due to the imperative to manage mission critical production applications is what we will label as the IT Service Dilemma.
Surgient believes that in order to effectively address the IT Service Dilemma and fulfill both IT missions, a self-service solution that empowers lifecycle users is the answer. The Surgient Virtual Automation Platform™ provides a full self-service solution with a patented and architected approach called Policy-Driven Self-Service™ that meets these requirements. The Surgient Platform effectively transforms IT Operations into a cloud computing provider for non-production users. Implementing the Surgient Platform enables compelling business benefits such as reducing operating costs and capital expenditures, improving productivity, and increasing business agility.
In order to support this claim, this whitepaper will describe the importance of self-service and when it is appropriate, a description of the IT Service Dilemma and how IT is attempting to address the issue today, the market requirements for self-service as it relates to IT, and how the Surgient Virtual Automation Platform™ with Policy Driven Self-Service addresses these requirements.
Why Self-Service?
Before understanding the concept of Surgient’s Policy-Driven Self-Service as it relates to information technology, it is important to understand the value of self-service solutions and approaches in general. Most everyone is familiar with common consumer based self-service solutions such as the automated teller machine in the banking industry, “pay-at-the-pump” at convenience stores, self-service check-out at grocery stores and retail outlets, and self check-in kiosks as part of the airline boarding process… there are countless examples of self-service solutions. Given the tremendous and growing strategic investment in these types of solutions across many industries there must be a compelling reason for self-service. What is it?
The simple answer is twofold – enormous cost savings for service providers and a superior user experience for consumers. Very few paradigms can be implemented that provide such substantial value to both consumers and service providers; therefore, the argument for self-service is powerful. Let’s take a look at the benefits for each group in more detail:
Consumer Benefits
In today’s fast-paced lifestyle where self-sufficiency reigns supreme and time is the most important commodity, consumers want to be empowered – they expect value, choice, and speed. They want to choose when to engage with suppliers on their own schedules and therefore need easy and flexible access. They don’t want to be bogged down waiting for service… consumers demand instant response. As an example, a busy working mother can shop for her kids’ clothing online late at night after she has put the kids to bed – Internet shopping is a form of self-service. Self-service provides consumers with the experience they are looking for – easy and widely available access, an engagement method that makes efficient use of time, and self sufficiency to maintain some level of control in a world where demands on our time can be overwhelming. Simply put, self-service empowers consumers. In the case of IT and the enterprise, the application lifecycle user (consumer) needs controlled access to IT resources without placing an additional burden on already over-taxed IT personnel.
Service Provider Benefits
The primary driver for implementing self-service solutions by service providers is financial. It is the promise of saving vast amounts of labor costs through the automation of processes and delegating these efforts to their consumers in an appealing fashion. There has been much written about the cost savings of implementing self- service solutions. One example is the self check-in kiosks for airline boarding. In this case, the industry’s average cost savings is 95% over agent based check-in procedures. In addition to the huge savings in labor, self-service solutions may increase revenues by gaining access to segments of the market that were not previously served, such as the case with Internet shopping. Companies that implement an online storefront can generate increased sales from untapped customer bases. As described earlier, self-service empowers consumers and builds customer satisfaction and loyalty, ultimately providing incremental sales and revenue opportunities. In summary, self-service is a significant value driver for businesses. With Policy-Driven Self-Service, IT professionals can improve service levels, maximize the utilization of resources and spend their valuable time on higher value efforts.
Necessary Conditions for Self-Service
In order for a self-service solution to be applied to a given marketplace, the following conditions are necessary:
Strong Business Case
It is important that there is significant economic benefit to the service provider. In most cases there are not only considerable cost savings over time, but also an opportunity for increased revenue. It is vital to understand the initial and on-going cost of the self-service solution to determine whether the ROI is worthwhile. A compelling business case will drive a service provider to offer a self-service solution.
Automatable Process
The business process or transactions being engaged by self-service must be automatable. There must be a clear path for the transaction or process to be automated, controlled, and managed by technology. It is too expensive to provide a self-service solution if the service provider must be involved in every transaction. Business processes that require high levels of manual intervention do not provide the speed and self-sufficiency required by users and rarely achieve the desired ROI. For example, without a sophisticated robotics system that is not practical or cost effective, opening up a laptop and adding more RAM would not be an automatable process. Therefore, an automatable and controllable process is a requirement in order for a self-service solution to be feasible.
Usable Implementation
The self-service solution must be easy to use when performing tasks within the system. For example, if a bank customer needs to deposit money into an automated teller machine and the system displayed a list of bank transaction codes without giving the customer any indication as to which transaction code represented a deposit, withdrawal, or balance inquiry, then the solution would not be usable for that customer. However, a bank teller may be able to effectively use the solution since they would be familiar with the transaction codes. It is true for all self-service solutions that they must be appropriately usable for their intended audience.
Easy User Adoption
Self-service must provide a user experience that is superior to current approaches for a given set of users. The best self-service experiences are ones that do not create a large departure from normal human behavior patterns. User adoption is the key to successful self-service and so the experience needs to be such that consumers are willing and motivated to interact with the solution. During the dot com boom there was an online furniture retailer business that failed due to lack of user adoption. It was not natural to purchase furniture over the Internet without the ability try it out. This self-service solution wasn’t natural for consumers to adopt. Therefore, the best self-service solutions make it easy for users to transition to and prefer the new approach.
Service Gap
Self-service is highly productive for situations where there is a gap between what the consumer wants or needs versus what the service provider is actually capable of delivering. These situations create tension between the consumer and supplier which often result in dissatisfaction by both parties. In these cases, consumers want to be more self sufficient and the providers want relief from demanding users. Self-service is a mechanism to mutually address the needs of both groups – empowering users with self-service while simultaneously automating the delivery of a service by the provider.
These five factors summarize the primary conditions for the implementing a successful and compelling self-service solution. Now that the case has been established for the exceptional value of self-service solutions for both service providers and consumers, we will explore self-service as it is applied to IT operations within large global corporations.
The IT Service Dilemma
The IT Operations team has the primary mission and responsibility for delivering and maintaining business-critical applications and systems in production for their users who are using Enterprise Resource Planning, Customer Relationship Management, Supply Chain Management, Manufacturing, Email, and other business systems. The management emphasis is on high availability, performance, security, tightly managing change, and cost control. This mission cannot be compromised because downtime has a significant negative financial impact to the business.
However, another vital mission for IT operations is to provide systems and infrastructure to non-production users and groups mostly in support of the application lifecycle process – design, evaluation, development, and QA-test. There are also other non-production needs as well such as training, support, partner integration, etc. that need IT operations support.
Due to the fact that most of these non-production application lifecycle efforts must take second priority to the business critical production environment, these groups and users often do not get the timely support that they need and desire. It is this service gap between the needs of the non-production lifecycle users and IT operations imperative to manage mission critical production applications that we will label as the IT Service Dilemma.
From IT Operations’ (the service provider) perspective, there are numerous factors that contribute to the IT Service Dilemma, including: hundreds of users to support (often geographically distributed), numerous applications and infrastructure configurations required, frequent software revisions, limited IT staff/tools/equipment, a mostly manual deployment process, and difficulty recovering equipment that is no longer required. This results in a significant challenge because there are too many unspecified requests, not enough time or resources, and demanding users.
From the lifecycle user’s (the consumer) perspective, there are a number of challenging factors as well. There is continuous pressure to meet the release deadlines, numerous projects and application releases, and a dependence on IT Operations to support their systems and infrastructure requirements. These issues result in unsatisfied and frustrated users because IT Operations is unable to deliver on the resource requests in a timely fashion. From the perspective of the lifecycle user, there are too many missed project deadlines and a general lack of control of their own project schedules and processes.
This situation is a classic problem and one that leads to unhealthy tension and a general lack of alignment between IT Operations and many other users within the enterprise – the IT Service Dilemma.
Addressing the IT Service Dilemma
Manual Process Most Used Today
In most cases, IT Operations supports the application lifecycle through a mostly manual process. Users submit requests via phone, email, or possibly a trouble ticketing system. Often there is not sufficient understanding by the user of what is required of IT to support the request – resulting in a time-consuming iterative dialogue. Once the requirements are understood, IT must find, recover, or purchase the needed systems and configure the infrastructure for delivery to the user, which takes even more time. Once delivered to the user, there are usually problems that require some degree of rework before the request can be considered complete. Afterwards, once the desired initiative has been finished, the hardware is not always recovered due to a lack of IT resources, priority, process discipline, or user unwillingness to release these resources, contributing to server and VM sprawl. This manual approach does not scale, takes too much IT Operations effort, and does not meet the needs of users.
Product-Based Approaches
There are several approaches to address the IT Service Dilemma other than the traditional manual request-response approach. These fall into three primary categories – IT process automation tools, cloud computing services, and self-service oriented tools.
IT Process Automation Tools
There are a number of products that automate IT deployment tasks. Most of these tools automate the provisioning of servers, the configuration of network devices, and other IT management tasks. In many cases these tools are used to automate the current manual request response process or some portions of that process. Although this may address some of the pain points, this approach breaks down because it attempts to automate portions of an already flawed approach. Although some improvement occurs, the key drawbacks remain: IT Operations is still heavily involved in every user request, the same time consuming dialogue occurs between IT and the users, systems and infrastructure are not easily recovered, the process is not fully automated, and the users are still not empowered and continue to be frustrated.
Cloud Computing Services
With the advent of software as a service and enterprise cloud computing solutions, many of these lifecycle users are experimenting with IT outsource providers and bypassing their own IT Operations teams to get the service that they desire. By definition, cloud computing services are self-service solutions which attempt to empower users and promise the recovery of control of their own projects and timelines. However, there are significant drawbacks and limitations to all of these solutions. There are concerns around data security, limited functionality, and stability, among others . None of these solutions provide a full self-service experience – they require too much technical knowledge and cannot handle the breadth of needs for enterprise users. In summary, these services fall short of providing lifecycle users the solution they need and introduce potential risk as users bypass IT Operations who have the mission to control and secure IT resources.
Self-Service Tools
Finally, there are management products and tools in the market that tout self-service capabilities to address the requirements of these lifecycle users. However, none of these products meet the fundamental essentials to deliver on the promise of true self-service for addressing the IT Service Dilemma. The essentials for IT Operations and their users are outlined in the next section.
However, there is one product in the market that meets the market requirements and can solve the IT Service Dilemma – the Surgient Virtual Automation Platform. The Surgient Platform provides a full self-service solution in the form of Policy-Driven Self-Service.
Policy-Driven Self-Service
Policy-Driven Self-Service, included in the Surgient Virtual Automation Platform and based on patented technology from Surgient, delivers on the value of self-service to address the IT Service Dilemma for leading global corporations. Policy-Driven Self-Service provides the administrative control that IT Operations needs to be a service-oriented computing infrastructure provider, while also empowering users via a compelling self-service experience.
Policy-Driven Self-Service Essentials
In order to fully understand the power of Policy-Driven Self-Service, it is important to explore the requirements of a true self-service solution.
IT Operations Essentials
In order to provide a self-service solution, it is imperative that the provider maintain control of resources and business processes. In the case of provisioning computing capacity to support the application lifecycle and other initiatives, the following elements are required:
Control of User and Group Access
When providing self-service, it is very important to control who can access the environment. It is important to be able to authenticate the user as well as provide constraints on what the user can do once access is granted. Due to the fact that there are numerous classes of users performing a variety of tasks in the system, the access control system must be able to accommodate those differences.
The Surgient Platform provides a fine-grained access control system that allows IT administrators to create hierarchical organization structures that imitate real business organizational structures, making user and group management easier. Surgient provides access control policies that can be assigned to organizations, groups, and individual users within the system so that there are restrictions on usage of resources and limits on tasks that can be performed. This rich access control system provides IT the tools they need to maintain a highly available and secure environment.
Control of Hardware Resources
One of the largest cost items in the corporate IT budget is capital equipment. Therefore, as corporations continue to drive for increased profitability, more efficient and effective use of capital resources has become a priority. Server virtualization adoption has been driven by higher hardware utilization due to consolidation. Even with virtualization providing these benefits, there is still significant waste in hardware utilization due to misallocation, sprawl, and lack of time and tools to properly manage the assets. Corporations continue to increase the pressure on IT to make better use of the capital resources. When providing self-service and delegating physical resource usage to users, it is imperative that you can control resource access, allocation, and consumption based on the priorities of the business.
The Surgient Platform provides a powerful resource and capacity management system that enables the business agility to support a full self-service solution. Surgient provides the ability to create multiple resource pools that contain a fixed allocation of physical computing resources such as CPU, RAM, disk storage, IP addresses, MAC addresses, VLAN tags, and others. These pools can then be associated with different organizations, groups, and users allocating managed resources based on demand. Users can consume their allocated capacity in any way they wish given the constraints of their allocation and usage policies which have been pre-established by the IT administrator. This capability provides a highly managed environment that allocates resources appropriately and effectively eliminates server and VM sprawl while giving users the self sufficiency they need.
Administrative Control Flexibility
Most IT professionals know that it is not easy to establish policies and enforce strict compliance due to the need for exceptions. Therefore, it is important to provide mechanisms in any management system that can easily handle these exceptions for various users and groups. This is vital when attempting to implement a true self-service solution. There must be an effective method for dealing with deviations or the IT administrator could get bogged down in exception handling.
The Surgient Platform provides the highest levels of administrative flexibility. The first is administrative delegation. Enabled by the fine-grained access control system, management tasks can be delegated to other IT administrators or even self-service users with administrator defined limitations on resources and available tasks. This level of administrative delegation flexibility allows IT Operations to tune the degree to which they control or empower usage in the system. Another capability the policy management system provides is a high degree of flexibility as to how resources are allocated and used in the system. Policies can be established for the length of time that physical resources can be reserved to specific users or groups. Once the reservation has elapsed, resources are automatically returned to the resource pool for others to use. This completely eliminates resource sprawl issues. The administrative control flexibility provided by the Surgient Platform allows corporations to manage the fine balance between administrative control and user empowerment on a user and group basis – an essential for true self-service.
Minimal Operating Involvement
Finally, IT administrators want management systems that are easy to use and require little effort to maintain and operate. Cumbersome systems that require high maintenance are not worth the trouble and will never gain adoption by IT Operations. In a time where IT staff is limited, management systems must require minimal operating involvement, particularly when implementing self-service. It becomes much too expensive and strenuous for an IT administrator to be involved in every user request, thus defeating the purpose of self-service.
The Surgient Platform is designed for administrators to establish users, groups, access controls, resource allocation, and management policies upfront and then allow users to use the system with minimal administrator involvement. Administrators usually only perform management tasks when changes are required for users, groups, policies, and resource allocation. Administrators can monitor resource usage and allocate/reallocate hardware resources based on user needs. The reporting capability can also be used for IT to develop line of business chargeback mechanisms based on resource utilization. The platform also provides mechanisms to enable self-health monitoring by industry standard monitoring tools to ensure high availability. The Surgient Platform, with its Policy-Driven Self-Service approach, has been proven to operate in large-scale enterprise environments. It has been implemented as a hosting service to over one hundred enterprise class customers worldwide over a period of five years managing an infrastructure of over one thousand physical servers and network devices and requiring administration by an IT staff of only six.
User Essentials
In order to provide a true self-service experience for users, it is imperative that users are fully empowered to have control over their own business processes. Users do not want to be dependent on IT staff that may not be aligned with their business objectives on a continuous basis. In the case of requesting computing capacity in support of the application lifecycle and other initiatives, the following elements are required:
Easy and Available Access
Users of self-service want easy and available access to the system. For example, if one were to purchase running shoes online and the site is unavailable, the home network is inoperable, or the browser settings are blocking access to the website, it can be a very frustrating user experience. Similarly, users within the business need easy and available access to systems to support their initiatives.
The Surgient Platform provides a seamless integrated remote access experience for users that make it simple and painless to gain access to servers and applications. Gaining access to servers and applications requires support for remote access protocols such as RDP, VNC, Citrix-ICA, or a VM console. The platform provides a capability where administrators or users can pre-configure applications and servers such that multiple remote access protocols can be enabled for each. User access can be initiated to a server easily without knowledge of how to configure remote access. Mechanisms are available to automatically sign on users into a system based on the Surgient user credentials, providing additional ease of use. In many network environments inbound and outbound remote access protocols are blocked for security reasons thus making it impossible to connect to needed servers. The Surgient Platform includes a remote access gateway called Universal Remote Access (URA) which provides a tunneling capability where remote access protocol traffic is encapsulated in standard web traffic. This provides a seamless integrated remote access experience for users in locked down network environments. Easy and available access is essential for self-service to be adopted by users.
Control of Their Process
Users of self-service want control of their business processes and the tasks that they perform. Users want to be self sufficient. This is the crux of the IT Service Dilemma where it is difficult to meet the service levels that users expect and with the complexities of delivering computing infrastructure and applications – a big challenge for most companies.
The Surgient Platform with Policy-Driven Self-Service was designed with this requirement in mind. The most crucial platform capability that offers an unmatched self-service experience is the automated reservation system. The reservation system works jointly with the resource and capacity management system to provide users with the ability to schedule and reserve computing capacity for their own resource needs. This works very much the same as the Microsoft Outlook calendar. Users can see where available capacity exists and reserve it for future use; then the Surgient Platform automatically fulfills the users request for server, network, and application resources at the time of the reservation. When multiple users are competing for the same fixed capacity of resources, there needs to be an automated arbitration function to resolve user conflicts. Otherwise an IT administrator must get involved in each of these requests. In this case users are no longer in control of their processes and self-service breaks down. The reservation system provides this automated conflict resolution capability presented in a familiar user experience. This allows users a consistent method of planning for resources and enabling predictability in managing their projects and processes – giving them the self-sufficiency that they need. Another feature that enables user control is administrative delegation – administrative functions can be delegated to users by IT administrators providing an even greater degree of empowerment.
Easy to Use
Finally, users need a self-service system that is easy to use. Users do not have time to learn a system that is cumbersome or requires too much IT knowledge and expertise. Provisioning of extensive business services or multi-tiered applications with the inherent resource complexities and dependencies is a major challenge to master. However, if users cannot simply make a self-service request without involving IT then it will not be adopted and the solution will fail.
The Surgient Platform was designed with self-service as the central foundation. As such, the computing infrastructure complexities of multi-tiered applications and business services are simplified for the user. The platform takes an application-centric management approach which allows users to request an entire application or business service without knowledge of how the environment will be assembled; it then automates the capacity reservation, creation, and delivery of that complex computing environment to the user with the click of a button. This is critically important for a true self-service solution. Most all other products in the market expect users to have significant knowledge of how disparate servers or VMs are configured together to create a complete business service. This approach breaks down due to continuous IT Operations involvement and defeats the purpose of self-service. The reservation system also contributes as an easy to use feature that enables self-service requests of comprehensive business services. In summary, self-service solutions must be easy to use or they will not succeed.
Automation Essentials
It is also important to note that self-service does not necessarily indicate that the consumer is a human. There are many cases where requests are made by other software products and systems. Automating application lifecycle and data center deployment processes are examples where computing resource requests may be made and fulfilled to support process automation by other products. Therefore, a self-service system should provide a comprehensive integration capability.
Integration Capability
The Surgient Platform addresses this market requirement by providing an extensive published platform API to support a wide range of integration scenarios such as build management, automated testing, and data center automation. This platform SDK provides a rich set of self-service capabilities in the form of a programmatic interface. In addition, Surgient provides productized certified integrations with leading application lifecycle and data center automation products to accelerate the time to value for customers.
The Surgient Platform with Policy-Driven Self-Service is the only product in the market that is enterprise-proven and comprehensive enough to deliver a full self-service solution for the needs of IT Operations teams. The following table summarizes the essential elements of Surgient’s Policy-Driven Self-Service capability:
Policy-Driven Self-Service Essentials
| User Audience | Essential Requirements | Surgient Platform Capabilities |
|---|---|---|
| For IT Operations | Access | • Access Control Policies |
| Control of Hardware Resources | • Resource and Capacity Management System • Access Control Based Resource Allocation |
|
| Administrative Control Flexibility | • Policy Management System • Administrative Delegation • Access Control System |
|
| Minimal Operating Involvement | • Resource and Capacity Management System • Resource Usage Monitoring and Reporting • Administrative Delegation • Standards-Based Self Health Monitoring • Enterprise Proven Solution |
|
| For Users | Easy and Available Access | • Seamless Integrated Remote Access • Automated Server Sign On • Universal Remote Access – Remote Access Protocol Tunneling |
| Control of Their Processes | • Automated Reservation System • Delegated Administration |
|
| Easy to Use | • Application or Business Service Centric Model • Automated Reservation System |
|
| For Automated Systems | Integration Capability | • Packaged Certified Integrations |
Conclusion
The Surgient Virtual Automation Platform with Policy-Driven Self-Service meets all of the criteria and conditions of a true self-service solution for IT Operations teams supporting the application lifecycle process and solving the IT Service Dilemma.
First, there is a strong business case for a self-service solution to this problem. The economic benefits for the business are more than significant:
- Reduced capital expenditures due to better hardware utilization based on the benefits of server consolidation, elimination of server and VM sprawl, and more precise capital resource planning
- Reduced operating expenses due to the process automation that the Surgient Platform provides and gaining the benefits of empowering users via self-service by reducing the time IT spends fulfilling user requests
- Increased business productivity for both IT Operations and the users ultimately accelerating the business and increasing competitiveness in the marketplace
The Surgient Platform automates the process for provisioning business services in support of the application lifecycle process. This is accomplished by the following Surgient Platform capabilities: access control system, policy management, resource and capacity management, automated reservation system, application centric model, and the platform API and SDK.
The Surgient Platform provides an easy-to-use and effective self-service experience and has been proven to enable high levels of user adoption. This is accomplished by the following Surgient Platform capabilities: seamless integrated remote access, automated reservation system, and the application centric model.
Finally, a successful self-service solution addresses a significant service gap. The Surgient Virtual Automation Platform with Policy-Driven Self-Service was designed and architected to solve the IT Service Dilemma by providing the administrative control that IT Operations needs to be a successful service provider while empowering their users via a compelling self-service experience – effectively transforming IT Operations into a cloud computing provider for their non-production users.