IT Service Management Standards: A Reference Model For Open Standards-Based ITSM Solutions

IT Service Management Standards
April 2006
IT Service Management Standards
A Reference Model for

Open Standards-Based ITSM Solutions
An IBM White Paper

IT SERVICE MANAGEMENT STANDARDS
Abstract.................................................................................................................... 3
IT Management Standards....................................................................................... 4
IT Services Management ......................................................................................... 7

ITIL........................................................................................................................ 7
Autonomic Computing........................................................................................... 8
IT Management Architecture.................................................................................. 10
Role and Types of Standards................................................................................. 13

The Role of Standards ........................................................................................ 13
Types of Standards ............................................................................................. 13
De Jure Standards............................................................................................ 14
De Facto Standards.......................................................................................... 15
Other Types of Standards................................................................................. 16
IT Management Standards Landscape ................................................................. 19

Key Standards .................................................................................................... 19
Existing Standards............................................................................................ 20
Developing Standards ...................................................................................... 22
Required New Standards.................................................................................. 23
Standards Relationships and Use ....................................................................... 23
Standards-Based IT Management ........................................................................ 26

Leveraging Standards in the Architecture .......................................................... 26
IT Management Standards Summary ................................................................... 29

Business Value of Standards .............................................................................. 29
What to Look For................................................................................................. 30
Conclusion ............................................................................................................. 36
Cited References ................................................................................................... 39

Other Related Reading .......................................................................................... 40
AN IBM WHITE PAPER 2

Abstract
This paper describes the critical importance of open standards1 for IT
Service Management (ITSM).
We present:
• an overview of ITSM, including underlying elements such as ITIL® and

autonomic computing;
• an architecture for the realization of ITSM;
• many of the key standards – existing, emerging and yet to be

developed – that are relevant to ITSM and needed for its effective
implementation; and
• how those standards are employed in the ITSM architecture.
In addition, we describe various types of standards that are representative of

those used in ITSM and offer a summary of the important standards to look
for when investing in ITSM.
This paper will help you understand ITSM, the relevant ITSM standards and
the importance of standards for maximizing your business value with ITSM.
1 Publicly available and implementable standards

1
IBM IT Service Management
IT Process Management
IT Process
Management Products
IT Service
Management Platform
IT Operational
Management Products
Best Practices
IT Management Standards
C hange, compliance, complexity and cost: these “four Cs” are

placing tremendous pressure on information technology (IT)
organizations. Enterprises rely on their IT systems to execute
their business processes, and these “four C” business pressures
place increasing demands on the IT infrastructure, particularly in the
area of managing that infrastructure. IT organizations face:
• Change: variability in market demands, workloads and service
levels
• Compliance: the need to conform to regulations and security
requirements and provide audit capabilities
• Complexity: heterogeneity of resources, composite applications and
traditional functional “silos” for managing them
• Cost: increases in the time and expense required to manage and
administer the IT system, in conflict with the business pressure to
reduce the cost of doing business
This “four C” environment introduces challenges in managing IT cost

and responsiveness across IT “silos” – vertical towers of specialized
expertise and tools associated with managing one “slice” of the IT
environment (such as servers, network, applications, databases and so
on). Managing composite applications and services2 in such silos is a
struggle.
2 IT Service: A collection of IT components (including hardware, software, facilities, people,

processes, and procedures) that meet a standard, well-known business need of IT customers. A
service is what the customer experiences, whereas a solution is the set of resources that work
together to provide a service.

IT service management (ITSM) is about integrating those silos – not only

the technology, but also the people, processes 3 and information
associated with horizontal IT services such as availability management,
change management, security management, incident management and
others. The characteristics of an optimal intersection of people,
processes, information and technology realized by ITSM are:
• People: interconnected and productive (no longer in silos)
• Processes: based on best practices, automated and customizable
• Information: standardized, federated and secure
• Technology: integrated, virtualized and role-based
This intersection enables the business of IT to be managed in a service-

oriented manner, employing service-oriented architecture (SOA) to
deliver the IT services that are relevant to the business they serve. This
concept is detailed in [7].
A comprehensive approach to ITSM requires standards for information,

processes and services so that people and technology can interact in an
effective, efficient way. Figure 1 shows such an approach.
IBM IT Service Management
IT Process
Management Products
IT Service
Management Platform
IT Operational
Management Products
Best Practices
3Process: A collection of related activities with a common goal that take inputs, transform them,
and produce outputs toward achieving that goal.

Figure 1 Approach to IT Service Management
IT operational management products enable the business of IT to be

managed in a standardized, automated, infrastructure-aligned way, as
embodied in the IBM® autonomic computing architecture (described
later). The IT service management platform incorporates entities such as
an open, standard-based configuration management database (CMDB)
and workflow engines. IT process management products employ
automated workflows aligned with the IT Infrastructure Library® (ITIL®,
detailed later). Best practices offer the foundation for definition of a
standard way for people to interact with technology in an ITSM
environment.
To achieve the optimal intersection of people, processes, information

and technology and achieve interoperability in a heterogeneous
environment, standards are a necessary component of ITSM (more
about the business value of standards is presented in Chapter 7). This
paper details those standards, how they work together for ITSM and how
they are employed in the ITSM solution architecture.
The remainder of this document is organized as follows:

• Chapter 2 presents additional background on ITSM and autonomic
computing.
• Chapter 3 introduces the IT management architecture used to
realize ITSM.
• Chapter 4 discusses the role of standards in ITSM and describes
several types of standardization.
• Chapter 5 describes the standards landscape associated with ITSM
and lists a set of standards that IBM promotes as important to ITSM.
• Chapter 6 relates the IT management architecture to the ITSM
standards, resulting in an open standards-based IT management
system.
• Chapter 7 summarizes the standards that ITSM customers should
value, offering a standards “checklist” and a description of IBM
products that employ those standards.
• Chapter 8 offers concluding thoughts.

2
IBM IT Service Management IT CRM & Service
Business Delivery Service Information Business
Management & Support Deployment Management Resilience
IT Process
Management Products
Change and Configuration

IT Service Management Database
Management Platform
IT Operational
Management Products
Best Practices
Business Server, Network Storage Security
Application and Device Management Management
Management Management
IT Services Management
T he business of IT Management – ITSM – was introduced in the

preceding chapter. This chapter presents additional details about
some of the important building blocks employed in ITSM solutions,
namely the Information Technology Infrastructure Library (ITIL) and
Autonomic Computing.
ITIL
ITIL is a set of best practices for IT Service Management. As described in
[1]:
ITIL (Information Technology Infrastructure Library) is a process-

based methodology that delivers a set of IT service management
best practices that can help you align your IT with your business
requirements, improve service quality, and lower the long-term cost
of IT service provision. These best practices are applicable to all IT
organizations, no matter what their size or what technology they use.
Originally developed by the British government in the late 1980s,
today ITIL is the world's most widely accepted approach to IT service
management.
ITIL, developed in the late 1980s with IBM’s assistance, was based on the
Information Systems Management Architecture (ISMA) developed by IBM in
the 1970s. Today, ITIL includes contributions from major software vendors,
including IBM, consultancies and customers.
In addition, a formal standard based on the ITIL best practices has been
published: ISO/IEC 20000-1:2005 [2], from the International Organization for
Standardization, formalizes IT service management as defined by ITIL. As
described in the abstract [2]:

ISO/IEC 20000-1:2005 promotes the adoption of an integrated

process approach to effectively deliver managed services to meet
business and customer requirements. For an organization to function
effectively it has to identify and manage numerous linked activities.
Co-ordinated integration and implementation of the service
management processes provides the ongoing control, greater
efficiency and opportunities for continual improvement.
A recent initiative, known as ITIL v3 or the ITIL Refresh project, is underway.

ITIL v3 will refresh the current ITIL best practices documentation, according
to [3], “to improve the usefulness and applicability of ITIL by addressing the
changing needs of users as the technology base and business
requirements continue to evolve” and “to apply and improve its applicability
to small organisations”. ITIL v3 will increase the focus on services to better
meet the needs of businesses that use and deliver those services. As
described in [3], a new set of core books will be developed to describe the
service lifecycle; the working titles of these new books are:
Service Strategies
Service Design
Service Introduction
Service Operation
Continuous Service Improvement
In ITSM, ITIL is employed to provide the foundation for the IT process

management components of the IT management architecture detailed in the
next chapter, including process definitions, service catalog, service desk
and the CMDB. Although ITIL v3 is not yet available, IBM has created an
integrated process reference model for IT, using the foundation of ITIL v2 as
inspiration. This model will be updated continuously to adhere to ITIL v3 and
other future updates. It is open and incorporates IBM’s own experience
gained from managing the largest IT environments in the world, along with
hundreds of smaller customers’ IT operations.
Autonomic Computing
Autonomic computing provides the ability for IT systems to become self-
managing through self-configuring, self-healing, self-optimizing and self-
protecting mechanisms. As described in [4]:

Autonomic computing helps to address complexity by using

technology to manage technology. The term autonomic is derived
from human biology. The autonomic nervous system monitors your
heartbeat, checks your blood sugar level and keeps your body
temperature close to 98.6°F without any conscious effort on your
part. In much the same way, self-managing autonomic capabilities
anticipate IT system requirements and resolve problems, with
minimal human intervention. As a result, IT professionals can focus
on tasks with higher value to the business.
The term “autonomic computing” was conceived by IBM but self-

management is an industry initiative, with a growing number of companies
adopting self-managing autonomic technologies and industry leaders,
including IBM, working on standards for autonomic computing. In addition,
autonomic computing has much interest from academia, with many
research projects underway and with autonomic computing emerging as a
computer science discipline (see, for example, [14], [15] and [16]. Academic
and industry conferences on autonomic computing grow each year.
Based on this industry initiative, IBM is incorporating self-managing

autonomic concepts into all of its products. As described in [5], IBM has
hundreds of autonomic features available in numerous products in the
marketplace. These products combine to form a set of self-managing
autonomic technologies based on open standards.
ITSM is IBM’s initiative for for defining and modeling the processes
associated with IT management, incluing the incorporation of best practices
based on ITIL. In ITSM, autonomic computing architecture and technologies
are employed to provide management functions for the IT infrastructure,
using standards-based management interfaces and data formats.
Autonomic computing provides important IT operational management
components of the IT management architecture detailed in the next chapter,
including management tools, resource management, user interface
components, tooling and knowledge for the CMDB. Autonomic computing is
critical to ITSM, because the ultimate goal for ITSM is not just to define and
execute best practice IT processes, but also reduce the complexity of IT
management processes and enable tasks within those processes to be
automated..

3
User Interfaces ITSM Process Execution Platform
IT Process Management ITSM
Development Tooling
Service
Request Service Workflows
Service
IT External
Catalog
Or
Service Support/Delivery Processes
Dashboard Planning
Business Tools
Mgmt User Report Common Process Runtime Infrastructure
Info Query, Service Integration Modules
Notification Development
Tools
Install & Deploy Other Deployment

Configure Service DB Process DB CMDB DB Tools
Extended CMDB - Federated

Discovery,
Management Tools Document
Repositories
Monitor Federation,
Internal Info Query, Service Synchronization,
Report
Notification Reconciliation Best
IT Work Queue
Managed Environment Practices
Organization Mgmt Planning,
Process Task Applications Deployment,
Execution Operations
Launch in
context Resource Virtualization
IT Service IT Operational ISV, SI
Management Physical Infrastructure Management Enablement
Existing
Tool UIs Platform
Security Standards Platform Management
•Security Policy •BPEL •Monitoring ITSM
•Authentication/Authorization •WSDM, CIM, SMI-S •Availability Platform
•Transport •J2EE •RAS
Management
IT Management Architecture
M anagement standards such as ISO 20000-1:2005 and best

practices such as ITIL provide a framework for IT management,
but to realize an implementation, an IT management system
architecture is required. As described in the previous chapter,
ITSM offers the foundation for defining and modeling processes using ITIL
best practices, and the autonomic computing industry initiative provides
self-management capabilities to enable these IT processes to become self-
managing.
The touchstone architecture for IT management combines IT process

management with the platform for IT service management (as described in
Chapter 1) with the backdrop of ITIL best practices and self-managing
autonomic technologies for operational management (as described in
chapters 1 and 2).
Figure 2 illustrates the IT Management system architecture that incorporates

all of these concepts and components.

User Interfaces IT Process Management

ITSM Process Execution Platform
ITSM
Development Tooling
Service
Request Service Workflows
Service
IT External
Catalog
Or
Service Support/Delivery Processes
Dashboard Planning
Business Tools
Mgmt User Report Common Process Runtime Infrastructure
Info Query, Service Integration Modules
Notification Development
Tools
Install & Deploy Other Deployment

Configure Service DB Process DB CMDB DB Tools
Extended CMDB - Federated

Discovery,
Repositories
Monitor Federation,
Internal Info Query, Service Synchronization,
Report
Notification Reconciliation Best
IT Work Queue
Managed Environment Practices
Organization Mgmt Planning,
Process Task Applications Deployment,
Execution Operations
Launch in
context Resource Virtualization
IT Service IT Operational ISV, SI
Management Physical Infrastructure Management Enablement
Existing
Tool UIs Platform
Security Standards Platform Management
•Security Policy •BPEL •Monitoring ITSM
•Authentication/Authorization •WSDM, CIM, SMI-S •Availability Platform
•Transport •J2EE •RAS
Management
Figure 2 IT Management system architecture
This IT management architecture instantiates ITSM as shown in Figure 2

by the purple, green and red outlines for IT process management, IT
services management platform and IT operational management,
respectively.
For the IT process management partition, ITIL provides the basis for the
CMDB and the process models embodied in the process runtime
environment and services. Process managers in the purple layer use the
service management platform and operational management components
to carry out the processes and services that comprise the business of IT.
Autonomic computing defines the key operational management

standards for a self-managing system, including management tools and
managed resources in the IT infrastructure, as well as technologies for
integrated user interfaces found in the service management platform.
As indicated by the orange backdrop in Figure 2, security and monitoring

are pervasive throughout the ITSM architecture and are applied in IT
process management, the IT service management platform and IT
operational management.

Development tooling is used to produce and deploy the other

components and help to build the standard interfaces and data formats
that enable them to interoperate.
All of these components are integrated using standard interfaces and

data formats. This standardization enables these heterogeneous
components to interoperate
As we will show in Chapter 5, open standards – publicly available and

implementable standards – are critical in the IT management system
architecture.

Role and Types of Standards
N ot every standard that is relevant for IT management is necessarily

produced and ratified by an accredited standards body. Standards
can take many forms, as described in the following sections. This
chapter discusses the role of standards in an IT management
system and several important types of standards used in such solutions.
The Role of Standards

In [6], the United States government's National Institute of Standards and
Technology (NIST) notes:
Standards are essential elements of information technology –

hardware, software, and networks. Standard interfaces, for example,
permit disparate devices and applications to communicate and work
together. Standards also underpin computer security and information
privacy, and they are critical to realizing many widespread benefits
that advances in electronic and mobile commerce are anticipated to
deliver.
Without standards, enterprises are dotted with islands of interoperability,

causing complexity and stagnation of value. Just like the IT infrastructure
itself, standards also are essential elements of the IT management system,
allowing all of the building blocks and components that make up ITSM to
interoperate.
Types of Standards
Although “standards” often are equated with the output of formal, accredited
standards bodies, in fact several approaches to and forms of
standardization exist. Any of these standards approaches might be used in

a particular situation, and no one form of standardization is necessarily

“better” than another. Moreover, a particular topic might be addressed with
multiple forms of standardization, and a particular standard might take
different forms over time. For example, a set of best practices might be
normatively defined as a de jure standard, or a de jure or de facto standard
might spawn a set of best practices or an open source reference
implementation.
The types of standardization described next are not an exhaustive list of

standardization approaches, but are relevant for ITSM-based solutions.
Notable types of standardization are discussed next; the examples provided
are illustrative of these types of standards. Not all of the examples come
from the ITSM or even the IT domain, but they serve to exemplify various
sorts of standards and how they can be applied.
De Jure Standards
De jure (literally “by right”) standards produced by bodies that have
assumed authority to issue standards. This authority might come from
government, international agreements, industry agreements, accreditation
or other sources, but it is widely acknowledged that the organization has the
authority to issue standards within its domain.
Participation in de jure standards bodies might be limited (by invitation or by

membership) or it might be open to anyone who wishes to participate. De
jure standards bodies typically are formed when there is wide, usually
international, agreement that standards are required to maintain or advance
the state of the art in areas that affect important aspects of the lives of many
people. Such standards organizations often are the outgrowth of
professional organizations that realize a need for formalized standards for
their profession and agree to delegate the authority for generating those
standards to a separate organization. De jure standards bodies are likely to
be recognized by governments, professional organizations and companies
as having the authority to specify standards that they use. Governments and
professional organizations may organize and accredit their own standards
bodies.
Examples The International Organization for Standardization (ISO; see

http://www.iso.org), the Internet Engineering Task Force (IETF; see
http://www.ietf.org) and the Institute of Electrical and Electronics
Engineers (IEEE®; see http://standards.ieee.org/) are some well-known
examples of de jure standards bodies. As noted earlier, ISO offers a de jure

standard (ISO 20000-1:2005 [2]) that formalizes the ITIL de facto (described
next) best practices.
Other well-known standards bodies in the IT industry include:

• The Worldwide Web Consortium® (W3C®), responsible for
developing interoperable standards and technologies for the
worldwide Web. See http://www.w3c.org for more information about
W3C.
• The Organization for the Advancement of Structured
Information Standards (OASIS) is a non-profit consortium that
develops e-business standards. See http://www.oasis-
open.org/home/index.php for more information about OASIS.
• The Distributed Management Task Force (DMTF) develops
standards for distributed desktop and networked environments. See
http://www.dmtf.org for more information about DMTF.
• The Telemanagement Forum (TMF) develops standards for the
telephony networks industry. See http://www.tmf.org for more
information about TMF.
The distinction between de jure and de facto (described next) standards

bodies can be subjective; the preceding examples are generally recognized
as the standards authorities for their respective domains and their products
carry the weight of de jure standards.
De Facto Standards
De facto (literally, “by fact”) standards are those that have become widely
used even if they are not de jure standards. Many de facto standards have
wide industry acceptance and represent significant investment by
companies; hence, they might be considered by some to be de jure
standards.
De facto standards often begin with a small group of individuals, companies

or organizations, all of whom are interested in solving a common problem.
They may organize themselves and work collectively to develop a solution
to the problem that garners additional interest within their industry.
Participation in industry standards bodies often is by invitation, at least in the
initial stages of the organization, and usually requires membership of some
sort. De facto standards are recognized within an industry, but may have
varying degrees of recognition of their authority to issue standards (for
example, another similar organization might issue a competing standard).

Consortia and Special Interest Groups

Consortia and special interest groups have become commonplace within
the IT industry. Often, a consortium is formed to develop a de facto standard
while trying to overcome some of the disadvantages associated with a de
jure standards body (particularly the slow and cumbersome processes
typically associated with de jure standards bodies).
Usually, consortium members are peers with equal rights and

responsibilities within the organization, although this is not always the case.
A primary motivation for forming a consortium is the realization that a
common solution to a problem that has been agreed upon by several
companies is superior to a proprietary solution from a single company.
Examples
The Bluetooth™ Special Interest Group (SIG; see
http://www.bluetooth.com), the OSGi Alliance (see http://www.osgi.org), the
Universal Plug and Play (UPnP™) Forum (see http://www.upnp.org), the
USB Implementers Forum (USB-IF; see http://www.usb.org) and The
Open Group™ (see http://www.opengroup.org) are examples of special
interest group standards bodies.
Many consortia and special interest groups exist within the IT industry.
Numerous consortia have formed but later disbanded, although many have
been successful and are vibrant today. The examples just cited illustrate
several of the many variations of and reasons for forming special interest
groups and consortia.
Other Types of Standards
Accepted Best Practices

Sometimes accepted best practices can become de facto standards.
Typically, these evolve from a set of people, perhaps including one or more
experts, who all are interested in the same problems, issues or technologies
and who share information about how they address the problem and issues
or use the technologies. When the merits of these practices are
acknowledged, they are emulated and over time they may become the
standard.
Examples The United States Golf Association (USGA™) performs research that
results in best practices for golf course maintenance and turf grass
management. These are shared with USGA members, and golf course

professionals treat them as standards. See http://www.usga.org for more

information about the USGA.
Various organizations whose members practice civil engineering and land

use planning frequently share best practices; many of these have evolved
to de facto and de jure standards and even to laws. For one example, see
http://www.asce.org/community/.
In the IT industry, two organizations mentioned earlier, the Bluetooth SIG

and the IEEE Standards Association, have collaborated to produce best
practices to allow the Bluetooth and IEEE 802.11 technologies to coexist in
harmony (see the published Recommended Practices at
http://standards.ieee.org). Implementers of products for both technologies
treat these best practices as standards. Sun™, IBM and others publish
internal or external best practices for Java™ technology; many other
technologies have similar associated best practices that are disseminated to
practitioners.
Open Source Standards

One way to achieve de facto standards is to release the implementation of
the component(s) to be standardized as open source software. The open
source implementation serves as the reference implementation and in that
respect, it becomes a de facto standard. By allowing access to the source
code, the party that released the code enables a community of developers
to use, extend and enhance the standard implementation; as this process
iterates, new and improved versions of the standard are generated.
Open source software might be motivated by other reasons besides

standardization. However, open source software is growing in popularity,
and it can be considered as one vehicle for standardization.
Examples Linux® (see http://www.linux.org) and the Apache Software Foundation

(see http://www.apache.org) are well-known open source initiatives that
focus on collaborative software development that often results in software
versions that are viewed as “standard” implementations.
Testing, Certification and Interoperability Standards

Organizations that produce standard tests and interoperability guidelines
often are the outgrowth of other standards efforts. These organizations
validate the conformance of implementations to existing standards; often,
they include a certification program that allows implementations that pass
the testing to make certain claims or display certain logos that indicate to
their customers that they are certified by the testing organization.

Examples The Wi-Fi Alliance® (see http://www.wi-

fi.com/OpenSection/index.asp?TID=1), the Storage Networking Industry
Association (SNIA; see http://www.snia.org/home) and the Web Services
Interoperability organization (WS-I; see http://www.ws-i.org) are examples
of organiztions pursuing standards interoperability.
The Open Group offers testing and certification services for various
standards. The UPnP Implementers Corporation (UIC) certifies UPnP
implementations. Standards organizations that develop their own testing,
certification and interoperability standards include the Bluetooth SIG and
OSGi.

5
ITSM Standards Categories
Development Tooling
User Interfaces Process Management 9Eclipse
9ITIL 9UML
9JSR-168 9BPEL 9WSDM
9Policy 9WEF
9ARM
9Symptom
CMDB Management Tools
9CMDB access protocol 9SOA

9CMDB interchange protocol 9Web services
9Resource registry model 9WSDM
9WSDM Registry 9Policy
9Incidents 9Symptom
9RFCs 9SDD
Resource
Security Access
9WS-Security
9WSDM
9WS-SecurityPolicy
9WEF
9WS-Federation
9WS-RF
9WS-Trust
9WS-Notification
9SAML
9WS-Addressing
9XACML
9SNMP
9WEF
9CIM
9JAAS
9SMIS
9JACC
9ARM
9HTTP/S
9JMX
9SSL/TLS
IT Management
Standards Landscape
T he business of IT Management using ITSM and the IT management

architecture relies on open standards, as described Chapter 3.
Numerous standards are required to realize the IT management
architecture and these standards take all the forms described in the
preceding chapter (de jure standards, de facto standards and other types of
standards). This chapter describes key standards for IT management,
including existing standards, those being developed in standards bodies,
best practice and open source standards, and some others that still need to
be developed. In addition, the relationships among all these various
standards are discussed, laying the foundation for the open standards-
based IT management system discussed in the next chapter.
Key Standards
A robust IT management system employs and relies on numerous
standards. This section presents many of the relevant and important
standards associated with IT management.
These standards might already exist and be well understood, so that they
can immediately be incorporated into ITSM solutions. Other standards for IT
management are currently being developed in standards bodies. Still others
are recognized as required but may not yet have an industry standards
effort associated with them.
This section presents existing, developing and future IT management

standards in no particular order; the next section then relates all of these
standards to each other. This is not an exhaustive list of important IT
management standards, but rather an enumeration of many that are

relevant and that IBM promotes as important to the successful

implementation of ITSM.
Existing Standards
• IT Infrastructue Library (ITIL): a set of best practices for the
management of IT services, from the UK Office of Government
Commerce. http://www.ogc.gov.uk/index.asp?id=2261 See also [1]
• ISO/IEC 20000-1:2005: the de jure international standard based on ITIL
(just described), from ISO.
http://www.iso.org/iso/en/CatalogueDetailPage.CatalogueDetail?CSNUMBER
=41332&scopelist=PROGRAMME See also [2]
• Web Services Distributed Management (WSDM): operational
management standards for Web services environments (management
of Web services and
management using A note about Web services management standards
Web services), from the As described in this paper, one noteworthy
Organization for the standard for IT management is WSDM. Another
Advancement of competing Web service management standard is
Structured Information WS-Management. As described in [12] and [13], an
Standards (OASIS). effort is underway to harmonize these two Web
http://www.oasis- services management standards. This paper focuses
open.org/committees/tc_h on WSDM for Web services management, with the
ome.php?wg_abbrev=wsd assurance from [12] that “Customers and vendors
m See also [7] and [8]. should continue investing in solutions and
products based on the implementations of the
• WSDM Event Format current specifications related to this work. The
(WEF): operational vendors are assuring that this harmonization of the
management standard competing specifications will be a smooth
for a common evolution from today’s environment and provide a
representation of simplified technology base for the future”.
events (used for IT
management events, The full roadmap for this planned convergence is
business events, available from [12] and [13].
security events and
others). IBM’s initial implementation of WEF is called Common Base
Event. WEF is incorporated within WSDM from OASIS; see “WSDM”
described earlier.
• Web Services Resource Framework (WS-RF): standard for a
framework for modeling and accessing stateful resources using Web
services, from OASIS. http://www.oasis-
open.org/committees/tc_home.php?wg_abbrev=wsrf
• Web Services Notification (WS-Notification): standard method for
Web services to interact using events, from OASIS. http://www.oasis-
open.org/committees/tc_home.php?wg_abbrev=wsn

• Web Services Addressing (WS-Addressing): specification for

identifying Web services endpoints in a transport-neutral manner, from
W3C. http://www.w3.org/Submission/ws-addressing/
• Common Information Model (CIM): operational management
standard for modeling resource information from the Distributed
Management Task Force (DMTF). http://www.dmtf.org/standards/cim/
• Simple Network Management Protocol (SNMP): operational
management standard for network devcies, from the Internet
Engineering Task Force (IETF).
http://www.ietf.org/html.charters/OLD/snmp-charter.html
• Storage Management Initiative (SMI-S): operational management
standard for storage devices, from the Storage Networking Industry
Association (SNIA).
http://www.snia.org/smi/tech_activities/smi_spec_pr/spec/
• Aperi: an open-source community for storage management that builds
upon the SMI-S standard, established by leading storage vendors.
Information available at http://www-
03.ibm.com/press/us/en/pressrelease/7944.wss
• Application Response Measurement (ARM): standard for
instrumenting transactions (any unit of work) in applications and
middleware, from The Open Group.
http://www.opengroup.org/tech/management/arm/
• Java Management Extenions (JMX): extensions to the Java language
for managing and monitoring components, from Sun Microsystems,
http://java.sun.com/products/JavaManagement/
• Unified Modeling Language™ (UML™): modeling language that can
be used to model the behavior and structure of business processes and
data, from the Object Management Group (OMG). http://www.uml.org/
• Business Process Execution Language (BPEL): language for
describing business processes as Web services, from OASIS.
http://www.oasis-open.org/committees/tc_home.php?wg_abbrev=wsbpel See
also [9]
• Eclipse: an open-source community for building development tools,
from eclipse.org. http://www.eclipse.org/
• Java Specification Request (JSR)-168: standard for portlets for portal
UIs in Java environments, from Sun’s Java Community Process.
http://www.jcp.org/en/jsr/detail?id=168
• WS-Policy: a specification of a model and syntax for describing and
communicating the policies of a Web service, from BEA Systems Inc.,
International Business Machines Corporation, Microsoft® Corporation,
Inc., SAP® AG, Sonic Software, and VeriSign® Inc., submitted to W3C,
information and specification available at

http://download.boulder.ibm.com/ibmdl/pub/software/dw/specs/ws-
polfram/ws-policy-2006-03-01.pdf
• WS-Security: a standard for message integrity, confidentiality,
authentication and security token association for Simple Object
Access Protocol (SOAP) messages, from OASIS, http://www.oasis-
open.org/committees/tc_home.php?wg_abbrev=wss
• WS-SecurityPolicy: specification for policy assertions used with WS-
Security (just described), from OASIS, http://www.oasis-
open.org/committees/tc_home.php?wg_abbrev=ws-sx
• WS-Trust: specification that builds on WS-Security (described earlier)
to define how to issue, exchange and validate security tokens and
credentials in different trust domains, from OASIS, http://www.oasis-
open.org/committees/tc_home.php?wg_abbrev=ws-sx
• WS-Federation: specification that enables security information,
including identity, account, authentication and authorization, to be
federated across different trust realms, from BEA Systems, Inc.,
International Business Machines Corporation, Microsoft Corporation,
RSA Security Inc., and VeriSign Inc.,
http://specs.xmlsoap.org/ws/2003/07/secext/WS-Federation.pdf
• Security Assertion Markup Language (SAML): standard for
creating and exchanging security information among online partners,
from OASIS, http://www.oasis-
open.org/committees/tc_home.php?wg_abbrev=security#overview
• eXtensible Access Control Markup Language (XACML): standard
for representing authorization and entitlement policies, from OASIS,
http://www.oasis-open.org/committees/tc_home.php?wg_abbrev=xacml
• Java Authentication and Authorization Service (JAAS): standard
Java-2 APIs for access control, incorporated into the Java-2 SDK (see
http://java.sun.com/products/jaas/; see also http://www-
128.ibm.com/developerworks/java/jdk/security/142/).
• Java Authorization Contract for Containers (JACC): standard
authorization model for granting permissions in a J2EE environment, as
defined in JSR-115, http://www.jcp.org/en/jsr/detail?id=115
• HTTPS/SSL/TLS: protocols to provide authenticated and encrypted
communication among components (see, for example,
http://www.ietf.org/rfc/rfc2818.txt).
Developing Standards
• Solution Deployment Descriptor (SDD): standard for representing
installable software packages and their configuration, dependency and
lifecyle information, from OASIS. http://www.oasis-
open.org/committees/tc_home.php?wg_abbrev=sdd See also [10].

• Policies: Common Information Model – Simplified Policy Language

(CIM-SPL) is a CIM-compliant language for expression of IT
management policies, from DMTF, http://www.dmtf.org .
• Resource models: Today there are multiple ways to model resources
– CIM (described earlier), SMI-S (described earlier), SNMP (described
earlier), OSGi (describe earlier) and others all incorporate resource
models for various environments. All of these need to be recognized;
some can be bridge to other standards (see WS-CIM, described next).
A common resource model for ITSM is desirable.
• WS-CIM: specification for translating the MOF representation of the
CIM mode into XML Schema (used by WSDM-CIM Mapping and WS-
Management), from DMTF, http://www.dmtf.org. See also [11].
• WSDM-CIM Mapping: specification for using WSDM (described earlier)
to manage resources that expose a CIM (described earlier) model, from
DMTF, http://www.dmtf.org. See also [11].
Required New Standards

• Services: To deliver the ultimate IT services to the business that they
serve, standards are required in the areas of service definition format
and content; services taxonomy and service catalog structure. The ITIL
refresh project described in Chapter 1 is likely to play a role in
establishing service standards.
• Symptoms: standard for representing conditions that can be
recognized as a result or correlating events and other operational
management data. See [2]
• CMDB: To enable the creation and use of a common CMDB, standards
are needed for CMBD interchange and access protocols as described
next. Such standardization efforts have begun; see [18].
o CMDB Interchange: Common data types and identification
semantics necessary to interchange information from multiple
CMDBs in a heterogeneous environment.
o CMDB Access Protocol: Operations and notifications for the
CMDB, along with along with administration considerations
and composibility with security specifications.
Standards Relationships and Use

The preceding sections discussed many different standards, of various
types and from multiple standards bodies. Each standard addresses one or
more aspects of IT management, but it is the integration and appropriate
positioning of all of these standards that result in the ability to compose an IT
management solution.

Figure 3 illustrates the key standards for IT Management and their

relationships to each other and to the major building blocks of an IT
Management system.
ITSM Standards Categories

Development Tooling
User Interfaces Process Management 9Eclipse
9ITIL 9UML
9JSR-168 9BPEL 9WSDM
9Policy 9WEF
9ARM
9Symptom
CMDB Management Tools
9CMDB access protocol 9SOA

9CMDB interchange protocol 9Web services
9Resource registry model 9WSDM
9WSDM Registry 9Policy
9Incidents 9Symptom
9RFCs 9SDD
Resource
Security Access
9WS-Security
9WSDM
9WS-SecurityPolicy
9WEF
9WS-Federation
9WS-RF
9WS-Trust
9WS-Notification
9SAML
9WS-Addressing
9XACML
9SNMP
9WEF
9CIM
9JAAS
9SMIS
9JACC
9ARM
9HTTP/S
9JMX
9SSL/TLS
Figure 3 Standards relationships and their use in the IT Management system architecture
As illustrated in Figure 3, certain standards are important for each of the

main partitions of the IT Management architecture, including:
• JSR-168 is important for user interfaces for process, CMDB,

management tool and resource control and interaction. User interfaces
that use this standard can be incorporated into portals from different
vendors.
• Eclipse is an open-source platform standard for tooling that can be used
to develop components and interfaces. Standards-based tooling can
assist with implementing other standards and accelerating the availability
of interoperable deployed components.
• As described earlier, ITIL or ISO 20000-1:2005 is a key standard for
ITSM that defines processes. Those processes can be modeled with
UML and instantiated with activities specified as workflows using BPEL.
Policies govern process operation.

• The CMDB requires standard methods for accessing and interchanging

the configuration management information among other ITSM
components. Certain types of management data, such as Requests for
Change (RFCs), symptoms, policies and others, should have standard
formats and schema associated with them so that they can be used in an
interoperable manner by multiple management tools in heterogeneous
environments. See [18] for information about CMDB standardization.
• WSDM is a key standard for manageability interfaces, including resource
management interfaces and the management interfaces for the
management tools themselves, which in turn can be managed by other
management tools, process flows and humans via user interfaces.
• Several standards are popular for representing and accessing resource
details. These include (but are not limited to) CIM, SNMP, and SMIS.
Such standards may be transformed into other forms (such as is done
with WS-CIM, for example); even more advantageous is transformation
to a common CMDB representation, using CMDB access and
interchange protocols. Another technique for addressing multiple
standards for resource representation and access is virtualization; see,
for example, [17].
• Another standard related to resources, ARM, measures transactions end-
to-end. It is useful for measuring transaction response times and the
percentage of successful transactions. Using its end-to-end tracing
capabilities, one can discover how business workload is flowing through
the IT infrastructure, aiding in problem diagnosis.
• Numerous security standards are employed in the IT management
architecture, from transport-level authenticated and encrypted
communications with HTTPS, SSL and TLS, to cooperating standards for
Web service security, including WS-Security, WS-SecurityPolicy and
WS-Trust, to XACML for access control policy federation, to JAAS for
authentication and JACC for authorization, to WEF for describing security
events.

6
ITSM
User Interfaces ITSM Process Execution Platform Development Tooling
9ITIL
Service 9Eclipse
9BPEL
Request Service Workflows 9UML
9WSDM
Service 9Policy 9WEF
IT External
Catalog 9ARM
Or
Service Support/Delivery Processes 9Symptom
Dashboard Planning
Business 9CMDB access
Common Tools
Mgmt User Report 9JSR-168 protocol Process Runtime Infrastructure
Info Query, Service 9Incidents 9SOA
Integration Modules
Notification 9RFCs 9Policy
9 9Symptom 9Web services Development
JS 9SDD Tools
R-1
9Resource registry
68 model
Install & Deploy Deployment
9WSDM Registry Other
Configure Service DB Process DB CMDB
9CMDB Access DB Tools
Protocol
Extended CMDB - Federated 9CMDB
68 Interchange
R-1
Protocol
Discovery,
Repositories
Monitor JS Federation,
9WSDM
Internal 9
Info Query, Service Synchronization,
Report 9WEF
Notification Reconciliation 9WS-RF Best
IT Work Queue
Managed Environment 9WS-Notification Practices
Organization Mgmt 9WS-Security 9WS-Addressing Planning,
Process Task9WS-Federation 9SNMP Deployment,
Applications 9CIM
Execution9WS-SecurityPolicy Operations
Launch in 9WS-Trust 9SMIS
context 9SAML Resource Virtualization 9ARM
9XACML 9JMX
ISV, SI
9WEF
Enablement
9JAAS Physical Infrastructure
Existing 9JACC
Tool UIs 9HTTP/S
9SSL/TLS
Security Platform Management
•Security Policy •Monitoring ITSM
•Authentication/Authorization •Availability Platform
•Transport •RAS
Management
Standards-Based
IT Management
N ow we can apply the key standards identified in the preceding

chapter to the IT Management architecture presented in Chapter 3
to describe a service-oriented, open standards-based IT
Management solution. The architecture by itself provides the
foundation for IT management solutions, but without open standards, the
architecture is not composable with heterogeneous building blocks. The
standards by themselves promote interoperability, but without a unifying
context, the standards cannot be composed together into a unified IT
management system. This chapter describes how the open standards can
be overlaid on the IT management architecture to produce the open
standards-based IT management solutions that customers demand.
Leveraging Standards
in the Architecture
In the absence of open standards, management technologies from various
providers cannot interoperate. Consider the IT infrastructure and managed
resources building block in the IT management architecture. In any
enterprise, these resources will undoubtedly be heterogeneous – servers,
networks, storage devices, application programs, middleware and other
components of the IT infrastructure surely will be provided by various
suppliers. When every resource must be managed uniquely, the
management tools add to system complexity rather than helping to address
complexity. Open standards such as WSDM provide standard interfaces
and data representations for managing these diverse resources.

Similarly, the CMDB is a central component of an IT management solution.

Without agreement on standards for CMDB access and interchange
protocols, the information in the CMDB will become a virtual “Tower of
Babel” and the management tools and process runtime components that
interact with the CMDB will grow overly complex. Standards are required to
support the interchange of information among heterogeneous CMDBs from
multiple vendors.
Open standards for interfaces and data formats enable the IT management
architecture to be realized in the most suitable way for each customer. So
long as components comply with standards, customers can put together
components and building blocks from multiple suppliers and can leverage
open-source software and tooling if they so choose. Successful IT
management solutions, just like the Internet, electromechanical systems
and many other solutions, are built on open standards.
Figure 4 illustrates an open-standards based IT Management solution that

employs the key standards introduced earlier within the IT Management
architecture introduced earlier. This figure shows IT management
components in a multi-vendor, heterogeneous environment and the use of
standards (interfaces and data formats) in such a system.
ITSM
User Interfaces ITSM Process Execution Platform Development Tooling
9ITIL
Service 9Eclipse
9BPEL
Request Service Workflows 9UML
9WSDM
Service 9Policy 9WEF
IT External
Catalog 9ARM
Or
Service Support/Delivery Processes 9Symptom
Dashboard Planning
Business 9CMDB access
Common Tools
Mgmt User Report 9JSR-168 protocol Process Runtime Infrastructure
Info Query, Service 9Incidents 9SOAModules
Integration
Notification 9RFCs 9Policy
9 9Symptom 9Web services Development
JS 9SDD Tools
R
-1 9Resource registry
68 model
Install & Deploy Deployment
9WSDM Registry Other
Configure Service DB Process DB CMDB
9CMDB Access DB Tools
Protocol
Extended CMDB - Federated 9CMDB
68 Interchange
-1 Protocol
Discovery,
R Repositories
Monitor JS Federation,
9WSDM
Internal 9
Info Query, Service Synchronization,
Report 9WEF
Notification Reconciliation 9WS-RF Best
IT Work Queue
Managed Environment 9WS-Notification Practices
Organization Mgmt 9WS-Security 9WS-Addressing Planning,
Process Task9WS-Federation 9SNMP Deployment,
Applications 9CIM
Execution9WS-SecurityPolicy Operations
Launch in 9WS-Trust 9SMIS
context 9SAML Resource Virtualization 9ARM
9XACML 9JMX
ISV, SI
9WEF
Enablement
9JAAS Physical Infrastructure
Existing 9JACC
Tool UIs 9HTTP/S
9SSL/TLS
Security Platform Management
•Security Policy •Monitoring ITSM
•Authentication/Authorization •Availability Platform
•Transport •RAS
Management
Figure 4 An open standards-based IT Management solution

The standards introduced in the previous chapter can be overlaid on the IT

Management reference architecture to enable that architecture to be
integrated through the standards. As Figure 3 illustrates, the user interface,
tooling, security, process, CMDB, mangement tool and resource
components of the management architecture interact using the standards
associated with those components.

7
9JSR-168
9Eclipse
9ITIL
9UML
9BPEL
9Policy
9WSDM
9CMDB Access Protocol
9Symptom
9SDD
9RFC
9CMDB Interchange Protocol
9WEF
9Resource model
9WSDM Registry
9SNMP
9CIM
9SMIS
9ARM
9JMX
9WS-Security
9WS-SecurityPolicy
9WS-Federation
9WS-Trust
9SAML
9XACML
9WEF
9JAAS
9JACC
9HTTP/S
9SSL/TLS
IT Management
Standards Summary
O ne way to evaluate IT Management solutions is to determine the

extent to which they employ open standards. The architecture and
standards outlined in the previous chapters illustrate the benefits of
an open standards-based IT management solution. To realize
those benefits, the solution components need to implement the standards.
This chapter describes the business value that results from standards for IT
components and offers a “checklist” for standards support that can be used
to evaluate IT management solution components.
Business Value of Standards

The fundamental nature of IT systems precludes any one company from
delivering a total IT management solution. Enterprises have heterogeneous
IT infrastructures and must deal with heterogeneous environments outside
of the enterprise. A single proprietary implementation is a thing of the past.
Today’s IT systems require pervasive deployment of IT management
components from a diverse range of suppliers throughout the IT
infrastructure, and these components need to interoperate. These
components include management tools, resources, CMDB, process
runtime, user interfaces, tooling and others; therefore, they must be based
on open industry standards.
Standards and Web services deployment enable SOA-based management,

increasing the flexibility of management systems and the reuse of
management procedures. Consistent management interfaces enable
simpler, interoperable integration of components to accomplish business
processes, including the business of IT as embodied by ITSM.

Standards also can help to reduce the costs for developing and deploying
systems and the management applications for these systems. Standards
protect customers’ investments, obviating any requirement to be bound to a
proprietary IT management solution and allowing them to choose the most
suitable IT management products and components from a broad array of
suppliers.
What to Look For

To realize this business value associated with open standards, customers
will seek solutions, products and components for IT management that
employ those standards. Table 1 recaps the important IT management
standards, describes how those standards are used in the IT management
architecture and lists examples of IBM products, services and offerings that
can play a part in IT management solutions. The products listed in the table
are illustrative of the functions enabled by the associated standard; the table
does not imply that each product fully supports all of the corresponding
standards, but rather that these products can play a role in realizing the
standards-based architecture described in the previous chapter.
IT Management Standard Associated IT Relevant IBM Products and

Management Technologies
Architecture
Building Block(s)
ITIL / ISO 20000-1:2005 Process runtime IBM Tivoli® ITSM Process

and services managers for Availability
Management, Release
Management, Information
Lifecycle Management (Note 1)
BPEL Process workflows • Workflow engine (Note 2)
• Automated process workflows

(Note 2)

Policy Process runtime

and services
IT Service Management Platform
CMDB access and intercchange CMDB IBM Tivoli ITSM CMDB (Note 2)
protocols, resource models,
registry, process artifacts
Eclipse (including Eclipse Test Development • Autonomic Integrated

and Performance Tools Platform, Tooling Development Environment
TPTP) (AIDE)
• IBM Rational® Application

Developer
• IBM Rational Systems
Developer
• IBM Rational Web Developer
• IBM Rational Software
Architect
• IBM Rational Software
Modeler
• IBM Rational Functional
Tester
• IBM Rational Manual Tester
• IBM Rational Performance
Tester
• IBM Rational Method
Composer
UML Process runtime • IBM Rational Software

and services, Architect
process modeling
• IBM Rational Software Modeler

IT Operational Management
9 WSDM Business • IBM Tivoli Composite

application Application Manager
9 WEF management
• IBM Tivoli Business
9 WS-RF Systems Manager
9 WS-Notification • IBM Tivoli Intelligent

Orchestrator
9 WS-Addressing
• IBM Tivoli Service Level
9 JMX Advisor
9 ARM • IBM Tivoli License
Manager
• IBM Tivoli License

Compliance Manager for
z/OS
• IBM Tivoli Contract

Compliance Manager
• Micromuse® (an IBM

company) NetCool®
products and solutions
• IBM Virtualization Engine

Enterprise Workload
Manager
9 WSDM Server, network IBM Tivoli Enterprise

and device Console
9 WEF management
• IBM Tivoli Monitoring
9 WS-RF
• IBM Tivoli OMEGAMON
9 WS-Notification
• IBM Tivoli NetView

9 WS-Addressing • IBM Tivoli Remote

Control
9 CIM
• IBM Tivoli Systems
9 SNMP Automation
9 SMIS • IBM Tivoli Workload

Scheduler
9 JMX
• IBM Tivoli Provisioning
Manager
• IBM Tivoli Configuration

Manager
• IBM Tivoli Decision

Support for z/OS
• IBM Director
• IBM Virtualization Engine

Resource Dependency
Services
9 WSDM Storage • IBM Tivoli Storage

management Manager
9 WEF
• IBM Tivoli Continuous
9 WS-RF Data Protection for Files
9 WS-Notification • IBM TotalStorage

Productivity Center
9 WS-Addressing
• IBM Director
9 CIM
9 SNMP
9 SMIS
9 JMX

9 WS-Security Security • IBM Tivoli Access

management Manager
9 WS-SecurityPolicy
• IBM Tivoli Identity
9 WS-Trust Manager
9 XACML • IBM Tivoli Federated

Identity Manager
9 JAAS
• IBM Tivoli Directory
9 JACC Server
9 WEF • IBM Tivoli Directory
Integrator
9 HTTPS/SSL/TLS
• IBM Security Compliance
Manager
• IBM DataPower SX40
• Micromuse® (an IBM

company) NetCool®
products and solutions
• IBM WebSphere®
JSR-168 Integrated user • Integrated Solutions

interfaces Console
• WebSphere Portal
IT Management Best Practices Support

ITIL / Process runtime and • IBM Tivoli Unified Process (ITUP)

services, process modeling
ISO 20000- • Open Process Automation Library
1:2005 (OPAL)
• IBM Global Services
• Innovation Workshops
• Infrastructure Services
Readiness Engagement
• IT Service Management
Design
• Implementation Services
Table 1 IT Management Standards Checklist
Notes:
1. Phase 1 process managers planned availability in June 2006. Additional process

managers targeted for 3Q 2006.
2. Planned availability June 2006.

8
9JSR-168
IBM IT Service Management 9Eclipse
9ITIL
9UML
9BPEL
9Policy
IT Process 9WSDM
9CMDB Access Protocol
Management Products 9Symptom
9SDD
9RFC
9CMDB Interchange Protocol
9WEF
IT Service 9Resource model
9WSDM Registry
Management Platform 9SNMP
9CIM
9SMIS
9ARM
IT Operational 9JMX
9WS-Security
Management Products 9WS-SecurityPolicy
9WS-Federation
9WS-Trust
9SAML
9XACML
Best Practices 9WEF
9JAAS
9JACC
9HTTP/S
9SSL/TLS
Conclusion
T his paper has described the critical importance of open standards for
ITSM. Beginning with underlying elements such as ITIL and
autonomic computing, we described an archtiecture for the
realization of ITSM, many of the key standards – existing, emerging
and yet to be developed – that are relevant to ITSM and how those
standards are employed in the ITSM architecture.
We also presented a summary of the important standards to look for when

investing in ITSM and discussed the associated business value that can be
derived from adopting standards-based ITSM solutions.
We conclude with a summary of the key directions and values that this
paper establishes..
• The ”four C” environment of change, complexity, compliance and cost

business pressures drives requirements for a service-oriented approach
to the business of IT. ITSM offers a solution for such an environment.
• ITSM can provide an optimal intersection of people, processes,

information and technology based on:
o IT process management products that employ automated

workflows aligned with ITIL and ISO 20000-1:2005.
o An IT service management platform that incorporates open,

standard-based components such as a CMDB and workflow
engines

o IT operational management products that enable the

business of IT to be managed in a standardized, automated,
infrastructure-aligned way
o Best practices that offer a standard way for people to interact

with technology in an ITSM environment
• ITIL, a set of best practices for IT service management (and its

corresponding standard, ISO/IEC 20000-1:2005) provides the
foundation for processes and services for IT management. Autonomic
computing offers self-managing capabilities to ITSM solutions.
• The IT management architecture embodies IT process management,

the IT service management platform and IT operational management
with the backdrop of ITIL best practices. This architecture specifies
ITSM building blocks including:
o CMDB
o Resource access
o Management tools
o User interfaces
o Development tooling
o Security
o Process management and services
• IT management standards enable the various components of the IT

management architecture to interoperate in heterogeneous
environments. ITSM-related standards consist of both de jure and de
facto standards and include existing, emerging and yet to be developed
standards.
• Employing the key IT management standards within the IT

management architecture enables an open standards-based IT
management architecture that increases flexibility and resilience and
enables service-oriented IT management.
Businesses that adopt open standards-based ITSM could realize the

benefits of the optimal intersection of people, processes, information and
technology and could achieve these business values:

Effectively and efficiently deliver IT services – Aligned with

business priorities
Quantifiable process performance – End-to-end process

measurements and quantification
Extract Greater value of existing investments – Tighter Integration

across technology, information and people
Increase IT organizational productivity – Alignment of IT silos

through data and workflow integration
IBM has demonstrated ITSM leadership through participation in defining IT

management standards, including ITIL, Web Services, SOA and many of
the particular standards cited earlier in the document.
IBM offers ITSM innovation through a unique approach to defining a

framework and solutions for ITSM, including extending self-managing
autonomic computing to IT services. IBM is implementing ITIL and our own
best practices for IT services in our architectures, products, offerings,
services and and tools to assist customers in making the vision a reality.
IBM is in the forefront of ITSM execution, delivering leading-edge

technology and products based on IBM’s leading cross-brand capabilities,
including the IT service management platform CMDB and IT process
management solutions. We also are delivering a vibrant ecosystem of
partners to share this technology with our customers.
Through ITSM leadership, innovation and execution, IBM offers a broad

array of open standards-based products for IT management. IBM’s
approach to IT service management offers businesses a better way to
manage IT.

Cited References
For more
information
[1] IBM Corporation, ITIL – The Key to Managing IT Services, http://www-
306.ibm.com/software/tivoli/resource-center/security/wp-itil.jsp
[2] International Organization for Standardization (ISO), ISO/IEC 20000-1:2005,

http://www.iso.org/iso/en/CatalogueDetailPage.CatalogueDetail?CSNUMBER=41332&scopelist=PROGRAM
ME
[3] Office of Government Commerce, ITIL IT Service Management, ITIL® Refresh Statement,
http://www.itil.co.uk/refresh.htm
[4] IBM Corporation, An Architectural Blueprint for Autonomic Computing, http://www-

03.ibm.com/autonomic/pdfs/AC%20Blueprint%20White%20Paper%20V7.pdf
[5] IBM Corporation, IBM Autonomic Computing: Creating Self-Managing Computing Systems,
http://www-03.ibm.com/autonomic/
[6] National Institute of Standards and Technology, “Information Technology Standards”,

http://www.nist.gov/public_affairs/standards.htm#Information
[7] IBM Corporation, Hewlett-Packard Company, Computer Associates, Management Using Web
Services: A Proposed Architecture and Roadmap,
ftp://www6.software.ibm.com/software/developer/library/ws-mroadmap.pdf
[8] IBM Corporation, WSDM Information, http://www.ibm.com/autonomic/wsdm
[9] IBM Corporation, BEA Systems, Microsoft Corporation, SAP AG, Siebel Systems, Business
Process Execution Language for Web Services version 1.1, http://www-
128.ibm.com/developerworks/library/specification/ws-bpel/
[10] SDD Technical Committee, http://xml.coverpages.org/SDD-Announce2005.html
[11] Baldwin, Duane, IBM developerWorks, Grid Storage and Open Standards, http://www-
128.ibm.com/developerworks/grid/library/gr-storstan/index.html
[12] Hewlett-Packard Corporation, IBM Corporation, Intel Corporaion, Microsoft Corporation, Evolving
Web services standards for managing system resources: a roadmap to harmonize current
management web services specifications, http://www-
128.ibm.com/developerworks/webservices/library/specification/ws-roadmap/
[13] IBM Corporation, Converging WSDM and WS-Management, http://www-

03.ibm.com/autonomic/wsdm/convergence/
[14] Shivnath Babu, Duke University, Self-Managing Systems,

http://www.cs.duke.edu/courses/spring06/cps296.2/index.html
[15] Fabián E. Bustamante, Northwestern University, Autonomic Computing Systems,

http://www.cs.northwestern.edu/~fabianb/classes/cs-495-w06.html
[16] Cardiff University, MSc Strategic Information Systems,

http://www.cs.cf.ac.uk/courses/mscsis/courseinfo.php

[17] IBM Corporation, IBM Virtualization Engine, http://www-

03.ibm.com/servers/eserver/about/virtualization/
[18] Press release, Technology Leaders to Create Specification for Federating and Accessing IT
Information, http://biz.yahoo.com/iw/060411/0122436.html
Other Related Reading

For more • IBM Corporation, SOA Management, http://www-306.ibm.com/software/tivoli/features/soa/soa-
mgmt.html
information
• IBM Corporation, IT Service Management: A Better Way to Management the Business of IT,
http://www-306.ibm.com/software/sw-events/webcast/Y591664L15282D13.html
• Organization for the Advancement of Structured Information Standards (OASIS), http://www.oasis-

open.org/home/index.php
• Organization for the Advancement of Structured Information Standards (OASIS), Web Service
Distributed Management (WSDM) Technical Committee, http://www.oasis-
open.org/committees/tc_home.php?wg_abbrev=wsdm
• Distributed Management Taskforce, Common Information Model, http://www.dmtf.org/standards/cim/
• Internet Engineering Task Force (IETF), Simple Network Management Protocol,

http://www.ietf.org/html.charters/OLD/snmp-charter.html
• Storage Networking Industry Association (SNIA), SNIA Storage Management Initiative Specification,
http://www.snia.org/smi/tech_activities/smi_spec_pr/spec/
• Global Grid Forum , http://www.gridforum.org/
• The Open Group, Application Response Measurement (ARM),

http://www.opengroup.org/tech/management/arm/
• Sun Developer Network, Java Management Extensions, http://java.sun.com/products/JavaManagement/
• Object Management Group, UML Resource Page, http://www.uml.org/
• Organization for the Advancement of Structured Information Standards (OASIS), Web Services Business
Process Execution Language (WSBPEL) Technical Committee, http://www.oasis-
open.org/committees/tc_home.php?wg_abbrev=wsbpel
• Eclipse organization, http://www.eclipse.org/
• Java Community Process, JSR-168, http://www.jcp.org/en/jsr/detail?id=168
• Organization for the Advancement of Structured Information Standards (OASIS), Web Services Security
(WSS) Technical Committee. http://www.oasis-open.org/committees/tc_home.php?wg_abbrev=wss
• IBM Corp., Microsoft Corp., RSA Security Inc. and Verisign, Inc., Web Services Security Policy Language
(WS-SecurityPolicy), http://specs.xmlsoap.org/ws/2005/07/securitypolicy/ws-securitypolicy.pdf
• BEA Systems Inc., IBM Corp., Microsoft Corp., RSA Security Inc. and Verisign, Inc., Web Services
Security Policy Language (WS-SecurityPolicy), http://specs.xmlsoap.org/ws/2005/07/securitypolicy/ws-
securitypolicy.pdf
• IBM Corp. et al, , Web Services Federation Language (WS-Federation),

hhttp://specs.xmlsoap.org/ws/2003/07/secext/WS-Federation.pdf

• IBM Corp. et al, , Web Services Trust Language (WS-Trust),

http://specs.xmlsoap.org/ws/2005/02/trust/WS-Trust.pdf
• Organization for the Advancement of Structured Information Standards (OASIS), Extensible Access
Control Markup Language (XACML) Technical Committee, http://www.oasis-
open.org/committees/tc_home.php?wg_abbrev=xacml
• Organization for the Advancement of Structured Information Standards (OASIS), Security Services
(SAML) Technical Committee, http://www.oasis-
open.org/committees/tc_home.php?wg_abbrev=security#overview
• Sun Developer Network, Java Authentication and Authorization Service (JAAS),

http://java.sun.com/products/jaas/
• IBM developerWorks, Security Information, http://www-

128.ibm.com/developerworks/java/jdk/security/142/
• Java Community Process, JSR-115, http://www.jcp.org/en/jsr/detail?id=115
• Internet Engineering Task Force (IETF), HTTP Over TLS, http://www.ietf.org/rfc/rfc2818.txt
• Organization for the Advancement of Structured Information Standards (OASIS) Solution Deployment
Descriptor (SDD) Technical Committee, http://www.oasis-
open.org/committees/tc_home.php?wg_abbrev=sdd

®
®
© Copyright IBM Corporation 2005
IBM United States of America
Produced in the United States of America
All Rights Reserved
IBM and the IBM logo are trademarks of International Business

Machines Corporation in the United States, other countries or both.
ITIL® is a Registered Trade Mark, and a Registered Community Trade

Mark of the Office of Government Commerce, and is Registered in the
U.S. Patent and Trademark Office
IT Infrastructure Library ® is a Registered Trade Mark of the Office of

Government Commerce
Web Services-Interoperability Organization and WS-I are trademarks of

the Web Services-Interoperability Organization in the United States and
other countries.
Java and all Java-based trademarks are trademarks of Sun

Microsystems, Inc. in the United States, other countries, or both.
Linux® is a trademark of Linus Torvalds in the United States, other

countries, or both.
Other company, product and service names may be trademarks or

service marks of others.
INTERNATIONAL BUSINESS MACHINES CORPORATION

PROVIDES THIS PAPER “AS IS” WITHOUT WARRANTY OF ANY
KIND, EITHER EXPRESS OR IMPLIED, INCLUDING, BUT NOT
LIMITED TO, THE IMPLIED WARRANTIES OF NON-
INFRINGEMENT, MERCHANTABILITY OR FITNESS FOR A
PARTICULAR PURPOSE. Some states do not allow disclaimer of
express or implied warranties in certain transactions, therefore, this
statement may not apply to you.
This information could include technical inaccuracies or typographical

errors. Changes may be made periodically to the information herein;
these changes may be incorporated in subsequent versions of the
paper. IBM may make improvements and/or changes in the product(s)
and/or the program(s) described in this paper at any time without
notice.
Any references in this document to non-IBM Web sites are provided for
convenience only and do not in any manner serve as an endorsement
of those Web sites. The materials at those Web sites are not part of the
materials for this IBM product and use of those Web sites is at your
own risk.
IBM may have patents or pending patent applications covering subject

matter described in this document. The furnishing of this document
does not give you any license to these patents. You can send license
inquiries, in writing, to:
IBM Director of Licensing

IBM Corporation
4205 South Miami Boulevard
Research Triangle Park, NC 27709 U.S.A.
See important legal information at http://www.ibm.com/legal/us/

IT Service Management Standards: A Reference Model For Open Standards-Based ITSM Solutions

Uploaded by

Copyright:

Available Formats

IT Service Management Standards: A Reference Model For Open Standards-Based ITSM Solutions

Uploaded by

Document Information

Original Title

Copyright

Available Formats

Share this document

Share or Embed Document

Sharing Options

Did you find this document useful?

Is this content inappropriate?

Copyright:

Available Formats

IT Service Management Standards: A Reference Model For Open Standards-Based ITSM Solutions

Uploaded by

Copyright:

Available Formats

IT Service Management Standards

IT Service Management Standards

A Reference Model for

An IBM White Paper

IT Services Management ......................................................................................... 7

Role and Types of Standards................................................................................. 13

IT Management Standards Landscape ................................................................. 19

Standards-Based IT Management ........................................................................ 26

IT Management Standards Summary ................................................................... 29

Cited References ................................................................................................... 39

AN IBM WHITE PAPER 2

• an overview of ITSM, including underlying elements such as ITIL® and

• an architecture for the realization of ITSM;

• many of the key standards – existing, emerging and yet to be

• how those standards are employed in the ITSM architecture.

In addition, we describe various types of standards that are representative of

1 Publicly available and implementable standards

AN IBM WHITE PAPER 3

C hange, compliance, complexity and cost: these “four Cs” are

This “four C” environment introduces challenges in managing IT cost

2 IT Service: A collection of IT components (including hardware, software, facilities, people,

AN IBM WHITE PAPER 4

IT service management (ITSM) is about integrating those silos – not only

This intersection enables the business of IT to be managed in a service-

A comprehensive approach to ITSM requires standards for information,

IBM IT Service Management

AN IBM WHITE PAPER 5

Figure 1 Approach to IT Service Management

IT operational management products enable the business of IT to be

To achieve the optimal intersection of people, processes, information

The remainder of this document is organized as follows:

AN IBM WHITE PAPER 6

Change and Configuration

T he business of IT Management – ITSM – was introduced in the

ITIL (Information Technology Infrastructure Library) is a process-

AN IBM WHITE PAPER 7

ISO/IEC 20000-1:2005 promotes the adoption of an integrated

A recent initiative, known as ITIL v3 or the ITIL Refresh project, is underway.

 Continuous Service Improvement

In ITSM, ITIL is employed to provide the foundation for the IT process

AN IBM WHITE PAPER 8

Autonomic computing helps to address complexity by using

The term “autonomic computing” was conceived by IBM but self-

Based on this industry initiative, IBM is incorporating self-managing

AN IBM WHITE PAPER 9

Install & Deploy Other Deployment

Extended CMDB - Federated

M anagement standards such as ISO 20000-1:2005 and best

The touchstone architecture for IT management combines IT process

Figure 2 illustrates the IT Management system architecture that incorporates

AN IBM WHITE PAPER 10

User Interfaces IT Process Management

Install & Deploy Other Deployment

Extended CMDB - Federated

Figure 2 IT Management system architecture

This IT management architecture instantiates ITSM as shown in Figure 2

Autonomic computing defines the key operational management

As indicated by the orange backdrop in Figure 2, security and monitoring

AN IBM WHITE PAPER 11

Continuous Service Improvement