MOF Service

Management Function
Library

Overview

Microsoft

Solutions for Management

The information contained in this document represents the current view of Microsoft Corporation on the issues discussed as of the date of
publication. Because Microsoft must respond to changing market conditions, it should not be interpreted to be a commitment on the part
of Microsoft, and Microsoft cannot guarantee the accuracy of any information presented after the date of publication.
This document is for informational purposes only. MICROSOFT MAKES NO WARRANTIES, EXPRESS, IMPLIED OR STATUTORY, AS
TO THE INFORMATION IN THIS DOCUMENT.
Complying with all applicable copyright laws is the responsibility of the user. Without limiting the rights under copyright, no part of this
document may be reproduced, stored in or introduced into a retrieval system, or transmitted in any form or by any means (electronic,
mechanical, photocopying, recording, or otherwise), or for any purpose, without the express written permission of Microsoft
Corporation.
Microsoft may have patents, patent applications, trademarks, copyrights, or other intellectual property rights covering subject matter in
this document. Except as expressly provided in any written license agreement from Microsoft, the furnishing of this document does not
give you any license to these patents, trademarks, copyrights, or other intellectual property.
Unless otherwise noted, the example companies, organizations, products, domain names, e-mail addresses, logos, people, places and
events depicted herein are fictitious, and no association with any real company, organization, product, domain name, email address,
logo, person, place or event is intended or should be inferred.

2002 Microsoft Corporation. All rights reserved.

Microsoft, Active Directory, Windows, and Windows NT are either registered trademarks or trademarks of Microsoft Corporation in the
United States and/or other countries.
The names of actual companies and products mentioned herein may be the trademarks of their respective owners.

Overview

Table of Contents
Overview..................................................................................................... 1
Introduction ............................................................................................. 2
Document Purpose ............................................................................... 2
Intended Audience................................................................................ 2
How to Use This Guide........................................................................ 3
Background .......................................................................................... 3
Microsoft Frameworks...................................................................... 3
Microsoft Operations Framework Overview........................................... 6
MOF Core Concepts............................................................................. 6
MOF Core Models ............................................................................... 7
The MOF Process Model .................................................................. 7
The MOF Team Model ................................................................... 10
The MOF Risk Model..................................................................... 13
MOF Process Model Quadrants and Service Management Functions ..... 15
Introduction ........................................................................................... 16
Changing Quadrant................................................................................ 17
Change Management.......................................................................... 17
Configuration Management................................................................ 18
Release Management.......................................................................... 18
Operating Quadrant ............................................................................... 19
System Administration....................................................................... 19
Security Administration ..................................................................... 19
Directory Services Administration..................................................... 20
Network Administration..................................................................... 20
Service Monitoring and Control......................................................... 20
Storage Management.......................................................................... 20
Print and Output Management ........................................................... 21
Job Scheduling ................................................................................... 21
Supporting Quadrant.............................................................................. 22
Service Desk....................................................................................... 22
Incident Management......................................................................... 22
Problem Management ........................................................................ 23
Optimizing Quadrant ............................................................................. 24
Service Level Management................................................................ 24
Financial Management ....................................................................... 24
Capacity Management........................................................................ 25
Availability Management................................................................... 25
Service Continuity Management........................................................ 25
Workforce Management..................................................................... 25
Next Steps.............................................................................................. 27
Appendixes ............................................................................................ 28
Appendix A: Glossary ........................................................................... 29
Appendix B: Acronyms ......................................................................... 97
Appendix C: Suggested Training and Reading ................................... 102
Courses.......................................................................................... 102
Books ............................................................................................ 102
Web Sites ...................................................................................... 102

Chapter 1
Overview

Service Management Function Guide

Introduction
Document Purpose
The intent of this document is to introduce service
management functions (SMFs) and provide background
information about their purpose and origin. SMFs
provide operational guidance for Microsoft technologies
employed in computing environments for information
technology applications. SMFs are a core part of
Microsoft Operations Framework (MOF), which
provides guidance through courses, services, guides,
and other media that enable organizations to achieve
mission-critical system reliability, availability,
supportability, and manageability of IT solutions.
The content of this document, and the SMF documents
for which it serves as an introduction, draws from best
practice guidelines documented in the Information
Technology Infrastructure Library (ITIL) from the
Central Computer and Telecommunications Agency
(CCTA) and from years of information technology (IT)
operations experience by Accenture, Avanade Inc., Fox
IT, Hewlett-Packard Company, Lucent
Technologies/NetworkCare Professional Services,
Microsoft Consulting Services (MCS), and Microsoft
Information Technology Group (ITG). In 2000, the CCTA
was incorporated into the Office of Government
Commerce (OGC); it will be referenced as OGC in this
document.

Intended Audience
This material is valuable to both internal staff and
consultants. It is aimed primarily at two main groups: IT
operations managers and IT professionals, as well as
support staff (including analysts and service desk
specialists) working in or supporting the operations of a
production IT environment.
It is assumed that readers are fully conversant with
Microsoft Operations Framework process, team, and risk
models. These concepts are briefly reviewed in this
document, but are described in greater depth in a series
of technical papers. These documents, describing the
various MOF models, may be found at
http://www.microsoft.com/mof.

Overview

How to Use This Guide

Microsoft Operations Framework service management
function (SMF) guides are standardized to ensure
consistency across the guides. In practice, what that
means is that all SMF guides have the same high-level
structure and follow the same section numbering
scheme. This document is intended to present
background information that is common to all of the
SMF guides.
All SMF guides follow this basic structure:

Introduction

Executive summary

Process and activities

Roles and responsibilities

Relationship to other processes

Contributors

Background
The OGC developed ITIL as a comprehensive and
coherent code of practice to help organizations provide
efficient and cost-effective IT services. The OGC is a
United Kingdom government executive agency
responsible for developing best practices advice and
guidance on the use of information technology in service
management and operations. To accomplish this, the
OGC charters projects with leading IT companies
around the world to document and validate best
practices in the disciplines of IT service management.

Microsoft Frameworks
Microsoft Frameworks are bodies of knowledge
pertaining to the development, deployment, and
operation of software and infrastructure solutions. The
frameworks provide technical guidance built on proven
practices for people, processes, and technology based on
the IT life cycle. Frameworks content is distributed
through a variety of mechanisms, including technical
papers, courseware, and service offerings, generally
associated with Microsoft Solution Offerings. A vital
part of the frameworks strategy is to address the
dynamic, ever-changing nature of today's distributed IT
environments. Microsoft Consulting Services, Product
Support Services, and Microsoft partners deliver

Service Management Function Guide

solutions through integrated frameworks and customtailored service engagements.

Microsoft Frameworks draws upon the extensive
experience that Microsoft, its customers, and industry
partners have in deploying and operating missioncritical systems using Microsoft products and
technologies. Frameworks principles for IT service
management acknowledge and draw from the welldocumented best practices within ITIL. The frameworks
provide a bridge between products and technologies on
the one hand, and customer solutions on the other. They
provide the managerial and technical knowledge that
organizations need to get the most from their technology
investment.
The IT life cycle contains four phasesplanning,
preparing, building, and operating, defined as follows:

Planning. Identifying business needs, technologies,

and solution options to align business and IT plans.

Preparing. Developing the organizational readiness

and individual skills needed to implement new
technologies.

Building. Designing, developing, and deploying IT

solutions rapidly and efficiently.

Operating. Deploying repeatable processes,

procedures, and customized support options to run
highly available, scalable, reliable, and manageable
systems.

Microsoft Frameworks consists of two components

Microsoft Solutions Framework (MSF) and Microsoft
Operations Framework (MOF). These correspond to the
building and operating phases of the IT life cycle,
respectively. Each framework provides the information,
tools, and resources related to the people, processes, and
technologies needed to successfully complete their
corresponding phase. Aspects of each of the frameworks
are also incorporated into the Microsoft Solution
Offerings, described below.

Microsoft Solutions Framework

Microsoft Solutions Framework (MSF) provides
guidance in the planning, building, and deploying
phases within a specific project life cycle. This guidance
is in the form of white papers, deployment guides, tools,
templates, case studies, and courseware in the areas of
enterprise architecture, application development,

Overview

component design, and infrastructure deployment.

Many of these resources are available online at
http://www.microsoft.com/msf.

Microsoft Operations Framework

Microsoft Operations Framework (MOF) offers
comprehensive technical guidance for achieving
mission-critical production system reliability,
availability, and manageability for Microsoft products
and technologies. This direction consists of white
papers, operational guides, assessment tools, best
practices, case studies, and support tools for effective
data center management within todays complex
distributed IT environment. Many of these resources are
available online at http://www.microsoft.com/mof.

Service Management Function Guide

Microsoft Operations Framework Overview

Microsoft Operations Framework (MOF) is a collection
of best practices, principles, and models. It provides
comprehensive technical guidance for achieving
mission-critical production system reliability,
availability, supportability, and manageability for
solutions and services built on Microsoft products and
technologies. This guidance is presented in the form of
white papers, service management guides, assessment
tools, operations kits, best practices, case studies, and
support tools that address the people, process, and
technologies for effectively managing production
systems within todays complex distributed IT
environment.

MOF Core Concepts

MOF directly addresses the two core concepts that IT
organizations need to effectively manage in order to be
successful. Those core concepts are service solutions and
IT service management.
Service solutions include those business services that IT
provides to customers and users. These may include line
of business (LOB) applications, messaging, e-commerce
infrastructure, print services, data storage, and others.
IT service management entails the IT functions or
processes that must be performed in order to manage
and maintain each of the aforementioned service
solutions. These IT functions or processes are termed
service management functions and include
configuration management, change management,
service desk, capacity management, and others. MOF
currently recognizes a total of 21 individual service
management functions (SMFs), each of which is
thoroughly described in an SMF-specific technical
document. A brief description of each of the SMFs is
provided later in this overview.

Overview

MOF Core Models

MOF principles and guidance are also organized around
three core models, which are each manifested within the
individual SMFs. These three modelsthe MOF team
model, MOF process model, and MOF risk modelare
introduced below. In-depth discussions of each model
are available through technical guides located at
http://www.microsoft.com/mof.

The MOF Process Model

IT operations encompass a complex, dynamic set of
procedures and processes that are extremely difficult to
define and capture with a high degree of accuracy.
Modeling such endeavors to an extreme level of
precision would be cost prohibitive and generally
inappropriate, since the processes must typically be
adapted locally anyway.
MOF simplifies the approach to modeling this complex
set of dynamics into an easy-to-understand framework,
whose principles and practices are straightforward to
incorporate and apply in the IT environment. The power
of this simplified approach enables the operations staff
of an enterprise of any size, regardless of maturity level,
to realize tangible benefits to the existing, or proposed,
operations.
The MOF process model supports the successful
provision of IT services by addressing four key
principles.

Structured architecture. The process model provides

the structure for process integration, life cycle
management, mapping of roles and responsibilities,
and overall management command and control. It
also provides the underlying foundation for process
automation and technology-specific operations.

Rapid life cycle, iterative improvement. To stay

competitive in an aggressive business environment,
MOF utilizes the concept of an iterative life cycle
that supports both the ability to incorporate change
quickly and to continuously assess and improve the
overall operations environment. Recognizing that
operations do not follow a sequential set of phases
like the typical IT development project, the MOF
process model categorizes key operational activities

Service Management Function Guide

into quadrants that emphasize a spiral life cycle,

with parallel processes occurring simultaneously.

Review-driven management. To aid in managing the

operations environment, MOF recommends and
describes many methods and techniques and
delivers them through the service management
functions (SMFs). Despite this comprehensive
prescriptive guidance, rote application of these SMFs
alone is insufficient to extract maximum benefit
from IT investments. To provide this benefit, MOF
institutes higher-level management reviews at key
points in the life cycle. These reviews are held to
evaluate performance for release-based activities as
well as steady-state or daily operational activities.

Embedded risk management. Implementing IT service

management functions can be seen as a form of risk
management. Service management focuses on
implementing functions that, among other benefits,
reduce the risk of service outages. However, this
provides too narrow a view of risk and how it needs
to be managed. To enable a broader view, MOF has
adopted a comprehensive risk model, whose
concepts are incorporated throughout IT operations.

The Four MOF Quadrants

Applying these key principles, the MOF process model
is divided into four highly integrated quadrants of
operational activity. They are:

Changing

Operating

Supporting

Optimizing

Each of the quadrants has a unique service mission that

is related to specific aspects of the IT life cycle. Each
quadrants service mission is accomplished by means of
the implementation and execution of underlying
operational processes and activities called service
management functions (SMFs). For example, in the
changing quadrant, the underlying SMFs are change
management, configuration management, and release
management. Together, these functions support the
changing quadrants service mission, which is to
effectively identify, approve, control, and release
changes to the IT environment. This integration of
service function with operational process is replicated
throughout each of the quadrants. Each of the SMFs is

Overview

primarily associated with a particular quadrant

(although overlap can occur); this association will be
presented in a subsequent section.
MOF incorporates specifically tailored management
reviews into the process model to assess the operational
effectiveness of each quadrant, including the underlying
service management functions. The management
reviews are:

Release readiness review

Operations review

Service level agreement (SLA) review

Release approved review

The following diagram illustrates the MOF process

model and the relationship of the life cycle quadrants
with their respective operational reviews and SMFs.

Figure 1.
Relationship of MOF process model, quadrants, and SMFs

Service Management Function Guide

10

The MOF Team Model

The evolution of the MOF team model began with a
review of the objectives of IT management and the best
practices applicable to meeting those objectives. Quality
goals were established to provide a means to measure an
organizations success in achieving the objectives. The
goals are to establish:

Well-developed release and change management

processes and accurate inventory tracking of all IT
services and systems.

Efficient management of physical environments and

infrastructure tools.

Quality, cost-effective customer support and a

service culture.

Predictable, repeatable, and automated day-to-day

system management.

Protected corporate assets, controlled access to

systems and information, and proactive planning for
emergency response.

Efficient and cost-effective, mutually beneficial

relationships with service and supply partners.

As the quality goals, process model, and associated

personnel needs to achieve these goals and functions
were synthesized, MOF developed six specific team
roles and responsibilities to efficiently address each of
them. It is important to note that the team model that
MOF developed for this environment looks and runs
very differently from traditional, centralized-computing,
hierarchical data center operations teams. A balance
exists in suggesting process ownership and functional
organization. For example, change management process
ownership was much easier to delegate to a person in a
centralized (mainframe) environment, where that person
likely owned end-to-end change control for the system.
Today, change management ownership crosses
geographical, business unit, time zone, and even
company boundaries and is therefore much more
difficult to assign to any one person or group.
Organizational models are closely tied to the processes
used within them. The process responsibilities must be
shared, which is why it is key to evangelize standard
best practices (such as ITIL and MOF) throughout the
industry.

Overview

11

The MOF team model describes:

Best practices for using role clusters to structure

operations teams.

The key activities and competencies of each role

cluster.

How to scale the teams for different sizes and types

of organizations.

Which role combinations work well and which do

not.

Which guiding principles are the most successful for

running and operating distributed computing
environments on the Microsoft platform.

How the MOF team relates to the Microsoft

Solutions Framework (MSF) team model.

These principles, together with the quality goals noted

above, combine to define the individual roles
comprising the MOF team model. The six roles of the
team model should be interpreted as high-level
operations role clusters, each of which is responsible
for performing several core operations duties.
For each team role cluster, the MOF team model defines
the activities and processes with which they are
involved, the typical ways in which these roles and
responsibilities are identified in a production
environment, and the common requirements for
specialists within the role cluster. Note, however, that
these role clusters do not imply or suggest any kind of
an organization chart or a set of job titles since they will
vary widely by organization and team. IT organizations
will implement aspects differently, depending on the
size of the group, the scope and boundaries of the
systems, the geographic locations, the resources
available to the team, and the specialties and experiences
of the individual staff. Depending upon the size of the
group, a single individual might perform the functions
of several team clusters or, conversely, an entire team
might be required to perform just a single function
within a role cluster.

Service Management Function Guide

12

Figure 2.
The MOF team model

The six roles of the MOF team model (shown above)

correspond with the key quality goals detailed
previously. They map as follows:
Quality Goal

Team Role

Release and change management

Release

Management of physical environments and infrastructure tools

Infrastructure

Quality customer support and a service culture

Support

Predictable, repeatable, and automated system management

Operations

Protected corporate assets, controlled access, and proactive

security planning

Security

Mutually beneficial relationships with service and supply

partners

Partner

Most often, the roles will be distributed among different

groups within the IT organization and, sometimes,
within the business user community, as well as external
consultants and partners. As a general good practice for
any team structure, roles and responsibilities need to be
carefully defined and explicitly communicated so that
deliverables and expectations are clear to everyone,
thereby creating an environment conducive for focused
individual work and quality contribution to the team
effort.
Detailed descriptions for each of the MOF team roles
and responsibilities is provided in the MOF team model
for operations technical guide available at
http://www.microsoft.com/mof.

Overview

13

The MOF Risk Model

MOF philosophy assumes that risk is inherent in every
IT undertaking, whether or not an organization chooses
to recognize and plan for it. With the current high
degree of reliance that business places on IT (in some
cases the business is wholly dependent on it), MOF has
devised an entire model and set of processes and
procedures to manage risk.
MOF recognizes that risks are implicitly neither good
nor bad. They simply exist. For a business to progress
and evolve, it must generally choose a path that takes
some risks and avoids others. The MOF risk model
provides a framework for organizations to identify,
categorize, and manage risks proactively and
continuously. The risk management process is
formalized to some degree in order to ensure that team
members are continually alert to the potential for risks
that might result from IT activities.
The MOF risk model prescribes several steps in the risk
management process, as illustrated below.

Figure 3.
The MOF risk management process

Service Management Function Guide

14

Risks are managed through a five-step process of

identification, analysis, planning, tracking, and
controlling. Through identification and analysis, the
team recognizes and evaluates risks to determine their
potential impacts and priority for a response. In the
planning step, the team determines a course of action to
use in handling the risk. This course of action may
involve complex actions, contingency plans, and
mitigation steps, or it may involve simply tracking the
risk to see if it manifests itself, depending on its severity
and potential impact. Whichever course of action is
selected in the planning step, the risk will be continually
tracked by the team to determine if it has, in fact,
surfaced or disappeared. Management of the risk takes
place, following the predetermined plan, if triggered by
the occurrence of the risk. Risks are retired when they no
longer exist.
The MOF risk model uses formalized documents to aid
in this five-step process. The risk assessment document
is created early in a project and updated periodically to
provide a centralized repository for the identified risks.
The list of top risks displays those risks determined to be
of high priority. As risks are identified and managed, the
team learns from experience and documents this
learning for application to future projects.

Overview

15

Chapter 2
MOF Process Model Quadrants
and Service Management
Functions

Service Management Function Guide

16

Introduction
As shown in Figure 2 in the previous chapter, each of the
quadrants in the MOF process model is associated with
several SMFs, which in turn apply directly to the IT
activities performed within the quadrant. This section
provides an abstract of each of the SMFs within the
context of its container quadrant.

Overview

17

Changing Quadrant
The changing quadrant includes the processes and
procedures required to identify, review, approve, and
incorporate change into a managed IT environment.
Change includes hardware and software assets as well
as specific process and procedural changes.
The objective of the change process is to introduce new
technologies, systems, applications, hardware, tools, and
processes, as well as changes in roles and
responsibilities, into the IT environment quickly and
with minimal disruption to service.
SMFs within the changing quadrant include:

Change management

Configuration management

Release management

Change Management
Since most IT systems are heavily interrelated, any
changes made in one part of a system may have
profound impacts on another. The change management
SMF is responsible for managing changes to ensure that
all parties affected by a given change are aware of and
understand the impact of the impending change. It is
also responsible for minimizing or mitigating
disruptions or adverse effects due to change. Change
management should be applied to any asset in the
environment that is necessary for meeting the service
level requirements of the solution. The change
management SMF utilizes such processes, artifacts, and
authorities as change controls, requests for changes, and
the change advisory board.

Service Management Function Guide

18

Configuration Management
The configuration management SMF is responsible for
identifying, recording, tracking, and reporting of key IT
components or assets called configuration items (CIs).
The information captured and tracked depends on the
specific CI, but often includes a description of the CI, the
version, constituent components, relationships to other
CIs, location/assignment, and current status.
Configuration items typically correspond to each of the
assets placed under the control of the change
management SMF. CIs are typically recorded in a
configuration management database (CMDB). The
configuration management SMF is concerned with
establishing, maintaining, and managing the CIs and
CMDB.

Release Management
Release management facilitates the introduction of
software and hardware releases into managed IT
environments. This SMF is the coordination point
between the release development/project team and the
operations groups responsible for deploying the release
into production. Release management coordinates with
the change and configuration management processes to
ensure that the shared CMDB is kept up-to-date with
changes implemented by new releases and that the
software content of those releases is stored in the
Definitive Software Library (DSL). Release management
builds and manages release rollout plans and works
with development teams and the customer during
planning and development in order to facilitate a
smooth rollout.

Overview

19

Operating Quadrant
The operating quadrant includes the IT operating
standards, processes, and procedures that are applied
regularly to service solutions to achieve and maintain
service levels within predetermined parameters. The
goal of the operating quadrant is highly predictable
execution of day-to-day tasks, both manual and
automated. This is accomplished through the provision
of detailed, prescriptive operating guides and references
for each of the service solutions controlled by IT.
SMFs within the operating quadrant include:

System administration

Security administration

Directory services administration

Network administration

Service monitoring and control

Storage management

Print and output management

Job scheduling

System Administration
System administration is responsible for keeping the
enterprise systems running. System administration
oversees the entire distributed processing environment.
It coordinates the activities of the other SMFs within the
quadrant and ensures that the SMFs are performed
efficiently and effectively.

Security Administration
Security administration maintains a safe computing
environment, ensuring that all data within the system is
secure and complete. The SMF is responsible for the six
basic requirements that help ensure data confidentiality,
integrity, and availability. These six basic requirements
are: user identification, authentication, access control or
authorization, confidentiality, system integrity, and
nonrepudiation.

Service Management Function Guide

20

Directory Services Administration

Directory services allow users and applications to find
such network resources as users, servers, applications,
tools, services, and other information over the network.
Directory services administration deals with the day-today operations, maintenance, and support of the
enterprise directory. The goal of directory services
administration is to ensure that information is accessible
through the network by any authorized requester by
means of a simple and organized process.

Network Administration
Network administration is the process of managing and
running all networks within an organization. Network
administration, a comprehensive discipline that must
manage people, processes, and the technologies with
which they interact, is responsible for the maintenance
of the physical components (such as servers, routers,
switches, and firewalls) that make up the organizations
network.

Service Monitoring and Control

Service monitoring allows the operations staff to observe
the health of an IT service in real time. System
components that are typically monitored to ensure that
IT service remains available include process heartbeats,
job and queue status, server response times and resource
loading, and others. The control portion of the SMF
refers to the notifications or actions provided through
the SMF to ensure that appropriate actions are taken in
response to indicators of system failure or diminished
performance.

Storage Management
Storage management deals with on-site and off-site data
storage for the purposes of data restoration and
historical archiving. The storage management team must
ensure the physical security of backups and archives.
The goal of storage management is to define, track, and
maintain data and data resources in the production IT
environment through appropriate planning, policy
setting, and monitoring for the management of storage
assets.

Overview

21

Print and Output Management

Print and output management is concerned with all data
that is printed or compiled into reports that are
distributed to various members of the organization. The
print and output management team must ensure that
any sensitive printed material is properly secured. The
goal of print and output management is to control data
and reports output production and distribution in line
with service level agreements. Print and output
managements area of responsibility includes planning,
managing, and setting standards for all printing assets
and related activities.

Job Scheduling
Job scheduling involves the continuous organization of
jobs and processes into the most efficient sequence. The
intent of this function is to maximize system throughput
and utilization to meet service level agreement and user
requirements, and optimize the use of available capacity.
Job scheduling is closely tied to service monitoring and
control and to capacity management.

Service Management Function Guide

22

Supporting Quadrant
Processes and activities found within the supporting
quadrant are associated with resolving incidents, events,
and requests in accordance with performance criteria
contained in the service level agreement. The key
objective of this quadrant is the timely resolution of
incidents, problems, and inquiries for end users of the IT
services provided. SMFs within the supporting quadrant
utilize both reactive and proactive functions to manage
services in accordance with service level agreements.
The three service management functions that support
this MOF quadrant include:

Service desk

Incident management

Problem management

Service Desk
The service desk is the key service management function
of the supporting quadrant. It coordinates all activities
and customer communications about incidents,
problems, and inquiries related to production systems. It
is the single point of contact between service providers
and customers/users on a day-to-day basis. Requests
come to the service desk for help on solving issues and
problems across a vast array of applications,
communication systems, desktop configurations, and
facilities. The three primary areas within which the
service desk operates are incident management, self
help, and customer relationship management. In
particular, service desk interacts closely with incident
management in performing their respective functions
and procedures.

Incident Management
Incident management is the process of managing and
controlling faults and disruptions in the use or
implementation of IT services as reported by customers
or IT partners. The primary goal of incident
management is to restore normal service operation as
quickly as possible and minimize the adverse impact on
business operations, thus ensuring the maintenance of
the best possible quality and availability of levels of
service within the limits of the service level agreement.

Overview

23

Problem Management
Problem management seeks to ensure stability in service
solutions by identifying and removing errors in the IT
infrastructure. Problem management is responsible for
clearly defining the overall support model used,
escalation procedures, incident correlation, root cause
analysis, problem resolution, and reporting of incidents
and their resolution.

Service Management Function Guide

24

Optimizing Quadrant
The optimizing quadrant includes the service
management functions for managing (decreasing) costs
while maintaining or improving service levels. This
includes review of outages/incidents, examination of
cost structures, staff assessments, and availability and
performance analysis, as well as capacity forecasting.
The optimizing functions described are typically
performed in an iterative fashion over time: performing
modifications, noting performance and cost, and then
repeating the cycle.
The six service management functions contained within
the optimizing quadrant include:

Service level management

Financial management

Capacity management

Availability management

Service continuity management

Workforce management

Service Level Management

Service level management provides a structured way for
consumers and providers of IT services to meaningfully
discuss and assess how well a service is being delivered.
The primary objective of service level management is to
provide a mechanism for setting clear expectations with
the customer and user groups with respect to the service
being delivered, as well as negotiating how to measure
performance against these requirements. Activities
completed under the auspices of service level
management include creating a catalog of services,
identifying requirements, negotiating service level
agreements, and managing service continuity,
availability, capacity, and workforce.

Financial Management
Financial management ensures that any solution
proposed by a foundational SMF (service continuity,
availability, capacity, or workforce) meets the
requirements defined in service level management
(SLM) and is justified from a cost and budget
standpoint. This is often referred to as a cost-benefit

Overview

25

analysis. Activities performed within the function

include such standard accounting practices as
budgeting, cost allocations, and others.

Capacity Management
Capacity management activities include planning,
sizing, and controlling service solution capacity to
satisfy user demand within the performance levels set
forth in the service level agreement. This requires the
collection of information about usage scenarios,
patterns, and peak load characteristics of the service
solution, as well as stated performance requirements.
These data collection activities are included in the
service management function.

Availability Management
The singular goal of availability management is to
ensure that the customer can use a given IT service at
any time. This requires heavy involvement through the
requirements and planning phases of the project in order
to carefully evaluate requests for change within the
production environment and to minimize adverse effects
on availability.

Service Continuity Management

Service continuity management, also known as
contingency management, focuses on minimizing the
disruptions to business by the failure of mission-critical
systems. This process deals with planning to cope with
and recover from an IT disaster. It also provides
guidance on safeguarding the existing systems by the
development and introduction of proactive and reactive
countermeasures. Service continuity management also
considers what activities need to be performed in the
event of a service outage not attributed to a full-blown
disaster.

Workforce Management
Achieving the objectives described for each of the
service management functions requires an adequately
skilled and trained workforce. The workforce
management function implements best practices to
continuously assess key aspects of the IT workforce and
make appropriate investments and changes as

Service Management Function Guide

necessary. Activities performed within this function

include recruiting, skills development, knowledge
transfer, competency levels, team building, process
improvements, and resource deployment.

26

Overview

27

Next Steps
This document provided introductory level information
pertaining to the intent, organization, structure, and
interrelationships of the Microsoft Frameworks
(Microsoft Solutions Framework and Microsoft
Operations Framework) and the underlying core models
and principles of MOF.
Additional, detailed information on the frameworks
themselves is available through technical papers
available at the Microsoft public Web site, located at
http://www.microsoft.com/mof.
For practitioners who want to learn more about specific
service management functions, detailed guides have
been prepared for each. These SMF guides provide
prescriptive guidance for the processes and procedures
required to fulfill each of the service management
functions. In addition to this guidance, service offerings
and training are also available for selected SMFs. These
offerings are available through Microsoft Solutions for
Management, either in combination or as standalone
services or courseware.

Service Management Function Guide

Appendixes

28

Overview

29

Appendix A: Glossary
absorbed overhead
Overhead that, by means of absorption rates, is included
in costs of specific products or saleable services in a
given period of time. In turn, under- or over-absorbed
overhead is the difference between overhead cost
incurred and overhead cost absorbed; it may be split
into its two constituent parts for control purposes.

absorption costing
A principle whereby fixed, as well as variable, costs are
allotted to cost units and total overheads are absorbed
according to activity level. The term may be applied
where either production costs, or costs of all functions,
are so allotted.

abstentions
A member may abstain due to lack of impact of the
change in his or her area of responsibility.

accept
One of three key concepts in the Microsoft approach to
managing project trade-offs. It refers to accepting costs
and resources as a time-and-materials strategy. See also
optimize and constrain.

acceptance test
A release readiness test used to validate whether the
technical solution satisfies the usability and operability
requirements specified in the functional specification.

access control
The access and privileges granted to users so that they
can perform certain authorized functions on a system.

accessing configuration items

One of four major, ongoing configuration management
activities that occur after setup. It encompasses a request
for information (initiated by a person or an automated
process) about a configuration item listed in the CMDB,
the retrieval of the information, and its presentation.

Service Management Function Guide

30

actions
An action can be a script, program, command,
application start, or any other remedial response that is
required. Typical actions include automated actions,
operator-initiated actions, or operator-driven actions.
Actions are generally defined to correct an event that
represents an incident within the IT infrastructure;
however, actions can also be used to perform daily tasks,
such as starting an application every day on the same
node.

advice
Advice is more commonly known as an alert. It is a
notification that an operational event requiring attention
may have occurred. An alert is generated when
monitoring tools and procedures detect that something
has happened, either at the service, service function, or
component level.

agent
(1) A common term used in the computer industry to
describe an executable software component that is
capable of performing some type of action(s) on behalf
of one or more users. In the system and network
management domain, agents typically can be configured
for specific thresholds and used to monitor specific
thresholds of interest to an administratorfor example,
error thresholds, performance thresholds, and capacity
thresholds.
(2) A service that runs on every computer you want to
monitor. An agent captures information from the
computer on which it is running. An agent applies
predefined processing rules to the captured data and
performs actions as defined by the processing rules.

alarm
An alarm is a system notification that an event that has
been defined as being of interest has occurred.

alert
An indication that a significant event, such as the breach
of a threshold, has occurred. Alerts are defined by
processing rules.

alert forwarding
A feature that sends alerts from one configuration group
to another. Features allow for the creation of an efficient

Overview

31

hierarchical alert management structure for large

enterprise networks.

alert rule
A processing rule that specifies one response for a
number of previously defined alerts.

alert severity
A property of an alert indicating its seriousness.
Examples include Service Unavailable, Security Breach,
Critical Error, Error, Warning, Information, and Success.

allocated cost
A cost that can be directly identified with a business
unit.

American Standard Code for Information Interchange (ASCII)

A standard, single-byte character encoding scheme used
for computer text-based data. ASCII uses designated 7bit or 8-bit number combinations to allow either 128 or
256 possible characters to be represented. Standard
ASCII uses 7 bits to represent all uppercase and
lowercase letters, the numbers 0 through 9, punctuation
marks, and special control characters used in U.S.
English. Most current, Intel-based systems support the
use of extended (or high) ASCII. Extended ASCII
allows the eighth bit of each character to be used to
identify an additional 128 special symbol characters,
foreign-language letters, and graphic symbols.

analyze
Measure the exposure.

application
The application is the top-most layer of the IT stack. The
application is the piece of IT that most users see. In order
to provide a service, such as accounting, the users make
use of an application, such as SAP Financials.
apportioned cost
A cost that is shared by a number of business units (an
indirect cost). This cost must be shared equitably
between these units.

approval logic
Pre-defined guidelines for the CAB vote to approve or
reject the RFC within the change authorization process.

Service Management Function Guide

32

asset
(1) A component that is managed by the organization
from the perspective of its balance sheet value.
(2) A component of a business process. Assets can
include people, accommodation, computer systems,
networks, paper records, fax machines, and so on.

attribute
A computer characteristic typically defined by a registry
key or value.

authentication
The method by which users prove to the system that
they are who they claim to be. Authentication is used in
passwords, smart cards, biometrics, and so forth.

authoritative restore
An authoritative restore causes the restored domain
controllers replicated data to be authoritative in relation
to its replication partners. Such a restore is unusual, but
when used, it has the effect of rolling back the entire
network to the point in time of the backup. This action
may be used to restore erroneously deleted information
of a replicated set of data.

authorization
A process that verifies that the user has the correct rights
or permissions to access a resource in a domain.

automated actions
Message-linked, pre-configured responses to eventgenerated incidents. Automated actions do not require
any operator intervention and usually start as soon as a
message is received. An operator can manually restart or
stop automated actions if and when necessary.

availability
The ability of a component or service to perform its
required function at a stated instant or over a stated
period of time. It is usually expressed as the availability
ratio, that is, the proportion of time that the service is
actually available for use by the customers within the
agreed service hours.

Overview

33

availability management
(Noun) A MOF service management function in the
optimizing quadrant. It employs the process of
describing, managing, directing, and proactively
maintaining the availability of information and services
at a reasonable cost and in accordance with agreed-upon
service delivery levels.
(Verb) Ensuring that current and future service
provision meets the business requirements/expectations,
is seen as cost-effective/value adding, and can be
recovered in the event of a service interruption.

availability plan
A plan that is compiled and/or refined within the
availability management process. The availability plan
sets out what availability is necessary in the long term.
The plan contains a number of set scenarios with respect
to future availability requirements.

back out plan

A documented plan detailing how a specific change, or
release, can be un-done after being applied, if deemed
necessary.

backup
This term is most commonly used to refer to a copy of all
the files on a computers disks that is made periodically
and kept on magnetic tape or another removable
medium (also called a dump).

bandwidth
In analog communications, the difference between the
highest and lowest frequencies in a given range. For
example, an analog telephone line accommodates a
bandwidth of 3,000 hertz (Hz), the difference between
the lowest (300 Hz) and highest (3,300 Hz) frequencies it
can carry. In digital communications, bandwidth is
expressed in bits per second (bps).

baseline
A frozen picture of the IT environment at a set point
in time that identifies the structure of the IT
environment and the underlying dependencies of the
components of that environment.

batch system
A system that takes a set of commands or jobs, executes
them, and returns the results, all without human

Service Management Function Guide

34

intervention. This type of system contrasts with an

interactive system in which the users commands and
the computers responses are interleaved during a single
run. A batch system typically takes its commands from a
disk file (or a set of punched cards or magnetic tape in
the past) and returns the results to a file (or prints them).
Often there is a queue of jobs that the system processes
as resources become available.

best practices
An optimal set of procedures and functional principles
that, when followed, produce superior system reliability,
availability, supportability, and manageability, resulting
in effective IT service management.

bits per second (bps)

The number of bits transmitted every second, used as a
measure of the speed at which a device, such as a
modem, can transfer data. A character is made up of 8
bits. In asynchronous communication, each character
may be preceded by a start bit and may terminate with a
stop bit. In this case, 10 bits are transmitted. For
example, if a modem communicates at 2,400 bits per
second (bps), then 240 characters are sent every second.

boundaries of responsibility
The scope of the IT environment within which the
configuration management function is responsible to
track and control IT components established as
configuration items. Boundaries are established during
the setup process and are usually delineated either
geographically or organizationally.

breakdown
An incidental, short-term interruption of automated
information services.

bug
See error

business consequence
In the MOF risk model, a description of the way in
which the operational consequence would affect the
business as a whole.

business continuity plans

Documents describing the roles, responsibilities, and
actions necessary to resume business processes
following a business interruption.

Overview

35

business function
A business unit within an organizationfor example, a
department, division, or branch.

business impact
Measure of the business criticality of an incident or
problem. Often equal to the extent to which an incident
leads to distortion of agreed-upon or expected service
levels.

business process
A group of business activities undertaken by an
organization in pursuit of a common goal. Typical
business processes include receiving orders, marketing
services, selling products, delivering services,
distributing products, invoicing for services, and
accounting for money received. A business process
usually depends on several business functions for
supportfor example, IT, personnel, and
accommodation. A business process rarely operates in
isolation, that is, other business processes will depend
on it and it in turn will depend on other processes.

business unit
A segment of the business entity through which
revenues are received and expenditures are caused or
controlled. These revenues and expenditure are used to
evaluate segmental performance.

CAB
See change advisory board.

CAB/EC
See change advisory board emergency committee.

call
The initial contact between an IT customer and the
service desk before any details are recorded.

capacity management
(Noun) A MOF service management function in the
optimizing quadrant. The process of describing,
managing, directing, and proactively maintaining the
capacity of information and supplied services in
accordance with agreed-upon quality performance
levels and processing capacity at reasonable cost.
(Verb) Ensuring that current and future business
requirements for IT services are considered, planned,
and implemented in a timely fashion. It also ensures that

Service Management Function Guide

36

the performance of the IT services used by the customers

(as detailed in the targets in the SLAs and SLRs) and all
components in the IT infrastructure that have finite
resource are monitored, measured, analyzed, and
reported.

capacity planning
The process of forecasting system and environment
utilization and workloads and then developing plans to
ensure that the system and environment will be able to
support anticipated performance demands.

capital costs
Typically, those costs that apply to the physical
(substantial) assets of the organization. Traditionally,
capital costs involved the accommodation and
machinery necessary to produce the enterprises
product. Capital costs are the purchase or major
enhancement of fixed assetsfor example, computer
equipment (building and plant) and are often also
referred to as one-off costs.

capital investment appraisal

The process of evaluating proposed investment in
specific fixed assets and the benefits to be obtained from
their acquisition. The techniques used in the evaluation
can be summarized as non-discounting methods (simple
pay-back, for example), return on capital employed, and
discounted cash flow methods yield, net present value,
and discounted pay-back.

capitalization
The process of identifying major expenditure as
capitalwhether there is a substantial asset or notto
reduce the impact on the current financial year of such
expenditure. The most common item to which
capitalization is applied is software, whether developed
in house or purchased from a third party.

category
A classification used to group incidents of a similar
nature.

change
(Noun) Any new IT component deliberately introduced
to the IT environment that may impact an IT service
level or that otherwise affect the functioning of the
environment or one of its components.

Overview

37

(Verb) The addition, modification, or removal of

approved, supported, or baselined hardware, network,
software, application, environment, system, desktop
build, or associated documentation.

change advisory board

A group of people representing service delivery and
support functions that are responsible for assessing,
planning, and authorizing changes to the IT
environment. This board is a key component of a formal
change management process and is likely to be made up
of representatives from all areas within IT, along with
representatives from business units.

change advisory board emergency committee (CAB/EC)

A small decision-making body that deals only with
emergency changes. It is established to be able to meet
on short notice to authorize or reject changes with
emergency priority.

change authority
A group that is given the authority to approve change,
by a project board, for example. Sometimes referred to
as the configuration board.

change authorization
An approval process driven by the change manager that
gives the IT organization structure and control over
which changes are deployed.

change category
The measurement of a changes deployment impact on
IT and the business. The change complexity and
resources required, including people, money, and time,
are measured to determine the category. The risk of the
deployment, including potential service downtime, is
also a factor.

change classification
The assigning of a priority and a category to the change,
using its urgency and its impact on the users and
infrastructure as criteria. It provides a way to align the
business impact of a change with its deployment speed
and mechanism. The four change classifications are:
major, significant, minor, and standard.

Service Management Function Guide

38

change control
The procedure that ensures that all changes are
controlled, including the submission, analysis, decision
making, approval, implementation, and postimplementation of the change.

change development
The planning and development of a change. The process
can vary immensely in scope and includes reviews at
key interim milestones.

change history
Auditable information records that describe what was
done, when it was done, by whom, and why.

change initiator
A person who initiates a request for change.

change log
A log of requests for change raised during a project. The
change log contains information on each change, its
evaluation, what decisions have been made, and its
current status, including raised, reviewed, approved,
implemented, or closed.

change management
(Noun) A MOF service management function in the
changing quadrant. It employs the practice of
administering changes with the help of tested methods
and techniques in order to avoid new errors and
minimize any impact on the agreed-upon IT service
levels in accordance with service level agreements.
(Verb) Making changes to the infrastructure, or any
aspect of services, in a controlled manner. Change
management enables approved changes with minimum
disruption.

change management process

The formal steps and process flow that each request for
change must follow. The steps in this process include:
change request, change classification, change
authorization, change development, change release, and
change review.

change manager
The role that has overall management responsibility for
the change management process in the IT organization.

Overview

39

change owner
The role that is responsible for planning and
implementing a change in the IT environment. The
change owner role is assigned to an individual for a
particular change by the change manager and assumes
responsibilities upon receiving an approved RFC. The
change owner is required to follow the approved change
schedule.

change priority
A change classification that determines the speed with
which a requested change is to be approved and
deployed. The urgency of the need for the solution and
the business risk of not implementing the change are the
main criteria used to determine the priority. Four typical
priority levels are: emergency, high, medium, and low.

change record
A record containing details of which configuration items
are affected by an authorized change (planned or
implemented) and how.

change release
The deployment of a change into the IT production
environment by release management.

change request
The formal initiation of a change through the submission
of a request for change.

change review
A change management process activity that refers to a
post-deployment evaluation of whether the change is
achieving the goals that were established for it.

changing quadrant
The first quadrant in the MOF process cycle where a
new release is prepared and then released into
production. The changing quadrant starts with a release
approved review, to determine if the release is ready for
implementation in the target environment, and
culminates in the release readiness review, in which the
release is assessed for effective implementation.
Examples of changing quadrant activities include:

Verifying the readiness of the release.

Verifying the release functionality in the physical

environment.

Service Management Function Guide

Verifying the preparedness of the operations staff

and processes.

Creating and following through on the installation

plan.

Creating a contingency plan.

Analyzing potential impacts on other systems.

40

changing quadrant mission of service

The effective introduction of approved changes into the
IT environment quickly and with minimal disruption of
service. Changes can be made to technologies, such as
systems, applications, hardware, and tools, or to
processes, procedures, and documentation.

charging
The process of establishing charges in respect to
business units and raising the relevant invoices for
recovery from customers.

CI
See configuration item.

classification
(1) The grouping of items by classes or categories.
(2) An expression of the value of items by placing them
in a certain order on the basis of category, impact, and
urgency. Also, the process of formally grouping
configuration items by type (for example, software,
hardware, documentation, environment, application).
Classification can be used to support decisions based on
priorities.
(3) The process of formally identifying incidents,
problems, and known errors by origin, symptoms, and
cause.

client
A computer system or process that requests a service
from another computer system or process (a server),
using some kind of protocol, and accepting the servers
responses. For example, a workstation that requests the
contents of a file from a file server is a client of the file
server.
A client is part of client/server software architecture.

Overview

41

client/server
The combination of software, hardware, and network
components in which one or more clients (computers)
request services from one or more servers (computers)
and through which the computer network functions for
the user as one computer.

closure
The process of confirming customer satisfaction and
then formally closing an incident record or problem
record.

closure category
A classification used to group incidents or problems at
closure, depending on their root cause.

cluster
A collection of nodes that appears to be a single-server
system, allowing for greater application availability and
scalability than would be possible with a single system.

CMDB
See configuration management database.

company knowledge base

The information added to alerts or processing rules
about resolving the indicated condition.

component
An individual part of the product, including the agent,
consolidator, Data Access Server (DAS), or database.

computer group
Collection of computers with some attribute in common.
Computer groups are defined by computer grouping
rules for similar event management.

computer view
A window that displays specified computers in the
configuration group.

Computer-Telephony Integration (CTI)

The use of technology to integrate computer applications
with telephony equipment.

confidentiality
A component of encryption. Confidentiality mechanisms
ensure that only authorized people can see data stored
on or traveling across the network.

Service Management Function Guide

42

configuration baseline
A configuration of a product or system established at a
specific point in time, which captures both the structure
and details of that product or system and enables that
product or system to be rebuilt at a later date.

configuration control
Activities that control changes to configuration items.
They include evaluation, coordination, approval, or
rejection of changes.

configuration group
A group of computers containing the following
Microsoft Operations Manager 2000 components: one
database, one or more Data Access Servers, one or more
consolidators, and one or more agents.

configuration item (CI)

An IT component that is under configuration
management control. Each CI can be composed of other
CIs. CIs may vary widely in complexity, size, and type,
from an entire system (including all hardware, software,
and documentation) to a single software module or a
minor hardware component.

configuration item attributes.

The information recorded in the CMDB for every
configuration item identified, ranging from the items
name, description, and location to technically detailed
configuration settings and options.

configuration management
(Noun) A MOF service management function in the
changing quadrant. It employs the process of identifying
and defining configuration items in a system, recording
and reporting the status of configuration items and
requests for change, and verifying the completeness and
correctness of configuration items.
(Verb) Identifying and defining configuration items in a
system, recording and reporting the status of
configuration items and requests for change, and
verifying the completeness and correctness of
configuration items.

Overview

43

configuration management database

A database that contains all relevant details of each
configuration item (CI) and details of the important
relationships between CIs. The database can include ID
code, copy and serial number, category, status, version,
model, location, responsibility, historical information
about the item, and so on. The level of detail contained
in this database depends either on the aims or on the
degree to which information is to be available.

configuration manager
The role that is responsible for managing the activities of
the configuration management process for the IT
organization. The role also selects, assigns
responsibilities to, and trains the configuration
management staff.

consolidation rule
A processing rule for grouping multiple events from a
computer into a single summary event.

contingency plan
A product of the service continuity management
process. It is a plan for an alternative system or manner
of conducting business during an IT crisis.

continuity
The uninterrupted consistency and persistence of
processes and the certainty that the processes will
continue in operation. See also service continuity
management.

control
The act of reacting to and implementing the plan.

corrective action
See resolution action.

cost
The amount of expenditure (actual or notional) incurred
on, or attributable to, a specific activity or business unit.

cost effectiveness
The act of ensuring that there is a proper balance
between the quality of a service and the resources
expended on it. Any investment that increases the costs
of providing IT services should always result in
enhancement to service quality or quantity.

Service Management Function Guide

44

costing
The process of identifying the costs of the business and
breaking them down and relating them to the various
activities of the organization.

cost management
All the procedures, tasks, and deliverables that are
needed to fulfill an organizations costing and charging
requirements.

cost unit
In the context of CSBC, the cost unit is a functional cost
unit that establishes standard cost per workload element
of activity, based on calculated activity ratios converted
to cost ratios.

countermeasure
A technological or procedural response to address a
single point of failure or other threat to the availability
of an IT service. Two examples of countermeasures are
the use of redundant power supplies and the
implementation of a proven database backup procedure.

current values
A current value is defined as the real time value of an
item of data that is deemed to be of sufficient criticality
to be permanently monitored. Current values are used
to ensure that service is maintained or recovered
quickly.

customer
The recipient of a service.

data access server (DAS)

A component that receives events from the consolidators
and inserts them into the database. Requests for data
from the database and requests to insert data into the
database typically go through the DAS.

data availability
In security terms, the ability of authorized users to
access the data they need when they need it.

data backup
The process of periodically moving data from one type
of medium (typically hard disk) to a secondary storage
medium for potential retrieval at a later date.

Overview

45

database
A central product component that stores information,
including events, alerts, rules, and scripts.

data confidentiality
In security terms, the ability to restrict data accessibility.

data integrity
In security terms, ensuring that data presented to
authorized users is accurate and not improperly
modified.

data recovery
The process of completely restoring data to the state it
was in at a previous point in time. Data recovery is
usually performed as a result of some kind of disaster
that has caused serious data loss, corruption, or both.

data restore
A restore is the process of retrieving data (a single file or
many files) from a storage medium to a target location
(typically a hard disk).

DCAM
Database Access Server (DAS), Consolidator (C), and
Agent Manager (AM) components of MOM, which sit
between the collection agents and the central
database(s).

decision support system (DSS)

A decision support system (DSS) provides answers to
common business requests for information. An
individual RDBMS query supplies a component of the
information necessary to make a business decision.
Decision support system (DSS) solutions are known for
their flexibility or the ability to supply as-needed
information.

definitive hardware store (DHS)

A physical space set aside for the secure storage of spare
hardware components. These components are
maintained at the same level as the comparative systems
within the production environment. Details of these
components and their respective builds and contents
should be comprehensively recorded in the CMDB.
These can then be used in a controlled manner when
needed for additional systems or in the recovery from
major incidents.

Service Management Function Guide

46

definitive software library (DSL)

(1) A storage repository, such as a filing cabinet or safe,
for master copies of applications and licenses used in the
IT environment.
(2) A secure software library where all versions of
software CIs that the CAB has approved for deployment
are held in their definitive, quality-controlled form.

depreciation
The loss in value of an asset due to its use and/or the
passage of time. The annual depreciation charge in
accounts represents the amount of capital assets used up
in the accounting period. It is charged in the cost
accounts to ensure that the cost of capital equipment is
reflected in the unit costs of the services provided using
the equipment. There are various methods of calculating
depreciation for the period, but convention usually
recommends the use of current cost asset valuation as
the basis for the depreciation charge.

detection
The process of detecting an incident, either
automatically via an event management system, or by a
report from a human contact.

diagnosis
The process of determining the cause of an incident or
problem.

differential charging
Charging business customers different rates for the same
work, typically to dampen demand or to generate
revenue for spare capacity. This method can also be used
to encourage off-peak or nighttime running.

digital certificate
An attachment to an electronic message used for security
purposes. The most common use of a digital certificate is
to verify that a user sending a message is who he or she
claims to be, and to provide the receiver with the means
to encode a reply.

direct cost
A cost that is incurred for, and can be traced in full to, a
product, service, cost center, or department. Direct cost
is an allocated cost. Direct costs are direct materials,
direct wages, and direct expenses.

Overview

47

direct costs
Costs that can be traced to a particular activity or
organizational department.

directory
A directory is an information or data source used to
store information about objects. A telephone directory
stores information about telephone subscribers. In a file
system, the directory stores information about files.

directory service
Directory services allow users and applications to find
network resourcessuch as users, servers, applications,
tools, services, and other informationover the
network. The goal of directory services is to ensure that,
through a simple and organized process, information is
accessible through the network by any authorized
requester.

directory services administration

A MOF service management function in the operating
quadrant. It provides the day-to-day operations,
maintenance, and support of the enterprise directory.

disaster recovery
Similar to a contingency plan, however, it traditionally
refers to a recovery from a natural disaster. The
contingency plan may anticipate and serve the purpose
of the disaster recovery plan if it is broad in scope.

discounted cash flow

An evaluation of the future net cash flows generated by
a capital project by discounting them to their presentday value. The two methods most commonly used are:
the yield method, for which the calculation determines
the internal rate of return (IRR) in the form of a
percentage; and the net present value (NPV) method, in
which the discount rate is chosen and the answer is a
sum of money.

discounting
The offering to business customers of reduced rates for
the use of off-peak resources. See also surcharging.

disk cluster
A technology solution that allows an organization to
connect two or more computers together in such a way
that they appear to act as a single computer.

Service Management Function Guide

48

distributed transaction processing (DTP)

Capacity planning may leverage input from software
conforming to the distributed transaction processing
(DTP) model, a widely recognized international
standard established by X/Open for promoting
interoperability between heterogeneous computer
systems. Distributed transaction processing (DTP)
software is deployed to monitor on line transactions and
administer business critical, on line transaction
processing (OLTP) applications in distributed,
client/server environments. Middleware, such as
transaction monitors, are included in the more general
information category of DTP. Not to be confused with
desktop publishing, which can also be referred to with
the DTP acronym.

documentation coordinator
The role that is responsible for reviewing existing
manuals and changing them as needed to support the
modifications to the production environment.

downtime
The unavailability of one or more configuration items
(CIs). It is measured from the start of the incident to the
restoration of an IT service.

DSL
See definitive software library.

duplicate alert suppression

A feature that combines multiple, identical alerts within
a specified period of time into one alert.

egress
Egress can be defined as anything that leaves the facility
or is connected externally. Primary egress facilities are
typically outside of the direct control of the IT
department and therefore must be provided by another
party. Because of their criticality, IT may be required to
provide secondary sources for all egress services in the
event of a failure of the primary system. Egress services
typically consist of security, water, sewage, janitorial
service, gas, electricity, and Internet access.

elements of cost
The constituent parts of costs according to the factors
upon which expenditure is incurred, including
materials, labor, and expenses.

Overview

49

end user
See user.

environment
A collection of hardware, software, network
communications, and procedures that work together to
provide a discrete type of computer service. There may
be one or more environments on a physical platform
for example, test and production. Environments have
unique features and characteristics that dictate how they
are administered in similar, yet diverse, manners.

error
A defect in software or hardware that causes a
malfunction. Known in the vernacular as a bug. See also
known error.

error detection
A technique for detecting when data is lost during
transmission. This allows the software to recover lost
data by notifying the transmitting computer that it needs
to retransmit the data.

escalation
The process of raising the profile of a problem to
increase the awareness and/or resources available to
resolve it. See also functional escalation and management
escalation.

event
An occurrence within the IT environment (usually a
fault or incident) detected by a monitoring tool or an
application that is consistent with pre-defined threshold
values (within, exceeding, or falling below). An event is
deemed to require some sort of response, or, at a
minimum, is worth recording for future consideration or
an entry to be added to a log.

event consolidation
Combining multiple events into one event. The single
event identifies the number of consolidated events and
when the first and last consolidated events occurred.

event correlation
Event correlation is the process by which organizations
can identify the relationships between events. When
identified, event correlation can produce a smaller (that
is, more manageable) set of events with either the same
or more information content.

Service Management Function Guide

50

event log
Event logs are files in which events are stored. Every
operating system has its own set of event logs and
applications (for example, network and system
management systems).

event management system

A software tool designed to monitor and record events
occurring within components of the IT infrastructure.

event rule
A processing rule for generating an alert when specific
events occur.

event view
A window that displays specified events in the
configuration group.

evidence
Information indicating the nature and/or cause of an
incident or problem.

exception report
A report detailing an identified discrepancy.

existing problem
A problem that has been identified, which may or may
not have a workaround, but does not yet have an
identified resolution.

expert user
See super user.

facilities
Facilities consist of the building that houses the data
center, along with any associated components. These
components may consist of edifices, environmental
controls, physical security, fire suppression systems, or
human convenience.

facilities management
The process involved in the management of physical
structures that support the operations environment. It
includes property, utilities, power backup, property
maintenance, and monitoring. This process is often
managed by external specialists.

Overview

51

filter
A technology allowing different administrators to only
see the events they have defined as important to them.
For example, a storage management administrator
would filter events to show only storage management
events. Most third-party management systems can be
configured to filter events.

financial management
A MOF service management function in the optimizing
quadrant. It provides the sound management of
monetary resources in order to support organizational
goals. Financial management may include cost
accounting, budgeting, project investment appraisals,
and in some organizations, cost recovery.

financial year
An accounting period covering 12 consecutive months.

firewall
A dedicated gateway computer with special security
precautions on it. It is used to service the outside
network, especially Internet connections and dial-in
lines. The idea of a firewall is to protect a cluster of more
loosely administered machines hidden behind it from
hackers. The typical firewall is an inexpensive
microprocessor-based device containing no critical data.
The firewall has modems and public network ports
connected to it, but just one carefully watched
connection back to the rest of the cluster. The special
precautions taken within a firewall may include threat
monitoring, call-back, and even a complete iron box
configurable to particular incoming IDs or activity
patterns.

font
A graphic design applied to a collection of numbers,
symbols, and characters. A font describes a certain
typeface, along with other qualities, such as size,
spacing, and pitch.

forwarding
See alert forwarding.

forward schedule of changes

A master schedule of planned changes that contains
details of all the changes approved for deployment,
including their proposed deployment dates.

Service Management Function Guide

52

frequently asked question (FAQ)

A query for which an answer is often requested.

full cost
The total cost of all the resources used in supplying a
servicefor example, the sum of the direct costs of
producing the output, a proportional share of overhead
costs, and any selling and distribution expenses. Both
cash costs and notional (non-cash) costs should be
included, including the cost of capital. See also total cost
of ownership.

full release
A release that replaces all components of a release unit,
regardless of whether they have changed since the last
version of the software.

function
Description of the performance of a feature, product, or
component.

functional escalation
The process of assigning additional resources or skills to
an incident in order to meet service targets. See also
escalation and management escalation.

functional management
A process responsible for the maintenance of the
functionality of an information system that is central to
its use.

go/no-go decision
The formal management decision to proceed or not
proceed with the deployment of a release into the
production environment. This decision is made during
the release readiness review. This term is also sometimes
used to indicate milestone approvals during the change
development process.

hardware
A layer of the MOF IT infrastructure. Hardware, as used
here, represents a wide range of component types. While
not a comprehensive list, hardware certainly contains
computers and storage devices. Within each of these
there can be memory, fans, power supplies, and many
other device types. Regardless of how it is defined, extra
hardware and spare parts need to be allocated to a data
center in order to replace pieces that might fail.

Overview

53

hierarchical escalation
See management escalation.

hub
A network device that forwards every incoming packet
out through all of its ports. See also switch.

Hypertext Markup Language (HTML)

A simple markup language used to create hypertext
documents that are portable from one platform to
another. HTML files are simple ASCII text files with
embedded codes (indicated by markup tags) to denote
formatting and hypertext links.

identification
Any mechanism used to uniquely identify a user or a set
of privileges on a system. Identification can be likened to
a key. Access control can be likened to a lock. Both the
key and lock must match in order for a user to gain
access.

identify
The act of determining a condition and a consequence.

impact
(1) A measure of the business criticality of an incident,
problem or request for change. Often equal to the extent
of a distortion of agreed or expected service levels.
(2) In the MOF risk model, the degree of loss that the
business consequence would cause. This degree of loss is
measured on a numeric scale: the higher the impact, the
higher the number. Closely related to the ITIL meaning
of the same term, which is the business criticality of an
incident. Impact can also be measured in actual dollars
as opposed to a numeric scale.

impact analysis
(1) A quantitative research method in which a study is
conducted regarding the effects that an error or change
implementation may have on the other parts of the
configuration, along with the subsequent effects on the
service level. This analysis also considers the risks of the
error or change implementation and the potential
severity.
(2) An analysis of the potential damage or loss that may
be caused to the organization resulting from a
disruption to those processes. Business impact analysis
identifies the form the loss or damage will take, how

Service Management Function Guide

54

that degree of damage or loss is likely to escalate with

time following an incident, and the minimum staffing,
facilities and services needed to enable business
processes to continue to operate at a minimum
acceptable level and the time within which they should
be recovered. The time within which full recovery of the
business processes is to be achieved is also identified.

implementation scenario
A short overview of the organizational aspects and
scheduling relating to the execution of installation work.
The scenario involves a step-by-step plan that includes
the various actions, tests, persons responsible, and the
duration of the actions to be carried out.

implementation
The process of executing the production release and
stabilization of an IT change that encompasses one or
more configuration items (CIs).

incident
Any event that is not part of the standard operation of a
service and that causes, or may cause, an interruption to,
or a reduction in, the quality of that service.

incident count
The number of incidents that have occurred as the result
of a particular problem or known error.

incident life cycle

The series of states through which an incident passes,
from initial detection to final closure.

incident management
(Noun) A MOF service management function in the
supporting quadrant. It is the function that controls and
manages the life cycle of all incidents from occurrence to
closure.
(Verb) Restoring normal service as quickly as possible
and minimizing adverse impacts on business operations.

indirect cost
A cost incurred in the course of making a product,
providing a service, or running a cost center or
department, but which cannot be traced directly and in
full to the product, service, or department, because it has
been incurred for a number of cost centers or cost units.
These costs are apportioned to cost centers/cost units.
Indirect costs are also referred to as overheads.

Overview

55

information system
The entirety of the hardware, accompanying basic
software and applications software, datasets, persons,
and procedures required for gaining knowledge of,
directing, or supporting business processes.

information systems management

The totality of the activities involved in maintaining
information systems, the components from which they
are constructed, and their accompanying data
processing and information processes.

information technology
The architecture, structures, and processes that are the
core of an information systems strategy. The entirety of
those components (for example, computers, networks,
and information systems) with which information
provision is realized.

information technology executive committee (ITEC)

A management committee with the budget and resource
management authority to make decisions about
proposed major and significant changes within the IT
environment. ITEC is used to authorize changes when
the CAB cannot reach a decision or lacks the authority to
make a decision. ITEC decisions are final.

IT Infrastructure Library (ITIL)

A widely recognized collection of IT service
management best practice and process guides for the
management and provision of operational IT services.
Managed by the United Kingdom governments Office
of Government Commerce (OGC).

informed customer
An individual, team, or group responsible for ensuring
that monies spent on IT are directed to best effect, that is,
that the business is receiving value for money and
continues to achieve the most beneficial outcome. In
order to fulfill its role, the informed customer function
must gain clarity of vision in relation to the business
plans and assure that suitable strategies are devised and
maintained for achieving business goals. The informed
customer function ensures that the needs of the business
are effectively translated into a business requirements
specification, that IT investment is both efficiently and
economically directed, and that progress toward
effective business solutions is monitored. The informed
customer should play an active role in the procurement

Service Management Function Guide

56

process, as well as in ensuring that the services and

solutions obtained are used effectively within the
organization to achieve maximum business benefits.

infrastructure role
One of six roles in the MOF team model. It is responsible
for the evolving enterprise architecture and ensures that
plans are in place to meet the new and changing
requirements of running the business from a
networking, telecommunications, hardware, and
software perspective. Additionally, the infrastructure
role includes responsibility for shared/common data
management such as customer and product data, space,
and storage planning (data centers, field and remote
offices, test labs, development labs, and so forth), and
the tools necessary to support the infrastructure.

initial support
The process of trying to resolve an incident at first point
of contact, using information from known errors,
existing problems, previous incidents, knowledge bases,
documentation, and the implicit knowledge of initial
support staff.

initiator
The source of the initial incident or problem report.

integration
The degree to which consecutive types of actions or
work are carried out by an organizational unit.

integrity
A concept that ensures that data is not garbled,
modified, or lost during transmission across a network.
It also ensures that data is from the intended sender and
not from an impostor. Data integrity mechanisms
include checksums and digital signatures.

intellectual property
Non-tangible property that is the result of creativity.

interface
A physical or functional interaction at the boundary
between configuration items.

Overview

57

Internet Control Message Protocol (ICMP)

A maintenance protocol in the TCP/IP suiterequired in
every TCP/IP implementationthat allows two nodes
on an IP network to share IP status and error
information. ICMP is used by the ping utility to
determine the reachability of a remote system.

Internet
A specific internetwork that is available for public use.
The Internet was originally created by the Defense
Advanced Research Projects Agency (DARPA), an
agency of the United States Department of Defense, for
interconnecting military contractors and research
organizations. The U.S. military no longer controls the
Internet, however.

internetwork
A group of connected local area networks (LANs). A
network of networks. In many cases, an internetwork is
composed of LANs in distant locations connected by
means of a wide area network (WAN). Most
internetworks are proprietary and used expressly for
connecting a company to its remote offices and business
partners.

investigation
The progress of determining further details regarding an
incident.

IT infrastructure
The sum of an organizations IT-related hardware,
software, data communication facilities, procedures,
automation tools, documentation, and people.

IT infrastructure library
See information technology infrastructure library.

IT service
A described set of IT functionality that fulfills one or
more needs of the customer and supports the customers
business objectives. This term may also be used to refer
to the components (for example, computers, networks,
information systems, processes, or combination thereof)
with which customer service provision is realized.

Service Management Function Guide

58

IT service management
An approach that IT organizations can take to plan,
develop, deliver, and maintain quality IT services that
are customer-focused and process-driven, as well as
meeting both cost and performance targets as defined by
the SLA or OLA.

IT service provider
Any organizational units, whether internal or external,
that deliver and support IT services to a customer.

ITEC
See information technology executive committee.

ITIL
See information technology infrastructure library.

job scheduling
(Noun) A MOF service management function in the
operating quadrant. It involves the continuous
organization of jobs and processes into the most efficient
sequence, maximizing system throughput and
utilization to meet service level agreement (SLA)
requirements.
(Verb) Ensuring the efficient processing of data at a predetermined time and in a prescribed sequence to
maximize the use of system resources and minimizing
the impact to online users. Its goal is to ensure the
successful execution of batch runs while minimizing the
impact on live users of system resources. The main
activities of job scheduling include monitoring, analysis,
tuning, and implementation of batch runs.

key performance indicators

Significant metrics that indicate the level of functionality
and viability of a component.

knowledge base
A collection of rule comments that embodies knowledge
about the meaning and importance of events. The
Microsoft Knowledge Base contains predefined
information from Microsoft. The company knowledge
base contains information entered by the Microsoft
Operations Manager 2000 user.

known error
An incident or problem for which the root cause is
known and for which a temporary workaround or a

Overview

59

permanent alternative has been identified. If a business

case exists, an RFC will be raised; it remains a known
error, however, until it is permanently fixed by a change.

lab testing
A test conducted in a simulated, non-production
environment built to mirror the production
environment. This environment is completely
disconnected from the production environment.

life cycle
The phases an IT component goes through from the time
it is conceived to the time it is retired from service. The
life cycle represents an approval process for
configuration items, problem reports, and change
documents.

Lightweight Directory Access Protocol (LDAP)

LDAP allows an application to access any directory the
same way regardless of the directory vendor or how it is
implemented. Most general-purpose directories can be
accessed via LDAP. Applications that use LDAP have a
simplified access to multiple pieces of information from
disparate directories.

line-of-business application
A software application that is critical to the functioning
of the enterprise.

local area network (LAN)

A group of computers and other devices dispersed over
a relatively limited area and connected by a
communications link that allows one device to interact
with any other on the network.

Service Management Function Guide

60

maintainability (internal focus)

The ability of a component or an IT service, under stated
conditions of use, to be retained in or restored to a state
in which it can perform its required functions.

maintenance
Tasks aimed at the upkeep and protection of the
technical infrastructure that can result from such things
as errors in the application software, necessary extension
of the functionality, or technical developments in the
area of hardware and basic software.

major change
A change category describing changes that have a
potential impact on the highest percentage of users or on
a business-critical system. The change may be new
technology or a configuration change. It may involve
downtime of the network or a service.

major incident
An incident with a high impact, or potentially high
impact, which requires a response that is above and
beyond that given to normal incidents. Typically,
these incidents require cross-company coordination,
management escalation, the mobilization of additional
resources, and increased communications.

major problem
A problem with a high impact, or potentially high
impact, which requires a response that is above and
beyond that given to normal problems. Typically,
these problems require cross company coordination,
management escalation, the mobilization of additional
resources, and increased communications. There are
normally longer timescales available in which to plan a
resolution to a major problem, compared to a major
incident, which often requires an immediate response.
This means that it is better to treat the issue as a
proactive requirement, and hence progress it under
problem management as a major problem. If it is left to
incident management because it lacks the immediacy of
other incidents, there is a risk of it not being progressed.
An example of a past major problem is the year 2000
issue.

majority
A simple majority or a pre-defined percentage of
members must vote yes for change to be approved.

Overview

61

management escalation
The process of raising the profile and awareness of an
incident up the management hierarchy, so as to keep
managers updated and to obtain the necessary
commitment and authority for the required support
resources. Also called hierarchical escalation. See also
escalation and functional escalation.

management pack modules

Predefined solutions from Microsoft. They contain
computer groups and processing rules with filters,
performance counters, and alerts defined for specific
customer applications, such as Microsoft Exchange.

management stations
Management stations are computers dedicated to
managing and monitoring the nodes in the system.

marginal cost
The cost of providing the service now, based on the
investment already made.

master configuration group

A configuration group to which zone configuration
groups forward alerts. .

match
A known error, existing problem, or previous incident
record that has the same characteristics as an incident
currently being addressed.

matching
The process of comparing records of known errors,
existing problems, and previous incidents against a
current incident record to obtain a match.

mean time between failure

The average elapsed time from the time an IT service or
supporting component is fully restored until the next
occurrence of a failure to the same service or component.

mean time between system incidents

The average elapsed time between the occurrence of one
system failure and the next failure.

mean time to failure

The mean time expected to the first failure of a
component. It is a statistical value and is meant to be the
mean over a long period of time and large number of
component units.

Service Management Function Guide

62

mean time to repair

The average elapsed time from the occurrence of an
incident to resolution of the incident.

measurement
(1) A value determined by calculation or by data
acquisition from a sensor.
(2) The act or process of measuring.

metadirectory
Metadirectory products are essentially directories of
directories. They provide a common infrastructure that
exists at a level above various directories, directing
queries and returning responses through a single,
transparent user interface. Metadirectories provide
integration and unification.

metric
An analysis of one or more measurements to produce
information. For example, current temperature is a
measurement (datum). An analysis of how the current
temperature compares to the average temperature for
this date is a metric (information).

Microsoft IT life cycle

A conceptual model describing how the activities of
analyzing, designing, building, deploying, and
operating effective IT-based releases are positioned and
linked between the Microsoft Frameworks. Deploying is
the point at which MSF and MOF work together for
successful delivery of the solution.

Microsoft Operations Framework (MOF)

The manage, run, and maintain phase within
Microsoft Frameworks. MOF provides comprehensive
and prescriptive technical guidance for achieving
mission-critical reliability, availability, and
manageability solutions and services on Microsoft
technologies. MOF comprises white papers, operations
guides, assessment tools, operations kits, best practices,
case studies, and support tools that address the people,
processes, and technologies for effectively managing
production systems within todays complex, distributed
IT environment.

Microsoft Solutions Framework (MSF)

The plan and build phase within Microsoft
Frameworks. MSF provides guidance in the planning,

Overview

63

building, and deploying phases of the project life cycle.

This guidance includes white papers, case studies, and
courseware in the areas of enterprise architecture,
application development, component design, and
infrastructure deployment.

middleware
A layer of the MOF IT infrastructure model. Middleware
can be defined as the part of the application that the
users do not see. Middleware includes databases, Web
services, and messaging systems such as Microsoft
COM+. Given this broad definition, the question of what
constitutes middleware varies greatly from application
to application.

milestone review
A meeting that takes place at the end of each phase of
change development and signals agreement to proceed
to the next step. The level of formality in the reviews is
dependent on the complexity of the change.

minor change
A change category applied to changes that impact a
smaller percentage of users than do significant changes.
Also, they involve less risk because of the organizations
relatively high experience level with the proposed
change.

missing event
An event that was supposed to occur within a specified
time interval, but did not occur.

missing event rule

A processing rule for generating an alert when
particular events do not occur during a specified time.
See also missing event.

MOF
See Microsoft Operations Framework.

MOF process model

The core of the MOF approach to service management. It
provides a comprehensive and structured approach to
managing releases. It is divided into four quadrants
changing, operating, supporting, and optimizingeach
of which plays a distinct, but interrelated, role in service
management.

Service Management Function Guide

64

MOF risk model

A five-step risk management process used in MOF. The
process is a shared responsibility among the six role
clusters defined in the team model, rather than the
exclusive responsibility of any one role cluster or role.
The five steps are:
1. Identify. Come up with the condition and the
consequence.
2. Analyze. Measure the exposure.
3. Plan. Set mitigations, triggers, and contingencies.
4. Track. Maintain formal documentation of the
plan, which is always kept up-to-date.
5. Control. React to and implement the plan.

MOF role cluster

A grouping of similar or related IT operations
responsibilities defined in the MOF team model. There
are six MOF role clusters: infrastructure, operations,
release, support, partner, and security. The core
members of the CAB include representation from each
of the six and are always present at meetings.

MOF service management functions

Foundational-level best practices and prescriptive
guidance that are at the core of the MOF process model.
Although no service management function (SMF) is
exclusive to a given quadrant in MOF, each SMF has a
home quadrant or primary planning and execution
quadrant. The following are examples of SMFs:

Configuration management

Problem management

Service continuity management

Workforce management

MOF team model

An organizational work model that emphasizes roles
and aligns groups of related roles (role clusters) with the
IT processes defined in the MOF process model. The six
role clusters are: release, infrastructure, support,
operations, partner, and security.

Overview

65

MOM administrator console

An interface based on Microsoft Management Console
(MMC) technology, used for monitoring and event
management. Can include the Microsoft Operations
Manager 2000 Monitor, rules, and configuration snapins.

MSF
See Microsoft Solutions Framework.

network administration
(Noun) A MOF service management function in the
operating quadrant. It employs the process of
maintaining communications systems and links, along
with accompanying data-processing procedures, in
accordance with the requirements and preconditions
arising from their use and the characteristics of the
network components.
(Verb) Being responsible for the efficient operation of the
network at all times and providing a reliable, consistent,
scalable network infrastructure that meets or exceeds
service levels and optimizes enterprise assets. Its goals
are to provide day-to-day administrative services in
support of the network infrastructure. This entails
managing and resolving incidents and problems,
managing performance, and providing a secure network
environment. Works in concert with other SMFs, such as
capacity management and security administration.

network interface adapter

Computer systems connect to the network backbone
with network interface cards. These components are
relatively inexpensive, so it is common to place more
than one card into each machine to provide redundancy
in the even of failure of the other. It is also common to
direct all external Web traffic to one card and reserve the
other for internal management data.

network interface card (NIC)

See network interface adapter.

network operating system (NOS)

An operating system that includes software to
communicate with other computers by means of a
network. This allows such resources as files, application
programs, and printers to be shared between computers.

node

Service Management Function Guide

66

A computer system or server platform that is uniquely

addressable on a network. A node can have more than
one CPU. It typically has its own boot drives (direct
attached storage); however, more general data storage is
often shared to allow more scalable, highly available
data resources and content.

non-authoritative restore
This type of restore is used to provide a start point (the
point of time at which backup was taken) for data
replication to minimize the replication traffic on the
network. The restored data is synchronized with data on
other domain controllers through replication. Only
changed data (rather than the entire directory) is
replicated. In the absence of this start point, all data
would be replicated from other servers.

nonrepudiation
A security concept that applies to proving the
transmission of a particular message. If a system applies
technical nonrepudiation, the sender of a message
cannot later deny having sent the message, and the
receiver of a message cannot later deny having received
the message. Furthermore, if the message contains
contractual information, the presence of a digital
signature with the message can ensure at a later time
that the contractual information was not improperly
altered.

norm
An idea held by members of a group that can be
expressed in the form of a rule and specifies what
members are expected to do in given circumstances.

notification group
A list of operators and scheduled availability for
receiving page or e-mail responses.

OMR
See operations management review.

OnLine Transaction Processing (OLTP)

Online transaction processing (OLTP) applications are
typically business-critical and are more frequently
deployed in distributed, client/server environments.
Transaction monitors are associated with OLTP to
facilitate management and coordination of transactions
with corporate data repositories, such as relational
database management systems (RDBMS). Online

Overview

67

transaction processing (OLTP) is a type of solution

usually distinguished from decision support systems
(DSS). Both types of solutions typically involve a
RDBMS.

Open Systems Interconnection (OSI)

Developed by ISO in 1978 as a framework for
international standards in heterogeneous computer
network architecture, OSI is a model of network
architecture and a suite of protocols (a protocol stack) to
implement it. The OSI architecture is split between seven
layers. From lowest to highest, these layers are: 1
physical layer, 2 data link layer, 3 network layer, 4
transport layer, 5 session layer, 6 presentation layer, 7
application layer. Each layer uses the layer immediately
below it and provides a service to the layer above. In
some implementations, a layer may itself be composed
of sub-layers.

operating level agreement (OLA)

An internal agreement between two or more IT entities
that defines the responsibilities of all participating
parties. An operating level agreement binds these
parties to provide a particular service (or service
component, such as hardware, software, and so on) of a
specific, agreed-upon quality and quantity, and
constrains the demands users may place upon the
service (or service component) to those agreed-upon
limits defined by the contract.

operating level objective

An agreed-upon, measurable service metric target
between two or more IT entities. It is applied to the
services provided to those entities and described in an
operating level agreement.

operating quadrant
The second quadrant in the MOF process cycle. It
encompasses the day-to-day activities of an IT
organization. Its activities ensure the smooth operation
of the operations environment.

operating system.
(1) A program that controls the hardware. The operating
system provides access to the central processing unit,
memory, storage devices, and so on. Because of this
relationship, correct operating system performance is
critical to correct application performance. The user may
not be aware of the operating system or what it does, but

Service Management Function Guide

68

the user is aware when critical services are not available

due to poorly written device drivers and other OS
problems.
(2) A layer of the MOF IT infrastructure.

operational costs
Those costs resulting from the day-to-day running of the
IT services sectionfor example, staff costs, hardware
maintenance, and electricity. Operational costs relate to
repeating payments whose effects can be measured
within a short time frame, usually less than the 12month financial year.

operations
The on-going activities IT personnel perform on IT
environment components to run and manage the
information technology system and support the business
organization. These activities emphasize execution and
are particularly evident in the MOF operating quadrant.

operations management review (OMR)

One of four key management checkpoints that structure
quality and measurement into the release life cycle or
assessment of ongoing operations. The OMRs are
designed to formally involve higher-level management
in the review, assessment, and decision-making
activities that take place within the life cycle of a release
as well as in the assessment of ongoing operations.

operations review
The management review within the operating quadrant.
The primary goal of the operations review is to assess
the effectiveness of internal operating processes and
procedures and make improvements as appropriate.
This evaluation is focused on the internal processes and
procedures utilized to meet service level requirements
and how those activities can be improved. The
operations review assists in the retention of the
corporate knowledge. It is crucial that, as the operations
staff gains experience with a process, system, or
application, it documents this experience and retains it
in the corporate knowledge base. The operations
reviews can be both release-based and time-based.

operations role
One of six roles in the MOF team model. It includes
skilled specialists who focus on technology areas and
production-systems tasks necessary to run the business

Overview

69

on a daily basis. Enterprise operations roles include

dedicated specialties such as messaging,
telecommunications, networking, and database
administration.

operator
The person scheduled to receive e-mail or page
responses from Microsoft Operations Manager 2000.

operator-driven actions
Manual tasks that are performed in response to a
message generated by one or more system management
tools. The operator will need to follow manual password
change procedures in order to overcome the occurrence.
Operating procedures such as these should be clearly
defined, documented, and tested.

operator-initiated actions
Message-linked, pre-configured responses to eventgenerated incidents. These actions are started and
stopped by an operator.

opportunity cost (or true cost)

The value of a benefit sacrificed in favor of an alternative
course of action. The cost of using resources in a
particular operation expressed in terms of foregoing the
benefit that could be derived from the best alternative
use of those resources.

optical character recognition (OCR)

Identification of printed characters using photoelectric
devices.

optimizing quadrant
The fourth quadrant in the MOF process cycle. It
evaluates the operational functionality of an IT
organization. The objective of this quadrant is the
optimization of cost, performance, capacity, and
availability in the delivery of IT services. The optimizing
quadrant includes the service management functions to
manage costs while maintaining or improving service
levels. This includes the review of outages/incidents, the
examination of cost structures, staff assessments,
availability, performance analysis, and capacity
forecasting.

Service Management Function Guide

70

organizational unit (OU)

A container used to organize objects within a domain
into logical administrative groups. An OU can contain
objects such as user accounts, groups, computers,
printers, applications, file shares, and other OUs. OUs
are used to structure Microsoft Active Directory
directory services based on a companys organizational
structure and network administrative model.

outsourcing
The process by which functions performed by the
organization are contracted out for operation, on the
organizations behalf, by third parties.

overhead
The total of indirect materials, wages, and expenses.

package release
A release that includes a package of software
configuration items that are introduced into the
production environment.

Packet Internet Groper (ping)

A program used to test whether a particular network
destination is online by sending an Internet control
message protocol (ICMP) echo request and waiting for a
response. (Also called packet Internet gopher).

packet
An Open Systems Interconnection (OSI) network layer
transmission unit that consists of binary information.
This information includes both data and a header
containing an identification number, source and
destination addresses, and error-control data.

Page Description Language (PDL)

A computer language that describes the arrangement of
text and graphics on a printed page.

partner role
One of six roles in the MOF team model. It includes
management of a broad collection of IT partners, service
suppliers, and outsource vendors who work as virtual
members of the IT staff in providing hardware, software,
networking, hosting, and support services.

passive components
Those parts of a network that carry information but do
not require their own source of power. Passive

Overview

71

componentssuch as wires, wall jacks, and so onare

vital to any network. With the increasing use of wireless
networking technologies, the use of copper cables is
becoming less common.

patch
An update (commonly called a fix) to a version or
release. Each patch introduced into the environment
needs a corresponding version adjustment.

peer-to-peer network
A network in which every computer is an equal and
functions as both a client and a server. This means that
any computer can share its resources with the network
and access the shared resources on other computers.
Peer-to-peer networks should be generally limited to 10
or 15 nodes or fewer on a single LAN because each
system has to maintain its own user accounts and other
security settings.

performance data
Sampled numeric data collected from Microsoft
Windows NT performance counters.

performance data view

A window that displays specified performance
information.

performance measure
Sampled numeric data collected to aid in capacity
planning.

performance management
A sub-process focused on managing both the
performance of the IT solutions used by the customers
and the performance of the underlying resources on
which the solution depends. It is responsible for
ensuring the monitoring of the performance of all IT
solutions, as detailed in the OLA targets for key IT layers
in the technical infrastructure. It also is responsible for
ensuring the monitoring of the performance of the
underlying resources. All of the collected data is
recorded, analyzed, and reported. As necessary, the
capacity management staff ensures that the performance
of the solutions meets the business requirements. Service
monitoring and control is a key SMF for this subprocess.

Service Management Function Guide

72

performance threshold
Sampled numeric data compared to a threshold value.
Microsoft Operations Manager 2000 generates an alert if
the threshold is crossed in either direction.

pilot
The experimental and preliminary stage of a project or
deployment aimed at minimizing the impact of the
deployment and providing valuable feedback on the
projects suitability for completion.

pilot plan
A document that contains the objectives, rollout and
rollback procedures, support and training requirements,
and communication strategy for the pilot test of a
change.

pilot test
A test in a controlled and limited deployment of a
release package into the production environment. It is
initially limited to IT organizations and then rolled out
to a pre-selected group of users.

plan
Setting mitigations, triggers, and contingencies.

plug and play

A set of specifications developed by Intel that allows a
computer to automatically detect and configure a device
and install the appropriate device drivers.

pod
A method of scheduling service desk personnel.

post-implementation review (PIR)

The management review of a change after deployment.
The reviews purpose is to determine whether the
change is meeting its original goals and whether there
any lessons learned that can be incorporated into future
releases.

PostScript
A page-description language (PDL), developed by
Adobe Systems Incorporated for printing on laser
printers, that offers flexible font capability and highquality graphics. PostScript is the standard for desktop
publishing because it is supported by imagesetters, the
high-resolution printers used by printing services for
commercial typesetting.

Overview

73

pre-approved change
See standard change.

predictive fault management

The analytical use of data collected through monitoring
and measuring. The data is used to predict potential
system outages and formulate a strategy of preventative
maintenance.

primary restore
This type of restore is used when the server being
restored is the only working server of a replicated
dataset and is being rebuilt from backup.

PRINCE2
The standard U.K. government methodology for project
management.

print and output management

(Noun) A MOF service management function in the
operating quadrant. It is responsible for managing the
costs and resources associated with business output.
This output could include print documents, faxes, emails, Web pages, electronic transactions, and computer
files.
(Verb) Being responsible for the production of printed
material in an organization, whether it is a single sheet
or large print job. Also, being responsible for the
collation of output into electronic formats, such as Web
pages, CDs, and automated e-mails. Its goal is to ensure
that all printed and electronic material is produced in
the most efficient and effective manner, using the most
appropriate hardware and software.

print job
The source code that contains both the data to be printed
and the commands for printing. Print jobs are classified
into data types based on what modifications, if any, the
spooler must make to the job for it to print correctly.

print server
A computer that is dedicated to managing the printers
on a network. The print server can be any computer on
the network.

print spooler
Computer software that accepts a document sent to a
printer by the user and then stores it on disk or in
memory until the printer is ready for it. This collection

Service Management Function Guide

74

of dynamic-link libraries (DLLs) receives, processes,

schedules, and distributes documents for printing. The
term spooler is an acronym created from simultaneous
print operations on line.

Printer Control Language (PCL)

The page-description language (PDL) developed by
Hewlett Packard for their laser and inkjet printers.
Because of the widespread use of laser printers, this
command language has become a standard in many
printers. Printer Control Language is also called PCL.

printer driver
A program designed to allow other programs to work
with a particular printer without concern for the
specifics of the printers hardware and internal
language. By using printer drivers that handle the
subtleties of each printer, programs can communicate
properly with a variety of printers.

priority
The sequence in which an incident or problem needs to
be resolved, based on impact and urgency.

private branch exchange (PBX)

A telephone system owned by a private individual or
company rather than a telephone utility. In order to
make a call from a PBX telephone to the public switched
telephone network (PSTN), users usually have to dial a
special prefix (such as the number 9). So, in order to dial
the number (101) 555-1212, one would have to dial
91015551212.

private view
A view that is accessible only by the user who created it
and is saved in the My Views folder.

proactive fault management

Responding to alarms generated when performance
thresholds have been met. The thresholds are set by
network operations and usually indicate a potential
degradation in service that may eventually result in an
outage.

problem
An unknown, underlying cause of one or more
incidents.

Overview

75

problem management
(Noun) A MOF service management function in the
supporting quadrant. Its primary objective is to
effectively address the root cause of incidents in order to
reduce their quantity and severity in the production IT
environment. It employs the processes aimed at
detecting and effecting structural improvements in the
technical infrastructure and the settlement of problems
arising from the use and management of information
systems.
(Verb) Minimizing the adverse effect on the business of
incidents and problems caused by errors in the
infrastructure. Proactively preventing the occurrence of
incidents, problems, and errors.

procedure
The description of a formalized method of working
(when and in what order actions are to be carried out)
for a specified process or part thereof). Procedures
provide for coordination between departments.

process
A series of actions or operations designed to achieve an
end.

process control
The practice of planning and regulating a process so as
to enact it in an effective and efficient way.

processing
The daily operation of all systems in the IT environment.

processing rule
A rule that defines how Microsoft Operations Manager
2000 collects, processes, and responds to information.
Types of processing rules include event, filtering,
missing event, consolidation, alert, performance
measuring, and performance threshold.

processing rule group

A set of processing rules grouped together with a single
name. Grouping processing rules together allows
organizations to associate more than one processing rule
with a computer group.

Service Management Function Guide

76

processing rule match

Occurs when Microsoft Operations Manager 2000
receives information that matches a processing rule.
When a processing rule match occurs, the product
performs the actions and response defined in that rule.

process model
See MOF process model.

protocol
The standardized way in which communication takes
place between two components.

Public Key Infrastructure (PKI)

The term generally used to describe the laws, policies,
standards, and software that regulate or manipulate
certificates and public and private keys. In practice, it is
a system of digital certificates, certification authorities,
and other registration authorities that verify and
authenticate the validity of each party involved in an
electronic transaction. Standards for PKI are still
evolving, even though they are being widely
implemented as a necessary element of electronic
commerce.

Public Switched Telephone Network (PSTN)

A system of voice communication that connects
telephones through a network of switches. Users do not
own the network, but instead pay a fee to another
company that provides the service. Known in the
vernacular as the phone company.

public view
A view that is accessible by anyone, and is saved in the
Public Views folder.

quadrant
The four distinct divisions of the MOF process model,
culminating in a major or external review.

quality level
A measure of quality, expressed as a measurable
quantity (the response time or availability percentage,
for example).

quality
The totality of those properties and characteristics of a
product or service that is important in enabling the
fulfillment of established or self-evident needs.

Overview

77

quorum
Defines the minimum number or minimum majority
percentage of people required to be present for a vote.

reactive fault management

The processes and procedures used to take action in the
event of an unscheduled system outage.

recording
Preserving information in permanent form.

recovery
The process of carrying out actions to restore normal
operation of service once an incident has been resolved.

Redundant Arrays of Independent Disks (RAID)

The use of two or more disk drives instead of one disk,
which provides better disk performance, error recovery,
and fault tolerance, and includes interleaved storage
techniques and mirroring of important data. (Originally
Redundant Arrays of Inexpensive Disks.)

relational database management systems (RDBMS)

RDBMSs are the predominant database software content
data stores found in IT service solutions. A relational
database management system is typically purchased as
off-the-shelf, packaged software. Other software toolsets
that assist IT in application and content development are
usually available from the RDBMS vendor.

release
(noun) A collection of one or more changes that includes
new and/or changed configuration items that are tested
and then introduced into the production environment.

release approved review

The release approved review signifies the formal
approval of a proposed change, or set of changes, to be
developed and packaged into a defined release. This
review is key to the operations environment because it
begins the investment cycle for development and
deployment of a given release.

release management
(Noun) A MOF service management function in the
changing quadrant. It employs the processes of
coordinating and managing the activities by which all
releases to the production IT environment are planned,
tested, and implemented.

Service Management Function Guide

78

(Verb) Ensuring that all aspects of a release, both

technical and non-technical, are considered together.

release manager
The role that is responsible for managing the activities of
the release management process for the IT organization.
For releases with large and complex scopes, the release
manager forms a team to manage the release activities.
The release manager selects the team members and
assigns team roles and responsibilities.

release mechanism
The method and process for rolling out a change. The
release team should deploy each release using a
mechanism that allows it to automate as much of the
process as possible because this ensures repeatability
and consistency.

release package
The processes, tools, technologies, and documents
required to move a release into production. Also, all of
the components of the changes that comprise the release.

release planning
The activity in the release management process that
defines and prioritizes all requirements for the release. It
creates a comprehensive set of release plans, including a
test plan, rollout plan, and others. These plans are used
by all team members as the release moves through the
release management process.

release readiness review

The final management approval prior to rolling out a
release into production. The release is evaluated for
readiness including the production environment, rollout
and rollback plans, and risk management plan.

release role
One of six role clusters in the MOF team model. It
participates in system upgrades and ongoing revisions
of software development projects. It frequently serves as
the primary actor in releasing a new service offering into
IT operations. The release role of the MOF team model is
the point at which the logistics manager role of the MSF
team model intersects with MOF. This is where the
handoff between development/test and production
operations occurs, which is a crucial juncture for the
smooth transition of the system into production.

Overview

79

release rollout plan

A series of documents developed by the change owner
that detail how a release will be rolled out to the IT
production environment. These documents include the
release schedule, training schedule, and rollout site
locations.

release schedule
A timetable created by the release manager that plans
the rollout, based on the priority and urgency of the
release in relation to others. It details schedule activities
and resources accordingly.

release scope
The release manager performs this step to provide the
team with the answers to key questions that are used to
plan the release. The resulting steps and any decisions
made are captured and then recorded in the change log.

release strategy
The overarching design, plan, and approach for
deployment of a change into production.

release unit
A component or set of components packaged together as
a single release unit and released into the test and
production environments.

reliability
The ability of a component or IT service to perform a
required function without failing, under stated
conditions for a stated period of time.

replicas
Online copies of the directory data. In the event of a
server failure, peer replicas provide continued service
and access to the data while the failed server is repaired.
When the server is recovered, it can be returned to
service as a replica server.

reporting
The collection, production, and distribution of an agreed
level and quality of service information (for use in
capacity, availability, and service level management, for
example).

request
See service request.

Service Management Function Guide

80

request for change (RFC)

A description of a proposed change, what the change
entails, and which configuration item(s) it involves. On
the basis of the proposal, the impacts are assessed and, if
approved, the change is scheduled for implementation.

request for information (RFI)

An instance in which knowledge is requested.

resilience
The capacity of an IT service to continue to provide a
required function in the event that a portion of the
underlying infrastructure suffers a failure.

resolution
The process of implementing resolution actions in
accordance with change and release management
processes.

resolution action
An action that will resolve an incident or problem. In the
case of an incident, this may be a workaround.

resolution completion
The point at which manual/automatic action has been
taken and all recording and incident management
actions have been successfully completed.

resolver group
A specialist support team to which an incident may be
assigned. This may be an internal team or an external
vendor.

resolution history
A feature in Microsoft Operations Manager 2000 that
automatically tracks changes to alert fields. Users can
also enter their own information about an alert.

resolution state
The status of an alert relative to the cycle of its
resolution. Default resolution states include New,
Acknowledged, and Resolved, among others.

resource cost
The amount of machine resource that a given task
consumes. This resource is usually expressed in seconds
for the CPU or the number of I/Os for a disk or tape
device.

Overview

81

resource management
A sub-process that focuses on the management of the
individual resources of the IT infrastructure. From the
workloads, it determines the present and future required
resources. It is responsible for ensuring that all resources
are acquired and implemented in a timely and costeffective manner.

resource profile
The total resource costs that are consumed by an
individual online transaction, batch job, or program. It is
usually expressed in terms of CPU seconds, number of
I/Os, and memory usage.

resource unit costs

Resource units may be calculated on a standard cost
basis to identify the expected (standard) cost for using a
particular resource. Because computer resources come in
many shapes and forms, units have to be established by
logical groupings. Examples are: a) CPU time or
instructions b) disk I/Os c) print lines d) communication
transactions.

resources
Resources are typically computer and related
equipment, software, facilities, or organizational
(people). The IT Services section needs to provide the
customers with the required services.

response
An action that Microsoft Operations Manager 2000
initiates when a processing rule match occurs.
Notifications, command or batch files, scripts, and
SNMP traps are examples of possible responses.
Responses that occur on the consolidator computer are
called central responses. Responses that occur on the
agent computer are called local responses.

response time
The time between the start (sending a request or
command) and the end (obtaining the result) of an
online transaction.

review
The reassessment and re-examination of the people,
process, and tool elements of the service monitoring and
control function. The reassessment is designed to ensure

Service Management Function Guide

82

that the processes continue to work as designed and that

they still meet the business requirements.

RFC
See request for change.

risk
The possibility of suffering a loss; an event that may or
may not happen. If an event is guaranteed, then it is not
a riskit is a known problem that can be planned for.
The loss is relative. Failure to achieve the maximum
possible gain is considered to be a loss. The opposite of a
risk is an opportunity or the possibility of experiencing a
gain.

risk management
A discipline and environment of embedded decisions
and actions to assess continuously what can go wrong,
determine what risks are important to deal with, and
implement strategies to deal with those risks.

risk management process

The five-step process defined in the MOF risk model for
managing risk. The five steps are: identify, analyze, plan,
track, and control. Each risk goes through all five steps
at least once and often numerous times. Each risk also
has its own timeline; therefore, multiple risks might be
in each step at any given time.

role
A set of responsibilities, activities, and authorizations.
Depending upon the intensity of labor involved and the
size of the organization, one person can perform
multiple roles within an organization, or multiple
persons can perform a single role.

role cluster
A concept defining six general categories of activities
and processes. The processes within a role cluster all
support the same quality goal. It is important to
recognize that role clusters are groups of activities that
share a common goal. They are not job descriptions, and
they do not imply any kind of organizational chart.

rollback plan
Documented details outlining how to stop and/or back
out a change that has been deployed or is in the process
of being deployed and return to the previous state of the
IT environment.

Overview

83

rollout
The physical deployment of the release into production.

rollout plan
A comprehensive plan built by release management that
is used to identify the activities (and the resources)
required to successfully deploy a release into the
production environment. Also, detailed documentation
that outlines how a change is physically deployed by the
release team.

rollout preparation
The step in the release management process during
which the rollout team is preparing the IT infrastructure
for the release. It requires assembly of resources and prestaging of hardware and software.

rollup
A series of patches joined consecutively.

router
Routers enable LANs and WANs to achieve
interoperability and connectivity, and they can link
LANs that have different network topologies (such as
Ethernet and Token Ring). Routers match packet
headers to a LAN segment and choose the best path for
the packet. The forwarding decision is based on routing
tables, which optimizes network performance.

rule
A method of grouping computers or identifying data to
collect. Organizations can define two types of rules.
Computer grouping is a rule that creates a collection of
computers for similar event management. Processing is a
rule that defines the events, alerts, and performance data
to collect, what to do with the information once it is
collected, and how to respond to the indicated condition.

rules
Rules are a predetermined task or set of taskseither
automatic or operator initiatedthat are to be followed
upon the occurrence of an event.

Service Management Function Guide

84

scalability
Scalability refers to the capacity of the application to
perform increasing amounts of work while sustaining
acceptable performance levels. For example, if one
system/processor supports ten users, then two
systems/processors should support twenty users, and so
forth. Linear scalability assumes a straight line with a
slope of one.

scaling out
Scaling out, sometimes referred to as scaling wide, refers
to expanding a solutions capacity by incrementally
adding more serverscomplete with processors,
storage, and bandwidthand sharing the user load
across these servers. This is also referred to as horizontal
scaling or horizontal growth.

scaling up
Scaling up, sometimes referred to as scaling high, refers
to expanding a solutions capacity by incrementally
adding more devices to an existing server, typically by
adding central processing units (CPUs), memory, disks,
and network interface cards (NICs) to a server. This is
also referred to as vertical scaling or vertical growth.

script
A simple program that can be added to a processing rule
as a response or used as an extension to the event
criteria definition.

security
Comprises security policies, as specified by security
design and processes that address IT asset
confidentiality (protection of data), integrity (accuracy of
data), and availability (access to data).

security administration
A MOF service management function in the operating
quadrant. It employs the process of developing,
implementing, and managing security controls.
Associated components include data confidentiality,
data integrity, and data availability.

security incident
An occurrence that has or potentially could have
consequences with regard to the confidentiality,
integrity, or availability of the organizations data and/or
services.

Overview

85

security role
One of six role clusters in the MOF team model. It is
responsible for corporate data, network, and operational
security. A second area of responsibility is the
development and implementation of a comprehensive
plan for the retention, classification, and secure disposal
of data. Additionally, the security role is responsible for
having a sufficient plan to recover a corporate
networkincluding all critical business applicationsto
at least a minimum operational configuration in a short
amount of time.

self-managed team
A classification of a service desk team that typically
manages itself. Also, a method of scheduling service
desk personnel.

self service
The process by which IT customers are able to perform
some part of the incident management process
themselves, without using the service desk.

self tracking
The process by which IT customers can view (but not
update) details of calls they have raised with the service
desk.

server
A computer that provides some service for other
computers connected to it via a network. The most
common example is a file server, which has a local disk
and services requests from remote clients to read and
write files on that disk.

service
(1) A layer of the MOF IT infrastructure model. This is
the function that IT is helping the business perform. It
likely has a name that is easy for the business to
understand, such as payroll. In order to perform this
function, however, the business needs the support of the
IT layers below. (2) A long-running application that
executes in the background on Windows NT,
Windows 2000, and Windows .NET servers. Services
typically perform working functions for other
applications.

serviceability (external focus)

The contractual conditions with suppliersoutside of
the internal IT staffcovering the availability of an IT

Service Management Function Guide

86

service and the conditions under which the contractual

conditions are valid for a configuration item or system.

service achievement
The actual service levels delivered by the IT
organization to a customer within a defined life span.

service catalog
A directory of all services that an IT organization offers.
Or, a written statement of IT services, default levels, and
options.

service continuity management

A MOF service management function in the optimizing
quadrant. It focuses on the procedures and components
necessary to minimize service disruption of missioncritical systems.

service delivery
A collection of IT service management disciplines and
processes that are directed at optimizing operational
processes (service support) and that are responsible for
the final service provision. The service delivery
disciplines are service level management, service
continuity management, availability management,
capacity management, and financial management.

service desk
A MOF service management function in the supporting
quadrant. Also, the single point of contact within the IT
organization for users of IT services.

service level
An agreed-upon quality and quantity of services to be
supplied.

service level agreement (SLA)

An agreement between IT and the user community that
defines the responsibilities of all participating parties
and that binds IT management to provide a particular
service of a specific agreed-upon quality and quantity. It
constrains the demands users may place upon the
service to those limits defined by the agreement.

service level management

(Noun) A MOF service management function in the
optimizing quadrant. It employs the processes of
planning, coordinating, drafting, agreeing to,
monitoring, and reporting on service level agreements,
along with the ongoing review of service achievements

Overview

87

to ensure that IT and business are aligned and that

service quality is cost justifiable.
(Verb) Defining, agreeing to, documenting, and
managing the levels of customer IT service that are
required and cost justified.

service level objective

An agreed-upon, measurable service metric target
between the IT organization and one or more of its
customer communities. It is applied to the services
provided to those communities and described in a
service level agreement.

service level requirement

A document identifying the requirements of the
customers for the provision of (one or more) IT
service(s).

service management
A collection of people, processes, and technology
through which conditions are created that ensure the
continuity and quality of the agreed-upon services.
Service management includes IT operations as a practice
in delivering services, but maintains a broader scope by
emphasizing, supporting, and continually improving IT
services.

service management architecture

A structured system of management processes,
personnel, the management organization, and the
supporting information system, as well as their mutual
interrelationships. A well-designed architecture enables
an IT management organization to supply its customers
with IT functionality in a controlled manner.

service management function (SMF)

One of twenty defined sets of related processes and
procedures within the four quadrants of the MOF
process model. SMFs represent foundational-level best
practices and prescriptive guidance. Examples include
change management, release management, and
configuration management.

service manager
The entity that is ultimately responsible for day-to-day
provision and monitoring of an individual service across
all relevant sites. Also responsible for providing SLA
compliance measures and for ensuring that the service

Service Management Function Guide

88

review is carried out. Normally there is one service

manager per service.

service monitoring and control

(Noun) A MOF service management function in the
operating quadrant. It allows operations to observe the
health of an IT organization in real time. This process
ensures that service levels are always in a state of
compliance.
(Verb) Proactively monitoring the IT infrastructure in
order to identify incidents or system events as soon as
they occur. Providing early warning of potential
incidents that may soon occur unless preventive
measures are taken.

service monitoring and control requirements

The agreed-upon servicesand the configuration items
that underpin each servicethat require monitoring.
Also, the thresholds and values that are necessary to
ensure early warning of incidents, system events, or
potential incidents that may soon occur unless
preventative measures are taken.

service provider
An internal or external provider of an IT service.

service request
Every incident that is not a failure in the IT
Infrastructure.

services
The deliverables of the IT Services organization as
perceived by the customers; the services do not consist
merely of making computer resources available for
customers to use.

service target
An achievable and measurable service level objective
documented within a formal agreement.

significant change
A change category applicable to changes that are nonstandard and impact a high percentage of users. Their
change development and release processes are likely to
require more careful planning, more time, and more
resources than are required for standard and minor
changes. These changes may involve downtime of the
network or a service. Examples are new products, new
users, or network changes.

Overview

89

significant incident
An incident that has impacted or potentially could
impact agreed-upon service levels.

Simple Network Management Protocol (SNMP)

A network protocol used to manage TCP/IP networks. In
Windows, the SNMP service is used to provide status
information about a host on a TCP/IP network.

single point of failure

Any component of an IT service that would cause
downtime in the event of it failing to function correctly.
Availability management aims to cost effectively remove
as many single points of failure as possible through the
use of appropriate countermeasures.

SLA review
The interval-based review at the end of the supporting
quadrant. The operations staff, lead by the support team,
reviews the SLAs and the associated metrics during this
review and determines which services have met the
service level requirements. The staff then takes
corrective action to address those areas that fail to meet
the requirements.

software environment
Software used to support an application. Examples
include operating systems, database management
systems, development tools, compilers, and application
software.

software release
All of the new, modified, or existing software
configuration items that are made available for use at
any given time.

solution
(1) The coordinated delivery of the elements needed
(such as technologies, documentation, training, and
support) to successfully respond to a business problem.
(2) An identified means of resolving an incident or
problem that provides a resolution for the underlying
cause.

specialist support team

See resolver group.

Service Management Function Guide

90

standard change
A change category that describes changes that are preapproved and can bypass the authorization process to
proceed directly to release. These changes can do this
because they have an established deployment path and
impact the smallest percentage of users of any of the
change categories. Standard changes represent trusted
and accepted solutions to a set of requirements.

standard cost
A pre-determined calculation of what a cost should be
under specified working conditions. It is built from an
assessment of the value of cost elements and correlates
technical specifications and the quantification of
materials, labor, and other costs to the prices and/or
wages expected to apply during the period in which the
standard cost is intended to be used. Its main purposes
are to provide bases for control through variance
accounting, to provide valuation of work in progress,
and fix selling prices.

standard costing
A technique that uses standards for costs and revenues
for the purposes of control through variance analysis.

standardization
The establishment of technical specifications for
products, working methods, and similar components to
achieve system uniformity. Use of the standard
specifications can be made mandatory for subordinate
organizations.

storage area network (SAN)

A high-speed network that connects multiple storage
devices so that they can be accessed on all servers in a
local area network (LAN) or wide area network (WAN).

storage event monitoring

Storage event monitoring is the proactive monitoring of
storage devices performance and capacity events to
minimize the adverse effects of incidents before they
impact the business.

storage management
(Noun) A MOF service management function in the
operating quadrant. It provides management of onsite
and offsite data storage for the purposes of data
restoration and historical archiving.

Overview

91

(Verb) Defining, tracking, and maintaining data and

data resources in the production IT environment.
Defining the storage requirements, monitoring these
requirements, and providing ongoing maintenance of
the storage infrastructure.

storage media
Any media used for storing data, including hard disks,
floppy disks, optical disks, and magnetic tape.

strategic management/level
Actions concerning the relationship of the organization
to its environment and the basic outlines of the
organization structure. Decisions on a strategic level
influence the processes within the organization. Final
responsibility lies with the directors, but functionaries at
lower management levels have an important role as
information providers. Strategic management gives
direction to the business, economic, organizational, and
technological aspects of management.

subenvironment
A logically autonomous part of a conceptual
environment that belongs to a specific application or
service.

sunk cost
Cost already incurred which cannot be recovered
regardless of future events.

super user
In some organizations it is common to use expert
users (commonly known as super, or expert, users) to
deal with first-line support problems and queries. This is
typically done in specific application areas or
geographical locations where there is not the
requirement for full-time support staff. This valuable
resource needs, however, to be carefully coordinated
and used.

support chain
The support team hierarchy from initial support through
to development teams or external vendors, who between
themselves perform the support processes.

support role
One of six role clusters in the MOF team model. The
support role includes service desk and production
support functions. The goal of the service desk is to

Service Management Function Guide

92

provide timely, efficient, and accurate customer support

in the resolution of incidents.

supporting quadrant
The third quadrant in the MOF process cycle. It supports
IT operations in day-to-day operations. The supporting
quadrant incorporates the concepts of integrated
resolution processes. These processes include a service
desk, incident management, problem management, and
service recovery processes. Tasks performed in the
supporting quadrant are concurrent with tasks
performed in the operating quadrant.

surcharging
Surcharging involves charging business users a
premium rate for using resources at peak times.

switch
A network device that forwards each incoming packet
only to the port that provides access to the destination
system. See also hub.

symptoms
The description of the effects of an incident or problem.

system
An integrated composite that consists of one or more of
the processes, hardware, software, facilities, and people
that provides a capability to satisfy a stated need or
objective.

system administration
A MOF service management function in the operating
quadrant. It focuses on the day-to-day tasks associated
with maintaining enterprise systems.

sysvol
The sysvol is a replicated dataset that is stored on every
domain controller. It contains the scripts and policies
that are used within the domain.

task scheduler
A system or application that automatically invokes
scripts or programs at specified times.

team model
An organizational work model that emphasizes the use
of small, cohesive teams of role specialists who
communicate on an equal basis in the accomplishment
of their individual and group tasks.

Overview

93

testing coordinator
The role that is responsible for developing test scripts,
managing the release user acceptance testing process,
evaluating the testing results, beginning the process of
problem correction, and determining how to handle
failures. At the completion of testing, the coordinator
develops a test analysis report that management uses to
decide whether to continue the release process and
begin the pilot phase.

test plan
A document that provides the detailed blueprint for the
types and level of testing to be performed on a change
being developed.

test scripts
Documented step-by-step procedures or automated
processes that dictate the testing process to be
performed for a release.

third-party supplier
An enterprise or group, external to the customer's
enterprise, that provides services and/or products to that
customer's enterprise.

third-party contracts
Contracts placed with external providers for the
provision of all or part of the infrastructure delivering all
or part of a service being monitored.

threshold/criteria
As used in the system and network management
industry, a threshold is a configurable value above
which something is true and below which it is not.
Thresholds are used to denote predetermined levels, and
when thresholds are exceeded, actions may occur.

threshold rule
A processing rule for creating an alert when a Windows
NT performance counter value crosses a defined
threshold. See also performance threshold.

ticket
A set of identification data for a security principle,
issued by a domain controller for purposes of user
authentication. Two forms of tickets in Windows are
ticket-granting tickets (TGTs) and service tickets.

Service Management Function Guide

94

total cost of ownership

A calculation that includes depreciation, maintenance,
staff costs, accommodation, and planned renewal.

track
To maintain formal documentation of a plan, which is
always kept current.

training plan
A document that describes how the organization will
meet the training needs for a release. It incorporates a
gap analysis that drives the type of training to be
conducted and is balanced with its impact on
productivity and day-to-day operations.

Transmission Control Protocol/Internet Protocol (TCP/IP)

A set of networking protocols used on the Internet that
provides communications across interconnected
networks made up of computers with diverse hardware
architectures and various operating systems. TCP/IP
includes standards for how computers communicate
and conventions for connecting networks and routing
traffic.

triad
A method of scheduling service desk personnel.

unanimous
Every member must vote yes for change to be approved.

underpinning contract
A contract between IT and one or more external vendors
that defines the responsibilities of all participating
parties. The contract binds these parties to providing a
particular service (or service component, such as
hardware, software, and so on) of a specific, agreedupon quality and quantity. It also constrains the
demands IT and/or its users may place upon the service
(or service component) to those agreed-upon limits
defined by the contract.

unit costs
Costs distributed over individual component usage. For
example, it can be assumed that, if a box of paper with
1,000 sheets costs $10, then each sheet costs 1. Similarly,
if a CPU costs $1 million per year and it is used to
process 1,000 jobs that year, each job costs on average
$1,000.

Overview

95

upgrade
An adjustment to the version or release in which the
version number changes.

uptime
The time between incidents or failures when customer
expectations are met as specified by the OLA or the SLA.

urgency
A measure of the business criticality of an incident or
problem based on the impact and on the business needs
of the customer.

user
The person who uses the services on a day-to-day basis.

utility cost center (UCC)

A cost center for the provision of support services to
other cost centers.

variance analysis
Variance analysis is an analysis of the factors that have
caused the difference between predetermined standards
and the actual results. A variance is the difference
between planned, budgeted, or standard cost and actual
cost (or revenues). Variances can be developed
specifically in reference to the operations carried out in
addition to those previously mentioned.

version
The status of a configuration item, consisting of one or
more changes at the specification level.

vetoes
One member may have the ability to say no, which
results in rejection of a change request. For example, the
security member may have veto on any change with a
potential impact on either the domain name system or a
firewall.

view
A window in the Microsoft Operations Manager 2000
Monitor snap-in that displays specified data from the
database.

virtual private network (VPN)

The extension of a private network that encompasses
encapsulated, encrypted, and authenticated links across
shared or public networks. VPN connections can

Service Management Function Guide

96

provide remote access and routed connections to private

networks over the Internet.

Web console
An interface that allows users to access database
information from any Windows platform that can run
Microsoft Internet Explorer.

wide area network (WAN)

A circuit that connects one or more LANs that are
geographically distant. An example of a WAN
connection would be a company with two offices in
distant citieseach with its own LANand connected
by a leased telephone line.

Windows Management Instrumentation (WMI)

Microsoft Windows Management Instrumentation
(WMI) provides management information using a single
consistent, standards-based, extensible and objectorientated interface. WMI is the Microsoft
implementation of Web-based enterprise management
(WBEM), an industry initiative to develop a standard
technology for accessing management information in an
enterprise environment. The purpose of this initiative is
to help companies lower their total cost of ownership by
enabling powerful enterprise-class management of
systems, applications, and devices. Hundreds of
companies now support the ongoing standards that
resulted from the initial WBEM consortium began by
Microsoft, Compaq, Intel, Cisco, and BMC.

workaround
A method of avoiding an incident or problem, either by
implementing a temporary fix or by ensuring that the
customer is not reliant on a particular aspect of a service
that is known to have a problem.

workforce management
A MOF service management function in the optimizing
quadrant. It recommends best practices to recruit, retain,
maintain, and motivate the IT workforce.

Overview

97

Appendix B: Acronyms
ACD

Automatic Call Distributor

ACL

access control list

ADF

Automated Document Factory

AMDB

availability management database

AMM

availability metrics model

API

application programming interface

ASCII

American Standard Code for Information

Interchange

AST

agreed service time

ATM

automated teller machine

BCM

business continuity management

BIA

business impact analysis

BRM

business relationship management

BSI

British Standards Institute

CA

certification authority

CAB

change advisory board

CAB/EC

change advisory board emergency

committee

CASE

computer-aided software engineering

CBF

critical business function

CCTA

Central Computer and Telecommunications

Agency

CDB

capacity database

CERT

Computer Emergency Response Team

CFIA

component failure impact analysis

CI

configuration item

CIA

confidentiality, integrity, and availability

CIM

Common Information Model

CLI

caller line identification

CMDB

configuration management database

COP

Code of Practice

COPC

customer operation performance center

Service Management Function Guide

98

CPS

certificate practice statements

CPU

central processing unit

CRAMM

CCTA Risk Analysis Management Method

CSBC

Computer Services Business Code

CSS

customer satisfaction survey

CTI

Computer-Telephony Integration

DCAM

database access server (DAS), consolidator

(C), and agent manager (AM) components
within MOM

DHS

definitive hardware store

DMTF

Desktop Management Task Force

DSL

definitive software library

DT

downtime

E2E

end-to-end

EDI

electronic data interchange

EFQM

European Foundation for Quality

Management

EUAE

end-user availability

EUDT

end-user downtime

EUPT

end-user processing time

FAQ

frequently asked questions

FSC

forward schedule of changes

FTA

fault tree analysis

GOT

Global Operations & Technologyformerly

Microsoft Information Technology Group
(ITG)

GUI

graphical user interface

HR

human resources

HTML

Hypertext Markup Language

ICAM

Integrated Computer-Aided Manufacturing

ICT

Information and Communication

Technology

IDEF

ICAM definition

IIS

Internet Information Services

IPSec

Internet Protocol Security

Overview

99

IR

incident report

ISO

International Organization for

Standardization

ISP

Internet service provider

IT

Information Technology

ITAMM

IT availability metrics model

ITEC

Information Technology executive

committee

ITIL

Information Technology Infrastructure

Library

ITSC

IT service continuity

ITSCM

IT service continuity management

ITSMF

IT service management forum

IVR

Interactive Voice Response

KDC

Key Distribution Center

KER

known error record

KPI

key performance indicator

KSF

key success factors

LAN

local area network

LDAP

Lightweight Directory Access Protocol

LOB

line of business

MBNQA

Malcolm Baldridge National Quality Award

MCS

Microsoft Consulting Services

MIB

Management Information Base

MIM

major incident management

MMC

Microsoft Management Console

MOF

Microsoft Operations Framework

MOM

Microsoft Operations Manager

MSF

Microsoft Solutions Framework

MTBF

mean time between failures

MTBSI

mean time between system incidents

MTTR

mean time to repair

NOS

network operating system

OCR

optical character recognition

Service Management Function Guide

OGC

Office of Government Commerce

OLA

operating level agreement

OLR

operating level requirement

OLTP

online transaction processing

PBX

private branch exchange

PC

personal computer

PCL

Printer Control Language

PDA

Personal Digital Assistant

PDF

Portable Document Format

PDL

page description language

PIN

personal identification number

PING

Packet Internet Groper

PIR

post-implementation review

PKI

Public Key Infrastructure

PPP

Point-to-Point Protocol

PR

problem record

PRINCE

Projects in Controlled Environments

PSA

projected service availability

PSTN

Public Switched Telephone Network

QA

quality assurance

RAG

red-amber-green

RAID

redundant array of independent disks

RBAC

role-based access control

RFC

request for change

RFI

request for information

ROCE

return on capital employed

ROI

return on investment

RWO

real-world object

SAN

storage area network

SIP

Service Improvement Program

SLA

service level agreement

SLAM

service level agreement monitoring

SLR

service level requirement

100

Overview

SMF

service management function

SMO

service maintenance objective

SMTP

Simple Mail Transport Protocol

SNMP

Simple Network Management Protocol

SOA

system outage analysis

SOO

service outage objective

SPOF

single point of failure

SQL

Structured Query Language

TCO

total cost of ownership

TCP/IP

Transmission Control Protocol/Internet

Protocol

TGT

ticket-granting ticket

TOP

technical observation post

TOR

terms of reference

TP

transaction processing

TQM

Total Quality Management

UC

underpinning contract

UPS

uninterruptible power supply

VB

Visual Basic

VBF

vital business function

VoIP

Voice over Internet Protocol

VPN

virtual private network

VSI

virtual storage interrupt

WAN

wide area network

WFD

work flow diagram

WIP

work in progress

WMI

Windows Management Instrumentation

101

Service Management Function Guide

102

Appendix C: Suggested Training and Reading

Courses
The following training resources represent a minimum
level of prerequisite knowledge necessary to perform the
tasks described in the SMF guides.
Microsoft Operations Framework Essentials
ITIL Service Management Essentials
ITIL Service Management Service Support course
ITIL Service Management Service Delivery course

Books
The following books serve as a bibliography for this
introduction to the SMFs or as recommended reading to
further understand the concepts contained in them.
Planning to Implement Service Management ISBN 0 11
330877 9
Service Support

(ITIL) ISBN 0 11 330015 8

Service Delivery

(ITIL) ISBN 0 11 330017 4

ITIL Security Management

ISBN 011330014X

Web Sites
For more information on Microsoft Frameworks and its
offerings, see:
http://www.microsoft.com/msf
http://www.microsoft.com/mof
For more information on ITIL, see http://www.itil.co.uk/
For more information on the Help Desk Institute, see
http://www.helpdeskinst.com/
For more information on the Customer Operations
Performance Center, see http://www.copc.com