Showing posts with label General Dev. Show all posts

ITIL principles

What's ITIL?

ITIL, the IT Infrastructure Library, is a framework for IT service management, guiding best practices to deliver IT services effectively.

It helps manage risk, improve customer relations, establish cost-effective practices, and build a stable IT environment for growth and change.

Comprising five books, ITIL standardizes service management processes, aiming to reduce operational costs, enhance productivity, and mitigate risks. Its goal is to create predictable IT environments and provide top-tier customer service by streamlining processes and improving efficiency.

ITIL 4, the latest version, maintains this focus while emphasizing agility and flexibility in the IT department's approach.

Why to use ITIL?

ITIL Principles serve as universal guidelines applicable to any organization, enabling systematic adaptation in evolving business environments.

They aren't tied to specific technology or entities but should be integrated into strategy, value delivery, and maintaining competence.

Their significance necessitates awareness and active implementation by all members across daily operations.

This discussion will outline these principles and explore their practical applications.

Reduced IT costs
Improved IT services using proven best practices
Improved customer satisfaction through a more professional approach to service delivery
Standards and guidance
Improved productivity
Improved use of skills and experience
Improved delivery of third-party services through the specification of ITIL or BS15000 as the standard for service delivery in services procurements

7 ITIL guiding principles:

Focus on value:

An organization's primary objective is delivering value to stakeholders, which extends beyond customers and shareholders to include society, employees, and more.

ITIL 4 accelerates value delivery by leveraging the Service Value System, integrating diverse practices into a cohesive whole.

'Value' emerges from collective organizational efforts, processes, and technology utilization. ITIL 4 stresses the importance of co-creating value with all stakeholders, emphasizing not just financial but also customer experience value. This focus on value aligns with the Lean-Agile approach, a pivotal principle within ITIL.

Start where you are:

Organizations can optimize value delivery by maximizing existing resources but must discern instances where a fresh start is essential.

'Starting where you are' reflects a Lean-Agile mindset, minimizing waste and enhancing current value delivery mechanisms.

This principle, integral to ITIL, necessitates a realistic evaluation of the current architecture. It also emphasizes collecting and analyzing crucial metrics to pinpoint areas for improvement.

Progress iteratively with feedback:

Iterative improvement is key to refining an organization's value delivery. This principle advocates breaking larger tasks into manageable ones with smaller deadlines, emphasizing feedback.

Adhering to this ITIL principle aligns with Lean-Agile, promoting incremental steps validated by stakeholders. Lean-Agile utilizes short, time-boxed iterations involving stakeholders, contrasting with the 'waterfall' method's single-cycle approach.

Short cycles facilitate data collection and metrics, enabling continuous improvement and building trust among stakeholders by showcasing progress. Internal metrics guide service enhancement both upstream and downstream, fostering stakeholder trust and organizational advancement.

Collaborate and promote visibility:

Iterative improvement is key to refining an organization's value delivery. This principle advocates breaking larger tasks into manageable ones with smaller deadlines, emphasizing feedback. Adhering to this ITIL principle aligns with Lean-Agile, promoting incremental steps validated by stakeholders.

Lean-Agile utilizes short, time-boxed iterations involving stakeholders, contrasting with the 'waterfall' method's single-cycle approach.

Think and work holistically:

A holistic approach is vital for embracing Lean-Agile principles.

Focusing solely on individual parts of the value delivery pipeline leads to suboptimal outcomes. It's ineffective for one department to operate faster if it burdens another.

For effective results, the entire service, encompassing information, technology, stakeholders, and organizational principles, must be managed cohesively. By coordinating efforts toward a common value, organizations ensure satisfaction for internal and external customers.

Adopting a holistic approach enables decisions that benefit all stakeholders. In today's interconnected landscape, no service, department, or provider exists in isolation—they all interconnect to produce value.

Therefore, any organizational upgrades or decisions must consider the bigger picture for maximum impact.

Keep it simple and practical:

This ITIL principle prioritizes simplicity and practicality in delivering value, aligning with Lean-Agile principles.

It enables organizations to streamline complex offerings by rationalizing rules and procedures to adapt to changing environments.

While regulations ensure compliance, excessive processes can impede information flow and decision-making, slowing down workflow and hindering value delivery.

DevOps and Agile methodologies focus on eliminating waste and improving workflow for all value streams. ITIL 4, emphasizing Lean-Agile, advocates granting autonomy to organizational members and encourages simplifying system processes by reducing micromanagement.

Optimize and automate:

The ITIL principle of 'optimize and automate' mirrors manufacturing strategies, enabling faster response and higher-quality IT services. Prioritizing customer needs and experience is crucial for effective value delivery.

Simplifying processes is key to maximizing resources and delivering value swiftly while maintaining quality, availability, and security. An inflexible delivery system hampers quick value delivery.

Automation minimizes time, labor, and liability costs, aligning outcomes with stakeholder expectations. Leveraging internal data is essential for automation to ensure predictable and accurate results.

ITTL Products:

ServiceNow:

ServiceNow offers a comprehensive suite of applications catering to various workflow tasks in modern offices, with a focused emphasis on IT desk responsibilities like asset management, access governance, and service desk operations.

Their ITSM product aims to centralize ticket filing and progress tracking, utilizing mobile and web-based portals supported by predictive intelligence for efficient ticket routing and swift resolutions.

The product consists of three tiers, starting with foundational features in the base tier and progressively enhancing tracking and routing capabilities in higher tiers tailored for larger operations.

It boasts versatile integration options facilitating automated connections with systems like Jira for seamless tracking.

Atlassian Jira Service Management:

Initially designed by developers to track software creation, Jira expanded its scope after Atlassian observed teams using it for service desk requests.

This led to the creation of Jira Service Management, a separate product line. It offers a user-friendly architecture tailored for average users, emphasizing streamlined workflows and increased automation for self-service.

The service tiers vary from a free introductory version to premium or enterprise-level tools, providing advanced integration options and additional features such as the Incident Command Center for handling major issues.

Cherwell:

Cherwell's ITSM tool, part of a larger set of workflow management systems merging with Ivanti, provides omnichannel engagement for configuration management and implementing changes.

It features a low-code configuration model capable of modeling workflows, from simple to intricate, without necessitating scripting or programming skills.

Primarily centered around the 11 standard ITIL management processes, it's adaptable to tackle more complex challenges. Its objective is to achieve one-step resolutions and enable self-service for users.

Freshworks Freshservice:

Freshservice aims to facilitate teams in delivering exceptional user experiences, as per Freshworks, its vendor.

It operates on a ticket-based system within a suite of tools for service desk management and task automation.

Integrated with discussion boards like Slack and Teams, it enables issue discussions, assignments, and potential deflection to standard documentation.

Following triage, resolutions can be tracked via the Change Management Database. Additionally, its AI-engine, "Freddy," contributes to workflow automation and expedites issue resolution.

InvGate Service Desk:

InvGate's Service Desk tool prioritizes extensible automation, a versatile knowledge base, and comprehensive change tracking tailored to engage end users effectively.

Through ticket filing, users can access self-service information.

The tool efficiently tracks assets to ensure optimal functionality across hardware and software. Automating repetitive tasks is facilitated by a low-code, visual programming IDE aimed at accelerating workflow efficiency.

ManageEngine ServiceDesk Plus,
ProProfs Help Desk,
Spiceworks,
SysAid,
TOPdesk,

Wrike,
Zendesk,

ETC

SOAP - Simple Object Access Protocol

SOAP (Simple Object Access Protocol) is a protocol for exchanging XML-based messages over computer networks using commonly known protocols such as HTTP, HTTPS, and SMTP. It serves as the foundation for delivering basic messages in web services.

There are several message patterns, but typically SOAP follows the Remote Procedure Call (RPC) pattern, where a network node (client) sends a message to another node (server) and the server immediately responds. SOAP adopted the concept of an envelope/header/body structure and the principles of transport and interaction neutrality from XML-RPC and WDDX.

SOAP is designed based on the combination of headers and bodies, with XML as its foundation. The header is optional and contains metadata such as repetition, security, and transactional information. The body contains the main information, which is essential to the message.

Advantages of SOAP:

Communication Ease: SOAP allows for easy communication without being restricted by proxies or firewalls, unlike traditional remote technologies.
Platform and Language Independence: SOAP is platform and programming language independent, meaning it can be used across different systems and languages without compatibility issues.
Established Standards: SOAP has well-established standards for providing web services, such as WSDL (Web Services Description Language), UDDI (Universal Description, Discovery, and Integration), and WS-* (Web Services specifications). These standards ensure interoperability and facilitate the integration of different systems.
Built-in Error Handling: SOAP includes built-in error handling mechanisms, making it easier to handle and manage errors during the communication process.
Suitable for Distributed Environments: SOAP is well-suited for distributed environments where multiple systems need to interact and exchange data. It provides a standardized way of communication in such environments.

Disadvantages of SOAP:

Complexity and Overhead: SOAP has a complex structure and includes additional overhead due to its XML-based messaging format. This complexity can hinder scalability and performance, especially when dealing with large volumes of data.
Slower Speed: Compared to lightweight alternatives like REST (Representational State Transfer), SOAP is relatively heavier and can be slower in terms of data transmission and processing. The additional XML parsing and message formatting contribute to the slower speed.
Higher Development Complexity: Developing SOAP-based applications can be more challenging compared to other web service protocols. SOAP requires specific libraries or frameworks, and developers need to have a good understanding of the underlying SOAP specifications. This can increase development time and complexity.

SOAP Architecture:

SOAP architecture involves registering (Publishing), searching (Finding), and binding (Binding) web services through UDDI.

<?xml version='1.0' Encoding='UTF-8' ?>
<env:Envelope xmlns:env="http://www.w3.org/2003/05/soap-envelope"> 
  <env:Header>
  <m:reservation xmlns:m="https://www.website.com/reservation" env:role="http://www.w3.org/2003/05/soap-envelope/role/next">
    <m:reference>uuid:11111-22222-333333-444444-555555</m:reference>
    <m:dateAndTime>2020-01-01</m:dateAndTime>
  </m:reservation>
  <n:passenger xmlns:n="https://www.website.com/employees" env:role="http://www.w3.org/2003/05/soap-envelope/role/next">
    <n:name>John Smith</n:name>
  </n:passenger>
  </env:Header>
  <env:Body>
  <p:itinerary xmlns:p="https://www.website.com/reservation/travel">
    <p:departure>
      <p:departing>New York</p:departing>
      <p:arriving>Los Angeles</p:arriving>
      <p:departureDate>2020-01-01</p:departureDate>
    </p:departure>
  </p:itinerary>
  </env:Body>
</env:Envelope>

Example:

POST /xml/tempconvert.asmx HTTP/1.1
Host: www.website.com
Content-Type: application/soap+xml
Content-Length: 349

<?xml version="1.0" encoding="utf-8"?>      
<soap:Envelope xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xmlns:xsd="http://www.w3.org/2001/XMLSchema" xmlns:soap12="http://www.w3.org/2003/05/soap-envelope">
  <soap:Body>
    <GetUserBalance xmlns="https://www.website.com/xml/">
      <UserId>75</UserId>
    </GetUserBalance>
  </soap:Body>
</soap:Envelope>

Operation of SOAP:

The service requester encodes the web service request in SOAP and sends it to the service provider. The service provider decodes the request, performs the appropriate service logic to obtain the result, encodes the result in SOAP, and returns it.

SOAP Message Structure:

A SOAP message is an XML document composed of an optional Header and a mandatory Body enclosed within an Envelope. The Fault within the Body is used for error reporting.

SOAP Envelope: The Envelope is the root element of every SOAP message and contains two sub-elements: an optional Header and a mandatory Body.

SOAP Header: The Header is an optional sub-element of the Envelope and is used to convey application-specific information that is processed only by SOAP nodes along the message path.

SOAP Body: The Body is a mandatory sub-element of the Envelope and contains the information targeted at the ultimate recipient of the message.

SOAP Fault: Fault is a sub-element of the Body and is used for reporting errors.

Uptime

Uptime is used by server administrators to check the overall system load of a server. Uptime can be a useful reference for system load during system checks.

Uptime output Uptime typically displays one line of information including:

Current time How long the system has been running without shutting down since booting up Number of currently logged in users (referencing the /var/run/utmp file) System load averages for 1, 5, and 15 minutes Additionally, Uptime can display the first row of information when running top and w. It may also reference the /proc file system to check process information.

Command usage format uptime uptime -v By using the uptime command, you can check the time when the system was booted up and schedule appropriate reboots for safe operation.

JWT

JWT (Json Web Token) is a Claim-based Web Token that uses the Json format to store user attributes. JWT safely transmits information using a self-contained method that uses the token itself as information. JWTs, which are mainly used for member authentication or information transmission, follow the logic below for processing.

Cookie and Session

Cookie:

Cookie is a type of HTTP used by websites to store small records of information on a user's computer when they visit the site.

The server used by the website stores the user's state information on their PC via HTTP, which can then be accessed or reused as needed.

To check cookies in a browser:

To check cookies in Chrome, you can use the developer tools (F12) and navigate to the "Application" tab, then click on "Cookies" to view the cookies for the current website.

Features of cookies:

They consist of a name, value, expiration date (storage period), and path information.
A client can store up to 300 cookies.
A single domain can have up to 20 cookies.
A single cookie can store up to 4KB (=4096 bytes) of data.

Cookie Process:

The client requests a page (the user accesses a website).
The web server creates a cookie.
The created cookie is returned to the client along with the HTTP response containing information.
The received cookie is saved on the client (local PC) and is sent back to the server along with the request when the client requests again.
If the client has the cookie on their PC when revisiting the same site, the cookie is sent along with the requested page.

Session:

Session is a technology that considers a series of requests from the same user (browser) over a period of time as one state and maintains that state.

Here, the period of time refers to the time from when the visitor connects to the web server through a web browser until the visitor ends the connection by closing the web browser.

In other words, a visitor's state of being connected to a web server is considered as one unit, and it is called a session.

Features of Session

It stores information to maintain the state of a web container on the web server.
It uses a session cookie stored on the web server.
It is relatively more secure than cookies because it is deleted only when the browser is closed or the session is deleted on the server.
There is no limit to the amount of data that can be stored (up to the server capacity).
It assigns a unique session ID to each client and provides appropriate services for each request based on the Session ID.

Session Process:

The client requests a page. (The user accesses the website.)
The server checks the Cookie field in the request header of the accessing client to see if the client has sent the session ID.
If the session ID does not exist, the server creates a session ID and returns it to the client.
The server stores the session ID returned to the client using a cookie.
When the client reconnects, it uses this cookie to send the session ID value to the server.

Differences:

Cookies and sessions have similar roles and operate in a similar way. The reason is that sessions ultimately use cookies. The big difference is where user information is stored. Cookies do not use any server resources, while sessions use server resources.

In terms of security, sessions are superior. Cookies are vulnerable to tampering or interception in requests because they are stored locally on the client side. In contrast, sessions use cookies to store only a session ID and use that to differentiate and process on the server side, which makes them more secure.

Both cookies and sessions have a lifecycle. Cookies can expire, but since they are saved as files, the information can still persist even after the browser is closed. They can also be set to be kept until the cookie is deleted. On the other hand, sessions can also have an expiration period, but they are deleted regardless of the expiration time when the browser is closed.

In terms of speed, cookies are superior. Since cookies contain information, they make requests to the server faster. Sessions, on the other hand, are slower because the information is stored on the server and requires processing.

While the location of storage and security are commonly known differences between cookies and sessions, the most important difference is their lifecycle.

The reason cookies are used is that while sessions offer higher security compared to cookies, they use server resources. Since there are limits to server resources, managing resources by using both cookies and sessions appropriately can prevent waste of server resources and speed up website performance.

References:

https://en.wikipedia.org/wiki/HTTP_cookie

https://en.wikipedia.org/wiki/HTTP#HTTP_session

Chris Sewoong Lee

Menu