Models, Methods and Tools for Availability Assessment of IT-Services and Business Processes
Total Page:16
File Type:pdf, Size:1020Kb
Models, Methods and Tools for Availability Assessment of IT-Services and Business Processes Dr.-Ing. Nikola Milanovic Habilitationsschrift an der FakultÄatIV { Elektrotechnik und Informatik der Technischen UniversitÄatBerlin Lehrgebiet: Informatik ErÄo®nug des Verfahrens: 15. Juli 2009 Verleihung der LehrbefÄahigung:19. Mai 2010 Ausstellung der Urkunde: 19. Mai 2010 Gutachter: Prof. Dr. Volker Markl (Technische UniversitÄatBerlin) Prof. Dr. Miroslaw Malek (Humboldt UniversitÄatzu Berlin) Prof. Dr. Alexander Reinefeld (Humboldt UniversitÄatzu Berlin) Berlin, 2010 D 83 II III Abstract In the world where on-demand and trustworthy service delivery is one of the main preconditions for successful business, service and business process avail- ability is of paramount importance and cannot be compromised. For that reason service availability is in central focus of the IT operations management research and practice. This work presents foundations, models, methods and tools that can be used for comprehensive service and business process availability assess- ment and management. As many terms in this emerging ¯eld are used colloquially, Chapter 2 pro- vides detailed background and de¯nitions. The problem of service availabil- ity assessment and management is interdisciplinary, combining ¯elds of fault- tolerance, service oriented architecture and business process management. An- other role of this chapter is to make the text accessible to readers with dif- ferent backgrounds. After the context of service availability has been intro- duced, Chapter 3 presents existing models for availability and performability assessment. The emphasis is on formal availability models, such as combinato- rial (e.g., reliability block diagrams, fault trees) and state-space (e.g., Markov chains, Petri net) models, but qualitative models (e.g., maturity models such as ITIL or CobiT or standards such as ISO 27002 and ISO 12207) are also covered, albeit with limited scope as they are not the primary focus of this work. In Chapter 4, more than 60 commercial, public domain and academic tools for availability assessment are surveyed and compared. Downsides and limitations of standard availability models, both from methodical and practical perspec- tive, are identi¯ed and a novel approach for quantitative service availability assessment is presented in Chapter 5. It treats service and process availability as complex functions of availability properties of underlying ICT infrastructure elements and enables automatic generation of availability models, based on ser- vice or process description. Finally, Chapter 6 positions presented work in the context of a comprehensive vision for model-based IT service management. IV V Acknowledgements First and foremost I would like to thank my supervisors, Prof. Miroslaw Malek (Humboldt University Berlin) and Prof. Volker Markl (Berlin University of Technology), for their continued support throughout my work. I am thankful to Prof. Andras Pataricza (University of Budapest) and his group for fruitful cooperation. My thanks also go to numerous friends and colleagues, among others Reinhard Meyer and Stefan BrÄuning,who helped with the survey of tools for availability modeling, and specially to Bratislav Milic who contributed signi¯cantly to research in the area of service mapping and infrastructure de- scription. I would like to express my gratitude to Dr. Steve Flanagan (IsoGraph) and Dr. Uwe Laude (Federal O±ce for Information Security / Bundesamt fÄur Sicherheit in der Informationstechnik) for supporting this research and making IsoGraph and GSTool software packages available to me. Prof. Kishor Trivedi (Duke University) and Prof. William Sanders (University of Illinois) deserve additional recognition for providing me with SHARPE and MÄobiussoftware. This work would not be possible without the patience, support and love of my son Nebojsa and my wife Maja. Berlin, 03.06.2009 VI Contents 1 Introduction 1 2 De¯nitions 5 2.1 Reliability and Availability ..................... 5 2.1.1 Reliability ........................... 8 2.1.2 Availability .......................... 12 2.2 Performability ............................. 15 2.3 Services and Business Processes ................... 18 2.4 Service Availability and Performability . 22 3 Availability and Performability Models 31 3.1 Analytical Models .......................... 31 3.1.1 Reliability Block Diagrams . 31 3.1.2 Fault Trees .......................... 37 3.1.3 Reliability Graphs and Complex Con¯gurations . 40 3.1.4 Markov Models ........................ 45 3.1.5 Stochastic Petri Nets ..................... 57 3.1.6 Stochastic Activity Networks . 62 3.1.7 Markov Reward Models ................... 69 3.2 Qualitative Models .......................... 75 3.2.1 CMMI ............................. 76 3.2.2 ITIL .............................. 77 3.2.3 CITIL ............................. 79 3.2.4 ISO/IEC 15504 { SPICE . 80 3.2.5 CobiT ............................. 80 3.2.6 MOF ............................. 82 3.2.7 MITO ............................. 83 3.2.8 ISO/IEC 27002 ........................ 84 3.2.9 ISO 12207/IEEE 12207 ................... 85 3.2.10 Relationships between Maturity Models in the Availabil- ity Context .......................... 86 4 Tools for Availability Assessment 89 4.1 Quantitative Tools .......................... 90 4.1.1 Analytical and Simulation Tools . 90 4.1.2 Benchmarking Tools ..................... 93 VII VIII CONTENTS 4.2 Qualitative Tools ........................... 94 4.2.1 Risk Management Tools ................... 94 4.2.2 Process Management Tools . 95 4.3 Hybrid Tools ............................. 96 4.4 Interoperability and Usability .................... 97 4.5 Tool Comparison Summary ..................... 98 5 Service and Process Availability 109 5.1 Mapping BPMN activities . 111 5.2 Infrastructure graph generation . 114 5.3 Automatic Generation of Availability Models . 119 5.4 E-Mail Service Availability Assessment . 121 5.4.1 Service Description and Mapping . 121 5.4.2 Availability Assessment . 123 5.4.3 Total Service Availability . 125 5.4.4 Working with Incomplete Data . 126 5.5 Publishing Business Process Availability Assessment . 128 5.5.1 Business process description and mapping . 128 5.5.2 Business Process Availability Assessment . 133 5.6 Generation of State Space Models . 134 5.7 Generation of Hierarchical Models . 137 5.8 Tool Prototype ............................139 6 Summary and Future Work 143 A MÄobiusAvailability Model 159 B Availability Assessment Tools 165 B.1 General Purpose Quantitative Modeling Tools . 165 B.1.1 ACARA ............................165 B.1.2 ARIES .............................167 B.1.3 BQR CARE . 169 B.1.4 CARE III . 171 B.1.5 CARMS ............................173 B.1.6 CASRE/SMERFS . 174 B.1.7 CPNTOOLS . 175 B.1.8 DyQNtool+ . 177 B.1.9 Eclipse TPTP (Test and Performance Tool Platform) . 178 B.1.10 ExhaustiF . 179 B.1.11 FAIL-FCI . 180 B.1.12 FIGARO / KB3 Workbench . 181 B.1.13 GRAMP/GRAMS . 183 B.1.14 HARP .............................186 B.1.15 IsoGraph FaultTree+ . 188 B.1.16 IsoGraph AvSim+ . 190 B.1.17 IsoGraph Reliability Workbench . 192 B.1.18 IsoGraph Network Availability Program (NAP) . 194 CONTENTS IX B.1.19 IsoGraph AttackTree+ . 196 B.1.20 IsoGraph Report Generator . 197 B.1.21 MARK ............................198 B.1.22 METFAC . 199 B.1.23 METASAN . 201 B.1.24 MÄobius ............................202 B.1.25 NFTAPE . 204 B.1.26 NUMAS ............................205 B.1.27 OpenSESAME . 206 B.1.28 PENELOPE . 207 B.1.29 PENPET . 208 B.1.30 Relex Reliability Studio: PRISM . 209 B.1.31 QUAKE ............................210 B.1.32 Reliability Center: PROACT, LEAP . 212 B.1.33 Reliass .............................213 B.1.34 Reliasoft ............................215 B.1.35 SAVE .............................218 B.1.36 SHARPE . 219 B.1.37 SPNP .............................223 B.1.38 SoftRel LLC: FRESTIMATE . 224 B.1.39 SURE .............................226 B.1.40 SURF-2 ............................228 B.1.41 Sydvest CARA Fault Tree . 229 B.1.42 Sydvest Sabaton . 230 B.1.43 TANGRAM . 232 B.1.44 Mathworks Stateflow . 233 B.2 Qualitative and Process Management Tools . 234 B.2.1 Advanced Technology Institute: OCTAVE Automated Tool234 B.2.2 Alion Science and Technology: CounterMeasures . 236 B.2.3 Aprico Consultants: ClearPriority . 237 B.2.4 Aexis: RA2 . 238 B.2.5 BMC: Remedy Suite . 239 B.2.6 BSI: GSTOOL . 241 B.2.7 CALLIO: Secura 17799 . 243 B.2.8 CCN-CERT: PILAR / EAR . 245 B.2.9 C&A Systems Security: COBRA . 246 B.2.10 DCSSI: EBIOS . 248 B.2.11 Fujitsu Interstage Business Process Manager . 250 B.2.12 HP: Mercury BTO Enterprise Solutions . 251 B.2.13 IBM High Availability Services . 257 B.2.14 IBM Tivoli Availability Process Manager . 259 B.2.15 Information Governance: PROTEUS . 261 B.2.16 Insight Consulting/Siemens: CRAMM . 262 B.2.17 RiskWatch: RiskWatch for Information Systems . 264 B.2.18 Self assessment programs by itSMF International . 265 B.2.19 Software AG CentraSite . 267 B.2.20 Telindus Consultants Enterprises: ISAMM . 269 X CONTENTS List of Figures 1.1 Service QoS measures and attributes ................ 3 2.1 Failure rate as a function of time (the bathtub curve) . 7 2.2 Graphical interpretation of reliability ................ 9 2.3 Software failure rate ......................... 10 2.4 Typical availability function ..................... 14 2.5 Historical perspective of the SOA development [118] . 18 2.6 The SOA roles and interactions ................... 19 2.7 Services and business processes ..................