Workshop Program

Mickey Iqbal is an IBM Distinguished Engineer responsible for setting Infrastructure Resource Management (IRM) technology strategy for IBM's Strategic Outsourcing (SO) business , and for optimization of the IT infrastructure resources in IBM's global Strategic Outsourcing data centers, which span over 8 million sq ft of raised floor space world wide.

Mickey has led several large and complex data center transformation projects for major IBM clients, and is globally sought by clients for consultation in the areas of IT transformations, IT strategy, virtualization, green data centers and operations management. Mickey also developed the strategy and architecture for IBM SO's global operating systems provisioning and electronic software distribution services.The latter services are deployed worldwide in support of IBM's clients.

Mickey has filed multiple patents on behalf of IBM, and is the co-author of two IBM redbooks.He led the development of software technology that resulted in two IBM commercial software products: IBM Software Delivery Center and IBM Tivoli Provisioning Manager Express for Software Distribution

Mickey is certified as an IT Architect and an Executive Project Manager by IBM, and also holds industry certifications in the IT Architect and Project Management disciplines from The Open Group and the international Project Management Institute respectively.Mickey has a Masters in Business Administration and a Masters of Science in Management Information Systems from the University of Illinois at Chicago, and a Bachelors of Science in Mechanical Engineering from UET, Lahore.

A Computer-Facilitated Method for Matching Incident Cases Using Semantic Similarity Measurement
Yong-Bin Kang, Arkady Zaslavsky, Shonali Krishnaswamy, Claudio Bartolini
Abstract: This paper presents a new computer-facilitated approach for incident management to improve typical incident management. Our approach automates typical manual-based incident resolution process by proposing a new semantic similarity measurement between a given incident call and incident cases stored in a case base. The proposed semantic similarity measurement distinguishes traditional similarity measures by incorporating additionally useful information and exploiting semantic knowledge about attributes contained in incident descriptions. We first state typical incident management and its problematic trait. Then, we propose our automated incident resolution process and its core components. After that we identify the additionally useful information for our similarity measurement and describe algorithms of how our similarity measurement is carried out. In experiment, we demonstrate how our approach outperforms a certain form of typical similarity measurement and different combinations of similarity measures using the identified additional information. Finally, the statement about future and conclusion closes this paper.

Value-based IT Decision Support
Jose Augusto de Oliveira, Antão Moura, Claudio Bartolini, Marianne Hickey
Abstract: The problem: Value creation and delivery are recurrently mentioned in the literature as important drivers for effective business and IT decision making. However, the knowledge concerning value creation is commonly offered in vague, informal and subjective terms and, for that reason, corporate executives and IT staff depend mostly on personal expertise, background and intuition to practice what theory recommends. Our proposed solution: We propose a formal business value model, which aims to provide value-based decision support with less subjectivity. Validation: An illustrative example applying the preliminary model is presented, followed by a real case study where the model has been applied to support decisions in recent Brazilian municipal elections, in which an electronic voting system fully supported by IT services was used. In the first, the model was able to express in numbers information originally available only in subjective terms. In the later, IT decision-making was guided towards better IT-Business alignment.

On the Evaluation of Services Selection Algorithms in Multi-Service P2P Grids
Alvaro Coêlho, Francisco Brasileiro
Abstract: It has been shown that the use of a reciprocation mechanism in peer-to-peer grid systems which provide multiple services to their users is an efficient way to prevent free-riding and, at the same time, to promote the clustering of peers that have mutually profitable interactions. However, when peers are subject to resource limitations, each peer must select a subset of all services that can possibly be offered. Previous work showed that the overall profitability of a peer is strongly dependent on the set of services it offers. Thus, the use of an appropriate services selection algorithm is crucial to yield better profitability to peers. Clearly, evaluating the efficiency of services selection algorithms is an important aspect in the search for suitable solutions for this problem. Unfortunately, due to the complexity and inherent non-determinism of the system, it is normally intractable to compute optimal solutions even for small systems. This renders the task of evaluating the performance of practical heuristic-based algorithms difficult. This work aims to fill in this gap by providing a cheaper evaluation method. The methodology we propose maps the services selection problem into the well-known knapsack problem, making brute force techniques affordable for reasonably large systems. Then, by immersing the algorithms under evaluation on a similar setting, it is possible to assess their efficiency compared to an optimal solution. We show how the methodology can be used by evaluating two services selection heuristics.

A Model to Assess the Maturity Level of the Risk Management Process in Information Security
Janice Mayer, Leonardo Fagundes
Abstract: The Risk Management (RM) process comprises coordinated activities aimed at guiding and controlling an organization as far as risks are concerned. These activities encompass the definition of the context of analysis, assessment, treatment, acceptance, as well as the communication and the monitoring of information security risks. Organizations should implement RM in a consistent, systematic manner in order to achieve compliance with current laws, standards and regulations, and also meet mandatory requirements for the certification of an Information Security Management System. However, in the context of information security, no reference was found in literature for a model to assess the maturity level of an RM process. In order to overcome this problem, this study describes the structure of a model for the assessment of the maturity level of the RM process in the realm of Information Security. The designed model basically consists of a set of best practices, totally aligned with standard ISO/IEC 27005 and comprised of: (1) three stages; (2) five maturity levels; (3) thirty-five control objectives; (4) one control map; (5) one assessment instrument relative to the maturity level of the activities of the RM process; (6) an accountability matrix relative to each activity of the process and also a (7) risk scorecard.

A Time and Financial Loss Estimation using a Highly Parallel Scheduling Model for IT Change Management
Denilson Oliveira, Raimir Holanda
Abstract: The IT governance is defined as a set of rules, activities and processes that fits with the IT company strategy, ensuring the return on various aspects provided by IT in terms of services and maintainability of the organization. Currently, change management appears as a sensible point into the IT governance. The main activity of change management is related to scheduling definition. This scheduling definition consists in allocate a set of changes to each change window. The current literature just argues about a sequential implementation of the changes allocated into each change window, but not about a sequential and parallel implementation of a set of changes. This paper presents two important contributions: The first contribution is related to scheduling optimization with a model of parallel implementation of changes, resulting in a higher number of changes in each window and consequently reducing the time to implement the change. The second contribution consists in determine the total implementation time of each service and the associated financial loss.

IT Service Management and Governance Modeling an ITSM Configuration Process: a Foundational Ontology Approach
Gleison Baioco
Abstract: Information Technologies (IT) have become a strategic partner for business. In this context, the IT management has evolved to business driven IT management solutions. Following this evolution, Configuration Management process have playing a key role by providing accurate information of IT to other agents, such as business, people, processes, tools and technologies. However, an important requirement for the Configuration Management domain has been characterized as one of the main research challenges: interoperability. This paper presents an ontology of the IT Service Configuration Management domain committed to maximizing expressivity, clarity and truthfulness that can be used as a reference model in order to provide interoperability between the several agents involved with it.

Collaboration Environment for ITIL
Sven Graupner
Abstract: Human labor is a significant cost factor in IT management. Frameworks such as ITIL aim at standardizing complex management domains by defining and streamlining processes. These processes are followed by people when IT services are planned, designed, operated and continuously improved. These processes also establish the linkages between the business and the IT layers. This (short) paper describes a knowledge-based collaboration environment for ITIL [1] which is aimed at making work of business and IT experts dealing with planning, designing and implementing IT services using ITIL processes easier. The collaboration environment organizes work of experts around built-in ITIL concepts and allows them to map and refine concepts. The collaboration environment utilizes as a domain wiki that has, in contrast to other wikis, a knowledge base built-in, which actively guides information gathering and refinement as collaborative processes among experts from the business and IT domain. Through their collaborative work, they create a central repository of information providing visibility and linkages between different domains involved. In this paper we present the design of a domain wiki for ITIL. Common ITIL knowledge is modeled from a subset of the ITIL publications and represented as an RDF knowledge base. Inferences on this knowledge base allow users to determine the aspects that need to be refined by experts for particular engagements. Provided facts are then added to the knowledge base. In ongoing research we investigate how such a knowledge base can be established for the domain of ITIL and implemented in a Semantic Wiki.

Automated Capacity Management and Selection of Infrastructure-as-a-Service Providers
Thomas Setzer, Alexander Stage, Martin Bichler
Abstract: Infrastructure-as-a-service (IaaS) providers are gaining popularity in the application hosting market. Virtual machines of different sizes (capacities for server resources such as CPU, main memory, etc.) are offered on-demand on an hourly, daily, weekly or monthly basis. Which offering minimizes the hosting costs depends on the sizes and respective prices, but also on the demand patterns of an application and is a non-trivial selection problem for the customer. The fact that IaaS providers have different minimum subscription times, makes the problem particularly hard. In this paper, we describe an optimization formulation that determines an optimal schedule of virtual machines, which is needed to satisfy the demand of a particular application. The algorithm can be used to select the cost minimal offering of different hosting providers, but also to control the allocation and de-allocation of virtual machines with an IaaS provider over time.

Looking at Business Through a Keyhole
Jacques Sauvé, Claudio Bartolini, Antão Moura
Abstract: This position paper addresses the problem of business-IT alignment. It argues that, although Service Level Agreements were invented to capture business needs, they are insufficient to enable full alignment between IT and the business.

A general process-model to analyze and optimize the tool-landscape of IT Service Providers
Christian Richter
Abstract: IT Service Management frameworks like the IT Infrastructure Library (ITIL) or ISO/IEC 20000 enable service providers to manage their IT components and services in an efficient way. As IT infrastructures get more and more complex, this can not be achieved without the support of management tools like trouble-ticket system, workflow systems, configuration management databases, service monitoring and many others. Nowadays, many service providers face the problem, that they use up to 100 and more different tools to manage their infrastructure. The huge number often has historical reasons, as service providers in general do not have a defined management for the life-cycle of their tools. This often results in the problem that service providers have a tool-landscape with many redundant functions. Further, some tools are not well suited to support established management processes and therefore can not work as efficient as they could with more suitable tools. As neither ITIL nor other frameworks address this problem specifically, this paper points out the proposition of a PhD thesis to deal with it. The paper introduces a maturity model to effectively rate tool-landscapes, determine weaknesses and compare it to others. Further, based on the maturity model, it describes a process-model to manage, consolidate and improve a service provider's tool-landscape.

The Management of Crowdsourcing in Business Processes
Stephen Curran, Kevin Feeney, David Lewis, Reinhard Schaler
Abstract: Many organizations place value on the devolution of decision-making authority within and beyond traditional organizational hierarchies and boundaries. The sacrifice of centralized management control is exchanged for increased levels of engagement from staff, customer and partners, which may in turn lead to more agile decision making and improved commitment to implementing decisions. However, many existing IT service management and workflow management systems offer limited control over the ability to effectively devolve decision making. In this paper we examine the localization industry as an example of a domain where the economics of centrally managed and professionally executed business processes is being challenged by ideas of decentralization and the use of crowd-sourced value-generation. Through this case study we examine the challenges of integrating crowd-sourcing into existing business processes and examine a prototype implementation that highlights the system integration and management issues that come from trying to integrate these different paradigms.

EbAT: An Entropy based Online Anomaly Tester for Data Center Management
Chengwei Wang, Karsten Schwan
Abstract: The online detection of anomalies is a vital task in data centers, potentially incurring high personnel costs. Causes range from temporary or permanent hardware/software failures, to resource over- or under-provisioning, to application misbehaviors. This paper develops new methods and an associated utility for online anomaly detection, termed EbAT, Entropy based Anomaly Tester, which can efficiently detect anomalies without the need for operator interaction, analysis intervention, or predefineed system models or rules. EbAT also offers ways to zoom in on detected anomalies, the intent being to localize anomalies to certain components of data center applications or facility. EbAT is implemented in the context of virtual machine monitors, using Xen as a representative platform, and it is used to detect anomalous behaviors on such platforms running multi-tier enterprise and map-reduce applications.

Coordination and Partnering Structure are Vital Domains in Collaborative Business-IT Alignment: Elaborating on the ICoNOs MM
Roberto Santana Tapia
Abstract: Current business-IT alignment maturity models are oriented to single organizations and fail in taking special characteristics of collaborative networked organizations into account, such as the need for coordination and partnering structure. Beside such proposals, there are also models that can be used to assess the maturity of aspects related to either coordination or structure within a collaborative context. However, they are not focused on assessing alignment. Based on case studies, we claim that both coordination and partnering structure are vital domains in properly assessing business-IT alignment in networked organizations. In this paper, we describe our IT-enabled Collaborative Networked Organizations Maturity Model (ICoNOs MM), which contains four domains: partnering structure, IS architecture, process architecture and coordination. We used existing models and theories related to business and IT, and knowledge gained from previous research to identify those domains.

IT Outsourcing Competency: a Capability-Based Strategic Approach to IT Outsourcing
Tsun Chow
Abstract: IT Outsourcing literature focuses on how to develop capabilities to strategize and manage outsourcing engagements. This paper argues that these capabilities necessary for the success of IT outsourcing projects should be collectively viewed as a core competency of an organization, which needs to be taken into account when the organization is contemplating outsourcing as an option. The concepts of IT outsourcing capabilities in research and practitioner literatures are examined. A preliminary framework based on the concept of capability levels from eSourcing Capability Model for the Client Organization (eSCM-CL) and the objectives of the outsourcing projects are developed. How this framework can be used to direct empirical research is explored.