# Service management
The IT service management (ITSM) framework enables enterprises to align the relationship between people, process, and tooling needed through the lifecycle of IT services. The service management framework is also used to create evidentiary support for compliance and risk audits, Cloud Financial Management (CFM) capabilities, and business service requests. Enterprises also use ITSM tools to track business approvals, capture service issue resolutions, inventory technical assets, identify customer technical inquiries, and capture data points to make business decisions. These ITSM tools not only handle the daily operations for business services and applications (incidents/tickets, and CMDB transparency) but also enable everyday workflow and approvals of business requests (for example, facilities, HR, marketing, etc.). Integrating your service management framework to managing and governing your cloud capabilities will increase your operational excellence and agility.
The M&G Guide recommends five capabilities as a baseline for your service management framework within your AWS environments:
+ Provisioning and request management
+ Event and incident management
+ Problem management
+ Resource inventory management
+ Change management
## Provisioning and request management
Provisioning procedures help plan, implement, and maintain a stable technical infrastructure to support organizational business processes. Provisioning focuses on repeatable, standardized, approved, and curated templates to ensure resilient, cost effective, scalable resources. It enables enterprises to transition to a mindset of “infrastructure as code.”
Request management helps in maintaining the curated templates as Service Catalog items. Fulfillment to enterprise end users for any of the AWS services and infrastructure is ensured by Service Catalog through an automated workflow-driven process. The M&G Guide recommends integrating your provisioning, request, and distribution processes with your ITSM tool suite.
## Event and incident management
Event and incident management enables enterprises to control and restore environments and data. Event management helps in understanding what is currently happening, detect events, assess potential impact, and determine the appropriate control action. Event management provides the ability to detect and interpret environment issues, and initiate appropriate response and remediation. It is a basis for operational monitoring and control and an entry point for many service operation activities. Automation should be implemented where necessary, based on operations data and metrics. Analyzing event, incident, and operations metrics will support continual service improvement activities of service assurance. This analysis is used as inputs for organizational SLAs.
Incident management restores normal service operation and minimizes adverse business impacts on operations. Combining trend metrics with the identification of common or adverse patterns in service designs, can also help inform service availability design and reporting calculations. The M&G Guide recommends you enable an issue management mechanism across your AWS accounts. Integrating AWS events with other ITSM processes, such as incident and change management, can also increase your ability to scale.
## Problem management
Problem management focuses on identifying and resolving underlying issues (root cause) in the production environment that can lead to incidents. Problems are the underlying causes of incidents. Initially, problem management enables you to resolve the root causes of incidents to minimize impact and prevent them from happening again. Over time, problem management enables you to predict similar incidents using trend analysis and helps you proactively correlate incidents.
The main focus of problem management is root-case analysis (RCA) with the goal of identifying why an incident occurred and defining measures so that similar incidents don’t happen to resources such as applications, infrastructure, and procedures. At the core, problem management capabilities include RCA, incident analysis, knowledge management, collaboration, and reporting. The M&G Guide recommends that you extend and update existing incident and problem management capabilities with specific roles and responsibilities, support escalation paths, and standard operating procedures for your AWS environments.
## Resource inventory management
Resource inventory management provides the ability to define and control the components of services and infrastructure, and maintain accurate configuration records. The configuration management database (CMDB) ensures assets required to deliver services are properly controlled, and that accurate and reliable information about those assets is continuously available. The goal of configuration management is to define and control service components and maintain accurate configuration records. CMDB provides a single source of truth of resources and their relationships. The CMDB enables resource transparency for:
+ Compliance with corporate governance
+ Audit support
+ Visibility into service assets and their dependencies
+ Cost optimization
+ Effective change (impact analysis) and release management
+ Faster incident and problem resolution
The CMDB ensures that systems configuration management is ubiquitous and scalable. As AWS adoption progresses and more applications are deployed and running on AWS, the complexity and interdependence might become challenging. The M&G Guide recommends using hierarchical configuration management tools to help manage configurations across account, environment, stack, application, and versions.
## Change management
Change management provides the ability to request, prioritize, authorize, and approve, schedule, and implement changes to assets. This helps provide a balanced approach to modify IT services while minimizing the risk to production environments. The evidentiary controls included with change management functions allow for ease of audit and compliance reporting. Distributing your infrastructure as code in your multi-account framework should be part of change management processes and approval. This basis facilitates the automation of changes and provides for the documentation, review, and storage of changes in configuration management tools. The M&G Guide recommends that you develop an iterative approach for integrating change management with automation and distribution functions.
# Interoperable functions
The eight management and governance functions, supported by AWS services and AWS Partner solutions, work together and interoperate to reduce complexity. Outputs from these functions are used to inform or integrate with other functions.
For service management this includes:
+ Resources, applications, and accounts provisioned from ITSM tools with embedded **Controls**.
+ **Network connectivity** designs, including boundaries and isolation, provisioned, updated, and recorded with ITSM tools.
+ Aligned **Identity and access** **management** across ITSM and AWS tooling.
+ Incorporating **Security management** runbooks and playbooks with your service management framework.
+ Aggregating **Monitoring and observability** findings alongside incident management frameworks within ITSM.
+ ITSM capabilities and configuration libraries aligned to **Cloud Financial Management** reporting and insights.
+ **Sourcing and distribution** requests initiated from ITSM to support change and incident management.
# Implementation priorities
Implementation priorities for service management include incorporating or establishing policies and procedures to account for cloud services. It is a best practice to involve your operations teams early in a preparation phase before migrating production workloads using iterative production readiness criteria and checklists. Use of ITSM tools and integration with AWS services can be accomplished in an iterative manner. For example, initially tooling and integration can be implemented manually and progressing to full automation in later phases. The M&G Guide recommends that you implement service management framework processes in a phased approach that establishes a cloud operational baseline and connects with your system of record declared ITSM tools.
## Integrate provisioning processes with the ITSM tool suite
Infrastructure as code templates are the cornerstone of distribution, but also enable full service management. Integrating your provisioning and distribution processes with your ITSM tool suite is an essential step. Prioritize common requests for self-service in your ITSM tool. When creating a service template naming convention across your accounts and workloads, establish a lifecycle management process using approvals and standard workflow processes. Build templates with operational metadata (tags) and parameters to be populated in alignment with the configuration management system. Sensitive data should not be used for tag keys or values. Ensure that template access is enforced across both distribution and ITSM tooling permissions.
## Enable event, incident, and problem management across your environment
Enable an issue management mechanism such as ticketing across your AWS accounts. Integrate event management with other ITSM processes, such as incident and change management. Identify service owners, dependencies, and third-party integrations required to scale effectively with updated event store and sourcing patterns. Extend existing roles, procedures, and governance activities to accommodate cloud scale. This extension includes: incident and problem management roles and responsibilities, support escalation paths, and standard operating procedures. Establish remediation runbooks for common issue patterns to improve mean time to repair. Use game-day scenarios to validate support procedures. Analyze service trends to help provide recommendations and improve designs of your applications, resources, and environments on AWS.
## Identify accounts, environments, and resources that require asset tracking
Identify the accounts, environments, and resources that require asset tracking for compliance. Update registration in the CMDB as part of the account and asset provisioning and decommissioning processes. Track standards (regulatory, enterprise, security, financial, etc.) and compliance of required resources within AWS by creating integrations to your ITSM tooling that will enable a federated view of your AWS services and resources.
## Align change request procedures and policies for rapid cloud deployment
Align or create change request types in your policies and procedures that allow rapid deployment of resources. Determine which service templates (infrastructure as code) can be deemed as pre-approved changes. Determine how continuous integration and continuous delivery (CI/CD) pipelines will be accounted for in your change procedures. Align service and resource change requests through your ITSM tools.
## Connect your ITSM system of record tooling to AWS
Implementing [AWS Service Management Connectors](https://docs.aws.amazon.com/servicecatalog/latest/adminguide/integrations-servicenow.html) is composed of three key steps: configuring AWS native services, configuring ITSM tooling, and validating your configuration and connectivity.
1. Configuring AWS management and governance services
AWS Service Management Connectors enable integration features for Service Catalog, AWS Config, AWS Systems Manager Automation, AWS Systems Manager OpsCenter, and AWS Security Hub CSPM. AWS Service Management Connectors requires baseline configurations and permissions to these services. For more information on these specific requirements, refer to the following documentation:
+ [AWS Service Management Connector for ServiceNow](https://docs.aws.amazon.com/servicecatalog/latest/adminguide/integrations-servicenow.html)
+ [AWS Service Management Connect for Jira Service Management](https://docs.aws.amazon.com/servicecatalog/latest/adminguide/integrations-jiraservicedesk.html)
1. Configuring ITSM Tool
AWS Service Management Connectors enable integration for ServiceNow and Atlassian Jira Service Management. The connector requires you to download the Connector plugin (scoped app) from the respective ITSM tool platform. For more information on these specific requirements, refer to the:
+ [[ServiceNow Store App] AWS Service Management Connector for ServiceNow](https://store.servicenow.com/sn_appstore_store.do#!/store/application/f0b117a3db32320093a7d7a0cf961912/)
+ [[Atlassian Marketplace App] AWS Service Management Connect for Jira Service Management](https://marketplace.atlassian.com/1221283)
1. Validating configurations
Once the AWS and ITSM Tooling configurations are complete, the final step is to validate that AWS and the respective ITSM tool connected successful and the intended service management actions are enabled. For more information on these validation actions, refer to the [public documentation](https://docs.aws.amazon.com/servicecatalog/latest/adminguide/integrations.html) for the desired ITSM tool.
# AWS service management tools
The AWS Management & Governance product suite allows you to enable, provision, and operate AWS resources to determine the health and predictability of your cloud workloads. The following AWS services can be used to help you meet the prescribed benefits of the M&G Guide, establish a cloud operational baseline, and align to your ITSM solution implementation:
[AWS Systems Manager](https://aws.amazon.com/systems-manager/) is a management service that helps you automatically collect software inventory, apply operating system patches, create system images, and configure Windows and Linux operating systems. These capabilities help you define and track system configurations, prevent drift, and maintain software compliance of your Amazon EC2 and on-premises configurations. By providing a management approach that is designed for the scale and agility of the cloud but extends into your on-premises data center, Systems Manager makes it easier for you to seamlessly bridge your existing infrastructure with AWS.
[AWS Systems Manager Explorer](https://aws.amazon.com/systems-manager/features/) is a customizable dashboard providing key insights and analysis into the operational health and performance of your AWS environments. Systems Manager Explorer aggregates operational data from across AWS accounts and AWS Regions to help you prioritize and identify where action might be required.
[AWS Systems Manager Automation](https://docs.aws.amazon.com/systems-manager/latest/userguide/systems-manager-automation.html) allows you to safely automate common and repetitive IT operations and management tasks. With Systems Manager Automation, you can use predefined runbooks, or you can build, run, and share wiki-style automated playbooks to enable AWS resource management across multiple accounts and AWS Regions. The runbooks can also be used to remediate issues such as AWS Systems Manager OpsCenter OpsItems.
[AWS Systems Manager OpsCenter and Incident Manager](https://docs.aws.amazon.com/systems-manager/latest/userguide/OpsCenter-getting-started.html) provide an issue management mechanism that you can enable across your AWS accounts. This service provides a central location where operations engineers and IT professionals can view, investigate, and resolve operational issues related to any AWS resource. OpsCenter aggregates and standardizes operational issues, referred to as OpsItems, while providing contextually-relevant data that helps with diagnosis and remediation.
[AWS Systems Manager Change Manager](https://aws.amazon.com/systems-manager/features/) simplifies the way you request, approve, implement, and report on operational changes to your application configuration and infrastructure in the AWS Cloud and on premises. With Change Manager, you can use pre-approved change workflows to help avoid unintentional results when making operational changes. Change Manager helps you safely implement changes, while detecting schedule conflicts with important business events and automatically notifying impacted approvers. Using Change Manager’s change reports, you can monitor progress and operational changes across your organization, providing improved visibility and accountability.
[AWS Config](https://aws.amazon.com/config) is a service that enables detective controls to assess, monitor, and evaluate the configurations of supported AWS resources. AWS Config monitors and records AWS resource configurations and allows you to automate the evaluation of recorded configurations against desired configurations. With AWS Config, you are able to not only track the relationships among resources and quickly review the history of the resource's configuration but you can also identify the compliance of resources based on defined config rules. Use [AWS Config](https://aws.amazon.com/config) to view status, compliance, and the relationships of your provisioned AWS resources. [Getting started with AWS Config](https://docs.aws.amazon.com/config/latest/developerguide/getting-started.html) entails turning on recording and establishing the right detective controls based on your governance and compliance requirements.
[AWS Security Hub CSPM](https://aws.amazon.com/security-hub/) is a service that gives you a comprehensive view of your security alerts and security posture across your AWS accounts. With Security Hub CSPM, you have a single place that aggregates, organizes, and prioritizes your security alerts, or findings. Security Hub CSPM findings can also enable your organization to create incidents within ITSM tooling via integrations depending on the finding’s severity level.
[Service Catalog](https://aws.amazon.com/servicecatalog/) allows you to centrally manage commonly deployed AWS services and provisioned software products. The curated products are vetted and enable end users to request services and resources as needed without having direct permissions enabling segregation of duty. Service Catalog also helps your organization achieve consistent governance and compliance requirements, while enabling users to quickly deploy only the approved AWS services they need.
# AWS Service Management Connectors
The M&G Guide recommends using AWS-supplied service management connectors that enable you to access AWS services and features in familiar ITSM tooling, such as ServiceNow and Atlassian. By using your existing service management tools to provide governance, your organization can accelerate its migration and adoption of AWS at scale.
The AWS Service Management Connector for ServiceNow enables ServiceNow end users to provision, manage, and operate AWS resources natively through ServiceNow. With the connector, ServiceNow administrators can:
+ Provide pre-approved, secured, and governed AWS resources to end users through Service Catalog.
+ Run automation playbooks through AWS Systems Manager.
+ Track resources in the CMDB powered by AWS Config seamlessly on ServiceNow with the AWS Service Management Connector.
+ Define new resource types based on ServiceNow CMDB tables and synchronize these with AWS Config custom resources.
+ Configure syncing AWS Security Hub CSPM findings to ServiceNow incidents or problems.
The AWS Service Management Connector for Jira Service Management allows Jira Service Management end users to provision, manage, and operate AWS resources natively through Atlassian's Jira Service Management. Jira Service Management administrators can provide pre-approved, secured, and governed AWS resources to end users through Service Catalog, create and manage operational items through AWS Systems Manager OpsCenter, run automation playbooks through AWS Systems Manager Automation and track resources in a configuration item view powered by AWS Config seamlessly on the Jira Service Management with the AWS Service Management Connector.
If you would like support implementing this guidance, or assisting you with building the foundational elements prescribed by the M&G Guide, we recommend you review the offerings provided by [AWS Professional Services](https://aws.amazon.com/professional-services/) or the AWS Partners in the [Built on Control Tower program](https://aws.amazon.com/controltower/partners/).
If you are seeking help to operate your workloads in AWS following this guidance, [AWS Managed Services (AMS)](https://aws.amazon.com/managed-services/) can augment your operational capabilities as a short-term accelerator or a long-term solution, letting you focus on transforming your applications and businesses in the cloud.
# Integrated service management partners
The M&G Guide recommends you consider the following questions when choosing an AWS Partner solution for service management:
+ Does it provide ITSM process enablement?
+ Does it allow users to relate ITSM processes (that is, relating incidents to change requests)?
+ Does it enable business workflows and approvals?
+ Does it allow for configuration, customization, and integration to other systems and platforms?
+ Does it enable the ability to create reports and dashboards?
+ Does it enable self-service for business and service requests?
[Atlassian Jira Service Management](https://www.atlassian.com/software/jira/service-management/features/service-desk) is service management software for modern IT teams. Jira Service Management request types and projects enable self-service for developers and end users to order IT services based on request fulfillment approvals and workflows.
[ BMC Helix ITSM](https://www.bmc.com/it-solutions/remedy-itsm.html) (formerly BMC Remedy) is a service management tooling that uses emerging technologies to integrate IT service support functions.
[ServiceNow](https://www.servicenow.com/) is an enterprise service management platform that places a service-oriented lens on the activities, tasks, and processes that enable day to day work life in a modern work environment.