Business Imperatives:

• Many applications have been deployed using best-practice or best-of-breed solutions, but the end results may not be compatible with BAP requirements. IT executives should verify that BAPs are fully developed and agreed upon before undertaking network designs or signing contracts with service providers and vendors.
• Application performance can be unique based on individual application requirements and user expectations. IT executives should identify and implement performance solutions that meet BAP requirements, and validate that they are not overspending to support undocumented or unsubstantiated application delivery requirements.
• BAPs must identify all critical elements and components in the application delivery path, as well as the performance requirements for each of these elements. IT executives should validate the delivery path is thoroughly analyzed to assure the correct application performance can be delivered and supported by selecting the most appropriate solutions that are compatible with business and budget requirements.

In some respects, BAPs are similar to the "trip tickets" that are prepared when people plan to travel by automobile to various destinations. "Trip tickets" take into account the amount of time and money available, and identify the best travel routes by distance and time. In addition, they also identify traffic obstacles that could potentially delay the journey. Similarly, BAPs should be used to provide the overall road map for enterprise application development, deployment, and support. Enterprises that neglect to develop BAPs can easily fail to provide the requisite application performance, fall short of meeting user expectations, and overspend the IT budget. (See the RFG Research Note "The Importance of Business Application Profiles," Sept. 19, 2000.)

RFG believes numerous companies do not succeed in capitalizing on the effectiveness of BAPs to reduce IT costs, and to improve application performance. In some cases, businesses can reduce application support costs by as much as 10 to 15 percent with no loss in service level performance, just by focusing on security and network requirements. However, BAPs must be systematically constructed using a disciplined approach that concentrates on the complete application path, including all IT and network elements that must be traversed to provide reliable user access.

The best way to begin the BAP process is by identifying and concentrating on the following items:

• Budget constraints
• Lifespan expectations
• Performance
• Scalability
• Security
• User expectations

Budget constraints must be identified and considered, especially in reference to performance expectations and security needs. In many instances, the budget may not be adequate to support the desired levels of performance and security, and adjustments will be required. IT executives should not only consider the initial budget costs, but also the total cost of ownership.

Lifespan expectations must be determined and considered when selecting the supporting equipment, network services, and software required to support the business application. Incorrect choices in this area could easily tilt the IT budget into a negative slope that is not easily rectified. IT executives should assign a lifespan to all business applications during the initial BAP planning process.

Performance metrics, such as availability, reliability, throughput, etc., must be carefully defined and validated to ensure there is no overspending to deliver superfluous performance. For example, it makes no sense to equip remote e-mail users with high speed DSL connections if a V.92 dial up connection is adequate. IT executives should be careful when identifying and validating application performance, and confirm that they are not over provisioning in the performance and service level areas.

Scalability requirements should be considered for at least the next 12 months to implement the appropriate network design and IT infrastructure. Scalability requirements impact both the IT budget and vendor selection process, and should be carefully reviewed by the IT staff early in the planning phase to prevent future problems.

Security requirements can drive IT budgets into the red zone, and must be painstakingly identified and validated. There are many choices when it comes to data encryption, intrusion detection, user authentication, and virus detection that must be considered. Application security will likely require upgrades and software updates over the lifespan of the application, and there will probably be interoperability issues. IT executives should verify that all corporate security guidelines are addressed, and that security for each BAP is reviewed on an individual basis.

User expectations must be identified and agreed to because a mismatch between planned application performance and the actual user experience can present major problems for the IT staff. User expectations must be evaluated against budget constraints, security issues, and support infrastructures, so that prudent business decisions can be made that everyone agrees to support. IT executives should also ensure that they have the proper infrastructure in place to deliver the required service levels during the BAP testing phase.

It is also imperative to evaluate planned performance levels for each application against user application profiles (UAPs) (or their equivalents) and IT delivery capabilities, to make sure they are compatible. (See the RFG Research Note "The Importance of User Application Profiles," Oct. 17, 2001.) This process is especially critical when users request a service level agreement (SLA) from the IT organization. (See the RFG Research Note "Service Level Agreements: Road Maps for User Satisfaction and IT Success," Nov. 28, 2001.)

Moreover, enterprises should validate and test performance and service level guarantees to verify that they can be delivered and supported, and that the required administrative and network management tools are included in the IT budget. IT executives should also consider answering the following sequence of questions when planning and reviewing the performance levels for business applications.

• Have all performance metrics been properly validated, and can they be effectively delivered, managed, and monitored by the IT organization?
• Are any performance metrics based on a third-party service or product, and if so, are they supported by an effective SLA?
• Are the necessary internal processes in place to proactively manage the required service levels proactively?
• Do the targeted performance levels require significant changes in the IT infrastructure or budget?
• Is there an established policy that defines what happens if a performance metric or service level is not delivered as promised?
• Has a pilot test been conducted to determine if application performance levels and security can be reliably delivered and maintained?

RFG believes many enterprises currently deliver higher performance levels than are actually required, and as a result, the IT budget is overspent, which places the IT organization in a difficult financial position. Consequently, IT executives should be especially cautious when crafting internal SLAs, and guaranteeing service levels. The goal of the internal SLA should be to provide a baseline of acceptable performance, unless additional funding is available to support different classes of performance, such as Silver, Gold, and Platinum.

The final step in the BAP process is to analyze the main elements in the business application delivery path, to identify their strengths and weaknesses based on performance requirements and user expectations. While it is not possible to establish an exact timeframe to complete a BAP, it typically takes the IT staff a few days to gather the necessary information. Once this step is accomplished, the IT staff can undertake a disciplined and methodical analysis of the BAP that focuses on the critical elements in the application delivery path. In some cases, certain elements in the application delivery path will not be capable of delivering the required service levels, and adjustments will be needed. A few examples of the BAP areas that could require adjustments or enhancements are identified in the following table.

Source: Robert Frances Group

At this point, the BAP analysis process should indicate if the desired levels of application performance and security can be delivered and maintained at an acceptable budget cost. Without the disciplined BAP approach, application performance tends to be bolted together in a haphazard fashion that increases overall costs and delivery complexity. IT executives should expect BAPs to pinpoint single points of failure that could jeopardize reliable application delivery.

RFG believes IT executives can better meet user expectations, improve application performance, and reduce IT costs by developing, implementing, and monitoring BAPs for business-important applications. IT executives looking for effective ways to help reduce IT costs, and improve business application service levels, should commence the BAP process as soon as possible.

Copyright © 2002 Robert Frances Group, Inc. All rights reserved. Agenda products are published by Robert Frances Group, Inc., 22 Crescent Road, Westport, CT 06880. Telephone (203) 291-6900. Facsimile (203) 291-6906. http://www.rfgonline.com. This publication and all Agenda publications may not be reproduced in any form or by any electronic or mechanical means without prior written permission. The information and materials presented herein represent to the best of our knowledge true and accurate information as of date of publication. It nevertheless is being provided on an "as is" basis. Reprints are available.