Business Imperatives:

• UAPs should include, at minimum, basic information about users' numbers and demographics, security access rights and restrictions, required business applications, skill levels, and system configurations. Such data will help IT executives and their teams understand and stay on top of user requirements, and flesh out BAPs. IT executives should make sure UAPs include enough basic information to help make BAPs and related service level agreements (SLAs) and quality of service (QoS) guarantees more enforceable and meaningful to larger business goals.
• At most organizations, the creation and maintenance of effective UAPs will require input from IT management and staff, line-of-business (LOB) managers, and representative samples of users themselves. IT executives should look at UAP creation and maintenance as opportunities to keep users aware of and involved in IT developments, and to gather feedback from users on those developments.
• UAP information can help significantly with IT tasks beyond simply beefing up BAPs. For example, data from UAPs can form foundations for directory-enabled and policy-based networking initiatives. IT executives should evaluate current and planned software resources, particularly asset management solutions, directory services deployments, and portals, as potential aids in development, maintenance, and support of UAPs.

Each important business application at every enterprise should have a comprehensive and up-to-date BAP associated with it. (See the RFG Research Note "The Importance of Business Application Profiles," Sept. 19, 2000.) Creation and maintenance of BAPs is essential for IT executives seeking to ensure that all critical applications deliver predictably high levels of availability, QoS, and reliability. This is especially true for wireless applications, which can suffer from greater and less predictable problems than their wired counterparts. (See the RFG Research Note "Why Wireless Applications Require Business Application Profiles," Oct. 2, 2001.)

However, BAPs alone cannot provide sufficiently comprehensive information to help IT executives fully deliver on their promises or demonstrate the business value of their efforts. To achieve these goals, BAPs must be complemented by similarly comprehensive and timely profiles of the users of those critical applications. IT executives should therefore include creation and maintenance of UAPs alongside BAPs on their lists of critical recurring tasks.

IT executives should also see UAPs in a larger context, to appreciate their full potential value. UAPs, along with BAPs, can help IT executives be more proactive in tying their technological deployments more closely to business goals and requirements. (See the RFG Research Notes "What Matters Most to IT Executives Now," June 21, 2001 and "Aligning IT with Business Strategy and Corporate Culture," Mar. 8, 2000.)

By establishing processes for UAP creation and maintenance that include seeking feedback and input from users, IT executives and their teams can proactively build and extend positive relationships with their ultimate constituents. By including UAP information with BAP data, IT executives can fine-tune availability and QoS guarantees and requirements more closely to user needs and constraints, which can increase reliability and business value of enterprise IT efforts.

In addition, creating and maintaining UAPs can provide immediate benefit to initiatives involving collaborative applications such as portals, or integrative infrastructure elements such as directory services. IT executives at enterprises where directory services or portals are already in use or under consideration should therefore ensure that these efforts are coordinated with the creation and maintenance of UAPs.

Specifically, existing repositories of user information should be examined for common elements, and consolidated or integrated where possible to provide as consistent and comprehensive a view of users and their profiles as possible. This effort should be used to construct a model UAP, and processes and rules that ease the creation and maintenance of UAPs across the enterprise. UAP processes and data should then be consolidated and integrated with relevant BAPs. In some cases, IT executives and their teams may benefit by making UAPs required parts of BAPs.

Below are listed some primary elements that should be included within each UAP. Each critical application should be accompanied by its own UAP. In addition, UAP information should be collected and stored in a way that is searchable and easy to reorganize and re-sort according to selectable criteria. Specific considerations at each enterprise will determine the requirement for fewer or more elements, and whether UAP management is centralized, distributed across multiple constituencies, departments, and LOBs, or both.

Number of Users – For applications that span the enterprise or extend beyond it, an aggregate number of users will help determine the number of licenses and servers required to deliver acceptable availability and performance. Data from this UAP element should be closely coordinated with output from relevant licensing management tools or services where possible, to crosscheck data from both sources.

User Skill Levels – While users of multiple skill levels often use the same applications, noting differing skill levels can help IT executives and their teams determine, for example, which users get access to advanced versus simplified features. IT executives will have to work closely with users and others to determine appropriate categories, such as "mobile/nomadic," "novice," and "power user." Early on, boundaries are likely to blur and overlap, and criteria to be arbitrary and subjective, but process refinement over time should make this information easier to gather and more valuable.

User Environment Specifics – This UAP element should include information about users' geographic locations, the specific hardware and software they use, and the method or methods by which each accesses enterprise IT resources. IT executives should closely coordinate information from this UAP element with the user environment information included in BAPs, as well as with information from and for any IT asset and infrastructure management solutions in place.

User Rights, Responsibilities, Restrictions, and Roles – IT executives should make sure that criteria for this UAP element are closely coordinated with any directory-enabled or policy-based resources or initiatives in place or planned at their enterprises. Information affecting or related to security and privacy policies and solutions should also be included here. Such information can help IT executives keep vendors of security and privacy solutions on track, and help refine privacy, resource access, and security policies across the enterprise. IT executives should integrate this UAP information with that provided or required by directory services solutions and policy-driven network infrastructure and security elements, such as firewalls and routers. (See the RFG Research Note "Policies and Procedures for E-Commerce Application Security," July 18, 2001.)

Once the information needed to create and maintain adequate UAPs has been determined, IT executives should determine or develop a method of electronically gathering, storing, protecting, and making available UAP information. Aside from directory services and some help desk solutions, few packaged enterprise software offerings, proprietary or Open Source, appear designed specifically to aid IT executives attempting to create and maintain extensive UAP repositories. IT executives should therefore collaborate with those responsible for application selection, deployment, and support, to determine whether any tools already in place will suffice as repositories for UAP information.

If new tools must be considered, IT executives and application development and deployment managers should collaborate on evaluation of alternatives and selection of an appropriate solution. Candidate solutions should be restricted to those based on technologies already in use and understood at the enterprise, to minimize the challenges involved in learning new tools and administration techniques. For example, development of a UAP management application based on already familiar database technology would be preferable to bringing in, learning, and adapting technologies new to an enterprise. UAP maintenance and management should then be coordinated and integrated with similar BAP-related tasks, to ensure that all such data are uniformly kept current and complete as change propagates across the enterprise and its IT infrastructure.

RFG believes UAPs can help complete and clarify the "big picture" for IT executives and their teams at almost any enterprise. IT executives should develop, deploy, and establish consistent, well-documented procedures for UAP creation, maintenance, and use, and integrate these with their efforts related to BAPs, QoS, and SLAs, to assure that key applications deliver optimum business benefit, performance, and user satisfaction.

Copyright © 2001 Robert Frances Group, Inc. All rights reserved. Agenda products are published by Robert Frances Group, Inc., 22 Crescent Road, Westport, CT 06880. Telephone (203) 291-6900. Facsimile (203) 291-6906. http://www.rfgonline.com. This publication and all Agenda publications may not be reproduced in any form or by any electronic or mechanical means without prior written permission. The information and materials presented herein represent to the best of our knowledge true and accurate information as of date of publication. It nevertheless is being provided on an "as is" basis. Reprints are available.