How Policy-Based Computing Can Automate Tasks and Reduce = Costs

Date: Jan 14, 2005 By Richard=20 Murch.

This article introduces the emerging technology of = policy-based=20 computing. The systems and software of policy-based computing show = promise in=20 automating tasks and reducing the costs of complex applications and=20 systems.

Over the last several years, many enterprises have concentrated on = making=20 individual business processes more efficient. This work has typically = been done=20 within application or line-of-business silos. As we look forward, = however,=20 continued improvement in business performance will require a more = "horizontal"=20 view, looking across the business and its ecosystem of suppliers, = partners, and=20 customers=E2=80=94and even globally. In the not-too-distant future, = corporations will=20 use business-based policy management technology to control costs, = allocate finite infrastructure resources, manage application access, and = police=20 security.

What Is Policy-Based Computing?

The term policy-based computing refers to a software model = that=20 incorporates a set of decision-making technologies into its management=20 components in order to simplify and automate the administration of = computer=20 systems.

Let's consider an example. Suppose an accounts receivable financial = system=20 needs parameters input daily: date of payment, general ledger control = numbers,=20 and so on. Some of these parameters are hard coded; others are entered = manually=20 by the user. The individual programs in the financial system application = then=20 access and use the information at runtime. With policy-based computing,=20 parameters can be set up automatically one time and then used by each=20 application.

Policies are definitions returned from a policy data = store and=20 used at runtime by application software. In the past, such information = might=20 have consisted of hard-coded parameters embedded within an application = program.=20 Sometimes these parameters were placed into configuration files where = the=20 settings could be changed by editing the files and restarting the = application=20 (or having the application reread the configuration file). Policies = generally=20 replace the majority of configuration data in a configuration file, and = a policy=20 can provide far more data than a configuration file could. A policy may = even=20 refer to additional policies and applications as needed to solve = advanced issues=20 or provide for more dynamic applications. To continue with our accounts=20 receivable example, the policies defined within the accounts receivable = system=20 need to access the policies defined in the general ledger system: data, = files,=20 system totals, and so on. This information needs to be transferred to = the=20 general ledger when an accounts receivable run is completed. The policy = can=20 define the expected outcomes, even down to security levels.

Figure 1 illustrates a simple model of policy-based computing applied = to=20 quality of service, security, or even provisioning and = configuration.

Figure 1

A policy manager creates policies to define how resources or = services=20 in the network can or cannot be used. The policy-based management system = transforms these policies into configuration changes and applies the = changes to=20 the network. The software provides an automated configuration and = control=20 solution for specific problems in the network.

Advantages of Policy-Based Systems

Significant simplification is achieved by allowing administrators and = operators to specify management operations in terms of objectives or = goals,=20 rather than detailed instructions that need to be executed. This setup = supports=20 a higher level of abstraction, while permitting dynamic adjustment of = the=20 behavior of the running system without changing its implementation.

If you have hundreds of applications that use configuration files, = for=20 instance, it's probably difficult to manage all of them, especially if = many are=20 related to different versions of application software running at = different=20 sites. It's often impossible for one organization even to locate all of = these=20 applications, as they tend to be managed by various groups or = organizations=20 within different locations. Configuration data in a centralized = policy=20 store allows an inventory of the existing configurations to be = created and=20 managed.

A set of policies might even be created to support sharing = application data=20 among different companies=E2=80=94partnering with other organizations to = utilize=20 services that provide synergistic capabilities between companies. By = linking=20 through networks, for example, NASA can transmit minute specification = changes to=20 its hundreds of thousands of specialist contractors that design and = build=20 spacecraft parts, software, circuits, and so on. Such automatic transfer = of data=20 based on policies minimizes effort and saves money for NASA and for the=20 contractors.

In the simplest terms, policies operate very much like configuration=20 files=E2=80=94something well understood by programmers, system = administrators, and=20 support organizations. This likeness makes it fairly painless to adapt = policies=20 to existing technologies and applications. Designers and users of new = devices=20 such as VPN servers, routers, Internet appliances, and wireless gadgets = need to=20 consider how to utilize policies to deploy their applications. Security = policies=20 can be standardized across the enterprise for more effective = security.

With policies, network operations are simplified (compared to = managing=20 configuration data on dispersed systems). Support becomes more effective = because=20 methods and configurations can be made accessible to support = organizations. This=20 change should reduce support costs and reduce downtime once issues are = detected.=20 Engineering staffs benefit by being able to more easily reuse and expand = existing applications. Many parameters can be exposed, allowing for = improved=20 support or application tuning.

There are many general benefits of policy-based systems:

Centralized management. Applications can be anywhere, but = the=20 operational settings are visible no matter where they are.
Scalability. As you need more processing power, added = processors can=20 share one or more dynamic policies.
Flexibility. Policies can hold some things that = configuration files=20 can't; for example, serialized Java classes. Different parts of a = policy or=20 groups of policies can also be used by different applications at the = same=20 time.
Adaptability. Existing programs can be adapted to use a = policy=20 rather than a configuration file and join in as a new processing agent = to a=20 larger application solution. Any program that can access an LDAP = policy store=20 can use or share a policy, and any application can provide dynamic = updates to=20 one or more policies.
Reduced IT complexity. More application automation = simplifies things=20 for the ever-more-precious IT staff.
Versioning. You can have different policies of the same name = available at the same time, allowing applications to roll forward or = backward=20 depending on a variety of factors such as special events, work = hours/off=20 hours, holidays, and so on.
Specificity. Policies can alter functionality based on = application=20 load or particular events such as large, complex conversions or = upgrades.
Uniqueness. Different policies can be defined for all = operational=20 interfaces. This could mean a unique policy for each unique device, = which=20 becomes important when associating XML with specific policies to = support a=20 variety of devices (Internet-enabled, wireless, etc.).

Creating applications and supporting business processes across lines = of=20 business or organizations requires the ability to use and integrate = existing=20 applications and processes. Such flexibility allows businesses to adapt = and=20 assemble new applications to support new business requirements. If there = was=20 ever an argument for using industry standards, it's being able to = quickly=20 integrate processes that weren't built to work together, derived from a = variety=20 of vendors. With industry standards, applications don't need to be = re-created=20 every time some piece of hardware or software changes, or rewritten to = support=20 changes in dependent processes.

Aside from the business flexibility that comes from the ability to = integrate=20 people, processes, and information across the business, the IT = infrastructure=20 must be made simpler and more manageable=E2=80=94that is, less complex. = This need=20 includes support for virtualizing required resources and automating the=20 management and operations of the IT environment.

Policy-Based Systems Versus Service-Level Agreements (SLAs)

Policy-based computing can be compared to the typical end user = service-level=20 agreement (SLA) now used extensively throughout the IT world. = Service-level=20 agreements are modeled as a contract among two or more parties in a = service=20 relationship, designed to create a clear, measurable, common = understanding of=20 the role each party plays in the SLA. A party role represents a = set of=20 objectives and rules that define the minimum service-level expectations = and=20 service-level obligations, deliverables that affect other roles, and=20 constraints. With policy-based computing, the individual system = parameters and=20 constraints that set the service levels for each application can be=20 automated=E2=80=94similar to today's SLAs. Policy-based computing will = eventually be=20 written into service-level agreements; for example, a policy might = specify a=20 vendor's agreement to maintain a specific response time to fix system=20 problems.

NOTE

To be effective, policies must be managed in an automated fashion. = Policy=20 management applications need to be created to allow operations staff = to=20 properly configure the policy-based applications. Policy viewer=20 applications allow the current status of the policy to be viewed by = anyone=20 who needs to see it. Engineering alterations may need to be provided. = Engineers,=20 data operations, policy managers=E2=80=94even the applications running = against the=20 policies=E2=80=94create operational information, XML DTDs, program = logic, and so forth.=20 This topic is quite complex, and beyond the scope of this = article.

Downsides of Policy-Based Computing

The following list highlights some of the more difficult aspects of=20 policy-based computing:

Infrastructure must be in place. Policy-based computing will not = run on=20 existing infrastructures.
All systems, software, and applications must know how to interact = with the=20 policy server.
The datacenter network must be able to support the policy-based=20 applications.
Network delays may affect directory access operations; the design = of the=20 applications need to take this issue into account.

With the advent of utility computing as well as computer and storage=20 virtualization, corporate concerns about policy ownership issues have = risen to=20 new heights. The major concern is that business-based policy must be = end-to-end=20 and be set by corporate management, and then translated into deployment = policies=20 within the policy of infrastructure operations: user workflow; network, = storage,=20 and server infrastructure; and application software.

The new world of IT, based on utility services, will require a basic=20 rethinking of the way policies are created and managed within the = corporation.=20 No longer can policy exist in independent islands, nor can it be in the = hands of=20 vendors. This issue is so important that a new corporate executive = office is=20 created: the chief policy officer (CPO) tackles the tasks of = creating=20 corporate business-based policy practices and procedures, and = identifying and=20 integrating policy-island infrastructures. This first step will set the=20 foundation for an implementation that's based on the methodologies = required to=20 translate, distribute, administer, monitor, and manage policy end-to-end = within=20 the corporation, from the user to the application, in a seamless way = rather than=20 piecemeal.

Summary and Final Thoughts

A corporate IT-based strategy needs to be defined in which = application=20 standards that utilize policies are defined. Policy infrastructure needs = to be=20 put in place=E2=80=94this means two or more LDAP directory servers that = are set up with=20 replication of the policy storage trees. Management must make a = commitment to=20 support the technology and make it a part of the company's long-term=20 strategy.

Policy-based computing will eventually redefine the way you manage = your=20 applications' network and datacenters; it's just a question of when. = Policy=20 management is necessary to administer network quality of service, = security, and=20 resources throughout the enterprise.

Policy-based management has risen to the forefront of the networking=20 industry. With many vendors announcing plans and/or products, you have = many=20 options to improve on your complex process for configuring networks.

References

IBM = autonomic=20 computing
Sun enterprise computing
Microsoft Dynamic Systems Initiative
Global Grid = Forum
Platform=20 LSF
Nicodemos Damianou et al., "The Ponder Policy Specification Language" (PDF)
Pascal Van Hentenryck, Constraint Satisfaction in Logic = Programming=20 (MIT Press, 1989)
VMware
Common = Information=20 Model (CIM)
Distributed = Management Task=20 Force (DMTF)
Object=20 Constraint Language (OCL)
SNIA = CIM Object=20 Manager (CIMOM)
A. Felfernig et al., "UML as a domain specific knowledge for the=20 construction of knowledge based configuration systems." In the = Proceedings of=20 SEKE'99 Eleventh International Conference on Software Engineering and=20 Knowledge Engineering, 1999
Rajesh Raman et al., "Matchmaking:=20 Distributed Resource Management for High Throughput Computing" = (PDF)
PARLAY=20 specifications
Jonathan D. Moffett and Morris S. Sloman, "Policy=20 Conflict Analysis in Distributed System Management" (PDF)
OASIS
Smart=20 Framework for Object Groups (SmartFrog)
Dinesh Verma et al., "Policy based SLA Management in Enterprise Networks" = (PDF)
Ian Foster et al., "The=20 Anatomy of the Grid: Enabling Scalable Virtual=20 Organizations"

=C2=A9 2004 Pearson Education, Inc. InformIT. All = rights=20 reserved.

800 East 96th Street Indianapolis, Indiana=20 46240