Policy – yours or mine?

In the future, corporations will use business-based policy management to control costs, allocate finite infrastructure resources, manage application access and police security. With the advent of on-demand and utility computing, as well as compute and storage virtualization, corporate concerns about policy ownership issues have risen to new heights. The major concern is that business-based policy must be end to end and be set by corporate management, then translated into deployment policies within the policy islands of infrastructure operations; user workflow; network, storage and server infrastructure; and application software.

Today, for example, a WAN vendor sets its internal network policy and provides conservative quality-of-service levels commensurate with internal operational capability and cost constraints. This situation becomes more one-sided when managed network services are brought into the equation. This is not customer-driven but vendor-driven policy. The same condition exists within the private network environment of LANs and WANs. Each network has its own infrastructure constraints driven by the vendors that provide the equipment and services. The policy engine for this environment is an extension of the network management software and database directories the customer uses for administration and security/operations management. A company might have separate management systems and operations groups for its LANs and WANs. This situation becomes more convoluted if the company has many locations or is multi-national.

A similar condition also exists for systems management. The policy environment for server, storage, database and application access/security and resource allocation often depends on the way the company is organized rather than an integrated IT application services structure.

The new world of IT, based on on-demand and utility services, requires a re-thinking of the way policy is created and managed within the corporation. No longer can policy exist in independent islands, nor can it be in the hands of vendors. This issue is so important that a new position, chief policy officer (CPO), should be created to tackle the tasks of creating corporate business-based policy practices and procedures, and identifying and integrating policy-island infrastructures. This first step will set the foundation for an implementation that’s based on the methodologies required to translate, distribute, administer, monitor and manage policy end to end within the corporation, from the user to the application, in a seamless view rather than piecemeal.

This is not a visionary dream but a requirement for success. The tools are in place to integrate, administer, synchronize and manage directories. The use of virtualization and standardized directory schema to create a common logical policy directory is not only feasible but also practical. Business-based policy management application software will come to market soon along with on-demand and utility IT software.

The limiting factor to success is the customer’s ability to dictate policy to carriers and other service vendors. For example, if the CPO sets a business-based policy that sales transactions must be posted to the corporate ledger within 6 seconds then that policy must be translated into automated application/network access, transaction workflow, database update synchronization and network prioritization/latency requirements. That information must be distributed to all policy directories. The end-to-end performance can be monitored and predefined automated alternatives taken to assure that the posting occurs within the constraints imposed by the business-based policy.

For on-demand and utility computing to succeed, the end-to-end business-based policy management issue must be addressed and planned for now. Both the service providers and infrastructure vendors must reorient their perspectives and focus on receiving policy direction from the customer rather than dictating policy to the customer.

Dzubeck is president of Communications Network Architects, an industry analysis firm in Washington, D.C. He can be reached at fdzubeck@commnetarch.com.