Setting Cloud Computing Policies

For organizations seeking ways to add computing capacity and capability almost instantly, with no need to physically invest in new infrastructure or increase headcount, cloud computing seems to be a dream come true. For many companies, including those with enterprise scale, it provides a strategy for very closely matching IT capacity to user demand that has never before been available. The benefits are potentially enormous, including cost-effective approaches to some of the key challenges that confront IT organizations on a daily basis:

• How can we provide a better end-user experience at the lowest cost?
• How can we meet availability and other SLA-based requirements?
• How can we deal more effectively with the outages that will inevitably occur?

Cloud computing can indeed provide solutions to satisfy these needs, but IT organizations that take an over-simplified view of cloud computing and commit to it without fully understanding the implications of such a move risk making things worse instead of better. In particular, cloud computing raises important policy and governance issues that must be well understood if the cloud is to provide the benefits it promises.

Beyond Virtualization

Most IT professionals associate moving to cloud computing with adapting applications to virtualized environments, but this is only part of the story. Virtualization is a critical part of this transition and most certainly opens up exciting new possibilities for the allocation of resources, but the policy decisions concerning how, when, and by whom those resources are allocated are an equally important part of the story. Unfortunately, this aspect of cloud computing is all too often overlooked. In fact, cloud computing creates a new set of challenges for IT organizations:

• How do we ensure that resource allocation decisions are maximizing efficiency?
• How can we ensure that such decisions don't have a negative impact on application performance?
• How can we avoid compounding the impact of outages through poor decisions made in haste?

The fact is, IT operations are inherently complex, and cloud computing, with the flexibility it provides, only increases that complexity. Understanding the nature of the policy decisions that need to be codified becomes more important than ever.

Multi-Level Policies

Policies in a cloud operate on three different levels – resource, application and operational. Resource-level policies are primarily concerned with the management of CPU capacity, memory, and bandwidth. Application-level policies relate, as the name suggests, to the performance of applications, e.g., availability, transaction latency and other performance metrics that are typically found in SLAs. Operations-level policies have to do with the operation of the entire data center. They take into account dependencies that may exist among various applications and include decisions such as relative prioritization that span multiple applications.

Policies that fail to take all three levels into account, or the lack of policies in these areas, can lead to trouble. Consider a situation where application “A” is controlled by an application-level policy that causes it to seek additional resources if transaction latencies rise above 500 milliseconds, and application “B” is controlled by a similar policy. If both seek extra resources at the same time, the result may be that application “C” begins to perform unacceptably. And what if application “C” is mission-critical? Or what if application “A” depends on application “C” for input? There are all sorts of complex relationships in virtualized environments, and policies that govern them must take these relationships into account.

Policy Models

In addition to operating at three different levels, policies are also implemented via three different models – tightly coupled, programmable, and orchestrated. In the tightly coupled model, the policies come “out of the box” with certain platform implementations. They operate automatically based on deterministic factors. A good example of this type of policy is a load balancer that provides several pre-defined load balancing policies from which to choose.

The programmable model gives IT managers a range of options within an existing framework, allowing a measure of customization. Run-book automation software is a good example of this type of policy model. The orchestrated model, typically reserved for situations considered too complex to fully automate, features decision-making based on broad contextual awareness, advanced instrumentation and human intuition.

Staying on Top of Your Cloud

Several conclusions can be drawn from this discussion of policies. The first is that there are important and complex issues related to decision-making that extend far beyond mere virtualization when adopting cloud services. IT organizations considering an in-house cloud need to take this complexity into account, because to be effective these policies not only need to exist; they need to be automated. Policy automation can dramatically increase the efficiency of a cloud if managed correctly at all three levels, but building an effective automation framework to handle the complexity of infrastructure virtualization can be very difficult. Conversely, without proper policy automation, the complexity of a cloud can actually lead to harm and poor performance, particularly in the case of unscheduled shut-downs. As an alternative, when organizations purchase cloud services from a service provider that understands policy needs, the burden of defining and automating some of these policies can be avoided.

Enterprises evaluating cloud services must understand the policy implementation mode they are buying into. They need to think about how much control they need at the resource, application and operational levels – and then make sure that it’s available. When it comes to clouds, virtualization is only the beginning.