Taming the cloud – controlling complexity with policy

When it comes to clouds, virtualisation is only the beginning. A cloud governance policy is essential for reducing risks and managing resource distribution.

Cloud policies operate on three levels. Resource-level policies manage CPU capacity, memory and bandwidth. Application-level policies control availability, transaction latency and other performance metrics typically found in SLAs. Operations-level policies work over the entire data centre, taking into account dependencies among various applications and guiding on prioritisation and other key elements.

Failing to take all three levels into account can lead to trouble. If applications A and B seek resources simultaneously, the result may be that application C begins to under-perform. What if C is mission-critical or A depends on C for input? Policies must take into account the complex relationships that occur in virtualised environments.

Cloud policies are implemented via three different models:

 A tightly coupled policy model comes “out of the box” with certain platform implementations, operating automatically based on deterministic factors. A load balancer that selects from several predefined load-balancing policies is a good example of this type of policy.

 A programmable model gives options – such as run-book automation – within a framework, allowing a measure of customisation.

 An orchestrated model is typically reserved for situations too complex to fully automate. Decision-making is based on broad contextual awareness, advanced instrumentation and human intuition.

To be effective, cloud governance policies not only need to exist, they need to be automated. Policy automation can dramatically increase the efficiency of a cloud. However, building an effective automation framework for infrastructure virtualisation can be difficult.

As an alternative, many organisations purchase cloud services from a service provider that understands policy needs, easing the burden of defining and automating some of these policies. But enterprises evaluating cloud services must understand the policy implementation modes they are buying into. They need to think about how much control they need at the resource, application and operational levels – then make sure it is available. When it comes to clouds, virtualisation is only the beginning.