Setting Cloud Computing Policies

Bryan Doerr

For organizations seeking ways to add computing capacity and capability almost instantly, with no need to physically invest in new infrastructure or increase headcount, cloud computing seems to be a dream come true. For many companies, including those with enterprise scale, it provides a strategy for very closely matching IT capacity to user demand that has never before been available. The benefits are potentially enormous, including cost-effective approaches to some of the key challenges that confront IT organizations on a daily basis:

  • How can we provide a better end-user experience at the lowest cost?
  • How can we meet availability and other SLA-based requirements?
  • How can we deal more effectively with the outages that will inevitably occur?

Cloud computing can indeed provide solutions to satisfy these needs, but IT organizations that take an over-simplified view of cloud computing and commit to it without fully understanding the implications of such a move risk making things worse instead of better. In particular, cloud computing raises important policy and governance issues that must be well understood if the cloud is to provide the benefits it promises.

Beyond Virtualization

Most IT professionals associate moving to cloud computing with adapting applications to virtualized environments, but this is only part of the story. Virtualization is a critical part of this transition and most certainly opens up exciting new possibilities for the allocation of resources, but the policy decisions concerning how, when, and by whom those resources are allocated are an equally important part of the story. Unfortunately, this aspect of cloud computing is all too often overlooked. In fact, cloud computing creates a new set of challenges for IT organizations:

  • How do we ensure that resource allocation decisions are maximizing efficiency?
  • How can we ensure that such decisions don't have a negative impact on application performance?
  • How can we avoid compounding the impact of outages through poor decisions made in haste?

The fact is, IT operations are inherently complex, and cloud computing, with the flexibility it provides, only increases that complexity. Understanding the nature of the policy decisions that need to be codified becomes more important than ever.

Multi-Level Policies

Policies in a cloud operate on three different levels-resource, application and operational. Resource-level policies are primarily concerned with the management of CPU capacity, memory, and bandwidth. Application-level policies relate, as the name suggests, to the performance of applications, e.g., availability, transaction latency and other performance metrics that are typically found in SLAs. Operations-level policies have to do with the operation of the entire data center. They take into account dependencies that may exist among various applications and include decisions such as relative prioritization that span multiple applications.

Policies that fail to take all three levels into account, or the lack of policies in these areas, can lead to trouble. Consider a situation where application 'A' is controlled by an application-level policy that causes it to seek additional resources if transaction latencies rise above 500 milliseconds, and application 'B' is controlled by a similar policy. If both seek extra resources at the same time, the result may be that application 'C' begins to perform unacceptably. And what if application 'C' is mission-critical? Or what if application 'A' depends on application 'C' for input? There are all sorts of complex relationships in virtualized environments, and policies that govern them must take these relationships into account.

Policy Models

In addition to operating at three different levels, policies are also implemented via three different models-tightly coupled, programmable, and orchestrated. In the tightly coupled model, the policies come 'out of the box' with certain platform implementations. They operate automatically based on deterministic factors. A good example of this type of policy is a load balancer that provides several pre-defined load balancing policies from which to choose.

The programmable model gives IT managers a range of options within an existing framework, allowing a measure of customization. Run-book automation software is a good example of this type of policy model. The orchestrated model, typically reserved for situations considered too complex to fully automate, features decision-making based on broad contextual awareness, advanced instrumentation and human intuition.

Staying on Top of Your Cloud

Several conclusions can be drawn from this discussion of policies. The first is that there are important and complex issues related to decision-making that extend far beyond mere virtualization when adopting cloud services. IT organizations considering an in-house cloud need to take this complexity into account, because to be effective these policies not only need to exist; they need to be automated. Policy automation can dramatically increase the efficiency of a cloud if managed correctly at all three levels, but building an effective automation framework to handle the complexity of infrastructure virtualization can be very difficult. Conversely, without proper policy automation, the complexity of a cloud can actually lead to harm and poor performance, particularly in the case of unscheduled shut-downs. As an alternative, when organizations purchase cloud services from a service provider that understands policy needs, the burden of defining and automating some of these policies can be avoided.

Enterprises evaluating cloud services must understand the policy implementation mode they are buying into. They need to think about how much control they need at the resource, application and operational levels-and then make sure that it's available. When it comes to clouds, virtualization is only the beginning.

Add Comment      Leave a comment on this blog post
Jan 20, 2010 7:01 PM Adam Bullock Adam Bullock  says:
Great article, you make some excellent points. It's important to have full communication between your company's IT department and representatives from the cloud services company you decide to go with, if you choose to go that route. A meeting to initially define policies and ongoing communication is key to a beneficial and lasting relationship. Reply
Jan 21, 2010 12:01 AM Greg Greg  says:
Interesting how some of the terms are starting to gain currency. What you refer to as "programmable" is what my company refers to as "orchestration," although I can see why you make the distinction in that way. Reply
Jan 21, 2010 5:01 PM Gary Anderson Gary Anderson  says:
When contemplating a move to the cloud, IT managers should ensure that their service (cloud) provider�s levels of uptime, latency and reliability match the customer or user expectations, especially if the customers are paying for the service. For instance, Google can have a 99% reliability for Gmail, but most of that is free usage, so users can only complain so much. If the cloud is part of the customer�s day-to-day business operations, the highest level of reliability is required or there will be potential for lost revenues. Reply
Jan 23, 2010 4:01 AM Cloud Tweaks Cloud Tweaks  says:
Cloud Computing and SaaS is an expected $160 Billion industry by the year 2015. You have a good point here. Everything is well presented. Great suggestions. Reply
Jan 24, 2010 5:14 AM Bryan Bryan  says: in response to Cloud Tweaks
Thanks for your comment. The markets for all types of cloud services (SaaS, PaaS, and IaaS) are indeed expected to grow quickly adding urgency to addressing governance issues. Reply
Jan 24, 2010 5:19 AM Bryan Bryan  says: in response to Gary Anderson
Agreed. When choosing to use cloud services from a service provider, one is also outsourcing the underlying policy decisions. Inspecting these policies and choosing services/service providers that satisfy the application's requirements is essential. Reply
Jan 24, 2010 5:25 AM Bryan Bryan  says: in response to Greg
I agree, this is interesting to watch. Orchestration is likely going to be around for a while - I think it expresses the intended idea well. I've debated it in both usages with myself. Reply
Jan 24, 2010 5:33 AM Bryan Bryan  says: in response to Adam Bullock
I agree. When buying cloud services, improved policy automation is a benefit, in addition to immediate, flexible capacity. The challenge is to make sure that the policies by which you will governed align with your needs. This requires a deep inspection of and extensive conversation with your targeted provider. Reply

Post a comment





(Maximum characters: 1200). You have 1200 characters left.




Subscribe to our Newsletters

Sign up now and get the best business technology insights direct to your inbox.