In considering simplification, I’ve been thinking about policies. I love the idea of policy-based management and IT systems that implement policy. But isn’t there a risk of policy sprawl? If we allow free reign on policy configuration, we will end up with a huge number of policies. Will we end up with so many possible policy combinations that we have more policies than configuration settings? One way to reduce the possible load from managing policies is to reduce the options within each policy area. Maybe vendors should be defining standard policies and simply letting customers assign those policies. Fewer options lead to less time spent selecting what policy settings to use.
Articles Tagged with Policy
At the end of last year and the beginning of this year the Virtualization Security Podcast featured two very different guest panelists to discuss cloud security, policy, and compliance: Phil Cox, Director of Security and Compliance at RightScale, joined us for the last podcast in 2011 and the George Gerchow of VMware’s Policy and Compliance Group, joined us for the first podcast of 2012. We asked is the public cloud ready for mission critical applications. The answer was surprising. Have a listen and let us know your thoughts.
When you read books on virtualization, cloud computing, security, or software product sheets a common word that shows up is Policy. Tools often claim to implement Policy, while books urge you to read or write your Policy. But what does Policy imply?
Webster (webster.com) defines policy as:
1 a : prudence or wisdom in the management of affairs b : management or procedure based primarily on material interest
2 a : a definite course or method of action selected from among alternatives and in light of given conditions to guide and determine present and future decisions b : a high-level overall plan embracing the general goals and acceptable procedures especially of a governmental body
When you read policy in product literature and books we are looking at definition number 2 and often a over b. But what does this mean to those who administer and run virtual environments or make use of cloud services?