Managing an information technology (IT) infrastructure is a labor-intensive task for which not enough skilled people are available. The idea is to make those IT systems autonomous, shifting the operational decision making from the people to the technology. This book praises the potential of policy-based technologies for realizing so-called self-managing systems.
First, the authors explain what is meant by policies and how they can be used in self-management. Several types of policies exist--some constrain the behavior of a system, while others explicitly require an action to be taken. As such, policies can be used to configure, protect, repair, and optimize a system.
Policies do not occur automatically. The second chapter presents an overview of the policy life cycle. Human initiative is required to create and specify policies at a high level. These abstract policies can be analyzed and translated into lower-level formats, which can then be distributed to locations where the policies must be implemented and processed automatically. Individual steps in this life cycle are elaborated in subsequent chapters.
How are policies represented? It is obvious that information models and languages play an important role in the specification of policies. Chapter 3 gives an overview of information models that can be used for this purpose, but finally the standard for representing policies is the policy model that is part of the overall common information model (CIM). The Distributed Management Task Force (DMTF), the organization responsible for developing policy standards, defines the CIM. Chapter 4 continues with a survey of languages that have been used for the concrete specification of individual policies. One general policy language that is explicitly designed to work with the CIM model, the simple policy language for CIM (CIM-SPL), is elaborated in more detail.
Chapter 5 introduces all kinds of techniques and algorithms for transforming and analyzing policies. Policy transformations are very important and occur at several locations in the policy life cycle: to translate a high-level policy into a lower-level policy, to translate a system-level policy into a component-level policy, and to translate a technology-independent policy into a policy dealing with a specific configuration. Some transformations occur during design time, but others have to be done in real time, while the system is operating. Additional policy analysis is required. It is necessary to check whether any two policies are in conflict and, if so, to resolve this conflict. On the other hand, it must be ensured that a set of policies covers all possible situations; if not, additional or default policies must be added.
In the second part of the book, three chapters are devoted to specific application domains of policy-based management: configuration management, fault management, and security management.
In a large-scale distributed system, a large number of devices and applications must be configured properly. A policy-based approach can simplify the management of such an environment in several ways. Policies can be used to define configurations at a high level of abstraction, while policy transformation ensures the correct and automatic lower-level configuration of the individual devices. Policies can also be used to check existing configurations and adjust configurations to changing conditions.
Fault management in large-scale networks or distributed systems is a complex issue, because a single fault in one component may cause many other components to experience problems, with a large number of alarms as a result. Therefore, policies are pervasive and play an important role in each step of the fault management process: they determine what type of information must be collected via a variety of probes and monitors; they convert that information into a common canonical format; they reduce the number of events that must be investigated further; they correlate the remaining events using topology information to perform the analysis of the actual root cause; and, finally, they are used to identify and apply the desired remedial action.
The same holds for security management. Security is a wide and complex area that covers diverse aspects. Policies can be used in all security-related tasks, such as ensuring authentication, organizing access control, encryption, intrusion detection, and denial-of-service (DoS) attack prevention. After a general overview, the policy-based configuration of an Internet protocol security (IPsec) protocol stack is presented as an illustration.
The final chapter concludes with some related topics: the use of policies in related areas such as business process management, IT service management based on the Information Technology Infrastructure Library (ITIL) standard, and the management of service-level agreements (SLAs), among others.
This book is not suitable as a classroom textbook. Although the text is generally easy to read, some parts are very cryptic and too short to get real insight into the problem. On the other hand, the explanation of the CIM policy model soon becomes impossible to understand, since some classes mentioned in the text cannot be found in the accompanying diagram (this diagram seems to be page 1 of a multi-page policy schema of the DMTF policy working group).
It was not the intention of the authors--five policy and networking experts from the IBM T.J. Watson Research Center--to be comprehensive, as this would clearly not be possible in a compact book that merely summarizes the state of the art in this field.
Other application areas, such as policy-based service provisioning and policy-based quality of service (QoS) management, could have been included in the second part of the book. Existing efforts to introduce a policy-based approach in operational support systems are not mentioned. Protocols for the exchange of policy information, such as the common open policy service (COPS) standard of the Internet Engineering Task Force (IETF), are briefly mentioned in a separate note, but not described in detail in the text.
The reference list is rather limited. A lot of the current research is absent (for example, chapter 8 does not have a single reference to recent material), but all historical references to basic material (Bell and LaPadula [1], Codd [2], and Dantzig [3]) are mentioned. Papers exist that provide a comparable overview with a more comprehensive reference list, but they are not referenced in this book. There is no separate acronym list, despite the abundance of acronyms in the text; this is not a real problem since all of the acronyms can be found in the index.
