Arch2Arch Tab BEA.com
 GET INVOLVED
 Blogs
 Newsgroups
 Submit Articles
 CENTERS
 SOA
 Governance
 SOA Integration
 Enterprise Social Computing
 Virtualization
 Event-Driven Architecture
 RESOURCES
 Arch2Arch Media Center
 Article Index
 Events Calendar
 About Arch2Arch
 SUBSCRIBE
 Arch2Arch Advisor
 RSS Feeds
Syndicate this blog (XML)
Main | The Sad Truth Behind Policy Interoperability »

Centralized Policy Management: Is it a Pipedream?

Bookmark Blog Post

del.icio.us del.icio.us
Digg Digg
DZone DZone
Furl Furl
Reddit Reddit

Michael Stamback's Blog | May 3, 2007   7:23 PM | Comments (2)


A topic I get asked about more and more these days is policy management, especially in its relation to SOA Governance, and what BEA's story is around policy management.  A lot of what I read out on the ether seems to oversimplify this topic but does a very convincing job of indicating the need for 'centralized' policy management.  Given the complexity associated with policy management, I wonder if this is a pipedream or something we should all be striving for.

When I hear the term central policy management, I wonder what that really means.  To me, central policy management means having a central location where policies are created, managed, and potentially enforced.  In most cases, this is done through a registry/repository, but is that really the right place to administrate policy?   Maybe for policies that dictate design and implementation rules, but what about those policies that aren't enforced until the time of execution?

First, policy management requires a distributed structure.  There are many types of policies out there, each having its own method for enforcement.  For example, security policies require a much different knowledge base and enforcement then an SLA policy.  Therefore, you might use something like BEA's AquaLogic Enterprise Security product to enforce security access policy across heterogeneous resources but use AquaLogic SOA Management to enforce SLA policies.  

Second, is there really a central master policy manager role.  Or are there different policy management roles within the organization based on the type of policy?  For example, would a security policy and management policy be managed by the same policy administrator?  My experience is that these are separate individuals with distinct skill sets.   

Finally, those individuals that administrate policy tend not to work within the same environment as those that are building composite solutions.  Developers and architects are more apt to live within the registry/repository for governance of the assets being produced.  Policy administrators, at least the ones responsible for runtime policies, tend to be more operations focused, meaning they live and work within an entirely different environment.  That being said, you may have distributed policy stores that in themselves provide central management over specific types of policies, such as security, management, or routing.   

With this in mind, I think the best approach to having a complete policy management story is not necessarily to have one interface for defining all policies. Instead, I think the right approach is to have the ability to centrally manage the policy artifacts for governance, change management, versioning, etc but still allow for distributed policy authoring and enforcement based on policy type, enforcement specialty, etc, especially given the lack of adoption around any standard.  This requires an integrated approach where design-time policies and runtime policies are centrally managed as artifacts, but are authored and enforced in a distributed manner.  This is where BEA provides a strong solution. 

BEA provides solid offerings in policy enforcement with ALES, ALSM, ALSB, etc where policies can be defined and enforced within these products.  The policies created can then be synchronized back to ALER for management of the policy artifact itself for dependency tracking, change management, versioning, etc.  This, in effect, gives you centralized management of policy with distributed enforcement.  This, in my mind, is what we should be striving for as it provides a complete approach to policy management.


Comments

Comments are listed in date ascending order (oldest first) | Post Comment

  • Have you heard about PolicyTech's Policy and Procedure Manager? Has any one used them before and what do you think?

    Posted by: josh18ua on February 6, 2008 at 7:21 AM

  • Agree with the overall approach but there is no detail on the policy exchange and distribution which is also important. Is this the responsibility of the registry using WS-Policy Attachments and Subscriptions? Why is it that the registry is not described here. Further Policy distribution also needs policy mediation and transformation for digest/ingest by appropriate policy enforcement points.

    Posted by: swami_venkat@yahoo.com on September 11, 2007 at 11:30 PM



Only logged in users may post comments. Login Here.

Powered by
Movable Type 3.31