| The definition of the term "policy" is often confusing and contextual. In the context of the OGSA, we can define "policy" as a definitive goal, course, or method of action based on a set of conditions to guide and determine present and future decisions. Policies are implemented and utilized in a particular context. For example, there are policies for security, workload, networking services, business processes, and a multitude of other areas. In the context of grid services, the OGSA policy service provides a set of rules or policies to administer, manage, and control access to any grid service. The OGSA-defined policy service provides a framework for creating, managing, validating, distributing, transforming, resolving, and enforcing policies in a distributed grid environment. The OGSA policy work uses a derivative of the IETF [3] /DMTF [4] Policy Core Information Model (IETF RFC 3060 /DMTF DSP0108) as its information model. By getting polished by the resource management teams across the industry, these policies are naturally most suitable for IT resource management. OGSA policies are based on an XML schema, which is a derivative of the CIM Policy Core Information Model Extension (PCIMe) and is suitable for most of the known policy representations. The UML diagram, in Figure 10.5, explains the policy information model. Figure 10.5. The DMTF/IETF Policy Information Model.  Policy Management Is Simple in Concept, yet Incredibly Important The definition of the term "policy" is often ambiguous and rather contextual. In the context of the OGSA, we can define "policy" as a definitive goal, course, or method of action based on a set of conditions to guide and determine present and future decisions. This, in part, affords autonomic decision support aspects in Grid Computing solutions. Policies are implemented and utilized in a particular context. For example, there are policies for security, workload, networking services, business processes, and a multitude of other areas. In the context of grid services, the OGSA policy service provides a set of rules or policies to administer, manage, and control access to any grid service. |
The OGSA policy model is a collection of rules based on conditions and actions. In general, policies are expressed as "if <condition> then <action>" rule-type of syntax. In addition to the policy schema definition, it provides classification and grouping of rules and scope of policies, based upon the management discipline and rules. Another important aspect is the support for notification on policy state changes, whereby a client is notified of the policies when it becomes effective, expired , or updated. The following shows sample policies that are in the context of this discussion: -
QoS policy example: If (customers are "executives") then (provide a "gold" [always available] level service) -
Workload policy example: If (today is the Government tax return lastWeek) then (allocate 10,000 more servers from server pool to Farm1, Farm2 to provide better response time) If (today is the Government tax return lastDay) then (allocate 25,000 more servers from server pool to Farm1, Farm2, Farm3 to provide better response time) Levels of Policy Abstraction The multiple levels of policy abstraction helps the policy service to differentiate the roles of the policy actors (i.e., policy administrators who are responsible for policy creation and maintaining), policy enforcement points (i.e., the consumer of policies), and policy transformation requirements. As illustrated in Figure 10.6, these levels of abstraction are business level, domain level, and device level. The policies are created as high-level business definitions, such as SLA, event management, and are then translated to a canonical form as prescribed by the OGSA policy framework, based on the IETF extension model. These domain-level policies are transformed to specific device-level formats understandable to the enforcement points where they are applied in the decision-making process. Figure 10.6. The conceptual levels of policy abstraction.  Automated Policy Enforcement Is Key to Autonomic Business Operations Policies are created as high-level business definitions, such as SLA, event management, and networking services (monitoring, etc.) They are then translated to a canonical form as prescribed by the OGSA policy framework, based on the IETF extension model. These domain-level policies are transformed to specific device-level formats understandable to the enforcement points where they are applied in the decision-making process. Programmatic director tools for policy enforcement are then able to ascertain, sustain, and manage business operations based on dynamic policies dictated by business leaders involved in specific operational aspects of the business enterprise. |
A Sample Policy Service Framework Figure 10.7 shows some of the core policy service components . These very important autonomic elements can be further understood according to the following definitions. Figure 10.7. The defined OGSA Policy Service Core.  Policy Managers Are Very Powerful Autonomic Components in Grid Computing Policy Manager This is a manager service responsible for controlling access to the policy repository for the creation and maintenance of policy documents. This manager is expecting policies in a canonical form as defined by the standard. There should be only one manager in a policy service infrastructure. Policy Repository This is a repository service, which provides a set of abstract interfaces to store the policy documents. In reality, this can be any type of storage (e.g., remote/local disk, database, file system, memory, etc.) accessed and abstracted through the Data Access Interfaces Service (DAIS). We will cover this data access and integration service interface and framework in detail in a later section of this book. Policy Enforcement Points These are the framework and software components that are executing the policy enforcement decisions. They work in conjunction with the policy service agent to retrieve, transform, and resolve any conflict resolution of the policy. Policy Service Agent These are the policy decision maker agents , and they work with the policy enforcement points and the policy manager. They expect and inspect the data in a canonical format. Policy Transformation Service These services are responsible for transforming the business objectives and the canonical policy document to the device-level configurations. Policy Validation Service These services act as administrators and tools; the act of validating the policy changes is accomplished using these services. Policy Resolution Service These services act as "guardians" of the policy resolution process, and evaluate the policies in the context of business SLAs. Policy Tools and Autonomic Managers These tools are responsible for the creation of policy documents, and registering them with the policy manager. |
Policy Service Interfaces The OGSA Policy framework defines some core interfaces and functionalities to implement a robust, end-to-end, distributed policy management set of services. As we have previously discussed high-level elements of this framework, this framework should always include the following: -
A canonical representation for expressing the policy (i.e., the Policy Information Model [PIM] and the core XML schema) -
A management control point for defining and sustaining the policy lifecycle (i.e., the Policy Service Manager Interface) -
An interface for policy consumers to retrieve policies (i.e., the Policy Service Agent Interface) -
A means to ensure that a service is fully policy aware, and will validate a policy as required (i.e., the Policy Enforcement Point Interface) -
A means to effect changes on a resource (i.e., utilizing the Common Management Model) WS-Policy Overview and Its Relation to OGSA Policy In an earlier chapter we covered the WS-Policy Language and its utilization in the Web service environment. At the current point in time, the grid communities are unable to identify much activity in the GGF to align the OGSA Policies with the WS-Policy(s). Summary The policy work in OGSA is primarily derivative work from the IETF and DMTF policy work, with added elements of grid service abstractions and behaviors. This policy work is mostly suitable for IT resource management. We are expecting more works on defining the relationship between different policy standards including WS-Policy, OASIS-initiated business-level policy works, and service-level agreements and how these policy information models can collaborate and compliment the OGSA policy. |
