11.5 Creating Effective Policy Systems


While it would be nice to envision a single, comprehensive approach to administering storage policies, no such method exists. Organizing a storage domain management system, from IT manager and administrator duties to individual policies such as disk quotas, is inherently a company-specific task. Therefore, storage management policies must be aligned with policies that govern the enterprise as a whole.

As networked storage environments grow larger and more complex over time through the implementation of new vendor technologies and architectures, it becomes more difficult and time consuming to manage them. Also, the job of the storage administrator becomes more critical as more users come to depend on the 24/7 functioning of the storage network. Implementing software applications that streamline the process of storage management should be considered whenever and wherever possible. If storage management and administration remains largely a manual process, it becomes more susceptible to downtime, errors, and data loss, consequently exposing the enterprise to greater risk. Software automation is key to solving these problems. Storage management software allows for the automation of policies that can assure consistent, efficient, reliable operation and scaling of the storage environment without disruption. Policy automation also frees invaluable administrative time and talent that can now be focused on more strategic core processes that can bring enhanced business value and reduced business risk to the organization.

The previous section covered a plan of attack that began with a breakdown of functions across business, risk, and data management tasks . This section covers examples of more specific storage policies within each practice area that can be implemented through the use of software applications or manually in cases where no software to automate policy-based management exists.

11.5.1 Business Management Policies

Integrating the storage domain with corporate accounting requires a set of business-specific policies.

  • Reliable service (SLAs) . Agreed upon SLAs, outlined in more detail in Chapter 7, allow IT managers to set multiple levels of service ranging from mission-critical to "temporary- outage acceptable" storage. Specific QoS settings facilitate priority of one SLA over another. Figure 11-9 shows an example of implementing transport-based QoS in a storage network. In this case Online Transaction Processing (OLTP) traffic (A) is given priority over other types of traffic that are likely to be less critical, such as the corporate file server.

    Figure 11-9. Implementing quality of service policies.

    graphics/11fig09.jpg

  • Monitoring and reporting . Monitoring and reporting software tools facilitate tracking policies to charge for departmental usage.

  • Vendor selection . Vendor selection policies drive product choice and ultimately storage domain deliverables. Comparison checklists, such as the sample in Figure 11-10, assure that IT managers choose products that will provide open -systems management flexibility.

    Figure 11-10. Storage networking open management checklist. (Source: EMC Corporation)

    graphics/11fig10.jpg

11.5.2 Risk Management Policies

Today's backup and restore software does a very good job of managing data protection. Additionally, remote replication packages facilitate recovery from unanticipated disasters. Other policies that require consideration under the risk management practice include the following:

  • Site/physical environment . As storage environments become more complex architecturally and heterogeneous from a multiple-vendor solution perspective, the complexity and cost of managing remote disaster recovery locations increases substantially. Who, therefore, is responsible for the computing environment, facilities recovery, transportation logistics, and cost in case movement to a second site is required?

  • Personnel and management . What is the management and operational staffing structure, and who are the backup personnel available in case primary managers and subordinate staff are unavailable? What is the management chain of responsibility?

  • Security . What is the security framework for determining data access? Who will maintain access codes and authorization in the event of system failures? Is data security aligned with corporate security policies?

  • Disaster recovery scenarios . Who is responsible for outlining and testing disaster recovery scenarios? Who declares a disaster and under what circumstances? Who is responsible for the restoration of production systems and data at the recovery site? Who is responsible for linking the recovered systems to business units needing access to these systems? Who is responsible for assuring system performance, availability, and security? Who is responsible for backing up the recovery site and restoring it to a new production location when it becomes available?

  • Governmental and industry- related regulatory agencies . Who interfaces with those individuals within the enterprise responsible for maintaining ongoing compliance with outside regulating authorities? Is there a periodic compliance review process? If so, who manages this process? Can individuals or organizations outside the enterprise be used to validate the process by which compliance is ultimately achieved?

11.5.3 Data Management Policies

Careful formulation of data management policies will facilitate administration of the entire storage domain. For example, establishing an email-retention policy will allow administrators to offload and save in a centralized location those message and attachments deemed important to the enterprise while discarding the rest. This process can serve risk management by ensuring compliance with records retention requirements while, at the same time, freeing up capacity on production systems that can be used by business-related applications.

Data management policies cannot and should not be formulated by IT staff in a vacuum . Data management policies should be established via consensus with business-line managers and corporate officers. Included are policies relating to

  • Copy functions . Who is responsible for copying what types of data: operating systems, application programs, control files, application data, fixed content, and so on? Who determines to where and when it is copied ?

  • File systems . Who determines the best locations for differing kinds of data: database files, fixed content, streaming data, shared data, program files, and so on? Who determines when data needs to be migrated to devices with differing operational and economic characteristics?

  • Storage growth and allocation . Who tracks storage utilization and determines saturation levels? Who determines when additional space, such as LUNs and physical volumes , need to be allocated?

  • Data retention . Who determines what data must be retained and for what period of time, and what data can be ultimately discarded? Who is responsible for ongoing data-retention policy review?

  • Content distribution guidelines . Who determines what data needs to be distributed and to whom? Who controls access to the distributed data and assures data security? Who determines when distributed data can be deleted?

  • Availability and performance requirements . Who tracks data traffic and delivery performance? Who establishes limits as to performance acceptability? Who has responsibility to reconfigure the environment to restore performance and availability requirements?

  • Data migration . When certain types of data must be retained for extended periods of time (medical records or audit data, for example), who is responsible for migrating stored data to updated storage formats, updated versions of operating systems, and updated versions of applications?



IP Storage Networking Straight to the Core
IP Storage Networking: Straight to the Core
ISBN: 0321159608
EAN: 2147483647
Year: 2003
Pages: 108

flylib.com © 2008-2017.
If you may any questions please contact us: flylib@qtcs.net