As data centers continue to grow and become more complex, it's more efficient and cost-effective to use software, rather than more people, to manage that complexity. As a result, policy-based management has become an essential skill for data center admins. Whether you're using hyper-converged systems or are moving toward a software-defined model, the goal of policy-based management is to reduce manual work and use policies to manage your IT infrastructure.
Here are some tips to get started with policy-based management in your data center.
Different data center policies suit different purposes
Admins apply policies separately for different purposes. For example, they might apply four or five policies to a single VM to meet different needs – ranging from performance and availability to disaster recovery and security. For security policies, specifically, apply them to VMs based on the data contained within those VMs. For example, if you discover credit card numbers, you should automatically apply the policy that delivers PCI compliance.
In general, you can apply most policies to multiple VMs or even physical servers. You can attach some policies to folders in the data center inventory -- which is commonly a list of hypervisors and nodes within the virtualization platform -- and apply others by inventory tags that are tied to VMs. All of these policies tell data center software how to operate and manage the VMs so that humans don't need to make every configuration change.
Policies for VM availability
One common set of policies applies to VM availability. The availability requirements for VMs depend on the application they provide and also the technology used within the application. A set of web servers behind a load balancer, for example, has different availability requirements than the one database server they access.
You can set an availability policy for web servers that requires a minimum number of VMs. A policy might allow that particular number of web server VMs to run on local storage on the hypervisor hosts. Since local storage is cheaper than shared storage on a storage area network (SAN), the policy can save money. However, this policy would mean that a web server might be down when its hypervisor host is down due to failure or maintenance. The web tier gets its availability from the load balancer and having multiple web servers.
Use a different availability policy for a database server, which should run on the SAN to protect against hypervisor maintenance and automatically recover from hypervisor or hardware failures.
Use the same web server availability policy for every web server farm behind a load balancer, and the same database server policy for any VM that is a single source of data, such as database servers and file servers. When you reuse policies with policy-based management you avoid policy sprawl, or having large numbers of almost identical policies.
Policies for applications
You can use data center policies for applications as well as VMs. An ERP system is usually made up of several VMs, each providing a part of the application. You can either tag VMs to indicate they are part of the ERP system or organize them into an ERP folder in the VM inventory. Then, apply the policies for ERP to every VM with the tag or in the folder.
If your business has a disaster recovery (DR) policy that expects, for example, ERP systems to recover within four hours and with no more than 30 minutes of data loss, then your data center policy should implement and enforce that. For instance, the policy should ensure that VMs identified as part of the ERP system are replicated to the DR site. The business's DR policy must drive the storage system so that replication is configured to meet the policy.
It's a little more complex to test recovery time, but automation helps. If an update to the ERP system brings in a new VM, then the policy will ensure that the new VM also replicates. Other VMs might be tagged as local VMs and are only required within one site, without DR. According to the policy, these VMs would not be replicated, which saves WAN bandwidth and, ultimately, money.
IT policy management has been changed in hyper-convergence
Use policy-based management for hyper-converged
Learn how hyper-converged can pave the way to an SDDC