1. Field of the Invention
The present invention relates generally to an improved data processing system, and in particular, to a computer implemented method, data processing system, and computer program product for managing computer workloads with security policy enforcement.
2. Description of the Related Art
Information and service providers are often required to provide services to clients with a guaranteed, specific level of quality, e.g., response time, while at the same time keeping overhead low so that a profit can be made. To facilitate this process, management programs are typically used to monitor and control processes within a computer system to optimize the usage of components and capabilities in a constantly changing environment. This optimization includes preventing applications (workloads) from obtaining more processing power or memory than they have been allocated.
A workload manager is an operating system component that provides an ability to control how scheduling, memory management, and device driver calls allocate CPU, physical memory, and I/O bandwidth to computational processes. When a Workload Management (WLM) system examines the computing, communications, and I/O loads of a set of computers, the workload manager may move or migrate computational workloads from one server to another to balance against certain policies. For example, a workload manager, such as eWLM Workload Manager, which is a product of International Business Machines Corporation, may examine CPU loads and attempt to guarantee that a given workload has all the server resources necessary to meet a given service level agreement (SLA), such as a guaranteed maximum response time. If other server resources are needed, the workload manager may move the workload to another server to ensure that the service level agreement will be met.
While the migration process described above may work well for computer centers that have universal security policies applied across all (or most) servers, problems can occur when the workload is moved to a new host server, and the new host has a different security policy than the donating host server. As Workload Management is commonly used with large computer centers which consolidate many different servers, some servers in the computer center may have a weaker security policy than other servers. If the new host server has a weaker security policy than the donating host server, the application (workload) would be exposed to more or different security attacks, which is likely a violation of the application's security policy. Such a policy violation is unacceptable.