In a managed information environment, a network fabric, or infrastructure, interconnects network elements, or nodes, for providing various services to end users that are also connected to the network. In a managed information network, for example, a number of storage arrays are adapted to provide data storage and retrieval services. The storage arrays connect to other elements such as switches and hosts to efficiently provide the data storage and retrieval services to the users. Further, each storage array includes a set of individual storage devices (e.g. disk drives) that are themselves considered network elements, or entities. The collection of elements defines a configuration of the information network that is often updated to respond to changes in the network, such as for performance improvements, message traffic redirection, and equipment failures.
In a typical information network, the number of interconnected elements can become large, resulting in a substantial number of relationships and dependencies between the network elements (nodes), the network connections between them, and the applications that execute on them. Accordingly, a set of rules may be implemented to identify best or mandatory practices in the network, such as providing a redundant link between critical nodes, or mandating deployment of application A on a node with application B, for example. This set of rules defines a policy that network administrators enforce to maintain the network in a predictable and manageable state. However, identifying and verifying compliance of each of the rules across the network may become cumbersome in a large network. Further, the policy including the rules may be driven by external factors, such as corporate directives, security requirements, industry best practices, and Federal compliance laws, as well as vendor supported configurations. Therefore, at any particular site or enterprise, there may be multiple policies to satisfy, each having a plurality of rules in effect.
In the managed information network, therefore, multiple policies proscribing or requiring network practices may be imposed. These policies specify various configuration guidelines, such as requirements for connections between nodes (hosts), application dependencies for services provided by the nodes, and configurations of individual nodes. Factors driving the policies include corporate internal best practices, vendor and industry recommendations, and governmental issues such as Sarbanes-Oxley (SOX) compliance. Each policy includes a plurality of rules that identifies network elements, or objects (hosts, services, or connections), a scope of the rule identifying which network objects it applies to, and a condition to test for satisfaction of the rule.