Policies can be a powerful tool for managing complex environments with vast numbers of resources, such as a software-defined datacenter (SDDC). If a business' requirements, intentions, rules, etc. can be captured in a set of policies, these policies can be used to drive automated processes that enact and enforce the business' will. This improves accuracy and efficiency by removing manual human intervention and guarantees corporate governance is maintained. Because automation is central to the idea of the SDDC, policy-based management is critical to the realization of the SDDC.
However, across the various platforms used to manage the SDDC, policy may mean different things, and policies are implemented in very different ways. For instance, virtual machine (VM) placement may be performed in part based on one type of policy, networking configurations are constrained based on a different type of policy, etc. FIG. 1 illustrates an example of the policy sources and types of policies that might govern a set of computing resources. A storage manager 105 defines placement, configuration, and security policies for storage, a network manager 110 defines its own placement, configuration and security policies relating to the network, and a compute manager 115 also has its placement, configuration, and security policies relating to the data compute nodes (e.g., VMs, containers, physical machines) in the datacenter. In addition, an application manager 120 defines its placement, configuration, provisioning, and role-based access control (RBAC) policies, while an infrastructure manager 125 defines configuration and placement policies. Industry standards 130 also regulate the datacenter, defining various configuration, remediation, security, and best practice policies relating to a particular industry. Though six specific policy sources are shown in this figure, it should be understood that in many cases, different datacenters may include many other policy sources and/or policy types than those shown in this figure.
These divergent policies may pose significant challenges to the datacenter managers. In addition to confusion, higher-level business requirements may be difficult and complex to implement as policies. Multiple configurations, across multiple components, administered by multiple user roles must be coordinated. As an example, if a company requires that all of its “Mission Critical” applications exhibit specific availability, quality-of-service, and security requirements, this could potentially require configurations across numerous components that manage different aspects of the SDDC. Ideally, a datacenter administrator/owner should be able to manage the entire SDDC without such confusion and complexity, while still having the freedom to choose from various different policy options to accomplish their goals.