In a managed information environment, a network fabric, or infrastructure, interconnects network elements, or nodes, for providing various services to end users that are also connected to the network. In a managed information network, for example, a number of storage arrays are adapted to provide data storage and retrieval services. The storage arrays connect to other elements such as switches and hosts to efficiently provide the services to the users. Further, each storage array includes a set of individual storage devices (e.g. disk drives) that are themselves considered network elements, or entities. The collection of elements defines a configuration of the information network that is often updated to respond to changes in the network, such as for performance improvements, message traffic redirection, and equipment failures.
In a typical information network, the number of interconnected elements can become large, resulting in a substantial number of relationships between the network elements (nodes), the network connections between them, and the applications that execute on them. Accordingly, a set of rules may be implemented to identify good or mandatory practices in the network, such as providing a redundant link between critical nodes, or always deploying application A on a node with application B, for example. This set of rules defines a policy that policy officers enforce to maintain the network in a predictable and manageable state. However, identifying and verifying each of the rules across the network may become cumbersome in a large IT environment. Further, the policy including the rules may be driven by external factors, such as corporate directives, security requirements, industry best practices, and Federal compliance laws. Therefore, at any particular site or enterprise, there may be multiple policies to satisfy, each having a plurality of rules in effect.
In the managed information network, therefore, multiple policies proscribing or requiring network practices may be imposed. These policies specify various configuration guidelines, such as requirements for connections between nodes (hosts), application dependencies for services provided by the nodes, and configurations of individual nodes. Each policy includes a plurality of rules that identifies network elements, or objects (hosts, services, or connections), a scope of the rule identifying which network objects it applies to, and a condition to test for satisfaction of the rule.