Manage Cloud Computing With Policies, Not Permissions

Cloud computing obsolesces the idea that IT operations must put users through the ringer to get their hands on scarce resources. Many organizations continue to insist that someone must review resource requests when, in reality, an automated policy engine can do the same thing -- and put computing power in users' hands that much faster.

By Bernard Golden
Wed, October 16, 2013

CIO — In my presentation on hybrid cloud computing at Interop New York, I began (as I often do) with a review of the NIST definition of the five characteristics of cloud computing.

I think the National Institute of Standards and Technology has done a great service in codifying its definition, and I rely on it to communicate the key characteristics of cloud computing — and, more importantly, to draw the distinctions between cloud computing and the traditional IT approach to infrastructure management.

The first characteristic in NIST's definition relates to self-service: "A consumer can unilaterally provision computing capabilities, such as server time and network storage, as needed automatically without requiring human interaction with each services provider."

In the session, I described this as being analogous to how one orders a book from Amazon: Fill out a Web page with necessary information and click a button to order. Minutes later, a link to the ordered computing resource is available to the user, who can then begin using it. Key to this is automation. The cloud orchestration software handles the request for the computing resource; there's no need for human support or intervention.

A session attendee immediately shot up his hand and said, "Well, somebody has to review requests, because developers will just request resources and use up capacity." I responded that the orchestration software should have a policy governing resource provisioning to ensure the request is appropriate, budgeted and within the scope of the requestor's job duties.

I got the feeling, however, that my response didn't satisfy him, that he couldn't really accept an environment that didn't have someone vetting resource requests. I think this suspicion of automated resource provisioning is widespread — and deeply rooted within IT operations organizations.

If IT Has Plentiful Resources, Why Scrutinize Who Uses Them?

This exchange crystallizes a critical aspect of cloud computing and why the topic seems so emotionally charged. For years, central IT has been responsible for rationing scarce resources, apportioning them among users and inevitably frustrating many. Application groups, confronted by the very real likelihood that needed resources won't be available, have every reason to request more than they need and hoard any they receive.

How-to: Evaluate High Availability Options for Virtualized IT Environments

To ensure appropriate allocation, IT sets up checkpoints where individuals review and evaluate every resource request, applying judgment to determine which requests pass muster and are rewarded with access to computing resources. Those requests are passed on to operations, whose personnel perform the manual operations necessary to install and configure resources. Those whose requests fail this assessment either lick their wounds or devise a stratagem to bypass the gatekeeper.

This state of affairs has existed for so long that many IT operations personnel have come to assume it represents some kind of natural state of affairs, with an ongoing and inevitable charter to evaluate and judge user requests for resources.

Continue Reading

Our Commenting Policies