OpenStack Congress, Policy for Your Cloud

melissa • November 19, 2014 • No Comments

When we talk about our next generation data centers, and how we are going to run them, recently, many of our discussions have turned to policy.  How do we want our applications to be deployed?  What type of service levels do we want them to have?  Which virtual machines or instances should be present on the same host, or should always be kept separate?  Turning our daily operations, as well as our day to day tasks into policies for our infrastructure will help us as we embrace technologies such as hybrid cloud.  Let’s take a look at OpenStack, and how it may end up implementing a policy based solution.

This Session of Congress is Open
The Congress program is appropriately named because it is designed to be elected by the people to represent the people.  Congress has multiple individual and vendor contributors who are all working to reach the goal of a common declarative language to represent policy.  The idea is that Congress and the framework it provides can provide a readable way to represent business rules.  These could be anything, such as IT security policies, but when we get down to it, these policies are also really business rules.
Screen Shot 2014-11-19 at 5.46.43 PM

(From A System For Declaring, Auditing, and Enforcing Policy In Heterogeneous Cloud Environments, OpenStack Summit Atlanta)
A sample use case would be something like “Every time a vulnerability is detected, detach the impacted instance from the network”. The language that will be used in the actual policy itself is proposed to be readable by both humans and machines which is key.  Making the policy semantics easily usable will help to drive better adoption, which is one of the biggest challenges when we see policy frameworks put into place.

Policy for the People
The central management in Congress is important, but it also reaches out to many other areas.  We can see that Congress will touch many other projects, such as, Keystone and Heat, because of the ability to work with existing rule-based features.  Using the common declarative language of Congress will become the way to manage policy across the board.  This is the same way that the OpenStack APIs have enabled consistent feature management across the programs.

Congress extends beyond this.  One of the potentially powerful features is the ability to be a true multi-cloud policy management system.  Imagine being able to use one common environment to store, manage, and audit your policies for multiple cloud environments.  The fluidity of cloud infrastructure will need a dynamic policy management system to ensure that we stay in compliance.

As we continue to launch towards cloud based infrastructures, public, private or hybrid, we need an open, common, well-governed policy model to bring order to it all.  Policy for all means that we can use this to manage storage, network, compute, workloads, application scaling, as a Service features, directory services and much more.  Using a common framework is the path to consistency in this journey.

Event-driven policies ensure that on any change that policies are re-checked and applied. This is absolutely important as well because of the dynamic nature of cloud platforms. This is another reason why the extension of awareness into other programs is important. As tenant changes happen in Keystone, Nova workloads can be checked. As Heat workflows are initiated, Neutron can be checked and managed for the instances. The interoperability within OpenStack will be the driver to make Congress more versatile and reliable.

Keeping up with Congress Updates
Congress was heavily discussed in the Kilo Summit in Paris, and the contributors are working towards bringing it to the core program group in the Kilo release in Spring 2015.  There are a lot of really great resources that you can use to read more on Congress and the overall initiative.  Some of the best are:

StackForge GitHub page for Congress
OpenStack Wiki for Congress
Design Doc for Congress
EtherPad for Congress from Kilo Summit

There will be a lot of activity in the coming months leading up to the next full release, so this will be a hot topic of discussion as more development work happens.  One thing is for sure, policy is becoming the key factor as companies make the move to cloud infrastructure.  We will have to keep ahead of the curve and make this our clouds as secure and reliable as possible.  Congress is a great way to help with this.

 

Song of the Day – John Legend & Lindsey Stirling – All Of Me

Categories OpenStack

No Comments