policy management & enforcement

To maximize agility and manageability, it’s critical for any service-orientation initiative to offload as much coding as possible from the developers. If you don’t insulate your application code from management updates—like changes to security, logging, or QoS—you’ll soon be bogged down in development cycles as applications become more complex, and governance requirements become more intrusive.

The remedy for this challenge is the use of policies. A policy-based approach offloads central management functions from developers and lets them focus on the business logic.

A policy represents a declarative specification of characteristics of the system. Policies can represent various characteristics of a system ranging from process and function to security, performance and robustness requirements for the infrastructure on which the system executes.

Policies are more concise, easier to understand and verify, and much simpler to change than application code. Thus, as an increasing number of their aspects are defined as policy, systems become more adaptive and agile. Fewer development cycles are required to keep up with enterprise-wide requirements.

For example, in response to an industry regulation such as FFIEC, an IT organization might decide to update to a stronger form of two-factor authentication. In a world without policy, each application would need to be updated to accept and validate a new, stronger form of credential, such as a digital certificate. In a policy-based world, however, security policy is decoupled from the application. A security administrator would simply describe the new policy in a declarative fashion and let the system push the policy out as required.

Policy-aware infrastructure then enforces this new policy on behalf of the applications, ensuring that two-factor authentication is validated before access to the application is permitted. In terms of ROI, the cost-savings involved with eliminating even one development cycle, with its attendant QA, bug-fixing, and integration activities, along with the vast reduction in risk, provides immediate and substantial value.

The dynamic nature of policies requires specialized tools designed to manage policies across the lifecycle. At AmberPoint, we have introduced a groundbreaking policy-based system that helps organizations to achieve better, more adaptive visibility and control of evolving services-based applications.

Advanced Policy-based Management

AmberPoint helps organizations to achieve better end-to-end control of services-based applications by eliminating random runtime policy definitions. Through the use of a comprehensive policy templating mechanism and an automatic policy provisioning system, AmberPoint reduces costs by minimizing the time and skills required to set new policies.

AmberPoint’s unique policy-based approach provides:

• Customizable Policy Library: Enables out-of-the-box support for common policy-driven features, such as logging, QoS, authentication, access control, and more. Application- and industry-specific policy packs that reduce the costs associated with creating and maintaining management policies, while preventing the creation of untested, unapproved polices
• Automatic Policy Provisioning: Overcoming the risks and overhead of one-to-one policy to service management, AmberPoint provides a unique mechanism for applying policies based on descriptive aspects of services. Once criteria for policy provisioning are established, policies are automatically applied to services based on a range of , such as lifecycle phase, operating system, application container, category, or customized, enterprise-specific metadata. This ensures that services never go without the policies necessary to make them available and secure.
• Dynamic evaluation of the system definition and automatic re-provisioning of policies when the service profile changes
• Comprehensive Policy Viewer: Enables users to see which services have which policies, which policies are in use with which services and the status of each policy
• Synchronization with Registries and Repositories: Bidirectional integration enables AmberPoint to ensure that runtime policy provisioning matches the design-time intention of your system.
• Built-in roles for controlling or limiting access to sensitive data