A key enabler of adaptive runtime governance is the use of "policies," the declarative specification of characteristics of the system. Policies can represent various characteristics of a system ranging from process and function to security, performance and robustness requirements for the infrastructure on which the system executes.

Systems are made more adaptive by specifying more of their behavior as policy (rather than procedural code) because policies are more concise, easier to understand and verify, and much simpler to change than code.

For example, an IT organization might decide to change its user authentication from entering username and password to supplying a certificate. In a policy-based world in which the security policy is separated from the application, the IT staff would describe the change in a declarative fashion and run the application on infrastructure that would dynamically enforce the security policy provided. If the security policy changes, the code doesn't have to. The revised policy is provided to the system infrastructure, which dynamically adapts to implement it. You can see the advantage of not requiring a system maintenance release to make such a simple change.

The increasing use of SOA and policies will bring us closer to the realization of truly adaptive systems. However, effectively exploiting policy in the construction of adaptive systems requires a management system to assist in:

• Capturing a wide range of policies
• Capturing metadata required to implement policies
• Provisioning infrastructure to effectively implement policies
• Reporting the results of policy implementation at runtime

The dynamic nature of policies requires specialized tools designed to manage policies across the lifecycle. At AmberPoint, we have introduced a groundbreaking policy-based system that helps organizations to achieve better, more adaptive visibility and control of evolving services-based applications.

Advanced Policy-based Management

AmberPoint helps organizations to achieve better end-to-end control of services-based applications by eliminating random runtime policy definitions. Through the use of a comprehensive policy templating mechanism and an automatic policy provisioning system, AmberPoint reduces costs by minimizing the time and skills required to set new policies. Specifically, AmberPoint’s unique approach includes:

• A customizable library of policies that enables application- and industry-specific policy packs that reduce the costs associated with creating and maintaining management policies, while preventing the creation of untested, unapproved polices
• Automatic policy provisioning based on service profiles—users can assign policies to dynamic collections of services rather than administering policies one-at-a-time for individual services
• Dynamic evaluation of the system definition and automatic re-provisioning of policies when the service profile changes
• A comprehensive policy viewer enables users to see which services have which policies, which policies are in use with which services and the status of each policy
• Built-in roles for controlling or limiting access to sensitive data
• Bidirectional policy communication with registries: Retrieves policies referenced in registries and enforces them at runtime, and posts new policies and policy changes to registries