8. vCloud Operations Control : 8.5 Configuration and Compliance Management
8.5 Configuration and Compliance Management
vCloud differs from traditional virtualization in its increasing reliance on automation, increased scale, and dynamic workload management. It is the equivalent of moving from a handcrafted workshop to a fully automated assembly line with the benefits of speed, reliability, and volume. To realize this goal, all of the components that constitute the vCloud must be interchangeable and secure. This can be achieved through Configuration and Compliance Management.
Configuration Management focuses on defining and maintaining information and relationships about a vCloud and its components and services. This may involve a Configuration Management Database (CMDB) to store data centrally or a Configuration Management System (CMS) to federate data across multiple repositories. Another aspect of configuration is to maintain a record of the single source of truth for each piece of data, and coordinate the exchange of data with external systems.
In contrast with Configuration Management, Compliance Management focuses more on maintaining corporate vCloud provider or tenant standards for systems that might include compliance standards such as PCI, SOX, or HIPPA. In addition to security settings and firmware, software, and patch levels, Compliance Management is concerned with change management, user access, and network security.
Together, Configuration and Compliance Management validate that configuration settings, firmware, software, and patch versions all follow predetermined standards and policies set by the controlling organization, which can be the vCloud provider, the tenant, or the sub-tenants.
A major goal of implementing a vCloud is to lower ongoing OpEx costs. To realize this goal, promote and maintain standardization of as many components as possible while maintaining a high level of security and compliance. The following practices are necessary to realize maximum OpEx savings:
*Automated provisioning of interchangeable components that meet vCloud provider or tenant standards and compliance policies.
*Ongoing validation that standards and compliance policies are maintained over time.
*Ongoing validation that the underlying vCloud infrastructure meets standards and compliance policies (trusted cloud).
*Ongoing reporting of non-compliant systems.
*Ongoing remediation of non-compliant systems.
*Tracking and propagating relationships between components to enhance impact analysis and troubleshooting of the vCloud.
*Work with existing CMDB, CMS, or other vCloud provider or tenant data sources to understand where the sources of truth are for exchanging data with the rest of the organization.