Policy Driven Technology

"Policy-defined" systems refer to systems or architectures where the behavior and operations are governed through policies rather than hardcoded rules or configurations. 

Policy-defined systems offer greater agility, control, and automation compared to traditional systems. Organizations can manage complex environments more effectively while maintaining compliance and security.

Policies are rules or a set of guidelines that define how the system should behave under different circumstances. Examples of policy defined systems include software defined networks (SDN), role based access control (RBAC), and Security information and event management (SIEM).

Key advantages of policy defined systems include:

• Flexibility or the ability to change and adapt to the needs to users (business and/or technical). 

• Scalability allows system grows or evolution. New policies can be applied across new components or resources, maintaining coherence and integrity.

• Automated systems can monitor for policy violations, enforce access controls, and take corrective actions without manual intervention, improving efficiency and reducing human error.

Policy Driven Architecture

The idea of a policy driven architecture includes the use of both technical and business solutions defined in policy. 

There are 2 high level policy concepts at play: 

1. Policy input related to information, operations and core operations.

2. Information management policies related to data creation, management and sharing. 

Policy defines how something is completed and policy defines how somethings us used as an output. Information is input and information is output.

Note: The "Core Architecture" must be designed for system wide operations.

Policy types required for defining a policy driven architecture.

Policy fits one of these categories: information, operations and core operations. Different policy types are needed for technical and business information. 

Architectures are designed to support policy. Configuration processes are similar to policy but are limited in design. To build a useful policy driven architecture, core components must be secure, support systems and network technical processes, and allow businesses to manage data to support information management.

The following policies are required to support a business environment.

Policy Development 

Policy development is planning process. One needs to define objectives. Objectives have requirements that are measurable. 

The fulfillment of objectives includes the departments, people and procedures needed to meet the business objectives.  

Like business policy, technical policy are designed by departments, people and procedures needed to fulfill the business objectives. Technical policy determines how systems and networks are designed, used, and maintained.

Policies are defined by the measurements and requirements established during the fulfillment processes.

The illustration below focuses on the need to merge both business and technical processes to define business and technical policies to meet the objectives of management.

Policy Driven Smart Factory Example 

In this narrow example, a few factors are considered related to management and use of data within a factory and between business operations (operations and business management).

For example, 

1. A factory requires mission critical operations to be transported on a safe and reliable fiber connection with a copper or wireless failover options. 

2. Operational data (robot, factory line, packaging, etc) related to production is not to leave the factory. Additional data restrictions related to in factory operations may be required.

3. Production data is to be provided to head office in real time over a secure connection. Production data is used in this example for measuring overall production as related to expectations.

Implementation Problems and Issues:

• How do you segment specific data elements. What is operational, mission critical and location specific?

• How do you match specific data elements with specific medium types (fiber, copper and wireless) and business privacy?

• How do you manage data based on location, user types (roles), and need?

• How do you manage failover? How is a failover detected? Can you have different failover rules based on data and user types?

• Is a time sensitive network (TSN) needed for device operations? Do you require TSN interoperability? 

• How do you identify data to be sent to head office to meet management requirements? How is it packaged, tagged and sent?

Factory Explanation:

• 1 & 2 Routers

• 3 Computers and servers - head office devices are not included

• 4s Illustrate Production data flows - Production data is separated from operational data within the same network using data centric security. 

• 5s Illustrate Operational data flows - Operations is factory specific task information for management of robots, conveyors and line equipment. Reliability, redundancy, and security is important for operations. Time sensitive networking (TSN) is important to factory implementations. Distributed Data Services is important for better managing the distribution of data. 

• 6s Illustrates wireless communications. Wireless is a challenge related to various implementations of some solutions such as TSN. Security must be maintained.

• 7 Illustrated copper connectivity for operational data to key devices such as robots.

• 8 Illustrates a dedicated fiber connection between a factory and head office. Security and privacy is important to the business.

Takeaway Issues:

1. Security must be maintained on all devices, mediums and targets.

2. Devices must have the ability to create DCS data tags for created data.

3. We need to separate data types to manage delivery and targets better. This requires the use of DCS tags for data creation and in transport and the implementation of tag semantics for targets.

4. Data management by location and medium is required important for redundancy, reliability, and performance management. Medium and target management is required to perform these tasks including TSN and DDS.

5. Devices to device (ER) operations is important for security, operations and efficiency. ERs are independent entities with operational knowledge. ERs need to be able to operate independently from one another based on policy to support efficient operations, flexibility and change.

To learn more email info@smarttalkbeacon.com