On the roles of policies in computer systems management

Policies are a pervasive and critical aspect of computer system management. What makes an effective policy? How do policies work in practice? To what extent can policy specification and implementation be formalized and automated? We studied the work practices of computer system administrators to uncover some of the ways policies are used in practice, and to inform the design of tools that incorporate policies to support more effective system management. We found that polices come in many forms—documented in service-level agreements and best-practice guidelines, given by management directives, applied by system administrators through formal processes, and built into tools such as configuration management applications. We found that although policies sometimes make explicit statements and establish formal processes, much is left implicit, by design or omission, with appropriate interpretation and execution dependent on human judgment. We argue that people must play an active role in the application of policies to system management because complex situational demands require it, and we discuss some issues in the design of tools that incorporate policies in supporting computer system management.

► In this paper we examined the policy use in system administration practice. ► We found that policies can make explicit statements and establish formal processes. ► Yet much is left implicit in policies to enable practitioners apply judgment. ► We argue that people must play an active role in application of policies.