Abstractions in compute, networking, and storage are paving the way to agility and efficiency in the software-defined data center. In this highly automated environment, stakeholders require governance and assurance mechanisms that keep pace with the infrastructure. These mechanisms must be applicable across the entire infrastructure and, as such, cannot be tightly coupled with any data schema, subsystem, or vendor. An open policy framework must emerge to allow IT stakeholders to maintain business and regulatory compliance at the pace of the software-defined data center.
In this talk we describe Congress: a system for declaring, auditing, and enforcing policy in heterogeneous cloud environments. Congress includes a data model to expose policy-significant cloud component data to the policy engine. It leverages a declarative policy language that balances expressibility with enforceability. It prevents policy violations, where possible, and corrects violations after the fact if not.