There is no doubt that policy plays a big role in the move to the next generation of the Software-Defined Data Center (SDDC). The introduction of cloud and software-defined solutions to IT environments brings many benefits in terms of flexibility and choice, but with that comes complexity. With all of the moving parts it takes to make up our data centers today, administrators are having a hard time keeping up with organization and customer demands. Traditionally, IT Operations have taken an imperative approach to managing environments, which includes providing instructions to infrastructure and letting it execute, building out components, and doing configurations manually. This practice cannot keep up with the software-defined world. For this reason, we’re seeing a shift to a declarative model in which administrators define the desired end state while the software determines the best path possible to obtain it. This approach revolves heavily around policy.

Simplifying the Operational Experience

VMware’s vSAN is a great example of how moving to a declarative approach and applying policy can benefit an organization. vSAN abstracts away the mundane tasks of managing the performance and availability of the underlying storage, instead replacing it with a set of policies, or pre-defined capabilities applied to VMs. Rather than spending time determining underlying RAID levels and provisioning LUNs, vSphere administrators are able to build out simple policies around the underlying storage capabilities. Come provisioning time, administrators simply apply a policy to their VMs, and vSAN takes care of adhering to it.


As shown above, functionality such as failures to tolerate, performance vs capacity optimizations, and IOPs throttling are all definable as policies within vSAN. Abstracting away all of the resources involved in setting this up manually allows for quicker, more consistent provisioning and frees up resources to focus on the applications within the workloads instead of the underlying components driving them.

Rubrik’s approach to data protection also relies heavily on a declarative, policy-driven architecture. With Rubrik, policy is driven directly from the creation and assignment of Service Level Agreement (SLA) Domains. Within an SLA domain, 4 distinct components are defined.

  • Restore Point Objective (RPO) – How often we want to back up
  • Retention – How long we want to keep our backup data
  • Archival – How many restore points to keep on-premises before archiving elsewhere
  • Replication – How many restore points to replicate offsite to another Rubrik instance for Disaster Recovery purposes


Once defined, SLA domains are simply assigned to our workloads, and the policies are adhered to. No managing backups jobs, no managing schedules–simply apply policy and let Rubrik take care of the rest. Rubrik’s distributed task scheduling engine kicks in and makes decisions around which node to use, what time to best back the data up, and how best to adhere to 4 components defined within the SLA Domain policies.

Moving Beyond Day 0 Operations

A true declarative policy-based engine cannot stop at the initial policy application. Environments change and configuration drifts, so it’s crucial that workloads are continuously monitored for policy compliance. Both vSAN and Rubrik provide ongoing, real-time monitoring and reporting around their policies, ensuring compliance during the complete VM lifecycle. If objects are found to be non-compliant, end users and administrators are notified through a variety of channels, allowing the appropriate automation and instructions to be executed to bring the VM back into the policy-defined boundaries.

Both Rubrik and vSAN leverage a declarative approach as it relates the lifecycle and management of their design centers. Rather than spending time provisioning LUNs and datastores or creating backup schedules and jobs, end users can couple vSAN policies with Rubrik SLA policies in order to provide a complete VM provisioning process–from local storage availability to data protection and disaster recovery.

To learn more about how Rubrik and vSAN work together, read the co-authored vSAN and Rubrik Reference Architecture.  Also, check out the most recent announcement around Rubrik’s VMware Ready for vSAN certification.