Policy-based network management enables administrators to control a network by imputing into the network policies — such as business policies — that users have to follow. While this can be set for each individual user, policy-based network management more often sets certain policies for a group of users to simplify the process. The main advantage to this is that there is consistency among user behavior, ensuring that no one is doing something against the business’s rules. If the administrators are unfamiliar with this system, then it may be difficult to use, because the programming often is advanced.
Many businesses run on policies, and policy-based network management is a similar approach. Unlike business policies that control how people interact or do business, these policies are more about how the user’s computer interacts with the network. These policies will bar a user from performing activities that go against policies, or the user may not even have access to certain areas. The policies usually stipulate that the user cannot access an area with sensitive files, or the user may not be able to save or copy files.
For small networks, administrators may set user permissions for each user individually, but this tends to be uncommon. More commonly, policy-based network management implements user groups and each group has a specific set of policies. These groups can be for workers, managers and administrators or they can be any other arbitrary title. While individual policies are rare, administrators still can add specific policies for a user even after he is placed in a group. This may be done for a new user or, perhaps, a user who has received disciplinary action and lost some network privileges.
When policy-based network management is used, consistency generally is achieved to a much higher degree than with other network management procedures. This is because very strict rules are placed on the user, disabling any inconsistent computing behavior. Aside from hacking the network or having policies changed by administrators, there are very fey ways of getting around the policies, making this management method rather effective.
While policy-based network management normally is effective, the human element may cause security to slip. It normally is very easy for administrators to add users to groups or to change users’ permissions. This becomes difficult when administrators have to write entirely new policies, because the coding for this typically is advanced. This means administrators should be thoroughly aware of how to make policies before this system is used.