Using the Service Level Enforcement Policy

Learn how to enable and configure the error message and HTTP response code returned to the consumer when a rule defined in the Service Level Policy is violated and the service is blocked as a result.

Note: This policy does not operate in real time. Service level is enforced at the user-defined intervals specified in the Service Level Policy configuration, and if the service level enforcement is triggered for a configured interval, it is in effect for the entire interval. The platform checks at each interval, and if service level is no longer exceeded, at the next interval, the service level enforcement is lifted.

For information about using policies in the context of the Community Manager developer portal, see Business Policies.

Table of Contents

• Introduction
• Creating a Service Level Enforcement policy
• Configuring a Service Level Enforcement policy
• Activating a policy
• Attaching a policy
• Testing the Policy and Viewing Monitoring Data
• Service Level Enforcement Policy: use cases for Policy Manager

Introduction

The Service Level Enforcement Policy is a Quality of Service (QoS) policy that allows you to define the error message, and the HTTP response code, that are returned to the consumer when an SLA is violated and the service is blocked as a result.

The Service Level Enforcement Policy works in conjunction with a Service Level Policy. First, you define a Service Level Policy and specify one or more rules. Then, you define a Service Level Enforcement Policy and specify the error message and HTTP response code (default 403) that are returned if the policy is triggered by a service level violation.

When the Service Level Policy and Service Level Enforcement Policy are attached to the same Organization/Service/Contract, and the Service Level Policy is violated, the Service Level Enforcement Policy blocks the service completely. The messages are rejected, and the predefined error message and HTTP code are returned.

Note that this policy does not operate in real time. It checks service level at user-defined intervals as defined in the Service Level Policy configuration. If service is blocked, it remains blocked until the next user-defined interval. At that point, service is resumed.

Here's how it works:

1. When the Service Level Enforcement policy is in place, the platform tracks the alerts generated by the Service Level Policy.
2. If a Service Level policy rule violation generates an alert, the rule is flagged as having been violated.
3. At that point, the Service Level Enforcement policy blocks the service completely, returning the error message and HTTP error code as defined in the policy configuration.
4. The Service Level Enforcement policy also keeps track of all the Service Level Policy rule alert codes that are applicable to each API call; that is, when the policy is attached directly to the API's service/operation, or indirectly via a contract.
5. A fault is returned for all API calls made while any applicable alert code is in violation status.
6. At the next time interval, as defined in the Service Level Policy, the following occurs:
   • If the message count is still exceeded, no action is taken; there is no additional alert, but the alert is not cleared and the service is still blocked for the next time interval.
   • If a rule is no longer exceeded, the Service Level Policy generates a "Clearing" alert to notify users that the violation is over. As a result, the Service Level Enforcement policy, monitoring the alerts, unblocks the service.

This policy only applies to the following Service Level rules:

• Usage Count
• Total Request Message Size
• Total Response Message Size

Creating a Service Level Enforcement policy

The first step in creating a policy is to define the basic policy information.

To add a Quality of Service (QoS) policy

1. Go to Workbench > Browse > Organization, and select Policies > QoS Policies. The Policies Summary is displayed.
2. Click Add Policy.
3. Choose the policy type and click Next.
4. Specify a name (required) and description (optional) and click Finish. At the Completion Summary, click Close. The Add Policy Wizard creates a draft policy instance that you can then configure on the Policy Details page.

For more information, see Add Policy.

Configuring a Service Level Enforcement policy

To configure your Service Level Enforcement policy, follow the steps below.

To configure a Service Level Enforcement policy

1. Create the policy as covered above.
2. At the Policies Summary page, in the Service Level Enforcement Policy section, click Modify. The Modify Service Level Enforcement Policy page appears, as shown below.

   

3. Specify values for the following:
   • Consumer Fault Message: The error message returned to the consumer when an SLA is violated.
   • HTTP result code: The HTTP response code returned to the consumer when a message is rejected because the SLA was violated. Default is 403 ("Forbidden: the request was refused by the server"). You can change the code if needed.
4. When done, click Finish.
5. At the Completion Summary page, click Close.

Activating a policy

When you create and configure a policy, the policy is in Draft state. When the policy configuration is complete, activate the policy: click Activate Policy and then confirm. See Activate a Policy.

A policy in Draft state is not available for general use. Once you activate the policy, it is in Active state and is available for use.

Attaching a policy

To use the Service Level Enforcement policy, go to the Policies folder in the respective organization and attach the policy to a web service, binding, or binding operation.

Note: The Service Level Enforcement policy works together with the Service Level Policy.

Testing the Policy and Viewing Monitoring Data

After you've attached the Service Level Enforcement Policy to a web service, operation, or binding, send a request to your service and go to the Services > Monitoring section to view the results for Logs, Real Time Charts, and Historical Charts.

Service Level Enforcement Policy: use cases for Policy Manager

This section provides a list of Policy Manager-specific usage scenarios for the Service Level Enforcement Policy.

It includes:

1. Scenario 1: Block Request to Service
2. Scenario 2: SLA Clear Alert
3. Scenario 3: SLA Reset
4. Timeline

Scenario 1: Block Request to Service

Block request to service for 15 minutes (the configured interval in this example) after 300 requests SLA has been violated. In this scenario, a fault message is returned to the app. The message that's returned is the one defined in the Service Level Enforcement Policy.

1. Create a physical service in the Policy Manager Management Console using Create Physical Service.
2. Provide service details and finish the wizard.
3. Using Virtualize Service, virtualize and host the physical service on Network Director (ND1), and assign a name (for example, Vs1).
4. Navigate to Organization > Policies > QoS Policies and use Add Policy to create a Service Level Enforcement Policy.
5. Configure the Service Level Enforcement Policy and define a custom Fault message that reflects the use case scenario purpose.
6. Next, use Add Policy and create a Service Level Policy.
7. Configure this policy as per the use case with a Custom alert for Usage Count > 300 in a 15-minute interval.
8. Attach the Service Level Enforcement policy and Service Level policy to the Vs1 service in the Service Details > Policy Attachments > QoS section.

   

9. Send more than 300 requests to Vs1 from the application/client.
10. The first 300 requests will be successful, and subsequent requests will also be successful during the first 15-minute interval. At that point, the Service Level Policy will generate an alert, and the Service Level Enforcement policy will block the service. Subsequent requests will fail, for the duration of the next 15-minute interval, and the custom Fault message defined in the Service Level Enforcement Policy will be returned.

Scenario 2: SLA Clear Alert

SLA generates a clear alert and sends an email to alert the administrator(s) after the App has been denied access for 15 minutes.

1. Create a physical service in the Policy Manager Management Console using Create Physical Service.
2. Provide service details and finish the wizard.
3. Using Virtualize Service, virtualize and host the physical service on Network Director (ND1), and assign a name (for example, Vs1).
4. Navigate to Organization > Policies > QoS Policies and use Add Policy to create a Service Level Enforcement Policy.
5. Configure the Service Level Enforcement Policy as per the use case with a custom Fault message.
6. Navigate to Organization > Policies > QoS Policies and use Add Policy to create a Service Level Policy.
7. Configure the Service Level Policy as per the use case with a custom alert for Usage Count > 300 in a 15-minute interval.
8. Activate the policies in the Service Level Enforcement Policy and Service Level Policy in the Policy Workflow portlet and attach them to the Vs1 service in the Service Details > Policy Attachments > QoS section.
9. Send more than 300 requests to Vs1 from the application/client.
10. The first 300 requests will be successful, and subsequent requests will also be successful during the first 15-minute interval. At that point, the Service Level Policy will generate an alert, and the Service Level Enforcement policy will block the service. Subsequent requests will fail, for the duration of the next 15-minute interval, and the custom Fault message defined in the Service Level Enforcement Policy will be returned.
11. At the next 15-minute checkpoint, if the SLA is not violated again, the Service Level Policy generates a "cleared" alert.

Scenario 3: SLA Reset

SLA has been reset and the App can send to the API.

1. Create a physical service in the Policy Manager Management Console using Create Physical Service.
2. Provide service details and finish the wizard
3. Using Virtualize Service, virtualize and host the physical service on Network Director (ND1), and assign a name (for example, Vs1)
4. Navigate to Organization > Policies > QoS Policies and use Add Policy to create a Service Level Enforcement Policy.
5. Configure the Service Level Enforcement Policy as per the use case a custom Fault message
6. Navigate to Organization > Policies > QoS Policies and use Add Policy to create a Service Level Policy.
7. Configure the Service Level Policy as per the use case with custom alert for Usage Count > 300 in 15-minute intervals.
8. Activate the policies in the Service Level Enforcement Policy and Service Level Policy in the Policy Workflow portlet and attach them to the Vs1 service in the Service Details > Policy Attachments > QoS section.
9. Send more than 300 requests to Vs1 from the application/client.
10. The first 300 requests will be successful, and subsequent requests will also be successful during the first 15-minute interval. At that point, the Service Level Policy will generate an alert, and the Service Level Enforcement policy will block the service. Subsequent requests will fail, for the duration of the next 15-minute interval, and the custom Fault message defined in the Service Level Enforcement Policy will be returned.
11. At the next 15-minute checkpoint, if the SLA is not violated again, the Service Level Policy generates a "cleared" alert.
12. At that point, service resumes, and calls to the API should be successful.

Timeline

Related Topics