Policies are a set of rules which are used by the Broker to provide consistent governance over where resources can be deployed and control how resources can operate. Policies are set by the organisation and align to the organisation's business rules.
Available Policies
The following table lists the policies available for configuration. Policies can either be built into the Broker framework, or introduced as part of an enabled plugin - plugin dependencies are detailed within the table.
Policy Name | Description | Dependency |
IP | Determines whether resources are assigned a Public IP, and whether management of the resources is performed via their Public or Private assigned IP address. | N/A |
Hours of Operation | Determines if and when the Broker should automatically power on and power off the resource. | N/A |
Provider | Determines which providers are available for deployments. | N/A |
Region | Determines which regions/zones/data centres are available for deployments. | N/A |
Safeguard Termination | Determines whether users are prompted for an additional confirmation step prior to termination of a deployment. | N/A |
Sizing | Determines the ratio to which CPU and memory resources will be dynamically resized against the requested size configured in blueprints. | N/A |
VMware Resource Pool | Specifies the Resource Pool which VMware resources should be deployed to. | VMware |
Budget Contingency | Specifies a percentage of a total cost lease to be used as budget contingency. | N/A |
CommVault Protection | Determines whether resources will be protected by an integrated CommVault policy. | CommVault |
Maximum Lease Duration | Determines the maximum number of days which can be requested for a deployment's lease, as well as the behaviour after the lease expires. eg. Disable or Terminate. | N/A |
NetWorker Protection | Determines whether resources will be protected by an integrated NetWorker policy. | NetWorker |
ScienceLogic Monitoring | Determines whether resources will be monitored by an integrated ScienceLogic system. | ScienceLogic |
ServiceNow | Determines whether resources will be managed within an integrated ServiceNow instance CMDB, as well as the types of resources to be managed. | ServiceNow |
Policy Hierarchy
Policies can be applied at three levels:
- Global policies are applied ALL the time to every environment and every deployment
- Environment policies are applied to each configured environment and may further restrict access to resources or operations, or even introduce features to the environment
- Deployment policies are applied to each deployment to alter specific resources
Effective Policy
When policies are applied to multiple levels, the Broker will determine the effective policy by applying each policy configuration, cascading from Global policies followed by Environment policies, with Deployment policies being evaluated last.
It is possible to have an effective policy that results in no valid options for a deployment. The Broker will provide details as to why options have been excluded during its evaluation process.
Policy Configuration
This section describes the procedures to locate the three areas of policy configuration.
Global Policies
This example describes the steps required to locate Global policies. It will also provide steps to view and modify the Global IP policy.
An IP policy must always exist in the Broker configuration and is configured by default when a Broker is deployed. For this reason, the Global IP policy can be modified, but cannot be removed. The IP policy allows administrators to specify whether cloud resources are managed via their public or private IP address.
- Log into the Broker UI as an administrative user
- Navigate to Admin > Control Panel
- Select the Global Policies tile
- Click the Edit button next to the IP Policy to view and edit the policy
- Configure the policy as required with the following options:
- Assign a Public IP Address: If selected, will assign a publicly accessible IP address to deployed resources
- Manage resources via Public IP Address: If selected, management of resources using their assigned Public IP address is the default action
- Manage resources via Private IP Address: If selected, management of resources using their assigned Private IP address is the default action
- Assign a Public IP Address: If selected, will assign a publicly accessible IP address to deployed resources
- Click OK
- New policies can be added or existing policies can be modified here
Environment Policies
This example describes the steps required to locate Environment policies.
- Log into the Broker UI as an administrative user
- Navigate to Manage > Environments
- Select the Environment name or click the View button next to the Environment to view
- Select the Policies tab
A list of existing policies and their hierarchy is displayed - New policies can be added or existing policies can be modified here
Policy Management
Activating a Policy
- Locate the policy configuration for the hierarchy level where the policy is to be added
- Click Add
- Select the policy to add - this example uses the Safeguard Termination Policy
Click Next - Enter any policy options - this example has no additional options
Click OK - The policy has now been added
Modifying a Policy
- Locate the policy configuration for the hierarchy level where the policy is to be modified
- Click the Edit button next to the policy to view and edit the policy
- Modify the policy as required
Click OK - Where a policy contains settings that can be overwritten at a lower hierarchy level, click the plus sign next to the policy to view available settings - this example uses the IP policy
- Modify the policy as required
Click OK - Additional policies, modifications, and effective policies are highlighted in the policy configuration
Deactivating a Policy
- Locate the policy configuration for the hierarchy level where the policy is to be removed
- Click the cross button next to the policy to remove the policy
- Click Remove to confirm removal of the policy
- The policy has now been removed