Approval Policies are now available in vRealize Automation

Approval Policies are now available in vRealize Automation

This post was originally published on this site ---

Providing a self-service catalog can be a great way to allow users in an organization to quickly get applications and services they need and can help IT focus on other tasks outside of just full-filling requests for machines. However when a catalog is presented to an organization it is important that there are some guardrails and governance around those requests from the catalog. Policies such as “Lease Times” help by eliminating resources that are not being used and ensuring that users know they cannot keep something forever. Governance is a key aspect of building a cloud-like experience for an organization and now vRealize Automation Cloud contains “Approval” policy definitions to allow for even greater control. In this blog I will highlight this exciting feature and explain how it can be used.


What is an Approval Policy in vRealize Automation?


Approval policies are a level of governance that helps control which Deployment Requests and Actions require approvals before being initiated. If the approver rejects the request, the request is not initiated and fails to execute.

For example, you have a catalog item that is important, but it consumes a significant amount of resources. You want one of your IT administrators to review any deployment requests to ensure that the request is needed. Another example applies to day 2 actions. Making changes to a deployment that is used by many might be devastating. You want the project administrator who manages the deployment for that team to review all changes to the deployed catalog item.

Approval policies can also be applied to “Actions” that can be performed within vRealize Automation. Examples include “Deployment Creation” , “AWS EC2 Instance Power On”, in fact there are 70+ actions that can have an approval attached to them.

So lets jump into this exciting new policy feature and take a look.


How To Get Started with Approvals


In this section I am going to go over where and how to setup approvals. Of course before implementing approval policies in a production environment the approvers and items needing to be approved should be identified.

In order to start configuring Approval policies you need to go to the Service Broker service within vRealize Automation. Once inside Service Broker , go to Content and Policies —> Policies —> Definitions —> New Policy Definitions.



Click on Approval Policy tile and you will see the options for creating the Approval Policy. Provide the following information:

  • Name of the Approval Policy
  • Description (optional)
  • Scope – this determines if the policy is applicable to all deployments or just to deployments within a certain Project. To learn more about Projects go here.
  • Deployment Criteria – if you want to further refine when the policy is applied then you can add policy criteria. Policy criteria options are explained in the table below.

  • Approver Mode – choose whether just one or all approvers need to approve the request.
  • Approvers – click the “Add Users” button to add approvers. They will get an email when an approval request is initiated.
  • Auto Expiry – choose either to Approve or Reject a request after a period of no response from approvers
  • Auto Expiry Trigger – choose in “Days” how long the request can live before the auto expiry action takes affect
  • Actions – search for approval actions that would be triggered at time of request. This can also be used to just apply approvals to any of the actions listed.


Once you hit the “Create” button then the policy will be show up under the Policy Definitions page. At that point the policy is in effect.


The Approval Process


The policy definition that I defined states that whenever someone tries to deploy a RDS Service within AWS, an approval is needed. After the user clicks on the RDS service within the Service Broker catalog they then fill out the information needed for the request.



Once the user hits the “Submit” button, then the deployment will stall at the Approval Needed step in the deployment. So the user will see this type of message:



Shortly after that the Approver will get an email with some instructions and a notification that a deployment is needing their attention.



Once the Approver clicks on the “Approve or Reject the request now” link in the email, they will be taken to the vRealize Automation login screen then sent to the Deployment Approve/Reject screen. There the approver can review the Request Details and then click “Approve” or “Reject” with comments.



Once the Approver clicks “Approve” the deployment will continue to completion. If the Approver rejects the request, then it is cancelled and the item will not be deployed.


This is just one example where approvals can help govern what get deployed out of your Self-Service catalog. Also keep in mind that actions can also be chosen as approval criteria. So if you do not want a user to be able to “update tags” without approvals, then that can also be done.



The post Approval Policies are now available in vRealize Automation appeared first on VMware Cloud Management.

Leave a Reply

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.