Approval policies has changed significantly compared to previous releases of vCloud Automation Center. Approval policies provides a key control over your Infrastructure. It forms core component of Cloud governance. Below is schematic view of approval policy. Approval policy is ruled by policy type and directly influences approval phases.
There are two Approval phases -Post-Approval and Pre-Approval phases. For every phase there are levels to define. These levels are approval levels can be seen as Business steps. At each level you have to select how approval proceeds. Approval steps/levels is influenced by two options 1).Is Approval Required, 2). Who are the approvers . In first option we decide if approval is needed (always required/based on condition) and second option we define approvers (single/group, All must approve/anyone approve).
Creating Approval Policies
As tenant administrator go to Administration tab => Approval Policies and select fat green button to create a new approval policy
Select the approval Policy Type from the drop down menu. Most relevant for me is Service Catalog –Catalog Item Request (Virtual Machines)
Approval level can be designated as always required for strict governance or you can keep it flexible by defining condition. e.g. end user is requesting a machine of 16 GB RAM. For uses cases of this kind a condition must be defined -whenever user request a machine memory more than 4 GB, approval policy must be invoked.
You can designate single person an approver or you can add group of users as approvers. You also have option to decide if approval is needed from any one person from the group or all the group members must approve it.
Sometime it does happen, user requests VM with 16 GB RAM, IT manager explains it is not possible now however once we have adequate capacity we can meet you requirement. End user agrees. So instead of asking him to re-sent another provisioning request IT manager can edit the memory to level which is possible with current utilization and approval process proceeds further.
If you wish to update approval policy you must make a copy of the policy. It is not possible to edit the existing policy. Reason is not explained why one cannot edit but I could think it could be that once entitlement gets associated with approval policy it might be difficult to break the relationship.
To understand how the approval level works, I went ahead and added another level (Business approval stage), press Big fat green tab
Fill in the details, repeat all inputs we did to add L1 approver except the approver must be fabric admin
Below you can see each approval policy has at least one phase and each phase can have multiple level. I have seen only two phases in the screen below i.e Pre Approval and Post Approval. Phases includes level of approvals. e.g. In Pre Approval phase I have created two levels of approval. Phases are clearly controlled by the approval policy type. In Pre Approval phase all approval are needed before service provisioning can start, while in Post Approval phase approval is needed when service is provisioned but before it is released to the owner.
As per above screen Level 1 (L1) needs approval from manager and Level 2 (L2) needs approval from Finance controller. L2 is dependent on L1, unless L1 approves L2 cannot approve. You can also change sequence of approval shown in the screen above.
Assigning Approval Policy to Entitlements
Now that approval policy is created we must assign it with entitlements. Go the Administration => Catalog Management =>Entitlements page. Select the entitlement you wish to applying approval policy
Please note some Approval policy can be applied only to new catalog item requests, while other policies can be applied only to post provisioning actions on provisioned items. In our case we created a simple pre-provisioning policy which will invoke approval when you initiate request for new VM (Service catalog –Catalog item Request (Virtual Machine). You can apply this policy only to catalog item as could be seen above. Though this relation is automatically established you probably do not have to memorize this relation. Reason I say this is because If you try to associate such policy with incorrect entitlement it won’t show. Since this policy is not applicable to Entitled services and Actions, In below screen I observed they are not visible at all
All previous post of vCloud Automation Center 6.0 (vCAC 6.0)
Next post I will be focusing on build profiles