Creating and managing policies

Policies in BMC Cloud Lifecycle Management can help you control which available resources are used when a user-requested service instance is created in the cloud.

You manage policies through the Service Governor workspace. Policies are based on resource tags. For policy and tag overview information, see Policy-management-overview.

Before you begin

Each tenant must be mapped to a network container, as described in Mapping-tenants-to-network-containers.

Each compute resource pool must be mapped to the appropriate network containers, as described in Mapping-compute-pools-to-network-containers.

To create policies

  1. Create tag groups and tags, as described in Creating-tag-groups-and-tags.
  2. Tag objects in BMC Cloud Lifecycle Management, as described in Assigning-a-tag-to-an-object.
  3. Create policies based on tags, as described in Creating-policies.

Simple tagging and policy example

In this example, the cloud administrator creates a tag group called SLA (service level agreement) to define relative service levels. Within the SLA tag group, the cloud administrator creates the Gold and Silver tags. The Gold tag indicates a higher level of service (and perhaps cost). The Silver tag indicates a relatively lower level of service (and perhaps cost).

The cloud administrator then tags compute pools and network containers, tags service blueprints, and finally creates policies that use those tags.

Tag resources

After creating tag groups and tags, the cloud administrator tags resources.

  • Tag network containers
    • Gold: Assigned to a network container in a network that is capable of handling large amounts of networking traffic quickly.
    • Silver: Assigned to a network container in a network that is relatively slower than the gold network container.
  • Tag compute resource pools
    • Gold: Assigned to a compute resource pool that contains resources from a virtual cluster that is hosted on "high-end" hardware.
    • Silver: Assigned to a compute resource pool that contains resources from a virtual cluster that is hosted on relatively "lower-end" hardware.

Tag service blueprints

After resources are tagged, the cloud administrator then tags service blueprints in the same manner. For this example, assume that blueprints already exist.

  • One service blueprint is for a mission-critical application that needs higher-end resources. Using the SLA tag group again, the cloud administrator assigns the Gold tag to this blueprint for a service that needs high-end resources.
  • One service blueprint is for a simple, noncritical application that needs relatively lower-end resources. Using the same tag group, SLA, the cloud administrator assigns the Silver tag to this blueprint.

To keep this example simple, these service blueprints were tagged only at their top level. You can actually tag service blueprints at several levels: Service Blueprint Definition (top level), Components, Service Deployment Definitions, Resource Sets, and Compute Resources.

Because you can have multiple instances of these levels to specify different options in each service blueprint, you can tag each option level separately to ensure that the proper resources are used during service provisioning. When a service blueprint is tagged differently at different levels, the tag at the more specific level of the service blueprint is used during policy evaluation. For more information, see Service-blueprint-tag-selections-in-policies.

Create policies

Now that resources and service blueprints have been tagged with either Silver or Gold from the SLA tag group, the cloud administrator creates policies based on the SLA tag group and tags. These policies match tags between service blueprints and resources. For this example, the cloud administrator creates the following policies:

  • Network container policy: This policy indicates that, when a network container and service blueprint have the same tag, BMC Cloud Lifecycle Management  will place all service instances that use that service blueprint in the network container that has the matching tag.
  • Compute pool policy: This policy indicates that, when a compute resource pool and service blueprint have the same tag, BMC Cloud Lifecycle Management will create all service instances that use that service blueprint with resources from the compute resource pool that has the matching tag. However, compute pool policies depend on network container policies. Compute pool policies are evaluated only for compute pools that are mapped to the network container chosen by the network container policy.

When the conditions contained in a policy are satisfied, the policy is used during the provisioning of a service.

A condition is satisfied when any of the tags specified in the selected Tag Source (service blueprint or tenant) are in the selected Tag Group (SLA for example) and match one of the tags specified for a resource.

Related topic

Service-Governor-workspace-overview

 

Tip: For faster searching, add an asterisk to the end of your partial query. Example: cert*