www.open902.com

My own Knowledge Base made public ..

vRA7 – Mail and Approvals

This is a combined article of both, mail setup (in and outgoing) and approvals – aka Approval Policies.

They both kinda go hand in hand – so I may as well combine them.

The idea is that a user can request a Blueprint, but if the user would like to increate Memory or CPU count, the admin will receive an approval request via email. Only when the admin approves the deployment request, the VM will be deployed, making the user happy.

My environment is not a production environment, so I really only got two users setup in AD and also my local Mail Server

vra7_config_mail_0001

Next thing to do is configuring vRA for both in- and outbound email.

Outbound mail is being used for approval requests etc. whereas the inbound email is basically so vRA can poll approval emails. More to that, later.

In order to setup Global In- and Outbound servers, you need to be System Administrator

Browse to Administration > Email Servers

Click Screen Shot 2016-01-28 at 10.09.53

vra7_config_mail_0002

Click Email Inbound

vra7_config_mail_0003

Here I am using the Admin account mentioned

vra7_config_mail_0004

Click Test Connection to ensure the details are correct

Click OK

vra7_config_mail_0005

Note: You should use an email address which is not monitored via a mail client as vRA will connect to the inbox in order to read approval / reject mails.

The approvals / rejections will fail if someone for example deletes the email intended for vRA

Click Email Outbound

vra7_config_mail_0006

As this is a lab and my mail server is not reachable from the internet, I don’t require any authentication. This can of course be different in your environment

Click Test Connection

vra7_config_mail_0008

Again make sure the test finished successfully

Click OK

vra7_config_mail_0009

You should now have two servers setup – Inbound and Outbound

vra7_config_mail_0010

Next thing you have to make sure is that the users who want to receive notification emails, are subscribed to emails.

Click Preferences

vra7_config_mail_0011

And enable notifications

vra7_config_mail_0012

Also, for email notifications to work, your user in AD have to have an email address configured

vra7_config_mail_0013

If you just added it – it may need a bit to sync down to vRA – depending on your sync frequency configured – or sync the changes manually

vra7_config_mail_0015

Next the actual approval policy

Browse to Administration > Approval Policies

Click Screen Shot 2016-01-28 at 10.09.53

vra7_config_mail_0016

I want to create a policy which requires admin approval if the user requests a VM with

  • More than 2 vCPUs
  • More than 6GB of RAM

To do this – select Service Catalog – Catalog Item Request – Virtual Machine

vra7_config_mail_0017

Give it a name and set it to active

vra7_config_mail_0018

I want the approval process to happen BEFORE the machine is being deployed.

Under Pre Approval – click Screen Shot 2016-01-28 at 13.23.28

Give it a name and select the user you want to approve requests

Set When is approval required to Clause

vra7_config_mail_0019

Set the Clause to Any of the following

vra7_config_mail_0022

Then set CPU to > 2 and Memory > 6GB – this is just an example and it also depends what your templates are configured with.

Press OK

vra7_config_mail_0023

And OK again

vra7_config_mail_0024

That’s the Approval Policy done

vra7_config_mail_0025

Next we need to add the approval policy to the entitlement.

Browse to Administration > Catalog Management > Entitlements

Select an Entitlement you wish to add the approval policy to

Move over to the tab Items & Approvals

Under Entitled Items – click Modify Policy

vra7_config_mail_0026

Click Show All

vra7_config_mail_0027

There are some funnies going on with policies to be honest. It should really show the policy when selecting the option to show all applicable policies.

However, a Blueprint is technically not a virtual machine (remember, it is the policy we selected) – but a VM is rather an item of the Blueprint.

If you create an approval policy of General Items or Blueprints, you will see the policy here as applicable – but you won’t be able to create rules for VM items such as CPU or Memory – confused yet ?

Anyway, click Show All and you are golden 🙂

Click your newly created approval policy

vra7_config_mail_0028

And click OK

vra7_config_mail_0029

That is it – now we can test it. Login as a user who can provision said blueprint

Here is a tip – if want to have vRA open as both, admin and user by using the same browser, open one tab and login as one, and a private tab as the other 🙂

As user, request the particular blueprint

Remember, approval is required when either

  • The request is for >2 vCPUs
  • The request is for > 6 GB of Ram

You can see my template here has by default 2 vCPUs and 6GB of RAM

vra7_config_mail_0030

I just going to increase it to 8GB and see what happens

vra7_config_mail_0031

When you click Home – you will now see that a deployment is pending approval

vra7_config_mail_0032

Two ways an admin can now approve it – via vRA

As admin, click the item waiting for approval

vra7_config_mail_0033

And either approve or reject it

vra7_config_mail_0034

But this is about mail .. so first, the requestor will have an email about his request

vra7_config_mail_0035

And the admin has an email asking to either Reject or Approve the request

vra7_config_mail_0036

You will notice that email is ‘Read’ when using a mail client – why ? Because remember, you configured an Incoming Email server and therefore vRA constantly reads those mails.

So as admin, I click Approve in the email

This effectively creates a new email with funky subject line to be send to the approver mailbox

vra7_config_mail_0037

In my case the mailbox configured in vRA is the same as the mailbox of the admin, which is why I said you should really have a dedicated mailbox for that 🙂

Anyway, send it

vra7_config_mail_0038

Within split seconds, the mail will become ‘Read’ again – remember why ? Exactly, because vRA is reading the email and by using the subject line – it knows you have approved the deployment via mail

So how do we check this ? Easy, check the deployment process

The previously VM which was pending approval, is now being deployed

vra7_config_mail_0039

The user also gets a shiny mail saying it has been approved (or declined)

vra7_config_mail_0041

If this would be a video, I’d say – I’ll pause the video and will be back shortly :p

vra7_config_mail_0040

So once finished, the user will get a few emails 🙂

A general overview – including IP

vra7_config_mail_0042

The lease change – here Unlimited (well I know it is unlimited – but the ‘lease’ mail doesn’t actually show the lease – love consistency yet ?)

vra7_config_mail_0043

And the final ‘Done’ report

vra7_config_mail_0044

That is it – well done you all 🙂