This is a combined article of both, mail setup (in and outgoing) and approvals – aka Approval Policies.
They both kinda go hand in hand – so I may as well combine them.
The idea is that a user can request a Blueprint, but if the user would like to increate Memory or CPU count, the admin will receive an approval request via email. Only when the admin approves the deployment request, the VM will be deployed, making the user happy.
My environment is not a production environment, so I really only got two users setup in AD and also my local Mail Server
Next thing to do is configuring vRA for both in- and outbound email.
Outbound mail is being used for approval requests etc. whereas the inbound email is basically so vRA can poll approval emails. More to that, later.
In order to setup Global In- and Outbound servers, you need to be System Administrator
Browse to Administration > Email Servers
Click Email Inbound
Here I am using the Admin account mentioned
Click Test Connection to ensure the details are correct
Click OK
Note: You should use an email address which is not monitored via a mail client as vRA will connect to the inbox in order to read approval / reject mails.
The approvals / rejections will fail if someone for example deletes the email intended for vRA
Click Email Outbound
As this is a lab and my mail server is not reachable from the internet, I don’t require any authentication. This can of course be different in your environment
Click Test Connection
Again make sure the test finished successfully
Click OK
You should now have two servers setup – Inbound and Outbound
Next thing you have to make sure is that the users who want to receive notification emails, are subscribed to emails.
Click Preferences
And enable notifications
Also, for email notifications to work, your user in AD have to have an email address configured
If you just added it – it may need a bit to sync down to vRA – depending on your sync frequency configured – or sync the changes manually
Next the actual approval policy
Browse to Administration > Approval Policies
I want to create a policy which requires admin approval if the user requests a VM with
- More than 2 vCPUs
- More than 6GB of RAM
To do this – select Service Catalog – Catalog Item Request – Virtual Machine
Give it a name and set it to active
I want the approval process to happen BEFORE the machine is being deployed.
Give it a name and select the user you want to approve requests
Set When is approval required to Clause
Set the Clause to Any of the following
Then set CPU to > 2 and Memory > 6GB – this is just an example and it also depends what your templates are configured with.
Press OK
And OK again
That’s the Approval Policy done
Next we need to add the approval policy to the entitlement.
Browse to Administration > Catalog Management > Entitlements
Select an Entitlement you wish to add the approval policy to
Move over to the tab Items & Approvals
Under Entitled Items – click Modify Policy
Click Show All
There are some funnies going on with policies to be honest. It should really show the policy when selecting the option to show all applicable policies.
However, a Blueprint is technically not a virtual machine (remember, it is the policy we selected) – but a VM is rather an item of the Blueprint.
If you create an approval policy of General Items or Blueprints, you will see the policy here as applicable – but you won’t be able to create rules for VM items such as CPU or Memory – confused yet ?
Anyway, click Show All and you are golden 🙂
Click your newly created approval policy
And click OK
That is it – now we can test it. Login as a user who can provision said blueprint
Here is a tip – if want to have vRA open as both, admin and user by using the same browser, open one tab and login as one, and a private tab as the other 🙂
As user, request the particular blueprint
Remember, approval is required when either
- The request is for >2 vCPUs
- The request is for > 6 GB of Ram
You can see my template here has by default 2 vCPUs and 6GB of RAM
I just going to increase it to 8GB and see what happens
When you click Home – you will now see that a deployment is pending approval
Two ways an admin can now approve it – via vRA
As admin, click the item waiting for approval
And either approve or reject it
But this is about mail .. so first, the requestor will have an email about his request
And the admin has an email asking to either Reject or Approve the request
You will notice that email is ‘Read’ when using a mail client – why ? Because remember, you configured an Incoming Email server and therefore vRA constantly reads those mails.
So as admin, I click Approve in the email
This effectively creates a new email with funky subject line to be send to the approver mailbox
In my case the mailbox configured in vRA is the same as the mailbox of the admin, which is why I said you should really have a dedicated mailbox for that 🙂
Anyway, send it
Within split seconds, the mail will become ‘Read’ again – remember why ? Exactly, because vRA is reading the email and by using the subject line – it knows you have approved the deployment via mail
So how do we check this ? Easy, check the deployment process
The previously VM which was pending approval, is now being deployed
The user also gets a shiny mail saying it has been approved (or declined)
If this would be a video, I’d say – I’ll pause the video and will be back shortly :p
So once finished, the user will get a few emails 🙂
A general overview – including IP
The lease change – here Unlimited (well I know it is unlimited – but the ‘lease’ mail doesn’t actually show the lease – love consistency yet ?)
And the final ‘Done’ report
That is it – well done you all 🙂