Policies¶
Overview¶
Policies add governance, ease of use, cost-savings, and auditing features to Morpheus. Morpheus enables end users to create Policies scoped to Users, Roles, Groups, Clouds, Tenants and Global scoping to give Admins full control and governance over their environments! Policy generation is a role permission.
Policy Types¶
- Policies: New s Policy
- Backup Targets Policy Type added.
- Policies: New Policy
Delayed Removals allow for soft deletion of Instances and Apps. Instead of deleting immediately, Instances and Apps with a Delayed Removal policy applied will be shutdown upon deletion request and hidden by default from the ui. The Instance/App will then be in
Pending Removal
status.- If no action is taken, the resources will be deleted in the timeframe set in the policy.
- An
Undo Delete
action is available for Instance and Apps in pending removal status. TriggeringUndo Delete
will remove the scheduled deletion and restore the Instance or App status to stopped. - A new
Pending Removal
filter has been added to/provisioning/instances
and/provisioning/apps
- Delayed Removal policies do not current apply to Docker Hosts or Discovered VM’s.
- Available Scopes for Delayed Removal policies are Global, Cloud, Group, User and Role and can be applied to a single or multiple Tenants.
- Policies: New Message of the Day (MOTD) Policy
Message of the Day”” Policy for displaying Alerts in Morpheus.
- Configurable as a pop-up or full-page notification with Info, Warning and Critical message types.
- Includes new Role Permission: Admin: Message Of the Day - None/Full
- Backup Creation
- Disable or enable the ability to create a backup when provisioning an instance.
- Backup Target
- A master account can determine storage provider options for backups with Backup Targets policies.
- Budget
- Sets a maximum total combined price for all instances in the Group, Cloud, Tenant or owned by the User this policy is applied to.
- Delayed Removal
- Delayed Removals allow for soft deletion of Instances and Apps. Instead of deleting immediately, Instances and Apps with a Delayed Removal policy applied will be shutdown upon deletion request and hidden by default from the ui. The Instance/App will then be in
Pending Removal
status. - Expiration
- Sets an expiration timeframe in days after which the Instance will be deleted. Extensions can be auto-approved or require approval immediately or after x amount of auto-extensions using Morpheus Approvals or an Approval Integration.
- File Share Storage Quota
- Sets a Storage Quota for File Share usage (in GB) to scoped User, Role, Tenant or Global.
- Host Name
- Pre-populates a fixed or editable name for Hosts and Virtual Machines using ${variable} naming patterns and/or text.
- Hostname
- Pre-populates a fixed or editable name for hostnames/machine names using ${variable} naming patterns and/or text.
- Instance Name
- Pre-populates a fixed or editable name for Instance Names using ${variable} naming patterns and/or text.
- Max Containers
- Sets the max number of Containers for the Group or Cloud the Policy is added to.
- Max Cores
- Sets the max number of total of Cores combined for Instances in the Group or Cloud the Policy is added to.
- Max Hosts
- Sets the max number of total Hosts in the Group or Cloud the Policy is added to.
- Max Memory
- Sets the max number of total of RAM combined for Instances in the Group or Cloud the Policy is added to.
- Max Storage
- Sets the max number of total of Storage combined for Instances in the Group or Cloud the Policy is added to.
- Max VMs
- Sets the max number of Virtual Machines for the Group or Cloud the Policy is added to.
- Message of the Day (MOTD)
Message of the Day”” Policy for displaying Alerts in Morpheus. Configurable as a pop-up or full-page notification with Info, Warning and Critical message types.
Note
Requires Role Permission:
Admin: Message Of the Day
-> Full to create and manage MOTD Policies.- Object Storage Quota
- Sets a Storage Quota for Object Storage usage (in GB) to scoped User, Role, Tenant or Global.
- Power Scheduling
- Adds a Power Schedule for the Instances in a Group or Cloud. Power Schedules can be created in
Operations -> Scheduling
- Provision Approval
- Sets an Approval requirement for Provisioning into a Group or Cloud using Morpheus Approvals or an Approval Integration such a Service Now.
- Shutdown
- Sets a shutdown timeframe in days upon provision after which the Instance will be stopped. Extensions can be auto-approved or require approval immediately or after x amount of auto-extensions using Morpheus Approvals or an Approval Integration.
- Storage Server Storage Quota
- Sets a Storage Quota for selected Storage Server (in GB), applied Globally or per specified Tenants.
- Tags
Requires the user to add compliant Tags at provision time, this can be enforced on a strict or passive basis
Note
Tag scanning and enforcement is currently only available for Azure, Amazon, Google, and VMware clouds. For a more comprehensive guide on implementing Tag Policies, see the associated article in our KnowledgeBase.
- User Creation
- Controls the “CREATE YOUR USER” flag in the User Config options during provisioning do be always disabled, always enabled, enabled by default, or disabled by default.
- User Group Creation
- Forces User Creation of members in the selected User Group during Provisioning.
- Workflow
- Forces execution of selected Workflow for Instance Provisioning.
Creating Policies¶
Policies can be created in three different locations.
Administration -> Policies
Infrastructure -> Groups -> Group -> Policies
Infrastructure -> Clouds -> Cloud -> Policies
Policies can be disabled and re-enabled at anytime.
Important
Precedence is applied to matching or conflicting Policies in the following order: Cloud > Group > Role > User > Global.
To create a Global Policy:¶
- Navigate to
Administration -> Policies
- Select + ADD Policy and choose from the available policy types.
- Refer to Policy Type sections below for Configuration options.
- Under Filter next to scope select Global
- Select SAVE CHANGES
To create a Policy for a User:¶
- Navigate to
Administration -> Policies
- Select + ADD Policy and choose from the available policy types.
- Refer to Policy Type sections below for Configuration options.
- Under filter next to scope select User a drop down menu will appear below allowing you to select a user
- Select SAVE CHANGES
To create a Policy for a Role:¶
- Navigate to
Administration -> Policies
- Select + ADD Policy and choose from the available policy types.
- Refer to Policy Type sections below for Configuration options.
- Under filter next to scope select Role a drop down menu will appear below allowing you to select a Role
- For
APPLY INDIVIDUALLY TO EACH USER IN ROLE
- Select for Max Resource/Quota Policies to be calculated per user
- Leave unselected to calculate by total usage of all users within that Role.
- For
- Select SAVE CHANGES
To create a Policy for a Cloud:¶
Note
Resource Limitation Policies apply to all Instances in the Cloud the Policy is added to. Approval, Naming, Power, Shutdown and Expiration Policies apply to Instances created or moved into the Group after the Policy is enabled.
- Navigate to
Infrastructure -> Clouds
- Select a Cloud by clicking on the name of the Cloud to go to the Cloud Detail page.
- Select the
POLICIES
tab in the Cloud Detail page. - Select + ADD and choose from the available policy types.
- Refer to Policy Type sections below for Configuration options.
- Select SAVE CHANGES
To create a Policy for a Group:¶
Note
Resource Limitation Policies apply to all Instances in the Group the Policy is added to. Approval, Naming, Power, Shutdown and Expiration Policies apply to Instances created after the Policy is enabled.
- Navigate to
Infrastructure -> Groups
- Select a Group by clicking on the name of the Group to go to the Group Detail page.
- Select the
POLICIES
tab in the Group Detail page. - Select + ADD and choose from the available policy types.
- Refer to Policy Types sections below for Configuration options.
- Select SAVE CHANGES
Policy Types¶
Expiration Policies¶
Expiration policies set an expiration timeframe for any instance provisioned into the cloud, role, group or by the user the policy is added to. When an instance expires, it is terminated and deleted.
Configuration options for expiration policies:
- Expiration Type
- User Configurable- expiration timeframe is editable during provisioning
- Fixed Expiration- user cannot change expiration timeframe
- Expiration Days
- Configures the number of days the instance is allowed to exist before being removed.
- Renewal Days
- If the instance is renewed, this is the number of days by which the expiration date is increased.
- Notification Days
- This allows an email notice to be sent out X days before the instance is set to expire.
- Notification Message
- Customizable message for notification emails. The default message is
Instance ${instance?.name} is set to expire on ${instance?.expireDate}
- Auto Approve Extensions
- Enable this to auto-approve extension requests, bypassing approval workflows.
Instances with expirations show the time until expiration in the instance detail pane. Instances with active expiration policies can be extended by selecting the EXTEND NOW button in the instance detail pane. The extension length is set in the policy by the RENEWAL DAYS field.
Expirations can also be added to any instance during provisioning by entering the number of days in the EXPIRATION DAYS field in the Lifecycle section of the automation section of the provisioning wizard. Expiration can be added to any instance even if no policies have been created.
Note
Expiration and Shutdown Policies will be enforced on Instances moved into a Group with an Active Policy or Instances created when converting an unmanaged host to managed.
Instance and Host Names¶
Naming Policies will populate a fixed or editable name for instances, hosts and hostnames. The Name Pattern field uses ${variable} string interpolation.
- NAMING TYPE
- User Configurable
- Naming pattern will pre-populate during provisioning but can be edited by the user.
- Fixed Name
- Naming pattern will pre-populate during provisioning and cannot be changed.
- NAME PATTERN
The Name Pattern field uses Static text and/or
${variable}
string interpolation, such asmorpheus${cloudCode}${type}${sequence+3000}
An example Instance Name Policy using a naming pattern with User Initials, Cloud Code, Instance Type, and a sequential number starting at 3000 is
${userInitials}-${cloudCode}-${type}-${sequence+3000}
, resulting in an Instance Name of md-vmwd3-centos-3001 for the first instance, followed by md-vmwd3-centos-3002 and so on.Commonly used variables for naming patterns include:
${groupName} ${groupCode} ${cloudName} ${cloudCode} ${type} ${accountId} ${account} ${accountType} ${platform} ${platform == 'windows' ? 'w':'l'} # results in `w` for Windows platforms and `l` for Linux Platforms ${userId} ${userName} ${userInitials} ${provisionType} ${instance.instanceContext} # Environment Code ${sequence} # results in 1 ${sequence+100} # results in 101 ${sequence.toString().padLeft(5,'0')} #results in 00001
Cloud codes and Group codes are fields found in their respective configuration panes.
- AUTO RESOLVE CONFLICTS
- Morpheus will automatically resolve naming conflicts by appending a sequential -number to the name when enabled.
Shutdown Policies¶
Shutdown policies dictate the number of days an instance is allowed to run before it is shut down. Shutdown is consistent across cloud types i.e.: in VMware, a VM is powered off. In AWS, an instance is stopped. Etc.
Configuration options for shutdown policies:
- Shutdown Type
- User Configurable
- Shutdown timeframe is editable during provisioning.
- Fixed Expiration
- User cannot change shutdown timeframe during provisioning.
- Expiration Days
- Configures the number of days the instance is allowed to exist before being shut down.
- Renewal Days
- If the instance is renewed, this is the number of days by which the shutdown date is increased.
- Notification Days
- This allows an email notice to be sent out X days before the instance is set to shut down.
- Notification Message
- Customizable message for notification email.
- Auto Approve Extensions
- Enable this to auto-approve extension requests, bypassing approval workflows.
Note
Expiration and Shutdown Policies will be enforced on Instances moved into a Group with an Active Policy or Instances created when converting an unmanaged host to managed.
Provision Approval¶
Morpheus Provision Approvals enable an approval workflow via internal Morpheus approval or via ServiceNow workflow. If a ServiceNow integration is present, the ServiceNow option is enabled. The Approval workflow to be selected is dynamically created by querying the ServiceNow Workflow table in the integrated ServiceNow instance.
This ServiceNow approval integration enables users to use the Morpheus Self-Service provisioning portal to provision new instances and still respect the required ServiceNow business approval workflow.
Power Schedules¶
Power Schedules set daily times to shutdown and startup instances. Power schedule can be created and managed in Operations -> Scheduling
.
Note
Power Schedule Policies will apply to Instances created in a Group or Cloud after the Policy is enabled, and will not apply to pre-existing Instances.
Configuration options for Power Schedule Policies:
- DESCRIPTION
- Add details about your Policy for reference in the Policies tab.
- Enabled
- Policies can be edited and disabled or enabled at any time. Disabling a Power Schedule Policy will prevent the Power Schedule from running on the Groups Instances until re-enabled.
- ENFORCEMENT TYPE
- User Configurable: Power Schedule choice is editable by User during provisioning.
- Fixed Schedule: User cannot change Power Schedule setting during provisioning.
- POWER SCHEDULE
- Select Power Schedule to use in the Policy. Power schedule can be added in
Operations -> Scheduling
- TENANTS
- Leave blank for the Policy to apply to all Tenants, or search for and select Tenants to enforce the Policy on specific Tenants.
Max Resources¶
Max Resource policies allow setting quotas for Clouds, Groups, Roles or Users for maximum amount of Memory, Storage, Cores, Hosts, VM’s, or Containers that can be created in the Cloud, Group, Role or by the User the Policy is assigned to.
Configuration options for Max Resources Policies:
- Max Containers
- Sets the maximum combined total of Containers in Instances per Policy Scope.
- Max Cores
- Sets the maximum combined total of Cores in Instances per Policy Scope.
- Max Hosts
- Sets the maximum total of Hosts per Policy Scope.
- Max Memory
- Sets the maximum combined total of RAM (capacity) for Instances per Policy Scope.
- Max Storage
- Sets the maximum combined total of Storage (capacity) for Instances per Policy Scope.
- Max VMs
- Sets the maximum total of managed Virtual Machines per Policy Scope.
Scope
- TENANTS
- Leave blank for the Policy to apply to all Tenants, or search for and select Tenants to enforce the Policy on specific Tenants.
User Creation¶
The User Creation policy controls the “CREATE YOUR USER” flag in the User Config options during provisioning do be always disabled, always enabled, enabled by default, or disabled by default.
Configuration options for User Creation Policies:
- TYPE
- User Creation
- DESCRIPTION
- Description to identify the policy config
- Enabled
- Policies enforcement can be disabled or enabled at any time.
- ENFORCEMENT TYPE
- User Configurable: User Creation choice is editable by User during provisioning.
- Fixed: User cannot change User Creation setting during provisioning.
- CREATE USER
- Check to allow or force user creation. Uncheck to disable by default or force no user creation.
- TENANTS
- Leave blank for the Policy to apply to all Tenants, or search for and select Tenants to enforce the Policy on specific Tenants.