Any new VM that is managed by Embotics® vCommander® is, by default, unapproved (unless vCommander has been configured to automatically set the approval states of VMs as described later in this topic). You have the option of marking a VM as approved and then changing that status back to unapproved at any time.

NotePencil-smallOnly VMs can have the Unapproved state; this state is not supported for other service types, such as virtual services, load balancers, databases, auto scaling groups and stacks.
NotePencil-smallThe Approval policy and the approval state are deprecated and will be removed in a future release.

You can use the approval state of a VM to work with the Approval policy by setting that policy to trigger an action when an attempt to relocate or start an unapproved VM is made. For example, if an attempt is made to start an unapproved VM, the Approval policy can alert you of the attempt or can shut the VM down immediately. The policy therefore allows you to mandate that vCommander brokers all access to the managed system.

You can also configure vCommander to automatically approve VMs that arrive in inventory through the use of third-party deployment tools.

NotePencil-smallIf you require custom integration, contact a representative from Embotics® to discuss your requirements.

The approval state of a VM appears on the Operational pane for the VM. The following figure displays an example of an unapproved VM; the pictogram indicates that the VM needs attention.

Approval State

Setting the Approval state of a VM

Access through:

Views menu > Operational or VMs and Templates

Available to:

Administrator, Operator with Approval Access Rights

To set the approval state for a VM:

1.Right-click a service in the tree or in a table.

2.Right-click and choose Policy Enforcement > Set Approval State.

3.In the Set Approval State dialog, select Approved or Unapproved as required.

4.Click Set.

The approval state you selected for the VM is displayed on the Operational pane.

How does the Approval policy affect templates?

The Approval policy changes the Approval state for templates, but policy actions (for example, deletion) are not performed for templates. It's possible to deploy a VM from a template in the Unapproved state.

Configuring the Approval policy

Access through:

Configuration menu > Policies

Available to:

vCommander Role of Superuser and Enterprise Admin

Administrator Access Rights

Notes

The Approval policy and the approval state are deprecated and will be removed in a future release.

The Approval policy applies only to VMs.

Any configuration of this policy on a system-wide basis can affect all managed systems that are managed by vCommander now and can affect all managed systems that are added to vCommander in the future. If you do not want any managed system to be automatically affected by this policy, configure the policy by selected infrastructure elements only. For more information, see Managing Policy When Adding a Host.

1.On the Policies tab, click Add.

2.On the Choose a Policy page, select Unapproved from the list of policies, then click Next.

3.On the Policy Name/Description page, enter a name (for example, Approval Policy for Production), and an optional description, then click Next.

4.On the Choose a Target page, expand the Operational tree if required, and select the infrastructure elements to which you want the policy to apply, then click Next.

NotePencil-smallYou cannot select a folder as a target.

5.On the Configure the Policy page, to configure the policy but keep it turned off until you are ready to enable it, make sure Enable policy is unchecked.

6.From Take Action, choose one of the following options:

When you click:

After you enable the policy and if the policy is triggered, the result is:

Notification Only

No action is taken. An alert is created, notifying you that the policy has triggered. See also Subscribing to Policy Alerts.

Quarantine

The VM is quarantined if the policy is triggered.

Note: If you include this action in a policy targeting services in a managed system other than vCenter, the action will fail.

Suspend

The VM is suspended (saved in its current state).

Not supported for VMs in public cloud managed systems. If you include this action in a policy targeting services in a public cloud managed system, the action will fail.

Stop

The Guest OS is shut down.

Remove from Inventory

The VM is removed from inventory. Note that the file remains in the datastore.

Note: If you include this action in a policy targeting services in a managed system other than vCenter, the action will fail.

Delete from Disk

The VM and its associated files are deleted permanently from the disk.

When you delete a VM from disk, the files are permanently deleted. They cannot be recovered unless you have a backup copy.

When all VMs are deleted from a virtual service through a policy action (that is, when VMs are deleted by a policy action or by a command workflow attached to an expiry policy), the empty virtual service is not automatically deleted unless it too is targeted by policy.

Run [Workflow]

Existing command workflows appear for selection, organized by target type. If the policy is triggered, the selected workflow is run.

NotePencil-smallYou must choose a workflow with a target type that matches the target of the policy; otherwise, the workflow will fail. For example, if the selected workflow's target type is "VM", the workflow will fail if the policy targets a database. A workflow with a target type of All Types can be run on all service types.

Click Add Workflow to set up a new command workflow.

7.To send an alert to an SNMP trap listener if you have SNMP configured, enable Send Alert via SNMP.

8.Enable or clear the last check box to set whether you want to allow children of the targets to have their own instance of the policy.

If you enable this option, other instances of this policy can be applied to any infrastructure elements and VMs that are children of the parent infrastructure element you have selected (an override).

9.On the Summary page, the summary of your policy options appears.

If you have enabled the policy and as a result, any VMs are going to be immediately affected by it, vCommander displays the number of affected VMs.

To see what VMs are affected by the policy actions you selected, click Review, then click OK to return to the summary.

10.Click Finish to complete the configuration.

Your policy options are now set in vCommander.

Determining whether VMs inherit the approval state

Access through:

Configuration menu > Policies > Approval Inheritance tab

Available to:

vCommander Role of Superuser and Enterprise Administrator

When a VM is deployed from a template or cloned from another VM, the newly created VM automatically inherits the attributes that were applied to the parent template or VM or source template.

To make sure that newly cloned or deployed VMs automatically inherit the approval state of their parents, enable each rule.

If a parent VM or template is not approved, newly created VMs provisioned from the parents will automatically be set to non-approved.