Resource quota policies control the amount of resources that are available to your users. You define resource quota policies so that you limit the resources that can be consumed by each user, project, or the organization. The use cases in this procedure are an introduction to resource quota policies.
If you do not have any resource quota policies defined, then no governance is applied and users can consume resources until all available resources are used up.
As a cloud administrator, you can create one or more resource quota policies and apply them, for example, at the organization level. As users across the organization request deploy resources, resource quota policies track the consumption of resources to ensure that new deployment requests do not exceed the resource limits defined in the policies.
Defining the policy scope
- If the policy scope is organization, then all resources in your organization are managed based on the defined policies.
- If the policy scope is multiple projects, then the resources that are associated with the specified projects are managed based on the defined policy.
- If the policy scope is a single project, then the resources that are associated with that project are managed based on the defined policy. Other projects are not affected.
Defining scope level limits
When defining resource quotas, you must specify scope level limits for each resource. Level limits provide additional resource governance. For example, if you want to apply a resource quota policy to the whole organization, you can set the scope level to organization limits, or you can define limits for a smaller segment, such as projects or users within that organization.
You can set only one limit for a resource type per scope level in the same policy. For example, you can set a resource quota for storage consumption at the organization level and per user in the same policy. You cannot define two storage quotas at the organization level in the same policy.
Resource quota limits are dependent on the broad policy scope. If you change the scope after you define the resource quota limits, the resource quota settings are deleted and you must start over.
| Option | Description | Available at these policy scope levels |
|---|---|---|
| Organization Limits | Limits the amount of resources that are available for consumption at the organization level. Resource quotas with organization limits are distributed among all users or all projects in the organization. |
|
| Organization User Limits | Limits the total amount of resources that each user can consume within the organization. |
|
| Projects Limits | Limits the amount of resources that are available for consumption at the project level. Resource quotas with project limits are distributed among all users in the specified projects. Project limits are not cumulative. If the policy scope is set to multiple projects, the resource limits are applied per project. |
|
| Projects User Limits | Limits the total amount of resources that each user who belongs to the specified projects can consume at the project level. |
|
How are resource quota policies enforced
- Multiple resource quota policies might be enforceable. The resource quota policies are evaluated, and an enforced policy is applied to the deployment request. When there are multiple policies defined for a resource at the same scope level, the resource quota with the lowest limit value is enforced. The use case in this procedure provides more information about how resource quotas are processed.
- When a resource quota policy is enforced, all existing deployment resources are evaluated against the resource quota, except for deployment requests that are in-progress. Resource use is updated after the deployment request is completed, so in-progress requests are not included in the evaluation.
- When deploying cloud templates, resource quota policies allow over-provisioning of storage because the system does not know the actual storage size of the deployment before the machine is provisioned in the endpoint. After the resource use is updated and the system recognizes that the provisioning resources exceed the resource quota limit, the policy does not allow any subsequent requests.
- Resource quota policies are enforced on the following day 2 actions: Add Disk, Change Owner, Change Project, Resize Machine, Resize Boot Disk, Resize Disk, Update Deployment.
- Resource quota policies support only VMware vSphere, Amazon Web Services, Microsoft Azure and Google Cloud Platform resources created from cloud templates.
When are resource quota policies applied
- A user requests a catalog item in Automation Service Broker or a cloud template in Automation Assembler.
- A user changes a deployment or its component resources.
- When you create a new policy or update an existing policy, the system can take up to two minutes to apply the changes. For example, if you create a new deployment within two minutes of updating a policy, the policy updates might not apply to the deployment request.
Procedure
In this use case, there are three policy definitions that illustrate how you can construct resource quota policies and the results when they are enforced.
- Select .
- Configure Resource Quota Policy 1.
As a cloud administrator, you want to control how resources are distributed among users and projects in the organization that you administer.
- Define when the policy is valid.
Setting Sample Value Scope Organization This policy is applied to the whole organization.
- Define the resource quotas.
Scope Level Resource and Limit Organization Limits CPU = 2000 Organization User Limits CPU = 10 Project Limits CPU = 200 Project User Limits CPU = 5
In this scenario, the total amount that is available for consumption among all users in the organization is 2000 CPU and the total amount that is available per project is 200 CPU. Each user can use up to 5 CPU in each project that they belong to, but no more than 10 CPU, combined across all their deployments. Once a scope level limits is reached, any new deployment request that exceeds this limit fails.
- Define when the policy is valid.
- Configure Resource Quota Policy 2.
As a project administrator, you want to control how resources are distributed among developers in several projects that you administer.
- Define when the policy is valid.
Setting Sample Value Scope Multiple Projects
Define the project criteria. For example,
Project name contains dev
This policy is applied only to projects whose name contains the phrase dev.
- Define the resource quotas.
Scope Level Resource and Limit Project Limits CPU = 100 Project User Limits CPU = 10
In this scenario, the resources that are available at each scope level are evaluated and both Policy 1 and Policy 2 are enforced. Between the two policies, the lowest limits are applied.- Projects user limits in Policy 1 are applied because the defined value is lower than in Policy 2.
- Project limits in Policy 2 are applied because the defined value is lower than in Policy 1.
- Organization level limits defined in Policy 1 also apply to the projects specified in the scope of Policy 2.
- Define when the policy is valid.
- Configure Resource Quota Policy 3.
As a cloud administrator, you want to distribute resources at the project and organization level evenly among users.
- Define when the policy is valid.
Setting Sample Value Scope Organization
This policy is applied to the whole organization.
- Define the resource quotas.
In this scenario, the resources that are available at each scope level are evaluated and all three policies are enforced. Again, the lowest scope level limits between the three policies are applied.Scope Level Resource and Limit Organization Limits CPU = 1000 Organization User Limits CPU = 50 Project User Limits CPU = 3 - Projects User Limits in Policy 3 are applied because the defined value is lower than in Policy 1 and Policy 2.
- Organization User Limits in Policy 3 are not applied. Instead, the limit defined in Policy 1 is applied because the value is lower.
- Organization level limits defined in Policy 3 are applied because the value is lower than in Policy 1.
- Define when the policy is valid.
Summary
Based on the configuration examples above, the following diagram summarizes how resource quotas across multiple policies are applied.
What to do next
- For more examples of how other policies are processed and enforced, see How are Automation Service Broker policies processed.
- Configure policies that are relevant to your organizations and projects.
- Monitor provisioned resources on the My Resource Usage dashboard. See Learn more about the Automation Service Broker catalog items.
