You use policies to manage and process your deployments. They are a set of rules or parameters that are applied to resources, freeing the cloud administrator for other tasks. Policy governance can be applied to the organization or to individual projects.

To begin creating policies, select Content and Polices > Policies > Definitions.

Getting started with lease policies

If you are just getting started with policies, start with one lease policy at the organization level. The lease sets the expiration date on a deployment. When a lease expires and the user no longer needs it, the deployment is destroyed and resources are reclaimed without any additional action by the cloud administrator.

When a single policy no longer meets the needs of your various teams, you can create more lease policies that are evaluated based on ranking. Before adding more lease policies, ensure that you understand how policies are processed and how the process works with your management goals.

How policies are processed

When a user, who is a member of a project, requests a blueprint, there might be more than one policy that applies. The policies are evaluated, ranked, and, where applicable, merged to produce an effective policy. An effective policy produces the intended results but is not always a specific named policy.

Ranking order diagram for policy processing

To evaluate the policies, the system first identifies and ranks policies.

  1. Are there any hard policies at either the organization and project level. If there are hard and soft policies, then only the hard policies are considered and ranked. If there are only soft policies, then the soft policies are ranked.

  2. The ranking of all hard or all soft policies is ordered by scope, with organizational policies having a higher rank than project policies.

  3. The final discriminating characteristic is the creation date, with older dates be ranked higher than newer dates.

Example of how policies are ranked

After identifying the policies to be considered and ranking them, the policies are then evaluated to identify the merge order.

  1. The highest ranking policy becomes the baseline. The second-level policy is applied on top of it, and so on.

  2. If a policy is incompatible with the preceding policies, then it is discarded from consideration. For example, the values are higher they the preceding policies.

  3. Any policy that is discarded is marked as ineffective.

Example of how a ranked policy is processed and merged.

Rather than applying one policy and excluding all the others above, the policies are merged and might include values from more than one individual policy.

In this example, the merging process excludes Policy 2 from consideration because the values are higher than Policy 1.

Next, Policy 3 is evaluated against Policy 1. The Lease and Total Lease values in Policy 3 are lower than Policy 1, so those values, along with the Grace period, become part of the effective policy.

Policy management goal considerations

Now that you know how policies are processed, identify your policy management goals. By understanding how the policies are processed, you can meet your management goals without creating an excessive and unmanageable number of policies.

When deciding how to implement your policies, consider the following scenarios. The lease policy is used as the example.

Table 1. Policy goals and enforcement examples

Management goal

Configuration Example

Behavior

Meaningful default organization-level policy that still allows the project-level policy values to influence the applied values.

Organization policy = Soft

  • Grace period: 10

  • Lease: 100

  • Total Lease: 100

Project 1 policy 1= Soft

  • Lease: 20

  • Total Lease: 50

Project 2 policy 1= Soft

  • Lease: 10

  • Total Lease: 30

A member of project 1 requests a catalog item.

Project 2 is not considered because the it is not applicable to project 1 deployments.

The merged effective policy is:

  • Grace period: 10

  • Lease: 20

  • Total Lease: 100

Always default to the organization-level policy.

Organization policy = Hard

  • Grace period: 10

  • Lease: 100

  • Total Lease: 100

Project 1 policy 1= Soft

  • Lease: 20

  • Total Lease: 50

A member of project 1 requests a catalog item.

Project 1 policy 1 is not considered because the hard organization level project is a higher rank and the soft policy is not considered.

The effective policy is:

  • Grace period: 10

  • Lease: 100

  • Total Lease: 100

All policies are defined at the project-level, with no organization-level default policy.

Project 1 policy 1 = Soft

  • Grace period: 10

  • Lease: 100

  • Total Lease: 100

Project 1 policy 2= Soft

  • Lease: 20

A member of project 1 requests a catalog item.

They are both soft policies, and they are both for project 1. The values are merged.

The effective policy is:

  • Grace period: 10

  • Lease: 20

  • Total Lease: 100