Resource quota policies control the amount of resources that are available to your users. You define resource quota policies so that you limit the resources that can be consumed by each user, project, or the organization. The use cases in this procedure are an introduction to resource quota policies.

If you do not have any resource quota policies defined, then no governance is applied and users can consume resources until all available resources are used up.

As a cloud administrator, you can create one or more resource quota policies and apply them, for example, at the organization level. As users across the organization request deploy resources, resource quota policies track the consumption of resources to ensure that new deployment requests do not exceed the resource limits defined in the policies.

As you create your policies, you must configure policy scope. The scope determines whether the policy is applied to resources at the organization or project level. For more information about policy scope, see How do I configure scope in vRealize Automation Service Broker policies.
  • If the policy scope is organization, then all resources in your organization are managed based on the defined policies.
  • If the policy scope is multiple projects, then the resources that are associated with the specified projects are managed based on the defined policy.
  • If the policy scope is a single project, then the resources that are associated with that project are managed based on the defined policy. Other projects are not affected.

When defining resource quotas, you must specify scope level limits for each resource. Level limits provide additional resource governance. For example, if you want to apply a resource quota policy to the whole organization, you can set the scope level to organization limits, or you can define limits for a smaller segment, such as projects or users within that organization.

You can set only one limit for a resource type per scope level in the same policy. For example, you can set a resource quota for storage consumption at the organization level and per user in the same policy. You cannot define two storage quotas at the organization level in the same policy.

Resource quota limits are dependent on the broad policy scope. If you change the scope after you define the resource quota limits, the resource quota settings are deleted and you must start over.

The scope level drop-down menu includes the following options.
Option Description Available at these policy scope levels
Organization Limits

Limits the amount of resources that are available for consumption at the organization level.

Resource quotas with organization limits are distributed among all users or all projects in the organization.

  • Organization
Organization User Limits Limits the total amount of resources that each user can consume within the organization.
  • Organization
Projects Limits

Limits the amount of resources that are available for consumption at the project level.

Resource quotas with project limits are distributed among all users in the specified projects.

Project limits are not cumulative. If the policy scope is set to multiple projects, the resource limits are applied per project.

  • Organization
  • Multiple projects
  • Project
Projects User Limits Limits the total amount of resources that each user who belongs to the specified projects can consume at the project level.
  • Organization
  • Multiple projects
  • Project
How are resource quota policies enforced?
  • Multiple resource quota policies might be enforceable. The resource quota policies are evaluated, and an enforced policy is applied to the deployment request. When there are multiple policies defined for a resource at the same scope level, the resource quota with the lowest limit value is enforced. The use case in this procedure provides more information about how resource quotas are processed.
  • When a resource quota policy is enforced, all existing deployment resources are evaluated against the resource quota, except for deployment requests that are in-progress. Resource usage is updated after the deployment request is completed, so in-progress requests are not included in the evaluation.
  • Concurrent deployment requests are not supported in resource quota policy enforcement. For example, a resource quota policy allows 15 GB of memory per user. A user triggers two concurrent deployment requests, each consuming 10 GB of memory. The policy allows both requests because at the time of requesting the deployments the user does not consume any memory and each request meets user level limit of 15 GB. After the requests are completed, resource usage is updated to reflect the two requests. If the user then creates a third deployment request, that request fails because no available resources are left.
  • When deploying cloud templates, resource quota policies allow over-provisioning of storage because the system does not know the actual storage size of the deployment before the machine is provisioned in the endpoint. Similarly to concurrent requests, after the resource usage is updated and the system recognizes that the provisioning resources exceed the resource quota limit, the policy does not allow any subsequent requests.
  • Resource quota policies are enforced on the following day 2 actions: Add Disk, Change Owner, Change Project, Resize Machine, Resize Boot Disk, Resize Disk, Update Deployment.
  • Resource quota policies support only VMware vSphere, Amazon Web Services, Microsoft Azure and Google Cloud Platform resources created from cloud templates.
Resource quota policies are applied when:
  • A user requests a catalog item in vRealize Automation Service Broker or a cloud template in vRealize Automation Cloud Assembly.
  • A user changes a deployment or its component resources.
  • When you create a new policy or update an existing policy, the system can take up to two minutes to apply the changes. For example, if you create a new deployment within two minutes of updating a policy, the policy updates might not apply to the deployment request.

In this use case, there are three policy definitions that illustrate how you can construct resource quota policies and the results when they are enforced.

Procedure

  1. Select Content and Policies > Policies > Definitions > New Policy > Resource Quota Policy.
  2. Configure Resource Quota Policy 1.
    As a cloud administrator, you want to control how resources are distributed among users and projects in the organization that you administer.
    1. Define when the policy is valid.
      Setting Sample Value
      Scope Organization

      This policy is applied to the whole organization.

    2. Define the resource quotas.
      Scope Level Resource and Limit
      Organization Limits CPU = 2000
      Organization User Limits CPU = 10
      Project Limits CPU = 200
      Project User Limits CPU = 5
    In this scenario, the total amount that is available for consumption among all users in the organization is 2000 CPU and the total amount that is available per project is 200 CPU. Each user can use up to 5 CPU in each project that they belong to, but no more than 10 CPU, combined across all their deployments. Once a scope level limits is reached, any new deployment request that exceeds this limit fails.
  3. Configure Resource Quota Policy 2.
    As a project administrator, you want to control how resources are distributed among developers in several projects that you administer.
    1. Define when the policy is valid.
      Setting Sample Value
      Scope

      Multiple Projects

      Define the project criteria. For example,

      Project name contains dev

      This policy is applied only to projects whose name contains the phrase dev.

    2. Define the resource quotas.
      Scope Level Resource and Limit
      Project Limits CPU = 100
      Project User Limits CPU = 10
    In this scenario, the resources that are available at each scope level are evaluated and both Policy 1 and Policy 2 are enforced. Between the two policies, the lowest limits are applied.
    • Projects user limits in Policy 1 are applied because the defined value is lower than in Policy 2.
    • Project limits in Policy 2 are applied because the defined value is lower than in Policy 1.
    • Organization level limits defined in Policy 1 also apply to the projects specified in the scope of Policy 2.
  4. Configure Resource Quota Policy 3.
    As a cloud administrator, you want to distribute resources at the project and organization level evenly among users.
    1. Define when the policy is valid.
      Setting Sample Value
      Scope

      Organization

      This policy is applied to the whole organization.

    2. Define the resource quotas.
      Scope Level Resource and Limit
      Organization Limits CPU = 1000
      Organization User Limits CPU = 50
      Project User Limits CPU = 3
      In this scenario, the resources that are available at each scope level are evaluated and all three policies are enforced. Again, the lowest scope level limits between the three policies are applied.
      • Projects User Limits in Policy 3 are applied because the defined value is lower than in Policy 1 and Policy 2.
      • Organization User Limits in Policy 3 are not applied. Instead, the limit defined in Policy 1 is applied because the value is lower.
      • Organization level limits defined in Policy 3 are applied because the value is lower than in Policy 1.
    Based on the configuration examples above, the following diagram summarizes how resource quotas across multiple policies are applied.

    Example of how multiple resource quota policies are applied at different scope levels.

What to do next