You define deployment limit policies to control the amount of resources that deployments can consume when users deploy cloud templates in Cloud Assembly and request catalog items in Service Broker. The use cases in this procedure are an introduction to configuring deployment limit policies.

Deployment limits are applied to individual deployments for cloud templates or catalog items. If you want to limit resources at the user, project, or organization level, see How do I configure Service Broker resource quotas using policies.

As a cloud administrator, you can limit the total memory, CPU count, storage, and number of virtual machines that can be used per deployment. You can also limit memory, CPU count, and storage for specific resources in the deployment, for example, machines within a cloud template.

The limits apply to all deployments within the policy scope. You can use the policy criteria to narrow the scope to a specific deployment, in which case the policy applies to that deployment only.

How are deployment limit policies enforced?
  • When the policy is enforced, users can provision deployment resources within the specified limits.
  • Multiple deployment limit policies can be enforceable. If there are multiple policies defined for a deployment, the lowest limit value is enforced for each resource.
  • If there are resource quota policies and approval policies defined that affect the deployments within the policy scope, deployment limits are enforced before the other policy types.
  • If a deployment requests no resources, such as a workflow deployment, then the policy is not enforced on that deployment.
When are deployment limit policies applied?
  • A user requests a catalog item in Service Broker or a cloud template in Cloud Assembly.
  • A user changes a deployment or its component resources.
Deployment limit policy constraints
  • The storage value for some images is not calculated during allocation because the images do not contain any storage-related information. A default boot disk size of 8GB is allocated for storage for such images. The following table provides more information about what images contain boot disk capacity information for each cloud type.
    Cloud Type Boot disk capacity unavailable Boot disk capacity available
    Azure
    • Default images
    • Standard images

    The default boot disk size is 8GB.
    • Private images
    • Custom images
    AWS Instance store image disk sizes, including boot disk, are not counted.

    The default boot disk size is 8GB.
    • Public images
    • Private images
    GCP Public images
    vSphere
    • ova
    • ovf

    The default boot disk size is 8GB.

    Image disks are not counted.
    • VM Templates
    • Library item ova
    • Library item ovf

In this use case, there are three policy definitions that illustrate how you can construct deployment limit policies and the results when they are enforced.

Procedure

  1. Select Content and Policies > Policies > Definitions > New Policy > Deployment Limit Policy.
  2. Configure Deployment Limit Policy 1.
    As a cloud administrator, you want to limit the amount of resources that deployments across the organization can use.
    1. Define when the policy is valid.
      Setting Sample Value
      Scope Organization

      The policy is applied to all deployments in the organization.
      Criteria None
    2. Define the deployment limits.
      Resource Sample Limit Value
      CPU 200
      VM Count 3
      Memory 100GB
      Storage 240GB
    In this scenario, any deployment across the organization can use up to 200 CPUs, 3 virtual machines, 100GB of memory, and 240GB of storage in total.
  3. Configure Deployment Limit Policy 2.
    As a project administrator, you want to apply granular control over resources that are provisioned at the deployment level in a project that you manage.
    1. Define when the policy is valid.
      Setting Sample Value
      Scope Project = TestProj1

      This policy is applied to all deployments in the specified project.
      Criteria None
    2. Define the deployment limits.
      Resource Sample Limit Value
      CPU 15
      Memory 10GB
    In this scenario, the resources that are available for deployments within the scoped project are evaluated and both Policy 1 and Policy 2 are applied. In this case, the CPU and memory values are lower in Policy 2, so Policy 2 is enforced.
  4. Configure Deployment Limit Policy 3.
    As a cloud administrator, you want to control the amount of resources that are consumed when a specific cloud template is deployed by anyone in your organization. Additionally, you want to define limits for specific deployment resources within the cloud template.
    1. Define when the policy is valid.
      Setting Sample Value
      Scope Organization
      Criteria Cloud template equals Proj1Templ1

      This policy is applied to all deployments in the organization that are provisioned from the specified cloud template.
    2. Define the deployment limits.
      Resource Sample Limit Value
      CPU 15
      VM Count 10
      Memory 20GB
    3. Define the deployment resource limits.
      1. Define a limit for all deployments provisioned by developers in the organization.
        Setting Sample Value
        Name Depl Resource Limit 1
        Criteria 
        Tags has any 
    Key equals env 
    AND
    Value equals dev
        Limits

        CPU = 5

        Memory = 10GB

        Storage = 40GB
      2. Define limits for a machine in the cloud template.
        Setting Sample Value
        Name Depl Resource Limit 2
        Criteria 
        Resource Type equals Cloud.vSphere.Machine
        Limits

        CPU = 4

        Memory = 8GB
    In this scenario, you apply two levels of governance.
    1. When a user in your organization deploys the Proj1Templ1 cloud template, the resources that are available for the whole deployment are evaluated and all three existing policies are applied. The lowest deployment limits between the three policies are enforced.
      • The CPU limit value defined in Policy 3 is applied.
      • The VM Count limit value defined in Policy 1 is applied.
      • The Memory limit value defined in Policy 2 is applied.
    2. The requested deployment resources are evaluated against Depl Resource Limit 1 and Depl Resource Limit 2 and the deployment resource limits are applied. In this case, there are no other policies that limit these specific deployment resources.

What to do next