VMware Cloud Community
Czernobog
Expert
Expert
‎07-14-2015 01:04 AM

vRA 6.2 - Request an approval for a resource in an external business group

Hi,

sorry if the wording of the title is a bit off.

I have a NSX instance running withing my vRA environment. Each new provisioned VM is isolated within its business group, that is - VMs can communicate freely with other VMs within their business groups, but all business groups are isolated between each other.

What I want to do now is, to create a service (resource action based on a vRO workflow), which would allow users to set up communication on a given port between VMs in different business groups. If a VM owner wants his VM to communicate with a server from another business group, there should be an approval policy in place, that would ask a user (for example from the business manager group) from each of the affected business groups, to give an approval before the communication is allowed. Example:

  1. VM_A from Business Group A (BG_A) needs to communicate with VM_B from BG_B on port 443
  2. The owner of VM_A requests a resource action, where the:
    1. source VM is selected (VM_A)
    2. target VM is selected (VM_B)
    3. a network port is named (443)
  3. After the request is submitted:
    1. The business group manager of BG_A is notified and asked for an approval
    2. The business group manager of BG_B (where the target VM resides) is notified and asked for an approval
    3. After both of the above give the approval, the communication link is established

I can do all of the above up until 3. b. - I don't know yet how to trigger the approval policy in the target business group.

Assuming I have a resource action in place and it is backed by a ASD workflow, the "normal" way to set up an approval would be to create a new approval of the type Service Catalog - Resource Action Request, and set the Approvers to "Determine approvers from the request -> Business group -> managers". This way the managers of the group where the source VM resides would be notified, however I need a way to notify the managers of the target group as well.

So far I could not find a workflow in the library that comes with the vRA pluging in vRO.

I don't know if creating a new resource action is a good way to do this, since a resource action can be requested for one VM and I will have 2 at least (VM_A - VM_B). Maybe creating a new catalog item (ASD Service) is a better way, although I don't know if triggering a "double" approval, in the way I need it, would be possible that way.

Can anyone give me a tip on how to create such a service and if it is at all doable?

Tags (2)
0 Kudos
0 Replies