vRealize Operations Policies Demystified: Definitions

Policies and custom groups are the most critical features in vRealize Operations. They are simply indispensable to set up a customized working monitoring environment in your shop, yet they are the feature that is most ignored or misunderstood. If you install vROps out of the box it analyzes your environment with its dynamic thresholding capabilities and smart alerts, but it is not customized to your needs. At installation you answer a number of questions through an installation wizard (see further in this article) for some basic settings that apply to your whole environment. This process was created in version 6 precisely to help people use policies! And still we ignore it…

In a previous blog post I wrote about custom groups, in this new series of articles I will explain policies in a way that you will want to keep a hard copy under your pillow… In this first installment we will introduce policies. In a next posting I will show you how to create policies and work on some use cases.

In the old vCenter Operations Manager (v5.x) VMware introduced policy with v5.3, I think. It made the product suddenly useful for customers using capacity planning. A policy was kind of a configuration file, mostly for capacity calculations. You could have more than one policy – in fact VMware shipped some examples – and you could associate a policy with a custom group. In this way you could make a ‘production’ group for example, with very strict capacity settings and warnings, and a ‘test/dev’ group with relaxed settings.

A lot of people (me included) were confused when VMware extended policies in v6.0 to incorporate metrics and smart alerts. It is not simple to understand, but vital to create your own monitoring environment with least effort to operate. So I made it my noble task to reveal to you all mysteries of policies as I know them… Here we go!

What is a policy? According to the definition it is a ‘Mechanism to analyze and display data’. Great. What can we do with it? You can:

• Configure the product analytics and thresholds.
• Prioritize policies so that the most important rules override the defaults.
• enable/disable alerts and symptoms.
• Define metrics to collect, KPIs.
• Define workload automation.
• Define custom workloads for capacity calculations.

As you install more extensions or management packs in vRealize Operations, it becomes critical to control some of the alerts and metrics defined there. With the new True Visibility Suite licensing model at Blue Medora, you can install all management packs for your infrastructure in one go: Cisco UCS, Dell, HP or Lenovo servers, Cisco Nexus switches, F5 Big-IP and so on. Some management packs in the connector suite transfer data from other management tools such as Oracle Enterprise Manager or Microsoft SCOM and have a potential to add thousands of metrics and alerts. You need to control your environment!

Let’s start with an overview of where our policies live in vROps. In Administration, Policies you will find two tabs: ‘Active Policies’ and ‘Policy Library’. ‘Policy Library’ is a repository of standard policies delivered with vROps, policies installed with management packs and policies created by a user or the installation wizard.

Figure 1: Policy library in vROps.

In figure 1 you will notice some of the default VMware policies, some installed by Blue Medora and a Default Policy with a date stamp (highlighted). The Default Policy (without date) is the base policy in vROps for all objects. The one with a date stamp is the one created through the installation wizard. When you click on a policy it will show you some useful info:

• Priority: If an object belongs to more than one custom group with different policies, the priority becomes important. It will determine which settings take effect. They are simply numbered and a ‘D’ signifies the default policy.
• The number of groups and objects this policy is associated with (handy to know what your impact is if you change anything…). The ‘Related Objects’ tab will show you the objects.
• The ‘Locally Defined Settings’ show you what settings are defined and enabled through the policy. This is useful since we will see that policies can be ‘stacked’. You might want to see precisely what is changed in a policy.
• The complete settings give you a view on all settings in the policy, including the ones inherited from other policies. You can expand sections here to see the details.

The toolbar gives you all the actions to create, delete, export and import policies. Also note that the nice folks at VMware included a vSphere 5.5 hardening policy here. This policy can be used in compliance to check your whole environment for critical security settings! Use it!

The ‘Active Policies’ tab will show you which of the policies are actually active at that point in time, with priority and associated groups. This allows you to see what settings are active at any given time.  Figure 2 corresponds to a newly installed vROps, where only the default policy from the installation wizard is active. The details pane at the bottom is identical to the library.

Figure 2: Active Policy panel.

In the next post we will take a detailed look at creating new policies. Until then!

Reference:
For this blog post I brought together material from my own experience and following resources:

• Book: “VMware vRealize Operations Essentials”, Matt Steiner. Available on Safari Booksonline or Pakt Publishing.
• book: “Mastering vRealize Operations Manager”, Scott Norris, Christopher Slater. Available on Safari Booksonline or Pakt Publishing.
• Blog: vXpress: Part 8 : Exploring Policies in vRealize Operations Manager 6.0.
• Blog: Using vRealize Operations Policies to Disable Alerts on Certain Objects – VMware Cloud Management.
• Blog: Elastic Sky Labs: vRealize Operations 6.1 Policies