Workflow Concepts
| Table of Contents |
|---|
IP Assignment Lifecycle
In ProVision, the IP assignment lifecycle starts with an available block which is free to be assigned to any IPAM-enabled resource holder. There are multiple methods that may be used to assign a block to a resource holder: Smart Assign, Direct Assign, or Manual Assign (Smart Browse).
...
Peering
Initially, ASNs and Peering DB information will need to be entered into ProVision to enable Peering functionality. After that, Peering starts with designating Routers. Routers may be added from the "Add Router" button under the Peering Tab Routers sub-tab. Once a router has been created, Peer Groups may be added from the Router Details page or the Peer Group Gadget.
...
VLAN Manager
The VLAN Manager allows users to add domains and VLANs to their ProVision instance, and associate them with IP blocks. Customizable VLAN columns - including up to ten user-defined metadata columns - allow you to rename column headers, set the display order, select which columns are visible, and display your own information fields.
...
Editing Domains - including renaming, adding metadata, and deleting - may be performed from VLAN Advanced.
DHCP
The DHCP Workflow begins with adding DHCP Servers into ProVision and creating an additional DHCP Groups as needed.
...
- DHCP Tab
- Working with DHCP Groups
- Working with DHCP Pools
- Working with DHCP Gadgets
- DHCP Administration
- Working with DHCP Servers
DNS Workflow
DNS in ProVision revolves around Groups. Zones are gathered under Groups, servers attached to Groups, and pushes may be done on a per Group level. Thus, the first workflow step in DNS is to set up one or more DNS Groups. A "Default Group" is automatically provided, but other Groups may be desired to organize zones and default values.
...
- DNS Tab
- Working with DNS Groups
- Working with DNS Zones - Common Tasks
- DNS Administration
- Working with DNS Servers
- Import DNS Zones
Approvals Workflows
...
- Setup
The high level process to use when first setting up approvals is as follows:
Review User Groups and Approval Process Needs
...
Step 1 - Review Existing User Groups and Process Needs
When setting up Approvals for the first time, review the information in the previous section under "Approvals Fundamentals" to ensure a basic understanding of how Policies, Actions, and User Groups relate together in Approvals.
Then, take a few minutes to think about the following questions to get a better sense of how to use Approvals with your specific organization
...
. Once your User Groups are optimized for use with Approvals, you may want to write down a quick note on which Action Types and policies are planned for each group.
| Expand | ||
|---|---|---|
|
...
Who are the users that perform DNS / DHCP tasks, and at what level? Affects which users should be included in what User Groups What User Group(s) are they in? Approvals settings are applied to the User Group, not individuals - ensure users with similar oversight needs are grouped together What actions made by a certain user group should be automatically denied, if any? Assign the "Deny Action" policy to that Action/User Group combination What actions made by a certain user group should require oversight (admin approval / rejection)? Assign "Approve Action" to that Action/User Group combination Who is the admin / User Group that will make the final approval on a change? Ensure the approver(s) is in a User Group with the "Approve Action" policy assigned for the actions requiring approval Should any changes require multiple admins / User Groups to approve it in order to execute? A single user from every group assigned with "Approve Action" must approve the action for it to succeed If two admins are required to both separately agree on a change, they should be under two separate User Groups assigned "Approve Action" What User Groups would need to receive email Approval Status notifications, and on what type of actions? Affects whether to enable notifications and set up the scheduler task to send the notifications, and to what User Groups. When enabled, all users of the relevant group(s) will receive the email |
...
Once your User Groups are optimized for use with Approvals, you may want to write down a quick note on which Action Types and policies are planned for each group.
Edit User Groups / Create Approvals-Specific User Groups, if needed
...
(s) |
Step 2 - Add or Edit User Groups
From here, depending on the answers to the questions in step 1, you may need to do one or more of the following from the Users tab:
- Edit existing User Groups to add or remove users, in order to combine users who will need similar action types approved.
- Verify the User Groups have appropriate CRUD permissions set to perform the action(s) to be approved (e.g, you may have previously removed "Create" permissions for a group, but if the intent is now for those users to have "Add" actions approved by an Admin, the submitter will need User Group resource "Create" permissions back!)
- Create new User Groups specifically for use with Approvals (recommended)
- Associate users with different, or additional User Groups (remember - users can be associated with multiple groups!)
For more information on adding and editing User Groups, see Users & Permissions, Global Permissions, and Working with Users.
...
Assign Action and Policy Settings to User Groups
...
Step 3 - Assign Approval Action and Policy Settings to User Groups
From the Approvals Tab, navigate to the Permission Groups sub-tab.
| Expand |
|---|
Then, under the Groups page tab, find the User Group you wish to want to assign a policy to and click "Assign".
Clicking the "Assign" button for a group brings up a checklist to select what policy to apply to the group for what Family and Actions (i.e. DNS Zone 'Add' or DNS Group 'Update'). Select either "Deny Action", "Submit Action", or "Approve Action" under Policy. Once a policy is selected, you can "quick-select" all actions for a DNS Family (Severs, Groups, Zones, Records) or DHCP Family (Servers, Groups, Pools, Reservations) by clicking the checkbox next to the family name, or only select individual action types for each Family.
When done, Click "Assign", and repeat as needed for other Policy types or User Groups. |
If using Approvals notifications, enable notifications for the appropriate Permissions Group(s)
...
Step 4 - Enable Notifications for the Approvals Permission Groups (Optional)
From
...
the Approvals Tab, navigate to the Permission Groups sub-tab Groups page tab.
| Expand |
|---|
Click on the group name for which you want to set notifications - the Group Permissions Detail page will provide additional information on the group's settings.
For any Family/Action that you want to enable notifications, click the checkbox under "Enable Notifications". All users of that group will get email notifications when a change of the selected type(s) are made. |
Step 5 - Add Scheduler Task: "Approvals - Process Subscription"
If using Approvals notifications, set up a Scheduler task for "Approvals - Process Subscription"
...
.
The "Approvals - Process Subscription" task processes approval request events and handles the sending of notification emails to subscribed Approvals Groups - this task must be created and running on a regular interval in order for Approval Notification emails to be sent.
In order to receive the most up to date information in the Approval Notifications, is recommended to create this task with a run time of "every 5 minutes" and no end date.
For information on setting up Scheduler Tasks, see Scheduler.
Set up a Scheduler Task for "Approvals - Delete events older than 1 month", to occasionally clear out old and obsolete Approval request events
...
Step 6 - Add Scheduler Task: "Approvals - Delete events older than 1 month"
The "Approvals - Delete events older than 1 month" task deletes any Approvals history events older than 30 days.
It is recommended to set this task to run monthly with no end date, to clear out obsolete approvals items, reduce data storage space needs, and reduce approvals page load time.
For information on setting up Scheduler Tasks, see Scheduler.
Daily Use
On a day-to-day basis after initial setup, an Approvals Workflow will be similar to the following (with "Submitter" as the user whose actions require approval, and "Approver" as the admin with the ability to approve/reject the change):
- Submitter makes an action (either by action type or DNS Family) that requires approval
- Submitter is notified that their action is pending approval
The requested change is sent to the Approvals Tab Pending Approvals list, and also to the DNS Resources Awaiting Approval module (the submitter may see their own submitted action under "Resources awaiting approval", but only Approvers can take approve/reject actions)
Expand title Pending Approvals List... The Pending Approvals list is under the Approvals Tab. It shows Approvals events (change requests) for which the user has the ability to Approve or Deny - it does not show approval requests for all of ProVision or those for other users.
Expand title Resource Awaiting Approval Module... A "Resources Awaiting Approval" module will display in selected DNS / DHCP pages to Users with Admin / Approval permissions, if a change has been submitted on that page that is pending approval by the User's Approval Group.
The Approver reviews the change in either their Approvals Tab Pending Approvals list, or the Resources Awaiting Approval module, and chooses to Approve or Reject the change:
Expand 
- If Approved, and no other groups need to approve it, then the change executes and is saved. A status change notification email is sent, if enabled.
- If Approved, and is waiting approval from an additional User Group, the change continues to be held as Pending, until the other group responds (Both groups must "Approve" for the change to execute). A status change notification email is sent, if enabled, stating that the change is awaiting another Group.
- If Rejected, the change is not executed. A status change notification email is sent, if enabled.
Example Notification Email:
Additional Information
See the following areas for more information on Approvals: