# 15 Resource Control
Resource Control allows users to stop and start Instances and RDS Databases for each Account during a week. It also allows users to stop the resources at a designated time in the future.
**Supported Resources**:
* **AWS** - Resource Control allows users to stop and start instances and RDS databases.
{% hint style="info" %}
**AWS** - RDS Aurora Clusters are *not* supported by Resource Control.
{% endhint %}
* **Azure** - Resource Control allows users to stop and start Virtual Machines.
**Basics**:
* A Group is the controlling entity for the stopping and starting of selected resources. Resource Control allows for stopping on one day of a week and starting on another day of the same week. Once an Off/On schedule is configured for a Group, N2W will automatically stop and start the selected resource targets.
* Resources that are eligible and enabled for hibernation in AWS/Azure will be hibernated regardless of whether their current operation is On or Off if their controlling Resource Control Group is enabled for hibernation. Hibernated instances (AWS) or Virtual Machines (Azure) are restarted by an On operation.
* For **AWS**: See [AWS hibernation prerequisites](https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/Hibernate.html#hibernating-prerequisites).
* For **Azure**: See [Azure hibernation prerequisites](https://learn.microsoft.com/en-us/azure/virtual-machines/hibernate-resume).
* For enabling hibernation in N2W, see the **Hibernate** description in section [15.1](#15-1-adding-a-resource-control-group).
* The stopping and starting of targets identified for each Group are independent of the backup schedule for an Account’s policy.
* It is possible to turn off resources for a long period of time even though the Group was never turned on.
* Ad hoc Off and On operations are available in addition to the Resource Control schedule.
* Off/On operations are not allowed for Groups with a **Status** of ‘disabled’.
{% hint style="warning" %}
N2W recommends that you not execute a stop or start operation on critical servers.
{% endhint %}
Following are **Resource Control** tabs in the left panel of the N2W user interface:
* **Resource Control Monitor** – Lists the current operational status of Groups under Resource Control. The **Log** lists the details of the most recent operation for a Group.
* **Resource Control Groups** – Use the Cloud buttons to select AWS or Azure resources. You can add and configure a Group: the account, the days, and off/on times, which Resource Targets are subject to the Group control, and other features. You can also delete a group and activate **Turn On Now** / **Turn Off Now** controls.
After configuring a group, you can add resources in the **Operation Targets** tab. See sections [15.2](#15-2-adding-resource-targets-to-a-group) and [15.3](#id-15-3-configuring-off-on-scheduler).
## 15.1 Adding a Resource Control Group
1. In the **Resource Control** **Groups** tab, select **New** and choose the required Cloud's Resource Control Group.
2. Complete the **Group Details** tab fields:
* **Name** – Only alphanumeric characters and the underscore allowed (no spaces).
* **Account** – Owner of the Group. Users are configured for a maximum number of Resource Control entities. See section [19.2](https://docs.n2ws.com/user-guide/19-n2ws-idp-integration#id-19-2-configuring-groups-and-group-permissions-on-the-n-2-ws-side).
{% hint style="info" %}
A Group may belong to only one Account.
{% endhint %}
* **Subscription (Azure only)** - The subscription from which to choose the controlled resources.
* **Enabled** – Whether the Group is enabled to run.
{% hint style="info" %}
Off/On operations are *not* allowed for Groups that are Disabled.
{% endhint %}
* **Operation Mode** – Two options for controlling operation:
* **Turn On/Off** – Turn Group on and off according to schedule.
* **Turn Off Only** – Turn off for an undefined long period of time without having to ever have the Group turned on.
* **Auto Target Removal** – Whether a target resource is automatically removed from the Group if the resource no longer exists in AWS.
* **Timeout (in minutes)** - How long will the operation wait in minutes until finished. Default is 30 minutes. Failure from exceeding the timeout does not necessarily mean that the operation of stopping or starting the resource has failed. The Log will show the run status for each resource.
* **Hibernate** **(if possible)** – Whether eligible instances will be hibernated. If enabled, only instances within the Group’s target resources that are eligible for hibernation by AWS will be hibernated. See *Info* on limitations below.
{% hint style="info" %}
If an enabled Group contains mixed types of resources, only some of which are eligible for hibernation, then the **Off** operation will ‘hibernate’ only the eligible resources, while the remaining resources will ‘stop’.
Select the ["Check Hibernation Limitations"](https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/Hibernate.html?icmpid=docs_ec2_console#hibernating-not-supported) link to view current AWS/Azure limitations on hibernating instances (AWS)/Virtual Machines (Azure). During resource creation, hibernation would have been enabled and encryption configured. If the resource is eligible and the Group is enabled, resources that are ‘stopped’ move to ‘hibernation’ state.
{% endhint %}
* **Description** – Optional description of the Resource Control Group function.
After adding a Group, select **Next** at the bottom of the screen, or select the **Operation Targets** tab to configure the **Operation Targets.** See section [15.2](#15-2-adding-resource-targets-to-a-group) for AWS and section [15.3](#id-15-3-configuring-off-on-scheduler) for Azure. After configuring the targets, schedule resource **Off/On** times (section [15.4](#id-15-3-configuring-off-on-scheduler-1)).
## 15.2 Adding Resource Targets to a Group in AWS
Instances and RDS Databases may be added to the Group.
{% hint style="info" %}
A Resource Target (Instance or RDS Database) may belong to only one Group.
{% endhint %}
* Eligible resources within a Group enabled for hibernation that have been stopped have a **Status** of ‘stopped-hibernation’.
* The **Status** column shows whether a target is ‘running’ or ‘stopped’.
1. Select the **Operation Targets** tab. In the **Add Backup Targets** menu, select a resource type to add to the Group.
{% hint style="danger" %}
It is important to *not* configure a critical server as part of a Group.
{% endhint %}
2. If you selected **Instances**, the **Add Instances** screen opens.
{% hint style="info" %}
The following instance types are omitted from **Add Instances** and *not* allowed to be part of a Group**:**
* CPM
* Instance-Store type
* Worker - See section [22](https://docs.n2ws.com/user-guide/22-configuring-workers).
{% endhint %}
3\. If you selected RDS Databases, the **Add RDS Databases** screen opens:
{% hint style="danger" %}
If an RDS database is stopped, a regularly scheduled backup will fail.
{% endhint %}
**In the relevant screen:**
1. Check the **Status** column to determine whether a resource is eligible for adding to the Group.
2. Select one or more resources, and then select **Add Selected**. Selected resources are removed from the table.
3. Continue until you are finished and select **Close** to return to the **Operations Targets** screen.
4. Select **Save** to save the **Operation Targets** selections.
## 15.3 Adding Resource Targets to a Group in Azure
{% hint style="warning" %}
It is important *not* to configure a critical server as part of a Group.
{% endhint %}
* A virtual machine may belong to only one Group.
* Within a Group enabled for hibernation, eligible resources that have been stopped have a Status of ‘Hibernated (deallocated)’.
* The Status column shows whether a target is ‘running’ or ‘stopped’.
**To add an Azure resource target:**
1. In the **Operation Targets** tab, select **Virtual Machines** in the **Add Targets** menu. The Add Virtual Machines screen opens.
2. Select a resource target.
## 15.4 Configuring Off/On Scheduler
Scheduling overlapping off and on time ranges is invalid. For example:
* A resource is turned off at 20:00 on Wednesday and turned on at 23:00 the same day.
* Then, an attempt to schedule the same resource to be turned off on Wednesday at 9:00 and turned off at 22:00 on Wednesday will result in an invalid input error.
1. Select **Next** to advance to the **Schedules** tab for the group.
2. Select **New** to open a default time range row ready for your changes.
3. In the time range row, select the **Turn Off Day** and **Time** and the **Turn On Day** and **Time** values from the drop-down lists, choosing **AM** or **PM** as required. After each time selection, select **Apply**.
4. To open another time range row, select **New**.
5. When finished creating the time ranges, select the required time range rows, and then select **Save**.
{% hint style="warning" %}
There must be 60 minutes between each operation for them to work.
{% endhint %}
## 15.5 Overriding a Resource Control Schedule
After creating the Group, you can initiate a stop or start action outside of the scheduled times by selecting the **Turn On Now** or **Turn OFF Now** in the **Resource Control** **Groups** tab.
## 15.6 Using Scan Tags with Resource Control (AWS Only)
Scan tags for Resource Control can be used to:
* Create a new Group based on an existing Group’s configuration.
* Add a resource to a Group.
* Remove a tagged or untagged resource from a Group.
The tag format is**`Key: cpm_resource_control`**with one of the following values:
* Value:` or :`
* If the value in `` equals ‘g1’, the resource will be added to the g1 group.
* The template `:` means, in the case of g1:g2:
* If g1 exists, add the resource to g1.
* Otherwise, create a new group g1 based on group g2, and add the resource to it.
* Value: **`no-resource-control`**- Remove the resource instance or RDS database from the Group whether it is tagged or not.
* Value: `` - Remove the tagged resource instance or RDS database from the Group.
## 15.7 Resource Control Reporting
Resource Control provides individual logs of off and on operations and a summary report of all operations.
The individual log contains timestamps for each step within the operation, from firing to completion, and is downloadable as a CSV file. To view individual logs, in the **Resource Control** **Monitor** tab, select a group and then select **Log**.
To download the individual log, select **Download Log**.
**To generate the summary log:**
1. Select the **Reports** tab in the left panel.
2. Select the **Immediate Report Generation** tab, and then select **AWS Resource Control Operations** or **Azure Resource Control Operations** in the **Report Type** list.
3. Complete the filter and time range boxes.
4. Select **Generate Report**. The report is automatically downloaded as a CSV file.
The Resource Control Operations Report contains information for all saved operations for all accounts.
In **AWS**, for each operation, the report contains:
* **Resource Control Operation ID** – A sequential number.
* **User** – User generating the report.
* **Account** – The N2W AWS account owner of the Resource Control Group.
* **AWS Account Number** – The AWS account number of the owner of the resources.
* **Resource Control Group** – The N2W Resource Control Group name.
* **Status** – Operation status.
* **Start Time** – Start date and time.
* **End Time** – End date and time.
* **Marked for Deletion** – Whether the resource is marked for deletion.
In **Azure**, for each operation, the report contains:
* **Resource Control Operation ID** – A sequential number.
* **Account** – The N2W Azure account owner of the Resource Control Group.
* **Azure Subscription ID** – The subscription ID of the owner of the resources.
* **Resource Control Group** – The N2W Resource Control Group name.
* **Status** – Operation status.
* **Start Time** – Start date and time.
* **End Time** – End date and time.
**Log** lists the details of the most recent operation for a Group.
**Turn On Now** / 
**Turn Off Now** controls.
**New** and choose the required Cloud's Resource Control Group.
2. Complete the **Group Details** tab fields:
* **Name** – Only alphanumeric characters and the underscore allowed (no spaces).
* **Account** – Owner of the Group. Users are configured for a maximum number of Resource Control entities. See section [19.2](https://docs.n2ws.com/user-guide/19-n2ws-idp-integration#id-19-2-configuring-groups-and-group-permissions-on-the-n-2-ws-side).
{% hint style="info" %}
A Group may belong to only one Account.
{% endhint %}
* **Subscription (Azure only)** - The subscription from which to choose the controlled resources.
* **Enabled** – Whether the Group is enabled to run.
{% hint style="info" %}
Off/On operations are *not* allowed for Groups that are Disabled.
{% endhint %}
* **Operation Mode** – Two options for controlling operation:
* **Turn On/Off** – Turn Group on and off according to schedule.
* **Turn Off Only** – Turn off for an undefined long period of time without having to ever have the Group turned on.
* **Auto Target Removal** – Whether a target resource is automatically removed from the Group if the resource no longer exists in AWS.
* **Timeout (in minutes)** - How long will the operation wait in minutes until finished. Default is 30 minutes. Failure from exceeding the timeout does not necessarily mean that the operation of stopping or starting the resource has failed. The Log will show the run status for each resource.
* **Hibernate** **(if possible)** – Whether eligible instances will be hibernated. If enabled, only instances within the Group’s target resources that are eligible for hibernation by AWS will be hibernated. See *Info* on limitations below.
{% hint style="info" %}
If an enabled Group contains mixed types of resources, only some of which are eligible for hibernation, then the **Off** operation will ‘hibernate’ only the eligible resources, while the remaining resources will ‘stop’.
Select the ["Check Hibernation Limitations"](https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/Hibernate.html?icmpid=docs_ec2_console#hibernating-not-supported) link to view current AWS/Azure limitations on hibernating instances (AWS)/Virtual Machines (Azure). During resource creation, hibernation would have been enabled and encryption configured. If the resource is eligible and the Group is enabled, resources that are ‘stopped’ move to ‘hibernation’ state.
{% endhint %}
* **Description** – Optional description of the Resource Control Group function.
After adding a Group, select **Next** at the bottom of the screen, or select the **Operation Targets** tab to configure the **Operation Targets.** See section [15.2](#15-2-adding-resource-targets-to-a-group) for AWS and section [15.3](#id-15-3-configuring-off-on-scheduler) for Azure. After configuring the targets, schedule resource **Off/On** times (section [15.4](#id-15-3-configuring-off-on-scheduler-1)).
## 15.2 Adding Resource Targets to a Group in AWS
Instances and RDS Databases may be added to the Group.
{% hint style="info" %}
A Resource Target (Instance or RDS Database) may belong to only one Group.
{% endhint %}
* Eligible resources within a Group enabled for hibernation that have been stopped have a **Status** of ‘stopped-hibernation’.
* The **Status** column shows whether a target is ‘running’ or ‘stopped’.
1. Select the **Operation Targets** tab. In the **Add Backup Targets** menu, select a resource type to add to the Group.
**Download Log**.
**To generate the summary log:**
1. Select the **Reports** tab in the left panel.
2. Select the **Immediate Report Generation** tab, and then select **AWS Resource Control Operations** or **Azure Resource Control Operations** in the **Report Type** list.
3. Complete the filter and time range boxes.
4. Select **Generate Report**. The report is automatically downloaded as a CSV file.
The Resource Control Operations Report contains information for all saved operations for all accounts.
In **AWS**, for each operation, the report contains:
* **Resource Control Operation ID** – A sequential number.
* **User** – User generating the report.
* **Account** – The N2W AWS account owner of the Resource Control Group.
* **AWS Account Number** – The AWS account number of the owner of the resources.
* **Resource Control Group** – The N2W Resource Control Group name.
* **Status** – Operation status.
* **Start Time** – Start date and time.
* **End Time** – End date and time.
* **Marked for Deletion** – Whether the resource is marked for deletion.
In **Azure**, for each operation, the report contains:
* **Resource Control Operation ID** – A sequential number.
* **Account** – The N2W Azure account owner of the Resource Control Group.
* **Azure Subscription ID** – The subscription ID of the owner of the resources.
* **Resource Control Group** – The N2W Resource Control Group name.
* **Status** – Operation status.
* **Start Time** – Start date and time.
* **End Time** – End date and time.