CloudCenter 4.8 has reached End of Life (EOL) as of November 14, 2018. See End of Support Notices for additional context.

Configure Google Cloud

Be aware that these screen captures may change based on the Google Cloud platform changes. They are provided in this section as a point of reference.

Prerequisites

Before mapping a Google cloud on the CloudCenter platform, verify the following Google requirements:

  • A valid Google Cloud Platform account with Project Owner permissions

  • If using the Shared VPC network feature, you also required Shared VPC Admin permissions (see https://cloud.google.com/vpc/docs/provisioning-shared-vpc for additional context).

  • The CloudCenter platform appends the network name with an unique ID to form the firewall rule name, the network name can be a maximum of 24 (network name) + 39 (unique ID) = 63 total characters. For example: abcdefghijklmnopqrstuvwx-c3f-462828f37a06acd3ee194716bfe10de0

  • Enable the following APIs for each Google cloud account where you will be adding to CloudCenter platform:

    • Google Compute Engine API

    • Google Cloud Resource Manager API

    The following image depicts the Google portal to enabled APIs:

  • Launch the CCO in the same cloud region as the Google cloud and create an Instance in the Google cloud on the Google Cloud Platform console:

    • Select CentOS7 as the OS image in the Boot Disk field and increase the Size of the disk as required (see Phase 1: Prepare InfrastructureHardware Requirements for additional context).

    • Access the newly-created instance and edit it to add Custom metadata.

      Google Instances are identified by their instanceName, projectId, and zone in a CloudCenter configuration.

      • The nodeId is used for the instanceName

      • The instance metadata contains the projectId, zone, and vmId.

      The vmId is a unique identifier but it is not used for any VM operation, just for the metadata purposes. See VM Management  for additional context.

       Custom Metadata Details

      Add the sourceImageKey and provide any name.

    • Navigate to the following screen on the Google Cloud Platform:

      • Name: Provide any name as required.

      • Network: Default (CloudCenter does not support Custom networks in this field).

      • Source IP ranges: 0.0.0.0/0 (this is an example, be sure to provide secure IP ranges as required by your environment).

      • Allowed protocols and ports: tcp:80;tcp:443 (this is an example, be sure to provide the ports and protocols for your environment).

      • Target Tags: This field is REQUIRED for CloudCenter configurations. If you are launching the CCO instance, add cco as the tag.

      • Create the newly created firewall rule and ensure that it is added to the list:


    • In the Compute Engine Dashboard, access the VM instance that you launched and apply the firewall rule tag (in this example cco) to this VM Instance.
          

    • GCP Project ID: This is the project ID associated with the account used to log into GCP.

      Effective CloudCenter 4.8.1

      The Project ID for Google Cloud account setting is optional.

      The Project ID selected in the cloud settings section of the Deploy form is where the VM is deployed.


      The CloudCenter platform additionally supports Google's beta Shared VPC feature where you can share multiple projects across the same network. The typical use case for the Shared VPC support is multiple departments having their own projects across the same network. In this use case, one department creates the Shared VPC Host Project and network and then shares the network with the other departments (Shared VPC Service Projects).

      • The following is an example of a Shared VPC projects:

        • The following image depicts a Shared VPC host project and the orange rectangle highlights the shared networks:

        • The following image depicts a the Service projects that are attached to the host project.

        • The following image depicts a service project with the shared network:
           

        • The service projects must display the shared subnetworks.

    • GCP Service Account Email Address: The email address for the Service account associated with this project.

       Retrieve Email Address

      To retrieve this email address, follow this procedure:

      • Navigate to the Google Cloud Platform's Manage project settings screen.

      • In the IAM & Admin section locate the required Service Account name.

      • If you do not have an existing Service account, create it now (when you select a role for this account, select Owner, to ensure that you have full access to all resources):

      • Identify the Service account ID as highlighted in the following image. This Service account ID is required for the GCP Service Account Email Address field in the CCM UI.

    • GCP Service Account PK Filename: Create a new key at this point and copy it as this key is never displayed again. This new name for the P12 file is required for the GCP Service Account PK Filename field in the CCM UI.

       GCP Service Account PK Filename Reference
      • From the IAM & Admin page, locate the Service account that you configured above:

      • Retrieve the key if it is already created. If it is not created, click the icon corresponding to this Service account ID and select the Create Key option:

      • Change the file format for this key to P12 and create the file for this private key.

      • Note the name that was automatically assigned for this file. If you do not note it down, you may need to create a new key.

      • Change the name of this file in your download location to ensure easy reference:

    • Based on the above prerequisites, note the following details and have them handy to enter into the CCM UI as specified during the Configuration Process identified below–these details will differ based on the project being a single project or a Shared VPC project:

      • The GCP Email Address (the email used to log into GCP)

      • The GCP Service Account Email Address (the Service account ID for this project)

        If you use shared networks from the Shared VPC host project, be sure to add the following Google-specific roles to the service account on the Shared VPC host project: Compute Security Admin role and Compute Network User role. Both roles are mandatory.

      • The GCP Project ID for this account (the Project ID for this account)

      • The GCP Service Account PK Filename (the downloaded key file name)

Configuration Process

To configure the logical mapping for a Google cloud, follow this procedure.

  1. Access the CCM UI > Admin > Clouds > Add Cloud in the CCM UI main menu.

  2. Select the Google Cloud Platform option, provide a Name and Description for this cloud, and click Save.

  3. Locate the newly-added cloud and click the Add Cloud Account link. The Add Cloud Account pop-up displays:

    1. Assign a new cloud account name.

      Tip

      The name should not contain any space, dash, or special characters.

    2. Add the following Cloud Credentials associated with your Google account and click Save.

      These details will differ based on the project being a single project or a shared Shared VPC project.

      The location of these details in GCP are identified in Prerequisites section above

      Field

      Description

      GCP Email Address

      The email address that you used to log into the GCP account.

      GCP Service Account Email Address

      The email address associated with your project(s).

      GCP Service Account PK File Name

      The P12 key associated with the Service Account.

      GCP Project ID (optional)

      Not used – as the project is selected during the CloudCenter application deployment.

      User Network

      Not used.

  4. Click the Regions tab.

  5. Before you add a new region, you need to add the Google Cloud Platform key in the CCO instance as well.

    This step is important – each time you add an account to the Google Cloud Platform cloud, you must ensure to create a new key for that account in Google Cloud Platform and then add the P12 key to the CCO instance at this point, before configuring the region.


    1. Navigate to the /usr/local/osmosix/ folder.

    2. Create a folder called /gce

    3. In the /usr/local/osmosix/gce folder, create a folder calls keys.

    4. After you download the key (the P12 file mentioned in Step 3), ensure that the owner and group permissions for the folders and the p12 files are cliqruser and cliqruser.

      chown –R cliqruser:cliqruser /usr/local/osmosix/gce
  6. Click the Regions tab to add a cloud region.

    1. Click Add Cloud Regions.

    2. Select the required regions for this cloud.

    1. Add the Region Name and an optional Display Name for this cloud region.

    2. Click Save.

      The Instance Types, the Storage Types, and the Image Maps sections are automatically populated with as soon as you add the region.

  7. Click Edit Cloud Settings to update the Google cloud settings for each region.

    Caution

    If you Edit Cloud Settings, you must save the changes to the CCO to ensure that these changes are also propagated to CCOs inside a firewall configuration.

    If your CCO is already configured, you must re-register the CCO for these Cloud Settings to take effect.

    1. Assign the Cloud Credentials for each project as each project has its own credentials and these settings may differ between projects. These fields are already explained in Step 3 above.

    2. Click Save.

  8. To complete the cloud configuration, you must register the CCO with the CCM.

     Register the CCO with the CCM

    Register the CCO with the CCM


    Cloud Region Nuances

    Once you register a CCO with the CCM, the CCO only works for the registered cloud region.

    CloudCenter

    Once you register a CCO with the CCM, the CloudCenter platform considers this cloud region to be active and you can only delete the cloud region from the CloudCenter platform under specific conditions. See Cloud Region Configuration > Delete Cloud Region for additional details.

    While the example provided references the AWS cloud, be aware that the screen captures may differ for each cloud.

    Registration Process

    To register the CCO with the CCM, follow this procedure:

    1. In the Configure Orchestrator popup, provide the CCO IP address that is accessible by CCM and select the cloud account that is used to host the CCO:

    2. If you are not already at this page, verify that you are in the Configure Regions page (Admin > Clouds > Configure Regions for the required cloud).

      1. Click Configure Orchestrator in the Regions tab.

      2. Orchestrator IP or DNS: Provide the IP or DNS address for the CCO server.

      3. Remote Desktop Gateway DNS or IP: The IP address of the Guacamole server (enables browser-based access to the VMs). If the Guacamole component resides in the AMQP server, provide the IP address of the AMQP server.

      4. Cloud Account: Select the cloud account that you want to use with this CCO.

        Amazon Cloud Nuance

        This setting is important if you have configured an IAM Role. Be sure to select the cloud account that contains this role.

    3. Click Save. The CCM and CCO have now established a mutual trust relationship. The CloudCenter platform now manages the cloud region with the deployed CCO.

      If in HA mode while registering, provide the IP or DNS of the CCO_LB server in the Orchestrator IP or DNS field and the AMQP_LB server IP or DNS in the Remote Desktop Gateway DNS or IP field.

    You have registered the CCO VM and completed your configuration.

    Next Steps

    You have the following options at this point:


Return to: Configure Cloud(s)

© 2017-2019 Cisco Systems, Inc. All rights reserved