CloudCenter 4.8 has reached End of Life (EOL) as of November 14, 2018. See End of Support Notices for additional context.

Versions Compared

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.

...

  • A valid Google Cloud Platform account with Project Owner permissions

  • If using the Shared VPC network feature, you also required Shared VPC Admin permissions (see https://cloud.google.com/vpc/docs/provisioning-shared-vpc for additional context).

  • The CloudCenter platform appends the network name with an unique ID to form the firewall rule name, the network name can be a maximum of 24 (network name) + 39 (unique ID) = 63 total characters. For example: abcdefghijklmnopqrstuvwx-c3f-462828f37a06acd3ee194716bfe10de0

  • Enable the following APIs for each Google cloud account where you will be adding to CloudCenter platform:

    • Google Compute Engine API

    • Google Cloud Resource Manager API

    The following image depicts the Google portal to enabled APIs:

  • Launch the CCO in the same cloud region as the Google cloud and create an Instance in the Google cloud on the Google Cloud Platform console:

    • Select CentOS7 as the OS image in the Boot Disk field and increase the Size of the disk as required (see Phase 1: Prepare InfrastructureHardware Requirements for additional context).

    • Access the newly-created instance and edit it to add Custom metadata.

      Tip

      Google Instances are identified by their instanceName, projectId, and zone in a CloudCenter configuration.

      • The nodeId is used for the instanceName

      • The instance metadata contains the projectId, zone, and vmId.

      The vmId is a unique identifier but it is not used for any VM operation, just for the metadata purposes. See VM Management  for additional context.

      Expand
      titleCustom Metadata Details

      Add the sourceImageKey and provide any name.

    • Navigate to the following screen on the Google Cloud Platform:

      • Name: Provide any name as required.

      • Network: Default (CloudCenter does not support Custom networks in this field).

      • Source IP ranges: 0.0.0.0/0 (this is an example, be sure to provide secure IP ranges as required by your environment).

      • Allowed protocols and ports: tcp:80;tcp:443 (this is an example, be sure to provide the ports and protocols for your environment).

      • Target Tags: This field is REQUIRED for CloudCenter configurations. If you are launching the CCO instance, add cco as the tag.

      • Create the newly created firewall rule and ensure that it is added to the list:


    • In the Compute Engine Dashboard, access the VM instance that you launched and apply the firewall rule tag (in this example cco) to this VM Instance.
          

    • GCP Project ID: This is the project ID associated with the account used to log into GCP.

      Info
      titleEffective CloudCenter 4.8.1

      The Project ID for Google Cloud account setting is optional.

      The Project ID selected in the cloud settings section of the Deploy form is where the VM is deployed.


      The CloudCenter platform additionally supports Google's beta Shared VPC feature where you can share multiple projects across the same network. The typical use case for the Shared VPC support is multiple departments having their own projects across the same network. In this use case, one department creates the Shared VPC Host Project and network and then shares the network with the other departments (Shared VPC Service Projects).

      • The following is an example of a Shared VPC projects:

        • The following image depicts a Shared VPC host project and the orange rectangle highlights the shared networks:

        • The following image depicts a the Service projects that are attached to the host project.

        • The following image depicts a service project with the shared network:
           

        • The service projects must display the shared subnetworks.

    • GCP Service Account Email Address: The email address for the Service account associated with this project.

      Expand
      titleRetrieve Email Address

      To retrieve this email address, follow this procedure:

      • Navigate to the Google Cloud Platform's Manage project settings screen.

      • In the IAM & Admin section locate the required Service Account name.

      • If you do not have an existing Service account, create it now (when you select a role for this account, select Owner, to ensure that you have full access to all resources):

      • Identify the Service account ID as highlighted in the following image. This Service account ID is required for the GCP Service Account Email Address field in the CCM UI.

    • GCP Service Account PK Filename: Create a new key at this point and copy it as this key is never displayed again. This new name for the P12 file is required for the GCP Service Account PK Filename field in the CCM UI.

      Expand
      titleGCP Service Account PK Filename Reference
      • From the IAM & Admin page, locate the Service account that you configured above:

      • Retrieve the key if it is already created. If it is not created, click the icon corresponding to this Service account ID and select the Create Key option:
        Image RemovedImage Added

      • Change the file format for this key to P12 and create the file for this private key.
        Image RemovedImage Added

      • Note the name that was automatically assigned for this file. If you do not note it down, you may need to create a new key.
        Image RemovedImage Added

      • Change the name of this file in your download location to ensure easy reference:

        Image RemovedImage Added

    • Based on the above prerequisites, note the following details and have them handy to enter into the CCM UI as specified during the Configuration Process identified below–these details will differ based on the project being a single project or a Shared VPC project:

      • The GCP Email Address (the email used to log into GCP)

      • The GCP Service Account Email Address (the Service account ID for this project)

        Note

        If you use shared networks from the Shared VPC host project, be sure to add the following Google-specific roles to the service account on the Shared VPC host project: Compute Security Admin role and Compute Network User role. Both roles are mandatory.

      • The GCP Project ID for this account (the Project ID for this account)

      • The GCP Service Account PK Filename (the downloaded key file name)

...

© 2017-2019 Cisco Systems, Inc. All rights reserved