A valid Google Cloud Platform account with Project Owner permissions
If using the Shared VPC network feature, you also required Shared VPC Admin permissions (see https://cloud.google.com/vpc/docs/provisioning-shared-vpc for additional context).
The CloudCenter platform appends the network name with an unique ID to form the firewall rule name, the network name can be a maximum of 24 (network name) + 39 (unique ID) = 63 total characters. For example: abcdefghijklmnopqrstuvwx-c3f-462828f37a06acd3ee194716bfe10de0
Enable the following APIs for each Google cloud account where you will be adding to CloudCenter platform:
Google Compute Engine API
Google Cloud Resource Manager API
The following image depicts the Google portal to enabled APIs:
Launch the CCO in the same cloud region as the Google cloud and create an Instance in the Google cloud on the Google Cloud Platform console:
Select CentOS7 as the OS image in the Boot Disk field and increase the Size of the disk as required (see Phase 1: Prepare Infrastructure > Hardware Requirements for additional context).
Access the newly-created instance and edit it to add Custom metadata.
Google Instances are identified by their instanceName, projectId, and zone in a CloudCenter configuration.
The nodeId is used for the instanceName
The instance metadata contains the projectId, zone, and vmId.
The vmId is a unique identifier but it is not used for any VM operation, just for the metadata purposes. See VM Management for additional context.
Expand title Custom Metadata Details
Name: Provide any name as required.
Network: Default (CloudCenter does not support Custom networks in this field).
Source IP ranges: 0.0.0.0/0 (this is an example, be sure to provide secure IP ranges as required by your environment).
Allowed protocols and ports: tcp:80;tcp:443 (this is an example, be sure to provide the ports and protocols for your environment).
Target Tags: This field is REQUIRED for CloudCenter configurations. If you are launching the CCO instance, add cco as the tag.
In the Compute Engine Dashboard, access the VM instance that you launched and apply the firewall rule tag (in this example cco) to this VM Instance.
GCP Project ID: This is the project ID associated with the account used to log into GCP.
Info title Effective CloudCenter 4.8.1
The Project ID for Google Cloud account setting is optional.
The Project ID selected in the cloud settings section of the Deploy form is where the VM is deployed.
The CloudCenter platform additionally supports Google's beta Shared VPC feature where you can share multiple projects across the same network. The typical use case for the Shared VPC support is multiple departments having their own projects across the same network. In this use case, one department creates the Shared VPC Host Project and network and then shares the network with the other departments (Shared VPC Service Projects).
The following is an example of a Shared VPC projects:
The service projects must display the shared subnetworks.
GCP Service Account Email Address: The email address for the Service account associated with this project.
Expand title Retrieve Email Address
To retrieve this email address, follow this procedure:
In the IAM & Admin section locate the required Service Account name.
GCP Service Account PK Filename: Create a new key at this point and copy it as this key is never displayed again. This new name for the P12 file is required for the GCP Service Account PK Filename field in the CCM UI.
Expand title GCP Service Account PK Filename Reference
From the IAM & Admin page, locate the Service account that you configured above:
Retrieve the key if it is already created. If it is not created, click the icon corresponding to this Service account ID and select the Create Key option:
Note the name that was automatically assigned for this file. If you do not note it down, you may need to create a new key.
Change the name of this file in your download location to ensure easy reference:
Based on the above prerequisites, note the following details and have them handy to enter into the CCM UI as specified during the Configuration Process identified below–these details will differ based on the project being a single project or a Shared VPC project:
The GCP Email Address (the email used to log into GCP)
The GCP Service Account Email Address (the Service account ID for this project)
If you use shared networks from the Shared VPC host project, be sure to add the following Google-specific roles to the service account on the Shared VPC host project: Compute Security Admin role and Compute Network User role. Both roles are mandatory.
The GCP Project ID for this account (the Project ID for this account)
The GCP Service Account PK Filename (the downloaded key file name)