Versions Compared

Old Version 13

changes.mady.by.user Jyothi KP

Saved on

compared with

New Version Current

changes.mady.by.user Jyothi KP

Saved on

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.

A vDiscovery job retrieves information about virtual entities in cloud environments that are managed through a cloud management platform, (CMP) such as GCP. The current vDiscovery feature supports tenants, networks, and compute VMs only. It does not support data that is retrieved from load balancer networks, load balancer VMs, Kubernetes platform VMs, application gateways, service VMs, SQL VMs, or any other VMs that are created by cloud services, such as Kubernetes service or analytics service, where the IPAM is handled by the respective orchestration engines of the cloud provider.

Note

Note

You can use the values that appear by default or extend the values as per your requirements. Using less than the recommended resources can cause a reduction in performance.

...

For vNIOS instances running on NIOS 9.0.4 or later, you can configure a vDiscovery job to discover and synchronize data from either a single GCP project like in the prior versions of NIOS, or from multiple GCP projects linked to a host parent project. You can configure a vDiscovery job to discover all projects in a folder or selected projects located in one or more folders.

...

  • To discover a standalone project, create the service account on that project.

  • To discover multiple projects located within a folder, create the service account in one of the projects that must be considered is designated as the host parent project, and then grant appropriate access to the folder.

  • To discover selected projects, create the service account on in one of the projects that must be considered is designated as the host parent project, and then grant appropriate access on each of the projects that must be discovered.

...

  • In the Google Cloud console:

    • Set up your GCP organization with the required the hierarchy of folders, GCP projects, and resources.

    • Enable the Cloud Resource Manager API and the Compute Engine API. NIOS needs to call on these APIs to run a vDiscovery job.

    • Set up a service account in the required project and download the service account file. For more information, see the Creating a Service Account section.

    • Enable multi-project synchronization in Google Cloud. For more information, see the Setting up GCP for Multi-Project vDiscovery section.

  • In NIOS:

Anchor
Creating_Service_Account
Creating_Service_Account
Creating a GCP Service Account

Excerpt
nameCreate_GCP_Service_Account

Create a GCP service account

...

in a GCP project and assign it with appropriate permissions as defined in this section. To synchronize data from a single project, create the service account in that project or to synchronize data from multiple projects, create the service account in the project designated as the parent project. You need to configure the service account credentials in NIOS for it to use the credentials to communicate with GCP.

Note that for shared VPCs, you must create the service account in the host project.

To create a service account, complete the following steps:

  1. Sign in to http://console.cloud.google.com.

  2. In the Navigation menu, click IAM & Admin -> Service Accounts.

  3. Do one of the following:

    1. If a project is not selected:

      1. Click SELECT PROJECT.

      2. In the Select a resource dialog box, search for and click the name of the project in which you want to create the service account.

    2. If a project is already selected, then click CREATE SERVICE ACCOUNT.

  4. In the Create service account panel, complete the following in the Service account details section:

    • Service account name: Enter a name for the service account.

    • Service account ID: The service account name you typed appears as the account ID. You may edit this value.

  5. Click CREATE AND CONTINUE.

  6. In the Grant this service account access to project (Optional) section, from the Role drop-down list, choose and assign the

...

  1. role

...

  1. :
    Compute Engine -> Compute Viewer.

    New_Service_Account2.pngImage Modified

  2. Click DONE.
    The service account is created.

  3. Click the name of the service account that you created to view its details.

  4. Copy or download the following information:

    1. If you created the service account in a

...

    1. parent project, then copy the email ID required to configure the IAM (Identity and Access Management) either in the folder in which projects to be discovered are located or in the project that must be discovered.

    2. Create a private key that is required to establish a connection between Infoblox NIOS and GCP, and download it:

      1. On the Keys tab, click ADD KEY -> Create New Key.

      2. Select JSON as the Key type.

      3. Click CREATE to create the private key and download the service account (JSON) file that contains the key to the local disk.
        You will require this file when configuring a vDiscovery job in NIOS. For more information, see Configuring vDiscovery Jobs in the Infoblox NIOS Documentation.

Anchor
Starting_and_Stopping_Sync_Service
Starting_and_Stopping_Sync_Service
Starting and Stopping the Cloud Sync Service

In NIOS 9.0.4 and later, to execute a vDiscovery job configured on a Grid member in Infoblox NIOS, the Cloud Sync service must be running on the Grid member. If the member is not assigned with any vDiscovery job or a sync task, the service is automatically enabled when you create a vDiscovery job or a sync task (in NIOS 9.0.5 or later) on the member.

Before or after an upgrade to NIOS 9.0.4 or later, if you manually stopped the Cloud Sync service on a member for any reason, you must manually start the service for the dependent tasks such as DNS sync and/or vDiscovery to run.

To start the service:

  1. From the Grid tab, select Grid Manager tab > Services tab.

  2. On the service bar, click the Cloud Sync service.

  3. Select the member on which the Cloud Sync service must be enabled.

  4. Expand the Toolbar and click Start.
    The service takes a few minutes to start. Before running a vDiscovery job, wait for the service status to show Cloud Sync service is healthy.

To stop the Cloud Sync service on a member, select the member checkbox, and then click Stop in the Toolbar.

Setting up GCP for Multi-Project vDiscovery

You can set up the vDiscovery feature to discover data across multiple GCP projects.

To set up

Insert excerpt
vnioscommontopics:Starting and Stopping the Cloud Sync Service
vnioscommontopics:Starting and Stopping the Cloud Sync Service
nameStart_Stop_Cloud_Sync_Service
nopaneltrue

Setting up GCP for Multi-Project vDiscovery

Excerpt
nameGCP_Cloud_Multi_Project_Syncronization

To import the vDiscovery data (in NIOS 9.0.4 or later) or Google Cloud DNS data (in NIOS 9.0.5 or later) from multiple projects in a GCP organization to NIOS, you must set up the GCP environment as discussed below.

A GCP organization is a resource that forms the root node in the hierarchy of GCP resources that include folders, projects, and other resources. The IAM and access control settings that you define at the parent level in a hierarchy, applies to all child resources of that parent. The IAM and access control settings can also be configured in individual projects.

To set up multi-project discovery and synchronization of discovered data, define a service account in a GCP project designated as the parent, and then grant the service account access to a folder or to individual projects depending on whether you want the data synchronized from all projects within a folder or selected projects respectively.

According to the functionality that you want to set up the multi-project synchronization for, complete the prerequisites for vDiscovery or Cloud DNS synchronization.

To set up the GCP environment, complete the following steps:

  1. Sign in to Google Cloud console.

  2. Create a service account with

...

  1. required role in one of the projects

...

  1. designated as the parent project. For steps, see

...

  1. the prerequisites section.

  2. Configure GCP for multi-project

...

  1. discovery using one of the following methods according to your requirement:

    • To enable a vDiscovery job or a sync task to discover and synchronize data from all projects located in a folder, grant the following access to the folder:
      Note:
      In NIOS, to enable the discovery of all GCP projects within a folder, you must enable the Multiple Projects Sync -> Discover Projects option for the vDiscovery job or the sync group.

...

...

      1. , type the email ID of the service account in the New Principals field.

      2. In the Role drop-down list, choose and assign the following role permissions to the folder:

        • For vDiscovery:

          • Compute Engine -> Compute Viewer

          • Folder -> Viewer

            Folder_IAM.pngImage Modified

        • For Cloud DNS Synchronization:

          • DNS -> Reader

          • Folder -> Viewer

      3. Click Done.

    • To enable a

...

    • sync task to discover and synchronize data from selected projects, grant the following access to each of the projects that must be discovered:
      Note:
      In NIOS, to enable the discovery of selected GCP projects, you must enable the Multiple Projects Sync -> Add or Upload Child Projects option for the vDiscovery job or the sync group.
      For more information, see Configuring vDiscovery Jobs in the Infoblox NIOS Documentationor Configuring Google Cloud DNS Synchronization in NIOS respectively.

      1. Access a project that must be discovered.

      2. In the IAM & Admin panel, click IAM.

      3. Click GRANT ACCESS.

      4. In the Grant access to <project_name> dialog box, in the New Principals field, add the service account ID of the account you created.

      5. In the Role drop-down list, choose and assign the following role permission to the project:

        • For vDiscovery: Compute Engine -> Compute Viewer

        • For DNS Synchronization: DNS -> Reader

      6. Click Done

...

      1. .

Discovering VMs Running in Shared VPCs

...