A vDiscovery job retrieves information about virtual entities in cloud environments that are managed through a cloud management platform, (CMP) such as GCP. The current vDiscovery feature supports tenants, networks, and compute VMs only. It does not support data that is retrieved from load balancer networks, load balancer VMs, Kubernetes platform VMs, application gateways, service VMs, SQL VMs, or any other VMs that are created by cloud services, such as Kubernetes service or analytics service, where the IPAM is handled by the respective orchestration engines of the cloud provider.
Note |
---|
Note You can use the values that appear by default or extend the values as per your requirements. Using less than the recommended resources can cause a reduction in performance. |
...
For vNIOS instances running on NIOS 9.0.4 or later, you can configure a vDiscovery job to discover and synchronize data from either a single GCP project like in the prior versions of NIOS, or from multiple GCP projects linked to a host parent project. You can configure a vDiscovery job to discover all projects in a folder or selected projects located in one or more folders.
...
To discover a standalone project, create the service account on that project.
To discover multiple projects located within a folder, create the service account in one of the projects that must be considered is designated as the host parent project, and then grant appropriate access to the folder.
To discover selected projects, create the service account on in one of the projects that must be considered is designated as the host parent project, and then grant appropriate access on each of the projects that must be discovered.
...
In the Google Cloud console:
Set up your GCP organization with the required the hierarchy of folders, GCP projects, and resources.
Enable the Cloud Resource Manager API and the Compute Engine API. NIOS needs to call on these APIs to run a vDiscovery job.
Set up a service account in the required project and download the service account file. For more information, see the Creating a Service Account section.
Enable multi-project synchronization in Google Cloud. For more information, see the Setting up GCP for Multi-Project vDiscovery section.
In NIOS:
Configure a DNS resolver. For more information, refer to the Enabling DNS Resolution topic in the Infoblox NIOS Documentation.
Only for NIOS version 9.0.4 and later: Ensure that the Cloud Sync service is running on the Grid member that performs the vDiscovery job. For more information, see the Starting and Stopping the Cloud Sync Service section.
Anchor | ||||
---|---|---|---|---|
|
Excerpt | ||
---|---|---|
| ||
Create a GCP service account |
...
in a GCP project and assign it with appropriate permissions as defined in this section. To synchronize data from a single project, create the service account in that project or to synchronize data from multiple projects, create the service account in the project designated as the parent project. You need to configure the service account credentials in NIOS for it to use the credentials to communicate with GCP. Note that for shared VPCs, you must create the service account in the host project. To create a service account, complete the following steps:
|
...
|
...
|
...
|
Anchor | ||||
---|---|---|---|---|
|
In NIOS 9.0.4 and later, to execute a vDiscovery job configured on a Grid member in Infoblox NIOS, the Cloud Sync service must be running on the Grid member. If the member is not assigned with any vDiscovery job or a sync task, the service is automatically enabled when you create a vDiscovery job or a sync task (in NIOS 9.0.5 or later) on the member.
Before or after an upgrade to NIOS 9.0.4 or later, if you manually stopped the Cloud Sync service on a member for any reason, you must manually start the service for the dependent tasks such as DNS sync and/or vDiscovery to run.
To start the service:
From the Grid tab, select Grid Manager tab > Services tab.
On the service bar, click the Cloud Sync service.
Select the member on which the Cloud Sync service must be enabled.
Expand the Toolbar and click Start.
The service takes a few minutes to start. Before running a vDiscovery job, wait for the service status to show Cloud Sync service is healthy.
To stop the Cloud Sync service on a member, select the member checkbox, and then click Stop in the Toolbar.
Setting up GCP for Multi-Project vDiscovery
You can set up the vDiscovery feature to discover data across multiple GCP projects.
To set up
Insert excerpt | ||||||||
---|---|---|---|---|---|---|---|---|
|
Setting up GCP for Multi-Project vDiscovery
Excerpt | ||
---|---|---|
| ||
To import the vDiscovery data (in NIOS 9.0.4 or later) or Google Cloud DNS data (in NIOS 9.0.5 or later) from multiple projects in a GCP organization to NIOS, you must set up the GCP environment as discussed below. A GCP organization is a resource that forms the root node in the hierarchy of GCP resources that include folders, projects, and other resources. The IAM and access control settings that you define at the parent level in a hierarchy, applies to all child resources of that parent. The IAM and access control settings can also be configured in individual projects. To set up multi-project discovery and synchronization of discovered data, define a service account in a GCP project designated as the parent, and then grant the service account access to a folder or to individual projects depending on whether you want the data synchronized from all projects within a folder or selected projects respectively. According to the functionality that you want to set up the multi-project synchronization for, complete the prerequisites for vDiscovery or Cloud DNS synchronization. To set up the GCP environment, complete the following steps:
|
...
|
...
|
...
|
...
|
...
|
...
|
...
|
...
|
Discovering VMs Running in Shared VPCs
...