A vDiscovery job retrieves information about virtual entities in cloud environments that are managed through a cloud management platform, (CMP) such as GCP. The current vDiscovery feature supports tenants, networks, and compute VMs only. It does not support data that is retrieved from load balancer networks, load balancer VMs, Kubernetes platform VMs, application gateways, service VMs, SQL VMs, or any other VMs that are created by cloud services, such as Kubernetes service or analytics service, where the IPAM is handled by the respective orchestration engines of the cloud provider.
Panel | panelIconId | atlassian-
---|---|
Note | |
panelIcon | :note: |
bgColor | #FFFAE6 | If the vDiscovery job retrieves unsupported data from GCP, then it impacts the performance of the vDiscovery processNote You can use the values that appear by default or extend the values as per your requirements. Using less than the recommended resources can cause a reduction in performance. |
You must first select a member to run the vDiscovery job. To ensure that the job is executed properly, verify the connection between the discovering member and the discovered endpoint. Infoblox vDiscovery for GCP supports the resource manager model. You can discover tenants, subnets, VPCs, and workload VMs through Infoblox vDiscovery for GCP. When you configure vDiscovery jobs, you can enable the Infoblox NIOS appliance to automatically create DNS records for discovered IP addresses of VM instances that are served by the NIOS appliance. You can configure the appliance to add DNS records for specific DNS views associated with the network view defined for public and private IP addresses of VM instances served by the appliance. For information on how to perform GCP vDiscovery, see the Selecting the Endpoint Server section in the Configuring vDiscovery Jobs topic in Infoblox NIOS documentation.
For vNIOS instances running on NIOS 9.0.4 or later, you can configure a vDiscovery job to discover and synchronize data from either a single GCP project like in the prior versions of NIOS, or from multiple GCP projects linked to a parent project. You can configure a vDiscovery job to discover all projects in a folder or selected projects located in one or more folders.
According to the projects that a vDiscovery job must discover, perform one of the following:
To discover a standalone project, create the service account on that project.
To discover multiple projects located within a folder, create the service account in one of the projects that is designated as the parent project, and then grant appropriate access to the folder.
To discover selected projects, create the service account in one of the projects that is designated as the parent project, and then grant appropriate access on each of the projects that must be discovered.
Note |
---|
Note
|
...
NIOS virtual appliance for GCP has the following limitations:
...
Infoblox vDiscovery for GCP does not support discovery of load balancers.
...
When a VM in GCP uses the custom hostname option, the VM name and the VM hostname are different. The vDiscovery for GCP uses only the VM name for the managed VM and ignores the VM hostname.
...
When running vDiscovery across multiple projects, the user must create one vDiscovery job per GCP project. vDiscovery across multiple GCP projects through a single vDiscovery job is not supported.
...
When you create an instance using a snapshot on GCP and then run vDiscovery, the OS field in the IPAM tab will be blank.
...
|
Prerequisites
Before you configure a vDiscovery job to discover data from GCP projects, complete the following prerequisites:
In the Google Cloud console:
Set up your GCP organization with the required hierarchy of folders, GCP projects, and resources.
Enable the Cloud Resource Manager API and the Compute Engine API. NIOS needs to call on these APIs to run a vDiscovery job.
Set up a service account in the required project and download the service account file. For more information, see the Creating a Service Account section.
Enable multi-project synchronization in Google Cloud. For more information, see the Setting up GCP for Multi-Project vDiscovery section.
In NIOS:
Configure a DNS resolver. For more information, refer to the Enabling DNS Resolution topic in the Infoblox NIOS Documentation.
Only for NIOS version 9.0.4 and later: Ensure that the Cloud Sync service is running on the Grid member that performs the vDiscovery job. For more information, see the Starting and Stopping the Cloud Sync Service section.
Anchor | ||||
---|---|---|---|---|
|
Excerpt | ||
---|---|---|
| ||
Create a GCP service account in a GCP project and assign it with appropriate permissions as defined in this section. To synchronize data from a single project, create the service account in that project or to synchronize data from multiple projects, create the service account in the project designated as the parent project. You need to configure the service account credentials in NIOS for it to use the credentials to communicate with GCP. Note that for shared VPCs, you must create the service account in the host project. To create a service account, complete the following steps:
|
Anchor | ||||
---|---|---|---|---|
|
In NIOS 9.0.4 and later, to execute a vDiscovery job configured on a Grid member in Infoblox NIOS, the Cloud Sync service must be running on the Grid member. If the member is not assigned with any vDiscovery job or a sync task, the service is automatically enabled when you create a vDiscovery job or a sync task (in NIOS 9.0.5 or later) on the member.
Before or after an upgrade to NIOS 9.0.4 or later, if you manually stopped the Cloud Sync service on a member for any reason, you must manually start the service for the dependent tasks such as DNS sync and/or vDiscovery to run.
Insert excerpt | ||||||||
---|---|---|---|---|---|---|---|---|
|
Setting up GCP for Multi-Project vDiscovery
Excerpt | ||
---|---|---|
| ||
To import the vDiscovery data (in NIOS 9.0.4 or later) or Google Cloud DNS data (in NIOS 9.0.5 or later) from multiple projects in a GCP organization to NIOS, you must set up the GCP environment as discussed below. A GCP organization is a resource that forms the root node in the hierarchy of GCP resources that include folders, projects, and other resources. The IAM and access control settings that you define at the parent level in a hierarchy, applies to all child resources of that parent. The IAM and access control settings can also be configured in individual projects. To set up multi-project discovery and synchronization of discovered data, define a service account in a GCP project designated as the parent, and then grant the service account access to a folder or to individual projects depending on whether you want the data synchronized from all projects within a folder or selected projects respectively. According to the functionality that you want to set up the multi-project synchronization for, complete the prerequisites for vDiscovery or Cloud DNS synchronization. To set up the GCP environment, complete the following steps:
|
Discovering VMs Running in Shared VPCs
Starting from NIOS 9.0.4, to discover VMs running in shared VPCs, you must ensure the host project is discovered first followed by the service projects. This can be achieved by one of the following methods in NIOS:
Create separate vDiscovery jobs for the host and service projects.
Create a vDiscovery job by enabling Multi Projects Sync > Discover Projects. When Discover Projects is enabled, by default, the host project is discovered first and then the service projects.
If you enable Multi Projects Sync > Add or Upload Child Projects, the discovery job fails to fetch the shared VPCs and VMs on the first run, but fetches data successfully on subsequent runs. For steps to configure a vDiscovery job, see the Configuring vDiscovery Jobs topic in the Infoblox NIOS Documentation.
The shared VPC networks in which VMs are discovered are tagged as cloud shared in NIOS. To view the list of such networks in NIOS Grid Manager, click Cloud tab > Networks tab, the Cloud Shared column is tagged with Yes for each of these networks.