Before you configure sync groups and sync tasks required for the Google Cloud DNS integration available in NIOS 9.0.5 and later, complete the following prerequisites:

• In Google Cloud:

  • Set up your GCP organization with required hierarchy of folders, GCP projects, and resources.

  • Ensure that the following APIs required for NIOS to run the DNS synchronization are enabled in Google Cloud:

    • Cloud DNS API

    • Compute Engine API

    • Cloud Resource Manager API

  • Set up a service account in the required project and download the service account file. For more information, see the Creating a GCP Service Account section.

  • Enable multi-project synchronization in Google Cloud. For more information, see Configuring the GCP Environment for Multi-Project Synchronization.

• In Infoblox NIOS:

  • Ensure that you have installed the Cloud Network Automation license on the Grid Master. For information about licenses, refer to the Infoblox NIOS Documentation.

  • Ensure that the Cloud Sync service is running on the Grid member that will perform the sync task. For more information, see Starting and Stopping the Cloud Sync Service.

  • Keep the service account (JSON) file handy and use it to configure a GCP user in NIOS as described in the Adding a GCP User in NIOS section.

  • Ensure that the time on the NIOS appliance is synchronized with the actual time so that DNS synchronization functions properly. You can configure NTP servers on the NIOS appliance and enable the NTP service to synchronize time on the appliance. For information about how to set up the NTP server, refer to the Infoblox NIOS Documentation.

  • Configure DNS resolvers on the Grid member that is synchronizing GCP DNS data so that NIOS is able to communicate with the service endpoints of GCP. For information about how to configure DNS resolvers, refer to the Infoblox NIOS Documentation.

Creating a GCP Service Account

Create a GCP service account in a GCP project and assign it with appropriate permissions as defined in this section. To synchronize data from a single project, create the service account in that project or to synchronize data from multiple projects, create the service account in the project designated as the parent project. You need to configure the service account credentials in NIOS for it to use the credentials to communicate with GCP.

Note that for shared VPCs, you must create the service account in the host project.

To create a service account, complete the following steps:

1. Sign in to http://console.cloud.google.com.

2. In the Navigation menu, click IAM & Admin -> Service Accounts.

3. Do one of the following:

   1. If a project is not selected:

      1. Click SELECT PROJECT.

      2. In the Select a resource dialog box, search for and click the name of the project in which you want to create the service account.

   2. If a project is already selected, then click CREATE SERVICE ACCOUNT.

4. In the Create service account panel, complete the following in the Service account details section:

   • Service account name: Enter a name for the service account.

   • Service account ID: The service account name you typed appears as the account ID. You may edit this value.

5. Click CREATE AND CONTINUE.

6. In the Grant this service account access to project (Optional) section, from the Role drop-down list, choose and assign the following role:
   DNS -> Reader.

7. Click DONE.
   The service account is created.

8. Click the name of the service account that you created to view its details.

9. Copy or download the following information:

   1. If you created the service account in a parent project, then copy the email ID required to configure the IAM (Identity and Access Management) either in the folder in which projects to be discovered are located or in the project that must be discovered.

   2. Create a private key that is required to establish a connection between Infoblox NIOS and GCP, and download it:

      1. On the Keys tab, click ADD KEY -> Create New Key.

      2. Select JSON as the Key type.

      3. Click CREATE to create the private key and download the service account (JSON) file that contains the key to the local disk.
         You will require this file when configuring a DNS sync task in NIOS. For more information, see Configuring Google Cloud DNS Synchronization in NIOS.

Adding a GCP User in NIOS

For the service account that you created in Google Cloud, you must create a parallel GCP CMP user in NIOS by uploading the service account file downloaded from GCP. The credentials in the file are used by NIOS to communicate with GCP through the cloud admin account.

To add a GCP CMP user, complete the following steps in NIOS Grid Manager:

1. On the Administration tab > Cloud tab, click the Add icon.

2. In Add Cloud User Wizard > Step 1 of 1, complete the following:

   • Cloud Service Provider: Select GCP from the drop-down list.

   • Username: Enter a username for the GCP CMP user account.

   • Service Account File: Click Upload and complete the following in the Upload dialog box:

     1. Click Select.

     2. Select the file to upload and click Open.

     3. Click Upload, and then click Close after the file is uploaded.

3. Click Save & Close.

Starting and Stopping the Cloud Sync Service

To enable the synchronization of DNS data from multiple projects of a GCP organization to NIOS, the Cloud Sync service must be running on the member that will perform the sync task. If the member is not assigned with any existing vDiscovery job or a sync task, the service is automatically enabled when you create a vDiscovery job or GCP sync group with a minimum of one sync task on the member.

Before or after an upgrade to NIOS 9.0.5 or later, if you manually stopped the Cloud Sync service on a member for any reason, you must manually start the service for the dependent tasks such as DNS sync and/or vDiscovery to run.