GCVE Configuration
Prerequisites
Steps to create secrets in GCP Secret manager
Using CLI
-
Open GCloud shell
-
Create vCenter secret
$ gcloud secrets create vmware-secret
$ printf "{\n\"username\": \"vmware_username\",\n\"password\": \"vmware_password\"\n}\n" | gcloud secrets versions add vmware-secret --data-file=-
-
Create NSX manager secret
$ gcloud secrets create nsx-manager-secret
$ printf "{\n\"username\": \"nsx_manager_username\",\n\"password\": \"nsx_manager_password\"\n}\n" | gcloud secrets versions add nsx-manager-secret --data-file=-
Using console
-
Go to GCP secret manager console page https://console.cloud.google.com/security/secret-manager
-
Create vCenter secret
a. Enter vCenter secret name
b. Enter the values. Sample values,
{ "username": "vCenter_username", "password": "vCenter_password" }
c. Create a secret
-
Create NSX manager secret
a. Enter NSX manager secret name
b. Enter the values. Sample values,
{ "username": "nsx_username", "password": "nsx_password" }
c. Create a secret
Steps to provide permission for GCP Secret Manager
-
IAM permissions required to access specific secret from the GCP Secret Manager
a. Create a custom role with secret manager access permission
$ yes | gcloud iam roles create AppranixSpecificSecretAccess --project project-id --title 'Appranix Specific Secret access' --description 'Appranix to access specific secret' --permissions secretmanager.versions.access
b. IAM policy binding with condition
NOTE: Assign permission to both vCenter and NSX manager secrets.
$ gcloud projects add-iam-policy-binding project-id --member 'serviceAccount:name@project-id.iam.gserviceaccount.com' --role 'projects/project-id/roles/roleId' --condition='expression=resource.type == "secretmanager.googleapis.com/SecretVersion" && resource.name == "projects/434772500984/secrets /secret-name/versions/latest",title=Access Secret'
-
Secret manager secret value example
a. Sample vCenter credential
{ "username": "admin@vsphere.local", "password": "**********" }
To configure GCVE in Appranix
- Select a Google Cloud Connection for which the GCVE has to be configured from the list of Cloud Connections
- Choose “ACTIONS” and select “CONFIGURE GCVE”
- Enable the “Google Cloud VMware Engine”
- Select the primary region and enter the vCenter cloud endpoint, vCenter credentials secret, NSX manager url, NSX manager credentials secret, Data mover endpoint and Data mover credential secret details
- Select the recover region and enter the vCenter cloud endpoint, NSX manager endpoint, NSX manager credentials secret, and vCenter credentials secret
- Select “CONFIGURE GCVE” to update the configuration
NOTE:
- Enabling GCVE protection requires an Appranix Controller to be deployed in the project with specific network peering and firewall rules.
- Currently, Appranix supports the protection and recovery of NSX Networks only.
Need more help?
Submit a ticket