GCVE Configuration

Prerequisites

Steps to create secrets in GCP Secret manager

Using CLI

  1. Open GCloud shell

  2. Create vCenter secret

     $ gcloud secrets create vmware-secret
    
     $ printf "{\n\"username\": \"vmware_username\",\n\"password\": \"vmware_password\"\n}\n" | gcloud secrets versions add vmware-secret  --data-file=-
    
  3. Create NSX manager secret

     $ gcloud secrets create nsx-manager-secret
    
     $ printf "{\n\"username\": \"nsx_manager_username\",\n\"password\": \"nsx_manager_password\"\n}\n" | gcloud secrets versions add nsx-manager-secret  --data-file=-
    

Using console

  1. Go to GCP secret manager console page https://console.cloud.google.com/security/secret-manager

  2. Create vCenter secret

    a. Enter vCenter secret name

    b. Enter the values. Sample values,

      {
          "username": "vCenter_username",
          "password": "vCenter_password"
      }
    

    c. Create a secret

  3. Create NSX manager secret

    a. Enter NSX manager secret name

    b. Enter the values. Sample values,

      {
         "username": "nsx_username",
         "password": "nsx_password"
      } 
    

    c. Create a secret

Steps to provide permission for GCP Secret Manager
  1. IAM permissions required to access specific secret from the GCP Secret Manager

    a. Create a custom role with secret manager access permission

      $ yes | gcloud iam roles create AppranixSpecificSecretAccess --project project-id --title 'Appranix Specific Secret access' 
        --description 'Appranix to access specific secret' --permissions secretmanager.versions.access 
    

    b. IAM policy binding with condition

    NOTE: Assign permission to both vCenter and NSX manager secrets.

      $ gcloud projects add-iam-policy-binding project-id --member 'serviceAccount:name@project-id.iam.gserviceaccount.com' --role 'projects/project-id/roles/roleId' 
        --condition='expression=resource.type == "secretmanager.googleapis.com/SecretVersion" && resource.name == "projects/434772500984/secrets
        /secret-name/versions/latest",title=Access Secret'
    
  2. Secret manager secret value example

    a. Sample vCenter credential

      {
         "username": "admin@vsphere.local",
         "password": "**********"
      }
    

To configure GCVE in Appranix

  1. Select a Google Cloud Connection for which the GCVE has to be configured from the list of Cloud Connections
  2. Choose “ACTIONS” and select “CONFIGURE GCVE”
  3. Enable the “Google Cloud VMware Engine”
  4. Select the primary region and enter the vCenter cloud endpoint, vCenter credentials secret, NSX manager url, NSX manager credentials secret, Data mover endpoint and Data mover credential secret details
  5. Select the recover region and enter the vCenter cloud endpoint, NSX manager endpoint, NSX manager credentials secret, and vCenter credentials secret
  6. Select “CONFIGURE GCVE” to update the configuration

NOTE:

  1. Enabling GCVE protection requires an Appranix Controller to be deployed in the project with specific network peering and firewall rules.
  2. Currently, Appranix supports the protection and recovery of NSX Networks only.