Configuring a Google Cloud VMware Engine Instance in VMware Aria
Operations
Google Cloud VMware Engine
Instance in VMware Aria
Operations
You must configure a dedicated cloud
account for
Google Cloud VMware Engine
to manage
your Google Cloud VMware Engine
instances in
VMware Aria
Operations
. For a successful
configuration, the cloud account requires a Google Cloud Platform (GCP) project ID, service
account JSON for the service account with appropriate privileges, and an optional CSP
refresh token. The CSP refresh token is required if you would like to use bill-based costing
and have purchased Google Cloud VMware Engine
through VMware. Private clouds are auto-discovered after you save the cloud account for
Google Cloud VMware Engine
. You can then
configure the credentials to monitor the underlying vCenter/vSAN and optionally the
NSX-T
and service discovery for each of the
Private Clouds.- Create a service account in Google Cloud Platform with at-least the viewer role privileges, note down the Google Cloud Platform project ID that you would like to manage fromVMware Aria Operations. Refer to the following Google Cloud Platform documentation pages for more information: Creating and Managing Service Accounts
- Generate an optional CSP refresh token for bill-based costing in the VMware Cloud Services Portal (CSP). Navigate toAPI TokensunderMy Accountand generate a CSP API token with the billing read-only role for theGoogle Cloud VMware Engineservice.
- From the left menu, click .
- On theAccountstab, clickAdd.
- On theAccounts Typespage, clickGoogle Cloud VMware Engine.
- Enter a display name and description for the cloud account.
- Name. Enter the name for theGoogle Cloud VMware Engineinstance as you want it to appear inVMware Aria Operations.
- Description. Enter any additional information that helps you manage your instances.
- Enter the Google Cloud Project ID in whichGoogle Cloud VMware Engineservice has been deployed.Google Cloud projects form the basis for creating, enabling, and using all Google Cloud services including managing APIs, enabling billing, adding and removing collaborators, and managing permissions for Google Cloud resources. Google Cloud projects are uniquely identified by an ID called Project ID. Refer to the following Google Cloud documentation for more information: Creating and Managing Projects.
- To add credentials for theGoogle Cloud VMware Engineinstance, click theAddicon, and enter the required credentials.
- Credential Name: The name by which you are identifying the configured credentials.
- Service Account JSON: Create a service account in Google cloud with at least the "viewer" role privileges and download its private key as a JSON file. Enter the contents of the JSON file in this field.You can create and use a single service account JSON that is common, similar to a super user account, for all the projects.
- (Optional)CSP Refresh Token: Enter the API token if you want to use bill-based costing andGoogle Cloud VMware Enginewas purchased from VMware. You can generate the CSP API refresh token from the Cloud Services Portal (CSP) with at least the billing read-only role for theGoogle Cloud VMware Engineservice.Configureallthe projects that are linked to the organisation for accurate bill based costing.If any project of theGoogle Cloud VMware Engineadapter instance is configured without the CSP token, then reference or rate card based costing will occur.
- Proxy Host/IP: A remote proxy server IP.
- Proxy Port: The port that is activated on a remote proxy server.
- Proxy Username: Enter the username of the proxy server or if you want to add a domain configured remote proxy server, then enter the username asusername@domain name.
- Proxy Password: Password for the proxy server username.
- ClickValidate Connectionto validate the connection.
- Determine whichVMware Aria Operationscollector or collector group is used to manage the cloud account. If you have multiple collectors or collector groups in your environment, and you want to distribute the workload to optimize performance, select the collector or collector group to manage the adapter processes for this instance.It is recommended that use cloud proxy. Ensure that there is access to the Internet and it can reach theGoogle Cloud VMware EnginePrivate Cloud's vCenter andNSX-TFQDNs. If the outbound internet access for the cloud proxy must be restricted, ensure the minimum cloud proxy prerequisites are met. Ensure that you have Internet connectivity for the collectors to work. For more details see, Configuring Cloud Proxies in VMware Aria Operations.If you have installed cloud proxy in anGoogle Cloud VMware Engineinstance, the cloud proxy may not have outbound internet access to reach theVMware Aria Operationsservice. To activate outbound internet access for the deployed cloud proxy, follow the steps described in the Google Cloud documentation in the following topic: Configuring Internet Access for Workload VMs.
- Under Advanced Settings, enter the following details:
- (Optional)Configuration Limits File Name: TheGoogle Cloud VMware Engineaccount uses the following default configuration maximum file:gcve_config_limits. This file contains theGoogle Cloud VMware Engineconfiguration maximum soft and hard limits, and their configured value inVMware Aria Operations. If you have increased the limits for any of theGoogle Cloud VMware Engineconfigurations, you must create a new configuration file (from ) and update the name of the new configuration file in this field.
- Billing Enabled: Set the option totrueto enable bill-based costing.
- ClickSave.The page to configure the Private Clouds inGoogle Cloud VMware Engineappears.
- From the list of available Private Clouds that are linked to the project configured in theGoogle Cloud VMware Engineinstance, click any one of the Private Clouds that you want to monitor fromVMware Aria Operations.
- Configure the vCenter adapter:
- Click thevCentertab, and enter the required credentials.
- Credential Name. The name by which you are identifying the configured credentials.
- User Name. ThevCenter Serveruser name. Use a user with the 'cloudadmin' role which has full visibility tovCenter Server. Users with less privileges have limited visibility, for example, the read-only users do not have visibility into management VMs.
- Password. ThevCenter Serverpassword configured for thatvCenter Serveruser name.
- Select the required collector group.If you have direct connectivity with your VMware CloudvCenter Server, selectDefault collector group. If you are using a private IP for yourvCenter Serveror if you want to deploy Telegraf agents for application monitoring, selectCloud Proxy. The best practice is to deploy the Cloud Proxy on each Private Cloud instance ofGoogle Cloud VMware Engine.Select the cloud proxy deployed on the givenvCenter Serverand ensure it has access to the Internet. If the outbound internet access for the cloud proxy must be restricted, ensure that the minimum cloud proxy prerequisites are met.For details, see Configuring Cloud Proxies in VMware Aria Operations.It is advised not to use the default collector groups as theGoogle Cloud VMware Enginemanagement gateway firewall rule does not allow traffic originating from any address.If you have configured an HTTP proxy on yourVMware Aria Operationscloud proxy, ensure that your HTTP proxy has an exception to access theNSX-TManagement Policy endpoint.
- If you have installed cloud proxy in anGoogle Cloud VMware EnginePrivate Cloud, the cloud proxy may not have outbound internet access to reach theVMware Aria Operationsservice. To activate outbound internet access for the deployed cloud proxy, follow the steps as described in the Google documentation in the following topic: Configuring Internet Access for Workload VMs.
- Configure the vSAN Adapter.
- Click thevSANtab. By default, the vSAN adapter is activated.
- SelectUse alternate credentialsto add alternate credentials. Click the plus icon, and enter the credential name,vCenter Serverusername, and password, and clickOK.
- SelectEnable SMART data collection, if required.
- ClickValidate Connectionto validate the connection.
- ClickNext.
- Configure theNSX-Tadapter.
- Click theNSX-Ttab and the enter the required credentials.
- ActivateNSX-Tconfiguration if it is deactivated.
- Click theAddicon next to theCredentialfield and enter the required credentials.
- Credential Kind: Select either theNSX-Tclient certificate credential option orNSX-Tcredentials.
- Credential Name: The name by which you are identifying the configured credentials.
- User Name: The user name of theNSX-Tinstance if you have selectedNSX-Tcredentials as the credentials kind.
- Password: The password of theNSX-Tinstance if you have selectedNSX-Tcredentials as the credentials kind.
- Client certificate data: Enter client certificate data if you have selectedNSX-Tclient certificate credentials as the credentials kind.
- Client key data: Enter client key data if you have selectedNSX-Tclient certificate credentials as the credentials kind.
- ClickOK.
- ClickValidate Connectionto validate the connection.
- (Optional) Configure Service Discovery. For more information, see Configure Service and Application Discovery.
- ClickSave This Private Cloud.For installation details, see Installing VMware Aria Operations on VMware Cloud.After the adapters and cloud accounts are configured,VMware Aria Operationsdiscovers and monitors the environment that runs onGoogle Cloud VMware Engine.