You must configure a dedicated cloud account for Google Cloud VMware Engine to manage your Google Cloud VMware Engine instances in VMware Aria Operations. For a successful configuration, the cloud account requires a Google Cloud Platform (GCP) project ID, service account JSON for the service account with appropriate privileges, and an optional CSP refresh token. The CSP refresh token is required if you would like to use bill-based costing and have purchased Google Cloud VMware Engine through VMware. Private clouds are auto-discovered after you save the cloud account for Google Cloud VMware Engine. You can then configure the credentials to monitor the underlying vCenter/vSAN and optionally the NSX-T and service discovery for each of the Private Clouds.
Prerequisites
- Create a service account in Google Cloud Platform with at-least the viewer role privileges, note down the Google Cloud Platform project ID that you would like to manage from VMware Aria Operations. Refer to the following Google Cloud Platform documentation pages for more information: Creating and Managing Service Accounts
- Generate an optional CSP refresh token for bill-based costing in the VMware Cloud Services Portal (CSP). Navigate to API Tokens under My Account and generate a CSP API token with the billing read-only role for the Google Cloud VMware Engine service.
Procedure
- From the left menu, click .
- On the Accounts tab, click Add Account.
- On the Accounts Types page, click Google Cloud VMware Engine.
- Enter a display name and description for the cloud account.
- Name. Enter the name for the Google Cloud VMware Engine instance as you want it to appear in VMware Aria Operations.
- Description. Enter any additional information that helps you manage your instances.
- Enter the Google Cloud Project ID in which Google Cloud VMware Engine service has been deployed.
Google Cloud projects form the basis for creating, enabling, and using all Google Cloud services including managing APIs, enabling billing, adding and removing collaborators, and managing permissions for Google Cloud resources. Google Cloud projects are uniquely identified by an ID called Project ID. Refer to the following Google Cloud documentation for more information:
Creating and Managing Projects.
- To add credentials for the Google Cloud VMware Engine instance, click the Add icon, and enter the required credentials.
- Credential Name: The name by which you are identifying the configured credentials.
- Service Account JSON: Create a service account in Google cloud with at least the "viewer" role privileges and download its private key as a JSON file. Enter the contents of the JSON file in this field.
Note: You can create and use a single service account JSON that is common, similar to a super user account, for all the projects.
- (Optional) CSP Refresh Token: Enter the API token if you want to use bill-based costing and Google Cloud VMware Engine was purchased from VMware. You can generate the CSP API refresh token from the Cloud Services Portal (CSP) with at least the billing read-only role for the Google Cloud VMware Engine service.
Note: Configure
all the projects that are linked to the organisation for accurate bill based costing.
Note: If any project of the
Google Cloud VMware Engine adapter instance is configured without the CSP token, then reference or rate card based costing will occur.
- Proxy Host/IP: A remote proxy server IP.
- Proxy Port: The port that is activated on a remote proxy server.
- Proxy Username: Enter the username of the proxy server or if you want to add a domain configured remote proxy server, then enter the username as username@domain name.
- Proxy Password: Password for the proxy server username.
- Click Validate Connection to validate the connection.
- Determine which VMware Aria Operations collector or collector group is used to manage the cloud account. If you have multiple collectors or collector groups in your environment, and you want to distribute the workload to optimize performance, select the collector or collector group to manage the adapter processes for this instance.
Note: It is recommended that use cloud proxy. Ensure that there is access to the Internet and it can reach the
Google Cloud VMware Engine Private Cloud's vCenter and NSX-T FQDNs. If the outbound internet access for the cloud proxy must be restricted, ensure the minimum cloud proxy prerequisites are met. Ensure that you have Internet connectivity for the collectors to work. For more details see,
Configuring Cloud Proxies in VMware Aria Operations.
Note: If you have installed cloud proxy in an
Google Cloud VMware Engine instance, the cloud proxy may not have outbound internet access to reach the
VMware Aria Operations service. To activate outbound internet access for the deployed cloud proxy, follow the steps described in the Google Cloud documentation in the following topic:
Configuring Internet Access for Workload VMs.
- Under Advanced Settings, enter the following details:
- (Optional) Configuration Limits File Name: The Google Cloud VMware Engine account uses the following default configuration maximum file: gcve_config_limits. This file contains the Google Cloud VMware Engine configuration maximum soft and hard limits, and their configured value in VMware Aria Operations. If you have increased the limits for any of the Google Cloud VMware Engine configurations, you must create a new configuration file (from ) and update the name of the new configuration file in this field.
- Billing Enabled: Set the option to true to enable bill-based costing.
- Click Save.
The page to configure the Private Clouds in
Google Cloud VMware Engine appears.
- From the list of available Private Clouds that are linked to the project configured in the Google Cloud VMware Engine instance, click any one of the Private Clouds that you want to monitor from VMware Aria Operations.
- Configure the vCenter adapter:
- Click the vCenter tab, and enter the required credentials.
- Credential Name. The name by which you are identifying the configured credentials.
- User Name. The vCenter Server user name. Use a user with the 'cloudadmin' role which has full visibility to vCenter Server. Users with less privileges have limited visibility, for example, the read-only users do not have visibility into management VMs.
- Password. The vCenter Server password configured for that vCenter Server user name.
- Select the required collector group.
Note:
If you have direct connectivity with your VMware Cloud vCenter Server, select Default collector group. If you are using a private IP for your vCenter Server or if you want to deploy Telegraf agents for application monitoring, select Cloud Proxy. The best practice is to deploy the Cloud Proxy on each Private Cloud instance of Google Cloud VMware Engine.
Select the cloud proxy deployed on the given vCenter Server and ensure it has access to the Internet. If the outbound internet access for the cloud proxy must be restricted, ensure that the minimum cloud proxy prerequisites are met.
For details, see Configuring Cloud Proxies in VMware Aria Operations.
It is advised not to use the default collector groups as the Google Cloud VMware Engine management gateway firewall rule does not allow traffic originating from any address.
If you have configured an HTTP proxy on your VMware Aria Operations cloud proxy, ensure that your HTTP proxy has an exception to access the NSX Management Policy endpoint.
- If you have installed cloud proxy in an Google Cloud VMware Engine Private Cloud, the cloud proxy may not have outbound internet access to reach the VMware Aria Operations service. To activate outbound internet access for the deployed cloud proxy, follow the steps as described in the Google documentation in the following topic: Configuring Internet Access for Workload VMs.
- Configure the vSAN Adapter.
- Click the vSAN tab. By default, the vSAN adapter is activated.
- Select Use alternate credentials to add alternate credentials. Click the plus icon, and enter the credential name, vCenter Server username, and password, and click OK.
- Select Enable SMART data collection, if required.
- Click Validate Connection to validate the connection.
- Click Next.
- Configure the NSX-T adapter.
- Click the NSX-T tab and the enter the required credentials.
- Activate NSX-T configuration if it is deactivated.
- Click the Add icon next to the Credential field and enter the required credentials.
- Credential Kind: Select either the NSX-T client certificate credential option or NSX-T credentials.
- Credential Name: The name by which you are identifying the configured credentials.
- User Name: The user name of the NSX-T instance if you have selected NSX-T credentials as the credentials kind.
- Password: The password of the NSX-T instance if you have selected NSX-T credentials as the credentials kind.
- Client certificate data: Enter client certificate data if you have selected NSX-T client certificate credentials as the credentials kind.
- Client key data: Enter client key data if you have selected NSX-T client certificate credentials as the credentials kind.
- Click OK.
- Click Validate Connection to validate the connection.
- (Optional) Configure Service Discovery. For more information, see Configure Service and Application Discovery.
- Click Save This Private Cloud.
After the adapters and cloud accounts are configured,
VMware Aria Operations discovers and monitors the environment that runs on
Google Cloud VMware Engine.