Managing GCP credentials and subscriptions for Cloud Manager

Contributors netapp-bcammett felix-melligan

You can manage two types of Google Cloud Platform credentials from Cloud Manager: the credentials that are associated with the Connector VM instance and storage access keys used with a Cloud Volumes ONTAP 9.6 system for data tiering.

Associating a Marketplace subscription with GCP credentials

When you deploy a Connector in GCP, Cloud Manager creates a default set of credentials that are associated with the Connector VM instance. These are the credentials that Cloud Manager uses to deploy Cloud Volumes ONTAP.

At any time, you can change the Marketplace subscription that’s associated with these credentials. The subscription enables you to create a pay-as-you-go Cloud Volumes ONTAP system, and to use other NetApp cloud services.

Steps
  1. In the upper right of the Cloud Manager console, click the Settings icon, and select Credentials.

  2. Click the action menu for a set of credentials and then select Associate Subscription.

    A screenshot of the action menu for a set of existing credentials.

  3. Select a Google Cloud project and subscription from the down-down list.

    A screenshot of a Google Cloud project and subscription selected for Google Cloud credentials.

  4. Click Associate.

  5. If you don’t already have a subscription, click Add Subscription and follow the steps to create a new subscription below.

    Note Before you complete the following steps, ensure that you have both Billing Admin privileges in your Google Cloud account as well as a NetApp Cloud Central login.
  6. Reivew the subscription steps and click Continue.

    A screenshot of a subscription pop-up.

  7. After you’re redirected to the NetApp Cloud Manager page on the Google Cloud Marketplace, ensure that the correct project is selected at the top navigation menu.

    A screenshot of the GCP CVO marketplace page.

  8. Click Subscribe.

  9. Select the appropriate billing account and agree to the terms and conditions.

    A screenshot of the GCP terms and conditions.

  10. Click Subscribe.

    This step sends your transfer request to NetApp.

  11. On the pop-up dialog box, click Register with NetApp, Inc. to be redirected to NetApp Cloud Central.

    A screenshot of a registration pop-up.

    Note This step must be completed to link the GCP subscription to your NetApp account. The process of linking a subscription isn’t complete until you are redirected from this page and then sign in to NetApp Cloud Central.
  12. After you’re redirected to Cloud Central, log in to NetApp Cloud Central or sign up, and then click Done to proceed.

    The GCP subscription will be linked to all NetApp accounts that your user login is associated with.

    A screenshot of mapping a GCP subscription to a NetApp account.

    Note If someone from your organization has already subscribed to the NetApp Cloud Manager subscription from your billing account, then you will be redirected to the Cloud Volumes ONTAP page on NetApp Cloud Central instead. If this is unexpected, contact your NetApp sales team. Google enables only one subscription per Google billing account.
  13. Once this process is complete, navigate back to the Credentials page in Cloud Manager and select this new subscription.

    A screenshot of the subscription assignment page.

Troubleshooting the Marketplace subscription process

Sometimes subscribing to Cloud Volumes ONTAP through the Google Cloud Marketplace can become fragmented due to incorrect permissions or accidentally not following the redirection to NetApp Cloud Central. If this happens, use the following steps to complete the subscription process.

Steps
  1. Navigate to the NetApp Cloud Manager page on the Google Cloud Marketplace to check on the state of the order. If the page states Manage on Provider, scroll down and click Manage Orders.

    A screenshot of the marketplace page post subscription.

    1. If the order shows a green check mark and this is unexpected, somebody else from the organization using the same billing account might already be subscribed. If this is unexpected or you require the details of this subscription, contact your NetApp sales team.

      A screenshot of an accepted entitlement.

    2. If the order shows a clock and Pending status, go back to the marketplace page and choose Manage on Provider to complete the process as documented above.

      A screenshot of a pending marketplace entitlement.

Setting up and adding GCP accounts for data tiering with Cloud Volumes ONTAP 9.6

If you want to enable a Cloud Volumes ONTAP 9.6 system for data tiering, you need to provide Cloud Manager with a storage access key for a service account that has Storage Admin permissions. Cloud Manager uses the access keys to set up and manage a Cloud Storage bucket for data tiering.

Tip If you want to use data tiering with Cloud Volumes ONTAP 9.7 or later, then follow step 4 in Getting started with Cloud Volumes ONTAP in Google Cloud Platform.

Setting up a service account and access keys for Google Cloud Storage

A service account enables Cloud Manager to authenticate and access Cloud Storage buckets used for data tiering. The keys are required so that Google Cloud Storage knows who is making the request.

Steps
  1. Open the GCP IAM console and create a service account that has the Storage Admin role.

    A screenshot of the GCP IAM console that shows the selection of the Storage Admin role for a service account.

  2. Go to GCP Storage Settings.

  3. If you’re prompted, select a project.

  4. Click the Interoperability tab.

  5. If you haven’t already done so, click Enable interoperability access.

  6. Under Access keys for service accounts, click Create a key for a service account.

  7. Select the service account that you created in step 1.

    A screenshot of the GCP storage console that shows a selected service account for a new access key.

  8. Click Create Key.

  9. Copy the access key and secret.

    You’ll need to enter this information in Cloud Manager when you add the GCP account for data tiering.

Adding a GCP account to Cloud Manager

Now that you have an access key for a service account, you can add it to Cloud Manager.

What you’ll need

You need to create a Connector before you can change Cloud Manager settings. Learn how.

Steps
  1. In the upper right of the Cloud Manager console, click the Settings icon, and select Credentials.

    A screenshot that shows the Settings icon in the upper right of the Cloud Manager console.

  2. Click Add Credentials and select Google Cloud.

  3. Enter the access key and secret for the service account.

    The keys enable Cloud Manager to set up a Cloud Storage bucket for data tiering.

  4. Confirm that the policy requirements have been met and then click Create Account.

What’s next?

You can now enable data tiering on individual volumes on a Cloud Volumes ONTAP 9.6 system when you create, modify, or replicate them. For details, see Tiering inactive data to low-cost object storage.

But before you do, be sure that the subnet in which Cloud Volumes ONTAP resides is configured for Private Google Access. For instructions, refer to Google Cloud Documentation: Configuring Private Google Access.