English

Managing GCP credentials and subscriptions for Cloud Manager

Contributors netapp-bcammett Download PDF of this page

You can manage two types of Google Cloud Platform credentials from Cloud Manager: the credentials that are associated with the Connector VM instance and storage access keys used with a Cloud Volumes ONTAP 9.6 system for data tiering.

Associating a Marketplace subscription with GCP credentials

When you deploy a Connector in GCP, Cloud Manager creates a default set of credentials that are associated with the Connector VM instance. These are the credentials that Cloud Manager uses to deploy Cloud Volumes ONTAP.

At any time, you can change the Marketplace subscription that’s associated with these credentials. The subscription enables you to create a pay-as-you-go Cloud Volumes ONTAP system, and to use other NetApp cloud services.

Steps
  1. In the upper right of the Cloud Manager console, click the Settings icon, and select Credentials.

  2. Hover over a set of credentials and click the action menu.

  3. From the menu, click Associate Subscription.

    A screenshot of the Credentials page where you can add a subscription to GCP credentials from the menu.

  4. Select a Google Cloud project and subscription from the down-down list or click Add Subscription and follow the steps to create a new subscription.

    A screenshot of a Google Cloud project and subscription selected for Google Cloud credentials.

  5. Click Associate.

Setting up and adding GCP accounts for data tiering with Cloud Volumes ONTAP 9.6

If you want to enable a Cloud Volumes ONTAP 9.6 system for data tiering, you need to provide Cloud Manager with a storage access key for a service account that has Storage Admin permissions. Cloud Manager uses the access keys to set up and manage a Cloud Storage bucket for data tiering.

If you want to use data tiering with Cloud Volumes ONTAP 9.7, then follow step 4 in Getting started with Cloud Volumes ONTAP in Google Cloud Platform.

Setting up a service account and access keys for Google Cloud Storage

A service account enables Cloud Manager to authenticate and access Cloud Storage buckets used for data tiering. The keys are required so that Google Cloud Storage knows who is making the request.

Steps
  1. Open the GCP IAM console and create a service account that has the Storage Admin role.

    A screenshot of the GCP IAM console that shows the selection of the Storage Admin role for a service account.

  2. Go to GCP Storage Settings.

  3. If you’re prompted, select a project.

  4. Click the Interoperability tab.

  5. If you haven’t already done so, click Enable interoperability access.

  6. Under Access keys for service accounts, click Create a key for a service account.

  7. Select the service account that you created in step 1.

    A screenshot of the GCP storage console that shows a selected service account for a new access key.

  8. Click Create Key.

  9. Copy the access key and secret.

    You’ll need to enter this information in Cloud Manager when you add the GCP account for data tiering.

Adding a GCP account to Cloud Manager

Now that you have an access key for a service account, you can add it to Cloud Manager.

What you’ll need

You need to create a Connector before you can change Cloud Manager settings. Learn how.

Steps
  1. In the upper right of the Cloud Manager console, click the Settings icon, and select Credentials.

    A screenshot that shows the Settings icon in the upper right of the Cloud Manager console.

  2. Click Add Credentials and select Google Cloud.

  3. Enter the access key and secret for the service account.

    The keys enable Cloud Manager to set up a Cloud Storage bucket for data tiering.

  4. Confirm that the policy requirements have been met and then click Create Account.

What’s next?

You can now enable data tiering on individual volumes on a Cloud Volumes ONTAP 9.6 system when you create, modify, or replicate them. For details, see Tiering inactive data to low-cost object storage.

But before you do, be sure that the subnet in which Cloud Volumes ONTAP resides is configured for Private Google Access. For instructions, refer to Google Cloud Documentation: Configuring Private Google Access.