Installing the data broker in Google Cloud Platform

Contributors netapp-bcammett Download PDF of this page

When you create a new data broker, choose the GCP Data Broker option to deploy the data broker software on a new virtual machine instance in a VPC. Cloud Sync guides you through the installation process, but the requirements and steps are repeated on this page to help you prepare for installation.

You also have the option to install the data broker on an existing Linux host in the cloud or on your premises. Learn more.

Supported GCP regions

All regions are supported.

Networking requirements

  • The data broker needs an outbound internet connection so it can poll the Cloud Sync service for tasks over port 443.

    When Cloud Sync deploys the data broker in GCP, it creates a security group that enables the required outbound communication.

    If you need to limit outbound connectivity, see the list of endpoints that the data broker contacts.

  • NetApp recommends configuring the source, target, and data broker to use a Network Time Protocol (NTP) service. The time difference between the three components should not exceed 5 minutes.

Permissions required to deploy the data broker in GCP

Ensure that the GCP user who deploys the data broker has the following permissions:

- compute.networks.list
- compute.regions.list
- deploymentmanager.deployments.create
- deploymentmanager.deployments.delete
- deploymentmanager.operations.get
- iam.serviceAccounts.list

Permissions required for the service account

When you deploy the data broker, you need to select a service account that has the following permissions:

- logging.logEntries.create
- resourcemanager.projects.get
- storage.buckets.get
- storage.buckets.list
- storage.objects.*
- iam.serviceAccounts.signJwt
Note The "iam.serviceAccounts.signJwt" permission is required only if you’re planning to set up the data broker to use an external HashiCorp vault.

Installing the data broker

You can install a data broker in GCP when you create a sync relationship.

Steps
  1. Click Create New Sync.

  2. On the Define Sync Relationship page, choose a source and target and click Continue.

    Complete the steps until you reach the Data Broker page.

  3. On the Select a Data Broker page, click the Create Data Broker and then select Google Cloud Platform.

    If you already have a data broker, you’ll need to click the A screenshot if the plus icon icon first.

    A screenshot of the Data Broker page that enables you to choose between an AWS, Azure, GCP, and On-Prem data broker.

  4. Enter a name for the data broker and click Continue.

  5. If you’re prompted, log in with your Google account.

    The form is owned and hosted by Google. Your credentials are not provided to NetApp.

  6. Select a project and service account and then choose a location for the data broker, including whether you want to enable or disable a public IP address.

    If you don’t enable a public IP address, then you’ll need to define a proxy server in the next step.

    A screenshot that shows the information required to deploy a data broker in Google Cloud.

  7. Specify a proxy configuration, if a proxy is required for internet access in the VPC.

    If a proxy is required for internet access, then the proxy must be in Google Cloud and use the same service account as the data broker.

  8. Once the data broker is available, click Continue in Cloud Sync.

    The instance takes approximately 5 to 10 minutes to deploy. You can monitor the progress from the Cloud Sync service, which automatically refreshes when the instance is available.

  9. Complete the pages in the wizard to create the new sync relationship.

Result

You’ve deployed a data broker in GCP and created a new sync relationship. You can use this data broker with additional sync relationships.

Providing permissions to use buckets in other Google Cloud projects

When you create a sync relationship and choose Google Cloud Storage as the source or target, Cloud Sync enables you to choose from the buckets that the data broker’s service account has permissions to use. By default, this includes the buckets that are in the same project as the data broker service account. But you can choose buckets from other projects if you provide the required permissions.

Steps
  1. Open the Google Cloud Platform console and load the Cloud Storage service.

  2. Click the name of the bucket that you’d like to use as a source or target in a sync relationship.

  3. Click Permissions.

  4. Click Add.

  5. Enter the name of the data broker’s service account.

  6. Select a role that provides the same permissions as shown above.

  7. Click Save.

Result

When you set up a sync relationship, you can now choose that bucket as the source or target in the sync relationship.

Details about the data broker VM instance

Cloud Sync creates a data broker in Google Cloud using the following configuration.

Machine type

n1-standard-4

vCPUs

4

RAM

15 GB

Operating system

Red Hat Enterprise Linux 7.7

Disk size and type

20 GB HDD pd-standard