Google Cloud plug-in for VMware Aria

Introduction

The Google Cloud Plug-in for VMware Aria Automation Orchestrator lets you provision and manage Google Cloud resources using VMware Aria Automation Orchestrator and VMware Aria Automation, including Compute Engine instances, GKE clusters, Spanner and Cloud SQL instances, and Cloud Storage buckets.

Benefits

The Google Cloud Plug-in for VMware Aria provides a consistent management and governance experience across on-premises and Google Cloud-based IT environments. For example, you can use Google-provided blueprints or build your own blueprints for Compute Engine resources and publish to the VMware Aria service catalog. This means that you can select and launch resources predictably using a tool you're already familiar with when you orchestrate VMs in your on-premises VMware environment.

Prerequisites

You need a Google Billing account to complete the instructions in this guide. If you don't have an account, see Create, Modify, or Close Your Billing Account. New Google Cloud users might be eligible for a free trial.

This guide assumes that you have a working knowledge of the following:

Supported Google Cloud products

The plug-in supports the following Google Cloud resources:

  • BigQuery
  • Filestore
  • Cloud KMS
  • Pub/Sub
  • Spanner
  • Cloud SQL
  • Cloud Storage
  • Compute Engine
  • IAM service accounts and keys
  • Google Kubernetes Engine clusters
  • Virtual Private Cloud networks and firewall rules
  • Turnkey VM-based application servers:
    • ASP.NET
    • MS SQLServer Enterprise
    • WordPress
    • LAMP
    • HA load-balanced Compute Engine VM cluster

Setting up the Google Cloud plug-in for VMware Aria

This section explains how to install and configure the plug-in.

Set up your Google Cloud environment

  1. Sign in to your Google Cloud account. If you're new to Google Cloud, create an account to evaluate how our products perform in real-world scenarios. New customers also get $300 in free credits to run, test, and deploy workloads.
  2. In the Google Cloud console, on the project selector page, select or create a Google Cloud project.

    Go to project selector

  3. Make sure that billing is enabled for your Google Cloud project.

  4. Enable the Compute Engine API.

    Enable the API

  5. In the Google Cloud console, on the project selector page, select or create a Google Cloud project.

    Go to project selector

  6. Make sure that billing is enabled for your Google Cloud project.

  7. Enable the Compute Engine API.

    Enable the API

Download the plug-in

Create and download service account JSON

In order to have the Google Cloud plug-in for VMware Aria interact with your Google Cloud resources, the plug-in needs to have a service account credential that is used to authenticate API calls to Google Cloud.

  1. In the Google Cloud console, go to the select IAM & admin page

    Go to the IAM & admin page

  2. Select Service accounts and then click Create Service Account.

  3. Give the service account a name and optionally provide a description.

  4. Click Create.

  5. Grant the following roles to the service account. (Use the filter box at the top to find these roles.)

    • To enable the plug-in to create and manage Compute Engine instances, add the Compute Admin and Service Account User roles.
    • To enable the plug-in to manage GKE clusters, add the Kubernetes Engine Admin role.
    • To enable the plug-in to manage Pub/Sub topics and subscriptions, add the Pub/Sub Admin role.

    To enable the plug-in to manage additional resource types, add the appropriate role. For more information, see Understanding Service Accounts.

  6. Alternatively, to enable the plug-in to manage all Google Cloud resource types, give the service account the Editor role on the project. However, it's a best practice to grant the fewest privileges that are necessary in order for the plug-in to manage your Google Cloud resources.

  7. When you've finished assigning roles, click Continue.

  8. Click Create Key and select the JSON option.

Your browser downloads a new service account credential file in JSON format that contains the service account private key. Store this in a secure location, because you need it later to create the Google Cloud connection in the plug-in.

Install the plug-in in VMware Aria Automation Orchestrator

You can now configure the plug-in in VMware Aria Automation Orchestrator.

  1. In your browser, log in to the VMware Aria Automation Orchestrator Control Center as an administrator. The URL is typically like the following:

    https://hostname:8283/vco-controlcenter
  2. Go to the Manage Plug-Ins page.

  3. Browse for the plug-in file you downloaded and click Upload.

  4. If you accept the EULA, click Install.

  5. If you're prompted, click Save Changes.

    Wait for VMware Aria Automation Orchestrator to restart its services before you use the plug-in. The restart might take a few minutes. You'll know that VMware Aria Automation Orchestrator has restarted when you see all green checkmarks in the Validate Configuration page.

    VMware Aria Automation Orchestrator Validate Configuration page, showing success for
all the validation
tasks.

Establish a Google Cloud connection in VMware Aria Automation Orchestrator

The final stage in the setup is to use the service account credential file you downloaded earlier to establish a connection in the VMware Aria Automation Orchestrator. Doing this allows the plug-in to execute operations on behalf of any logged-in VMware Aria Automation Orchestrator user.

  1. In the Workflows tab of VMware Aria Automation Orchestrator, select Library > GCP > Configuration > Create GCP Connection.
  2. Provide a name for the connection.
  3. Provide the key in either of these ways:

    • Attach the service account credential file that you downloaded earlier
    • Paste the credential in the Paste JSON-encoded Service Account field.

    Create Google Cloud Connection page, showing a .json file for upload

  4. If your VMware Aria Automation Orchestrator server needs to connect to a proxy server before reaching the public internet, check the Use proxy? option and provide your proxy server details:

    Page showing the option to use a proxy enabled, the proxy port (2832), Basic authentication selected, and a username and masked password

  5. When the workflow completes, go to the Inventory tab in the VMware Aria Automation Orchestrator client.

    In the Google Cloud Platform tree entry, you see a new subtree with your connection name and project ID. Unless you already have Google Cloud resources, most of the tree nodes are empty except for the ones available by default in a project. These include Compute Regions/Zones, the default network and firewall rules, and the service account that you created and used to establish the connection from VMware Aria Automation Orchestrator.

    VMware Aria Automation Orchestrator image client, showing the Inventory tab with VM Instances selected.

You have now completed the configuration of the plug-in, and you can run any of the other workflows available in the Google Cloud directory.

Working with Google Cloud resources in VMware Aria Automation Orchestrator and VMware Aria Automation

This section provides an overview of using workflows in the Google Cloud plug-in for VMware Aria.

Authenticating and authorizing users

VMware Aria administrators and users authenticate to VMware Aria Automation Orchestrator and VMware Aria Automation using VMware Aria role-based access management. VMware Aria roles are not mapped to IAM permissions. Instead, all VMware Aria user and administrator actions are performed using the same Google Cloud service account that was used when creating the connection. The service account must have appropriate IAM permissions to allow VMware Aria users to provision resources in Google Cloud, as described earlier.

You can create more than one connection, each one using different Google Cloud projects and service accounts. This lets you isolate user and administrator actions by granting specific user groups access to a connection. You can specify a different connection for each workflow that's used to create a new resource, and each workflow that operates on an existing resource infers the connection from the project ID where the resource is located.

Running Google Cloud workflows in VMware Aria Automation Orchestrator

The workflows included in the Google Cloud plug-in for Vmware Aria Automation Orchestrator lets users create many common Google Cloud resources, including Compute Engine instances, GKE clusters, Virtual Private Cloud firewall rules, Cloud Storage buckets. In general, workflows for creating these resources can be accessed within the folder for the resource type (for example, Instances for Compute Engine instances).

As an example of how to run a Google Cloud workflow, the following section describes how to build a Compute Engine instance.

Create a Compute Engine instance

  1. In the VMware Aria Automation Orchestrator folder, open GCP > Instances, and then click Create Instance.

    VMware Aria Automation Orchestrator folder, with Instances > Create Instance selected.

  2. Select a Google Cloud connection. This provides the authorization credential to be able to interact with Google Cloud APIs.

    Select Google Cloud Connection dialog in the Create Network step of starting a workflow

  3. Use the fields to customize the configuration of the VM instance, such as specifying the region, zone, instance name, machine type, and so on. Required fields are marked with a red asterisk.

    Specifying Google Cloud VM instance options, like name, machine type, and OS

  4. Click Next to move to additional pages that let you specify options like a startup script, tags, an external IP address, and an SSH key.

    Specifying Google Cloud VM instance options, like startup script

  5. Optionally, examine the information in the Price estimate form. This page provides an estimated calculation of the monthly cost for running the VM. This is not intended to be an exact measure of your expected billing charges, but can provide a rough estimate to use for budgeting purposes.

    Price estimator showing a monthly cost of $24.67

  6. When you've finished specifying options, click Submit.

    In the Logs tab of the workflow execution page, you see diagnostic information that indicates the status of the create operation.

    A log listing showing the outcome of creating an instance, with multiple entries that read RUNNING

    The workflow completes after a few seconds. You can then reload the VM instances node to view the new instance in the VMware Aria Automation Orchestrator inventory tree.

    Folder tree with Google Cloud > Default > VM Instances > instance-1 selected

  7. To show attributes of the new instance, click it in the listing.

    Dialog showing attributes of the new instance, like creation time, external IP address, and zone

  8. Optionally, in the Google Cloud console, go to the VM Instances page and find your new instance.

    Google Cloud console showing the new VM image

Execute a Day 2 workflow on an existing Compute Engine instance

In VMware documentation, Day 2 operations are those that you perform after initial provisioning. This section describes how to execute an operational workflow on a Google Cloud resource.

As an example, the following procedure shows how to run a workflow on an existing Compute Engine instance.

  1. In VMware Aria Automation Orchestrator, right-click the resource and select Run workflow.

    Right-click menu with Run workflow selected

  2. Click on the workflow to execute, and then click Select.

    VMware Aria Automation Orchestrator Chooser dialog, showing the Reset Instance workflow selected.

    The VM instance is populated in the form field.

  3. Run the workflow to perform the action. (In this case, to reset the instance.)

    Reset Instance step of the Start Workflow flow, showing instance-1 selected

    A dialog appears and remains on the screen until the workflow completes. You may optionally choose to send the workflow to the background if you want to perform other tasks while it runs.

  4. Optionally, go to the Google Cloud console and note the effect of running the workflow.

    Google Cloud console, showing result (stop image) of workflow in VMware Aria Automation Orchestrator.

Using VMware Aria Automation with Google Cloud

The Google Cloud plug-in for VMware Aria Automation Orchestrator enables VMware Aria Automation administrators to create blueprints of Google Cloud resources and publish them to the VMware Aria Automation catalog. End users can request and deploy blueprints.

For more information, see Designing and Publishing Blueprints in the VMware documentation.

Creating XaaS blueprints in VMware Aria Automation from VMware Aria Automation Orchestrator

This section describes the procedure for using workflows provided by VMware Aria Automation Orchestrator and by the Google Cloud plug-in for VMware Aria Automation Orchestrator to import the XaaS resource types and blueprints that you intend to use inside of VMware Aria Automation.

Add a VMware Aria Automation host

  1. In VMware Aria Automation Orchestrator, go to the Workflows tab and then open VMware Aria Automation > Configuration.
  2. Run the Add a vRA Host workflow.

    Folder tree with VMware Aria Automation > Configuration > Add a vRA host selected.

  3. Provide the information for your VMware Aria Automation host. Be sure to use a user account that has IaaS administrative roles assigned to it.

Import XaaS custom resources

  1. In VMware Aria Automation Orchestrator, go to the Workflows tab and then open GCP > vRA Blueprints.
  2. Run the Import XaaS Custom Resources workflow.

    Folder tree with vRA Blueprints > Import XaaS Custom Resources selected

  3. Choose your VMware Aria Automation host and select the Google Cloud resource types that you want to have available in VMware Aria Automation. For example, if you want to manage Cloud Storage resources in VMware Aria Automation, select Google Cloud:Bucket and Google Cloud:StorageObject. By default, all Google Cloud types available in the plug-in are selected.

    Dialog showing a vRA host, Google Cloud types, and Google Cloud:Bucket selected

  4. Submit the workflow.

    When it completes, you see the imported custom resources in the Design > XaaS > Custom Resources section of VMware Aria Automation.

    vRealize Automation Development page, showing the Custom Resources pane and various Google Cloud bucket attributes

Import XaaS service blueprints

  1. In VMware Aria Automation Orchestrator, go to the Workflows tab and open GCP > vRA Blueprints.
  2. Run the Import XaaS Services Blueprints workflow.

    Folder tree with vRA Blueprints > Import XaaS Services Blueprints selected

  3. Choose your VMware Aria Automation Host and select the workflows that create instances of the custom resource types that you imported in the previously. For example, the BigQuery > Create Dataset workflow is available because it is used to create a Google Cloud:Dataset.

    You can select as many workflows as you want based on the custom resource types known to your VMware Aria Automation Host. The service name field is used to define the name of the VMware Aria Automation service catalog.

    Array of string dialog, showing a listing of workflows

  4. Submit the workflow.

    When it completes, you see all of the imported blueprints under the Design > XaaS > XaaS Blueprints section in VMware Aria Automation Orchestrator.

    XaaS Blueprints dialog, showing a listing of available blueprints

  5. To verify the workflows, in VMware Aria Automation Orchestator, go to Administration > Catalog Management > Catalog Items.

    You see that the new Google Cloud service has been added and that each of the XaaS blueprints has been added as a catalog item within the new service.

    VMware Aria Automation Development page, showing the Catalog Items pane and a listing of catalog items.