Google Cloud Platform integration



Abiquo has an integration with the Google Cloud Platform (GCP). For a summary of the GCP features supported, please see Google Cloud Platform features table.

Display billing data

Abiquo displays the billing data from the Google Cloud Platform (GCP) on the Hybrid dashboard. See Display Google Cloud Platform billing data




Create public cloud regions

To create an Abiquo public cloud region for GCP, follow the same easy process as for other providers in the multi-cloud platform. See Create a public cloud region.

After you create a region, to use the region, add GCP credentials to each enterprise.
For more details, see Obtain Google Cloud Platform credentials and Add public cloud credentials for a tenant 




Hardware profiles

When you add the first set of credentials, the platform will onboard the hardware profiles from GCP. GCP has some common families and types with the other providers, but there may be some gaps in the families and types. When users create VMs, the platform displays only the available families and types for selection.


GCP entity naming conventions

At the time of writing this documentation, the name of an entity in Google Cloud Platform (GCP):

  • Must start with a lowercase letter

  • Can contain lowercase letters, numbers, and dash ("-") characters

  • Can contain up to 63 characters

    • A dash counts as two characters

  • Cannot have a dash as the last character

For more details, see Google’s Compute Engine documentation: Naming resources  |  Compute Engine Documentation  |  Google Cloud




VM template catalog

When you have created a public cloud region, you can onboard VM templates for your users into the self-service Catalogue.

As in Microsoft Azure, the template search dialog has a Publishers section. For GCP, the publishers are public projects with VM templates. See https://cloud.google.com/compute/docs/images/os-details

The templates from these projects are the current versions. To configure the default projects, use Abiquo properties.




Global networks

The GCP integration manages two main types of networks: global networks and subnets. Global networks are private networks that are available in many regions (or cloud locations in Abiquo). The platform updates global networks and subnets from a region when you create or synchronize the region. 

Privileges: Manage global networks

There is a new Global section where you can view and manage the global networks and subnets in the virtual datacenters myCloud view. To open this section, click the Global globe button. 

You can create a global network with routing options and in test environments, you can automatically create subnets in all regions.

After you create a subnet for each region, onboard each subnet: first select the global network, then click synchronize and select the region where you will be working.




Subnets

Your users cannot deploy VMs in GCP without private subnet IP addresses, so users will need subnets of the global networks in their virtual datacenters.

Privileges: Manage global networks

Users with the appropriate privileges can create subnets of global networks in Virtual datacenters view, Locations view, and Global view.   

First select a global network, then select a virtual datacenter, if possible. We recommend that you configure a subnet as the default network because otherwise users will not be able to deploy VMs unless they manually add an IP address.

You can also add a subnet to a virtual datacenter when you create it. Or you can edit a subnet to assign it to the virtual datacenter, and also make the subnet the default network at this time.




Virtual datacenters

In GCP there is no virtual datacenter entity, so the platform will create a generic virtual datacenter to hold the resources that you onboard from each region. You can onboard the region in Virtual datacenters view. Just click the + add button and select Synchronize public cloud and then the public cloud region.

In GCP you can create a virtual datacenter in the same way as in other public cloud providers.

As mentioned above, to ensure your users can always deploy a VM, even when they haven't configured an IP address, we recommend that you go to the Defaults tab and assign a default Subnet. Abiquo will use the default subnet to automatically create a subnet IP with no user action.

The platform will create your virtual datacenter but it will not exist in GCP.




IP addresses

After you assign a subnet to the virtual datacenter, users can create IPs in the subnet to add to their VMs.

During IP creation, users can select static or ephemeral IPs. In Abiquo, Ephemeral IPs have no provider ID but they exist in GCP if they are on a VM that is deployed there. For more details, see: https://cloud.google.com/compute/docs/ip-addresses#networkaddresses. In subnets, static IP addresses have a name and a provider ID.

The GCP integration supports static external IPs and ephemeral external IPs. By default, for public IPs, when users create a public IP with Abiquo's Google Cloud Platform integration, it is a static external IP. When the user undeploys a VM, the provider will delete the ephemeral public IP addresses.

The GCP integration has the following limitations with replacing subnet IPs:

  • Users cannot change from one IP to another IP in the same subnet. As a workaround, you can change to another network, and then go back to the original network with a new IP.

  • Abiquo does not support Ephemeral public IPs, so you cannot onboard or replace these IPs

  • Google supports this model: 1 VNIC is 1 subnet IP and 1 external/public IP. If there is an ephemeral public IP in the VM, then the user will not be able to reconfigure and add public IPs.




Firewall policies

Abiquo supports Firewall policies for Google Cloud Platform (GCP). Abiquo firewall policies are GCP Firewall rules and they belong to VPC networks (Abiquo global networks), so administrators can manage firewalls in the myCloudGlobal view. After administrators onboard global networks from GCP, they can onboard firewalls too. Abiquo also enables users to assign firewalls to virtual datacenters, so administrators can recommend firewalls and set a default firewall for a virtual datacenter. 

The Google Cloud Platform integration automatically creates a firewall rule for each global network to allow remote access to the VM. By default the rule is called  "abq-fw-ssh-rdp-" + the SHA1 encryption of the global network name. In previous versions, Abiquo automatically assigned the firewall to VMs. Now the user must assign the firewall. The administrator can set a default firewall for a virtual datacenter. If the user doesn't assign a firewall, Abiquo will automatically assign the default firewall to VMs.

Users can create a firewall policy in the myCloud view in Virtual datacenters or in the Global view, which requires the privilege to Manage global networks. Users should be aware of the limitations on firewall names as for other entities in GCP. See GCP entity naming conventions. Users must select a firewall direction (incoming or outgoing) and enter a source or target in CIDR format. Users must also select allow or deny for the firewall type. Users must enter a priority, and for a higher priority, users should enter a lower number. There is no default in Abiquo but in GCP the default is 1000. Users can also enable Firewall rule logging in GCP. See Create a firewall policy in GCP

When users configure a VM, if they have the privilege to Assign firewalls to virtual machines, the platform displays all the tenant's GCP firewall policies that are managed by Abiquo. So the user experience here is very similar to the user experience in other public cloud providers. If users do not have the privilege to Assign firewalls to virtual machines, then Abiquo will enforce the default firewall. 






Load balancers

Abiquo supports load balancers in GCP. For more details see Abiquo and Google Cloud Platform load balancers.








Volumes

The GCP integration supports external storage volumes, which are zonal persistent disks. For more details, see https://cloud.google.com/compute/docs/disks#disk-types. . Users must select an Availability zone for the volume and then add their VM to the same zone. As always, when users edit VMs, they can go to the Storage tab and drag volumes into the VM.

The platform considers the boot disk to be a hard disk, so when you undeploy the VM, the platform will delete the boot disk. You can find any other external storage disks in the Volumes section of the virtual datacenter. You can reuse them on other VMs or or move them to another VDC in the same public cloud region. 

When you first onboard a disk, it will be in the same virtual datacenter as the VM that it is attached to. You can find persistent disks that are not attached to a VM in the cloud location, which you can access through the Locations section by clicking the Location symbol at the top of the Virtual datacenters list.

In Google Cloud Platform, you can set a flag to delete the disk when you destroy a VM, and in this case, GCP will delete the disk when you undeploy. The platform will remove the deleted disk as part of the periodic check or a synchronization process.




Configure virtual machines

In the GCP integration, as always, users can create a VM by clicking on a template and selecting an Availability zone.

As in all public cloud providers, the user selects a hardware profile to define the specifications of their VM.

VM networks

The user can also configure their VM NICs by dragging and IP addresses into the Network configuration. At this point, they can also add new IP addresses in the available networks, including automatically generated IPs. Remember that in GCP each VM must have an IP in a subnet. To be able to connect to the VM, users must add a public IP address. Abiquo will automatically manage the firewall for remote access.

VM storage

Users can also add storage volumes to VMs by dragging them from the Volumes list into the Storage pane.




VM bootstrap

On the Bootstrap tab, users can add scripts that are compatible with cloud-init. 

VM variables

The startup scripts can use variables that the users add on the Variables tab.


VM monitoring

On the Monitoring tab the platform displays the metrics available in Google Cloud Platform and users can select the metrics to display. For more details, see Display VM metrics. By default, Abiquo gets metrics from Google Cloud Platform every 5 minutes.






Remote access to VMs

Users can access their deployed Linux VMs via SSH by entering the username from the VM template and their SSH private key. (Users should register their public key in their account before they deploy a VM in public cloud). 

Users can access Windows VMs via RDP with the credentials from the VM template (username and password). The platform uses startup scripts to create the login for Windows VMs. To set the time to wait for startup scripts use Abiquo properties.






VM duplicate names and onboarding 

In GCP, the platform creates VMs with the VM name (ABQ_uuid) and they have a label with user's friendly name. But the platform identifies onboarded VMs by the name. So you cannot onboard a VM with a duplicate name from a Google Cloud region, even if it is in a different tenant. Abiquo will shortly start to identify the VM using the provider ID.






Tags

Abiquo creates tags as labels in GCP. See https://cloud.google.com/resource-manager/docs/creating-managing-labels. You can apply Abiquo tag policies to Abiquo tags in Google Cloud Platform. Google recommends that you do not store sensitive information using labels.

Copyright © 2006-2024, Abiquo Holdings SL. All rights reserved