Onboarding GCP Projects within an Organization

Prererequisites for Onboarding GCP Projects within an Organization

To onboard GCP projects within an organization in AppViewX, at the organizational level, you are first required to create and associate roles with the projects to be onboarded. For references to the GCP documentation for instructions, click here.

Onboarding GCP Projects within an Organization in AppViewX

  1. In the AppViewX UI, go to (Menu) > CERT+ > Administration > Device Management.
    The Device :: ADC page is displayed.
  2. On the Device :: Cloud page, click (Add).
    The Device :: Cloud > Add page is displayed.
  3. Under Device details, from the list of Vendors, select GCP.
  4. Enter/Select the Basic Information for onboarding a single GCP project.
    Table 1. Field description for the basic information
    Field Description
    *Onboarding Method From the dropdown list, select Onboard GCP Projects within Organization.
    *Account Name Enter your unique GCP account name.
    Note:
    • A duplicate account name should not exist in the cloud inventory.
    • The account name should include only alphanumeric and the period (.) characters.
    Account Description Enter a description of the GCP account to be added.
    Proxy Required To use a proxy server for this communication, select this checkbox.
    *Data Center From the dropdown list, select the data center through which communication with the certificate authority will be established.
  5. Enter/Select the Project & Credential Details.
    Table 2. Field descriptions for the project and credential details
    Field Description
    *Organization ID To discover and onboard the GCP projects within the organization, enter your unique GCP organization resource ID.
    Service Account Key

    To access the GCP services using AppViewX, the credentials are supplied either in a JSON or in the form of a certificate file.

    After you have created the GCP service account, you can download the JSON file or the certificate file with the credential details.

    Depending on the artifact download, from the Service Account Key field, select the JSON File or the Certificate Upload option.
    *Upload JSON
    Note: This field is displayed only when Service Account Key = JSON File.
    Click Upload and navigate to the location of the JSON file.
    *Certificate and Key
    Note: This field is displayed only when Service Account Key = Certificate Upload.
    Click Upload and navigate to the location of the certificate file.
    *Email
    Note: This field is displayed only when Service Account Key = Certificate Upload.
    Enter your email ID registered with GCP.
    *Project Id
    Note: This field is displayed only when Service Account Key = Certificate Upload.
    Enter your GCP project ID.
    Validate Credential To validate the credentials uploaded using JSON/certificate file, click validate credential.
  6. Enter/Select the details required to Discover Resources.
    Note: The fields in this section are enabled only after the credentials entered in the Project & Credential Details section have been validated.
    Table 3. Field descriptions for discovering resources
    Field Description
    *Project Onboarding State

    From the following values, select the state for onboarding the projects discovered from the GCP organization:

    • Managed: Enables project onboarding and allows instant GCP cloud resource and certificate discovery

    • Unmanaged: Disables project onboarding, preventing resource and certificate discovery for these projects.
    *Service Type From the dropdown list, select the services required for CLM operations.
    Cert Sync

    Select from one of the following options:

    • Managed: AppViewX will connect with your GCP account and discover certificates. These certificates will be added to the inventory. Users with the relevant permissions can then perform the required certificate-related actions.

    • Monitored: AppViewX will connect with your GCP account and discover certificates. These certificates will be added to the inventory where the users will be allowed to only view the certificates.

    • Ignored: AppViewX will connect with your GCP account but certificate discovery will be disabled.
    Auto Sync

    To enable (default)/disable automatic synchronization, use the Auto Sync key.

    Currently the GCP implementation in AppViewX only supports schedule-based synchronization.
    Schedule Based Discovery
    Note: This field is displayed when Auto Sync is enabled.
    To schedule a discovery, set the frequency using the two dropdown lists for this field. For example, to set the frequency to 10 days:
    1. From the first dropdown list, select 10.
    2. From the second dropdown list, select Days.
  7. Click Save.
    Details of the added GCP account are displayed in the outer inventory (explained here).