Discover and Publish Resources hosted in Google Cloud Platform
- Updated on May 31, 2024
Overview
SonicWall Cloud Secure Edge (CSE) automatically discovers Google Cloud Platform (GCP) resources that need to be accessed by your end users. You can then publish these discovered resources as CSE services.
Prerequisites
Before proceeding through the steps below, ensure you have installed and configured the Python clients needed to interact with the CSE (formerly Banyan) and GCP APIs.
See the pybanyan docs for detailed instructions for GCP.
Run the test-gcp subcommand to ensure you’re correctly authenticated and authorized.
$> banyan cloud-resource test-gcp {gcp-project}
--> Google Cloud configuration test passed. Found 12 resources.
Steps
At a high level, you will:
- Step 1. Label your resources in GCP
- Step 2. Sync resources into Banyan
- Step 3. Select discovered resources to publish
- Step 4. Publish services
Step 1. Label your resources in GCP
In the GCP portal, add labels to the resources you need to discovered by CSE. For this guide, we use the label banyan_discovery to tag resources that should be discovered by CSE, but you can use any label for this purpose.
In the GCP console, use the Filter option to list the resources you have tagged.
Step 2. Sync resources into CSE
Now that your resources are tagged for discovery, use the pybanyan sync-azure subcommand to get the resource metadata from GCP and submit them via the CSE (formerly Banyan) API.
$> banyan cloud-resource sync-gcp all {gcp-project-group} --tag_name banyan_discovery
--> Getting list of GCP VM resources:
type id name public_dns_name public_ip private_dns_name private_ip ports provider account region tags
------ ---------------- ---------------- ----------------- -------------- ------------------ ------------ ------- ---------- --------- ---------- ------
vm 5624267940818835 at-tdupnsan 35.197.123.119 10.138.0.51 [] gcp tdnovpn us-west1-a 0
vm 1485283806815641 gke-tdteam0-gcp- 10.138.3.74 [] gcp tdnovpn us-west1-a 1
vm 5476031966784304 gke-tdteam0-gcp- 10.138.3.73 [] gcp tdnovpn us-west1-a 1
vm 3945933075325562 tdshield0-router 35.227.149.143 10.138.0.36 [] gcp tdnovpn us-west1-a 0
vm 3843061320042611 windows-server-2 34.82.129.0 10.138.3.77 [] gcp tdnovpn us-west1-b 0
--> Filtering for new GCP resources:
type id name public_dns_name public_ip private_dns_name private_ip ports provider account region tags
------ ---------------- ---------------- ----------------- -------------- ------------------ ------------ ------- ---------- --------- ---------- ------
vm 5624267940818835 at-tdupnsan 35.197.123.119 10.138.0.51 [] gcp tdnovpn us-west1-a 0
vm 1485283806815641 gke-tdteam0-gcp- 10.138.3.74 [] gcp tdnovpn us-west1-a 1
--> Syncing into CSE Cloud Resource inventory:
--> Sync with GCP successful.
You can specify the resource_type to be all or a specific supported resource_type - VM, LB, etc. Check pybanyan help for additional filtering options.
Step 3. Select discovered resources to publish
Once your cloud resources are synchronized, you will be able to view them in the Manage Services > Discovered Resources > Inventory section in the Banyan Command Center.
Select an individual resource to see more details, such as Private IP Address, Ports and Tags.
Step 4. Publish services
Click on the Publish icon to publish a Banyan service from of this discovered resource.
Select the type of service you wish to create, populate the required fields - such as service domain, access tier, etc - and attach a policy.
Congrats! You have discovered your GCP resources and published them for your end-users. You can repeat this process as often as you need.