Day 1 setup guide for Google Cloud through Cloud Services Catalog Terraform Connector
Summarize
Summary of Day 1 setup guide for Google Cloud through Cloud Services Catalog Terraform Connector
This guide outlines the essential initial setup steps for the ServiceNow® Google Cloud Connector application using the Cloud Services Catalog Terraform Connector, specifically for the Yokohama release. Completing these Day 1 procedures enables your organization to integrate Google Cloud Platform (GCP) accounts with ServiceNow Cloud Provisioning and Governance, facilitating automated cloud resource discovery and management. After Day 1, optional Day 2 configurations can further extend functionality.
Show less
Important: The ServiceNow Cloud Provisioning and Governance: Google Cloud Connector is deprecated and no longer supported; please refer to the official deprecation notice for further details.
Roles and Terminology
- Google Cloud Console operations require a Google administrator role.
- Cloud Provisioning and Governance operations require the
sncmp.cloudadminrole. - ServiceNow uses generic terms for cloud components to support multiple providers; for example, Google Cloud "regions" map to ServiceNow "datacenters" or "logical datacenters (LDCs)." This abstraction supports provider-agnostic cloud management.
Key Setup Tasks
The Day 1 setup involves:
- Requesting and activating the Cloud Provisioning and Governance and Google Cloud Connector applications from the ServiceNow Store.
- Assigning appropriate roles to cloud administrators and end users within ServiceNow.
- Gathering GCP account settings and credentials from the Google Cloud Console, necessary for programmatic access by the Discovery process via MID Servers.
- Securely associating these credentials with a ServiceNow service account record.
- Installing and configuring MID Servers to securely connect and communicate with Google Cloud APIs, recommended to have one MID Server per datacenter for performance and security.
- Creating a ServiceNow cloud account representing your managed GCP infrastructure, linking it with one or more provider service accounts, and specifying which datacenters it includes.
- Manually running the Discovery process on each datacenter to populate the CMDB with resource data, then scheduling regular Discovery runs to keep data current.
Additional Integration Details
- Cloud providers like Google can auto-update the CMDB on resource lifecycle changes; this integration can be configured for direct updates with Cloud Provisioning and Governance.
- The MID Server encrypts data in transit both to and from Google Cloud API endpoints, ensuring secure communications.
- Even if MID Servers exist for other providers, you must configure MID Servers specifically for Google Cloud environments.
Next Steps
After completing Day 1 and any desired Day 2 setup procedures, consult the Cloud Provisioning and Governance administration guide for comprehensive usage instructions and further configuration options within your organization.
To set up the ServiceNow® Google Cloud Connector application for the very first time, you perform the procedures in this "Day 1" setup guide. Be sure to perform the procedures in order. After you have performed Day 1 setup, you can perform optional Day 2 setup and configuration procedures as needed and in any order. Detailed instructions for each procedure follow this overview.
Roles required to set up Google Cloud Platform
- Operations in the Google Cloud Console require the Google administrator role.
- Operations in Cloud Provisioning and Governance require the sn_cmp.cloud_admin role.
About terms that Cloud Provisioning and Governance uses
Cloud providers often use different names for accounts, regions, and credential settings. Because the ServiceNow application supports several cloud providers, the app uses general-purpose names for the settings. In the Google Cloud Platform, the region-specific containers for virtual resources are called regions. In ServiceNow cloud data model, regions are called datacenters or logical datacenters (LDCs). The term logical is used to reinforce the idea that Cloud Provisioning is provider-agnostic. All infrastructure or applications that are deployed using Cloud Provisioning are associated with a datacenter.
Quick overview of the setup process
- If needed: Request the Cloud Provisioning and Governance application.
- Download the Connector app and supporting store apps on the ServiceNow Store and activate the store applications.
- Assign appropriate roles to cloud admins and end users.
- On the provider portal, collect your account settings and the credentials that the Discovery process will use (through a MID Server) to programmatically access your provider accounts. Securely associate the account settings and credentials with a service account in Cloud Provisioning.
- Set up the MID Servers that will handle secure communications with the provider API endpoints.
- Set up a cloud account to represent your entire managed cloud infrastructure and set up a service account that works with one of your provider accounts. You specify which datacenters in the service account should be included in the cloud account. (Later, on "Day 2", you can set up additional cloud accounts and service accounts from the same or other providers.)
- To populate the CMDB with resource data for all datacenters, you manually run the Discovery process on each datacenter
in the service
account. Then, to ensure that the data continues to be updated, you configure Discovery to run on a regular
schedule. Your cloud
account might look like this:
Figure 1. Structure of a cloud account on Day 1 - Providers offer services that can auto-update the CMDB whenever a create/modify/terminate life-cycle change or configuration update occurs to a resource. You can configure the service to integrate directly with Cloud Provisioning and Governance.
What you will do to integrate your Google Cloud Platform cloud accounts
Detailed instructions for each procedure follow this overview.- Get the CSC Terraform Connector app on the ServiceNow Store
- Assign roles to Google Cloud
Platform users
You assign Cloud Provisioning and Governance roles to user groups and to individual users based on user activities and responsibilities.
- Install and configure MID Servers to access cloud environmentsTo ensure secure and reliable communications, the Discovery process communicates with your cloud provider accounts and cloud resources through one or more MID Servers. You can set up the MID Servers on your network or in one of your cloud networks.Note:Data is encrypted to the MID Server and between the MID Server and the API endpoint. To ensure high performance and security, you should configure one or more MID Server for each datacenter under management. Configure the MID Server even if you have already configured other MID Servers while setting up Cloud Provisioning and Governance for another cloud provider.
- Specify the credentials that Cloud Provisioning and Governance: Google Cloud Connector uses to access Google Cloud
Platform data
To securely access data on your provider account, the Discovery process must present appropriate credentials. To make the credentials available to Discovery, you open the Google Cloud Console to identify the Google Cloud Platform project that will have programmatic access to your Google Cloud Platform data. You then securely store the credentials in a service account in your instance.
- Set up a cloud
account and service
account for Google Cloud
Platform
A service account is a secure record on your instance that stores the credential and access information for your provider account. Discovery uses the information to access your provider account to get data on each resource in each specified datacenter.
Next steps
When you have finished all Day-1 and Day-2 procedures in this setup guide, see the Cloud Provisioning and Governance administration guide for information on using the Cloud Provisioning and Governance application in your organization.