AvePoint Docs
Graph API
My support tickets
Graph API
My support tickets
English

Home > Get Started > Enable Infrastructure Resilience > Enable Google Cloud Resilience

Export to PDF

Enable Google Cloud Resilience

To enable Google Cloud Resilience, complete the following steps:

  1. To activate the IAM Service Account Credentials API that is required for authenticating and making API calls with service accounts, go to Google Cloud Platform to enable the IAM API. For details, refer to Enable IAM API in Google Cloud Platform.

  2. When the IAM API is enabled, create a service account. For details, refer to Create a Service Account in Google Cloud Platform.

  3. After creating the service account, obtain credentials for your service account. The credentials are needed for creating the service account profile in AvePoint Online Services. For details, refer to Obtain Credentials for Service Account.

  4. Go to AvePoint Online Services to create a service account profile that enables the Cloud Cyber Recovery functionalities. For details, refer to Create a Service Account Profile in AvePoint Online Services.

  5. For Kubernetes Engine protection, if you have enabled authorized network, enable the Cloud Cyber Recovery’s reserved IP address access. For more details on authorized network management, refer to . For details on downloading the reserved IP address, refer to .

  6. After the service account is ready, go to Infrastructure resilience to create policies for your resources. After defining the protection scope and replication schedule in a policy, you can test or run actual failover jobs when required. Note that you can click the Refresh button in the upper-right corner of the service page to retrieve the latest status for the data to protect.

    For details on creating a resilience policy and operating failover, refer to Infrastructure Resilience.

Enable IAM API in Google Cloud Platform

To enable the IAM API, complete the following steps:

  1. Go to Google Cloud Platform and select your project from the top project drop-down list.

  2. Navigate to APls & Services > Library.

  3. In the search bar, enter: Identity and Access Management (IAM) API.

  4. Click the result and then click Enable

Create a Service Account in Google Cloud Platform

Follow the steps below to create a service account in Google Cloud Platform:

  1. In Google Cloud Platform, navigate to Menu > IAM & Admin > Service Accounts > Create service account.

  2. In the Create service account page, enter a name and description for the service account. The description is optional.

  3. Click Create and continue.

  4. In the Permissions step, grant the following roles to the service account:

    • Cloud KMS Admin

    • Cloud KMS CryptoKey Encrypter/Decrypter

    • Cloud SQL Admin

    • Compute Admin

    • Kubernetes Engine Admin

    • Role Administrator

    • Service Account Admin

    • Service Account User

    • Storage Admin

    • Storage Transfer Admin

  5. Click Done to finish creating the service account.

Obtain Credentials for Service Account

After creating a service account in GCP, follow the steps below to obtain credentials for your service account:

  1. In Google Cloud Platform, navigate to Menu > IAM & Admin > Service Accounts.

  2. Select your service account.

  3. Click Keys > Add key > Create new key.

  4. Select JSON, then click Create. Your new public/private key pair is generated and downloaded to your machine as a new file.

  5. Save the downloaded JSON file as credentials.json.

  6. Click Close.

  7. Open the downloaded file and copy the Project ID, Private key, and Client email. The copied information will be used to create a service account AvePoint Online Services.

Create a Service Account Profile in AvePoint Online Services

When service account with requirement permissions are created in Google Platform, with the credentials of the account, service account profile can be created in AvePoint Online Services to enable Cloud Cyber Recovery to protect your Google Cloud resources with the service account.

To create the service account, complete the following steps:

  1. In AvePoint Online Services > Management > Service account, go to the Google Cloud service account tab.

  2. Click Create.

  3. In the Create service account profile panel, complete the following configurations:

    • Profile name – Enter a name for the profile.

    • Select service – Select Cloud Cyber Recovery (Preview).

    • Service account email – Enter the client email copied from the downloaded JSON file. Refer to Obtain Credentials for Service Account section for details on how to get the JSON file.

    • Private key – Enter the private key copied from the downloaded JSON file. Refer to Obtain Credentials for Service Account section for details on how to get the JSON file.

    • Project ID – Enter the project ID copied from the downloaded JSON file. Refer to Obtain Credentials for Service Account section for details on how to get the JSON file.

  4. Click Save.