Creating a Google Cloud Platform Service Account

Updated

To back up and restore Google Cloud Platform (GCP) instances, you must create a GCP service account, and download the JSON file for service account authentication.

Before You Begin

  • To back up and restore Google Cloud Platform (GCP) instances, your GCP service account must have one of the following assigned:

    • Owner

    • Compute Instance Admin (v1) and Service Account User

    • A custom role

      For more information about the permissions you might want to assign to a custom role, see Service Account Permissions for Google Cloud Platform.

  • To back up instances from multiple projects, your GCP service account must have access rights to all the projects (including the projects where access nodes exist).

  • You must enable the Cloud Resource Manager API. If you do not enable the API, all backup jobs will fail (including backup jobs for clients that were created in a previous release).

  • For IntelliSnap backup operations only, assign the permission to your GCP service account on the source and destination projects. Source and destination projects must have the same permissions.

Procedure

  1. Create a GCP service account through the GCP Console.

  2. Assign the roles through the GCP Console.

  3. (Optional) If you plan to edit the configuration to use a P12 private key file for service account authentication, complete the following:

    1. Record the P12 private key file name and the P12 key password.

    2. Copy the P12 private key file to the <Commvault base folder>/certificates/external directory on each access node. If the <Commvault base folder>/certificates/external directory does not already exist, create the directory.

  4. Record the service account ID, project ID, and name of the JSON file for service account authentication.

  5. Download the JSON file for service account authentication.

    You will need this file when you add a GCP hypervisor to your environment.